From 48d099ee63e6471b0c5c518ff39b22197b3aa121 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Thu, 22 Feb 2024 08:43:22 -0700 Subject: [PATCH 1/3] convert from Codeship to GitHub Actions --- .github/workflows/test-and-publish.yml | 45 +++++++++++ .whitesource | 8 -- actions-services.yml | 103 +++++++++++++++++++++++++ codeship-services.yml | 103 ------------------------- codeship-steps.yml | 36 --------- dockercfg.encrypted | 2 - 6 files changed, 148 insertions(+), 149 deletions(-) create mode 100644 .github/workflows/test-and-publish.yml delete mode 100644 .whitesource create mode 100644 actions-services.yml delete mode 100644 codeship-services.yml delete mode 100644 codeship-steps.yml delete mode 100644 dockercfg.encrypted diff --git a/.github/workflows/test-and-publish.yml b/.github/workflows/test-and-publish.yml new file mode 100644 index 00000000..c04a33c6 --- /dev/null +++ b/.github/workflows/test-and-publish.yml @@ -0,0 +1,45 @@ +name: Test and Publish + +on: + push: + +jobs: + tests: + name: Tests + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: test + run: docker-compose -f actions-services.yml run --rm app ./run-tests.sh + - name: check hub metadata for tests + run: docker-compose -f actions-services.yml run --rm ssp-hub.local ./run-metadata-tests.sh + - name: check idp metadata for tests + run: docker-compose -f actions-services.yml run --rm ssp-idp1.local ./run-metadata-tests.sh + - name: check sp metadata for tests + run: docker-compose -f actions-services.yml run --rm ssp-sp1.local ./run-metadata-tests.sh + + build-and-publish: + name: Build and Publish + needs: tests + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ vars.DOCKER_ORG }}/idp-id-broker + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.whitesource b/.whitesource deleted file mode 100644 index f0569521..00000000 --- a/.whitesource +++ /dev/null @@ -1,8 +0,0 @@ -{ - "generalSettings": { - "shouldScanRepo": true - }, - "checkRunSettings": { - "vulnerableCheckRunConclusionLevel": "failure" - } -} \ No newline at end of file diff --git a/actions-services.yml b/actions-services.yml new file mode 100644 index 00000000..72d4851f --- /dev/null +++ b/actions-services.yml @@ -0,0 +1,103 @@ +version: '3' +services: + app: + build: . + depends_on: + - ssp-hub.local + - ssp-idp1.local + - ssp-sp1.local + - test-browser + volumes: + - ./dockerbuild/run-integration-tests.sh:/data/run-integration-tests.sh + - ./dockerbuild/run-metadata-tests.sh:/data/run-metadata-tests.sh + - ./dockerbuild/run-tests.sh:/data/run-tests.sh + - ./features:/data/features + - ./tests:/data/tests + + test-browser: + image: justinribeiro/chrome-headless:stable + cap_add: + - SYS_ADMIN + + ssp-hub.local: + build: . + volumes: + # Utilize custom certs + - ./development/hub/cert:/data/vendor/simplesamlphp/simplesamlphp/cert + + # Utilize custom configs + - ./development/hub/config/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php + + # Utilize custom metadata + - ./development/hub/metadata/idp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/idp-remote.php + - ./development/hub/metadata/saml20-idp-hosted.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-hosted.php + - ./development/hub/metadata/saml20-sp-hosted.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-sp-hosted.php + - ./development/hub/metadata/sp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/sp-remote.php + + # Enable checking our test metadata + - ./dockerbuild/run-metadata-tests.sh:/data/run-metadata-tests.sh + command: /data/run.sh + environment: + ADMIN_EMAIL: "john_doe@there.com" + ADMIN_PASS: "abc123" + SECRET_SALT: "not-secret-h57fjemb&dn^nsJFGNjweJ" + IDP_NAME: "Hub" + SECURE_COOKIE: "false" + ADMIN_PROTECT_INDEX_PAGE: "false" + SHOW_SAML_ERRORS: "true" + THEME_USE: "material:material" + THEME_COLOR_SCHEME: "orange-light_blue" + HUB_MODE: "true" + + ssp-idp1.local: + build: . + volumes: + # Utilize custom certs + - ./development/idp-local/cert:/data/vendor/simplesamlphp/simplesamlphp/cert + + # Utilize custom configs + - ./development/idp-local/config/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php + - ./development/idp-local/config/config.php:/data/vendor/simplesamlphp/simplesamlphp/config/config.php + + # Utilize custom metadata + - ./development/idp-local/metadata/saml20-idp-hosted.