github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
643330fcbe077805fa97725705b4fd1d869930cf
firezone/.github/workflows/test.yml
Andrew Dryga cce70cf552 Fix SAML regression (#1371) 
Regression was introduced in #1350: the path order did not allow auth
callback to be ever called.

Additionally, acceptance tests for SAML are added and we added a
blacklist of SAML config ids to prevent further route collisions.

Fixes #1362
2023-01-23 15:28:25 -06:00

395 lines
13 KiB
YAML
Raw Blame History

name: Test
on:
pull_request:
push:
branches:
- master
jobs:
unit-test:
runs-on: ubuntu-latest
env:
MIX_ENV: test
POSTGRES_HOST: localhost
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
services:
postgres:
image: postgres:15
ports:
- 5432:5432
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- name: Install package dependencies
run: |
sudo apt-get install -q -y \
net-tools \
wireguard
- uses: actions/checkout@v3
- uses: erlef/setup-beam@v1
with:
otp-version: '25'
elixir-version: '1.14'
- uses: actions/cache@v3
name: Elixir Deps Cache
env:
cache-name: cache-elixir-deps-${{ env.MIX_ENV }}
with:
path: deps
key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/mix.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.cache-name }}-
- uses: actions/cache@v3
name: Elixir Build Cache
env:
cache-name: cache-elixir-build-${{ env.MIX_ENV }}
with:
path: _build
key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/mix.lock') }}
- name: Install Dependencies
run: mix deps.get --only $MIX_ENV
- name: Compile Dependencies
run: mix deps.compile --skip-umbrella-children
- name: Compile Application
run: mix compile
- name: Setup Database
run: |
mix ecto.create
mix ecto.migrate
- name: Run Tests and Upload Coverage Report
env:
E2E_MAX_WAIT_SECONDS: 20
run: |
# XXX: This can fail when coveralls is down
mix coveralls.github --umbrella --warnings-as-errors
- name: Test Report
uses: dorny/test-reporter@v1
if: success() || failure()
with:
name: Elixir Unit Test Report
path: _build/test/lib/*/test-junit-report.xml
reporter: java-junit
type-check:
runs-on: ubuntu-latest
env:
MIX_ENV: dev
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- uses: actions/checkout@v3
- uses: erlef/setup-beam@v1
with:
otp-version: '25'
elixir-version: '1.14'
- uses: actions/cache@v3
name: Elixir Deps Cache
env:
cache-name: cache-elixir-deps-${{ env.MIX_ENV }}
with:
path: deps
key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/mix.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.cache-name }}-
- uses: actions/cache@v3
name: Elixir Build Cache
env:
cache-name: cache-elixir-build-${{ env.MIX_ENV }}
with:
path: _build
key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/mix.lock') }}
- name: Install Dependencies
run: mix deps.get --only $MIX_ENV
- name: Compile Dependencies
run: mix deps.compile --skip-umbrella-children
- name: Compile Application
run: mix compile
# Don't cache PLTs based on mix.lock hash, as Dialyzer can incrementally update even old ones
# Cache key based on Elixir & Erlang version (also useful when running in matrix)
- name: Restore PLT cache
uses: actions/cache@v3
env:
cache-name: cache-erlang-plt-${{ env.MIX_ENV }}
with:
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-plt
restore-keys: |
${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-plt
path: priv/plts
- name: Create PLTs
if: steps.plt_cache.outputs.cache-hit != 'true'
run: mix dialyzer --plt
- name: Run Dialyzer
run: mix dialyzer --format dialyxir
static-analysis:
runs-on: ubuntu-latest
env:
MIX_ENV: test
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- uses: actions/checkout@v3
- uses: erlef/setup-beam@v1
with:
otp-version: '25'
elixir-version: '1.14'
- uses: actions/cache@v3
name: Elixir Deps Cache
env:
cache-name: cache-elixir-deps-${{ env.MIX_ENV }}
with:
path: deps
key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/mix.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.cache-name }}-
- uses: actions/cache@v3
name: Elixir Build Cache
env:
cache-name: cache-elixir-build-${{ env.MIX_ENV }}
with:
path: _build
key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/mix.lock') }}
- name: Install Dependencies
run: mix deps.get --only $MIX_ENV
- name: Compile Dependencies
run: mix deps.compile --skip-umbrella-children
- name: Compile Application
run: mix compile --force --warnings-as-errors
- name: Check Formatting
run: mix format --check-formatted
- name: Run Credo
run: mix credo --strict
migrations-and-seed-test:
runs-on: ubuntu-latest
env:
MIX_ENV: dev
POSTGRES_HOST: localhost
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
FZ_VPN_WG_ADAPTER: FzVpn.Interface.WGAdapter.Sandbox
services:
postgres:
image: postgres:15
ports:
- 5432:5432
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- name: Install package dependencies
run: |
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
wget -qO- https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo tee /etc/apt/trusted.gpg.d/pgdg.asc &>/dev/null
sudo apt update
sudo apt-get install -q -y \
