Skip to content

feat: add validate oidc token call to zaas client #3169

feat: add validate oidc token call to zaas client

feat: add validate oidc token call to zaas client #3169

name: Integration tests using JIB containers
on:
push:
branches: [ v2.x.x, v3.x.x ]
paths-ignore:
- '**.md'
pull_request:
branches: [ v2.x.x, v3.x.x ]
paths-ignore:
- '**.md'
workflow_dispatch:
env:
JOB_ID: ${{ github.run_id }}-${{ github.run_number }}
jobs:
PublishJibContainers:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- uses: ./.github/actions/setup
- name: Build with Gradle
run: >
./gradlew clean jib -Djib.serialize=true -Partifactory_user=${{ secrets.ARTIFACTORY_USERNAME }} -Partifactory_password=${{ secrets.ARTIFACTORY_PASSWORD }} -Pzowe.docker.password=${{ secrets.PERSONAL_JB_TOKEN }} -Pzowe.docker.username=balhar-jakub -Pzowe.docker.container=ghcr.io/balhar-jakub/ -Pzowe.docker.tag=${{ env.JOB_ID }}
- name: Standalone Catalog
run: >
./gradlew :api-catalog-services:jib -Djib.serialize=true -Pzowe.jib.image.suffix=standalone -Pzowe.jib.image.javaAgentPort=6304 -Pzowe.jib.image.debugPort=5125 -Partifactory_user=${{ secrets.ARTIFACTORY_USERNAME }} -Partifactory_password=${{ secrets.ARTIFACTORY_PASSWORD }} -Pzowe.docker.password=${{ secrets.PERSONAL_JB_TOKEN }} -Pzowe.docker.username=balhar-jakub -Pzowe.docker.container=ghcr.io/balhar-jakub/ -Pzowe.docker.tag=${{ env.JOB_ID }}
- uses: ./.github/actions/teardown
CITests:
needs: PublishJibContainers
runs-on: ubuntu-latest
container: ubuntu:latest
timeout-minutes: 15
services:
api-catalog-services-2:
image: ghcr.io/balhar-jakub/api-catalog-services-standalone:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
api-catalog-services:
image: ghcr.io/balhar-jakub/api-catalog-services:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
caching-service:
image: ghcr.io/balhar-jakub/caching-service:${{ github.run_id }}-${{ github.run_number }}
discoverable-client:
image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }}
discovery-service:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
discovery-service-2:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_HOSTNAME: discovery-service-2
gateway-service:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_HOSTNAME: gateway-service
APIML_SECURITY_AUTH_JWT_CUSTOMAUTHHEADER: customJwtHeader
APIML_SECURITY_AUTH_PASSTICKET_CUSTOMUSERHEADER: customUserHeader
APIML_SECURITY_AUTH_PASSTICKET_CUSTOMAUTHHEADER: customPassticketHeader
ZWE_CONFIGS_APIML_SERVICE_ADDITIONALREGISTRATION_0_DISCOVERYSERVICEURLS: https://discovery-service-2:10011/eureka
SERVER_MAX_HTTP_REQUEST_HEADER_SIZE: 16348
SERVER_WEBSOCKET_REQUESTBUFFERSIZE: 16348
APIML_GATEWAY_ROUTING_SERVICESTOLIMITREQUESTRATE: discoverableclient
APIML_GATEWAY_ROUTING_COOKIENAMEFORRATELIMIT: apimlAuthenticationToken
zaas-service:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SECURITY_X509_ENABLED: true
APIML_SECURITY_X509_ACCEPTFORWARDEDCERT: true
APIML_SECURITY_X509_CERTIFICATESURL: https://gateway-service:10010/gateway/certificates
mock-services:
image: ghcr.io/balhar-jakub/mock-services:${{ github.run_id }}-${{ github.run_number }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- uses: ./.github/actions/setup
- name: Run CI Tests
run: >
./gradlew :integration-tests:runContainerTests --info
-Partifactory_user=${{ secrets.ARTIFACTORY_USERNAME }} -Partifactory_password=${{ secrets.ARTIFACTORY_PASSWORD }}
- uses: ./.github/actions/dump-jacoco
if: always()
- name: Store results
uses: actions/upload-artifact@v4
if: always()
with:
name: ContainerCITests-${{ env.JOB_ID }}
path: |
integration-tests/build/reports/**
results/**
- uses: ./.github/actions/teardown
Oauth2Integration:
needs: PublishJibContainers
runs-on: ubuntu-latest
container: ubuntu:latest
timeout-minutes: 10
services:
gateway-service:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
zaas-service:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SECURITY_OIDC_CLIENTID: ${{ secrets.OKTA_CLIENT_ID }}
APIML_SECURITY_OIDC_CLIENTSECRET: ${{ secrets.OKTA_CLIENT_PASSWORD }}
APIML_SECURITY_OIDC_ENABLED: true
APIML_SECURITY_OIDC_REGISTRY: zowe.okta.com
APIML_SECURITY_OIDC_JWKS_URI: ${{ secrets.OKTA_JWKSET_URI }}
APIML_SECURITY_OIDC_IDENTITYMAPPERUSER: APIMTST
APIML_SECURITY_OIDC_IDENTITYMAPPERURL: https://gateway-service:10010/zss/api/v1/certificate/dn
discovery-service:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
mock-services:
image: ghcr.io/balhar-jakub/mock-services:${{ github.run_id }}-${{ github.run_number }}
discoverable-client:
image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- uses: ./.github/actions/setup
- name: Run CI Tests
run: >
./gradlew :integration-tests:runOidcTests --info -Denvironment.config=-docker -Dokta.client.id=${{ secrets.OKTA_CLIENT_ID }}
-Doidc.test.user=${{ secrets.OIDC_TEST_USER }} -Doidc.test.pass=${{ secrets.OIDC_TEST_PASS }}
-Doidc.test.alt_user=${{ secrets.OKTA_WINNIE_USER }} -Doidc.test.alt_pass=${{ secrets.OKTA_WINNIE_PASS }}
-Partifactory_user=${{ secrets.ARTIFACTORY_USERNAME }} -Partifactory_password=${{ secrets.ARTIFACTORY_PASSWORD }}
- uses: ./.github/actions/teardown
GatewayProxy:
needs: PublishJibContainers
runs-on: ubuntu-latest
container: ubuntu:latest
timeout-minutes: 10
services:
discovery-service:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
gateway-service:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_APIMLID: apiml1
APIML_SECURITY_X509_ACCEPTFORWARDEDCERT: true
APIML_SERVICE_FORWARDCLIENTCERTENABLED: true
APIML_SECURITY_X509_CERTIFICATESURL: https://central-gateway-service:10010/gateway/certificates
gateway-service-2:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_HOSTNAME: gateway-service-2
APIML_SERVICE_APIMLID: apiml2
zaas-service:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SECURITY_X509_ACCEPTFORWARDEDCERT: true
APIML_SECURITY_X509_CERTIFICATESURL: https://gateway-service:10010/gateway/certificates
