Skip to content

Merge pull request #4 from TransitApp/yanndanthu/bump-koacors-in-v7x #12

Merge pull request #4 from TransitApp/yanndanthu/bump-koacors-in-v7x

Merge pull request #4 from TransitApp/yanndanthu/bump-koacors-in-v7x #12

Workflow file for this run

name: Test
on:
push:
pull_request:
schedule:
- cron: '55 11 * * 1'
workflow_dispatch:
inputs:
conformance-version:
description: 'Conformance Suite Version (commit hash)'
required: false
jobs:
audit:
name: NPM Audit (Production)
continue-on-error: true
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup node
uses: actions/setup-node@v3
with:
node-version: lts/hydrogen # 18
cache: 'npm'
check-latest: true
- run: npm clean-install
- run: npm upgrade
- run: npm audit --production
test:
name: Node Tests
runs-on: ubuntu-latest
continue-on-error: ${{ !startsWith(matrix.node-version, 'lts') }}
strategy:
fail-fast: false
matrix:
node-version:
- lts/erbium # 12
- lts/fermium # 14
- lts/gallium # 16
- lts/hydrogen # 18
- current
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup node
id: node
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
check-latest: true
- run: npm install --global npm@8
if: ${{ startsWith(steps.node.outputs.node-version, 'v12') || startsWith(steps.node.outputs.node-version, 'v14') }}
- run: npm clean-install
- run: npm run ci
build-conformance-suite:
runs-on: ubuntu-latest
outputs:
cache-key: ${{ steps.cache-key.outputs.value }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set Conformance Suite Version from GitLab
if: ${{ !github.event.inputs.conformance-version }}
run: |
export VERSION=($(curl --silent "https://gitlab.com/api/v4/projects/4175605/releases" | jq -r '.[0].tag_name'))
echo "VERSION=$VERSION" >> $GITHUB_ENV
- name: Set Conformance Suite Version from Workflow Dispatch
if: ${{ github.event.inputs.conformance-version }}
run: |
echo "VERSION=${{ github.event.inputs.conformance-version }}" >> $GITHUB_ENV
- id: cache-key
run: echo "value=suite-${{ hashFiles('.github/workflows/test.yml') }}-${{ env.VERSION }}" >> $GITHUB_OUTPUT
- name: Load Cached Conformance Suite Build
uses: actions/cache@v3
id: cache
with:
path: ./conformance-suite
key: ${{ steps.cache-key.outputs.value }}
- name: Conformance Suite Checkout
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
run: git clone https://gitlab.com/openid/conformance-suite.git
- run: git reset --hard ${{ env.VERSION }}
working-directory: ./conformance-suite
- name: Conformance Suite Build
working-directory: ./conformance-suite
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
env:
MAVEN_CACHE: ./m2
run: |
sed -i -e 's/localhost/localhost.emobix.co.uk/g' src/main/resources/application.properties
sed -i -e 's/-B clean/-B -DskipTests=true/g' builder-compose.yml
docker-compose -f builder-compose.yml run builder
conformance-suite:
runs-on: ubuntu-latest
needs:
- test
- build-conformance-suite
env:
SUITE_BASE_URL: https://localhost.emobix.co.uk:8443
SETUP: ${{ toJSON(matrix.setup) }}
strategy:
fail-fast: false
matrix:
setup:
# OP Basic
- plan: oidcc-basic-certification-test-plan
server_metadata: discovery
client_registration: dynamic_client
configuration: ./certification/oidc/plan.json
# OP Hybrid
- plan: oidcc-hybrid-certification-test-plan
server_metadata: discovery
client_registration: dynamic_client
configuration: ./certification/oidc/plan.json
# OP Implicit
- plan: oidcc-implicit-certification-test-plan
server_metadata: discovery
client_registration: dynamic_client
configuration: ./certification/oidc/plan.json
# OP Dynamic
- plan: oidcc-dynamic-certification-test-plan
response_type: code
skip: oidcc-server-rotate-keys
configuration: ./certification/oidc/plan.json
- plan: oidcc-dynamic-certification-test-plan
response_type: id_token
skip: oidcc-server-rotate-keys
configuration: ./certification/oidc/plan.json
- plan: oidcc-dynamic-certification-test-plan
