Test #19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test | |
on: | |
push: | |
pull_request: | |
schedule: | |
- cron: '55 11 * * 1' | |
workflow_dispatch: | |
inputs: | |
conformance-version: | |
description: 'Conformance Suite Version (commit hash)' | |
required: false | |
jobs: | |
audit: | |
name: NPM Audit (Production) | |
continue-on-error: true | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: lts/hydrogen # 18 | |
cache: 'npm' | |
check-latest: true | |
- run: npm clean-install | |
- run: npm upgrade | |
- run: npm audit --production | |
test: | |
name: Node Tests | |
runs-on: ubuntu-latest | |
continue-on-error: ${{ !startsWith(matrix.node-version, 'lts') }} | |
strategy: | |
fail-fast: false | |
matrix: | |
node-version: | |
- lts/erbium # 12 | |
- lts/fermium # 14 | |
- lts/gallium # 16 | |
- lts/hydrogen # 18 | |
- current | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup node | |
id: node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'npm' | |
check-latest: true | |
- run: npm install --global npm@8 | |
if: ${{ startsWith(steps.node.outputs.node-version, 'v12') || startsWith(steps.node.outputs.node-version, 'v14') }} | |
- run: npm clean-install | |
- run: npm run ci | |
build-conformance-suite: | |
runs-on: ubuntu-latest | |
outputs: | |
cache-key: ${{ steps.cache-key.outputs.value }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Set Conformance Suite Version from GitLab | |
if: ${{ !github.event.inputs.conformance-version }} | |
run: | | |
export VERSION=($(curl --silent "https://gitlab.com/api/v4/projects/4175605/releases" | jq -r '.[0].tag_name')) | |
echo "VERSION=$VERSION" >> $GITHUB_ENV | |
- name: Set Conformance Suite Version from Workflow Dispatch | |
if: ${{ github.event.inputs.conformance-version }} | |
run: | | |
echo "VERSION=${{ github.event.inputs.conformance-version }}" >> $GITHUB_ENV | |
- id: cache-key | |
run: echo "value=suite-${{ hashFiles('.github/workflows/test.yml') }}-${{ env.VERSION }}" >> $GITHUB_OUTPUT | |
- name: Load Cached Conformance Suite Build | |
uses: actions/cache@v3 | |
id: cache | |
with: | |
path: ./conformance-suite | |
key: ${{ steps.cache-key.outputs.value }} | |
- name: Conformance Suite Checkout | |
if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
run: git clone https://gitlab.com/openid/conformance-suite.git | |
- run: git reset --hard ${{ env.VERSION }} | |
working-directory: ./conformance-suite | |
- name: Conformance Suite Build | |
working-directory: ./conformance-suite | |
if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
env: | |
MAVEN_CACHE: ./m2 | |
run: | | |
sed -i -e 's/localhost/localhost.emobix.co.uk/g' src/main/resources/application.properties | |
sed -i -e 's/-B clean/-B -DskipTests=true/g' builder-compose.yml | |
docker-compose -f builder-compose.yml run builder | |
conformance-suite: | |
runs-on: ubuntu-latest | |
needs: | |
- test | |
- build-conformance-suite | |
env: | |
SUITE_BASE_URL: https://localhost.emobix.co.uk:8443 | |
SETUP: ${{ toJSON(matrix.setup) }} | |
strategy: | |
fail-fast: false | |
matrix: | |
setup: | |
# OP Basic | |
- plan: oidcc-basic-certification-test-plan | |
server_metadata: discovery | |
client_registration: dynamic_client | |
configuration: ./certification/oidc/plan.json | |
# OP Hybrid | |
- plan: oidcc-hybrid-certification-test-plan | |
server_metadata: discovery | |
client_registration: dynamic_client | |
configuration: ./certification/oidc/plan.json | |
# OP Implicit | |
- plan: oidcc-implicit-certification-test-plan | |
server_metadata: discovery | |
client_registration: dynamic_client | |
configuration: ./certification/oidc/plan.json | |
# OP Dynamic | |
- plan: oidcc-dynamic-certification-test-plan | |
response_type: code | |
skip: oidcc-server-rotate-keys | |
configuration: ./certification/oidc/plan.json | |
- plan: oidcc-dynamic-certification-test-plan | |
response_type: id_token | |
skip: oidcc-server-rotate-keys | |
configuration: ./certification/oidc/plan.json | |
- plan: oidcc-dynamic-certification-test-plan | |
response_type: id_token token | |
skip: oidcc-server-rotate-keys | |
configuration: ./certification/oidc/plan.json | |
- plan: oidcc-dynamic-certification-test-plan | |
response_type: code id_token | |
