FAPI OIDC Conformance Test #27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will test IS for OIDC FAPI conformance | |
name: FAPI-OIDC-Conformance-Test | |
on: | |
schedule: | |
# Everyday at 08:30 UTC (2:00 AM SL time) | |
- cron: '30 20 * * *' | |
# Allows the workflow to run automatically after a release | |
release: | |
types: [published] | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
inputs: | |
tag: | |
description: 'Product-is release tag (Ex: v7.0.0-alpha2). If not provided, latest release tag is used.' | |
required: false | |
conformance-suite-version: | |
description: 'Conformance suite branch to clone in https://gitlab.com/openid/conformance-suite.git (Ex: release-v5.1.10). If not provided, latest release tag branch is used.' | |
required: false | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
path: './product-is' | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 11.0.18+10 | |
- name: Setup Python | |
run: | | |
python3 -m pip install --upgrade pip setuptools wheel | |
pip3 install psutil | |
pip3 install httpx | |
pip3 install httplib2 | |
- name: Get IS zip | |
run: | | |
INPUT_TAG=${{github.event.inputs.tag}} | |
if [[ -z "${INPUT_TAG}" ]]; then | |
echo ">>> Building IS from source..." | |
mkdir cloned-product-is | |
cd cloned-product-is | |
git clone https://github.com/wso2/product-is | |
cd product-is | |
mvn clean install -Dmaven.test.skip=true | tee mvn-build.log | |
REPO_BUILD_STATUS=$(cat mvn-build.log | grep "\[INFO\] BUILD" | grep -oE '[^ ]+$') | |
echo "===========================================================" | |
echo "BUILD $REPO_BUILD_STATUS" | |
echo "==========================================================" | |
if [[ "${REPO_BUILD_STATUS}" != "SUCCESS" ]]; then | |
exit 1 | |
fi | |
zip_file=$(find . -name 'wso2is-*.zip' -type f -not -name 'wso2is-*-src.zip' -print -quit) | |
if [[ -z "$zip_file" ]]; then | |
echo "Zip file not found" | |
exit 1 | |
fi | |
echo ">>> Zip file found: $zip_file" | |
echo ">>> Copying zip file to the root directory ..." | |
cp "$zip_file" ./../../ | |
cd ../.. | |
ls | |
echo ">>> Remove cloned-product-is directory" | |
rm -rf cloned-product-is | |
ls | |
else | |
owner="wso2" | |
repo="product-is" | |
if [[ -z "${INPUT_TAG}" ]]; then | |
tag=${GITHUB_REF:10} | |
tag_trimmed=${tag// } | |
else | |
tag=${{github.event.inputs.tag}} | |
tag_trimmed=${tag// } | |
fi | |
artifact="wso2is-${tag_trimmed:1}.zip" | |
echo "Tag=$tag" | |
echo "Artifact=$artifact" | |
list_asset_url="https://api.github.com/repos/${owner}/${repo}/releases/tags/${tag_trimmed}" | |
asset_url=$(curl "${list_asset_url}" | jq ".assets[] | select(.name==\"${artifact}\") | .url" | sed 's/\"//g') | |
curl -vLJO -H 'Accept: application/octet-stream' \ | |
"${asset_url}" | |
fi | |
- name: Add deployment toml configs to IS | |
run: | | |
PRODUCT_IS_ZIP=$(find ./ -name 'wso2is*' -type f -printf "%f\n") | |
echo ">>> Unzipping Product IS: ${PRODUCT_IS_ZIP} ..." | |
unzip -qq ${PRODUCT_IS_ZIP} | |
PRODUCT_IS=$(find ./ -maxdepth 1 -name 'wso2is*' -type d -printf "%f\n") | |
echo ">>> Adding deployment-fapi-config.toml configs to deployment.toml..." | |
cp -f ./product-is/oidc-fapi-conformance-tests/config/deployment-fapi-config.toml $PRODUCT_IS/repository/conf/deployment.toml | |
echo ">>> Zipping $PRODUCT_IS to $PRODUCT_IS_ZIP" | |
zip -qq -r $PRODUCT_IS_ZIP $PRODUCT_IS | |
rm -r $PRODUCT_IS | |
- name: Clone conformance suite | |
run: | | |
sudo snap install jq | |
LATEST_RELEASE_BRANCH=$(curl -s https://gitlab.com/api/v4/projects/4175605/releases/ | jq '.[]' | jq -r '.name' | head -1) | |
echo ">>> Conformance suite latest release branch: $LATEST_RELEASE_BRANCH" | |