response_type: id_token token
skip: oidcc-server-rotate-keys
configuration: ./certification/oidc/plan.json
- plan: oidcc-dynamic-certification-test-plan
response_type: code id_token
skip: oidcc-server-rotate-keys
configuration: ./certification/oidc/plan.json
- plan: oidcc-dynamic-certification-test-plan
response_type: code token
skip: oidcc-server-rotate-keys
configuration: ./certification/oidc/plan.json
- plan: oidcc-dynamic-certification-test-plan
response_type: code id_token token
skip: oidcc-server-rotate-keys
configuration: ./certification/oidc/plan.json
# RP-Initiated OP
- plan: oidcc-rp-initiated-logout-certification-test-plan
response_type: code
client_registration: dynamic_client
configuration: ./certification/oidc/plan.json
# Back-Channel OP
- plan: oidcc-backchannel-rp-initiated-logout-certification-test-plan
response_type: code
client_registration: dynamic_client
configuration: ./certification/oidc/plan.json
# FAPI 1.0 R/W (ID2)
- plan: fapi-rw-id2-test-plan
fapi_auth_request_method: by_value
client_auth_type: private_key_jwt
fapi_profile: plain_fapi
fapi_response_mode: plain_response
configuration: ./certification/fapi/plan.json
- plan: fapi-rw-id2-test-plan
fapi_auth_request_method: pushed
client_auth_type: private_key_jwt
fapi_profile: plain_fapi
fapi_response_mode: plain_response
configuration: ./certification/fapi/plan.json
- plan: fapi-rw-id2-test-plan
fapi_auth_request_method: by_value
client_auth_type: private_key_jwt
fapi_profile: plain_fapi
fapi_response_mode: jarm
configuration: ./certification/fapi/plan.json
- plan: fapi-rw-id2-test-plan
fapi_auth_request_method: pushed
client_auth_type: private_key_jwt
fapi_profile: plain_fapi
fapi_response_mode: jarm
configuration: ./certification/fapi/plan.json
- plan: fapi-rw-id2-test-plan
fapi_auth_request_method: by_value
client_auth_type: mtls
fapi_profile: plain_fapi
fapi_response_mode: plain_response
configuration: ./certification/fapi/plan.json
- plan: fapi-rw-id2-test-plan
fapi_auth_request_method: pushed
client_auth_type: mtls
fapi_profile: plain_fapi
fapi_response_mode: plain_response
configuration: ./certification/fapi/plan.json
- plan: fapi-rw-id2-test-plan
fapi_auth_request_method: by_value
client_auth_type: mtls
fapi_profile: plain_fapi
fapi_response_mode: jarm
configuration: ./certification/fapi/plan.json
- plan: fapi-rw-id2-test-plan
fapi_auth_request_method: pushed
client_auth_type: mtls
fapi_profile: plain_fapi
fapi_response_mode: jarm
configuration: ./certification/fapi/plan.json
# FAPI 1.0 Advanced (Final)
- plan: fapi1-advanced-final-test-plan
fapi_auth_request_method: by_value
client_auth_type: private_key_jwt
fapi_profile: plain_fapi
fapi_response_mode: plain_response
configuration: ./certification/fapi/plan.json
- plan: fapi1-advanced-final-test-plan
fapi_auth_request_method: pushed
client_auth_type: private_key_jwt
fapi_profile: plain_fapi
fapi_response_mode: plain_response
configuration: ./certification/fapi/plan.json
- plan: fapi1-advanced-final-test-plan
fapi_auth_request_method: by_value
client_auth_type: private_key_jwt
fapi_profile: plain_fapi
fapi_response_mode: jarm
configuration: ./certification/fapi/plan.json
- plan: fapi1-advanced-final-test-plan
fapi_auth_request_method: pushed
client_auth_type: private_key_jwt
fapi_profile: plain_fapi
fapi_response_mode: jarm
configuration: ./certification/fapi/plan.json
- plan: fapi1-advanced-final-test-plan
fapi_auth_request_method: by_value
client_auth_type: mtls
fapi_profile: plain_fapi
fapi_response_mode: plain_response
configuration: ./certification/fapi/plan.json
- plan: fapi1-advanced-final-test-plan
fapi_auth_request_method: pushed
client_auth_type: mtls
fapi_profile: plain_fapi
fapi_response_mode: plain_response
configuration: ./certification/fapi/plan.json
- plan: fapi1-advanced-final-test-plan
fapi_auth_request_method: by_value
client_auth_type: mtls