skip: oidcc-server-rotate-keys | |
configuration: ./certification/oidc/plan.json | |
- plan: oidcc-dynamic-certification-test-plan | |
response_type: code token | |
skip: oidcc-server-rotate-keys | |
configuration: ./certification/oidc/plan.json | |
- plan: oidcc-dynamic-certification-test-plan | |
response_type: code id_token token | |
skip: oidcc-server-rotate-keys | |
configuration: ./certification/oidc/plan.json | |
# RP-Initiated OP | |
- plan: oidcc-rp-initiated-logout-certification-test-plan | |
response_type: code | |
client_registration: dynamic_client | |
configuration: ./certification/oidc/plan.json | |
# Back-Channel OP | |
- plan: oidcc-backchannel-rp-initiated-logout-certification-test-plan | |
response_type: code | |
client_registration: dynamic_client | |
configuration: ./certification/oidc/plan.json | |
# FAPI 1.0 R/W (ID2) | |
- plan: fapi-rw-id2-test-plan | |
fapi_auth_request_method: by_value | |
client_auth_type: private_key_jwt | |
fapi_profile: plain_fapi | |
fapi_response_mode: plain_response | |
configuration: ./certification/fapi/plan.json | |
- plan: fapi-rw-id2-test-plan | |
fapi_auth_request_method: pushed | |
client_auth_type: private_key_jwt | |
fapi_profile: plain_fapi | |
fapi_response_mode: plain_response | |
configuration: ./certification/fapi/plan.json | |
- plan: fapi-rw-id2-test-plan | |
fapi_auth_request_method: by_value | |
client_auth_type: private_key_jwt | |
fapi_profile: plain_fapi | |
fapi_response_mode: jarm | |
configuration: ./certification/fapi/plan.json | |
- plan: fapi-rw-id2-test-plan | |
fapi_auth_request_method: pushed | |
client_auth_type: private_key_jwt | |
fapi_profile: plain_fapi | |
fapi_response_mode: jarm | |
configuration: ./certification/fapi/plan.json | |
- plan: fapi-rw-id2-test-plan | |
fapi_auth_request_method: by_value | |
client_auth_type: mtls | |
fapi_profile: plain_fapi | |
fapi_response_mode: plain_response | |
configuration: ./certification/fapi/plan.json | |
- plan: fapi-rw-id2-test-plan | |
fapi_auth_request_method: pushed | |
client_auth_type: mtls | |
fapi_profile: plain_fapi | |
fapi_response_mode: plain_response | |
configuration: ./certification/fapi/plan.json | |
- plan: fapi-rw-id2-test-plan | |
fapi_auth_request_method: by_value | |
client_auth_type: mtls | |
fapi_profile: plain_fapi | |
fapi_response_mode: jarm | |
configuration: ./certification/fapi/plan.json | |
- plan: fapi-rw-id2-test-plan | |
fapi_auth_request_method: pushed | |
client_auth_type: mtls | |
fapi_profile: plain_fapi | |
fapi_response_mode: jarm | |
configuration: ./certification/fapi/plan.json | |
# FAPI 1.0 Advanced (Final) | |
- plan: fapi1-advanced-final-test-plan | |
fapi_auth_request_method: by_value | |
client_auth_type: private_key_jwt | |
fapi_profile: plain_fapi | |
fapi_response_mode: plain_response | |
configuration: ./certification/fapi/plan.json | |
- plan: fapi1-advanced-final-test-plan | |
fapi_auth_request_method: pushed | |
client_auth_type: private_key_jwt | |
fapi_profile: plain_fapi | |
fapi_response_mode: plain_response | |
configuration: ./certification/fapi/plan.json | |
- plan: fapi1-advanced-final-test-plan | |
fapi_auth_request_method: by_value | |
client_auth_type: private_key_jwt | |
fapi_profile: plain_fapi | |
fapi_response_mode: jarm | |
configuration: ./certification/fapi/plan.json | |
- plan: fapi1-advanced-final-test-plan | |
fapi_auth_request_method: pushed | |
client_auth_type: private_key_jwt | |
fapi_profile: plain_fapi | |
fapi_response_mode: jarm | |
configuration: ./certification/fapi/plan.json | |
- plan: fapi1-advanced-final-test-plan | |
fapi_auth_request_method: by_value | |
client_auth_type: mtls | |
fapi_profile: plain_fapi | |
fapi_response_mode: plain_response | |
configuration: ./certification/fapi/plan.json | |
- plan: fapi1-advanced-final-test-plan | |
fapi_auth_request_method: pushed | |
client_auth_type: mtls | |
fapi_profile: plain_fapi | |
fapi_response_mode: plain_response | |
configuration: ./certification/fapi/plan.json | |
- plan: fapi1-advanced-final-test-plan | |
fapi_auth_request_method: by_value | |
client_auth_type: mtls | |
fapi_profile: plain_fapi | |
fapi_response_mode: jarm | |
configuration: ./certification/fapi/plan.json | |
- plan: fapi1-advanced-final-test-plan | |
