Merge pull request #284 from bcgov/dev

Release - BCeID display name, docs, Directory API v2, UX upgrades

.github/workflows/aps-cypress-e2e.yaml

@@ -2,22 +2,42 @@ name: Build and Deploy Cypress and Execute Tests
 
 on:
   push:
-    branches:
-      - 'util/automation-*'
+    branches: ['util/*automation*']
+
+env:
+  DASHBOARD_PROJECT_ID: ${{ secrets.CY_DASHBOARD_PRJ_ID }}
+  DASHBOARD_RECORD_KEY: ${{ secrets.CY_DASHBOARD_RECORD_KEY }}
+  EXECUTION_ENV: prod
+  GIT_COMMIT_BRANCH: ${{ github.ref_name }}
+  GIT_COMMIT_SHA: ${{ github.sha }}
+  GIT_COMMIT_AUTHOR: ${{ github.actor }}
+  GIT_COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
+  GIT_REPO_URL: ${{ github.repository }}
 
 jobs:
   cypress-run:
     runs-on: ubuntu-latest
     steps:
       - name: Build GWA API Image
         run: |
-          git clone https://github.com/bcgov/gwa-api.git -b feature/add-consumer-service
+          git clone https://github.com/bcgov/gwa-api.git -b dev
           cd gwa-api/microservices/gatewayApi
-          docker build -t gateway-api:e2e-testing .
-      - uses: actions/checkout@v1
+          docker build -t gwa-api:e2e .
+      - name: Checkout Portal
+        uses: actions/checkout@v2
       - name: Spin up API Services Portal and Run E2E Tests
-        run: docker-compose up -d
-      - name: Stop the Containers
+        run: |
+          export CY_EXECUTION_ENV=${{ env.EXECUTION_ENV }}
+          export CY_RECORD_KEY=${{ env.DASHBOARD_RECORD_KEY }}
+          export CY_PROJECT_ID=${{ env.DASHBOARD_PROJECT_ID }}
+          export CY_COMMIT_BRANCH=${{ env.GIT_COMMIT_BRANCH }}
+          export CY_COMMIT_SHA=${{ env.GIT_COMMIT_SHA }}
+          export CY_COMMIT_AUTHOR=${{ env.GIT_COMMIT_AUTHOR }}
+          export CY_COMMIT_MESSAGE="${{ env.GIT_COMMIT_MESSAGE }}"
+          export CY_REPO_URL=${{ env.GIT_REPO_URL }}
+          export CY_COMMIT_AUTHOR_EMAIL=$(git --no-pager show -s --format='%ae' ${{ env.GIT_COMMIT_SHA }})
+          docker-compose up -d
+      - name: Execute Tests & Clean Up
         run: |
           while true; do
             if [ "$(docker ps -aq -f status=exited -f name=cypress-e2e)" ]; then
@@ -29,8 +49,45 @@ jobs:
               sleep 1m
             fi
           done
-      - name: Upload E2E Test Report as Artifact
+
+      - name: Upload E2E Test Results Report
         uses: actions/upload-artifact@v2
         with:
-          name: report
+          name: test-results
           path: ${{ github.workspace }}/e2e/results/report
+
+      - name: Upload E2E Code Coverage Report
+        uses: actions/upload-artifact@v2
+        with:
+          name: code-coverage
+          path: ${{ github.workspace }}/e2e/coverage
+
+      - name: Format LCOV Report
+        run: |
+          sudo sed  -i -r 's/\.*\/app\/nextapp\///g' ./e2e/coverage/lcov.info
+
+      - name: SonarCloud Scan
+        uses: sonarsource/sonarcloud-github-action@master
+        with:
+          args: >
+            -Dsonar.organization=bcgov-oss
+            -Dsonar.projectKey=aps-portal-e2e
+            -Dsonar.host.url=https://sonarcloud.io
+            -Dsonar.sources=src/nextapp
+            -Dsonar.javascript.lcov.reportPaths=./e2e/coverage/lcov.info
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+      - name: Check for failed tests and create Issue
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          FAILURE_COUNT=$(cat ${{ github.workspace }}/e2e/results/bcgov-aps-e2e-report.json | jq '.stats.failures')
+          if [[ "$FAILURE_COUNT" -gt 0 ]]; then
+            FAILED_TESTS=$(cat ${{ github.workspace }}/e2e/results/bcgov-aps-e2e-report.json | jq '.results | .[] | .suites | .[].tests | .[] | select(.fail==true) | .title')
+            STATS=$(cat ${{ github.workspace }}/e2e/results/bcgov-aps-e2e-report.json | jq '.stats')
+            echo -e "Stats: $STATS\n\nFailed Tests:\n$FAILED_TESTS\n\nRun Link: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" > msg
+            export MSG=$(cat msg)
+            gh issue create --title "FAILED: Automated Tests($FAILURE_COUNT)" --body "$MSG" --label "automation" --assignee "${{ env.GIT_COMMIT_AUTHOR }}"
+          fi

