Conformance Checks #811

Workflow file for this run

.github/workflows/conformance.yml at 2e7f340

	name: Conformance Checks

	on:
	push:
	branches: [main]
	pull_request:
	branches: [main]
	schedule:
	- cron: '47 11 * * 1'
	workflow_dispatch:

	jobs:
	build:
	uses: panva/.github/.github/workflows/build-conformance-suite.yml@main

	run:
	runs-on: ubuntu-latest
	needs:
	- build
	strategy:
	fail-fast: false
	matrix:
	setup:
	# Core 1.0 Basic
	- plan: oidcc-client-basic-certification-test-plan

	# client_secret_basic
	- variant:
	client_auth_type: client_secret_basic
	plan: oidcc-client-test-plan

	# client_secret_post
	- variant:
	client_auth_type: client_secret_post
	plan: oidcc-client-test-plan

	# request_object
	- variant:
	request_type: request_object
	plan: oidcc-client-test-plan

	# private_key_jwt
	- variant:
	client_auth_type: private_key_jwt
	plan: oidcc-client-test-plan

	# none
	- variant:
	client_auth_type: none
	plan: oidcc-client-test-plan

	# RS256
	- algorithm: RS256
	plan: oidcc-client-test-plan
	variant:
	request_type: request_object
	client_auth_type: private_key_jwt

	# RS384
	- algorithm: RS384
	plan: oidcc-client-test-plan
	variant:
	request_type: request_object
	client_auth_type: private_key_jwt

	# RS512
	- algorithm: RS512
	plan: oidcc-client-test-plan
	variant:
	request_type: request_object
	client_auth_type: private_key_jwt

	# PS256
	- algorithm: PS256
	plan: oidcc-client-test-plan
	variant:
	request_type: request_object
	client_auth_type: private_key_jwt

	# PS384
	- algorithm: PS384
	plan: oidcc-client-test-plan
	variant:
	request_type: request_object
	client_auth_type: private_key_jwt

	# PS512
	- algorithm: PS512
	plan: oidcc-client-test-plan
	variant:
	request_type: request_object
	client_auth_type: private_key_jwt

	# ES256
	- algorithm: ES256
	plan: oidcc-client-test-plan
	variant:
	request_type: request_object
	client_auth_type: private_key_jwt

	# TODO: https://gitlab.com/openid/conformance-suite/-/issues/1129
	# # ES384
	# - algorithm: ES384
	# plan: oidcc-client-test-plan
	# variant:
	# request_type: request_object
	# client_auth_type: private_key_jwt

	# # ES512
	# - algorithm: ES512
	# plan: oidcc-client-test-plan
	# variant:
	# request_type: request_object
	# client_auth_type: private_key_jwt

	# EdDSA
	- algorithm: EdDSA
	plan: oidcc-client-test-plan
	variant:
	request_type: request_object
	client_auth_type: private_key_jwt

	# Financial-grade API Security Profile 1.0 - Part 2: Advanced - OpenID Connect
	- plan: fapi1-advanced-final-client-test-plan
	- plan: fapi1-advanced-final-client-test-plan
	variant:
	client_auth_type: 'mtls'

	# Financial-grade API Security Profile 1.0 - Part 2: Advanced - Oauth 2.0
	- plan: fapi1-advanced-final-client-test-plan
	variant:
	fapi_client_type: 'plain_oauth'
	- plan: fapi1-advanced-final-client-test-plan
	variant:
	fapi_client_type: 'plain_oauth'
	client_auth_type: 'mtls'

	# FAPI 2.0 Security Profile ID2 - OpenID Connect
	- plan: fapi2-security-profile-id2-client-test-plan
	- plan: fapi2-security-profile-id2-client-test-plan
	variant:
	sender_constrain: 'mtls'
	client_auth_type: 'mtls'

	# FAPI 2.0 Security Profile ID2 - OAuth 2.0
	- plan: fapi2-security-profile-id2-client-test-plan
	variant:
	fapi_client_type: 'plain_oauth'
	- plan: fapi2-security-profile-id2-client-test-plan
	variant:
	fapi_client_type: 'plain_oauth'
	sender_constrain: 'mtls'
	client_auth_type: 'mtls'

	# FAPI 2.0 Message Signing ID1 - OpenID Connect
	- plan: fapi2-message-signing-id1-client-test-plan
	- plan: fapi2-message-signing-id1-client-test-plan
	variant:
	sender_constrain: 'mtls'
	client_auth_type: 'mtls'

	# FAPI 2.0 Message Signing ID1 - OAuth 2.0
	- plan: fapi2-message-signing-id1-client-test-plan
	variant:
	fapi_client_type: 'plain_oauth'
	- plan: fapi2-message-signing-id1-client-test-plan
	variant:
	fapi_client_type: 'plain_oauth'
	sender_constrain: 'mtls'
	client_auth_type: 'mtls'

	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Load Cached Conformance Suite Build
	uses: actions/cache@v3
	id: cache
	with:
	path: ./conformance-suite
	key: ${{ needs.build.outputs.cache-key }}
	fail-on-cache-miss: true
	- name: Run Conformance Suite
	working-directory: ./conformance-suite
	run: \|
	docker-compose -f docker-compose-dev.yml up -d
	while ! curl -skfail https://localhost.emobix.co.uk:8443/api/runner/available >/dev/null; do sleep 2; done
	- name: Setup node
	uses: actions/setup-node@v4
	with:
	node-version: lts/iron # 20
	cache: 'npm'
	- run: npm clean-install
	- name: npm run conformance
	run: \|
	set -o pipefail
	npm run conformance \| tee capture.txt
	env:
	NODE_TLS_REJECT_UNAUTHORIZED: 0
	SUITE_BASE_URL: https://localhost.emobix.co.uk:8443
	PLAN_NAME: ${{ matrix.setup.plan }}
	VARIANT: ${{ toJSON(matrix.setup.variant) }}
	JWS_ALGORITHM: ${{ matrix.setup.algorithm }}
	- run: node ./conformance/.parse-logs.mjs capture.txt
	- run: rm capture.txt
	- name: Upload test artifacts
	id: artifact-upload-step
	uses: actions/upload-artifact@v4
	with:
	path: \|
	*.zip
	*.txt
	name: conformance results idx(${{ strategy.job-index }})
	if-no-files-found: error
	if: ${{ always() }}
	- if: ${{ success() }}
	run: \|
	echo "### [:tada:](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/artifacts/${{ steps.artifact-upload-step.outputs.artifact-id }})" >> $GITHUB_STEP_SUMMARY
	- if: ${{ failure() }}
	run: \|
	echo "### [:exclamation:](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/artifacts/${{ steps.artifact-upload-step.outputs.artifact-id }})" >> $GITHUB_STEP_SUMMARY

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Conformance Checks #811

Workflow file

Conformance Checks #811

Jobs

Run details

Workflow file for this run