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-hosted.php + - ./development/idp-local/metadata/saml20-sp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-sp-remote.php + + # Misc. files needed + - ./development/enable-exampleauth-module.sh:/data/enable-exampleauth-module.sh + + # Enable checking our test metadata + - ./dockerbuild/run-metadata-tests.sh:/data/run-metadata-tests.sh + command: 'bash -c "/data/enable-exampleauth-module.sh && /data/run.sh"' + environment: + ADMIN_EMAIL: "john_doe@there.com" + ADMIN_PASS: "a" + SECRET_SALT: "not-secret-h57fjemb&dn^nsJFGNjweJ" + IDP_NAME: "IDP 1" + SECURE_COOKIE: "false" + SHOW_SAML_ERRORS: "true" + THEME_USE: "material:material" + + ssp-sp1.local: + build: . + volumes: + # Utilize custom certs + - ./development/sp-local/cert:/data/vendor/simplesamlphp/simplesamlphp/cert + + # Utilize custom configs + - ./development/sp-local/config/config.php:/data/vendor/simplesamlphp/simplesamlphp/config/config.php + - ./development/sp-local/config/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php + + # Utilize custom metadata + - ./development/sp-local/metadata/saml20-idp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-remote.php + + # Enable checking our test metadata + - ./dockerbuild/run-metadata-tests.sh:/data/run-metadata-tests.sh + environment: + ADMIN_EMAIL: "john_doe@there.com" + ADMIN_PASS: "sp1" + SECRET_SALT: "not-secret-h57fjemb&dn^nsJFGNjweJz1" + SECURE_COOKIE: "false" + SHOW_SAML_ERRORS: "true" + SAML20_IDP_ENABLE: "false" + ADMIN_PROTECT_INDEX_PAGE: "false" diff --git a/codeship-services.yml b/codeship-services.yml deleted file mode 100644 index b4faf3cd..00000000 --- a/codeship-services.yml +++ /dev/null @@ -1,103 +0,0 @@ -app: - build: - image: silintl/ssp-base - dockerfile_path: ./Dockerfile - depends_on: - - ssp-hub.local - - ssp-idp1.local - - ssp-sp1.local - - test-browser - volumes: - - ./dockerbuild/run-integration-tests.sh:/data/run-integration-tests.sh - - ./dockerbuild/run-metadata-tests.sh:/data/run-metadata-tests.sh - - ./dockerbuild/run-tests.sh:/data/run-tests.sh - - ./features:/data/features - - ./tests:/data/tests - -test-browser: - image: justinribeiro/chrome-headless:stable - cap_add: - - SYS_ADMIN - -ssp-hub.local: - build: . - volumes: - # Utilize custom certs - - ./development/hub/cert:/data/vendor/simplesamlphp/simplesamlphp/cert - - # Utilize custom configs - - ./development/hub/config/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php - - # Utilize custom metadata - - ./development/hub/metadata/idp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/idp-remote.php - - ./development/hub/metadata/saml20-idp-hosted.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-hosted.php - - ./development/hub/metadata/saml20-sp-hosted.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-sp-hosted.php - - ./development/hub/metadata/sp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/sp-remote.php - - # Enable checking our test metadata - - ./dockerbuild/run-metadata-tests.sh:/data/run-metadata-tests.sh - command: /data/run.sh - environment: - ADMIN_EMAIL: "john_doe@there.com" - ADMIN_PASS: "abc123" - SECRET_SALT: "not-secret-h57fjemb&dn^nsJFGNjweJ" - IDP_NAME: "Hub" - SECURE_COOKIE: "false" - ADMIN_PROTECT_INDEX_PAGE: "false" - SHOW_SAML_ERRORS: "true" - THEME_USE: "material:material" - THEME_COLOR_SCHEME: "orange-light_blue" - HUB_MODE: "true" - -ssp-idp1.local: - build: . - volumes: - # Utilize custom certs - - ./development/idp-local/cert:/data/vendor/simplesamlphp/simplesamlphp/cert - - # Utilize custom configs - - ./development/idp-local/config/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php - - ./development/idp-local/config/config.php:/data/vendor/simplesamlphp/simplesamlphp/config/config.php - - # Utilize custom metadata - - ./development/idp-local/metadata/saml20-idp-hosted.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-hosted.php - - ./development/idp-local/metadata/saml20-sp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-sp-remote.php - - # Misc. files needed - - ./development/enable-exampleauth-module.sh:/data/enable-exampleauth-module.sh - - # Enable checking our test metadata - - ./dockerbuild/run-metadata-tests.sh:/data/run-metadata-tests.sh - command: 'bash -c "/data/enable-exampleauth-module.sh && /data/run.sh"' - environment: - ADMIN_EMAIL: "john_doe@there.com" - ADMIN_PASS: "a" - SECRET_SALT: "not-secret-h57fjemb&dn^nsJFGNjweJ" - IDP_NAME: "IDP 1" - SECURE_COOKIE: "false" - SHOW_SAML_ERRORS: "true" - THEME_USE: "material:material" - -ssp-sp1.local: - build: . - volumes: - # Utilize custom certs - - ./development/sp-local/cert:/data/vendor/simplesamlphp/simplesamlphp/cert - - # Utilize custom configs - - ./development/sp-local/config/config.php:/data/vendor/simplesamlphp/simplesamlphp/config/config.php - - ./development/sp-local/config/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php - - # Utilize custom metadata - - ./development/sp-local/metadata/saml20-idp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-remote.php - - # Enable checking our test metadata - - ./dockerbuild/run-metadata-tests.sh:/data/run-metadata-tests.sh - environment: - ADMIN_EMAIL: "john_doe@there.com" - ADMIN_PASS: "sp1" - SECRET_SALT: "not-secret-h57fjemb&dn^nsJFGNjweJz1" - SECURE_COOKIE: "false" - SHOW_SAML_ERRORS: "true" - SAML20_IDP_ENABLE: "false" - ADMIN_PROTECT_INDEX_PAGE: "false" diff --git a/codeship-steps.yml b/codeship-steps.yml deleted file mode 100644 index 4d48903c..00000000 --- a/codeship-steps.yml +++ /dev/null @@ -1,36 +0,0 @@ -# Run the integration tests before running metadata tests on the various -# containers so that integration tests interact with those containers when they -# only have production dependencies installed, not dev. dependencies. -- name: test - service: app - command: /data/run-tests.sh - -- name: check-hub-metadata-for-tests - service: ssp-hub.local - command: /data/run-metadata-tests.sh - -- name: check-idp-metadata-for-tests - service: ssp-idp1.local - command: /data/run-metadata-tests.sh - -- name: check-sp-metadata-for-tests - service: ssp-sp1.local - command: /data/run-metadata-tests.sh - -- name: push - service: app - type: push - image_name: silintl/ssp-base - image_tag: "{{.Branch}}" - exclude: main - registry: https://index.docker.io/v1/ - encrypted_dockercfg_path: dockercfg.encrypted - -- name: push_latest - service: app - type: push - image_name: silintl/ssp-base - image_tag: "latest" - tag: main - registry: https://index.docker.io/v1/ - encrypted_dockercfg_path: dockercfg.encrypted diff --git a/dockercfg.encrypted b/dockercfg.encrypted deleted file mode 100644 index 27ea50b5..00000000 --- a/dockercfg.encrypted +++ /dev/null @@ -1,2 +0,0 @@ -codeship:v2 -omKaMNSWah+QIiybPyQE+9wo9iaeJF9PH4FfWm74Kj2SftI9uNOxvd7z0vtvzDpNY2QVKcUmQ2Qsz52f0pE3WmviipVH3TcRkutpY2s6a0oIX3Dh3H3QCr2sxFDJh0HJe5rJzQ/Gkr8AaCrrj+bNeTS6sK/O2ZsivI0+KqXgmOokwCzaWSdK3xx6g9zfgrlCv+cjzxQLifXKJtk3VeQXUH7/eMn1mbMGAxfJbGN2bPP5izVrCnga4XkgUlwrIHZCZUvLtsTrshZeP0Yl97EIEj/Nh2fkTGbPtKllcgKTdY+GwtHn6479flV+wCxf \ No newline at end of file From b31c4717b4447d7baf311596ed0fe0b43e992d1b Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Thu, 22 Feb 2024 09:36:27 -0700 Subject: [PATCH 2/3] disable composer self-update due to a breaking change --- Dockerfile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index baba8bbf..2c2f027f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,7 +36,11 @@ WORKDIR /data # Install/cleanup composer dependencies COPY composer.json /data/ COPY composer.lock /data/ -RUN composer self-update --no-interaction +# Disabled the self-update due to a breaking change between composer 2.6.6 and 2.7.1 that affects the loading +# of the simplesamlphp/simplesamlphp/modules folder. The Docker build fails on the sildisco/sspoverrides line. +# It is not well understood what changed in composer, but since the overrides will need to be redesigned during +# the SimpleSAMLphp 2.x upgrade, this issue is deferred until then. +#RUN composer self-update --no-interaction RUN composer install --prefer-dist --no-interaction --no-dev --optimize-autoloader --no-scripts --no-progress # Copy in SSP override files From e72c191b78b40e0a7e5e58baea5cc61f57369d96 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Thu, 22 Feb 2024 13:15:17 -0700 Subject: [PATCH 3/3] add a TODO/FIXME for the composer issue --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2c2f027f..ed25a14e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,8 +36,8 @@ WORKDIR /data # Install/cleanup composer dependencies COPY composer.json /data/ COPY composer.lock /data/ -# Disabled the self-update due to a breaking change between composer 2.6.6 and 2.7.1 that affects the loading -# of the simplesamlphp/simplesamlphp/modules folder. The Docker build fails on the sildisco/sspoverrides line. +# TODO/FIXME: Disabled the self-update due to a breaking change between composer 2.6.6 and 2.7.1 that affects the +# loading of the simplesamlphp/simplesamlphp/modules folder. The Docker build fails on the sildisco/sspoverrides line. # It is not well understood what changed in composer, but since the overrides will need to be redesigned during # the SimpleSAMLphp 2.x upgrade, this issue is deferred until then. #RUN composer self-update --no-interaction