Skip to content

Daily credentials verification #408

Daily credentials verification

Daily credentials verification #408

name: Daily credentials verification
on:
schedule:
# Runs 00:00 UTC every day
- cron: 0 0 * * *
workflow_dispatch:
jobs:
# Verifies the token used by the bot to publish crates to crates.io
verify-crates-io-token:
name: Verify Crates.io Token
if: github.repository == 'smithy-lang/smithy-rs'
runs-on: ubuntu-latest
steps:
- name: Checkout smithy-rs
uses: actions/checkout@v4
- name: Verify Crates.io Token
shell: bash
env:
CARGO_REGISTRY_TOKEN: ${{ secrets.RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN }}
run: |
echo "Checking cargo auth token..."
# "cargo login" only saves a token and does not actually use it, so we use "cargo yank" to verify the token.
# This version has already been yanked, so it is safe to execute the command below repeatedly.
# This command succeeds if we have a token with permission to yank the crate.
cargo yank aws-sigv4 --version 0.55.0
- name: Notify Slack on Failure
if: failure()
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
run: |
curl -X POST "${SLACK_WEBHOOK_URL}" -H 'Content-type: application/json' \
--data '{"workflow_msg":"⚠️ Invalid crates.io token. Create a new token as soon as possible!"}'
# Verifies the token used to perform actions on the repository on behalf of the bot user
verify-personal-access-token:
name: Verify Personal Access Token
if: github.repository == 'smithy-lang/smithy-rs'
runs-on: ubuntu-latest
steps:
- name: Checkout smithy-rs
# To test the validity of the personal access token, we only need to perform checkout with the specified token.
uses: actions/checkout@v4
with:
token: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }}
- name: Notify Slack on Failure
if: failure()
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
run: |
curl -X POST "${SLACK_WEBHOOK_URL}" -H 'Content-type: application/json' \
--data '{"workflow_msg":"⚠️ Invalid GitHub personal access token. Create a new token as soon as possible!"}'