Skip to content

docs: update

docs: update #227

Workflow file for this run

name: Conformance Checks
on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
- cron: '20 11 * * 1'
workflow_dispatch:
jobs:
build:
uses: panva/.github/.github/workflows/build-conformance-suite.yml@main
run:
runs-on: ubuntu-latest
needs:
- build
env:
NODE_TLS_REJECT_UNAUTHORIZED: 0
DEBUG: runner,moduleId*
SUITE_BASE_URL: https://localhost.emobix.co.uk:8443
PLAN_NAME: ${{ matrix.setup.plan }}
VARIANT: ${{ toJSON(matrix.setup) }}
strategy:
fail-fast: false
matrix:
setup:
# OIDC BASIC
- plan: oidcc-client-basic-certification-test-plan
# OIDC IMPLICIT
- plan: oidcc-client-implicit-certification-test-plan
# OIDC HYBRID
- plan: oidcc-client-hybrid-certification-test-plan
# OIDC CONFIG
- plan: oidcc-client-config-certification-test-plan
# OIDC DYNAMIC
# TODO: work around the request_uri lodging service EOL
# - plan: oidcc-client-dynamic-certification-test-plan
# FAPI 1.0 ID-2
# These plans are deprecated and to be removed
# - plan: fapi-rw-id2-client-test-plan
# client_auth_type: mtls
# - plan: fapi-rw-id2-client-test-plan
# client_auth_type: private_key_jwt
# FAPI 1.0 Advanced Final
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: private_key_jwt
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: mtls
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: mtls
fapi_auth_request_method: pushed
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: private_key_jwt
fapi_auth_request_method: pushed
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: mtls
fapi_response_mode: jarm
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: private_key_jwt
fapi_response_mode: jarm
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: mtls
fapi_auth_request_method: pushed
fapi_response_mode: jarm
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: private_key_jwt
fapi_auth_request_method: pushed
fapi_response_mode: jarm
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: mtls
fapi_auth_request_method: pushed
fapi_response_mode: jarm
fapi_client_type: plain_oauth
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: mtls
fapi_response_mode: jarm
fapi_client_type: plain_oauth
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: private_key_jwt
fapi_auth_request_method: pushed
fapi_response_mode: jarm
fapi_client_type: plain_oauth
- plan: fapi1-advanced-final-client-test-plan
client_auth_type: private_key_jwt
fapi_response_mode: jarm
fapi_client_type: plain_oauth
# FAPI 2.0 Security Profile ID2
- plan: fapi2-security-profile-id2-client-test-plan
client_auth_type: 'private_key_jwt'
sender_constrain: 'dpop'
- plan: fapi2-security-profile-id2-client-test-plan
client_auth_type: 'private_key_jwt'
sender_constrain: 'mtls'
- plan: fapi2-security-profile-id2-client-test-plan
client_auth_type: 'mtls'
sender_constrain: 'dpop'
- plan: fapi2-security-profile-id2-client-test-plan
client_auth_type: 'mtls'
sender_constrain: 'mtls'
# FAPI 2.0 Message Signing ID1
- plan: fapi2-message-signing-id1-client-test-plan
client_auth_type: 'mtls'
sender_constrain: 'mtls'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set Conformance Suite Version
run: |
export VERSION=($(curl --silent "https://gitlab.com/api/v4/projects/4175605/releases" | jq -r '.[0].tag_name'))
echo "VERSION=$VERSION" >> $GITHUB_ENV
- name: Load Cached Conformance Suite Build
uses: actions/cache@v4
id: cache
with:
path: ./conformance-suite
key: ${{ needs.build.outputs.cache-key }}
fail-on-cache-miss: true
- name: Run Conformance Suite
working-directory: ./conformance-suite
run: |
docker compose -f docker-compose-dev.yml up -d
while ! curl -skfail https://localhost.emobix.co.uk:8443/api/runner/available >/dev/null; do sleep 2; done
- run: git clone --depth 1 --single-branch --branch main https://github.com/panva/openid-client-certification-suite.git runner
- uses: actions/setup-node@v4
with:
node-version: lts/iron # 20
cache: 'npm'
- run: npm clean-install
working-directory: ./runner
- run: npm install ${{ github.repository }}#${{ github.sha }}
working-directory: ./runner
- run: npm run test
working-directory: ./runner
env:
NODE_OPTIONS: --tls-cipher-list="ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384"
- name: Upload test artifacts
uses: actions/upload-artifact@v4
with:
path: |
runner/export-*.zip
runner/logs/*.log
name: certification results idx(${{ strategy.job-index }})
if-no-files-found: warn
if: ${{ failure() }}