Skip to content

Commit 55930a1

Browse files
authored
Develop (#172)
* Synching develop branch with master. (#161) * Feature/157 (#158) * Initial creation of terraform setup for AWS static-content site hosting. * Website deployment run locally works. Terraform AWS resource build run locally works. * Creating test self-hosted environment. Alwways run terraform in docker containers. * Removing all run on PR creation / modification. * Making redirect_uri and logout URL field defaults parameterized. * OIDC Authorization Code Flow with local keycoak is now working for test and prod hosted static-content site. * Updating Token History grouping. * Test suite works against test and prod sites with a local keycloak instance. The introspection endpoint in keycloak cannot be invoked from the browser. So, the static content site cannot call the keycloak instrospection site. The test suite looks for hte expected CORS error. Test suite must be run against a local build for full validation. * Feature/158 (#160) * Initial creation of terraform setup for AWS static-content site hosting. * Website deployment run locally works. Terraform AWS resource build run locally works. * Creating test self-hosted environment. Alwways run terraform in docker containers. * Removing all run on PR creation / modification. * Making redirect_uri and logout URL field defaults parameterized. * OIDC Authorization Code Flow with local keycoak is now working for test and prod hosted static-content site. * Updating Token History grouping. * Test suite works against test and prod sites with a local keycloak instance. The introspection endpoint in keycloak cannot be invoked from the browser. So, the static content site cannot call the keycloak instrospection site. The test suite looks for hte expected CORS error. Test suite must be run against a local build for full validation. * Minimize javascript for static content sites. Google analytics for static content sites. * feature/152 (#163) * Feature/157 (#158) * Initial creation of terraform setup for AWS static-content site hosting. * Website deployment run locally works. Terraform AWS resource build run locally works. * Creating test self-hosted environment. Alwways run terraform in docker containers. * Removing all run on PR creation / modification. * Making redirect_uri and logout URL field defaults parameterized. * OIDC Authorization Code Flow with local keycoak is now working for test and prod hosted static-content site. * Updating Token History grouping. * Test suite works against test and prod sites with a local keycloak instance. The introspection endpoint in keycloak cannot be invoked from the browser. So, the static content site cannot call the keycloak instrospection site. The test suite looks for hte expected CORS error. Test suite must be run against a local build for full validation. * Feature/158 (#160) * Initial creation of terraform setup for AWS static-content site hosting. * Website deployment run locally works. Terraform AWS resource build run locally works. * Creating test self-hosted environment. Alwways run terraform in docker containers. * Removing all run on PR creation / modification. * Making redirect_uri and logout URL field defaults parameterized. * OIDC Authorization Code Flow with local keycoak is now working for test and prod hosted static-content site. * Updating Token