zaas-service-2:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SECURITY_X509_ACCEPTFORWARDEDCERT: true
APIML_SECURITY_X509_CERTIFICATESURL: https://gateway-service-2:10010/gateway/certificates
APIML_SERVICE_HOSTNAME: zaas-service-2
central-gateway-service:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_APIMLID: centralapiml
APIML_CONNECTION_TIMEOUT: 2000
APIML_SERVICE_FORWARDCLIENTCERTENABLED: true
APIML_SERVICE_HOSTNAME: central-gateway-service
discoverable-client:
image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }}
mock-services:
image: ghcr.io/balhar-jakub/mock-services:${{ github.run_id }}-${{ github.run_number }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- uses: ./.github/actions/setup
- name: Run CI Tests
run: >
./gradlew :integration-tests:runGatewayProxyTest --info -Denvironment.config=-docker
-Partifactory_user=${{ secrets.ARTIFACTORY_USERNAME }} -Partifactory_password=${{ secrets.ARTIFACTORY_PASSWORD }}
- name: Dump CGW jacoco data
run: >
java -jar ./scripts/jacococli.jar dump --address gateway-service --port 6300 --destfile ./results/gateway-service.exec
- name: Store results
uses: actions/upload-artifact@v4
if: always()
with:
name: GatewayProxy-${{ env.JOB_ID }}
path: |
integration-tests/build/reports/**
results/**
- uses: ./.github/actions/teardown
GatewayServiceRouting:
needs: PublishJibContainers
runs-on: ubuntu-latest
container: ubuntu:latest
timeout-minutes: 10
services:
discovery-service:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
gateway-service:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_APIMLID: apiml1
zaas-service:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
central-gateway-service:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
discoverable-client:
image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }}
mock-services:
image: ghcr.io/balhar-jakub/mock-services:${{ github.run_id }}-${{ github.run_number }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- uses: ./.github/actions/setup
- name: Run CI Tests
run: >
./gradlew :integration-tests:runGatewayServiceRoutingTest --info -Denvironment.config=-docker
-Partifactory_user=${{ secrets.ARTIFACTORY_USERNAME }} -Partifactory_password=${{ secrets.ARTIFACTORY_PASSWORD }}
- name: Dump CGW jacoco data
run: >
java -jar ./scripts/jacococli.jar dump --address gateway-service --port 6300 --destfile ./results/gateway-service.exec
- name: Store results
uses: actions/upload-artifact@v4
if: always()
with:
name: GatewayServiceRouting-${{ env.JOB_ID }}
path: |
integration-tests/build/reports/**
results/**
- uses: ./.github/actions/teardown
GatewayCentralRegistry:
needs: PublishJibContainers
runs-on: ubuntu-latest
container: ubuntu:latest
timeout-minutes: 10
services:
# First group of services represents central apiml instance with central gateway registry
discovery-service:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
gateway-service:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_APIMLID: central-apiml
APIML_SERVICE_HOSTNAME: gateway-service
zaas-service:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SECURITY_X509_ENABLED: true
APIML_SECURITY_X509_ACCEPTFORWARDEDCERT: true
APIML_SECURITY_X509_CERTIFICATESURL: https://gateway-service:10010/gateway/certificates
central-gateway-service:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_APIMLID: central-apiml
APIML_SERVICE_HOSTNAME: central-gateway-service
APIML_GATEWAY_REGISTRY_ENABLED: true
APIML_SECURITY_X509_REGISTRY_ALLOWEDUSERS: USER,UNKNOWNUSER
# Second group of services represents domain apiml instance which registers it's gateway in central's discovery service
discovery-service-2:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
env:
APIML_SERVICE_HOSTNAME: discovery-service-2
APIML_SERVICE_PORT: 10031
gateway-service-2:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_APIMLID: domain-apiml
APIML_SERVICE_HOSTNAME: gateway-service-2
APIML_SERVICE_PORT: 10037
APIML_SERVICE_DISCOVERYSERVICEURLS: https://discovery-service-2:10031/eureka/
ZWE_CONFIGS_APIML_SERVICE_ADDITIONALREGISTRATION_0_DISCOVERYSERVICEURLS: https://discovery-service:10011/eureka
ZWE_CONFIGS_APIML_SERVICE_ADDITIONALREGISTRATION_0_ROUTES_0_GATEWAYURL: /
ZWE_CONFIGS_APIML_SERVICE_ADDITIONALREGISTRATION_0_ROUTES_0_SERVICEURL: /
zaas-service-2:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SECURITY_X509_ENABLED: true
APIML_SECURITY_X509_ACCEPTFORWARDEDCERT: true
APIML_SECURITY_X509_CERTIFICATESURL: https://gateway-service:10010/gateway/certificates
APIML_SERVICE_DISCOVERYSERVICEURLS: https://discovery-service-2:10031/eureka/
central-gateway-service-2:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_APIMLID: domain-apiml
APIML_SERVICE_HOSTNAME: central-gateway-service-2
APIML_GATEWAY_REGISTRY_ENABLED: false
APIML_SECURITY_X509_REGISTRY_ALLOWEDUSERS: USER,UNKNOWNUSER
APIML_SERVICE_DISCOVERYSERVICEURLS: https://discovery-service-2:10031/eureka/
ZWE_CONFIGS_APIML_SERVICE_ADDITIONALREGISTRATION_0_DISCOVERYSERVICEURLS: https://discovery-service:10011/eureka
ZWE_CONFIGS_APIML_SERVICE_ADDITIONALREGISTRATION_0_ROUTES_0_GATEWAYURL: /
ZWE_CONFIGS_APIML_SERVICE_ADDITIONALREGISTRATION_0_ROUTES_0_SERVICEURL: /
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- uses: ./.github/actions/setup
- name: Run CI Tests
run: >
./gradlew :integration-tests:runGatewayCentralRegistryTest --info -Denvironment.config=-docker
-Partifactory_user=${{ secrets.ARTIFACTORY_USERNAME }} -Partifactory_password=${{ secrets.ARTIFACTORY_PASSWORD }}
- name: Dump CGW jacoco data
run: >
java -jar ./scripts/jacococli.jar dump --address gateway-service --port 6300 --destfile ./results/gateway-service.exec
- name: Store results
uses: actions/upload-artifact@v4
if: always()
with:
name: GatewayCentralRegistry-${{ env.JOB_ID }}
path: |
integration-tests/build/reports/**
results/**
- uses: ./.github/actions/teardown
CITestsRegistration:
needs: PublishJibContainers
runs-on: ubuntu-latest
container: ubuntu:latest
timeout-minutes: 15
services:
