Start testing with SSP v2.3 #1045
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: ["**"] | |
pull_request: | |
types: [opened, synchronize, reopened, closed] | |
jobs: | |
basic-tests: | |
name: Syntax and unit tests, PHP ${{ matrix.php-versions }}, ${{ matrix.operating-system }} | |
runs-on: [ubuntu-latest] | |
strategy: | |
fail-fast: false | |
matrix: | |
php-versions: ["8.2", "8.3"] | |
steps: | |
- name: Setup PHP, with composer and extensions | |
uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php | |
with: | |
php-version: ${{ matrix.php-versions }} | |
extensions: mbstring, xml | |
tools: composer:v2 | |
coverage: pcov | |
- name: Setup problem matchers for PHP | |
run: echo "::add-matcher::${{ runner.tool_cache }}/php.json" | |
- name: Setup problem matchers for PHPUnit | |
run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json" | |
- name: Set git to use LF | |
run: | | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
- uses: actions/checkout@v4 | |
- name: Get composer cache directory | |
id: composer-cache | |
run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV" | |
- name: Cache composer dependencies | |
uses: actions/cache@v4 | |
with: | |
path: $COMPOSER_CACHE | |
key: "${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}" | |
restore-keys: ${{ runner.os }}-composer- | |
- name: Validate composer.json and composer.lock | |
run: composer validate | |
- name: Install Composer dependencies | |
run: composer install --no-progress --prefer-dist --optimize-autoloader | |
- name: Decide whether to run code coverage or not | |
if: ${{ matrix.php-versions != '8.2' }} | |
run: | | |
echo "NO_COVERAGE=--no-coverage" >> $GITHUB_ENV | |
- name: Run unit tests | |
run: | | |
echo $NO_COVERAGE | |
./vendor/bin/phpunit $NO_COVERAGE | |
- name: Run integration tests | |
run: | | |
echo $NO_COVERAGE | |
./vendor/bin/phpunit $NO_COVERAGE --no-configuration -c phpunit.integration.xml | |
- name: Merge coverage data | |
if: ${{ matrix.php-versions == '8.2' }} | |
run: | | |
./vendor/bin/phpunit-merger log build/logs/partial_junit/ build/logs/junit.xml | |
./vendor/bin/phpunit-merger coverage build/logs/partial_clover/ build/logs/clover.xml | |
- name: Save coverage data | |
if: ${{ matrix.php-versions == '8.2' }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: build-data | |
path: ${{ github.workspace }}/build | |
security: | |
name: Security checks | |
runs-on: [ubuntu-latest] | |
steps: | |
- name: Setup PHP, with composer and extensions | |
uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php | |
with: | |
php-version: "8.2" | |
extensions: mbstring, xml | |
tools: composer:v2 | |
coverage: none | |
- name: Setup problem matchers for PHP | |
run: echo "::add-matcher::${{ runner.tool_cache }}/php.json" | |
- uses: actions/checkout@v4 | |
- name: Get composer cache directory | |
id: composer-cache | |
run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV" | |
- name: Cache composer dependencies | |
uses: actions/cache@v4 | |
with: | |
path: $COMPOSER_CACHE | |
key: "${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}" | |
restore-keys: ${{ runner.os }}-composer- | |
- name: Install Composer dependencies | |
run: composer install --no-progress --prefer-dist --optimize-autoloader | |
- name: Security check for locked dependencies | |
uses: symfonycorp/security-checker-action@v5 | |
- name: Update Composer dependencies | |
run: composer update --no-progress --prefer-dist --optimize-autoloader | |
- name: Security check for updated dependencies | |
uses: symfonycorp/security-checker-action@v5 | |
sanity-check: | |
name: Sanity checks | |
runs-on: [ubuntu-latest] | |
steps: | |
- name: Setup PHP, with composer and extensions | |
uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php | |
with: | |
php-version: "8.2" | |
extensions: mbstring, xml | |
tools: composer:v2 | |
coverage: none | |
- name: Setup problem matchers for PHP | |
run: echo "::add-matcher::${{ runner.tool_cache }}/php.json" | |
- uses: actions/checkout@v4 | |
- name: Get composer cache directory | |
id: composer-cache | |
run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV" | |
- name: Cache composer dependencies | |
uses: actions/cache@v4 | |
with: | |
path: $COMPOSER_CACHE | |
key: "${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}" | |
restore-keys: ${{ runner.os }}-composer- | |
- name: Install Composer dependencies | |
run: composer install --no-progress --prefer-dist --optimize-autoloader | |
quality: | |
name: Quality control | |
