diff --git a/.drone.env b/.ci.env similarity index 76% rename from .drone.env rename to .ci.env index 2718b284..bdaa2fc1 100644 --- a/.drone.env +++ b/.ci.env @@ -1,5 +1,5 @@ # The version of OCIS to use in pipelines that test against OCIS -OCIS_COMMITID=90655c56a301a03ca1fbf455a84123809003961b +OCIS_COMMITID=c80adddce1b442f831923e2bd8e20cdd9d2ea8f6 OCIS_BRANCH=master OCIS_STABLE_COMMITID=e425d3ac23fbb3783e7aea0518037c4afce58ef3 OCIS_STABLE_BRANCH=stable-8.0 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7af89d91..934fe062 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,7 +27,7 @@ jobs: - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: .cache/composer - key: composer-${{ hashFiles('composer.lock') }} + key: composer-${{ hashFiles('composer.json') }} - run: composer install @@ -61,7 +61,7 @@ jobs: - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: .cache/composer - key: composer-${{ hashFiles('composer.lock') }} + key: composer-${{ hashFiles('composer.json') }} - run: composer install @@ -75,12 +75,195 @@ jobs: with: name: coverage-unitTests-${{ matrix.php-version }} path: tests/output/clover-unitTests-${{ matrix.php-version }}.xml + retention-days: 1 + + build-ocis: + name: buildOcis + runs-on: ubuntu-latest + needs: php-checks + strategy: + fail-fast: false + matrix: + branch: ['master', 'stable'] + + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: get ocis commit ID + run: | + source .ci.env + + if [ "${{ matrix.branch }}" = "master" ]; then + echo "OCIS_COMMIT=$OCIS_COMMITID" >> "$GITHUB_ENV" + echo "OCIS_REF=$OCIS_BRANCH" >> "$GITHUB_ENV" + else + echo "OCIS_COMMIT=$OCIS_STABLE_COMMITID" >> "$GITHUB_ENV" + echo "OCIS_REF=$OCIS_STABLE_BRANCH" >> "$GITHUB_ENV" + fi + + - name: cache ocis + id: ocis-cache + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + with: + path: | + ${{ github.workspace }}/ocis + ${{ github.workspace }}/ociswrapper + key: ocis-bin-${{ matrix.branch }}-${{ env.OCIS_COMMIT }} + + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + if: steps.ocis-cache.outputs.cache-hit != 'true' + with: + go-version: '1.25' + + - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + if: steps.ocis-cache.outputs.cache-hit != 'true' + with: + node-version: '20' + + - name: install pnpm + if: steps.ocis-cache.outputs.cache-hit != 'true' + run: npm install -g pnpm@9.15.9 + + - name: clone ocis ${{ matrix.branch }} + if: steps.ocis-cache.outputs.cache-hit != 'true' + run: | + git clone -b "$OCIS_REF" --single-branch https://github.com/owncloud/ocis.git repo_ocis + cd repo_ocis + git checkout "$OCIS_COMMIT" + + - name: generate ocis ${{ matrix.branch }} + if: steps.ocis-cache.outputs.cache-hit != 'true' + working-directory: repo_ocis + run: make ci-node-generate + + - name: build ocis ${{ matrix.branch }} + if: steps.ocis-cache.outputs.cache-hit != 'true' + working-directory: repo_ocis/ocis + run: | + make build + cp bin/ocis ${{ github.workspace }} + + - name: build ociswrapper + if: steps.ocis-cache.outputs.cache-hit != 'true' + run: | + make -C repo_ocis/tests/ociswrapper build + cp repo_ocis/tests/ociswrapper/bin/ociswrapper ${{ github.workspace }}/ + + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + with: + name: ocis-bin-${{ matrix.branch }} + path: | + ${{ github.workspace }}/ocis + ${{ github.workspace }}/ociswrapper + retention-days: 1 + + php-integration-tests: + name: php integration tests (${{ matrix.php-version}}-${{ matrix.branch }}-${{ matrix.branch == 'master' && matrix.php-version == '8.1' && '-with