.github/workflows/ci-feat-sonar.yaml

@@ -2,7 +2,7 @@ name: Sonar Scanner
 
 on:
   push:
-    branches: [dev,feat/*]
+    branches: [dev, feat/*]
 
 env:
   REGISTRY: ghcr.io
@@ -29,6 +29,13 @@ jobs:
 
       - name: SonarCloud Scan
         uses: sonarsource/sonarcloud-github-action@master
+        with:
+          args: >
+            -Dsonar.organization=bcgov-oss
+            -Dsonar.projectKey=aps-portal-e2e
+            -Dsonar.host.url=https://sonarcloud.io
+            -Dsonar.sources=src/auth,src/authz,src/batch,src/services
+            -Dsonar.javascript.lcov.reportPaths=./src/__coverage__/lcov.info
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.gitignore

@@ -115,4 +115,7 @@ kc.js
 .config
 
 # vs code settings
-.vscode
+.vscode
+e2e/cypress/fixtures/*-plugin.yml
+e2e/cypress/fixtures/state/*.pub
+e2e/cypress/fixtures/state/*.pem

docker-compose.yml

@@ -65,7 +65,7 @@ services:
       - keycloak
     build:
       context: .
-      dockerfile: Dockerfile
+      dockerfile: ./local/portal/Dockerfile.E2E
     env_file:
       - .env.local
     ports:
@@ -104,16 +104,27 @@ services:
     networks:
       - aps-net
   cypress:
-    image: 'aps-cypress-e2e:latest'
+    image: aps-cypress-e2e:latest
     container_name: cypress-e2e
     entrypoint: sh -c "chmod +x /tmp/entrypoint.sh && /tmp/entrypoint.sh"
+    environment:
+      - CYPRESS_RECORD_KEY=${CY_RECORD_KEY}
+      - CYPRESS_PROJECT_ID=${CY_PROJECT_ID}
+      - RUN_ENV=${CY_EXECUTION_ENV}
+      - COMMIT_INFO_BRANCH=${CY_COMMIT_BRANCH}
+      - COMMIT_INFO_SHA=${CY_COMMIT_SHA}
+      - COMMIT_INFO_AUTHOR=${CY_COMMIT_AUTHOR}
+      - COMMIT_INFO_MESSAGE=${CY_COMMIT_MESSAGE}
+      - COMMIT_INFO_REMOTE=${CY_REPO_URL}
+      - COMMIT_INFO_EMAIL=${CY_COMMIT_AUTHOR_EMAIL}
     depends_on:
       - feeder-seeding
     build:
       context: ./e2e
       dockerfile: Dockerfile
     volumes:
-      - ./e2e/results/report:/e2e/results/report
+      - ./e2e/coverage:/e2e/coverage
+      - ./e2e/results:/e2e/results
     networks:
       - aps-net
   kong-db:
@@ -155,6 +166,9 @@ services:
     depends_on:
       - kong-migrations
       - kong-migrations-up
+    build:
+      context: local/kong
+      dockerfile: Dockerfile
     environment:
       <<: *common-variables
       KONG_ADMIN_ACCESS_LOG: /dev/stdout
@@ -183,10 +197,10 @@ services:
     networks:
       aps-net:
         aliases:
-          - redis.localtest.me
-  gwa-gateway-api:
-    image: ghcr.io/bcgov/gwa-api/gwa-gateway-api:dev
-    container_name: gwa-gateway-api
+          - redis-master
+  gwa-api:
+    image: gwa-api:e2e
+    container_name: gwa-api
     entrypoint: sh -c "chmod +x /tmp/gwa/entrypoint.sh && sh /tmp/gwa/entrypoint.sh"
     ports:
       - 2000:2000
@@ -199,5 +213,18 @@ services:
       aps-net:
         aliases:
           - gwa-api.localtest.me
+  cypress-jwks-url:
+    build:
+      context: ./local/cypress-jwks-url
+      dockerfile: Dockerfile
+    volumes:
+      - ./local/cypress-jwks-url:/src
+    command: npm start
+    ports:
+      - '3500:3500'
+    networks:
+      aps-net:
+        aliases:
+          - cypress-jwks-url.localtest.me
 networks:
   aps-net: {}

