Skip to content

FAPI OIDC Conformance Test #10

FAPI OIDC Conformance Test

FAPI OIDC Conformance Test #10

# This workflow will test IS for OIDC FAPI conformance
name: FAPI-OIDC-Conformance-Test
on:
schedule:
# Everyday at 08:30 UTC (2:00 AM SL time)
- cron: '30 20 * * *'
# Allows the workflow to run automatically after a release
release:
types: [published]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
inputs:
tag:
description: 'Product-is release tag (Ex: v7.0.0-alpha2). If not provided, latest release tag is used.'
required: false
conformance-suite-version:
description: 'Conformance suite branch to clone in https://gitlab.com/openid/conformance-suite.git (Ex: release-v5.1.10). If not provided, latest release tag branch is used.'
required: false
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
path: './product-is'
- name: Set up JDK 11
uses: actions/setup-java@v1
with:
java-version: 11.0.18+10
- name: Setup Python
run: |
python3 -m pip install --upgrade pip setuptools wheel
pip3 install psutil
pip3 install httpx
pip3 install httplib2
- name: Get IS zip
run: |
INPUT_TAG=${{github.event.inputs.tag}}
if [[ -z "${INPUT_TAG}" ]]; then
echo ">>> Building IS from source..."
mkdir cloned-product-is
cd cloned-product-is
git clone https://github.com/wso2/product-is
cd product-is
mvn clean install -Dmaven.test.skip=true | tee mvn-build.log
REPO_BUILD_STATUS=$(cat mvn-build.log | grep "\[INFO\] BUILD" | grep -oE '[^ ]+$')
echo "==========================================================="
echo "BUILD $REPO_BUILD_STATUS"
echo "=========================================================="
if [[ "${REPO_BUILD_STATUS}" != "SUCCESS" ]]; then
exit 1
fi
zip_file=$(find . -name 'wso2is-*.zip' -type f -not -name 'wso2is-*-src.zip' -print -quit)
if [[ -z "$zip_file" ]]; then
echo "Zip file not found"
exit 1
fi
echo ">>> Zip file found: $zip_file"
echo ">>> Copying zip file to the root directory ..."
cp "$zip_file" ./../../
cd ../..
ls
echo ">>> Remove cloned-product-is directory"
rm -rf cloned-product-is
ls
else
owner="wso2"
repo="product-is"
if [[ -z "${INPUT_TAG}" ]]; then
tag=${GITHUB_REF:10}
tag_trimmed=${tag// }
else
tag=${{github.event.inputs.tag}}
tag_trimmed=${tag// }
fi
artifact="wso2is-${tag_trimmed:1}.zip"
echo "Tag=$tag"
echo "Artifact=$artifact"
list_asset_url="https://api.github.com/repos/${owner}/${repo}/releases/tags/${tag_trimmed}"
asset_url=$(curl "${list_asset_url}" | jq ".assets[] | select(.name==\"${artifact}\") | .url" | sed 's/\"//g')
curl -vLJO -H 'Accept: application/octet-stream' \
"${asset_url}"
fi
- name: Add deployment toml configs to IS
run: |
PRODUCT_IS_ZIP=$(find ./ -name 'wso2is*' -type f -printf "%f\n")
echo ">>> Unzipping Product IS: ${PRODUCT_IS_ZIP} ..."
unzip -qq ${PRODUCT_IS_ZIP}
PRODUCT_IS=$(find ./ -maxdepth 1 -name 'wso2is*' -type d -printf "%f\n")
echo ">>> Adding deployment-fapi-config.toml configs to deployment.toml..."
cp -f ./product-is/oidc-fapi-conformance-tests/config/deployment-fapi-config.toml $PRODUCT_IS/repository/conf/deployment.toml
echo ">>> Zipping $PRODUCT_IS to $PRODUCT_IS_ZIP"
zip -qq -r $PRODUCT_IS_ZIP $PRODUCT_IS
rm -r $PRODUCT_IS
- name: Clone conformance suite
run: |
sudo snap install jq
LATEST_RELEASE_BRANCH=$(curl -s https://gitlab.com/api/v4/projects/4175605/releases/ | jq '.[]' | jq -r '.name' | head -1)
echo ">>> Conformance suite latest release branch: $LATEST_RELEASE_BRANCH"
