Newer
Older
include:
- remote: https://open.greenhost.net/openappstack/openappstack/raw/master/.gitlab/ci_templates/kaniko.yml
variables:
KANIKO_CONTEXT: "consent_provider"
KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
extends: .kaniko_build
variables:
KANIKO_CONTEXT: "login_provider"
KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
extends: .kaniko_build
KANIKO_ADDITIONAL_ARGS: "--build-arg baseimage=$CI_REGISTRY_IMAGE/login_provider:${CI_COMMIT_REF_NAME}"
only:
changes:
- login_provider/**/*
- .gitlab-ci.yml
KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
extends: .kaniko_build
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
script:
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
- /kaniko/executor --context ${CI_PROJECT_DIR}/test/login_logout --dockerfile ${CI_PROJECT_DIR}/test/login_logout/Dockerfile --destination $CI_REGISTRY_IMAGE/login_logout:${CI_COMMIT_REF_NAME}
only:
changes:
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
script:
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
- /kaniko/executor --context ${CI_PROJECT_DIR}/test/login_logout/test/ --dockerfile ${CI_PROJECT_DIR}/test/login_logout/test/Dockerfile --destination $CI_REGISTRY_IMAGE/integration_ci_test:${CI_COMMIT_REF_NAME}
only:
changes:
unittest-login:
stage: application-test
image: ${CI_REGISTRY_IMAGE}/login_provider_test:${CI_COMMIT_REF_NAME}
script:
- cd login_provider
- python3 -m unittest discover
variables:
TESTUSER_USERNAME: "admin"
TESTUSER_EMAIL: "admin@example.net"
TESTUSER_PASSWORD: "password"
- name: ${CI_REGISTRY_IMAGE}/login_provider_mock:${CI_COMMIT_REF_NAME}
image: ${CI_REGISTRY_IMAGE}/login_provider_test:${CI_COMMIT_REF_NAME}
- python3 -m behave -D headless=True -D url=http://login_provider:5000 -D username=$TESTUSER_USERNAME -D password=$TESTUSER_PASSWORD
artifacts:
paths:
- login_provider/test/behave/screenshots/
expire_in: 1 month
when: on_failure
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
behave-integration:
stage: integration-test
services:
- name: postgres:latest
alias: postgres
- name: ${CI_REGISTRY_IMAGE}/login_provider:${CI_COMMIT_REF_NAME}
alias: login
- name: ${CI_REGISTRY_IMAGE}/consent_provider:${CI_COMMIT_REF_NAME}
alias: consent
- name: oryd/hydra:latest
alias: hydra
command:
- serve
- all
- --dangerous-force-http
- --dangerous-allow-insecure-redirect-urls
- http://oauth:5000/callback
- name: open.greenhost.net:4567/openappstack/user-panel:integration
alias: backend
- name: ${CI_REGISTRY_IMAGE}/login_logout:${CI_COMMIT_REF_NAME}
alias: oauth
variables:
# Gitlab CI does not propagate service names to service containers
# it assigns addresses incrementally starting from 172.17.0.2
# in the order that the services are started which is the order of
# the services listed in the job configuration
DATABASE_HOST: "172.17.0.2" # 172.17.0.2 -> postgres
URLS_LOGIN: "http://172.17.0.3:5000/" # 172.17.0.3 -> login
URLS_LOGOUT: "http://172.17.0.3:5000/logout"
LOGOUT_URL: "http://172.17.0.3:5000/logout"
URLS_POST_LOGOUT_REDIRECT: "http://172.17.0.3:5000/"
URLS_CONSENT: "http://172.17.0.4:5001/" # 172.17.0.4 -> consent
URLS_SELF_ISSUER: "http://172.17.0.5:4444/" # 172.17.0.5 -> hydra
HYDRA_ADMIN_URL: "http://172.17.0.5:4445"
ACCESS_TOKEN_URL: "http://172.17.0.5:4444/oauth2/token"
AUTHORIZE_URL: "http://172.17.0.5:4444/oauth2/auth"
GRAPHQL_URL: "http://172.17.0.6:5000/graphql" # 172.17.0.6 -> backend
GIT_SUBMODULE_STRATEGY: "recursive"
TESTUSER_USERNAME: "testuser"
TESTUSER_PASSWORD: "password"
TESTUSER_EMAIL: "testuser@example.net"
DSN: "memory"
SECRETS_SYSTEM: "youReallyNeedToChangeThis"
OIDC_SUBJECT_TYPES_SUPPORTED: "public,pairwise"
OIDC_SUBJECT_TYPE_PAIRWISE_SALT: "youReallyNeedToChangeThis"
DATABASE_USER: postgres
DATABASE_PASSWORD: secret
DATABASE_NAME: postgres
POSTGRES_PASSWORD: secret
POSTGRES_USER: postgres
POSTGRES_DB: postgres
OAUTHLIB_INSECURE_TRANSPORT: "true"
KEY: "testapp"
SECRET: "secret"
DEBUG: "true"
FLASK_ENV: "development"
image: ${CI_REGISTRY_IMAGE}/integration_ci_test:${CI_COMMIT_REF_NAME}
script:
- echo "WAIT FOR SERVICES TO INITIALIZE" && sleep 20
- /bin/bash user-panel/utils/create-user.bash ${TESTUSER_USERNAME} ${TESTUSER_PASSWORD} ${TESTUSER_EMAIL} backend:5000
- /bin/bash user-panel/utils/create-user.bash ${TESTUSER_USERNAME2} ${TESTUSER_PASSWORD} ${TESTUSER_EMAIL2} backend:5000
- /bin/bash user-panel/utils/create-application.bash ${KEY} backend:5000
- /bin/bash user-panel/utils/create-role.bash ${ROLE} backend:5000
- /bin/bash user-panel/utils/grant-access.bash ${TESTUSER_USERNAME} ${KEY} backend:5000
- /bin/bash user-panel/utils/assign-role.bash ${TESTUSER_USERNAME} ${ROLE} backend:5000
- /bin/bash test/create-hydra-client.bash ${KEY} ${SECRET} hydra:4445 http://oauth:5000/callback
- >
python3 -m behave
-D headless=True
-D url=http://oauth:5000
-D logout_url=http://oauth:5000/logout
-D userinfo_url=http://oauth:5000/userinfo
-D username=${TESTUSER_USERNAME}
-D username2=${TESTUSER_USERNAME2}
-D password=${TESTUSER_PASSWORD}
-D email=${TESTUSER_EMAIL}
-D role=${ROLE}