mirror of
https://github.com/netbirdio/netbird.git
synced 2024-11-30 03:54:35 +01:00
8aa4f240c7
add getting started script with zitadel limit tests for infrastructure file workflow limit release workflow based on relevant files
151 lines
7.3 KiB
YAML
151 lines
7.3 KiB
YAML
name: Test Infrastructure files
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
pull_request:
|
|
paths:
|
|
- 'infrastructure_files/**'
|
|
- '.github/workflows/test-infrastructure-files.yml'
|
|
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
test-docker-compose:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Install jq
|
|
run: sudo apt-get install -y jq
|
|
|
|
- name: Install curl
|
|
run: sudo apt-get install -y curl
|
|
|
|
- name: Install Go
|
|
uses: actions/setup-go@v2
|
|
with:
|
|
go-version: "1.20.x"
|
|
|
|
- name: Cache Go modules
|
|
uses: actions/cache@v2
|
|
with:
|
|
path: ~/go/pkg/mod
|
|
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-
|
|
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
|
|
- name: cp setup.env
|
|
run: cp infrastructure_files/tests/setup.env infrastructure_files/
|
|
|
|
- name: run configure
|
|
working-directory: infrastructure_files
|
|
run: bash -x configure.sh
|
|
env:
|
|
CI_NETBIRD_DOMAIN: localhost
|
|
CI_NETBIRD_AUTH_CLIENT_ID: testing.client.id
|
|
CI_NETBIRD_AUTH_CLIENT_SECRET: testing.client.secret
|
|
CI_NETBIRD_AUTH_AUDIENCE: testing.ci
|
|
CI_NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT: https://example.eu.auth0.com/.well-known/openid-configuration
|
|
CI_NETBIRD_USE_AUTH0: true
|
|
CI_NETBIRD_MGMT_IDP: "none"
|
|
CI_NETBIRD_IDP_MGMT_CLIENT_ID: testing.client.id
|
|
CI_NETBIRD_IDP_MGMT_CLIENT_SECRET: testing.client.secret
|
|
CI_NETBIRD_AUTH_SUPPORTED_SCOPES: "openid profile email offline_access api email_verified"
|
|
|
|
- name: check values
|
|
working-directory: infrastructure_files
|
|
env:
|
|
CI_NETBIRD_DOMAIN: localhost
|
|
CI_NETBIRD_AUTH_CLIENT_ID: testing.client.id
|
|
CI_NETBIRD_AUTH_CLIENT_SECRET: testing.client.secret
|
|
CI_NETBIRD_AUTH_AUDIENCE: testing.ci
|
|
CI_NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT: https://example.eu.auth0.com/.well-known/openid-configuration
|
|
CI_NETBIRD_USE_AUTH0: true
|
|
CI_NETBIRD_AUTH_SUPPORTED_SCOPES: "openid profile email offline_access api email_verified"
|
|
CI_NETBIRD_AUTH_AUTHORITY: https://example.eu.auth0.com/
|
|
CI_NETBIRD_AUTH_JWT_CERTS: https://example.eu.auth0.com/.well-known/jwks.json
|
|
CI_NETBIRD_AUTH_TOKEN_ENDPOINT: https://example.eu.auth0.com/oauth/token
|
|
CI_NETBIRD_AUTH_DEVICE_AUTH_ENDPOINT: https://example.eu.auth0.com/oauth/device/code
|
|
CI_NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT: https://example.eu.auth0.com/authorize
|
|
CI_NETBIRD_AUTH_REDIRECT_URI: "/peers"
|
|
CI_NETBIRD_TOKEN_SOURCE: "idToken"
|
|
CI_NETBIRD_AUTH_USER_ID_CLAIM: "email"
|
|
CI_NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE: "super"
|
|
CI_NETBIRD_AUTH_DEVICE_AUTH_SCOPE: "openid email"
|
|
CI_NETBIRD_MGMT_IDP: "none"
|
|
CI_NETBIRD_IDP_MGMT_CLIENT_ID: testing.client.id
|
|
CI_NETBIRD_IDP_MGMT_CLIENT_SECRET: testing.client.secret
|
|
|
|
run: |
|
|
grep AUTH_CLIENT_ID docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_ID
|
|
grep AUTH_CLIENT_SECRET docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_SECRET
|
|
grep AUTH_AUTHORITY docker-compose.yml | grep $CI_NETBIRD_AUTH_AUTHORITY
|
|
grep AUTH_AUDIENCE docker-compose.yml | grep $CI_NETBIRD_AUTH_AUDIENCE
|
|
grep AUTH_SUPPORTED_SCOPES docker-compose.yml | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES"
|
|
grep USE_AUTH0 docker-compose.yml | grep $CI_NETBIRD_USE_AUTH0
