Merge pull request #1322 from OWASP/cypress-docker

Add cypress testing to docker test and as a workflow for heroku
OWASP · Apr 16, 2024 · f4c0243 · f4c0243
2 parents 3e98816 + c937c5a
commit f4c0243
Show file tree

Hide file tree

Showing 9 changed files with 90 additions and 3 deletions.
diff --git a/.github/scripts/.bash_history b/.github/scripts/.bash_history
@@ -347,7 +347,7 @@ rm -rf jdk-18_linux-x64_bin.deb
 git rebase -i main
 git rebase -i master
 git stash
-export tempPassword="nwRjz2BWCWEnDOzaNpZl/p6OEewJiEGfd0/gBoBKLbo="
+export tempPassword="xw1nQ/d3x3jpCLwVS9QHZTHKcXh4z5Enuk2v70QRmq0="
 mvn run tempPassword
 k6
 npx k6

diff --git a/.github/scripts/docker-create.sh b/.github/scripts/docker-create.sh
@@ -73,6 +73,9 @@ Heroku_publish_demo() {
     export TEST_DATA=$(echo -n $RAW_TEST)
     curl --fail 'https://arcane-scrubland-42646.herokuapp.com/token'  --data-raw "grant_type=client_credentials&client_id=WRONGSECRET_CLIENT_ID&client_secret=$TEST_DATA"
     echo $?
+    echo "testing arcane with cypress"
+    cd ../../src/test/e2e
+    npx cypress run --config-file cypress.config.arcane.js
     exit
 }
 
@@ -90,6 +93,9 @@ Heroku_publish_prod(){
     export TEST_DATA=$(echo -n $RAW_TEST)
     curl --fail 'https://wrongsecrets.herokuapp.com/token'  --data-raw "grant_type=client_credentials&client_id=WRONGSECRET_CLIENT_ID&client_secret=$TEST_DATA"
     echo $?
+    echo "testing heroku with cypress"
+    cd ../../src/test/e2e
+    npx cypress run --config-file cypress.config.heroku.js
     exit
 }
 
@@ -404,6 +410,9 @@ test() {
         fi
         echo "testing curl for webjar caching"
         curl -I  'http://localhost:8080/webjars/bootstrap/5.3.3/css/bootstrap.min.css'
+        echo "testing with cypress (requires node20)"
+        cd ../../src/test/e2e
+        npx cypress run
         echo "Testing complete"
     else
         return

diff --git a/.github/workflows/container_test.yml b/.github/workflows/container_test.yml
@@ -26,3 +26,8 @@ jobs:
       - uses: actions/checkout@v4
       - name: Navigate to test script and run
         run: cd .github/scripts && bash docker-create.sh -t
+      - uses: actions/upload-artifact@v4
+        if: success() || failure()
+        with:
+          name: e2e results
+          path: src/test/e2e/cypress/reports/mochawesome/
diff --git a/.github/workflows/heroku_tests.yml b/.github/workflows/heroku_tests.yml
@@ -0,0 +1,33 @@
+# This is a basic workflow to help you get started with Actions
+
+name: Test Heroku with cypress
+
+# Controls when the workflow will run
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches: [master]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  test-heroku:
+    name: run tests
+    runs-on: ubuntu-latest
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run Tests
+        run: |
+          cd src/test/e2e
+          npm install cypress
+          npx cypress run --config-file cypress.config.heroku.js
+      - uses: actions/upload-artifact@v4
+        if: success() || failure()
+        with:
+          name: e2e results
+          path: src/test/e2e/cypress/reports/mochawesome/
diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@
 
 [![Tweet](https://img.shields.io/twitter/url/http/shields.io.svg?style=social)](https://twitter.com/intent/tweet?text=Want%20to%20dive%20into%20secrets%20management%20and%20do%20some%20hunting?%20try%20this&url=https://github.com/OWASP/wrongsecrets&hashtags=secretsmanagement,secrets,hunting,p0wnableapp,OWASP,WrongSecrets) [<img src="https://img.shields.io/badge/-MASTODON-%232B90D9?style=for-the-badge&logo=mastodon&logoColor=white" width=84>](https://tootpick.org/#text=Want%20to%20dive%20into%20secrets%20management%20and%20do%20some%20hunting?%20try%20this%0A%0Ahttps://github.com/OWASP/wrongsecrets%20%23secretsmanagement,%20%23secrets,%20%23hunting,%20%23p0wnableapp,%20%23OWASP,%20%23WrongSecrets) [<img src="https://img.shields.io/badge/LinkedIn-0077B5?style=for-the-badge&logo=linkedin&logoColor=white" width=80>](https://www.linkedin.com/shareArticle/?url=https://www.github.com/OWASP/wrongsecrets&title=OWASP%20WrongSecrets)
 