PROVIDED_VERSION=${{github.event.inputs.conformance-suite-version}}
if [[ -z "${PROVIDED_VERSION}" ]]; then
CONFORMANCE_SUITE_BRANCH=$LATEST_RELEASE_BRANCH
echo ">>> Conformance suite latest release branch is taken: $CONFORMANCE_SUITE_BRANCH"
else
CONFORMANCE_SUITE_BRANCH=$PROVIDED_VERSION
echo ">>> Conformance suite provided branch is taken: $CONFORMANCE_SUITE_BRANCH"
fi
echo ">>> Selected conformance suite branch: $CONFORMANCE_SUITE_BRANCH"
git clone --depth 1 --branch ${CONFORMANCE_SUITE_BRANCH} https://gitlab.com/openid/conformance-suite.git
- name: Adding extra hosts to docker-compose.yml and adding iam as a localhost to /etc/hosts
run: |
sed -i '/^ volumes.*/i \ \ \ \ extra_hosts:\n \ \ \ \ - "localhost:\$IP\"\n \ \ \ \ - "iam:\$IP\"' ./conformance-suite/docker-compose-dev.yml
sed -i '/^ volumes.*/i \ \ \ \ extra_hosts:\n \ \ \ \ - "localhost:\$IP\"\n \ \ \ \ - "iam:\$IP\"' ./conformance-suite/docker-compose.yml
sudo -- sh -c -e "echo '127.0.1.1 iam' >> /etc/hosts"
sudo -- sh -c -e "echo '127.0.1.1 www.iam.com' >> /etc/hosts"
- name: Start FAPI resource server
run: |
sudo apt update
sudo apt install nginx
echo ">>> NGINX installed successfully !"
sudo chmod 777 -R /etc/nginx
echo ">>> Permission changed for /etc/nginx"
mkdir -p /etc/nginx/ssl
echo ">>> /etc/nginx/ssl created successfully!"
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/serverCA.key -out /etc/nginx/ssl/serverCA.crt -subj "/C=US/ST=California/L=San Francisco/O=My Company/OU=IT Department/CN=mycompany.com"
echo ">>> FAPI resource server keys saved successfully!"
cd product-is/oidc-fapi-conformance-tests/resource-server
cp -f nginx-proxy /etc/nginx/sites-enabled
sudo nginx -t
sudo service nginx restart
echo ">>> NGINX reverse proxy server started successfully!"
pip install virtualenv
python3 -m virtualenv venv
source ./venv/bin/activate
pip install -r requirements.txt
echo ">>> FAPI resource server starting..."
. ./venv/bin/activate
nohup python3 resource-server.py > resource-server.log &
sleep 5
cat resource-server.log
- name: Configure IS and Conformance Suite and run IS
run: |
PRODUCT_IS_ZIP=$(find ./ -name wso2is* -type f -printf "%f\n")
cd ./product-is/oidc-fapi-conformance-tests
python3 ./configure_is_fapi.py ../../$PRODUCT_IS_ZIP
- name: Start Conformance Suite server
run: |
DOCKER_COMPOSE_FILE=./docker-compose.yml
cd conformance-suite
IP=$(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1)
export IP
echo ">>> Host ip: "
printenv IP
mvn clean package
python3 ../product-is/oidc-fapi-conformance-tests/start_conformance_suite.py $DOCKER_COMPOSE_FILE
- name: Run Tests
run: bash ./product-is/oidc-fapi-conformance-tests/test_runner_fapi.sh
- name: Test Results
run: |
IS_SUCCESSFUL=false
if python3 ./product-is/oidc-fapi-conformance-tests/export_results_fapi.py https://localhost:8443
then
IS_SUCCESSFUL=true
fi
if $IS_SUCCESSFUL
then
echo "======================"
echo "All Test Cases Passed!"
echo "======================"
exit 0
else
echo "============================================="
echo "Failed Test Cases Found. Exiting with Failure"
echo "============================================="
exit 1
fi
- name: Archive test results
uses: actions/upload-artifact@v2
if: always()
with:
name: test-results
path: ./*test_results.zip
- name: Archive test logs
uses: actions/upload-artifact@v2
if: always()
with:
name: test-logs
path: ./*log.txt