api-catalog-services:
image: ghcr.io/balhar-jakub/api-catalog-services:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
caching-service:
image: ghcr.io/balhar-jakub/caching-service:${{ github.run_id }}-${{ github.run_number }}
discoverable-client:
image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }}
discovery-service:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
gateway-service:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
zaas-service:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
mock-services:
image: ghcr.io/balhar-jakub/mock-services:${{ github.run_id }}-${{ github.run_number }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- uses: ./.github/actions/setup
- name: Run CI Tests
run: >
./gradlew :integration-tests:runRegistrationTests --info -Denvironment.config=-docker
-Partifactory_user=${{ secrets.ARTIFACTORY_USERNAME }} -Partifactory_password=${{ secrets.ARTIFACTORY_PASSWORD }}
# Coverage results are not stored in this job as it would not provide much additional data
- name: Store results
uses: actions/upload-artifact@v4
if: always()
with:
name: ContainerCITestsRegistration-${{ env.JOB_ID }}
path: |
integration-tests/build/reports/**
- uses: ./.github/actions/teardown
CITestsZaas:
needs: PublishJibContainers
runs-on: ubuntu-latest
container: ubuntu:latest
timeout-minutes: 15
services:
caching-service:
image: ghcr.io/balhar-jakub/caching-service:${{ github.run_id }}-${{ github.run_number }}
env:
ZWE_CACHING_SERVICE_PERSISTENT: 'infinispan'
CACHING_STORAGE_MODE: "infinispan"
JGROUPS_BIND_ADDRESS: "caching-service"
JGROUPS_BIND_PORT: "7099"
central-gateway-service:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
discoverable-client:
image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }}
api-catalog-services:
image: ghcr.io/balhar-jakub/api-catalog-services:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
discovery-service:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
zaas-service:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SECURITY_PERSONALACCESSTOKEN_ENABLED: true
APIML_SECURITY_OIDC_CLIENTID: ${{ secrets.OKTA_CLIENT_ID }}
APIML_SECURITY_OIDC_CLIENTSECRET: ${{ secrets.OKTA_CLIENT_PASSWORD }}
APIML_SECURITY_OIDC_ENABLED: true
APIML_SECURITY_OIDC_REGISTRY: zowe.okta.com
APIML_SECURITY_OIDC_JWKS_URI: ${{ secrets.OKTA_JWKSET_URI }}
APIML_SECURITY_OIDC_IDENTITYMAPPERUSER: APIMTST
APIML_SECURITY_OIDC_IDENTITYMAPPERURL: https://gateway-service:10010/zss/api/v1/certificate/dn
APIML_SECURITY_X509_ENABLED: true
APIML_SECURITY_X509_ACCEPTFORWARDEDCERT: true
APIML_SECURITY_X509_CERTIFICATESURL: https://gateway-service:10010/gateway/certificates
gateway-service:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SECURITY_X509_ENABLED: true
APIML_SECURITY_X509_ACCEPTFORWARDEDCERT: true
APIML_SECURITY_X509_CERTIFICATESURL: https://gateway-service:10010/gateway/certificates
mock-services:
image: ghcr.io/balhar-jakub/mock-services:${{ github.run_id }}-${{ github.run_number }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- uses: ./.github/actions/setup
- name: Build with Gradle
run: >
./gradlew :integration-tests:runZaasTest --info -Denvironment.config=-docker
-Partifactory_user=${{ secrets.ARTIFACTORY_USERNAME }} -Partifactory_password=${{ secrets.ARTIFACTORY_PASSWORD }}
-Dokta.client.id=${{ secrets.OKTA_CLIENT_ID }} -Doidc.test.user=${{ secrets.OIDC_TEST_USER }}
-Doidc.test.pass=${{ secrets.OIDC_TEST_PASS }} -Doidc.test.alt_user=${{ secrets.OKTA_WINNIE_USER }}
-Doidc.test.alt_pass=${{ secrets.OKTA_WINNIE_PASS }}
- name: Dump DC jacoco data
run: >
java -jar ./scripts/jacococli.jar dump --address zaas-service --port 6301 --destfile ./results/zaas-service.exec
- name: Store results
uses: actions/upload-artifact@v4
if: always()
with:
name: ContainerCITestsZaas-${{ env.JOB_ID }}
path: |
integration-tests/build/reports/**
results/**
- uses: ./.github/actions/teardown
CITestsZosmfWithoutJwt:
needs: PublishJibContainers
runs-on: ubuntu-latest
container: ubuntu:latest
timeout-minutes: 15
services:
api-catalog-services:
image: ghcr.io/balhar-jakub/api-catalog-services:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
caching-service:
image: ghcr.io/balhar-jakub/caching-service:${{ github.run_id }}-${{ github.run_number }}
discoverable-client:
image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }}
discovery-service:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
zaas-service:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SECURITY_X509_ENABLED: true
APIML_SECURITY_X509_ACCEPTFORWARDEDCERT: true
APIML_SECURITY_X509_CERTIFICATESURL: https://gateway-service:10010/gateway/certificates
APIML_SECURITY_AUTH_ZOSMF_JWTAUTOCONFIGURATION: ltpa
gateway-service:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SECURITY_AUTH_JWT_CUSTOMAUTHHEADER: customJwtHeader
APIML_SECURITY_AUTH_PASSTICKET_CUSTOMUSERHEADER: customUserHeader
APIML_SECURITY_AUTH_PASSTICKET_CUSTOMAUTHHEADER: customPassticketHeader
mock-services:
image: ghcr.io/balhar-jakub/mock-services:${{ github.run_id }}-${{ github.run_number }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- uses: ./.github/actions/setup
- name: Build with Gradle
run: >
./gradlew :integration-tests:runZosmfAuthTest --info -Denvironment.config=-docker
-Partifactory_user=${{ secrets.ARTIFACTORY_USERNAME }} -Partifactory_password=${{ secrets.ARTIFACTORY_PASSWORD }}
# Coverage results are not stored in this job as it would not provide much additional data
- name: Store results
uses: actions/upload-artifact@v4
if: always()
with:
name: ContainerCITestsZosmfWithoutJwt-${{ env.JOB_ID }}
path: |
integration-tests/build/reports/**
- uses: ./.github/actions/teardown
CITestsWithRedisReplica:
needs: PublishJibContainers
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- uses: ./.github/actions/setup
- name: Run APIML and Redis Containers
run: |
cd docker/redis
chmod +x run-redis.sh
./run-redis.sh -l -t -a ${{ env.JOB_ID }}