fapi_profile: plain_fapi
fapi_response_mode: jarm
configuration: ./certification/fapi/plan.json
- plan: fapi1-advanced-final-test-plan
fapi_auth_request_method: pushed
client_auth_type: mtls
fapi_profile: plain_fapi
fapi_response_mode: jarm
configuration: ./certification/fapi/plan.json
# FAPI RW-CIBA-ID1
- plan: fapi-ciba-id1-test-plan
client_auth_type: private_key_jwt
fapi_profile: plain_fapi
ciba_mode: poll
client_registration: dynamic_client
configuration: ./certification/fapi/plan.json
- plan: fapi-ciba-id1-test-plan
client_auth_type: private_key_jwt
fapi_profile: plain_fapi
ciba_mode: ping
client_registration: dynamic_client
configuration: ./certification/fapi/plan.json
- plan: fapi-ciba-id1-test-plan
client_auth_type: mtls
fapi_profile: plain_fapi
ciba_mode: poll
client_registration: dynamic_client
configuration: ./certification/fapi/plan.json
- plan: fapi-ciba-id1-test-plan
client_auth_type: mtls
fapi_profile: plain_fapi
ciba_mode: ping
client_registration: dynamic_client
configuration: ./certification/fapi/plan.json
# Extensive
- plan: oidcc-test-plan
response_type: code
client_auth_type: client_secret_basic
configuration: ./certification/oidc/plan.json
client_registration: dynamic_client
response_mode: default
skip: oidcc-server-rotate-keys
- plan: oidcc-test-plan
response_type: code id_token
client_auth_type: client_secret_basic
configuration: ./certification/oidc/plan.json
client_registration: dynamic_client
response_mode: default
skip: oidcc-server-rotate-keys
- plan: oidcc-test-plan
response_type: code id_token token
client_auth_type: client_secret_basic
configuration: ./certification/oidc/plan.json
client_registration: dynamic_client
response_mode: default
skip: oidcc-server-rotate-keys
- plan: oidcc-test-plan
response_type: code token
client_auth_type: client_secret_basic
configuration: ./certification/oidc/plan.json
client_registration: dynamic_client
response_mode: default
skip: oidcc-server-rotate-keys
- plan: oidcc-test-plan
response_type: code
client_auth_type: client_secret_post
configuration: ./certification/oidc/plan.json
client_registration: dynamic_client
response_mode: default
skip: oidcc-server-rotate-keys
- plan: oidcc-test-plan
response_type: code id_token
client_auth_type: client_secret_post
configuration: ./certification/oidc/plan.json
client_registration: dynamic_client
response_mode: default
skip: oidcc-server-rotate-keys
- plan: oidcc-test-plan
response_type: code id_token token
client_auth_type: client_secret_post
configuration: ./certification/oidc/plan.json
client_registration: dynamic_client
response_mode: default
skip: oidcc-server-rotate-keys
- plan: oidcc-test-plan
response_type: code token
client_auth_type: client_secret_post
configuration: ./certification/oidc/plan.json
client_registration: dynamic_client
response_mode: default
skip: oidcc-server-rotate-keys
- plan: oidcc-test-plan
response_type: code
client_auth_type: client_secret_jwt
configuration: ./certification/oidc/plan.json
client_registration: dynamic_client
response_mode: default
skip: oidcc-server-rotate-keys
- plan: oidcc-test-plan
response_type: code id_token
client_auth_type: client_secret_jwt
configuration: ./certification/oidc/plan.json
client_registration: dynamic_client
response_mode: default
skip: oidcc-server-rotate-keys
- plan: oidcc-test-plan
response_type: code id_token token
client_auth_type: client_secret_jwt
configuration: ./certification/oidc/plan.json
client_registration: dynamic_client
response_mode: default
skip: oidcc-server-rotate-keys
- plan: oidcc-test-plan
response_type: code token
client_auth_type: client_secret_jwt
configuration: ./certification/oidc/plan.json
client_registration: dynamic_client
response_mode: default
skip: oidcc-server-rotate-keys
- plan: oidcc-test-plan
response_type: code
client_auth_type: private_key_jwt
configuration: ./certification/oidc/plan.json
