Skip to content

Set SSP version requirement to v2.0.* #998

Set SSP version requirement to v2.0.*

Set SSP version requirement to v2.0.* #998

Workflow file for this run

name: CI
on:
push:
branches: ["**"]
pull_request:
branches: [master, release-*]
jobs:
basic-tests:
name: Syntax and unit tests, PHP ${{ matrix.php-versions }}, ${{ matrix.operating-system }}
runs-on: [ubuntu-latest]
strategy:
fail-fast: false
matrix:
php-versions: ["8.0", "8.1", "8.2"]
steps:
- name: Setup PHP, with composer and extensions
uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php
with:
php-version: ${{ matrix.php-versions }}
extensions: mbstring, xml
tools: composer:v2
coverage: pcov
- name: Setup problem matchers for PHP
run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
- name: Setup problem matchers for PHPUnit
run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
- name: Set git to use LF
run: |
git config --global core.autocrlf false
git config --global core.eol lf
- uses: actions/checkout@v3
- name: Get composer cache directory
id: composer-cache
run: echo "::set-output name=dir::$(composer config cache-files-dir)"
- name: Cache composer dependencies
uses: actions/cache@v3
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: ${{ runner.os }}-composer-
- name: Validate composer.json and composer.lock
run: composer validate
- name: Install Composer dependencies
run: composer install --no-progress --prefer-dist --optimize-autoloader
- name: Decide whether to run code coverage or not
if: ${{ matrix.php-versions != '8.0' }}
run: |
echo "NO_COVERAGE=--no-coverage" >> $GITHUB_ENV
- name: Run unit tests
run: |
echo $NO_COVERAGE
./vendor/bin/phpunit $NO_COVERAGE
- name: Save coverage data
if: ${{ matrix.php-versions == '8.0' }}
uses: actions/upload-artifact@v1
with:
name: build-data
path: ${{ github.workspace }}/build
security:
name: Security checks
runs-on: [ubuntu-latest]
steps:
- name: Setup PHP, with composer and extensions
uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php
with:
php-version: "8.0"
extensions: mbstring, xml
tools: composer:v2
coverage: none
- name: Setup problem matchers for PHP
run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
- uses: actions/checkout@v3
- name: Get composer cache directory
id: composer-cache
run: echo "::set-output name=dir::$(composer config cache-files-dir)"
- name: Cache composer dependencies
uses: actions/cache@v1
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: ${{ runner.os }}-composer-
- name: Install Composer dependencies
run: composer install --no-progress --prefer-dist --optimize-autoloader
- name: Security check for locked dependencies
uses: symfonycorp/security-checker-action@v3
- name: Update Composer dependencies
run: composer update --no-progress --prefer-dist --optimize-autoloader
- name: Security check for updated dependencies
uses: symfonycorp/security-checker-action@v3
sanity-check:
name: Sanity checks
runs-on: [ubuntu-latest]
steps:
- name: Setup PHP, with composer and extensions
uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php
with:
php-version: "8.0"
extensions: mbstring, xml
tools: composer:v2
coverage: none
- name: Setup problem matchers for PHP
run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
- uses: actions/checkout@v3
- name: Get composer cache directory
id: composer-cache
run: echo "::set-output name=dir::$(composer config cache-files-dir)"
- name: Cache composer dependencies
uses: actions/cache@v3
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: ${{ runner.os }}-composer-
- name: Install Composer dependencies
run: composer install --no-progress --prefer-dist --optimize-autoloader
quality:
name: Quality control
runs-on: [ubuntu-latest]
needs: [basic-tests]
steps:
- name: Setup PHP, with composer and extensions
uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php
with:
php-version: "8.0"
tools: composer:v2
extensions: mbstring, xml
- name: Setup problem matchers for PHP
run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
- uses: actions/checkout@v3
- name: Get composer cache directory
id: composer-cache
run: echo "::set-output name=dir::$(composer config cache-files-dir)"
- name: Cache composer dependencies
uses: actions/cache@v3
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: ${{ runner.os }}-composer-
- name: Install Composer dependencies
run: composer install --no-progress --prefer-dist --optimize-autoloader
- uses: actions/download-artifact@v3
with:
name: build-data
path: ${{ github.workspace }}/build
- name: Codecov
uses: codecov/codecov-action@v3
- name: PHP Code Sniffer
if: always()
run: php vendor/bin/phpcs
- name: Psalm
if: always()
run: php vendor/bin/psalm --show-info=true
conformance-suite:
runs-on: ubuntu-latest
env:
SUITE_BASE_URL: https://localhost.emobix.co.uk:8443
VERSION: release-v4.1.45
steps:
- uses: actions/checkout@v3
with:
path: main
- name: Setup Python Dependencies
run: |
pip install --upgrade pip
pip install httpx
- name: Conformance Suite Checkout
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
run: git clone --depth 1 --single-branch --branch $VERSION https://gitlab.com/openid/conformance-suite.git
- name: Conformance Suite Build
working-directory: ./conformance-suite
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
env:
MAVEN_CACHE: ./m2
run: |
sed -i -e 's/localhost/localhost.emobix.co.uk/g' src/main/resources/application.properties
sed -i -e 's/-B clean/-B -DskipTests=true/g' builder-compose.yml
docker-compose -f builder-compose.yml run builder
- name: Run Conformance Suite
working-directory: ./conformance-suite
run: |
docker-compose -f docker-compose-dev.yml up -d
while ! curl -skfail https://localhost.emobix.co.uk:8443/api/runner/available >/dev/null; do sleep 2; done
- name: Start SSP docker
working-directory: ./main
# Must run after conformance suite since they share a docker network.
run: |
OIDC_VERSION=@dev docker-compose -f docker/docker-compose.yml --project-directory . up -d --build
sleep 30
# while ! curl -skfail https://op.local.stack-dev.cirrusidentity.com/.well-known/openid-configuration >/dev/null; do sleep 2; done
- name: Run Basic conformance tests
run: |
./conformance-suite/scripts/run-test-plan.py --expected-failures-file ./main/conformance-tests/basic-warnings.json --expected-skips-file ./main/conformance-tests/basic-skips.json "oidcc-basic-certification-test-plan[server_metadata=discovery][client_registration=static_client]" ./main/conformance-tests/conformance-basic-ci.json
- name: Run Implicit conformance tests
run: |
./conformance-suite/scripts/run-test-plan.py --expected-failures-file ./main/conformance-tests/implicit-warnings.json --expected-skips-file ./main/conformance-tests/implicit-skips.json "oidcc-implicit-certification-test-plan[server_metadata=discovery][client_registration=static_client]" ./main/conformance-tests/conformance-implicit-ci.json
- name: Run RP logout
run: |
./conformance-suite/scripts/run-test-plan.py "oidcc-rp-initiated-logout-certification-test-plan[response_type=code][client_registration=static_client]" ./main/conformance-tests/conformance-rp-initiated-logout-ci.json
- name: Run RP backchannel
run: |
./conformance-suite/scripts/run-test-plan.py "oidcc-backchannel-rp-initiated-logout-certification-test-plan[response_type=code][client_registration=static_client]" ./main/conformance-tests/conformance-back-channel-logout-ci.json
- name: Stop SSP
working-directory: ./main
run: |
docker-compose -f docker/docker-compose.yml down
- name: Stop Conformance Suite
working-directory: ./conformance-suite
# cleaning up errors out on removing the network, so add "|| true" to prevent that from breaking the build
run: |
docker-compose -f docker-compose-dev.yml down || true
sudo rm -rf mongo