History grouping. * Test suite works against test and prod sites with a local keycloak instance. The introspection endpoint in keycloak cannot be invoked from the browser. So, the static content site cannot call the keycloak instrospection site. The test suite looks for hte expected CORS error. Test suite must be run against a local build for full validation. * Minimize javascript for static content sites. Google analytics for static content sites. * Feature/152 (#162) * Synching develop branch with master. (#161) * Feature/157 (#158) * Initial creation of terraform setup for AWS static-content site hosting. * Website deployment run locally works. Terraform AWS resource build run locally works. * Creating test self-hosted environment. Alwways run terraform in docker containers. * Removing all run on PR creation / modification. * Making redirect_uri and logout URL field defaults parameterized. * OIDC Authorization Code Flow with local keycoak is now working for test and prod hosted static-content site. * Updating Token History grouping. * Test suite works against test and prod sites with a local keycloak instance. The introspection endpoint in keycloak cannot be invoked from the browser. So, the static content site cannot call the keycloak instrospection site. The test suite looks for hte expected CORS error. Test suite must be run against a local build for full validation. * Feature/158 (#160) * Initial creation of terraform setup for AWS static-content site hosting. * Website deployment run locally works. Terraform AWS resource build run locally works. * Creating test self-hosted environment. Alwways run terraform in docker containers. * Removing all run on PR creation / modification. * Making redirect_uri and logout URL field defaults parameterized. * OIDC Authorization Code Flow with local keycoak is now working for test and prod hosted static-content site. * Updating Token History grouping. * Test suite works against test and prod sites with a local keycloak instance. The introspection endpoint in keycloak cannot be invoked from the browser. So, the static content site cannot call the keycloak instrospection site. The test suite looks for hte expected CORS error. Test suite must be run against a local build for full validation. * Minimize javascript for static content sites. Google analytics for static content sites. * Updated docker build instructions. * Initial page + test creation. (#164) * Initial page + test creation. * Adding ability to take a JWT and decompose it into JWT Header and JWT Payload fields on jwt_tools.html page. Updated test suite to test this. * Moving back to postgres18. Not sure when we lost that change. * Fixing test #13. * Fix coverage report. * Another change attempting to fix the code coverage bug. * Successful deployment to test.idptools.com and selenium test run. * Terraform creates IAM role with minimmum permissions. * Terraform creates IAM role with minimmum permissions. * Automatically run terraform against test when commmits / merge made to develop. * Updating develop / test 'test suite run' + terraform + static-content site deployment. * Test change to kick off pipelines. * Kick-off another workflow run. * Terraform deploy job didn't run as expected on push. * Initiate workflows by push. Test. * Run hosted site test suite after deployment.
1 parent 7152372 commit 55930a1

