Skip to content
Snippets Groups Projects
.gitlab-ci.yml 7.22 KiB
Newer Older
Mark's avatar
Mark committed
stages:
  - build
  - build-testimages
Mark's avatar
Mark committed
  - application-test
Mark's avatar
Mark committed
  - integration-test
Mark's avatar
Mark committed

Mark's avatar
Mark committed
consent-provider:
Mark's avatar
Mark committed
  stage: build
Mark's avatar
Mark committed
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
Mark's avatar
Mark committed
  script:
Mark's avatar
Mark committed
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor --context ${CI_PROJECT_DIR}/consent_provider --dockerfile ${CI_PROJECT_DIR}/consent_provider/Dockerfile --destination $CI_REGISTRY_IMAGE/consent_provider:${CI_COMMIT_REF_NAME}
Mark's avatar
Mark committed
  only:
    changes:
Mark's avatar
Mark committed
      - consent_provider/**/*
      - .gitlab-ci.yml
Mark's avatar
Mark committed

Mark's avatar
Mark committed
login-provider:
Mark's avatar
Mark committed
  stage: build
Mark's avatar
Mark committed
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
Mark's avatar
Mark committed
  script:
Mark's avatar
Mark committed
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor --context ${CI_PROJECT_DIR}/login_provider --dockerfile ${CI_PROJECT_DIR}/login_provider/Dockerfile --destination $CI_REGISTRY_IMAGE/login_provider:${CI_COMMIT_REF_NAME}
Mark's avatar
Mark committed
  only:
    changes:
Mark's avatar
Mark committed
      - login_provider/**/*
      - .gitlab-ci.yml
login-provider-mock:
  stage: build-testimages
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  script:
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor --context ${CI_PROJECT_DIR}/login_provider/test/behave --dockerfile ${CI_PROJECT_DIR}/login_provider/test/behave/Dockerfile --destination $CI_REGISTRY_IMAGE/login_provider_mock:${CI_COMMIT_REF_NAME} --build-arg baseimage=$CI_REGISTRY_IMAGE/login_provider:${CI_COMMIT_REF_NAME}
  only:
    changes:
      - login_provider/**/*
      - .gitlab-ci.yml

Mark's avatar
Mark committed
login-provider-test:
  stage: build-testimages
Mark's avatar
Mark committed
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
Mark's avatar
Mark committed
  script:
Mark's avatar
Mark committed
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor --context ${CI_PROJECT_DIR}/login_provider/test --dockerfile ${CI_PROJECT_DIR}/login_provider/test/Dockerfile --destination $CI_REGISTRY_IMAGE/login_provider_ci_test:${CI_COMMIT_REF_NAME}
Mark's avatar
Mark committed
  only:
    changes:
Mark's avatar
Mark committed
      - login_provider/**/*
      - .gitlab-ci.yml
integration-oauth:
  stage: build-testimages
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  script:
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor --context ${CI_PROJECT_DIR}/test/login_logout --dockerfile ${CI_PROJECT_DIR}/test/login_logout/Dockerfile --destination $CI_REGISTRY_IMAGE/login_logout:${CI_COMMIT_REF_NAME}
  only:
    changes:
      - ./**/*
      - .gitlab-ci.yml

integration-test:
  stage: build-testimages
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  script:
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor --context ${CI_PROJECT_DIR}/test/login_logout/test/ --dockerfile ${CI_PROJECT_DIR}/test/login_logout/test/Dockerfile --destination $CI_REGISTRY_IMAGE/integration_ci_test:${CI_COMMIT_REF_NAME}
  only:
    changes:
      - ./**/*
      - .gitlab-ci.yml

Mark's avatar
Mark committed
behave-login:
  stage: application-test
  variables:
    TESTUSER_USERNAME: "admin"
    TESTUSER_EMAIL: "admin@example.net"
    TESTUSER_PASSWORD: "password"
Mark's avatar
Mark committed
  services:
    - name: ${CI_REGISTRY_IMAGE}/login_provider_mock:${CI_COMMIT_REF_NAME}
Mark's avatar
Mark committed
      alias: login_provider
  image: ${CI_REGISTRY_IMAGE}/login_provider_ci_test:${CI_COMMIT_REF_NAME}
  script:
    - cd login_provider/test/behave/
    - python3 -m behave -D headless=True -D url=http://login_provider:5000 -D username=$TESTUSER_USERNAME -D password=$TESTUSER_PASSWORD
Mark's avatar
Mark committed
  artifacts:
    paths:
      - login_provider/test/behave/screenshots/
    expire_in: 1 month
    when: on_failure
  only:
    changes:
Mark's avatar
Mark committed
      - login_provider/**/*
      - .gitlab-ci.yml
Mark's avatar
Mark committed

