-
Notifications
You must be signed in to change notification settings - Fork 734
299 lines (263 loc) · 11.3 KB
/
fapi-oidc-conformance-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
# This workflow will test IS for OIDC FAPI conformance
name: FAPI OIDC Conformance Test
on:
schedule:
# Everyday at 08:30 UTC (2:00 AM SL time)
- cron: '30 20 * * *'
# Allows the workflow to run automatically after a release
release:
types: [published]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
inputs:
tag:
description: 'Product-is release tag (Ex: v7.0.0-alpha2). If not provided, latest release tag is used.'
required: false
conformance-suite-version:
description: 'Conformance suite branch to clone in https://gitlab.com/openid/conformance-suite.git (Ex: release-v5.1.10). If not provided, latest release tag branch is used.'
required: false
send-email:
description: 'Send test results to email'
required: true
default: 'no'
send-chat:
description: 'Send test results to google chat'
required: true
default: 'yes'
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
path: './product-is'
- name: Set up JDK 11
uses: actions/setup-java@v1
with:
java-version: 11.0.18+10
- name: Setup Python
run: |
python3 -m pip install --upgrade pip setuptools wheel
pip3 install psutil
pip3 install httpx
pip3 install httplib2
- name: Get IS zip
run: |
INPUT_TAG=${{github.event.inputs.tag}}
if [[ -z "${INPUT_TAG}" ]]; then
echo ">>> Building IS from source..."
mkdir cloned-product-is
cd cloned-product-is
git clone https://github.com/wso2/product-is
cd product-is
mvn clean install -Dmaven.test.skip=true | tee mvn-build.log
REPO_BUILD_STATUS=$(cat mvn-build.log | grep "\[INFO\] BUILD" | grep -oE '[^ ]+$')
echo "==========================================================="
echo "BUILD $REPO_BUILD_STATUS"
echo "=========================================================="
if [[ "${REPO_BUILD_STATUS}" != "SUCCESS" ]]; then
exit 1
fi
zip_file=$(find . -name 'wso2is-*.zip' -type f -not -name 'wso2is-*-src.zip' -print -quit)
if [[ -z "$zip_file" ]]; then
echo "Zip file not found"
exit 1
fi
echo ">>> Zip file found: $zip_file"
echo ">>> Copying zip file to the root directory ..."
cp "$zip_file" ./../../
cd ../..
ls
echo ">>> Remove cloned-product-is directory"
rm -rf cloned-product-is
ls
else
owner="wso2"
repo="product-is"
if [[ -z "${INPUT_TAG}" ]]; then
tag=${GITHUB_REF:10}
tag_trimmed=${tag// }
else
tag=${{github.event.inputs.tag}}
tag_trimmed=${tag// }
fi
artifact="wso2is-${tag_trimmed:1}.zip"
echo "Tag=$tag"
echo "Artifact=$artifact"
list_asset_url="https://api.github.com/repos/${owner}/${repo}/releases/tags/${tag_trimmed}"
asset_url=$(curl "${list_asset_url}" | jq ".assets[] | select(.name==\"${artifact}\") | .url" | sed 's/\"//g')
curl -vLJO -H 'Accept: application/octet-stream' \
"${asset_url}"
fi
- name: Add deployment toml configs to IS
run: |
PRODUCT_IS_ZIP=$(find ./ -name 'wso2is*' -type f -printf "%f\n")
echo ">>> Unzipping Product IS: ${PRODUCT_IS_ZIP} ..."
unzip -qq ${PRODUCT_IS_ZIP}
PRODUCT_IS=$(find ./ -maxdepth 1 -name 'wso2is*' -type d -printf "%f\n")
echo ">>> Adding deployment-fapi-config.toml configs to deployment.toml..."
cp -f ./product-is/oidc-fapi-conformance-tests/config/deployment-fapi-config.toml $PRODUCT_IS/repository/conf/deployment.toml
echo ">>> Zipping $PRODUCT_IS to $PRODUCT_IS_ZIP"
zip -qq -r $PRODUCT_IS_ZIP $PRODUCT_IS
rm -r $PRODUCT_IS
- name: Clone conformance suite
run: |
sudo snap install jq
LATEST_RELEASE_BRANCH=$(curl -s https://gitlab.com/api/v4/projects/4175605/releases/ | jq '.[]' | jq -r '.name' | head -1)
echo ">>> Conformance suite latest release branch: $LATEST_RELEASE_BRANCH"
PROVIDED_VERSION=${{github.event.inputs.conformance-suite-version}}
if [[ -z "${PROVIDED_VERSION}" ]]; then
CONFORMANCE_SUITE_BRANCH=$LATEST_RELEASE_BRANCH
echo ">>> Conformance suite latest release branch is taken: $CONFORMANCE_SUITE_BRANCH"
else
CONFORMANCE_SUITE_BRANCH=$PROVIDED_VERSION
echo ">>> Conformance suite provided branch is taken: $CONFORMANCE_SUITE_BRANCH"
fi
echo ">>> Selected conformance suite branch: $CONFORMANCE_SUITE_BRANCH"
git clone --depth 1 --branch ${CONFORMANCE_SUITE_BRANCH} https://gitlab.com/openid/conformance-suite.git
- name: Adding extra hosts to docker-compose.yml and adding iam as a localhost to /etc/hosts
run: |
sed -i '/^ volumes.*/i \ \ \ \ extra_hosts:\n \ \ \ \ - "localhost:\$IP\"\n \ \ \ \ - "iam:\$IP\"' ./conformance-suite/docker-compose-dev.yml
sed -i '/^ volumes.*/i \ \ \ \ extra_hosts:\n \ \ \ \ - "localhost:\$IP\"\n \ \ \ \ - "iam:\$IP\"' ./conformance-suite/docker-compose.yml
sudo -- sh -c -e "echo '127.0.1.1 iam' >> /etc/hosts"
sudo -- sh -c -e "echo '127.0.1.1 www.iam.com' >> /etc/hosts"
- name: Start FAPI resource server
run: |
sudo apt update
sudo apt install nginx
echo ">>> NGINX installed successfully !"
sudo chmod 777 -R /etc/nginx
echo ">>> Permission changed for /etc/nginx"
mkdir -p /etc/nginx/ssl
echo ">>> /etc/nginx/ssl created successfully!"