- uses: ./.github/actions/validate-apiml-healthy
with:
caching-service: "true"
- name: Run Caching Service tests
run: >
./gradlew :integration-tests:runCachingServiceTests --info
-DtlsConfiguration.clientKeyStore=../docker/redis/redis-containers/keystore/all-services.keystore.p12
-DtlsConfiguration.keyAlias=apimtst
-DtlsConfiguration.keyStore=../docker/redis/redis-containers/keystore/all-services.keystore.p12
-DtlsConfiguration.trustStore=../docker/redis/redis-containers/keystore/all-services.truststore.p12
-Partifactory_user=${{ secrets.ARTIFACTORY_USERNAME }} -Partifactory_password=${{ secrets.ARTIFACTORY_PASSWORD }}
- name: Output Redis logs
if: always()
run: |
echo "Redis Master"
docker logs redis-master
echo "Redis Replica"
docker logs redis-replica
- name: Output Caching Service container logs
if: always()
run: docker logs caching-service
- name: Output Gateway container logs
if: always()
run: docker logs gateway-service
- name: Output ZAAS container logs
if: always()
run: docker logs zaas-service
- name: Output Discovery container logs
if: always()
run: docker logs discovery-service
# Coverage results are not stored in this job as it would not provide much additional data
- name: Store results
uses: actions/upload-artifact@v4
if: always()
with:
name: ContainerCITestsWithRedisReplica-${{ env.JOB_ID }}
path: |
integration-tests/build/reports/**
- uses: ./.github/actions/teardown
CITestsWithRedisSentinel:
needs: PublishJibContainers
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- uses: ./.github/actions/setup
- name: Run APIML and Redis Containers
run: |
cd docker/redis
chmod +x run-redis.sh
./run-redis.sh -l -s -t -a ${{ env.JOB_ID }}
- uses: ./.github/actions/validate-apiml-healthy
with:
caching-service: "true"
- name: Run Caching Service tests
run: >
./gradlew :integration-tests:runCachingServiceTests --info
-DtlsConfiguration.clientKeyStore=../docker/redis/redis-containers/keystore/all-services.keystore.p12
-DtlsConfiguration.keyAlias=apimtst
-DtlsConfiguration.keyStore=../docker/redis/redis-containers/keystore/all-services.keystore.p12
-DtlsConfiguration.trustStore=../docker/redis/redis-containers/keystore/all-services.truststore.p12
-Partifactory_user=${{ secrets.ARTIFACTORY_USERNAME }} -Partifactory_password=${{ secrets.ARTIFACTORY_PASSWORD }}
- name: Output Redis logs
if: always()
run: |
echo "Redis Master"
docker logs redis-master
echo "Redis Replica"
docker logs redis-replica
echo "Redis Sentinel 1"
docker logs redis-sentinel-1
echo "Redis Sentinel 2"
docker logs redis-sentinel-2
echo "Redis Sentinel 3"
docker logs redis-sentinel-3
- name: Output Caching Service container logs
if: always()
run: docker logs caching-service
- name: Output Gateway container logs
if: always()
run: docker logs gateway-service
- name: Output ZAAS container logs
if: always()
run: docker logs zaas-service
- name: Output Discovery container logs
if: always()
run: docker logs discovery-service
# Coverage results are not stored in this job as it would not provide much additional data
- name: Store results
uses: actions/upload-artifact@v4
if: always()
with:
name: ContainerCITestsWithRedisSentinel-${{ env.JOB_ID }}
path: |
integration-tests/build/reports/**
- uses: ./.github/actions/teardown
CITestsHA:
needs: PublishJibContainers
container: ubuntu:latest
runs-on: ubuntu-latest
timeout-minutes: 15
services:
api-catalog-services:
image: ghcr.io/balhar-jakub/api-catalog-services:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
env:
APIML_HEALTH_PROTECTED: false
api-catalog-services-2:
image: ghcr.io/balhar-jakub/api-catalog-services:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
env:
APIML_SERVICE_HOSTNAME: api-catalog-services-2
APIML_HEALTH_PROTECTED: false
caching-service:
image: ghcr.io/balhar-jakub/caching-service:${{ github.run_id }}-${{ github.run_number }}
discoverable-client:
image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }}
discoverable-client-2:
image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_HOSTNAME: discoverable-client-2
mock-services:
image: ghcr.io/balhar-jakub/mock-services:${{ github.run_id }}-${{ github.run_number }}
discovery-service:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
env:
APIML_DISCOVERY_ALLPEERSURLS: https://discovery-service:10011/eureka,https://discovery-service-2:10011/eureka
discovery-service-2:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
env:
APIML_SERVICE_HOSTNAME: discovery-service-2
APIML_DISCOVERY_ALLPEERSURLS: https://discovery-service-2:10011/eureka,https://discovery-service:10011/eureka
zaas-service:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
zaas-service-2:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
gateway-service:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_DISCOVERYSERVICEURLS: https://discovery-service:10011/eureka/,https://discovery-service-2:10011/eureka/
gateway-service-2:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_HOSTNAME: gateway-service-2
APIML_SERVICE_DISCOVERYSERVICEURLS: https://discovery-service:10011/eureka/,https://discovery-service-2:10011/eureka/
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- uses: ./.github/actions/setup
- name: Run HA Tests
run: >
./gradlew runHATests --info -Denvironment.config=-ha
-Partifactory_user=$ARTIFACTORY_USERNAME -Partifactory_password=$ARTIFACTORY_PASSWORD
env:
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
- name: Correct Permisions
run: |
chmod 755 -R .gradle
# Coverage results are not stored in this job as it would not provide much additional data
- name: Store results
uses: actions/upload-artifact@v4
if: always()
with:
name: CITestsHA-${{ env.JOB_ID }}
path: |
integration-tests/build/reports/**
- uses: ./.github/actions/teardown
DeterministicHALoadBalancing:
needs: PublishJibContainers
container: ubuntu:latest
runs-on: ubuntu-latest
timeout-minutes: 15
services:
api-catalog-services:
image: ghcr.io/balhar-jakub/api-catalog-services:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
