-
-
Notifications
You must be signed in to change notification settings - Fork 391
156 lines (144 loc) · 5.7 KB
/
conformance.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
name: Conformance Checks
on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
- cron: '20 11 * * 1'
workflow_dispatch:
jobs:
build:
uses: panva/.github/.github/workflows/build-conformance-suite.yml@main
run:
runs-on: ubuntu-latest
needs:
- build
env:
NODE_TLS_REJECT_UNAUTHORIZED: 0
DEBUG: runner,moduleId*
SUITE_BASE_URL: https://localhost.emobix.co.uk:8443
PLAN_NAME: ${{ matrix.setup.plan }}
VARIANT: ${{ toJSON(matrix.setup) }}
strategy:
fail-fast: false
matrix:
setup:
# OIDC BASIC
- plan: oidcc-client-basic-certification-test-plan
# OIDC IMPLICIT
- plan: oidcc-client-implicit-certification-test-plan
# OIDC HYBRID
- plan: oidcc-client-hybrid-certification-test-plan
# OIDC CONFIG
- plan: oidcc-client-config-certification-test-plan
# OIDC DYNAMIC
# TODO: work around the request_uri lodging service EOL
# - plan: oidcc-client-dynamic-certification-test-plan
# FAPI 1.0 ID-2
# These plans are deprecated and to be removed
# - plan: fapi-rw-id2-client-test-plan
# client_auth_type: mtls
# - plan: fapi-rw-id2-client-test-plan
# client_auth_type: private_key_jwt
# FAPI 1.0 Advanced Final
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: private_key_jwt
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: mtls
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: mtls
fapi_auth_request_method: pushed
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: private_key_jwt
fapi_auth_request_method: pushed
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: mtls
fapi_response_mode: jarm
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: private_key_jwt
fapi_response_mode: jarm
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: mtls
fapi_auth_request_method: pushed
fapi_response_mode: jarm
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: private_key_jwt
fapi_auth_request_method: pushed
fapi_response_mode: jarm
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: mtls
fapi_auth_request_method: pushed
fapi_response_mode: jarm
fapi_client_type: plain_oauth
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: mtls
fapi_response_mode: jarm
fapi_client_type: plain_oauth
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: private_key_jwt
fapi_auth_request_method: pushed
fapi_response_mode: jarm
fapi_client_type: plain_oauth
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: private_key_jwt
fapi_response_mode: jarm
fapi_client_type: plain_oauth
# FAPI 2.0 Security Profile ID2
- plan: fapi2-security-profile-id2-client-test-plan
client_auth_type: 'private_key_jwt'
sender_constrain: 'dpop'
- plan: fapi2-security-profile-id2-client-test-plan
client_auth_type: 'private_key_jwt'
sender_constrain: 'mtls'
- plan: fapi2-security-profile-id2-client-test-plan
client_auth_type: 'mtls'
sender_constrain: 'dpop'
- plan: fapi2-security-profile-id2-client-test-plan
client_auth_type: 'mtls'
sender_constrain: 'mtls'
# FAPI 2.0 Message Signing ID1
- plan: fapi2-message-signing-id1-client-test-plan
client_auth_type: 'mtls'
sender_constrain: 'mtls'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set Conformance Suite Version
run: |
export VERSION=($(curl --silent "https://gitlab.com/api/v4/projects/4175605/releases" | jq -r '.[0].tag_name'))
echo "VERSION=$VERSION" >> $GITHUB_ENV
- name: Load Cached Conformance Suite Build
uses: actions/cache@v4
id: cache
with:
path: ./conformance-suite
key: ${{ needs.build.outputs.cache-key }}
fail-on-cache-miss: true
- name: Run Conformance Suite
working-directory: ./conformance-suite
run: |
docker compose -f docker-compose-dev.yml up -d
while ! curl -skfail https://localhost.emobix.co.uk:8443/api/runner/available >/dev/null; do sleep 2; done
- run: git clone --depth 1 --single-branch --branch main https://github.com/panva/openid-client-certification-suite.git runner
- uses: actions/setup-node@v4
with:
node-version: lts/iron # 20
cache: 'npm'
- run: npm clean-install
working-directory: ./runner
- run: npm install ${{ github.repository }}#${{ github.sha }}
working-directory: ./runner
- run: npm run test
working-directory: ./runner
env:
NODE_OPTIONS: --tls-cipher-list="ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384"
- name: Upload test artifacts
uses: actions/upload-artifact@v4
with:
path: |
runner/export-*.zip
runner/logs/*.log
name: certification results idx(${{ strategy.job-index }})
if-no-files-found: warn
if: ${{ failure() }}