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/serverCA.key -out /etc/nginx/ssl/serverCA.crt -subj "/C=US/ST=California/L=San Francisco/O=My Company/OU=IT Department/CN=mycompany.com"
echo ">>> FAPI resource server keys saved successfully!"
cd product-is/oidc-fapi-conformance-tests/resource-server
cp -f nginx-proxy /etc/nginx/sites-enabled
sudo nginx -t
sudo service nginx restart
echo ">>> NGINX reverse proxy server started successfully!"
pip install virtualenv
python3 -m virtualenv venv
source ./venv/bin/activate
pip install -r requirements.txt
echo ">>> FAPI resource server starting..."
. ./venv/bin/activate
nohup python3 resource-server.py > resource-server.log &
sleep 5
cat resource-server.log
- name: Configure IS and Conformance Suite and run IS
run: |
PRODUCT_IS_ZIP=$(find ./ -name wso2is* -type f -printf "%f\n")
cd ./product-is/oidc-fapi-conformance-tests
python3 ./configure_is_fapi.py ../../$PRODUCT_IS_ZIP
- name: Set up JDK 17
uses: actions/setup-java@v2
with:
java-version: 17
distribution: temurin
- name: Start Conformance Suite server
run: |
DOCKER_COMPOSE_FILE=./docker-compose.yml
cd conformance-suite
IP=$(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1)
export IP
echo ">>> Host ip: "
printenv IP
mvn clean package
python3 ../product-is/oidc-fapi-conformance-tests/start_conformance_suite.py $DOCKER_COMPOSE_FILE
- name: Run Tests
run: bash ./product-is/oidc-fapi-conformance-tests/test_runner_fapi.sh
- name: Test Results
run: |
IS_SUCCESSFUL=false
if python3 ./product-is/oidc-fapi-conformance-tests/export_results_fapi.py https://localhost:8443
then
IS_SUCCESSFUL=true
fi
if $IS_SUCCESSFUL
then
echo "======================"
echo "All Test Cases Passed!"
echo "======================"
exit 0
else
echo "============================================="
echo "Failed Test Cases Found. Exiting with Failure"
echo "============================================="
exit 1
fi
- name: Archive test results
uses: actions/upload-artifact@v2
if: always()
with:
name: test-results
path: ./*test_results.zip
- name: Archive test logs
uses: actions/upload-artifact@v2
if: always()
with:
name: test-logs
path: ./*log.txt
- name: Send Email
if: always()
run: |
INPUT=${{github.event.inputs.send-email}}
if [[ -z "${INPUT}" ]]; then
INPUT="no"
fi
SEND_EMAIL=${INPUT^^}
if [ $SEND_EMAIL == "YES" ]; then
echo "============="
echo "Sending Email"
echo "============="
CONFORMANCE_SUITE_URL=https://localhost:8443
INPUT_TAG=${{github.event.inputs.tag}}
if [[ -z "${INPUT_TAG}" ]]; then
RESOURCE="built-from-latest-source"
else
RESOURCE=${{github.event.inputs.tag}}
fi
RECEIVER_LIST=${{secrets.FAPI_RECEIVER_LIST}}
if [[ -z "${RECEIVER_LIST}" ]]; then
RECEIVER_LIST=${{secrets.RECEIVER_LIST}}
fi
python3 ./product-is/oidc-conformance-tests/send_email.py $CONFORMANCE_SUITE_URL $GITHUB_RUN_NUMBER ${{job.status}} ${{github.repository}} ${{github.run_id}} ${{secrets.SENDER_EMAIL}} ${{secrets.PASSWORD}} ${{secrets.FAPI_RECEIVER_LIST}} $RESOURCE
elif [ $SEND_EMAIL == "NO" ]; then
echo "========================================"
echo "Skipped Sending Email"
echo "========================================"
else
echo "================================================================="
echo "Invalid parameter value. Skipped sending email"
echo "================================================================="
fi
- name: Send Chat message
if: always()
run: |
INPUT=${{github.event.inputs.send-chat}}
if [[ -z "${INPUT}" ]]; then
INPUT="yes"
fi
INPUT_TAG=${{github.event.inputs.tag}}
if [[ -z "${INPUT_TAG}" ]]; then
RESOURCE="built from latest source"
else
RESOURCE=${{github.event.inputs.tag}}
fi
SEND_CHAT=${INPUT^^}
if [ $SEND_CHAT == "YES" ]; then
echo "==========================="
echo "Sending Google Chat Message"
echo "==========================="
CONFORMANCE_SUITE_URL=https://localhost:8443
python3 ./product-is/oidc-conformance-tests/send_chat.py "$CONFORMANCE_SUITE_URL" "$GITHUB_RUN_NUMBER" "${{job.status}}" "${{github.repository}}" "${{github.run_id}}" "${{secrets.GOOGLE_CHAT_WEBHOOK_OIDC_TEST}}" "$RESOURCE" "FAPI OIDC Conformance Test"
elif [ $SEND_CHAT == "NO" ]; then
echo "========================================"
echo "Skipped Sending Google Chat Message"
echo "========================================"
else
echo "================================================================="
echo "Invalid parameter value. Skipped sending google chat message"
echo "================================================================="
fi