forked from openwallet-foundation/acapy-plugins
-
Notifications
You must be signed in to change notification settings - Fork 0
149 lines (137 loc) · 6.11 KB
/
oid4vc-conformance-tests.yaml
File metadata and controls
149 lines (137 loc) · 6.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
name: OID4VC Conformance Tests
# Runs the OIDF HAIP conformance suite against ACA-Py OID4VCI issuer and
# OID4VP verifier. The suite is started from source inside Docker Compose and
# all test results are written to a JUnit XML artifact.
#
# Trigger conditions:
# - PR or push that touches oid4vc/** source files
# - Manual run via workflow_dispatch (always runs regardless of changed files)
on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches:
- "**"
paths:
- "oid4vc/**"
push:
branches:
- main
paths:
- "oid4vc/**"
workflow_dispatch:
jobs:
conformance-tests:
name: "OID4VC Conformance Tests"
runs-on: ubuntu-latest
# Skip draft PRs (same policy as integration-tests)
if: |
github.event_name == 'workflow_dispatch' ||
(github.event_name == 'push') ||
(github.event_name == 'pull_request' && github.event.pull_request.draft == false)
timeout-minutes: 90
steps:
# ── Checkout ────────────────────────────────────────────────────────────
- name: Check out repository
uses: actions/checkout@v4
# ── Docker Buildx (enables layer cache via GitHub Actions cache) ────────
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# ── Pre-build ACA-Py issuer image (Rust/isomdl, ~10 min cold) ──────────
# Both issuer and verifier share the same Dockerfile; the verifier build
# hits cache after the issuer build completes.
- name: Build acapy-issuer image
uses: docker/build-push-action@v6
with:
context: .
file: oid4vc/docker/Dockerfile
push: false
load: true
tags: oid4vc-integration-acapy-issuer:latest
build-args: |
ACAPY_VERSION=1.4.0
ISOMDL_BRANCH=fix/python-build-system
cache-from: type=gha,scope=acapy-oid4vc
cache-to: type=gha,mode=max,scope=acapy-oid4vc
- name: Build acapy-verifier image
uses: docker/build-push-action@v6
with:
context: .
file: oid4vc/docker/Dockerfile
push: false
load: true
tags: oid4vc-integration-acapy-verifier:latest
build-args: |
ACAPY_VERSION=1.4.0
ISOMDL_BRANCH=fix/python-build-system
# Issuer + verifier share all layers; use same cache scope.
cache-from: type=gha,scope=acapy-oid4vc
# ── Pre-build OIDF conformance server (Maven build, ~15 min cold) ───────
- name: Build conformance-server image
uses: docker/build-push-action@v6
with:
context: oid4vc/integration/conformance
file: oid4vc/integration/conformance/Dockerfile.server
push: false
load: true
tags: oid4vc-integration-conformance-server:latest
build-args: |
CONFORMANCE_SUITE_BRANCH=master
cache-from: type=gha,scope=conformance-server
cache-to: type=gha,mode=max,scope=conformance-server
# ── Pre-build conformance runner (lightweight Python image) ─────────────
- name: Build conformance-runner image
uses: docker/build-push-action@v6
with:
context: oid4vc/integration
file: oid4vc/integration/conformance/Dockerfile.runner
push: false
load: true
tags: oid4vc-integration-conformance-runner:latest
cache-from: type=gha,scope=conformance-runner
cache-to: type=gha,mode=max,scope=conformance-runner
# ── Run conformance suite ────────────────────────────────────────────────
# DOCKER_PLATFORM is detected automatically by the shell script based on
# `uname -m`; set explicitly here to avoid any ambiguity on CI runners.
- name: Run conformance tests
env:
DOCKER_PLATFORM: linux/amd64
run: |
bash oid4vc/integration/run-conformance-tests.sh run all
# ── Collect results ──────────────────────────────────────────────────────
- name: Upload JUnit test results
if: always()
uses: actions/upload-artifact@v4
with:
name: conformance-junit-results
path: oid4vc/integration/test-results/conformance-junit.xml
if-no-files-found: warn
- name: Publish JUnit test summary
if: always()
uses: mikepenz/action-junit-report@v4
with:
report_paths: "oid4vc/integration/test-results/conformance-junit.xml"
check_name: "OIDF Conformance Results"
fail_on_failure: false
require_tests: false
# ── Collect Docker logs on failure ───────────────────────────────────────
- name: Dump Docker Compose logs
if: failure()
run: |
mkdir -p /tmp/conformance-logs
cd oid4vc/integration
# Capture all service logs for post-mortem analysis
docker compose --profile conformance logs --no-color \
> /tmp/conformance-logs/docker-compose.log 2>&1 || true
docker compose --profile conformance logs --no-color acapy-issuer \
> /tmp/conformance-logs/acapy-issuer.log 2>&1 || true
docker compose --profile conformance logs --no-color acapy-verifier \
> /tmp/conformance-logs/acapy-verifier.log 2>&1 || true
docker compose --profile conformance logs --no-color conformance-server \
> /tmp/conformance-logs/conformance-server.log 2>&1 || true
- name: Upload Docker logs artifact
if: failure()
uses: actions/upload-artifact@v4
with:
name: conformance-docker-logs
path: /tmp/conformance-logs/
retention-days: 7