wso2 · Thumimku · Dec 7, 2023 · Nov 23, 2023 · Dec 6, 2023 · Dec 6, 2023
diff --git a/.github/workflows/fapi-oidc-conformance-test.yml b/.github/workflows/fapi-oidc-conformance-test.yml
@@ -0,0 +1,222 @@
+# This workflow will test IS for OIDC FAPI conformance
+
+name: FAPI-OIDC-Conformance-Test
+
+on:
+ schedule:
+ # Everyday at 08:30 UTC (2:00 AM SL time)
+ - cron: '30 20 * * *'
+ # Allows the workflow to run automatically after a release
+ release:
+ types: [published]
+ # Allows you to run this workflow manually from the Actions tab
+ workflow_dispatch:
+ inputs:
+ tag:
+ description: 'Product-is release tag (Ex: v7.0.0-alpha2). If not provided, latest release tag is used.'
+ required: false
+ conformance-suite-version:
+ description: 'Conformance suite branch to clone in https://gitlab.com/openid/conformance-suite.git (Ex: release-v5.1.10). If not provided, latest release tag branch is used.'
+ required: false
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ with:
+ path: './product-is'
+
+ - name: Set up JDK 11
+ uses: actions/setup-java@v1
+ with:
+ java-version: 11.0.18+10
+
+ - name: Setup Python
+ run: |
+ python3 -m pip install --upgrade pip setuptools wheel
+ pip3 install psutil
+ pip3 install httpx
+ pip3 install httplib2
+
+ - name: Get IS zip
+ run: |
+ INPUT_TAG=${{github.event.inputs.tag}}
+ if [[ -z "${INPUT_TAG}" ]]; then
+ echo ">>> Building IS from source..."
+ mkdir cloned-product-is
+ cd cloned-product-is
+ git clone https://github.com/wso2/product-is
+ cd product-is
+ mvn clean install -Dmaven.test.skip=true | tee mvn-build.log
+
+ REPO_BUILD_STATUS=$(cat mvn-build.log | grep "\[INFO\] BUILD" | grep -oE '[^ ]+$')
+ echo "==========================================================="
+ echo "BUILD $REPO_BUILD_STATUS"
+ echo "=========================================================="
+
+ if [[ "${REPO_BUILD_STATUS}" != "SUCCESS" ]]; then
+ exit 1
+ fi
+
+ zip_file=$(find . -name 'wso2is-*.zip' -type f -not -name 'wso2is-*-src.zip' -print -quit)
+
+ if [[ -z "$zip_file" ]]; then
+ echo "Zip file not found"
+ exit 1
+ fi
+
+ echo ">>> Zip file found: $zip_file"
+ echo ">>> Copying zip file to the root directory ..."
+
+ cp "$zip_file" ./../../
+ cd ../..
+ ls
+ echo ">>> Remove cloned-product-is directory"
+ rm -rf cloned-product-is
+ ls
+ else
+ owner="wso2"
+ repo="product-is"
+ if [[ -z "${INPUT_TAG}" ]]; then
+ tag=${GITHUB_REF:10}
+ tag_trimmed=${tag// }
+ else
+ tag=${{github.event.inputs.tag}}
+ tag_trimmed=${tag// }
+ fi
+
+ artifact="wso2is-${tag_trimmed:1}.zip"
+ echo "Tag=$tag"
+ echo "Artifact=$artifact"
+ list_asset_url="https://api.github.com/repos/${owner}/${repo}/releases/tags/${tag_trimmed}"
+ asset_url=$(curl "${list_asset_url}" | jq ".assets[] | select(.name==\"${artifact}\") | .url" | sed 's/\"//g')
+ curl -vLJO -H 'Accept: application/octet-stream' \
+ "${asset_url}"
+ fi
+
+ - name: Add deployment toml configs to IS
+ run: |
+ PRODUCT_IS_ZIP=$(find ./ -name 'wso2is*' -type f -printf "%f\n")
+ echo ">>> Unzipping Product IS: ${PRODUCT_IS_ZIP} ..."
+ unzip -qq ${PRODUCT_IS_ZIP}
+
+ PRODUCT_IS=$(find ./ -maxdepth 1 -name 'wso2is*' -type d -printf "%f\n")
+
+ echo ">>> Adding deployment-fapi-config.toml configs to deployment.toml..."
