Multiple cookie secrets #28
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Fuzzing Test | |
| on: | |
| pull_request | |
| jobs: | |
| extract_version: | |
| runs-on: ubuntu-latest | |
| name: Extract release version | |
| outputs: | |
| supported-features: ${{ steps.version.outputs.value }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 'latest' | |
| - name: Get package version | |
| id: version | |
| run: echo "value=$(node -p -e "require('./px_metadata.json').version")" >> "$GITHUB_OUTPUT" | |
| Fuzzing: | |
| name: "Fuzzing Test" | |
| env: | |
| MOCK_COLLECTOR_IMAGE_TAG: 1.3.6 | |
| FUZZER_TAG: 1.0.4 | |
| SAMPLE_SITE_IMAGE_TAG: 1.0.0 | |
| ENFORCER_TAG: ${{ needs.extract_version.outputs.version }} | |
| strategy: | |
| matrix: | |
| mode: [ "url", "first_party", "headers", "cookies", "user_agent" ] | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 60 | |
| needs: | |
| - extract_version | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build local cluster | |
| run: ./ci_files/build_cluster.sh | |
| - name: Build Enforcer Docker image | |
| run: | | |
| docker build . -t localhost:5001/java-enforcer-sample-site:$SAMPLE_SITE_IMAGE_TAG && \ | |
| docker push localhost:5001/java-enforcer-sample-site:$SAMPLE_SITE_IMAGE_TAG | |
| - uses: azure/setup-helm@v3 | |
| with: | |
| version: '3.14.2' | |
| - name: Clone helm charts repo - mock-collector | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: PerimeterX/connect-helm-charts | |
| token: ${{ secrets.CONNECT_PULL_TOKEN }} | |
| ref: mock-collector-0.1.1 | |
| path: ./deploy_charts/mock-collector | |
| - name: Clone helm charts repo - fuzzer | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: PerimeterX/connect-helm-charts | |
| token: ${{ secrets.CONNECT_PULL_TOKEN }} | |
| ref: fuzzer-0.2.0 | |
| path: ./deploy_charts/fuzzer | |
| - name: Clone helm charts repo - sample-site | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: PerimeterX/connect-helm-charts | |
| token: ${{ secrets.CONNECT_PULL_TOKEN }} | |
| ref: sample-site-0.5.0 | |
| path: ./deploy_charts/sample-site | |
| - name: Set up Google Cloud SDK | |
| id: 'auth' | |
| uses: 'google-github-actions/auth@v2' | |
| with: | |
| credentials_json: '${{ secrets.GCR_SA_KEY }}' | |
| - name: Configure Docker credentials | |
| run: | | |
| gcloud auth configure-docker gcr.io | |
| - name: pull mock collector image | |
| run: | | |
| docker pull gcr.io/px-docker-repo/connecteam/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG && \ | |
| docker tag gcr.io/px-docker-repo/connecteam/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG localhost:5001/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG && \ | |
| docker push localhost:5001/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG | |
| - name: deploy mock collector | |
| run: | | |
| helm install mock-collector ./deploy_charts/mock-collector/charts/mock-collector \ | |
| --set image.repository=localhost:5001/mock-collector \ | |
| --set image.tag=$MOCK_COLLECTOR_IMAGE_TAG \ | |
| --set imagePullPolicy=Always --wait | |
| - name: set secrets in enforcer config | |
| run: | | |
| cat ./ci_files/enforcer-config.json |\ | |
| jq '.px_app_id="${{ secrets.PX_APP_ID }}"' |\ | |
| jq '.px_cookie_secret="${{ secrets.TEST_COOKIE_SECRET }}"' |\ | |
| jq '.px_auth_token="${{ secrets.PX_AUTH_TOKEN }}"' > /tmp/enforcer-config.json | |
| - name: log enforcer config | |
| run: cat /tmp/enforcer-config.json | |
| - name: deploy java enforcer | |
| run: | | |
| helm install java-enforcer ./deploy_charts/sample-site/charts/sample-site \ | |
| -f ./ci_files/enforcer-values.yaml \ | |
| --set image.name=localhost:5001/java-enforcer-sample-site \ | |
| --set image.tag=$SAMPLE_SITE_IMAGE_TAG \ | |
| --set-file enforcerConfig.content=/tmp/enforcer-config.json \ | |
| --wait | |
| - name: pull fuzzer image | |
| run: | | |
| docker pull gcr.io/px-docker-repo/connecteam/connect-enforcer-fuzzer:$FUZZER_TAG && \ | |
| docker tag gcr.io/px-docker-repo/connecteam/connect-enforcer-fuzzer:$FUZZER_TAG localhost:5001/connect-enforcer-fuzzer:$FUZZER_TAG && \ | |
| docker push localhost:5001/connect-enforcer-fuzzer:$FUZZER_TAG | |
| - name: run fuzzer | |
| run: | | |
| helm install fuzzer ./deploy_charts/fuzzer/charts/fuzzer \ | |
| --set image.repository=localhost:5001/connect-enforcer-fuzzer \ | |
| --set image.tag=$FUZZER_TAG \ | |
| --set appId=$PX_APP_ID \ | |
| --set mode=$FUZZ_MODE \ | |
| --set siteURL=$SITE_URL \ | |
| --wait \ | |
| --timeout 60m0s \ | |
| --wait-for-jobs | |
| env: | |
| FUZZ_MODE: ${{ matrix.mode }} | |
| PX_APP_ID: ${{ secrets.PX_APP_ID }} | |
| SITE_URL: "http://java-enforcer-sample-site:3000" | |
| - name: Deployment logs - mock collector | |
| run: kubectl logs deployment/mock-collector-mock-collector | |
| - name: Deployment logs - enforcer | |
| run: kubectl logs deployment/java-enforcer-sample-site | |
| - name: get tests results | |
| if: ${{ always() }} | |
| run: kubectl logs job/fuzzer-enforcer-fuzzer |