4 files changed

Lines changed: 210 additions & 5 deletions

File tree

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
name: Live Site Test (idptools.com)
2+
3+
# Runs the full Selenium suite against the DEPLOYED PROD site
4+
# (https://idptools.com), using a throwaway Keycloak spun up locally on the
5+
# runner (host networking, so the browser reaches it at localhost:8080). Same
6+
# mechanism as the test-site live test (docker-compose-live-tests.yml), pointed
7+
# at prod via LIVE_DEBUGGER_BASE_URL / LIVE_CONFIG_FILE.
8+
#
9+
# Runs automatically after a successful prod deploy, plus nightly and on demand.
10+
#
11+
# NOTE: the workflow_run trigger only fires from this file on the DEFAULT branch
12+
# (master).
13+
14+
on:
15+
# After the prod deploy finishes.
16+
workflow_run:
17+
workflows: ["Deploy Static Site (idptools.com)"]
18+
types: [completed]
19+
workflow_dispatch:
20+
# Nightly, staggered after the test-site live run (11:00 UTC).
21+
schedule:
22+
- cron: '0 12 * * *'
23+
24+
permissions:
25+
contents: read
26+
27+
jobs:
28+
live-test:
29+
runs-on: ubuntu-latest
30+
# For a post-deploy (workflow_run) trigger, only run if the deploy
31+
# succeeded. Manual dispatch and the nightly schedule always run.
32+
if: ${{ github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success' }}
33+
steps:
34+
- name: Checkout Repository
35+
uses: actions/checkout@v7
36+
37+
- name: Install docker-compose
38+
uses: KengoTODA/actions-setup-docker-compose@v1
39+
with:
40+
version: '5.2.0'
41+
42+
- name: Run Selenium suite against the live PROD site
43+
run: |
44+
sudo LIVE_DEBUGGER_BASE_URL=https://idptools.com \
45+
LIVE_CONFIG_FILE=./env/prod.js \
46+
docker compose -f docker-compose-live-tests.yml \
47+
up --build --abort-on-container-exit --exit-code-from tests
48+
49+
- name: Tear down the stack
50+
if: always()
51+
run: sudo docker compose -f docker-compose-live-tests.yml down
52+
53+
- name: Normalize report permissions
54+
if: always()
55+
run: sudo chown -R "$(id -u):$(id -g)" tests/report || true
56+
57+
- name: Upload test report
58+
if: always()
59+
uses: actions/upload-artifact@v7
60+
with:
61+
name: live-test-report-prod
62+
path: tests/report/latest
63+
if-no-files-found: warn
64+
retention-days: 30
Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
name: Live Site Test (test.idptools.com)
2+
3+
# Runs the full Selenium suite against the DEPLOYED test.idptools.com site,
4+
# using a throwaway Keycloak spun up locally on the runner. Host networking lets
5+
# the browser (in the tests container) reach that Keycloak at localhost:8080,
6+
# while it drives the public HTTPS site. This is remote-run-tests.sh,
7+
# containerized for CI (see docker-compose-live-tests.yml).
8+
#
9+
# Runs automatically after a successful test-site deploy (post-deploy
10+
# verification), plus nightly and on demand.
11+
#
12+
# NOTE: the workflow_run trigger only fires from this file on the DEFAULT branch
13+
# (master). No branch filter is used: the test-site deploy is itself
14+
# workflow_run-triggered (so it's attributed to master), and this suite targets
15+
# the public URL rather than a specific commit — it just needs the deploy to
16+
# have succeeded.
17+
18+
on:
19+
# After the test-site deploy finishes.
20+
workflow_run:
21+
workflows: ["Deploy Static Site (test.idptools.com)"]
22+
types: [completed]
23+
workflow_dispatch:
24+
# Nightly, after the containerized "Selenium Tests" suite (10:00 UTC).
25+
schedule:
26+
- cron: '0 11 * * *'
27+
28+
permissions:
29+
contents: read
30+
31+
jobs:
32+
live-test:
33+
runs-on: ubuntu-latest
34+
# For a post-deploy (workflow_run) trigger, only run if the deploy
35+
# succeeded. Manual dispatch and the nightly schedule always run.
36+
if: ${{ github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success' }}
37+
steps:
38+
- name: Checkout Repository
39+
uses: actions/checkout@v7
40+
41+
- name: Install docker-compose
42+
uses: KengoTODA/actions-setup-docker-compose@v1
43+
with:
44+
version: '5.2.0'
45+
46+
- name: Run Selenium suite against the live test site
47+
run: |
48+
sudo docker compose -f docker-compose-live-tests.yml \
49+
up --build --abort-on-container-exit --exit-code-from tests
50+
51+
- name: Tear down the stack
52+
if: always()
53+
run: sudo docker compose -f docker-compose-live-tests.yml down
54+
55+
- name: Normalize report permissions
56+
if: always()
57+
run: sudo chown -R "$(id -u):$(id -g)" tests/report || true
58+
59+
- name: Upload test report
60+
if: always()
61+
uses: actions/upload-artifact@v7
62+
with:
63+
name: live-test-report
64+
path: tests/report/latest
65+
if-no-files-found: warn
66+
retention-days: 30

