Skip to content

Conformance Checks #1106

Conformance Checks

Conformance Checks #1106

Workflow file for this run

name: Conformance Checks
on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
- cron: '47 11 * * 1'
workflow_dispatch:
jobs:
build:
uses: panva/.github/.github/workflows/build-conformance-suite.yml@main
run:
runs-on: ubuntu-latest
needs:
- build
strategy:
fail-fast: false
matrix:
setup:
# Core 1.0 response_type=code
- plan: oidcc-client-basic-certification-test-plan
# Core 1.0 response_type=code id_token
- plan: oidcc-client-hybrid-certification-test-plan
# Comprehensive Core 1.0 client test
- plan: oidcc-client-test-plan
- plan: oidcc-client-test-plan
variant:
response_type: code id_token
# Financial-grade API Security Profile 1.0 - Part 2: Advanced
- plan: fapi1-advanced-final-client-test-plan
variant:
client_auth_type: 'private_key_jwt'
- plan: fapi1-advanced-final-client-test-plan
variant:
client_auth_type: 'mtls'
- plan: fapi1-advanced-final-client-test-plan
variant:
fapi_response_mode: 'plain_response'
fapi_auth_request_method: 'by_value'
# FAPI 2.0 Security Profile ID2
- plan: fapi2-security-profile-id2-client-test-plan
variant:
client_auth_type: 'private_key_jwt'
sender_constrain: 'dpop'
- plan: fapi2-security-profile-id2-client-test-plan
variant:
client_auth_type: 'private_key_jwt'
sender_constrain: 'mtls'
- plan: fapi2-security-profile-id2-client-test-plan
variant:
client_auth_type: 'mtls'
sender_constrain: 'dpop'
- plan: fapi2-security-profile-id2-client-test-plan
variant:
client_auth_type: 'mtls'
sender_constrain: 'mtls'
# FAPI 2.0 Message Signing ID1
- plan: fapi2-message-signing-id1-client-test-plan
- plan: fapi2-message-signing-id1-client-test-plan
variant:
fapi_client_type: 'plain_oauth'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Load Cached Conformance Suite Build
uses: actions/cache@v4
id: cache
with:
path: ./conformance-suite
key: ${{ needs.build.outputs.cache-key }}
fail-on-cache-miss: true
- name: Run Conformance Suite
working-directory: ./conformance-suite
run: |
docker compose -f docker-compose-dev.yml up -d
while ! curl -skfail https://localhost.emobix.co.uk:8443/api/runner/available >/dev/null; do sleep 2; done
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: lts/*
cache: 'npm'
- run: npm clean-install
- name: npm run conformance
run: |
set -o pipefail
npm run conformance | tee capture.txt
env:
NODE_TLS_REJECT_UNAUTHORIZED: 0
SUITE_BASE_URL: https://localhost.emobix.co.uk:8443
PLAN_NAME: ${{ matrix.setup.plan }}
VARIANT: ${{ toJSON(matrix.setup.variant) }}
- run: node ./conformance/.parse-logs.mjs capture.txt
- name: Upload test artifacts
id: artifact-upload-step
uses: actions/upload-artifact@v4
with:
path: |
*.zip
*.txt
name: conformance results idx(${{ strategy.job-index }})
if-no-files-found: error
if: ${{ always() }}
- if: ${{ success() }}
run: |
echo "### [:tada:](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/artifacts/${{ steps.artifact-upload-step.outputs.artifact-id }})" >> $GITHUB_STEP_SUMMARY
- if: ${{ failure() }}
run: |
echo "### [:exclamation:](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/artifacts/${{ steps.artifact-upload-step.outputs.artifact-id }})" >> $GITHUB_STEP_SUMMARY