.github/workflows/fuzzer.yaml

name: Fuzzing Test

on:
  pull_request

jobs:

  extract_version:
    runs-on: ubuntu-latest
    name: Extract release version
    outputs:
      supported-features: ${{ steps.version.outputs.value }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 'latest'
      - name: Get package version
        id: version
        run: echo "value=$(node -p -e "require('./px_metadata.json').version")" >> "$GITHUB_OUTPUT"


  Fuzzing:
    name: "Fuzzing Test"
    env:
      MOCK_COLLECTOR_IMAGE_TAG: 1.3.6
      FUZZER_TAG: 1.0.4
      SAMPLE_SITE_IMAGE_TAG: 1.0.0
      ENFORCER_TAG: ${{ needs.extract_version.outputs.version }}

    strategy:
      matrix:
        mode: [ "url", "first_party", "headers", "cookies", "user_agent" ]

    runs-on: ubuntu-latest
    timeout-minutes: 60
    needs:
      - extract_version

    steps:

      - name: Checkout Repo
        uses: actions/checkout@v4

      - name: Set up Docker
        uses: docker/setup-buildx-action@v3

      - name: Build local cluster
        run: ./ci_files/build_cluster.sh

      - name: Build Enforcer Docker image
        run: |
          docker build . -t localhost:5001/java-enforcer-sample-site:$SAMPLE_SITE_IMAGE_TAG && \
          docker push localhost:5001/java-enforcer-sample-site:$SAMPLE_SITE_IMAGE_TAG

      - uses: azure/setup-helm@v3
        with:
          version: '3.14.2'

      - name: Clone helm charts repo - mock-collector
        uses: actions/checkout@v4
        with:
          repository: PerimeterX/connect-helm-charts
          token: ${{ secrets.CONNECT_PULL_TOKEN }}
          ref: mock-collector-0.1.1
          path: ./deploy_charts/mock-collector

      - name: Clone helm charts repo - fuzzer
        uses: actions/checkout@v4
        with:
          repository: PerimeterX/connect-helm-charts
          token: ${{ secrets.CONNECT_PULL_TOKEN }}
          ref: fuzzer-0.2.0
          path: ./deploy_charts/fuzzer

      - name: Clone helm charts repo - sample-site
        uses: actions/checkout@v4
        with:
          repository: PerimeterX/connect-helm-charts
          token: ${{ secrets.CONNECT_PULL_TOKEN }}
          ref: sample-site-0.5.0
          path: ./deploy_charts/sample-site

      - name: Set up Google Cloud SDK
        id: 'auth'
        uses: 'google-github-actions/auth@v2'
        with:
          credentials_json: '${{ secrets.GCR_SA_KEY }}'

      - name: Configure Docker credentials
        run: |
          gcloud auth configure-docker gcr.io

      - name: pull mock collector image
        run: |
          docker pull gcr.io/px-docker-repo/connecteam/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG && \
          docker tag gcr.io/px-docker-repo/connecteam/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG localhost:5001/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG && \
          docker push localhost:5001/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG

      - name: deploy mock collector
        run: |
          helm install mock-collector ./deploy_charts/mock-collector/charts/mock-collector \
            --set image.repository=localhost:5001/mock-collector \
            --set image.tag=$MOCK_COLLECTOR_IMAGE_TAG \
            --set imagePullPolicy=Always --wait

      - name: set secrets in enforcer config
        run: |
          cat ./ci_files/enforcer-config.json |\
          jq '.px_app_id="${{ secrets.PX_APP_ID }}"' |\
          jq '.px_cookie_secret="${{ secrets.TEST_COOKIE_SECRET }}"' |\
          jq '.px_auth_token="${{ secrets.PX_AUTH_TOKEN }}"' > /tmp/enforcer-config.json

      - name: log enforcer config
        run: cat /tmp/enforcer-config.json

      - name: deploy java enforcer
        run: |
          helm install java-enforcer ./deploy_charts/sample-site/charts/sample-site \
          -f ./ci_files/enforcer-values.yaml \
          --set image.name=localhost:5001/java-enforcer-sample-site \
          --set image.tag=$SAMPLE_SITE_IMAGE_TAG \
          --set-file enforcerConfig.content=/tmp/enforcer-config.json \
          --wait

      - name: pull fuzzer image
        run: |
          docker pull gcr.io/px-docker-repo/connecteam/connect-enforcer-fuzzer:$FUZZER_TAG && \
          docker tag gcr.io/px-docker-repo/connecteam/connect-enforcer-fuzzer:$FUZZER_TAG localhost:5001/connect-enforcer-fuzzer:$FUZZER_TAG && \
          docker push localhost:5001/connect-enforcer-fuzzer:$FUZZER_TAG

      - name: run fuzzer
        run: |
          helm install fuzzer ./deploy_charts/fuzzer/charts/fuzzer \
            --set image.repository=localhost:5001/connect-enforcer-fuzzer \
            --set image.tag=$FUZZER_TAG \
            --set appId=$PX_APP_ID \
            --set mode=$FUZZ_MODE \
            --set siteURL=$SITE_URL \
            --wait \
            --timeout 60m0s \
            --wait-for-jobs
        env:
          FUZZ_MODE: ${{ matrix.mode }}
          PX_APP_ID: ${{ secrets.PX_APP_ID }}
          SITE_URL: "http://java-enforcer-sample-site:3000"

      - name: Deployment logs - mock collector
        run: kubectl logs deployment/mock-collector-mock-collector
      - name: Deployment logs - enforcer
        run: kubectl logs deployment/java-enforcer-sample-site

      - name: get tests results
        if: ${{ always() }}
        run: kubectl logs job/fuzzer-enforcer-fuzzer