-
Notifications
You must be signed in to change notification settings - Fork 734
222 lines (188 loc) · 8.15 KB
/
fapi-oidc-conformance-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
# This workflow will test IS for OIDC FAPI conformance
name: FAPI-OIDC-Conformance-Test
on:
schedule:
# Everyday at 08:30 UTC (2:00 AM SL time)
- cron: '30 20 * * *'
# Allows the workflow to run automatically after a release
release:
types: [published]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
inputs:
tag:
description: 'Product-is release tag (Ex: v7.0.0-alpha2). If not provided, latest release tag is used.'
required: false
conformance-suite-version:
description: 'Conformance suite branch to clone in https://gitlab.com/openid/conformance-suite.git (Ex: release-v5.1.10). If not provided, latest release tag branch is used.'
required: false
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
path: './product-is'
- name: Set up JDK 11
uses: actions/setup-java@v1
with:
java-version: 11.0.18+10
- name: Setup Python
run: |
python3 -m pip install --upgrade pip setuptools wheel
pip3 install psutil
pip3 install httpx
pip3 install httplib2
- name: Get IS zip
run: |
INPUT_TAG=${{github.event.inputs.tag}}
if [[ -z "${INPUT_TAG}" ]]; then
echo ">>> Building IS from source..."
mkdir cloned-product-is
cd cloned-product-is
git clone https://github.com/wso2/product-is
cd product-is
mvn clean install -Dmaven.test.skip=true | tee mvn-build.log
REPO_BUILD_STATUS=$(cat mvn-build.log | grep "\[INFO\] BUILD" | grep -oE '[^ ]+$')
echo "==========================================================="
echo "BUILD $REPO_BUILD_STATUS"
echo "=========================================================="
if [[ "${REPO_BUILD_STATUS}" != "SUCCESS" ]]; then
exit 1
fi
zip_file=$(find . -name 'wso2is-*.zip' -type f -not -name 'wso2is-*-src.zip' -print -quit)
if [[ -z "$zip_file" ]]; then
echo "Zip file not found"
exit 1
fi
echo ">>> Zip file found: $zip_file"
echo ">>> Copying zip file to the root directory ..."
cp "$zip_file" ./../../
cd ../..
ls
echo ">>> Remove cloned-product-is directory"
rm -rf cloned-product-is
ls
else
owner="wso2"
repo="product-is"
if [[ -z "${INPUT_TAG}" ]]; then
tag=${GITHUB_REF:10}
tag_trimmed=${tag// }
else
tag=${{github.event.inputs.tag}}
tag_trimmed=${tag// }
fi
artifact="wso2is-${tag_trimmed:1}.zip"
echo "Tag=$tag"
echo "Artifact=$artifact"
list_asset_url="https://api.github.com/repos/${owner}/${repo}/releases/tags/${tag_trimmed}"
asset_url=$(curl "${list_asset_url}" | jq ".assets[] | select(.name==\"${artifact}\") | .url" | sed 's/\"//g')
curl -vLJO -H 'Accept: application/octet-stream' \
"${asset_url}"
fi
- name: Add deployment toml configs to IS
run: |
PRODUCT_IS_ZIP=$(find ./ -name 'wso2is*' -type f -printf "%f\n")
echo ">>> Unzipping Product IS: ${PRODUCT_IS_ZIP} ..."
unzip -qq ${PRODUCT_IS_ZIP}
PRODUCT_IS=$(find ./ -maxdepth 1 -name 'wso2is*' -type d -printf "%f\n")
echo ">>> Adding deployment-fapi-config.toml configs to deployment.toml..."
