Skip to content

WIP Move to SSP UI #1018

WIP Move to SSP UI

WIP Move to SSP UI #1018

Workflow file for this run

name: CI
on:
push:
branches: ["**"]
pull_request:
types: [opened, synchronize, reopened, closed]
jobs:
basic-tests:
name: Syntax and unit tests, PHP ${{ matrix.php-versions }}, ${{ matrix.operating-system }}
runs-on: [ubuntu-latest]
strategy:
fail-fast: false
matrix:
php-versions: ["8.2", "8.3"]
steps:
- name: Setup PHP, with composer and extensions
uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php
with:
php-version: ${{ matrix.php-versions }}
extensions: mbstring, xml
tools: composer:v2
coverage: pcov
- name: Setup problem matchers for PHP
run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
- name: Setup problem matchers for PHPUnit
run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
- name: Set git to use LF
run: |
git config --global core.autocrlf false
git config --global core.eol lf
- uses: actions/checkout@v4
- name: Get composer cache directory
id: composer-cache
run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
- name: Cache composer dependencies
uses: actions/cache@v4
with:
path: $COMPOSER_CACHE
key: "${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}"
restore-keys: ${{ runner.os }}-composer-
- name: Validate composer.json and composer.lock
run: composer validate
- name: Install Composer dependencies
run: composer install --no-progress --prefer-dist --optimize-autoloader
- name: Decide whether to run code coverage or not
if: ${{ matrix.php-versions != '8.2' }}
run: |
echo "NO_COVERAGE=--no-coverage" >> $GITHUB_ENV
- name: Run unit tests
run: |
echo $NO_COVERAGE
./vendor/bin/phpunit $NO_COVERAGE
- name: Run integration tests
run: |
echo $NO_COVERAGE
./vendor/bin/phpunit $NO_COVERAGE --no-configuration -c phpunit.integration.xml
- name: Merge coverage data
if: ${{ matrix.php-versions == '8.2' }}
run: |
./vendor/bin/phpunit-merger log build/logs/partial_junit/ build/logs/junit.xml
./vendor/bin/phpunit-merger coverage build/logs/partial_clover/ build/logs/clover.xml
- name: Save coverage data
if: ${{ matrix.php-versions == '8.2' }}
uses: actions/upload-artifact@v4
with:
name: build-data
path: ${{ github.workspace }}/build
security:
name: Security checks
runs-on: [ubuntu-latest]
steps:
- name: Setup PHP, with composer and extensions
uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php
with:
php-version: "8.2"
extensions: mbstring, xml
tools: composer:v2
coverage: none
- name: Setup problem matchers for PHP
run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
- uses: actions/checkout@v4
- name: Get composer cache directory
id: composer-cache
run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
- name: Cache composer dependencies
uses: actions/cache@v4
with:
path: $COMPOSER_CACHE
key: "${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}"
restore-keys: ${{ runner.os }}-composer-
- name: Install Composer dependencies
run: composer install --no-progress --prefer-dist --optimize-autoloader
- name: Security check for locked dependencies
uses: symfonycorp/security-checker-action@v5
- name: Update Composer dependencies
run: composer update --no-progress --prefer-dist --optimize-autoloader
- name: Security check for updated dependencies
uses: symfonycorp/security-checker-action@v5
sanity-check:
name: Sanity checks
runs-on: [ubuntu-latest]
steps:
- name: Setup PHP, with composer and extensions
uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php
with:
php-version: "8.2"
extensions: mbstring, xml
tools: composer:v2
coverage: none
- name: Setup problem matchers for PHP
run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
- uses: actions/checkout@v4
- name: Get composer cache directory
id: composer-cache
run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
- name: Cache composer dependencies
uses: actions/cache@v4
with:
path: $COMPOSER_CACHE
key: "${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}"
restore-keys: ${{ runner.os }}-composer-
- name: Install Composer dependencies
run: composer install --no-progress --prefer-dist --optimize-autoloader
quality:
name: Quality control
