refactor(core): move security checks to core #2198
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: End-to-end tests | |
on: | |
push: | |
branches: | |
- "**" | |
- "!master" | |
env: | |
PGUSER: moncomptepro | |
PGPASSWORD: moncomptepro | |
PGDATABASE: moncomptepro | |
PGHOST: 127.0.0.1 | |
PGPORT: 5432 | |
BREVO_API_KEY: ${{ secrets.BREVO_API_KEY }} | |
CYPRESS_BASE_URL: http://172.18.0.1:3000 | |
CYPRESS_MAILSLURP_API_KEY: ${{ secrets.MAILSLURP_API_KEY }} | |
DATABASE_URL: postgres://moncomptepro:[email protected]:5432/moncomptepro | |
DEBOUNCE_API_KEY: ${{ secrets.DEBOUNCE_API_KEY }} | |
FEATURE_SEND_MAIL: "True" | |
INSEE_CONSUMER_KEY: ${{ secrets.INSEE_CONSUMER_KEY }} | |
INSEE_CONSUMER_SECRET: ${{ secrets.INSEE_CONSUMER_SECRET }} | |
MONCOMPTEPRO_HOST: http://172.18.0.1:3000 | |
ZAMMAD_TOKEN: ${{ secrets.ZAMMAD_TOKEN }} | |
jobs: | |
test: | |
strategy: | |
# don't fail the entire matrix on failure | |
fail-fast: false | |
matrix: | |
e2e_test: | |
- activate_totp | |
- check_email_deliverability | |
- delete_account | |
- delete_totp | |
- join_and_moderation | |
- join_collectivite_territoriale_official_contact_domain | |
- join_must_confirm | |
- join_org_with_trackdechets_domain | |
- join_org_with_verified_domain | |
- join_with_code_sent_to_official_contact_email | |
- join_with_code_sent_to_official_educ_nat_contact_email | |
- join_with_official_contact_email | |
- reauthenticate_on_admin_page | |
- redirect_after_session_expiration | |
- reset_password | |
- set_info_after_account_provisioning | |
- signin_from_proconnect_federation_client | |
- signin_from_standard_client | |
- signin_with_email_verification | |
- signin_with_email_verification_renewal | |
- signin_with_legacy_scope | |
- signin_with_magic_link | |
- signin_with_right_acr | |
- signin_with_totp | |
- signup_entreprise_unipersonnelle | |
- update_personal_information | |
- update_totp_application | |
runs-on: ubuntu-22.04 | |
services: | |
standard-client: | |
image: ghcr.io/numerique-gouv/proconnect-test-client | |
ports: | |
- 4000:3000 | |
env: | |
SITE_TITLE: standard-client | |
HOST: http://localhost:4000 | |
PC_CLIENT_ID: standard_client_id | |
PC_CLIENT_SECRET: standard_client_secret | |
PC_PROVIDER: ${{ env.MONCOMPTEPRO_HOST }} | |
PC_SCOPES: openid email profile organization | |
ACR_VALUE_FOR_2FA: https://proconnect.gouv.fr/assurance/consistency-checked-2fa | |
STYLESHEET_URL: "" | |
proconnect-federation-client: | |
image: ghcr.io/numerique-gouv/proconnect-test-client | |
ports: | |
- 4001:3000 | |
env: | |
SITE_TITLE: proconnect-federation-client | |
HOST: http://localhost:4001 | |
PC_CLIENT_ID: proconnect_federation_client_id | |
PC_CLIENT_SECRET: proconnect_federation_client_secret | |
PC_PROVIDER: ${{ env.MONCOMPTEPRO_HOST }} | |
PC_SCOPES: openid uid given_name usual_name email siren siret organizational_unit belonging_population phone chorusdt is_service_public is_public_service | |
PC_ID_TOKEN_SIGNED_RESPONSE_ALG: ES256 | |
PC_USERINFO_SIGNED_RESPONSE_ALG: ES256 | |
STYLESHEET_URL: "" | |
LOGIN_HINT: [email protected] | |
ACR_VALUES: eidas1 | |
redis: | |
image: redis:7.2 | |
ports: | |
- 6379:6379 | |
postgres: | |
image: postgres:15.8 | |
env: | |
POSTGRES_USER: ${{ env.PGUSER }} | |
POSTGRES_PASSWORD: ${{ env.PGPASSWORD }} | |
POSTGRES_DB: ${{ env.PGDATABASE }} | |
ports: | |
- 5432:5432 | |
steps: | |
- uses: actions/checkout@v4 | |
- run: docker compose up --build --detach maildev | |
- uses: actions/setup-node@v4 | |
with: | |
cache: "npm" | |
node-version-file: package.json | |
- run: npm ci --include=dev | |
- run: npm run migrate up | |
- run: npm run fixtures:load-ci -- cypress/e2e/${{ matrix.e2e_test }}/fixtures.sql | |
- run: npm run update-organization-info -- 500 | |
- run: npm run build:workspaces | |
- name: Cypress run | |
uses: cypress-io/[email protected] | |
with: | |
wait-on: ${{ env.MONCOMPTEPRO_HOST }}/users/start-sign-in | |
build: npm run build:assets | |
start: npx dotenvx run -f cypress/e2e/${{ matrix.e2e_test }}/env.conf --overload -- npm start | |
install: false | |
spec: cypress/e2e/${{ matrix.e2e_test }}/index.cy.ts | |
env: | |
NODE_ENV: production | |
# Store tests runs in case of failure | |
- uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: cypress-${{ matrix.e2e_test }}-screenshots | |
path: cypress/screenshots | |
- uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: cypress-${{ matrix.e2e_test }}-videos | |
path: cypress/videos |