|
|
grep NETBIRD_MGMT_API_ENDPOINT docker-compose.yml | grep "$CI_NETBIRD_DOMAIN:33073"
|
|
grep AUTH_REDIRECT_URI docker-compose.yml | grep $CI_NETBIRD_AUTH_REDIRECT_URI
|
|
grep AUTH_SILENT_REDIRECT_URI docker-compose.yml | egrep 'AUTH_SILENT_REDIRECT_URI=$'
|
|
grep LETSENCRYPT_DOMAIN docker-compose.yml | egrep 'LETSENCRYPT_DOMAIN=$'
|
|
grep NETBIRD_TOKEN_SOURCE docker-compose.yml | grep $CI_NETBIRD_TOKEN_SOURCE
|
|
grep AuthUserIDClaim management.json | grep $CI_NETBIRD_AUTH_USER_ID_CLAIM
|
|
grep -A 3 DeviceAuthorizationFlow management.json | grep -A 1 ProviderConfig | grep Audience | grep $CI_NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE
|
|
grep -A 8 DeviceAuthorizationFlow management.json | grep -A 6 ProviderConfig | grep Scope | grep "$CI_NETBIRD_AUTH_DEVICE_AUTH_SCOPE"
|
|
grep UseIDToken management.json | grep false
|
|
grep -A 1 IdpManagerConfig management.json | grep ManagerType | grep $CI_NETBIRD_MGMT_IDP
|
|
grep -A 3 IdpManagerConfig management.json | grep -A 1 ClientConfig | grep Issuer | grep $CI_NETBIRD_AUTH_AUTHORITY
|
|
grep -A 4 IdpManagerConfig management.json | grep -A 2 ClientConfig | grep TokenEndpoint | grep $CI_NETBIRD_AUTH_TOKEN_ENDPOINT
|
|
grep -A 5 IdpManagerConfig management.json | grep -A 3 ClientConfig | grep ClientID | grep $CI_NETBIRD_IDP_MGMT_CLIENT_ID
|
|
grep -A 6 IdpManagerConfig management.json | grep -A 4 ClientConfig | grep ClientSecret | grep $CI_NETBIRD_IDP_MGMT_CLIENT_SECRET
|
|
grep -A 7 IdpManagerConfig management.json | grep -A 5 ClientConfig | grep GrantType | grep client_credentials
|
|
grep -A 2 PKCEAuthorizationFlow management.json | grep -A 1 ProviderConfig | grep Audience | grep $CI_NETBIRD_AUTH_AUDIENCE
|
|
grep -A 3 PKCEAuthorizationFlow management.json | grep -A 2 ProviderConfig | grep ClientID | grep $CI_NETBIRD_AUTH_CLIENT_ID
|
|
grep -A 4 PKCEAuthorizationFlow management.json | grep -A 3 ProviderConfig | grep ClientSecret | grep $CI_NETBIRD_AUTH_CLIENT_SECRET
|
|
grep -A 5 PKCEAuthorizationFlow management.json | grep -A 4 ProviderConfig | grep AuthorizationEndpoint | grep $CI_NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT
|
|
grep -A 6 PKCEAuthorizationFlow management.json | grep -A 5 ProviderConfig | grep TokenEndpoint | grep $CI_NETBIRD_AUTH_TOKEN_ENDPOINT
|
|
grep -A 7 PKCEAuthorizationFlow management.json | grep -A 6 ProviderConfig | grep Scope | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES"
|
|
|
|
- name: run docker compose up
|
|
working-directory: infrastructure_files
|
|
run: |
|
|
docker-compose up -d
|
|
sleep 5
|
|
docker-compose ps
|
|
docker-compose logs --tail=20
|
|
|
|
- name: test running containers
|
|
run: |
|
|
count=$(docker compose ps --format json | jq '.[] | select(.Project | contains("infrastructure_files")) | .State' | grep -c running)
|
|
test $count -eq 4
|
|
working-directory: infrastructure_files
|
|
|
|
test-getting-started-script:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Install jq
|
|
run: sudo apt-get install -y jq
|
|
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
|
|
- name: run script
|
|
run: NETBIRD_DOMAIN=use-ip bash -x infrastructure_files/getting-started-with-zitadel.sh
|
|
|
|
- name: test Caddy file gen
|
|
run: test -f Caddyfile
|
|
- name: test docker-compose file gen
|
|
run: test -f docker-compose.yml
|
|
- name: test management.json file gen
|
|
run: test -f management.json
|
|
- name: test turnserver.conf file gen
|
|
run: test -f turnserver.conf
|
|
- name: test zitadel.env file gen
|
|
run: test -f zitadel.env
|
|
- name: test dashboard.env file gen
|
|
run: test -f dashboard.env |