-
Notifications
You must be signed in to change notification settings - Fork 196
50 lines (48 loc) · 2 KB
/
credentials-verification.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
name: Daily credentials verification
on:
schedule:
# Runs 00:00 UTC every day
- cron: 0 0 * * *
workflow_dispatch:
jobs:
# Verifies the token used by the bot to publish crates to crates.io
verify-crates-io-token:
name: Verify Crates.io Token
runs-on: ubuntu-latest
steps:
- name: Checkout smithy-rs
uses: actions/checkout@v4
- name: Verify Crates.io Token
shell: bash
env:
CARGO_REGISTRY_TOKEN: ${{ secrets.RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN }}
run: |
echo "Checking cargo auth token..."
# "cargo login" only saves a token and does not actually use it, so we use "cargo yank" to verify the token.
# This version has already been yanked, so it is safe to execute the command below repeatedly.
# This command succeeds if we have a token with permission to yank the crate.
cargo yank aws-sigv4 --version 0.55.0
- name: Notify Slack on Failure
if: failure()
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
run: |
curl -X POST "${SLACK_WEBHOOK_URL}" -H 'Content-type: application/json' \
--data '{"workflow_msg":"⚠️ Invalid crates.io token. Create a new token as soon as possible!"}'
# Verifies the token used to perform actions on the repository on behalf of the bot user
verify-personal-access-token:
name: Verify Personal Access Token
runs-on: ubuntu-latest
steps:
- name: Checkout smithy-rs
# To test the validity of the personal access token, we only need to perform checkout with the specified token.
uses: actions/checkout@v4
with:
token: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }}
- name: Notify Slack on Failure
if: failure()
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
run: |
curl -X POST "${SLACK_WEBHOOK_URL}" -H 'Content-type: application/json' \
--data '{"workflow_msg":"⚠️ Invalid GitHub personal access token. Create a new token as soon as possible!"}'