behave-integration:
  stage: integration-test
  services:
    - name: postgres:latest
      alias: postgres
    - name: ${CI_REGISTRY_IMAGE}/login_provider:${CI_COMMIT_REF_NAME}
      alias: login
    - name: ${CI_REGISTRY_IMAGE}/consent_provider:${CI_COMMIT_REF_NAME}
      alias: consent
    - name: oryd/hydra:latest
      alias: hydra
      command:
        - serve
        - all
        - --dangerous-force-http
        - --dangerous-allow-insecure-redirect-urls
        - http://oauth:5000/callback
    - name: open.greenhost.net:4567/openappstack/user-panel:integration
      alias: backend
    - name: ${CI_REGISTRY_IMAGE}/login_logout:${CI_COMMIT_REF_NAME}
      alias: oauth
  variables:
    # Gitlab CI does not propagate service names to service containers
    # it assigns addresses incrementally starting from 172.17.0.2
    # in the order that the services are started which is the order of
    # the services listed in the job configuration
    DATABASE_HOST: "172.17.0.2" # 172.17.0.2 -> postgres
    URLS_LOGIN: "http://172.17.0.3:5000/" # 172.17.0.3 -> login
    URLS_LOGOUT: "http://172.17.0.3:5000/logout"
Mark's avatar
Mark committed
    LOGOUT_URL: "http://172.17.0.3:5000/logout"
    URLS_POST_LOGOUT_REDIRECT: "http://172.17.0.3:5000/"
Mark's avatar
Mark committed
    URLS_CONSENT: "http://172.17.0.4:5001/" # 172.17.0.4 -> consent
    URLS_SELF_ISSUER: "http://172.17.0.5:4444/" # 172.17.0.5 -> hydra
    HYDRA_ADMIN_URL: "http://172.17.0.5:4445"
    BASE_URL: "http://172.17.0.5:4444"
    ACCESS_TOKEN_URL: "http://172.17.0.5:4444/oauth2/token"
    AUTHORIZE_URL: "http://172.17.0.5:4444/oauth2/auth"
    GRAPHQL_URL: "http://172.17.0.6:5000/graphql" # 172.17.0.6 -> backend
    GIT_SUBMODULE_STRATEGY: "recursive"
    TESTUSER_USERNAME: "testuser"
    TESTUSER_PASSWORD: "password"
    TESTUSER_EMAIL: "testuser@example.net"
    DSN: "memory"
    SECRETS_SYSTEM: "youReallyNeedToChangeThis"
    OIDC_SUBJECT_TYPES_SUPPORTED: "public,pairwise"
    OIDC_SUBJECT_TYPE_PAIRWISE_SALT: "youReallyNeedToChangeThis"
    DATABASE_USER: postgres
    DATABASE_PASSWORD: secret
    DATABASE_NAME: postgres
    POSTGRES_PASSWORD: secret
    POSTGRES_USER: postgres
    POSTGRES_DB: postgres
    OAUTHLIB_INSECURE_TRANSPORT: "true"
    KEY: "testapp"
    SECRET: "secret"
    DEBUG: "true"
    FLASK_ENV: "development"
  image: ${CI_REGISTRY_IMAGE}/integration_ci_test:${CI_COMMIT_REF_NAME}
  script:
    - echo "WAIT FOR SERVICES TO INITIALIZE" && sleep 20
    - /bin/sh user-panel/utils/create-user.sh ${TESTUSER_USERNAME} ${TESTUSER_PASSWORD} ${TESTUSER_EMAIL} backend 5000
    - /bin/sh user-panel/utils/create-application.sh ${KEY} backend 5000
    - /bin/sh user-panel/utils/grant-access.sh ${TESTUSER_USERNAME} ${KEY} backend 5000
    - /bin/sh test/create-hydra-client.sh ${KEY} ${SECRET} hydra 4445 http://oauth:5000/callback
    - cd test/login_logout/test/behave/
Mark's avatar
Mark committed
    - python3 -m behave -D headless=True -D url=http://oauth:5000 -D logout_url=http://oauth:5000/logout -D username=${TESTUSER_USERNAME} -D password=${TESTUSER_PASSWORD}
Mark's avatar
Mark committed
  artifacts:
    paths:
      - test/login_logout/test/behave/screenshots/
    expire_in: 1 month
    when: on_failure
  only:
    changes:
      - login_provider/**/*
      - .gitlab-ci.yml