runs-on: [ubuntu-latest] | |
needs: [basic-tests] | |
steps: | |
- name: Setup PHP, with composer and extensions | |
uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php | |
with: | |
php-version: "8.2" | |
tools: composer:v2 | |
extensions: mbstring, xml | |
- name: Setup problem matchers for PHP | |
run: echo "::add-matcher::${{ runner.tool_cache }}/php.json" | |
- uses: actions/checkout@v4 | |
- name: Get composer cache directory | |
id: composer-cache | |
run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV" | |
- name: Cache composer dependencies | |
uses: actions/cache@v4 | |
with: | |
path: $COMPOSER_CACHE | |
key: "${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}" | |
restore-keys: ${{ runner.os }}-composer- | |
- name: Install Composer dependencies | |
run: composer install --no-progress --prefer-dist --optimize-autoloader | |
- uses: actions/download-artifact@v4 | |
with: | |
name: build-data | |
path: ${{ github.workspace }}/build | |
- name: Codecov | |
uses: codecov/codecov-action@v4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
fail_ci_if_error: true | |
verbose: true | |
- name: PHP Code Sniffer | |
if: always() | |
run: php vendor/bin/phpcs | |
- name: Psalm | |
if: always() | |
run: php vendor/bin/psalm --show-info=true | |
conformance-suite: | |
runs-on: ubuntu-latest | |
env: | |
SUITE_BASE_URL: https://localhost.emobix.co.uk:8443 | |
VERSION: release-v4.1.45 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
path: main | |
- name: Setup Python Dependencies | |
run: | | |
pip install --upgrade pip | |
pip install httpx | |
- name: Conformance Suite Checkout | |
if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
run: git clone --depth 1 --single-branch --branch $VERSION https://gitlab.com/openid/conformance-suite.git | |
- name: Conformance Suite Build | |
working-directory: ./conformance-suite | |
if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
env: | |
MAVEN_CACHE: ./m2 | |
run: | | |
sed -i -e 's/localhost/localhost.emobix.co.uk/g' src/main/resources/application.properties | |
sed -i -e 's/-B clean/-B -DskipTests=true/g' builder-compose.yml | |
docker compose -f builder-compose.yml run builder | |
- name: Run Conformance Suite | |
working-directory: ./conformance-suite | |
run: | | |
docker compose -f docker-compose-dev.yml up -d | |
while ! curl -skfail https://localhost.emobix.co.uk:8443/api/runner/available >/dev/null; do sleep 2; done | |
- name: Start SSP docker | |
working-directory: ./main | |
# Must run after conformance suite since they share a docker network. | |
run: | | |
OIDC_VERSION=@dev docker compose -f docker/docker-compose.yml --project-directory . up -d --build | |
sleep 30 | |
# while ! curl -skfail https://op.local.stack-dev.cirrusidentity.com/.well-known/openid-configuration >/dev/null; do sleep 2; done | |
- name: Run Basic conformance tests | |
run: | | |
./conformance-suite/scripts/run-test-plan.py --expected-failures-file ./main/conformance-tests/basic-warnings.json --expected-skips-file ./main/conformance-tests/basic-skips.json "oidcc-basic-certification-test-plan[server_metadata=discovery][client_registration=static_client]" ./main/conformance-tests/conformance-basic-ci.json | |
- name: Run Implicit conformance tests | |
run: | | |
./conformance-suite/scripts/run-test-plan.py --expected-failures-file ./main/conformance-tests/implicit-warnings.json --expected-skips-file ./main/conformance-tests/implicit-skips.json "oidcc-implicit-certification-test-plan[server_metadata=discovery][client_registration=static_client]" ./main/conformance-tests/conformance-implicit-ci.json | |
- name: Run RP logout | |
run: | | |
./conformance-suite/scripts/run-test-plan.py "oidcc-rp-initiated-logout-certification-test-plan[response_type=code][client_registration=static_client]" ./main/conformance-tests/conformance-rp-initiated-logout-ci.json | |
- name: Run RP backchannel | |
run: | | |
./conformance-suite/scripts/run-test-plan.py "oidcc-backchannel-rp-initiated-logout-certification-test-plan[response_type=code][client_registration=static_client]" ./main/conformance-tests/conformance-back-channel-logout-ci.json | |
- name: Stop SSP | |
working-directory: ./main | |
run: | | |
docker compose -f docker/docker-compose.yml down | |
- name: Stop Conformance Suite | |
working-directory: ./conformance-suite | |
# cleaning up errors out on removing the network, so add "|| true" to prevent that from breaking the build | |
run: | | |
docker compose -f docker-compose-dev.yml down || true | |
sudo rm -rf mongo | |