docs/flows/README.md

@@ -1,45 +1,31 @@
-# Process Flows
+# Key Flows
 
-# Credential Issuers
+## API Owner Login
 
-| Flow                           | Mode      | Registration            | Management                                             |
-|--------------------------------|-----------|-------------------------|--------------------------------------------------------|
-| Oauth2 Client Credentials Flow | Automatic | Anonymous Client Reg    | manage-clients (delete, activate, role assignment)     |
-| Oauth2 Client Credentials Flow | Automatic | Managed (create-client) | Registration Token (delete, activate, role assignment) |
-| Oauth2 Client Credentials Flow | Automatic | Initial Access Token    | Registration Token (delete, activate, role assignment) |
-| Oauth2 Authorization Code Flow | Automatic | N/A                     | manage-users (role assignment)                         |
-| Oauth2 Client Credentials Flow | Manual    | Anonymous Client Reg    | N/A                                                    |
-| Oauth2 Client Credentials Flow | Manual    | Managed (create-client) | N/A                                                    |
-| Oauth2 Client Credentials Flow | Manual    | Initial Access Token    | N/A                                                    |
-| Oauth2 Authorization Code Flow | Manual    | N/A                     | N/A                                                    |
-| Kong API Key with ACL Flow     | Automatic | Via Portal              | Via Portal                                             |
+![API Owner Login](./images/api-owner-login.png)
 
-## Onboarding a new API
+## Switch Namespace
 
-The USER-JOURNEY.md documentation under `gwa-api` provides the steps required to configure the Gateway and make the API available for discovery.
+![Switch Namespace](./images/switch-namespace.png)
 
-![New API](./images/NewAPI.png)
+## Create Service Account
 
+![Create Service Account](./images/create-service-account.png)
 
-[new-api websequencediagram](new-api.md)
+## Request Access
 
-## Support Authentication Flows
+![Request Access](./images/request-access.png)
 
-### API Key w/ ACL
+## Approve Access
 
-![API Key](./images/ApiKey.png)
+![Approve Access](./images/approve-access.png)
 
-### Anonymous Client Registration (auto issuing)
+## Maintain Consumer
 
-In this scenario, the APS Portal requires the `manage-clients` role in the Realm of the particular OIDC Provider.
+### Maintain Consumer Roles
 
-![Anon Reg with Auto Issuing](./images/AnonReg.png)
+![Maintain Consumer Roles](./images/maintain-consumer-roles.png)
 
-### Others
-
-* OIDC with Anonymous Client Registration (manage-clients) (auto enable) - API Portal has `manage-clients`
-* OIDC with Anonymous Client Registration (manually enable) - API Portal has no authorization
-* OIDC with Managed Client Registration (manage-clients) (auto enable) - API Portal has `manage-clients`
-* OIDC with Managed Client Registration (create-client) (manually enable) - API Portal has `create-client`
-* OIDC with IAT Client Registration - API Portal has limited `create-client` permissions
+### Maintain Consumer Scopes
 
+![Maintain Consumer Scopes](./images/maintain-consumer-scopes.png)