Newer
Older
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
- /kaniko/executor --context ${CI_PROJECT_DIR}/consent_provider --dockerfile ${CI_PROJECT_DIR}/consent_provider/Dockerfile --destination $CI_REGISTRY_IMAGE/consent_provider:${CI_COMMIT_REF_NAME}
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
- /kaniko/executor --context ${CI_PROJECT_DIR}/login_provider --dockerfile ${CI_PROJECT_DIR}/login_provider/Dockerfile --destination $CI_REGISTRY_IMAGE/login_provider:${CI_COMMIT_REF_NAME}
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
script:
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
- /kaniko/executor --context ${CI_PROJECT_DIR}/login_provider/test/behave --dockerfile ${CI_PROJECT_DIR}/login_provider/test/behave/Dockerfile --destination $CI_REGISTRY_IMAGE/login_provider_mock:${CI_COMMIT_REF_NAME} --build-arg baseimage=$CI_REGISTRY_IMAGE/login_provider:${CI_COMMIT_REF_NAME}
only:
changes:
- login_provider/**/*
- .gitlab-ci.yml
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
- /kaniko/executor --context ${CI_PROJECT_DIR}/login_provider/test --dockerfile ${CI_PROJECT_DIR}/login_provider/test/Dockerfile --destination $CI_REGISTRY_IMAGE/login_provider_ci_test:${CI_COMMIT_REF_NAME}
integration-oauth:
stage: build-testimages
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
script:
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
- /kaniko/executor --context ${CI_PROJECT_DIR}/test/login_logout --dockerfile ${CI_PROJECT_DIR}/test/login_logout/Dockerfile --destination $CI_REGISTRY_IMAGE/login_logout:${CI_COMMIT_REF_NAME}
only:
changes:
- .gitlab-ci.yml
integration-test:
stage: build-testimages
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
script:
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
- /kaniko/executor --context ${CI_PROJECT_DIR}/test/login_logout/test/ --dockerfile ${CI_PROJECT_DIR}/test/login_logout/test/Dockerfile --destination $CI_REGISTRY_IMAGE/integration_ci_test:${CI_COMMIT_REF_NAME}
only:
changes:
unittest-login:
stage: application-test
image: ${CI_REGISTRY_IMAGE}/login_provider_ci_test:${CI_COMMIT_REF_NAME}
script:
- cd login_provider
- python3 -m unittest discover
variables:
TESTUSER_USERNAME: "admin"
TESTUSER_EMAIL: "admin@example.net"
TESTUSER_PASSWORD: "password"
- name: ${CI_REGISTRY_IMAGE}/login_provider_mock:${CI_COMMIT_REF_NAME}
alias: login_provider
image: ${CI_REGISTRY_IMAGE}/login_provider_ci_test:${CI_COMMIT_REF_NAME}
script:
- cd login_provider/test/behave/
- python3 -m behave -D headless=True -D url=http://login_provider:5000 -D username=$TESTUSER_USERNAME -D password=$TESTUSER_PASSWORD
artifacts:
paths:
- login_provider/test/behave/screenshots/
expire_in: 1 month
when: on_failure
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
behave-integration:
stage: integration-test
services:
- name: postgres:latest
alias: postgres
- name: ${CI_REGISTRY_IMAGE}/login_provider:${CI_COMMIT_REF_NAME}
alias: login
- name: ${CI_REGISTRY_IMAGE}/consent_provider:${CI_COMMIT_REF_NAME}
alias: consent
- name: oryd/hydra:latest
alias: hydra
command:
- serve
- all
- --dangerous-force-http
- --dangerous-allow-insecure-redirect-urls
- http://oauth:5000/callback
- name: open.greenhost.net:4567/openappstack/user-panel:integration
alias: backend
- name: ${CI_REGISTRY_IMAGE}/login_logout:${CI_COMMIT_REF_NAME}
alias: oauth
variables:
# Gitlab CI does not propagate service names to service containers
# it assigns addresses incrementally starting from 172.17.0.2
# in the order that the services are started which is the order of
# the services listed in the job configuration
DATABASE_HOST: "172.17.0.2" # 172.17.0.2 -> postgres
URLS_LOGIN: "http://172.17.0.3:5000/" # 172.17.0.3 -> login
URLS_LOGOUT: "http://172.17.0.3:5000/logout"
LOGOUT_URL: "http://172.17.0.3:5000/logout"
URLS_POST_LOGOUT_REDIRECT: "http://172.17.0.3:5000/"
URLS_CONSENT: "http://172.17.0.4:5001/" # 172.17.0.4 -> consent
URLS_SELF_ISSUER: "http://172.17.0.5:4444/" # 172.17.0.5 -> hydra
HYDRA_ADMIN_URL: "http://172.17.0.5:4445"
ACCESS_TOKEN_URL: "http://172.17.0.5:4444/oauth2/token"
AUTHORIZE_URL: "http://172.17.0.5:4444/oauth2/auth"
GRAPHQL_URL: "http://172.17.0.6:5000/graphql" # 172.17.0.6 -> backend
GIT_SUBMODULE_STRATEGY: "recursive"
TESTUSER_USERNAME: "testuser"
TESTUSER_PASSWORD: "password"
TESTUSER_EMAIL: "testuser@example.net"
DSN: "memory"
SECRETS_SYSTEM: "youReallyNeedToChangeThis"
OIDC_SUBJECT_TYPES_SUPPORTED: "public,pairwise"
OIDC_SUBJECT_TYPE_PAIRWISE_SALT: "youReallyNeedToChangeThis"
DATABASE_USER: postgres
DATABASE_PASSWORD: secret
DATABASE_NAME: postgres
POSTGRES_PASSWORD: secret
POSTGRES_USER: postgres
POSTGRES_DB: postgres
OAUTHLIB_INSECURE_TRANSPORT: "true"
KEY: "testapp"
SECRET: "secret"
DEBUG: "true"
FLASK_ENV: "development"
image: ${CI_REGISTRY_IMAGE}/integration_ci_test:${CI_COMMIT_REF_NAME}
script:
- echo "WAIT FOR SERVICES TO INITIALIZE" && sleep 20
- /bin/bash user-panel/utils/create-user.bash ${TESTUSER_USERNAME} ${TESTUSER_PASSWORD} ${TESTUSER_EMAIL} backend:5000
- /bin/bash user-panel/utils/create-user.bash ${TESTUSER_USERNAME2} ${TESTUSER_PASSWORD} ${TESTUSER_EMAIL2} backend:5000
- /bin/bash user-panel/utils/create-application.bash ${KEY} backend:5000
- /bin/bash user-panel/utils/create-role.bash ${ROLE} backend:5000
- /bin/bash user-panel/utils/grant-access.bash ${TESTUSER_USERNAME} ${KEY} backend:5000
- /bin/bash user-panel/utils/assign-role.bash ${TESTUSER_USERNAME} ${ROLE} backend:5000
- /bin/bash test/create-hydra-client.bash ${KEY} ${SECRET} hydra:4445 http://oauth:5000/callback
- >
python3 -m behave
-D headless=True
-D url=http://oauth:5000
-D logout_url=http://oauth:5000/logout
-D userinfo_url=http://oauth:5000/userinfo
-D username=${TESTUSER_USERNAME}
-D username2=${TESTUSER_USERNAME2}
-D password=${TESTUSER_PASSWORD}
-D email=${TESTUSER_EMAIL}
-D role=${ROLE}