JWT user identifiers additional fields dot notation in CI #134
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Fuzzing Test | |
| on: | |
| pull_request | |
| jobs: | |
| extract_version: | |
| runs-on: ubuntu-latest | |
| name: Extract release version | |
| outputs: | |
| supported-features: ${{ steps.version.outputs.value }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: '22.x' | |
| - name: Get package version | |
| id: version | |
| run: echo "value=$(node -p -e "require('./px_metadata.json').version")" >> "$GITHUB_OUTPUT" | |
| Fuzzing: | |
| name: "Fuzzing Test" | |
| env: | |
| MOCK_COLLECTOR_IMAGE_TAG: 2.0.6 | |
| FUZZER_TAG: 1.1.0 | |
| SAMPLE_SITE_IMAGE_TAG: 1.0.0 | |
| ENFORCER_TAG: ${{ needs.extract_version.outputs.version }} | |
| strategy: | |
| matrix: | |
| mode: [ "url", "first_party", "headers", "cookies", "user_agent" ] | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 60 | |
| needs: | |
| - extract_version | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v5 | |
| - name: Set up Docker | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build local cluster | |
| run: ./ci_files/build_cluster.sh | |
| - name: Build Enforcer Docker image | |
| run: | | |
| docker build . -t localhost:5001/java-enforcer-sample-site:$SAMPLE_SITE_IMAGE_TAG && \ | |
| docker push localhost:5001/java-enforcer-sample-site:$SAMPLE_SITE_IMAGE_TAG | |
| - uses: azure/setup-helm@v4 | |
| with: | |
| version: '3.19.0' | |
| - name: Clone helm charts repo - mock-collector | |
| uses: actions/checkout@v5 | |
| with: | |
| repository: PerimeterX/connect-helm-charts | |
| token: ${{ secrets.CONNECT_PULL_TOKEN }} | |
| ref: mock-collector-0.1.2 | |
| path: ./deploy_charts/mock-collector | |
| - name: Clone helm charts repo - fuzzer | |
| uses: actions/checkout@v5 | |
| with: | |
| repository: PerimeterX/connect-helm-charts | |
| token: ${{ secrets.CONNECT_PULL_TOKEN }} | |
| ref: fuzzer-0.3.1 | |
| path: ./deploy_charts/fuzzer | |
| - name: Clone helm charts repo - sample-site | |
| uses: actions/checkout@v5 | |
| with: | |
| repository: PerimeterX/connect-helm-charts | |
| token: ${{ secrets.CONNECT_PULL_TOKEN }} | |
| ref: sample-site-0.6.1 | |
| path: ./deploy_charts/sample-site | |
| - name: Set up Google Cloud SDK | |
| id: 'auth' | |
| uses: 'google-github-actions/auth@v2' | |
| with: | |
| credentials_json: '${{ secrets.GCR_SA_KEY }}' | |
| - name: Configure Docker credentials | |
| run: | | |
| gcloud auth configure-docker us-docker.pkg.dev | |
| - name: pull mock collector image | |
| run: | | |
| docker pull us-docker.pkg.dev/hmn-registry/docker-common-us/connecteam/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG && \ | |
| docker tag us-docker.pkg.dev/hmn-registry/docker-common-us/connecteam/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG localhost:5001/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG && \ | |
| docker push localhost:5001/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG | |
| - name: deploy mock collector | |
| run: | | |
| helm install mock-collector ./deploy_charts/mock-collector/charts/mock-collector \ | |
| --set image.repository=localhost:5001/mock-collector \ | |
| --set image.tag=$MOCK_COLLECTOR_IMAGE_TAG \ | |
| --set authToken=${{ secrets.PX_AUTH_TOKEN }} \ | |
| --set imagePullPolicy=Always \ | |
| --wait | |
| - name: set secrets in enforcer config | |
| run: | | |
| cat ./ci_files/enforcer-config.json |\ | |
| jq '.px_app_id="${{ secrets.PX_APP_ID }}"' |\ | |
| jq '.px_cookie_secret="${{ secrets.TEST_COOKIE_SECRET }}"' |\ | |
| jq '.px_auth_token="${{ secrets.PX_AUTH_TOKEN }}"' |\ | |
| jq '.px_logger_auth_token="${{ secrets.PX_LOGGER_AUTH_TOKEN }}"' > /tmp/enforcer-config.json | |
| - name: log enforcer config | |
| run: cat /tmp/enforcer-config.json | |
| - name: deploy java enforcer | |
| run: | | |
| helm install java-enforcer ./deploy_charts/sample-site/charts/sample-site \ | |
| -f ./ci_files/enforcer-values.yaml \ | |
| --set image.name=localhost:5001/java-enforcer-sample-site \ | |
| --set image.tag=$SAMPLE_SITE_IMAGE_TAG \ | |
| --set appId=${{ secrets.PX_APP_ID }} \ | |
| --set cookieSecret=${{ secrets.TEST_COOKIE_SECRET }} \ | |
| --set authToken=${{ secrets.PX_AUTH_TOKEN }} \ | |
| --set-file enforcerConfig.content=/tmp/enforcer-config.json \ | |
| --wait | |
| - name: pull fuzzer image | |
| run: | | |
| docker pull us-docker.pkg.dev/hmn-registry/docker-common-us/connecteam/connect-enforcer-fuzzer:$FUZZER_TAG && \ | |
| docker tag us-docker.pkg.dev/hmn-registry/docker-common-us/connecteam/connect-enforcer-fuzzer:$FUZZER_TAG localhost:5001/connect-enforcer-fuzzer:$FUZZER_TAG && \ | |
| docker push localhost:5001/connect-enforcer-fuzzer:$FUZZER_TAG | |
| - name: run fuzzer | |
| run: | | |
| helm install fuzzer ./deploy_charts/fuzzer/charts/fuzzer \ | |
| --set image.repository=localhost:5001/connect-enforcer-fuzzer \ | |
| --set image.tag=$FUZZER_TAG \ | |
| --set appId=$PX_APP_ID \ | |
| --set mode=$FUZZ_MODE \ | |
| --set siteURL=$SITE_URL \ | |
| --wait \ | |
| --timeout 60m0s \ | |
| --wait-for-jobs | |
| env: | |
| FUZZ_MODE: ${{ matrix.mode }} | |
| PX_APP_ID: ${{ secrets.PX_APP_ID }} | |
| SITE_URL: "http://java-enforcer-sample-site:3000" | |
| - name: Deployment logs - mock collector | |
| run: kubectl logs deployment/mock-collector-mock-collector | |
| - name: Deployment logs - enforcer | |
| run: kubectl logs deployment/java-enforcer-sample-site | |
| - name: get tests results | |
| if: ${{ always() }} | |
| run: kubectl logs job/fuzzer-enforcer-fuzzer |