cp -f ./product-is/oidc-fapi-conformance-tests/config/deployment-fapi-config.toml $PRODUCT_IS/repository/conf/deployment.toml
echo ">>> Zipping $PRODUCT_IS to $PRODUCT_IS_ZIP"
zip -qq -r $PRODUCT_IS_ZIP $PRODUCT_IS
rm -r $PRODUCT_IS
- name: Clone conformance suite
run: |
sudo snap install jq
LATEST_RELEASE_BRANCH=$(curl -s https://gitlab.com/api/v4/projects/4175605/releases/ | jq '.[]' | jq -r '.name' | head -1)
echo ">>> Conformance suite latest release branch: $LATEST_RELEASE_BRANCH"
PROVIDED_VERSION=${{github.event.inputs.conformance-suite-version}}
if [[ -z "${PROVIDED_VERSION}" ]]; then
CONFORMANCE_SUITE_BRANCH=$LATEST_RELEASE_BRANCH
echo ">>> Conformance suite latest release branch is taken: $CONFORMANCE_SUITE_BRANCH"
else
CONFORMANCE_SUITE_BRANCH=$PROVIDED_VERSION
echo ">>> Conformance suite provided branch is taken: $CONFORMANCE_SUITE_BRANCH"
fi
echo ">>> Selected conformance suite branch: $CONFORMANCE_SUITE_BRANCH"
git clone --depth 1 --branch ${CONFORMANCE_SUITE_BRANCH} https://gitlab.com/openid/conformance-suite.git
- name: Adding extra hosts to docker-compose.yml and adding iam as a localhost to /etc/hosts
run: |
sed -i '/^ volumes.*/i \ \ \ \ extra_hosts:\n \ \ \ \ - "localhost:\$IP\"\n \ \ \ \ - "iam:\$IP\"' ./conformance-suite/docker-compose-dev.yml
sed -i '/^ volumes.*/i \ \ \ \ extra_hosts:\n \ \ \ \ - "localhost:\$IP\"\n \ \ \ \ - "iam:\$IP\"' ./conformance-suite/docker-compose.yml
sudo -- sh -c -e "echo '127.0.1.1 iam' >> /etc/hosts"
sudo -- sh -c -e "echo '127.0.1.1 www.iam.com' >> /etc/hosts"
- name: Start FAPI resource server
run: |
sudo apt update
sudo apt install nginx
echo ">>> NGINX installed successfully !"
sudo chmod 777 -R /etc/nginx
echo ">>> Permission changed for /etc/nginx"
mkdir -p /etc/nginx/ssl
echo ">>> /etc/nginx/ssl created successfully!"
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/serverCA.key -out /etc/nginx/ssl/serverCA.crt -subj "/C=US/ST=California/L=San Francisco/O=My Company/OU=IT Department/CN=mycompany.com"
echo ">>> FAPI resource server keys saved successfully!"
cd product-is/oidc-fapi-conformance-tests/resource-server
cp -f nginx-proxy /etc/nginx/sites-enabled
sudo nginx -t
sudo service nginx restart
echo ">>> NGINX reverse proxy server started successfully!"
pip install virtualenv
python3 -m virtualenv venv
source ./venv/bin/activate
pip install -r requirements.txt
echo ">>> FAPI resource server starting..."
. ./venv/bin/activate
nohup python3 resource-server.py > resource-server.log &
sleep 5
cat resource-server.log
- name: Configure IS and Conformance Suite and run IS
run: |
PRODUCT_IS_ZIP=$(find ./ -name wso2is* -type f -printf "%f\n")
cd ./product-is/oidc-fapi-conformance-tests
python3 ./configure_is_fapi.py ../../$PRODUCT_IS_ZIP
- name: Start Conformance Suite server
run: |
DOCKER_COMPOSE_FILE=./docker-compose.yml
cd conformance-suite
IP=$(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1)
export IP
echo ">>> Host ip: "
printenv IP
mvn clean package
python3 ../product-is/oidc-fapi-conformance-tests/start_conformance_suite.py $DOCKER_COMPOSE_FILE
- name: Run Tests
run: bash ./product-is/oidc-fapi-conformance-tests/test_runner_fapi.sh
- name: Test Results
run: |
IS_SUCCESSFUL=false
if python3 ./product-is/oidc-fapi-conformance-tests/export_results_fapi.py https://localhost:8443
then
IS_SUCCESSFUL=true
fi
if $IS_SUCCESSFUL
then
echo "======================"
echo "All Test Cases Passed!"
echo "======================"
exit 0
else
echo "============================================="
echo "Failed Test Cases Found. Exiting with Failure"
echo "============================================="
exit 1
fi
- name: Archive test results
uses: actions/upload-artifact@v2
if: always()
with:
name: test-results
path: ./*test_results.zip
- name: Archive test logs
uses: actions/upload-artifact@v2
if: always()
with:
name: test-logs
path: ./*log.txt