runs-on: [ubuntu-latest]
needs: [basic-tests]
steps:
- name: Setup PHP, with composer and extensions
uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php
with:
php-version: "8.2"
tools: composer:v2
extensions: mbstring, xml
- name: Setup problem matchers for PHP
run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
- uses: actions/checkout@v4
- name: Get composer cache directory
id: composer-cache
run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
- name: Cache composer dependencies
uses: actions/cache@v4
with:
path: $COMPOSER_CACHE
key: "${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}"
restore-keys: ${{ runner.os }}-composer-
- name: Install Composer dependencies
run: composer install --no-progress --prefer-dist --optimize-autoloader
- uses: actions/download-artifact@v4
with:
name: build-data
path: ${{ github.workspace }}/build
- name: Codecov
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
fail_ci_if_error: true
verbose: true
- name: PHP Code Sniffer
if: always()
run: php vendor/bin/phpcs
- name: Psalm
if: always()
run: php vendor/bin/psalm --show-info=true
conformance-suite:
runs-on: ubuntu-latest
env:
SUITE_BASE_URL: https://localhost.emobix.co.uk:8443
VERSION: release-v4.1.45
steps:
- uses: actions/checkout@v4
with:
path: main
- name: Setup Python Dependencies
run: |
pip install --upgrade pip
pip install httpx
- name: Conformance Suite Checkout
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
run: git clone --depth 1 --single-branch --branch $VERSION https://gitlab.com/openid/conformance-suite.git
- name: Conformance Suite Build
working-directory: ./conformance-suite
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
env:
MAVEN_CACHE: ./m2
run: |
sed -i -e 's/localhost/localhost.emobix.co.uk/g' src/main/resources/application.properties
sed -i -e 's/-B clean/-B -DskipTests=true/g' builder-compose.yml
docker compose -f builder-compose.yml run builder
- name: Run Conformance Suite
working-directory: ./conformance-suite
run: |
docker compose -f docker-compose-dev.yml up -d
while ! curl -skfail https://localhost.emobix.co.uk:8443/api/runner/available >/dev/null; do sleep 2; done
- name: Start SSP docker
working-directory: ./main
# Must run after conformance suite since they share a docker network.
run: |
OIDC_VERSION=@dev docker compose -f docker/docker-compose.yml --project-directory . up -d --build
sleep 30
# while ! curl -skfail https://op.local.stack-dev.cirrusidentity.com/.well-known/openid-configuration >/dev/null; do sleep 2; done
- name: Run Basic conformance tests
run: |
./conformance-suite/scripts/run-test-plan.py --expected-failures-file ./main/conformance-tests/basic-warnings.json --expected-skips-file ./main/conformance-tests/basic-skips.json "oidcc-basic-certification-test-plan[server_metadata=discovery][client_registration=static_client]" ./main/conformance-tests/conformance-basic-ci.json
- name: Run Implicit conformance tests
run: |
./conformance-suite/scripts/run-test-plan.py --expected-failures-file ./main/conformance-tests/implicit-warnings.json --expected-skips-file ./main/conformance-tests/implicit-skips.json "oidcc-implicit-certification-test-plan[server_metadata=discovery][client_registration=static_client]" ./main/conformance-tests/conformance-implicit-ci.json
- name: Run RP logout
run: |
./conformance-suite/scripts/run-test-plan.py "oidcc-rp-initiated-logout-certification-test-plan[response_type=code][client_registration=static_client]" ./main/conformance-tests/conformance-rp-initiated-logout-ci.json
- name: Run RP backchannel
run: |
./conformance-suite/scripts/run-test-plan.py "oidcc-backchannel-rp-initiated-logout-certification-test-plan[response_type=code][client_registration=static_client]" ./main/conformance-tests/conformance-back-channel-logout-ci.json
- name: Stop SSP
working-directory: ./main
run: |
docker compose -f docker/docker-compose.yml down
- name: Stop Conformance Suite
working-directory: ./conformance-suite
# cleaning up errors out on removing the network, so add "|| true" to prevent that from breaking the build
run: |
docker compose -f docker-compose-dev.yml down || true
sudo rm -rf mongo