fapi_auth_request_method: pushed | |
client_auth_type: mtls | |
fapi_profile: plain_fapi | |
fapi_response_mode: jarm | |
configuration: ./certification/fapi/plan.json | |
# FAPI RW-CIBA-ID1 | |
- plan: fapi-ciba-id1-test-plan | |
client_auth_type: private_key_jwt | |
fapi_profile: plain_fapi | |
ciba_mode: poll | |
client_registration: dynamic_client | |
configuration: ./certification/fapi/plan.json | |
- plan: fapi-ciba-id1-test-plan | |
client_auth_type: private_key_jwt | |
fapi_profile: plain_fapi | |
ciba_mode: ping | |
client_registration: dynamic_client | |
configuration: ./certification/fapi/plan.json | |
- plan: fapi-ciba-id1-test-plan | |
client_auth_type: mtls | |
fapi_profile: plain_fapi | |
ciba_mode: poll | |
client_registration: dynamic_client | |
configuration: ./certification/fapi/plan.json | |
- plan: fapi-ciba-id1-test-plan | |
client_auth_type: mtls | |
fapi_profile: plain_fapi | |
ciba_mode: ping | |
client_registration: dynamic_client | |
configuration: ./certification/fapi/plan.json | |
# Extensive | |
- plan: oidcc-test-plan | |
response_type: code | |
client_auth_type: client_secret_basic | |
configuration: ./certification/oidc/plan.json | |
client_registration: dynamic_client | |
response_mode: default | |
skip: oidcc-server-rotate-keys | |
- plan: oidcc-test-plan | |
response_type: code id_token | |
client_auth_type: client_secret_basic | |
configuration: ./certification/oidc/plan.json | |
client_registration: dynamic_client | |
response_mode: default | |
skip: oidcc-server-rotate-keys | |
- plan: oidcc-test-plan | |
response_type: code id_token token | |
client_auth_type: client_secret_basic | |
configuration: ./certification/oidc/plan.json | |
client_registration: dynamic_client | |
response_mode: default | |
skip: oidcc-server-rotate-keys | |
- plan: oidcc-test-plan | |
response_type: code token | |
client_auth_type: client_secret_basic | |
configuration: ./certification/oidc/plan.json | |
client_registration: dynamic_client | |
response_mode: default | |
skip: oidcc-server-rotate-keys | |
- plan: oidcc-test-plan | |
response_type: code | |
client_auth_type: client_secret_post | |
configuration: ./certification/oidc/plan.json | |
client_registration: dynamic_client | |
response_mode: default | |
skip: oidcc-server-rotate-keys | |
- plan: oidcc-test-plan | |
response_type: code id_token | |
client_auth_type: client_secret_post | |
configuration: ./certification/oidc/plan.json | |
client_registration: dynamic_client | |
response_mode: default | |
skip: oidcc-server-rotate-keys | |
- plan: oidcc-test-plan | |
response_type: code id_token token | |
client_auth_type: client_secret_post | |
configuration: ./certification/oidc/plan.json | |
client_registration: dynamic_client | |
response_mode: default | |
skip: oidcc-server-rotate-keys | |
- plan: oidcc-test-plan | |
response_type: code token | |
client_auth_type: client_secret_post | |
configuration: ./certification/oidc/plan.json | |
client_registration: dynamic_client | |
response_mode: default | |
skip: oidcc-server-rotate-keys | |
- plan: oidcc-test-plan | |
response_type: code | |
client_auth_type: client_secret_jwt | |
configuration: ./certification/oidc/plan.json | |
client_registration: dynamic_client | |
response_mode: default | |
skip: oidcc-server-rotate-keys | |
- plan: oidcc-test-plan | |
response_type: code id_token | |
client_auth_type: client_secret_jwt | |
configuration: ./certification/oidc/plan.json | |
client_registration: dynamic_client | |
response_mode: default | |
skip: oidcc-server-rotate-keys | |
- plan: oidcc-test-plan | |
response_type: code id_token token | |
client_auth_type: client_secret_jwt | |
configuration: ./certification/oidc/plan.json | |
client_registration: dynamic_client | |
response_mode: default | |
skip: oidcc-server-rotate-keys | |
- plan: oidcc-test-plan | |
response_type: code token | |
client_auth_type: client_secret_jwt | |
configuration: ./certification/oidc/plan.json | |
client_registration: dynamic_client | |
response_mode: default | |
skip: oidcc-server-rotate-keys | |
- plan: oidcc-test-plan | |
response_type: code | |
client_auth_type: private_key_jwt | |
configuration: ./certification/oidc/plan.json | |
client_registration: dynamic_client | |