PROVIDED_VERSION=${{github.event.inputs.conformance-suite-version}} | |
if [[ -z "${PROVIDED_VERSION}" ]]; then | |
CONFORMANCE_SUITE_BRANCH=$LATEST_RELEASE_BRANCH | |
echo ">>> Conformance suite latest release branch is taken: $CONFORMANCE_SUITE_BRANCH" | |
else | |
CONFORMANCE_SUITE_BRANCH=$PROVIDED_VERSION | |
echo ">>> Conformance suite provided branch is taken: $CONFORMANCE_SUITE_BRANCH" | |
fi | |
echo ">>> Selected conformance suite branch: $CONFORMANCE_SUITE_BRANCH" | |
git clone --depth 1 --branch ${CONFORMANCE_SUITE_BRANCH} https://gitlab.com/openid/conformance-suite.git | |
- name: Adding extra hosts to docker-compose.yml and adding iam as a localhost to /etc/hosts | |
run: | | |
sed -i '/^ volumes.*/i \ \ \ \ extra_hosts:\n \ \ \ \ - "localhost:\$IP\"\n \ \ \ \ - "iam:\$IP\"' ./conformance-suite/docker-compose-dev.yml | |
sed -i '/^ volumes.*/i \ \ \ \ extra_hosts:\n \ \ \ \ - "localhost:\$IP\"\n \ \ \ \ - "iam:\$IP\"' ./conformance-suite/docker-compose.yml | |
sudo -- sh -c -e "echo '127.0.1.1 iam' >> /etc/hosts" | |
sudo -- sh -c -e "echo '127.0.1.1 www.iam.com' >> /etc/hosts" | |
- name: Start FAPI resource server | |
run: | | |
sudo apt update | |
sudo apt install nginx | |
echo ">>> NGINX installed successfully !" | |
sudo chmod 777 -R /etc/nginx | |
echo ">>> Permission changed for /etc/nginx" | |
mkdir -p /etc/nginx/ssl | |
echo ">>> /etc/nginx/ssl created successfully!" | |
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/serverCA.key -out /etc/nginx/ssl/serverCA.crt -subj "/C=US/ST=California/L=San Francisco/O=My Company/OU=IT Department/CN=mycompany.com" | |
echo ">>> FAPI resource server keys saved successfully!" | |
cd product-is/oidc-fapi-conformance-tests/resource-server | |
cp -f nginx-proxy /etc/nginx/sites-enabled | |
sudo nginx -t | |
sudo service nginx restart | |
echo ">>> NGINX reverse proxy server started successfully!" | |
pip install virtualenv | |
python3 -m virtualenv venv | |
source ./venv/bin/activate | |
pip install -r requirements.txt | |
echo ">>> FAPI resource server starting..." | |
. ./venv/bin/activate | |
nohup python3 resource-server.py > resource-server.log & | |
sleep 5 | |
cat resource-server.log | |
- name: Configure IS and Conformance Suite and run IS | |
run: | | |
PRODUCT_IS_ZIP=$(find ./ -name wso2is* -type f -printf "%f\n") | |
cd ./product-is/oidc-fapi-conformance-tests | |
python3 ./configure_is_fapi.py ../../$PRODUCT_IS_ZIP | |
- name: Start Conformance Suite server | |
run: | | |
DOCKER_COMPOSE_FILE=./docker-compose.yml | |
cd conformance-suite | |
IP=$(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) | |
export IP | |
echo ">>> Host ip: " | |
printenv IP | |
mvn clean package | |
python3 ../product-is/oidc-fapi-conformance-tests/start_conformance_suite.py $DOCKER_COMPOSE_FILE | |
- name: Run Tests | |
run: bash ./product-is/oidc-fapi-conformance-tests/test_runner_fapi.sh | |
- name: Test Results | |
run: | | |
IS_SUCCESSFUL=false | |
if python3 ./product-is/oidc-fapi-conformance-tests/export_results_fapi.py https://localhost:8443 | |
then | |
IS_SUCCESSFUL=true | |
fi | |
if $IS_SUCCESSFUL | |
then | |
echo "======================" | |
echo "All Test Cases Passed!" | |
echo "======================" | |
exit 0 | |
else | |
echo "=============================================" | |
echo "Failed Test Cases Found. Exiting with Failure" | |
echo "=============================================" | |
exit 1 | |
fi | |
- name: Archive test results | |
uses: actions/upload-artifact@v2 | |
if: always() | |
with: | |
name: test-results | |
path: ./*test_results.zip | |
- name: Archive test logs | |
uses: actions/upload-artifact@v2 | |
if: always() | |
with: | |
name: test-logs | |
path: ./*log.txt | |