Skip to content

[RND-663] Allow case insensitivity in OAuth requests (#328) #909

[RND-663] Allow case insensitivity in OAuth requests (#328)

[RND-663] Allow case insensitivity in OAuth requests (#328) #909

name: On Pull Request
on:
push:
branches:
- main
pull_request:
branches:
- main
paths:
- "Meadowlark-js/**"
- ".github/**"
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: abcdefgh1!
defaults:
run:
working-directory: Meadowlark-js
jobs:
scan-actions:
name: Scan Actions
uses: ed-fi-alliance-oss/ed-fi-actions/.github/workflows/repository-scanner.yml@main
upgrade:
name: Upgrade packages
runs-on: ubuntu-latest
defaults:
run:
working-directory: Meadowlark-js
permissions:
contents: write
steps:
- name: Checkout the Repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0w
- name: Get version changes
id: versions
run: |
if [ ${{ github.event_name }} == 'pull_request' ]; then
suggested=v$(cat lerna.json | jq -r .version)
current=$(git describe --tags $(git rev-list --tags --max-count=1))
echo "Versions: Lerna: $suggested. Current: $current"
echo "update-required=$([[ "$suggested" == "$current" ]] && echo true)" >>$GITHUB_OUTPUT
fi
- name: Update versions
if: steps.versions.outputs.update-required
run: npx [email protected] version prerelease --exact --no-git-tag-version --yes
- name: Set Version
if: steps.versions.outputs.update-required
id: set-version
run: |
version=v$(cat lerna.json | jq -r .version)
echo "version=$version" >> "$GITHUB_OUTPUT"
- uses: planetscale/ghcommit-action@4131649dbf2fdf1eb34421702972a5af7b0a8731 #v0.1.18
if: steps.versions.outputs.update-required
with:
commit_message: "${{steps.set-version.outputs.version}}"
repo: ${{ github.repository }}
branch: ${{ github.head_ref || github.ref_name }}
env:
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
analyze-dependencies:
# This Action will fail if run on anything other than a pull request
if: github.event_name == 'pull_request'
name: Analyze Code Dependencies
# Not mandatory, but better for this to go after the upgrade since it can change the code.
needs: upgrade
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Dependency Review ("Dependabot on PR")
uses: actions/dependency-review-action@c090f4e553673e6e505ea70d6a95362ee12adb94 # v3.0.3
analyze-code:
name: Analyze Code
# Not mandatory, but better for this to go after the upgrade since it can change the code.
needs: upgrade
runs-on: ubuntu-latest
env:
SRC_DIR: Meadowlark-js
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup Node
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
node-version: "18"
cache: "npm"
cache-dependency-path: "**/package-lock.json"
- name: Node modules cache
id: modules-cache
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2
with:
path: "**/node_modules"
key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }}
- name: Install dependencies
if: ${{ steps.modules-cache.outputs.cache-hit != 'true' }}
run: npm install
- name: Initialize CodeQL
uses: github/codeql-action/init@df32e399139a3050671466d7d9b3cbacc1cfd034 # v2.15.2
with:
languages: "typescript"
setup-python-dependencies: false
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@df32e399139a3050671466d7d9b3cbacc1cfd034 # v2.15.2
lint:
name: Lint
needs: upgrade
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup Node
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
node-version: "18"
cache: "npm"
cache-dependency-path: "**/package-lock.json"
- name: Node modules cache
id: modules-cache
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2
with:
path: "**/node_modules"
key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }}
- name: Install dependencies
if: steps.modules-cache.outputs.cache-hit != 'true'
run: npm install
- name: Linter
run: npm run test:lint
build:
name: Build
needs: lint
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup Node
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
node-version: "18"
cache: "npm"
cache-dependency-path: "**/package-lock.json"
- name: Node modules cache
id: modules-cache
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2
with:
path: "**/node_modules"
key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }}
- name: Install dependencies
if: steps.modules-cache.outputs.cache-hit != 'true'
run: npm install
- name: Build
run: npm run build
tests:
name: ${{matrix.tests.type}} tests
needs: lint
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
tests:
[
{ type: "Unit", command: "npm run test:unit:coverage:ci" },
{
type: "Integration",
command: "npm run test:integration -- --ci",
},
]
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup Node
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
node-version: "18"
cache: "npm"
cache-dependency-path: "**/package-lock.json"
- name: Load MongoDB binary cache
if: matrix.tests.type != 'Unit'
id: cache-mongodb-binaries
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2
with:
path: ~/.cache/mongodb-binaries
key: ${{ runner.os }}-mongo-${{ hashFiles('**/package-lock.json') }}
- name: Node modules cache
id: modules-cache
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2
with:
path: "**/node_modules"
key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }}
- name: Install dependencies
if: steps.modules-cache.outputs.cache-hit != 'true'
run: npm install
- name: Jest cache
id: cache-jest
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2
with:
path: /tmp/jest_rt
key: ${{ runner.os }}-jest-${{ hashFiles('**/package-lock.json') }}
- name: Configure postgres
if: matrix.tests.type != 'Unit'
run: |
sudo systemctl start postgresql.service
sudo -u postgres psql -U postgres -c "alter user postgres with password '${{env.POSTGRES_PASSWORD}}';"
- name: Create .env file
run: |
# Create a .env file with proper settings
touch .env
echo POSTGRES_USER=${{ env.POSTGRES_PASSWORD }} >> .env
echo POSTGRES_PASSWORD=${{ env.POSTGRES_USER }} >> .env
echo POSTGRES_HOST=localhost >> .env
echo POSTGRES_PORT=5432 >> .env
echo MEADOWLARK_DATABASE_NAME=postgres >> .env
# The actual values below don't matter for integration tests - but _something_ must be set
echo AUTHORIZATION_STORE_PLUGIN=@edfi/meadowlark-mongodb-backend >> .env
echo DOCUMENT_STORE_PLUGIN=@edfi/meadowlark-mongodb-backend >> .env
echo OWN_OAUTH_CLIENT_ID_FOR_CLIENT_AUTH=meadowlark_verify-only_key_1 >> .env
echo OWN_OAUTH_CLIENT_SECRET_FOR_CLIENT_AUTH=meadowlark_verify-only_secret_1 >> .env
echo OAUTH_SERVER_ENDPOINT_FOR_OWN_TOKEN_REQUEST=http://localhost:3000/local/oauth/token >> .env
echo OAUTH_SERVER_ENDPOINT_FOR_TOKEN_VERIFICATION=http://localhost:3000/local/oauth/verify >> .env
echo OAUTH_SIGNING_KEY="$( openssl rand -base64 256 | tr -d '\n' )" >> .env
- name: Run ${{matrix.tests.type}} Tests
run: ${{matrix.tests.command}}
env:
JEST_JUNIT_OUTPUT_DIR: ${{matrix.tests.type}}-tests
- name: Archive coverage results
if: ${{ matrix.tests.type == 'Unit' }}
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: code-coverage-report
path: Meadowlark-js/coverage/lcov-report
retention-days: 10
end-to-end:
name: End to End tests for ${{ matrix.store.db }} as store and ${{matrix.query_handler.provider}} as query handler
needs: lint
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
store: [{ db: "Mongo", plugin: "@edfi/meadowlark-mongodb-backend" },
{ db: "PGSQL", plugin: "@edfi/meadowlark-postgresql-backend" }]
query_handler:
[
{ provider: "opensearch", plugin: "@edfi/meadowlark-opensearch-backend" },
{ provider: "elasticsearch", plugin: "@edfi/meadowlark-elasticsearch-backend" }
]
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup Node
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
node-version: "18"
cache: "npm"
cache-dependency-path: "**/package-lock.json"
- name: Install required dependencies
run: npm install -D cross-env
- name: Jest cache
id: cache-jest
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2
with:
path: /tmp/jest_rt
key: ${{ runner.os }}-jest-${{ hashFiles('**/package-lock.json') }}
- name: Create .env file
run: |
touch .env-e2e
echo OAUTH_SIGNING_KEY="$( openssl rand -base64 256 | tr -d '\n' )" >> .env-e2e
working-directory: Meadowlark-js/tests/e2e/setup/
- name: End to End tests for ${{matrix.store.db}} as store, ${{matrix.query_handler.provider}} as query handler
run: npm run test:e2e:build -- --ci
env:
AUTHORIZATION_STORE_PLUGIN: ${{ matrix.store.plugin }}
DOCUMENT_STORE_PLUGIN: ${{ matrix.store.plugin }}
QUERY_HANDLER_PLUGIN: ${{ matrix.query_handler.plugin }}
LISTENER1_PLUGIN: ${{ matrix.query_handler.plugin }}
- name: Docker logs
if: failure()
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: docker-logs
path: |
Meadowlark-js/tests/e2e/logs/
retention-days: 10