caching-service:
image: ghcr.io/balhar-jakub/caching-service:${{ github.run_id }}-${{ github.run_number }}
discoverable-client:
image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }}
discoverable-client-2:
image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_HOSTNAME: discoverable-client-2
mock-services:
image: ghcr.io/balhar-jakub/mock-services:${{ github.run_id }}-${{ github.run_number }}
discovery-service:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
env:
APIML_DISCOVERY_ALLPEERSURLS: https://discovery-service:10011/eureka,https://discovery-service-2:10011/eureka
discovery-service-2:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
env:
APIML_SERVICE_HOSTNAME: discovery-service-2
APIML_DISCOVERY_ALLPEERSURLS: https://discovery-service-2:10011/eureka,https://discovery-service:10011/eureka
zaas-service:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
zaas-service-2:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
gateway-service:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_DISCOVERYSERVICEURLS: https://discovery-service:10011/eureka/,https://discovery-service-2:10011/eureka/
APIML_ROUTING_INSTANCEIDHEADER: true
gateway-service-2:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_HOSTNAME: gateway-service-2
APIML_SERVICE_DISCOVERYSERVICEURLS: https://discovery-service:10011/eureka/,https://discovery-service-2:10011/eureka/
APIML_ROUTING_INSTANCEIDHEADER: true
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- uses: ./.github/actions/setup
- name: Setup Docker
if: ${{ false }} # Debug of containers
run: |
apt update
apt install -y apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
apt update
apt-cache policy docker-ce
apt install -y docker-ce
- name: Run HA Tests
run: >
./gradlew runDeterministicLbHaTests --info -Denvironment.config=-ha
-Partifactory_user=$ARTIFACTORY_USERNAME -Partifactory_password=$ARTIFACTORY_PASSWORD
env:
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
- name: Get Container Logs
if: ${{ false }} # Debug of containers
run: |
docker ps -a
docker ps -q | xargs -L 1 docker logs
- name: Correct Permisions
run: |
chmod 755 -R .gradle
# Coverage results are not stored in this job as it would not provide much additional data
- name: Store results
uses: actions/upload-artifact@v4
if: always()
with:
name: DeterministicLbHaTest-${{ env.JOB_ID }}
path: |
integration-tests/build/reports/**
- uses: ./.github/actions/teardown
StickySessionHALoadBalancing:
needs: PublishJibContainers
container: ubuntu:latest
runs-on: ubuntu-latest
timeout-minutes: 15
services:
api-catalog-services:
image: ghcr.io/balhar-jakub/api-catalog-services:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
caching-service:
image: ghcr.io/balhar-jakub/caching-service:${{ github.run_id }}-${{ github.run_number }}
discoverable-client:
image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_CUSTOMMETADATA_APIML_LB_TYPE: authentication
discoverable-client-2:
image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_HOSTNAME: discoverable-client-2
APIML_SERVICE_CUSTOMMETADATA_APIML_LB_TYPE: authentication
mock-services:
image: ghcr.io/balhar-jakub/mock-services:${{ github.run_id }}-${{ github.run_number }}
discovery-service:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
env:
APIML_DISCOVERY_ALLPEERSURLS: https://discovery-service:10011/eureka,https://discovery-service-2:10011/eureka
discovery-service-2:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
env:
APIML_SERVICE_HOSTNAME: discovery-service-2
APIML_DISCOVERY_ALLPEERSURLS: https://discovery-service-2:10011/eureka,https://discovery-service:10011/eureka
zaas-service:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
zaas-service-2:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
gateway-service:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_DISCOVERYSERVICEURLS: https://discovery-service:10011/eureka/,https://discovery-service-2:10011/eureka/
APIML_SERVICE_CUSTOMMETADATA_APIML_LB_TYPE: authentication
gateway-service-2:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_HOSTNAME: gateway-service-2
APIML_SERVICE_DISCOVERYSERVICEURLS: https://discovery-service:10011/eureka/,https://discovery-service-2:10011/eureka/
APIML_SERVICE_CUSTOMMETADATA_APIML_LB_TYPE: authentication
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- uses: ./.github/actions/setup
- name: Setup Docker
if: ${{ false }} # Debug of containers
run: |
apt update
apt install -y apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
apt update
apt-cache policy docker-ce
apt install -y docker-ce
- name: Run HA Tests
run: >
./gradlew runStickySessionLbHaTests --info -Denvironment.config=-ha
-Partifactory_user=$ARTIFACTORY_USERNAME -Partifactory_password=$ARTIFACTORY_PASSWORD
env:
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
- name: Get Container Logs
if: ${{ false }} # Debug of containers
run: |
docker ps -a
docker ps -q | xargs -L 1 docker logs
- name: Correct Permisions
run: |
chmod 755 -R .gradle
# Coverage results are not stored in this job as it would not provide much additional data
- name: Store results
uses: actions/upload-artifact@v4
if: always()
with:
name: StickySessionLbHaTest-${{ env.JOB_ID }}
path: |
integration-tests/build/reports/**
- uses: ./.github/actions/teardown
CITestsDiscoveryChaoticHA:
needs: PublishJibContainers
container: ubuntu:latest
runs-on: ubuntu-latest
timeout-minutes: 15
services:
api-catalog-services:
image: ghcr.io/balhar-jakub/api-catalog-services:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
caching-service:
image: ghcr.io/balhar-jakub/caching-service:${{ github.run_id }}-${{ github.run_number }}
discoverable-client:
image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }}
mock-services:
image: ghcr.io/balhar-jakub/mock-services:${{ github.run_id }}-${{ github.run_number }}
discovery-service:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
env:
APIML_DISCOVERY_ALLPEERSURLS: https://discovery-service:10011/eureka,https://discovery-service-2:10011/eureka
discovery-service-2:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
env:
APIML_SERVICE_HOSTNAME: discovery-service-2
APIML_DISCOVERY_ALLPEERSURLS: https://discovery-service-2:10011/eureka,https://discovery-service:10011/eureka
zaas-service:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
zaas-service-2:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
gateway-service:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_DISCOVERYSERVICEURLS: https://discovery-service:10011/eureka/,https://discovery-service-2:10011/eureka/
gateway-service-2:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_HOSTNAME: gateway-service-2
APIML_SERVICE_DISCOVERYSERVICEURLS: https://discovery-service:10011/eureka/,https://discovery-service-2:10011/eureka/
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- uses: ./.github/actions/setup
- name: Run Discovery Service Chaotic HA Tests
run: >
./gradlew :integration-tests:runChaoticHATests --tests org.zowe.apiml.integration.ha.DiscoveryChaoticTest
--info -Denvironment.config=-ha
-Partifactory_user=$ARTIFACTORY_USERNAME -Partifactory_password=$ARTIFACTORY_PASSWORD
env:
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
- name: Correct Permisions
run: |
chmod 755 -R .gradle
# Coverage results are not stored in this job as it would not provide much additional data
- name: Store results
uses: actions/upload-artifact@v4
if: always()
with:
name: CITestsDiscoveryChaoticHA-${{ env.JOB_ID }}
path: |
integration-tests/build/reports/**
- uses: ./.github/actions/teardown
CITestsGatewayChaoticHA:
needs: PublishJibContainers
container: ubuntu:latest
runs-on: ubuntu-latest
timeout-minutes: 15
services:
api-catalog-services:
image: ghcr.io/balhar-jakub/api-catalog-services:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
caching-service:
image: ghcr.io/balhar-jakub/caching-service:${{ github.run_id }}-${{ github.run_number }}
discoverable-client:
image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }}
mock-services:
image: ghcr.io/balhar-jakub/mock-services:${{ github.run_id }}-${{ github.run_number }}
discovery-service:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
env:
APIML_DISCOVERY_ALLPEERSURLS: https://discovery-service:10011/eureka,https://discovery-service-2:10011/eureka
discovery-service-2:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
env:
APIML_SERVICE_HOSTNAME: discovery-service-2
APIML_DISCOVERY_ALLPEERSURLS: https://discovery-service-2:10011/eureka,https://discovery-service:10011/eureka
zaas-service:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
zaas-service-2:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
gateway-service:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_DISCOVERYSERVICEURLS: https://discovery-service:10011/eureka/,https://discovery-service-2:10011/eureka/
gateway-service-2:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_HOSTNAME: gateway-service-2
APIML_SERVICE_DISCOVERYSERVICEURLS: https://discovery-service:10011/eureka/,https://discovery-service-2:10011/eureka/
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- uses: ./.github/actions/setup
- name: Run Gateway Service Chaotic HA Tests
run: >
./gradlew :integration-tests:runChaoticHATests --tests org.zowe.apiml.integration.ha.GatewayChaoticTest
--info -Denvironment.config=-ha
-Partifactory_user=$ARTIFACTORY_USERNAME -Partifactory_password=$ARTIFACTORY_PASSWORD
env:
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
- name: Correct Permisions
run: |
chmod 755 -R .gradle
# Coverage results are not stored in this job as it would not provide much additional data
- name: Store results
uses: actions/upload-artifact@v4
if: always()
with:
name: CITestsGatewayChaoticHA-${{ env.JOB_ID }}
path: |
integration-tests/build/reports/**
- uses: ./.github/actions/teardown
CITestsDiscoverableClientChaoticHA:
needs: PublishJibContainers
container: ubuntu:latest
runs-on: ubuntu-latest
timeout-minutes: 15
services:
api-catalog-services:
image: ghcr.io/balhar-jakub/api-catalog-services:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
caching-service:
image: ghcr.io/balhar-jakub/caching-service:${{ github.run_id }}-${{ github.run_number }}
discoverable-client:
image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }}
discoverable-client-2:
image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_HOSTNAME: discoverable-client-2
mock-services:
image: ghcr.io/balhar-jakub/mock-services:${{ github.run_id }}-${{ github.run_number }}
discovery-service:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
env:
APIML_DISCOVERY_ALLPEERSURLS: https://discovery-service:10011/eureka,https://discovery-service-2:10011/eureka
discovery-service-2:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
env:
APIML_SERVICE_HOSTNAME: discovery-service-2
APIML_DISCOVERY_ALLPEERSURLS: https://discovery-service-2:10011/eureka,https://discovery-service:10011/eureka
zaas-service:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
zaas-service-2:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
gateway-service:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_DISCOVERYSERVICEURLS: https://discovery-service:10011/eureka/,https://discovery-service-2:10011/eureka/
gateway-service-2:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_HOSTNAME: gateway-service-2
APIML_SERVICE_DISCOVERYSERVICEURLS: https://discovery-service:10011/eureka/,https://discovery-service-2:10011/eureka/
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- uses: ./.github/actions/setup
- name: Run Discoverable Client Chaotic HA Tests
run: >
./gradlew :integration-tests:runChaoticHATests --tests org.zowe.apiml.integration.ha.SouthboundServiceChaoticTest
--info -Denvironment.config=-ha
-Partifactory_user=$ARTIFACTORY_USERNAME -Partifactory_password=$ARTIFACTORY_PASSWORD
env:
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
- name: Correct Permisions