client_registration: dynamic_client
response_mode: default
skip: oidcc-server-rotate-keys
- plan: oidcc-test-plan
response_type: code id_token
client_auth_type: private_key_jwt
configuration: ./certification/oidc/plan.json
client_registration: dynamic_client
response_mode: default
skip: oidcc-server-rotate-keys
- plan: oidcc-test-plan
response_type: code id_token token
client_auth_type: private_key_jwt
configuration: ./certification/oidc/plan.json
client_registration: dynamic_client
response_mode: default
skip: oidcc-server-rotate-keys
- plan: oidcc-test-plan
response_type: code token
client_auth_type: private_key_jwt
configuration: ./certification/oidc/plan.json
client_registration: dynamic_client
response_mode: default
skip: oidcc-server-rotate-keys
- plan: oidcc-test-plan
response_type: id_token
client_auth_type: none
configuration: ./certification/oidc/plan.json
client_registration: dynamic_client
response_mode: default
skip: oidcc-server-rotate-keys
- plan: oidcc-test-plan
response_type: id_token token
client_auth_type: none
configuration: ./certification/oidc/plan.json
client_registration: dynamic_client
response_mode: default
skip: oidcc-server-rotate-keys
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup node
uses: actions/setup-node@v3
with:
node-version: lts/hydrogen # 18
cache: 'npm'
check-latest: true
- run: npm clean-install
- name: Run oidc-provider (OIDC)
run: npx c8 node certification/oidc/docker &
if: ${{ startsWith(matrix.setup.plan, 'oidcc') }}
env:
PORT: 3000
ISSUER: https://172.17.0.1:3000
NODE_TLS_REJECT_UNAUTHORIZED: 0
- name: Run oidc-provider (FAPI)
run: npx c8 node certification/fapi &
if: ${{ startsWith(matrix.setup.plan, 'fapi') }}
env:
ISSUER: https://172.17.0.1:3000
PORT: 3000
NODE_OPTIONS: --tls-cipher-list="DHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384"
NODE_TLS_REJECT_UNAUTHORIZED: 0
- name: Set Conformance Suite Version
run: |
export VERSION=($(curl --silent "https://gitlab.com/api/v4/projects/4175605/releases" | jq -r '.[0].tag_name'))
echo "VERSION=$VERSION" >> $GITHUB_ENV
- name: Load Cached Conformance Suite Build
uses: actions/cache@v3
id: cache
with:
path: ./conformance-suite
key: ${{ needs.build-conformance-suite.outputs.cache-key }}
- name: Abort if Conformance Suite isn't cached
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
uses: actions/github-script@v6
with:
script: |
core.setFailed('Conformance Suite cache hit failed')
- name: Run Conformance Suite
working-directory: ./conformance-suite
run: |
docker-compose -f docker-compose-dev.yml up -d
while ! curl -skfail https://localhost.emobix.co.uk:8443/api/runner/available >/dev/null; do sleep 2; done
- name: Adjust configuration files for CI
run: |
sed -i -e 's/op.panva.cz/172.17.0.1:3000/g' certification/oidc/plan.json
sed -i -e 's/mtls.fapi.panva.cz/172.17.0.1:3000/g' certification/fapi/plan.json
sed -i -e 's/fapi.panva.cz/172.17.0.1:3000/g' certification/fapi/plan.json
- name: Run the plan
run: npx mocha --delay --timeout 0 --retries 0 certification/runner
env:
NODE_TLS_REJECT_UNAUTHORIZED: 0
- name: Upload test artifacts
uses: actions/upload-artifact@v3
with:
path: export-*.zip
name: failed certification html results
if-no-files-found: ignore
if: ${{ always() }}
- name: Stop Conformance Suite
working-directory: ./conformance-suite
run: |
killall -SIGINT node
docker-compose -f docker-compose-dev.yml down
sudo rm -rf mongo
deploy:
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'panva/node-oidc-provider' }}
runs-on: ubuntu-latest
needs:
- test
- conformance-suite
strategy:
fail-fast: false
matrix:
app:
- radiant-refuge-93411
- powerful-cove-31049
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: actions/setup-ruby@v1
with:
ruby-version: 2.x
- run: gem install dpl-heroku -v 1.10.14
- run: dpl --provider=heroku --strategy=api --api-key=${{ secrets.HEROKU_AUTH_TOKEN }} --app=${{ matrix.app }}