+ cp -f ./product-is/oidc-fapi-conformance-tests/config/deployment-fapi-config.toml $PRODUCT_IS/repository/conf/deployment.toml
+
+ echo ">>> Zipping $PRODUCT_IS to $PRODUCT_IS_ZIP"
+ zip -qq -r $PRODUCT_IS_ZIP $PRODUCT_IS
+ rm -r $PRODUCT_IS
+
+ - name: Clone conformance suite
+ run: |
+ sudo snap install jq
+ LATEST_RELEASE_BRANCH=$(curl -s https://gitlab.com/api/v4/projects/4175605/releases/ | jq '.[]' | jq -r '.name' | head -1)
+ echo ">>> Conformance suite latest release branch: $LATEST_RELEASE_BRANCH"
+ PROVIDED_VERSION=${{github.event.inputs.conformance-suite-version}}
+ if [[ -z "${PROVIDED_VERSION}" ]]; then
+ CONFORMANCE_SUITE_BRANCH=$LATEST_RELEASE_BRANCH
+ echo ">>> Conformance suite latest release branch is taken: $CONFORMANCE_SUITE_BRANCH"
+ else
+ CONFORMANCE_SUITE_BRANCH=$PROVIDED_VERSION
+ echo ">>> Conformance suite provided branch is taken: $CONFORMANCE_SUITE_BRANCH"
+ fi
+ echo ">>> Selected conformance suite branch: $CONFORMANCE_SUITE_BRANCH"
+ git clone --depth 1 --branch ${CONFORMANCE_SUITE_BRANCH} https://gitlab.com/openid/conformance-suite.git
+
+ - name: Adding extra hosts to docker-compose.yml and adding iam as a localhost to /etc/hosts
+ run: |
+ sed -i '/^ volumes.*/i \ \ \ \ extra_hosts:\n \ \ \ \ - "localhost:\$IP\"\n \ \ \ \ - "iam:\$IP\"' ./conformance-suite/docker-compose-dev.yml
+ sed -i '/^ volumes.*/i \ \ \ \ extra_hosts:\n \ \ \ \ - "localhost:\$IP\"\n \ \ \ \ - "iam:\$IP\"' ./conformance-suite/docker-compose.yml
+ sudo -- sh -c -e "echo '127.0.1.1 iam' >> /etc/hosts"
+ sudo -- sh -c -e "echo '127.0.1.1 www.iam.com' >> /etc/hosts"
+
+ - name: Start FAPI resource server
+ run: |
+ sudo apt update
+ sudo apt install nginx
+ echo ">>> NGINX installed successfully !"
+ sudo chmod 777 -R /etc/nginx
+ echo ">>> Permission changed for /etc/nginx"
+ mkdir -p /etc/nginx/ssl
+ echo ">>> /etc/nginx/ssl created successfully!"
+
+ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/serverCA.key -out /etc/nginx/ssl/serverCA.crt -subj "/C=US/ST=California/L=San Francisco/O=My Company/OU=IT Department/CN=mycompany.com"
+ echo ">>> FAPI resource server keys saved successfully!"
+
+ cd product-is/oidc-fapi-conformance-tests/resource-server
+ cp -f nginx-proxy /etc/nginx/sites-enabled
+ sudo nginx -t
+ sudo service nginx restart
+ echo ">>> NGINX reverse proxy server started successfully!"
+
+ pip install virtualenv
+ python3 -m virtualenv venv
+ source ./venv/bin/activate
+ pip install -r requirements.txt
+ echo ">>> FAPI resource server starting..."
+ . ./venv/bin/activate
+ nohup python3 resource-server.py > resource-server.log &
+ sleep 5
+ cat resource-server.log
+
+ - name: Configure IS and Conformance Suite and run IS
+ run: |
+ PRODUCT_IS_ZIP=$(find ./ -name wso2is* -type f -printf "%f\n")
+ cd ./product-is/oidc-fapi-conformance-tests
+ python3 ./configure_is_fapi.py ../../$PRODUCT_IS_ZIP
+
+ - name: Start Conformance Suite server
+ run: |
+ DOCKER_COMPOSE_FILE=./docker-compose.yml
+ cd conformance-suite
+ IP=$(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1)
+ export IP
+ echo ">>> Host ip: " 
+ printenv IP
+ mvn clean package
+ python3 ../product-is/oidc-fapi-conformance-tests/start_conformance_suite.py $DOCKER_COMPOSE_FILE
+
+ - name: Run Tests
+ run: bash ./product-is/oidc-fapi-conformance-tests/test_runner_fapi.sh
+
+ - name: Test Results
+ run: |
+ IS_SUCCESSFUL=false
+ if python3 ./product-is/oidc-fapi-conformance-tests/export_results_fapi.py https://localhost:8443
+ then
+ IS_SUCCESSFUL=true
+ fi
+ if $IS_SUCCESSFUL
+ then
+ echo "======================"
+ echo "All Test Cases Passed!"
+ echo "======================"
+ exit 0
+ else 
+ echo "============================================="
+ echo "Failed Test Cases Found. Exiting with Failure"
+ echo "============================================="
+ exit 1
+ fi
+
+ - name: Archive test results
+ uses: actions/upload-artifact@v2
+ if: always()
+ with:
+ name: test-results
+ path: ./*test_results.zip
+
+ - name: Archive test logs
+ uses: actions/upload-artifact@v2
+ if: always()
+ with:
+ name: test-logs
+ path: ./*log.txt
+
+
+
+