Conformance Checks #207
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Conformance Checks | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| schedule: | |
| - cron: '20 11 * * 1' | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| uses: panva/.github/.github/workflows/build-conformance-suite.yml@main | |
| run: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| env: | |
| NODE_TLS_REJECT_UNAUTHORIZED: 0 | |
| DEBUG: runner,moduleId* | |
| SUITE_BASE_URL: https://localhost.emobix.co.uk:8443 | |
| PLAN_NAME: ${{ matrix.setup.plan }} | |
| VARIANT: ${{ toJSON(matrix.setup) }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| setup: | |
| # OIDC BASIC | |
| - plan: oidcc-client-basic-certification-test-plan | |
| # OIDC IMPLICIT | |
| - plan: oidcc-client-implicit-certification-test-plan | |
| # OIDC HYBRID | |
| - plan: oidcc-client-hybrid-certification-test-plan | |
| # OIDC CONFIG | |
| - plan: oidcc-client-config-certification-test-plan | |
| # OIDC DYNAMIC | |
| # TODO: work around the request_uri lodging service EOL | |
| # - plan: oidcc-client-dynamic-certification-test-plan | |
| # FAPI 1.0 ID-2 | |
| # These plans are deprecated and to be removed | |
| # - plan: fapi-rw-id2-client-test-plan | |
| # client_auth_type: mtls | |
| # - plan: fapi-rw-id2-client-test-plan | |
| # client_auth_type: private_key_jwt | |
| # FAPI 1.0 Advanced Final | |
| - plan: fapi1-advanced-final-client-test-plan | |
| client_auth_type: private_key_jwt | |
| - plan: fapi1-advanced-final-client-test-plan | |
| client_auth_type: mtls | |
| - plan: fapi1-advanced-final-client-test-plan | |
| client_auth_type: mtls | |
| fapi_auth_request_method: pushed | |
| - plan: fapi1-advanced-final-client-test-plan | |
| client_auth_type: private_key_jwt | |
| fapi_auth_request_method: pushed | |
| - plan: fapi1-advanced-final-client-test-plan | |
| client_auth_type: mtls | |
| fapi_response_mode: jarm | |
| - plan: fapi1-advanced-final-client-test-plan | |
| client_auth_type: private_key_jwt | |
| fapi_response_mode: jarm | |
| - plan: fapi1-advanced-final-client-test-plan | |
| client_auth_type: mtls | |
| fapi_auth_request_method: pushed | |
| fapi_response_mode: jarm | |
| - plan: fapi1-advanced-final-client-test-plan | |
| client_auth_type: private_key_jwt | |
| fapi_auth_request_method: pushed | |
| fapi_response_mode: jarm | |
| - plan: fapi1-advanced-final-client-test-plan | |
| client_auth_type: mtls | |
| fapi_auth_request_method: pushed | |
| fapi_response_mode: jarm | |
| fapi_client_type: plain_oauth | |
| - plan: fapi1-advanced-final-client-test-plan | |
| client_auth_type: mtls | |
| fapi_response_mode: jarm | |
| fapi_client_type: plain_oauth | |
| - plan: fapi1-advanced-final-client-test-plan | |
| client_auth_type: private_key_jwt | |
| fapi_auth_request_method: pushed | |
| fapi_response_mode: jarm | |
| fapi_client_type: plain_oauth | |
| - plan: fapi1-advanced-final-client-test-plan | |
| client_auth_type: private_key_jwt | |
| fapi_response_mode: jarm | |
| fapi_client_type: plain_oauth | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set Conformance Suite Version | |
| run: | | |
| export VERSION=($(curl --silent "https://gitlab.com/api/v4/projects/4175605/releases" | jq -r '.[0].tag_name')) | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| - name: Load Cached Conformance Suite Build | |
| uses: actions/cache@v4 | |
| id: cache | |
| with: | |
| path: ./conformance-suite | |
| key: ${{ needs.build.outputs.cache-key }} | |
| fail-on-cache-miss: true | |
| - name: Run Conformance Suite | |
| working-directory: ./conformance-suite | |
| run: | | |
| docker-compose -f docker-compose-dev.yml up -d | |
| while ! curl -skfail https://localhost.emobix.co.uk:8443/api/runner/available >/dev/null; do sleep 2; done | |
| - run: git clone --depth 1 --single-branch --branch main https://github.com/panva/openid-client-certification-suite.git runner | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: lts/iron # 20 | |
| cache: 'npm' | |
| - run: npm clean-install | |
| working-directory: ./runner | |
| - run: npm install ${{ github.repository }}#${{ github.sha }} | |
| working-directory: ./runner | |
| - run: npm run test | |
| working-directory: ./runner | |
| env: | |
| NODE_OPTIONS: --tls-cipher-list="ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384" | |
| - name: Upload test artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| path: | | |
| runner/export-*.zip | |
| runner/logs/*.log | |
| name: certification results idx(${{ strategy.job-index }}) | |
| if-no-files-found: warn | |
| if: ${{ failure() }} |