coverage' || '' }}) + runs-on: ubuntu-latest + needs: build-ocis + strategy: + fail-fast: false + matrix: + php-version: ['8.1', '8.2', '8.3'] + branch: ['master', 'stable'] + + services: + postgres: + image: postgres:alpine3.18 + env: + POSTGRES_DB: keycloak + POSTGRES_USER: keycloak + POSTGRES_PASSWORD: keycloak + ports: + - 5432:5432 + + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 + with: + name: ocis-bin-${{ matrix.branch }} + path: ${{ github.workspace }} + + - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + with: + php-version: ${{ matrix.php-version }} + tools: composer:72a8f8e653710e18d83e5dd531eb5a71fc3223e6 # v2.9.5 + coverage: xdebug + + - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + with: + path: .cache/composer + key: composer-${{ hashFiles('composer.json') }} + + - run: composer install + + - name: keycloak + run: | + docker run -d --name keycloak \ + --network host \ + -e OCIS_DOMAIN=localhost:9200 \ + -e KC_HOSTNAME=localhost:8080 \ + -e KC_DB=postgres \ + -e KC_DB_URL="jdbc:postgresql://localhost:5432/keycloak" \ + -e KC_DB_USERNAME=keycloak \ + -e KC_DB_PASSWORD=keycloak \ + -e KC_FEATURES=impersonation \ + -e KEYCLOAK_ADMIN=admin \ + -e KEYCLOAK_ADMIN_PASSWORD=admin \ + -v ${{ github.workspace }}/tests/integration/docker/keycloak/ocis-ci-realm.dist.json:/opt/keycloak/data/import/ocis-realm.json \ + quay.io/keycloak/keycloak:22.0.4 \ + start-dev --proxy edge --spi-connections-http-client-default-disable-trust-manager=true --import-realm --health-enabled=true + + - name: wait for keycloak + run: timeout 300 bash -c 'until curl -sf http://localhost:8080; do sleep 5; done' || (echo "Keycloak failed to start" && exit 1) + + - name: ocis + env: + OCIS_URL: "https://localhost:9200" + OCIS_LOG_LEVEL: "error" + IDM_ADMIN_PASSWORD: "admin" # override the random admin password from `ocis init` + PROXY_AUTOPROVISION_ACCOUNTS: "true" + PROXY_ROLE_ASSIGNMENT_DRIVER: "oidc" + OCIS_OIDC_ISSUER: "http://localhost:8080/realms/oCIS" + PROXY_OIDC_REWRITE_WELLKNOWN: "true" + WEB_OIDC_CLIENT_ID: "web" + PROXY_USER_OIDC_CLAIM: "preferred_username" + PROXY_USER_CS3_CLAIM: "username" + OCIS_ADMIN_USER_ID: "" + OCIS_EXCLUDE_RUN_SERVICES: "idp" + GRAPH_ASSIGN_DEFAULT_USER_ROLE: "false" + GRAPH_USERNAME_MATCH: "none" + run: | + chmod +x ${{ github.workspace }}/ocis ${{ github.workspace }}/ociswrapper + ${{ github.workspace }}/ocis init --insecure true + ${{ github.workspace }}/ociswrapper serve --bin ${{ github.workspace }}/ocis --url ${{ env.OCIS_URL }} & + + - name: wait for ocis + run: timeout 300 bash -c 'until curl -skf https://localhost:9200; do sleep 5; done' || (echo "oCIS failed to start" && exit 1) + + - name: php-integration-tests + env: + OCIS_URL: "https://localhost:9200" + OCISWRAPPER_URL: "http://localhost:5200" + OCIS_VERSION: ${{ matrix.branch }} + run: make test-php-integration-ci + + - name: coverage rename + if: matrix.branch == 'master' && matrix.php-version == env.DEFAULT_PHP_VERSION + run: mv tests/output/clover.xml tests/output/clover-integrationTests-${{ matrix.php-version }}.xml + + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + if: matrix.branch == 'master' && matrix.php-version == env.DEFAULT_PHP_VERSION + with: + name: coverage-integrationTests-${{ matrix.php-version }} + path: tests/output/clover-integrationTests-${{ matrix.php-version }}.xml + retention-days: 1 docs: name: docs runs-on: ubuntu-latest - needs: php-unit-tests - + needs: [php-unit-tests, php-integration-tests] steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2