response_mode: default | |
skip: oidcc-server-rotate-keys | |
- plan: oidcc-test-plan | |
response_type: code id_token | |
client_auth_type: private_key_jwt | |
configuration: ./certification/oidc/plan.json | |
client_registration: dynamic_client | |
response_mode: default | |
skip: oidcc-server-rotate-keys | |
- plan: oidcc-test-plan | |
response_type: code id_token token | |
client_auth_type: private_key_jwt | |
configuration: ./certification/oidc/plan.json | |
client_registration: dynamic_client | |
response_mode: default | |
skip: oidcc-server-rotate-keys | |
- plan: oidcc-test-plan | |
response_type: code token | |
client_auth_type: private_key_jwt | |
configuration: ./certification/oidc/plan.json | |
client_registration: dynamic_client | |
response_mode: default | |
skip: oidcc-server-rotate-keys | |
- plan: oidcc-test-plan | |
response_type: id_token | |
client_auth_type: none | |
configuration: ./certification/oidc/plan.json | |
client_registration: dynamic_client | |
response_mode: default | |
skip: oidcc-server-rotate-keys | |
- plan: oidcc-test-plan | |
response_type: id_token token | |
client_auth_type: none | |
configuration: ./certification/oidc/plan.json | |
client_registration: dynamic_client | |
response_mode: default | |
skip: oidcc-server-rotate-keys | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: lts/hydrogen # 18 | |
cache: 'npm' | |
check-latest: true | |
- run: npm clean-install | |
- name: Run oidc-provider (OIDC) | |
run: npx c8 node certification/oidc/docker & | |
if: ${{ startsWith(matrix.setup.plan, 'oidcc') }} | |
env: | |
PORT: 3000 | |
ISSUER: https://172.17.0.1:3000 | |
NODE_TLS_REJECT_UNAUTHORIZED: 0 | |
- name: Run oidc-provider (FAPI) | |
run: npx c8 node certification/fapi & | |
if: ${{ startsWith(matrix.setup.plan, 'fapi') }} | |
env: | |
ISSUER: https://172.17.0.1:3000 | |
PORT: 3000 | |
NODE_OPTIONS: --tls-cipher-list="DHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384" | |
NODE_TLS_REJECT_UNAUTHORIZED: 0 | |
- name: Set Conformance Suite Version | |
run: | | |
export VERSION=($(curl --silent "https://gitlab.com/api/v4/projects/4175605/releases" | jq -r '.[0].tag_name')) | |
echo "VERSION=$VERSION" >> $GITHUB_ENV | |
- name: Load Cached Conformance Suite Build | |
uses: actions/cache@v3 | |
id: cache | |
with: | |
path: ./conformance-suite | |
key: ${{ needs.build-conformance-suite.outputs.cache-key }} | |
- name: Abort if Conformance Suite isn't cached | |
if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
uses: actions/github-script@v6 | |
with: | |
script: | | |
core.setFailed('Conformance Suite cache hit failed') | |
- name: Run Conformance Suite | |
working-directory: ./conformance-suite | |
run: | | |
docker-compose -f docker-compose-dev.yml up -d | |
while ! curl -skfail https://localhost.emobix.co.uk:8443/api/runner/available >/dev/null; do sleep 2; done | |
- name: Adjust configuration files for CI | |
run: | | |
sed -i -e 's/op.panva.cz/172.17.0.1:3000/g' certification/oidc/plan.json | |
sed -i -e 's/mtls.fapi.panva.cz/172.17.0.1:3000/g' certification/fapi/plan.json | |
sed -i -e 's/fapi.panva.cz/172.17.0.1:3000/g' certification/fapi/plan.json | |
- name: Run the plan | |
run: npx mocha --delay --timeout 0 --retries 0 certification/runner | |
env: | |
NODE_TLS_REJECT_UNAUTHORIZED: 0 | |
- name: Upload test artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
path: export-*.zip | |
name: failed certification html results | |
if-no-files-found: ignore | |
if: ${{ always() }} | |
- name: Stop Conformance Suite | |
working-directory: ./conformance-suite | |
run: | | |
killall -SIGINT node | |
docker-compose -f docker-compose-dev.yml down | |
sudo rm -rf mongo | |
deploy: | |
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'panva/node-oidc-provider' }} | |
runs-on: ubuntu-latest | |
needs: | |
- test | |
- conformance-suite | |
strategy: | |
fail-fast: false | |
matrix: | |
app: | |
- radiant-refuge-93411 | |
- powerful-cove-31049 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- uses: actions/setup-ruby@v1 | |
with: | |
ruby-version: 2.x | |
- run: gem install dpl-heroku -v 1.10.14 | |
- run: dpl --provider=heroku --strategy=api --api-key=${{ secrets.HEROKU_AUTH_TOKEN }} --app=${{ matrix.app }} |