run: |
chmod 755 -R .gradle
# Coverage results are not stored in this job as it would not provide much additional data
- name: Store results
uses: actions/upload-artifact@v4
if: always()
with:
name: CITestsDiscoverableClientChaoticHA-${{ env.JOB_ID }}
path: |
integration-tests/build/reports/**
- uses: ./.github/actions/teardown
CITestsWebSocketChaoticHA:
needs: PublishJibContainers
container: ubuntu:latest
runs-on: ubuntu-latest
timeout-minutes: 15
services:
api-catalog-services:
image: ghcr.io/balhar-jakub/api-catalog-services:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
caching-service:
image: ghcr.io/balhar-jakub/caching-service:${{ github.run_id }}-${{ github.run_number }}
discoverable-client:
image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }}
discoverable-client-2:
image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_HOSTNAME: discoverable-client-2
mock-services:
image: ghcr.io/balhar-jakub/mock-services:${{ github.run_id }}-${{ github.run_number }}
discovery-service:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
env:
APIML_DISCOVERY_ALLPEERSURLS: https://discovery-service:10011/eureka,https://discovery-service-2:10011/eureka
discovery-service-2:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
env:
APIML_SERVICE_HOSTNAME: discovery-service-2
APIML_DISCOVERY_ALLPEERSURLS: https://discovery-service-2:10011/eureka,https://discovery-service:10011/eureka
zaas-service:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
zaas-service-2:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
gateway-service:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_DISCOVERYSERVICEURLS: https://discovery-service:10011/eureka/,https://discovery-service-2:10011/eureka/
gateway-service-2:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_HOSTNAME: gateway-service-2
APIML_SERVICE_DISCOVERYSERVICEURLS: https://discovery-service:10011/eureka/,https://discovery-service-2:10011/eureka/
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- uses: ./.github/actions/setup
- name: Run WebSocket Chaotic HA Tests
run: >
./gradlew :integration-tests:runChaoticHATests --tests org.zowe.apiml.integration.ha.WebSocketChaoticTest
--info -Denvironment.config=-ha
-Partifactory_user=$ARTIFACTORY_USERNAME -Partifactory_password=$ARTIFACTORY_PASSWORD
env:
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
- uses: ./.github/actions/dump-jacoco
if: always()
- name: Dump DC jacoco data
run: >
java -jar ./scripts/jacococli.jar dump --address discoverable-client --port 6303 --destfile ./results/discoverable-client.exec
- name: Correct Permisions
run: |
chmod 755 -R .gradle
# Coverage results are not stored in this job as it would not provide much additional data
- name: Store results
uses: actions/upload-artifact@v4
if: always()
with:
name: CITestsWebSocketChaoticHA-${{ env.JOB_ID }}
path: |
integration-tests/build/reports/**
results/**
- uses: ./.github/actions/teardown
CITestsWithInfinispan:
needs: PublishJibContainers
runs-on: ubuntu-latest
container: ubuntu:latest
timeout-minutes: 15
services:
api-catalog-services:
image: ghcr.io/balhar-jakub/api-catalog-services:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
caching-service:
image: ghcr.io/balhar-jakub/caching-service:${{ github.run_id }}-${{ github.run_number }}
env:
ZWE_CACHING_SERVICE_PERSISTENT: 'infinispan'
JGROUPS_BIND_PORT: "7099"
SERVER_SSL_KEYSTORETYPE: "PKCS12"
CACHING_STORAGE_INFINISPAN_PERSISTENCE_DATALOCATION: "data_replica"
CACHING_STORAGE_INFINISPAN_INITIALHOSTS: "caching-service-2[7098]"
CACHING_STORAGE_MODE: "infinispan"
APIML_SERVICE_PORT: "10022"
JGROUPS_BIND_ADDRESS: "caching-service"
caching-service-2:
image: ghcr.io/balhar-jakub/caching-service:${{ github.run_id }}-${{ github.run_number }}
env:
ZWE_CACHING_SERVICE_PERSISTENT: 'infinispan'
JGROUPS_BIND_PORT: "7098"
SERVER_SSL_KEYSTORETYPE: "PKCS12"
CACHING_STORAGE_INFINISPAN_PERSISTENCE_DATALOCATION: "data"
CACHING_STORAGE_INFINISPAN_INITIALHOSTS: "caching-service[7099]"
CACHING_STORAGE_MODE: "infinispan"
JGROUPS_BIND_ADDRESS: "caching-service-2"
APIML_SERVICE_HOSTNAME: "caching-service-2"
discoverable-client:
image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }}
discovery-service:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
gateway-service:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
zaas-service:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SECURITY_X509_ENABLED: true
APIML_SECURITY_X509_ACCEPTFORWARDEDCERT: true
APIML_SECURITY_X509_CERTIFICATESURL: https://gateway-service:10010/gateway/certificates
mock-services:
image: ghcr.io/balhar-jakub/mock-services:${{ github.run_id }}-${{ github.run_number }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- uses: ./.github/actions/setup
- name: Build with Gradle
run: >
./gradlew :integration-tests:runInfinispanServiceTests --info -Denvironment.config=-docker
-Partifactory_user=${{ secrets.ARTIFACTORY_USERNAME }} -Partifactory_password=${{ secrets.ARTIFACTORY_PASSWORD }}
- uses: ./.github/actions/dump-jacoco
if: always()
- name: Store results
uses: actions/upload-artifact@v4
if: always()
with:
name: CITestsWithInfinispan-${{ env.JOB_ID }}
path: |
integration-tests/build/reports/**
results/**
- uses: ./.github/actions/teardown
E2EUITests:
needs: PublishJibContainers
runs-on: ubuntu-latest
container: cypress/browsers:node-20.11.0-chrome-121.0.6167.85-1-ff-120.0-edge-121.0.2277.83-1
timeout-minutes: 30
services:
api-catalog-services:
image: ghcr.io/balhar-jakub/api-catalog-services:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
discoverable-client:
image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }}
discovery-service:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
gateway-service:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OKTA_CLIENTID: ${{ secrets.OKTA_CLIENT_ID }}
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OKTA_CLIENTSECRET: ${{ secrets.OKTA_CLIENT_PASSWORD }}
SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OKTA_ISSUER: ${{ secrets.OKTA_ISSUER }}
SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OKTA_AUTHORIZATIONURI: ${{ secrets.OKTA_AUTH_URI }}
SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OKTA_TOKENURI: ${{ secrets.OKTA_TOKEN_URI }}
SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OKTA_USERINFOURI: ${{ secrets.OKTA_USER_INFO_URI }}
SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OKTA_USERNAMEATTRIBUTE: sub
SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OKTA_JWKSETURI: ${{ secrets.OKTA_JWKSET_URI }}
APIML_SECURITY_OIDC_COOKIE_SAMESITE: None
APIML_HEALTH_PROTECTED: false
zaas-service:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_HEALTH_PROTECTED: false
mock-services:
image: ghcr.io/balhar-jakub/mock-services:${{ github.run_id }}-${{ github.run_number }}
discovery-service-2:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
env:
APIML_SERVICE_HOSTNAME: discovery-service-2
gateway-service-2:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SERVICE_APIMLID: apiml2
APIML_SERVICE_HOSTNAME: gateway-service-2
APIML_SERVICE_DISCOVERYSERVICEURLS: https://discovery-service-2:10011/eureka/
APIML_HEALTH_PROTECTED: false
ZWE_CONFIGS_APIML_SERVICE_ADDITIONALREGISTRATION_0_DISCOVERYSERVICEURLS: https://discovery-service:10011/eureka
ZWE_CONFIGS_APIML_SERVICE_ADDITIONALREGISTRATION_0_ROUTES_0_GATEWAYURL: /
ZWE_CONFIGS_APIML_SERVICE_ADDITIONALREGISTRATION_0_ROUTES_0_SERVICEURL: /
zaas-service-2:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
env:
APIML_SECURITY_X509_ENABLED: true
APIML_SECURITY_X509_ACCEPTFORWARDEDCERT: true
APIML_SECURITY_X509_CERTIFICATESURL: https://gateway-service-2:10010/gateway/certificates
APIML_SERVICE_DISCOVERYSERVICEURLS: https://discovery-service-2:10011/eureka/
APIML_HEALTH_PROTECTED: false
APIML_SERVICE_HOSTNAME: zaas-service-2
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- uses: ./.github/actions/setup
- name: Install npm dependencies API Catalog
uses: bahmutov/npm-install@v1
with:
install-command: npm ci --legacy-peer-deps
working-directory: api-catalog-ui/frontend
- name: Cache NPM and Cypress 📦
uses: actions/cache@v4
with:
path: |
~/.cache/Cypress
api-catalog-ui/frontend/node_modules
key: my-cache-${{ runner.os }}-${{ hashFiles('api-catalog-ui/frontend/*.json') }}
- name: Run startup check
run: >
./gradlew runStartUpCheck --info --scan -Denvironment.config=-ha -Ddiscoverableclient.instances=1
- name: Cypress run API Catalog
run: |
cd api-catalog-ui/frontend
export CYPRESS_OKTA_USERNAME=${{ secrets.OKTA_WINNIE_USER }}
export CYPRESS_OKTA_PASSWORD=${{ secrets.OKTA_WINNIE_PASS }}
npm run cy:e2e:ci
- name: Dump CGW jacoco data
run: >
java -jar ./scripts/jacococli.jar dump --address gateway-service --port 6300 --destfile ./results/gateway-service.exec
- name: Store results
uses: actions/upload-artifact@v4
if: always()
with:
name: E2EUITests-${{ env.JOB_ID }}
path: |
results/**
- name: Upload screenshots API Catalog
uses: actions/upload-artifact@v4
if: ${{ !cancelled() }}
with:
name: cypress-snapshots
path: api-catalog-ui/frontend/cypress/screenshots
- uses: ./.github/actions/teardown
CITestsServicePrefixReplacer:
needs: PublishJibContainers
container: ubuntu:latest
runs-on: ubuntu-latest
timeout-minutes: 15
services:
api-catalog-services:
image: ghcr.io/balhar-jakub/api-catalog-services:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
discoverable-client:
image: ghcr.io/balhar-jakub/discoverable-client:${{ github.run_id }}-${{ github.run_number }}
discovery-service:
image: ghcr.io/balhar-jakub/discovery-service:${{ github.run_id }}-${{ github.run_number }}
volumes:
- /api-defs:/api-defs
env:
APIML_DISCOVERY_SERVICEIDPREFIXREPLACER: "discoverable*,sample"
gateway-service:
image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
zaas-service:
image: ghcr.io/balhar-jakub/zaas-service:${{ github.run_id }}-${{ github.run_number }}
mock-services:
image: ghcr.io/balhar-jakub/mock-services:${{ github.run_id }}-${{ github.run_number }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- uses: ./.github/actions/setup
- name: Run Service ID Prefix Replacer Tests
run: >
./gradlew :integration-tests:runIdPrefixReplacerTests --info -Denvironment.config=-docker
-Partifactory_user=${{ secrets.ARTIFACTORY_USERNAME }} -Partifactory_password=${{ secrets.ARTIFACTORY_PASSWORD }}
- name: Store results
uses: actions/upload-artifact@v4
if: always()
with:
name: CITestsServicePrefixReplacer-${{ env.JOB_ID }}
path: |
integration-tests/build/reports/**
results/**
- uses: ./.github/actions/teardown
PublishResults:
needs: [ CITests,CITestsWithInfinispan,CITestsZaas,GatewayProxy,GatewayServiceRouting ]
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.head_ref }}
- uses: ./.github/actions/setup
- uses: actions/download-artifact@v4
with:
name: ContainerCITests-${{ env.JOB_ID }}
path: containercitests
- uses: actions/download-artifact@v4
with:
name: CITestsWithInfinispan-${{ env.JOB_ID }}
path: citestswithinfinispan
- uses: actions/download-artifact@v4
with:
name: GatewayProxy-${{ env.JOB_ID }}
path: GatewayProxy
- uses: actions/download-artifact@v4
with:
name: ContainerCITestsZaas-${{ env.JOB_ID }}
path: ContainerCITestsZaas
- uses: actions/download-artifact@v4
with:
name: CITestsWebSocketChaoticHA-${{ env.JOB_ID }}
path: citestswebsocketchaoticha
- uses: actions/download-artifact@v4
with:
name: GatewayServiceRouting-${{ env.JOB_ID }}
path: GatewayServiceRouting
- name: Code coverage and publish results
run: >
./gradlew --info coverage sonar -Dresults="containercitests/results,citestswithinfinispan/results,GatewayProxy/results,citestswebsocketchaoticha/results,GatewayServiceRouting/results,ContainerCITestsZaas/results"
-Psonar.host.url=$SONAR_HOST_URL -Dsonar.token=$SONAR_TOKEN -Partifactory_user=$ARTIFACTORY_USERNAME -Partifactory_password=$ARTIFACTORY_PASSWORD
env:
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: ./.github/actions/teardown