-[![Java checkstyle and testing](https://github.com/OWASP/wrongsecrets/actions/workflows/main.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/main.yml) [![Pre-commit](https://github.com/OWASP/wrongsecrets/actions/workflows/pre-commit.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/pre-commit.yml) [![Terraform FMT](https://github.com/OWASP/wrongsecrets/actions/workflows/terraform.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/terraform.yml) [![CodeQL](https://github.com/OWASP/wrongsecrets/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/codeql-analysis.yml) [![Dead Link Checker](https://github.com/OWASP/wrongsecrets/actions/workflows/link_checker.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/link_checker.yml)[![Javadoc and Swaggerdoc generator](https://github.com/OWASP/wrongsecrets/actions/workflows/java_swagger_doc.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/java_swagger_doc.yml)
+[![Java checkstyle and testing](https://github.com/OWASP/wrongsecrets/actions/workflows/main.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/main.yml) [![Pre-commit](https://github.com/OWASP/wrongsecrets/actions/workflows/pre-commit.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/pre-commit.yml) [![Terraform FMT](https://github.com/OWASP/wrongsecrets/actions/workflows/terraform.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/terraform.yml) [![CodeQL](https://github.com/OWASP/wrongsecrets/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/codeql-analysis.yml) [![Dead Link Checker](https://github.com/OWASP/wrongsecrets/actions/workflows/link_checker.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/link_checker.yml)[![Javadoc and Swaggerdoc generator](https://github.com/OWASP/wrongsecrets/actions/workflows/java_swagger_doc.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/java_swagger_doc.yml) [![Test Heroku with cypress](https://github.com/OWASP/wrongsecrets/actions/workflows/heroku_tests.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/heroku_tests.yml)
 
 [![Test minikube script (k8s)](https://github.com/OWASP/wrongsecrets/actions/workflows/minikube-k8s-test.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/minikube-k8s-test.yml) [![Test minikube script (k8s&vault)](https://github.com/OWASP/wrongsecrets/actions/workflows/minikube-vault-test.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/minikube-vault-test.yml) [![Docker container test](https://github.com/OWASP/wrongsecrets/actions/workflows/container_test.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/container_test.yml)[![Test container on podman and Colima](https://github.com/OWASP/wrongsecrets/actions/workflows/container-alts-test.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/container-alts-test.yml)
 [![DAST with ZAP](https://github.com/OWASP/wrongsecrets/actions/workflows/dast-zap-test.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/dast-zap-test.yml)

diff --git a/js/index.js b/js/index.js
@@ -1,5 +1,5 @@
 // eslint-disable-next-line no-unused-vars
 function secret () {
-  const password = 'JqJJ/Mg=' + 9 + 'n/OE' + 6 + 'knA=' + 2 + 'Tv8v' + 7
+  const password = 'TV5mQAM=' + 9 + 'Fcek' + 6 + 'atA=' + 2 + 'O7ad' + 7
   return password
 }
diff --git a/src/test/e2e/cypress.config.arcane.js b/src/test/e2e/cypress.config.arcane.js
@@ -0,0 +1,16 @@
+const { defineConfig } = require('cypress')
+
+module.exports = defineConfig({
+  video: false,
+  e2e: {
+    baseUrl: 'https://arcane-scrubland-42646.herokuapp.com/',
+    specPattern: 'cypress/integration/*.cy.js',
+    reporter: 'cypress-multi-reporters',
+    reporterOptions: {
+      configFile: 'reporter-config.json'
+    },
+    setupNodeEvents (on, config) {
+      // implement node event listeners here
+    }
+  }
+})
diff --git a/src/test/e2e/cypress.config.heroku.js b/src/test/e2e/cypress.config.heroku.js
@@ -0,0 +1,16 @@
+const { defineConfig } = require('cypress')
+
+module.exports = defineConfig({
+  video: false,
+  e2e: {
+    baseUrl: 'https://wrongsecrets.herokuapp.com/',
+    specPattern: 'cypress/integration/*.cy.js',
+    reporter: 'cypress-multi-reporters',
+    reporterOptions: {
+      configFile: 'reporter-config.json'
+    },
+    setupNodeEvents (on, config) {
+      // implement node event listeners here
+    }
+  }
+})
diff --git a/src/test/e2e/cypress/README.md b/src/test/e2e/cypress/README.md
@@ -12,6 +12,14 @@ The reporting of the tests themselves will be located in `target/test-classes/e2
 
 Please note that cypress requires the templates to have been build first.
 
+### Run outside of maven
+Want to run them outside of maven? Make sure you have node20 installed and the application running and listening to `http://localhost:8080` . Then do:
+
+```shell
+cd src/test/e2e/cypress
+npx cypress run
+```
+
 ## How to interact with elements
 
 - To select an element in the UI, add a `data-cy` attribute to the HTML element and give it a unique value.