Conformance Checks #817
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Conformance Checks | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
branches: [main] | |
schedule: | |
- cron: '47 11 * * 1' | |
workflow_dispatch: | |
jobs: | |
build: | |
uses: panva/.github/.github/workflows/build-conformance-suite.yml@main | |
run: | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
strategy: | |
fail-fast: false | |
matrix: | |
setup: | |
# Core 1.0 Basic | |
- plan: oidcc-client-basic-certification-test-plan | |
# client_secret_basic | |
- variant: | |
client_auth_type: client_secret_basic | |
plan: oidcc-client-test-plan | |
# client_secret_post | |
- variant: | |
client_auth_type: client_secret_post | |
plan: oidcc-client-test-plan | |
# request_object | |
- variant: | |
request_type: request_object | |
plan: oidcc-client-test-plan | |
# private_key_jwt | |
- variant: | |
client_auth_type: private_key_jwt | |
plan: oidcc-client-test-plan | |
# none | |
- variant: | |
client_auth_type: none | |
plan: oidcc-client-test-plan | |
# RS256 | |
- algorithm: RS256 | |
plan: oidcc-client-test-plan | |
variant: | |
request_type: request_object | |
client_auth_type: private_key_jwt | |
# RS384 | |
- algorithm: RS384 | |
plan: oidcc-client-test-plan | |
variant: | |
request_type: request_object | |
client_auth_type: private_key_jwt | |
# RS512 | |
- algorithm: RS512 | |
plan: oidcc-client-test-plan | |
variant: | |
request_type: request_object | |
client_auth_type: private_key_jwt | |
# PS256 | |
- algorithm: PS256 | |
plan: oidcc-client-test-plan | |
variant: | |
request_type: request_object | |
client_auth_type: private_key_jwt | |
# PS384 | |
- algorithm: PS384 | |
plan: oidcc-client-test-plan | |
variant: | |
request_type: request_object | |
client_auth_type: private_key_jwt | |
# PS512 | |
- algorithm: PS512 | |
plan: oidcc-client-test-plan | |
variant: | |
request_type: request_object | |
client_auth_type: private_key_jwt | |
# ES256 | |
- algorithm: ES256 | |
plan: oidcc-client-test-plan | |
variant: | |
request_type: request_object | |
client_auth_type: private_key_jwt | |
# TODO: https://gitlab.com/openid/conformance-suite/-/issues/1129 | |
# # ES384 | |
# - algorithm: ES384 | |
# plan: oidcc-client-test-plan | |
# variant: | |
# request_type: request_object | |
# client_auth_type: private_key_jwt | |
# # ES512 | |
# - algorithm: ES512 | |
# plan: oidcc-client-test-plan | |
# variant: | |
# request_type: request_object | |
# client_auth_type: private_key_jwt | |
# EdDSA | |
- algorithm: EdDSA | |
plan: oidcc-client-test-plan | |
variant: | |
request_type: request_object | |
client_auth_type: private_key_jwt | |
# Financial-grade API Security Profile 1.0 - Part 2: Advanced - OpenID Connect | |
- plan: fapi1-advanced-final-client-test-plan | |
- plan: fapi1-advanced-final-client-test-plan | |
variant: | |
client_auth_type: 'mtls' | |
# Financial-grade API Security Profile 1.0 - Part 2: Advanced - Oauth 2.0 | |
- plan: fapi1-advanced-final-client-test-plan | |
variant: | |
fapi_client_type: 'plain_oauth' | |
- plan: fapi1-advanced-final-client-test-plan | |
variant: | |
fapi_client_type: 'plain_oauth' | |
client_auth_type: 'mtls' | |
# FAPI 2.0 Security Profile ID2 - OpenID Connect | |
- plan: fapi2-security-profile-id2-client-test-plan | |
- plan: fapi2-security-profile-id2-client-test-plan | |
variant: | |
sender_constrain: 'mtls' | |
client_auth_type: 'mtls' | |
# FAPI 2.0 Security Profile ID2 - OAuth 2.0 | |
- plan: fapi2-security-profile-id2-client-test-plan | |
variant: | |
fapi_client_type: 'plain_oauth' | |
- plan: fapi2-security-profile-id2-client-test-plan | |
variant: | |
fapi_client_type: 'plain_oauth' | |
sender_constrain: 'mtls' | |
client_auth_type: 'mtls' | |
# FAPI 2.0 Message Signing ID1 - OpenID Connect | |
- plan: fapi2-message-signing-id1-client-test-plan | |
- plan: fapi2-message-signing-id1-client-test-plan | |
variant: | |
sender_constrain: 'mtls' | |
client_auth_type: 'mtls' | |
# FAPI 2.0 Message Signing ID1 - OAuth 2.0 | |
- plan: fapi2-message-signing-id1-client-test-plan | |
variant: | |
fapi_client_type: 'plain_oauth' | |
- plan: fapi2-message-signing-id1-client-test-plan | |
variant: | |
fapi_client_type: 'plain_oauth' | |
sender_constrain: 'mtls' | |
client_auth_type: 'mtls' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Load Cached Conformance Suite Build | |
uses: actions/cache@v3 | |
id: cache | |
with: | |
path: ./conformance-suite | |
key: ${{ needs.build.outputs.cache-key }} | |
fail-on-cache-miss: true | |
- name: Run Conformance Suite | |
working-directory: ./conformance-suite | |
run: | | |
docker-compose -f docker-compose-dev.yml up -d | |
while ! curl -skfail https://localhost.emobix.co.uk:8443/api/runner/available >/dev/null; do sleep 2; done | |
- name: Setup node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: lts/iron # 20 | |
cache: 'npm' | |
- run: npm clean-install | |
- name: npm run conformance | |
run: | | |
set -o pipefail | |
npm run conformance | tee capture.txt | |
env: | |
NODE_TLS_REJECT_UNAUTHORIZED: 0 | |
SUITE_BASE_URL: https://localhost.emobix.co.uk:8443 | |
PLAN_NAME: ${{ matrix.setup.plan }} | |
VARIANT: ${{ toJSON(matrix.setup.variant) }} | |
JWS_ALGORITHM: ${{ matrix.setup.algorithm }} | |
- run: node ./conformance/.parse-logs.mjs capture.txt | |
- run: rm capture.txt | |
- name: Upload test artifacts | |
id: artifact-upload-step | |
uses: actions/upload-artifact@v4 | |
with: | |
path: | | |
*.zip | |
*.txt | |
name: conformance results idx(${{ strategy.job-index }}) | |
if-no-files-found: error | |
if: ${{ always() }} | |
- if: ${{ success() }} | |
run: | | |
echo "### [:tada:](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/artifacts/${{ steps.artifact-upload-step.outputs.artifact-id }})" >> $GITHUB_STEP_SUMMARY | |
- if: ${{ failure() }} | |
run: | | |
echo "### [:exclamation:](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/artifacts/${{ steps.artifact-upload-step.outputs.artifact-id }})" >> $GITHUB_STEP_SUMMARY |