docker-compose-live-tests.yml

Lines changed: 71 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,71 @@
1+
# Runs the Selenium suite against a DEPLOYED debugger site (default:
2+
# https://test.idptools.com) while talking to a throwaway Keycloak spun up
3+
# locally. Same idea as docker-compose-run-tests.yml, except the debugger under
4+
# test is the hosted site instead of a containerized client — only Keycloak and
5+
# the test runner are started here.
6+
#
7+
# Host networking is used so the browser inside the tests container reaches the
8+
# local Keycloak at http://localhost:8080 (the same scenario remote-run-tests.sh
9+
# proves locally). The browser drives the public HTTPS site and makes its
10+
# OIDC/OAuth calls to that local Keycloak; the suite's Chrome flags
11+
# (--allow-running-insecure-content + private-network overrides) permit the
12+
# HTTPS-page -> http://localhost calls.
13+
#
14+
# Keycloak's clients are (re)created at run time by common.sh configureKeycloak
15+
# with redirectUris/webOrigins matching DEBUGGER_BASE_URL, so the deployed
16+
# site's redirect back to <site>/callback validates.
17+
#
18+
# Compose format 2.4 for `depends_on: condition: service_healthy` support.
19+
#
20+
# Override the target via the environment:
21+
# LIVE_DEBUGGER_BASE_URL (default https://test.idptools.com)
22+
# LIVE_CONFIG_FILE (default ./env/test-idptools-com.js)
23+
version: '2.4'
24+
services:
25+
keycloak:
26+
image: quay.io/keycloak/keycloak:26.6.4
27+
command: ["start-dev"]
28+
hostname: keycloak
29+
network_mode: "host"
30+
environment:
31+
KC_HTTP_PORT: "8080"
32+
KC_BOOTSTRAP_ADMIN_USERNAME: keycloak
33+
KC_BOOTSTRAP_ADMIN_PASSWORD: keycloak
34+
KEYCLOAK_ADMIN: keycloak
35+
KEYCLOAK_ADMIN_PASSWORD: keycloak
36+
KC_HEALTH_ENABLED: "true"
37+
healthcheck:
38+
test: [
39+
"CMD-SHELL",
40+
"exec 3<>/dev/tcp/localhost/9000; \
41+
echo -en 'GET /health/ready' >&3; \
42+
if timeout 3 cat <&3 | grep -m 1 'UP'; then \
43+
exec 3<&-; exec 3>&-; exit 0; \
44+
else \
45+
exec 3<&-; exec 3>&-; exit 1; \
46+
fi"
47+
]
48+
interval: 10s
49+
timeout: 60s
50+
retries: 5
51+
start_period: 30s
52+
53+
tests:
54+
container_name: tests
55+
image: rcbj/test-live
56+
build:
57+
context: .
58+
dockerfile: tests/Dockerfile
59+
network_mode: "host"
60+
environment:
61+
# Target the deployed site; talk to the local Keycloak over localhost.
62+
- DEBUGGER_BASE_URL=${LIVE_DEBUGGER_BASE_URL:-https://test.idptools.com}
63+
- KEYCLOAK_BASE_URL=http://localhost:8080
64+
- KEYCLOAK_LOCALHOST_BASE_URL=http://localhost:8080
65+
- CONFIG_FILE=${LIVE_CONFIG_FILE:-./env/test-idptools-com.js}
66+
# Persist the generated report/logs to the host (gitignored).
67+
volumes:
68+
- ./tests/report:/usr/src/app/report
69+
depends_on:
70+
keycloak:
71+
condition: service_healthy

docker-run-tests.sh

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,15 @@ set -x
33

44
init()
55
{
6-
DEBUGGER_BASE_URL=http://client:3000
7-
CONFIG_FILE=./env/local.js
8-
KEYCLOAK_BASE_URL=http://keycloak:8080
9-
KEYCLOAK_LOCALHOST_BASE_URL=http://keycloak:8080
10-
CONFIG_FILE=./env/local.js
6+
# Defaults target the fully-containerized stack (client + keycloak on the
7+
# compose network). They can be overridden via the environment to run the
8+
# SAME suite against a deployed site while talking to a locally-spun-up
9+
# Keycloak — see docker-compose-live-tests.yml (e.g. DEBUGGER_BASE_URL set to
10+
# https://test.idptools.com with KEYCLOAK_BASE_URL=http://localhost:8080).
11+
DEBUGGER_BASE_URL="${DEBUGGER_BASE_URL:-http://client:3000}"
12+
KEYCLOAK_BASE_URL="${KEYCLOAK_BASE_URL:-http://keycloak:8080}"
13+
KEYCLOAK_LOCALHOST_BASE_URL="${KEYCLOAK_LOCALHOST_BASE_URL:-http://keycloak:8080}"
14+
CONFIG_FILE="${CONFIG_FILE:-./env/local.js}"
1115
CURRENT_DIR=`echo "$(dirname "$(realpath "$0")")"`
1216
COMMON_SH=${CURRENT_DIR}/common.sh
1317
if [ -r "${COMMON_SH}" ];

0 commit comments

Comments
 (0)