net-tools \
wireguard \
postgresql-client
- uses: actions/checkout@v3
- uses: erlef/setup-beam@v1
with:
otp-version: '25'
elixir-version: '1.14'
- uses: actions/cache@v3
name: Elixir Deps Cache
env:
cache-name: cache-elixir-deps-${{ env.MIX_ENV }}-${{ env.MIX_ENV }}
with:
path: deps
key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/mix.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.cache-name }}-
- uses: actions/cache@v3
name: Elixir Build Cache
env:
cache-name: cache-elixir-build-${{ env.MIX_ENV }}
with:
path: _build
key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/mix.lock') }}
- name: Install Dependencies
run: mix deps.get --only $MIX_ENV
- name: Compile
run: mix compile
- name: Download master branch DB dump
id: download-artifact
uses: dawidd6/action-download-artifact@v2
if: "!contains(github.ref, 'master')"
with:
branch: master
name: db-dump
path: apps/fz_http/priv/repo/
search_artifacts: true
workflow_conclusion: completed
if_no_artifact_found: fail
- name: Create Database
run: |
mix ecto.create
- name: Restore DB dump
if: "!contains(github.ref, 'master')"
env:
PGPASSWORD: postgres
run: |
mix ecto.load
- name: Run new migrations
run: |
mix ecto.migrate
- name: Dump DB
if: "contains(github.ref, 'master')"
env:
PGPASSWORD: postgres
run: |
pg_dump firezone_dev \
-U postgres -h localhost \
--file apps/fz_http/priv/repo/structure.sql \
--no-acl \
--no-owner
- name: Upload master branch DB dump
if: "contains(github.ref, 'master')"
uses: actions/upload-artifact@v3
with:
name: db-dump
path: apps/fz_http/priv/repo/structure.sql
- name: Run Seed
run: mix ecto.seed
acceptance-test:
runs-on: ubuntu-latest
env:
MIX_ENV: test
POSTGRES_HOST: localhost
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
MIX_TEST_PARTITIONS: 4
strategy:
fail-fast: false
matrix:
MIX_TEST_PARTITION: [1, 2, 3, 4]
services:
postgres:
image: postgres:15
ports:
- 5432:5432
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
vault:
image: vault:1.12.2
env:
VAULT_ADDR: 'http://127.0.0.1:8200'
VAULT_DEV_ROOT_TOKEN_ID: 'firezone'
ports:
- 8200:8200/tcp
options:
--cap-add=IPC_LOCK
saml-idp:
image: vihangk1/docker-test-saml-idp:latest
env:
SIMPLESAMLPHP_SP_ENTITY_ID: 'urn:firezone.dev:firezone-app'
SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE: 'http://localhost:4002/auth/saml/sp/consume/mysamlidp'
SIMPLESAMLPHP_SP_SINGLE_LOGOUT_SERVICE: 'http://localhost:4002/auth/saml/sp/logout/mysamlidp'
SIMPLESAMLPHP_SP_NAME_ID_FORMAT: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
SIMPLESAMLPHP_SP_NAME_ID_ATTRIBUTE: 'email'
SIMPLESAMLPHP_IDP_AUTH: 'example-userpass'
ports:
- 8400:8080/tcp
- 8443:8443/tcp
steps:
- uses: nanasess/setup-chromedriver@v1
- run: |
export DISPLAY=:99
sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &
- name: Install package dependencies
run: |
sudo apt-get install -q -y \
net-tools \
wireguard
- uses: actions/checkout@v3
- uses: erlef/setup-beam@v1
with:
otp-version: '25'
elixir-version: '1.14'
- uses: actions/cache@v3
name: Elixir Deps Cache
env:
cache-name: cache-elixir-deps-${{ env.MIX_ENV }}-${{ env.MIX_ENV }}
with:
path: deps
key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/mix.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.cache-name }}-
- uses: actions/cache@v3
name: Elixir Build Cache
env:
cache-name: cache-elixir-build-${{ env.MIX_ENV }}
with:
path: _build
key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/mix.lock') }}
- uses: actions/cache@v3
name: Yarn Deps Cache
env:
cache-name: cache-yarn-build-${{ env.MIX_ENV }}
with:
path: apps/fz_http/assets/node_modules
key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }}
- uses: actions/cache@v3
name: Assets Cache
env:
cache-name: cache-assets-build-${{ env.MIX_ENV }}
with:
path: apps/fz_http/priv/static/dist
key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }}
- name: Install Dependencies
run: mix deps.get --only $MIX_ENV
- name: Compile Dependencies
run: mix deps.compile --skip-umbrella-children
- name: Compile Application
run: mix compile
- name: Install Node Dependencies
run: |
cd apps/fz_http/assets
yarn install --frozen-lockfile
- name: Build Assets
run: |
cd apps/fz_http/assets
yarn deploy
- name: Setup Database
run: |
mix ecto.create
mix ecto.migrate
- name: Run Acceptance Tests
env:
MIX_TEST_PARTITION: ${{ matrix.MIX_TEST_PARTITION }}
E2E_MAX_WAIT_SECONDS: 5
run: |
mix test --only acceptance:true \
--partitions=${{ env.MIX_TEST_PARTITIONS }} \
--no-compile \
--no-archives-check \
--no-deps-check \
|| pkill -f chromedriver \
|| mix test --only acceptance:true --failed \
|| pkill -f chromedriver \
|| mix test --only acceptance:true --failed
- name: Save Screenshots
if: always()
uses: actions/upload-artifact@v3
with:
name: screenshots
path: apps/fz_http/screenshots
- name: Test Report
uses: dorny/test-reporter@v1
if: success() || failure()
with:
name: Elixir Acceptance Test Report
path: _build/test/lib/*/test-junit-report.xml
reporter: java-junit
Reference in New Issue View Git Blame Copy Permalink