diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a10529a5a..ac60fc9b6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,7 +6,26 @@ variables: ECR_REGISTRY: '${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com' IDP_WORKER_IMAGE_TAG: 'main' + PIVCAC_CI_SHA: 'sha256:87767eb8daa6703c247d5a4baa5e19eddc58bc051f01070903f24d9f8a6c9267' + +default: + image: '${ECR_REGISTRY}/pivcac/ci@${PIVCAC_CI_SHA}' + +.bundle_install: &bundle_install + - bundle check || bundle install --deployment --jobs=4 --retry=3 --without deploy development doc production --path vendor/ruby + +.build_cache: + - &ruby_cache + key: + files: + - Gemfile.lock + paths: + - vendor/ruby + policy: pull + stages: + - build + - test - review - scan @@ -19,6 +38,102 @@ workflow: - if: '$CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "stages/prod"' - if: '$CI_MERGE_REQUEST_IID || $CI_EXTERNAL_PULL_REQUEST_IID' +install: + stage: build + variables: + RAILS_ENV: test + cache: + - <<: *ruby_cache + policy: pull-push + + script: + - echo "'$CI_PIPELINE_SOURCE'" + - echo "'$CI_MERGE_REQUEST_IID'" + - echo "'$CI_EXTERNAL_PULL_REQUEST_IID'" + - echo 'ok' + - *bundle_install + +specs: + stage: test + cache: + - <<: *ruby_cache + variables: + COVERAGE: 'true' + DOCKER_DB_HOST: db-postgres + POSTGRES_DB: identity_idp_test + POSTGRES_USER: postgres_user + POSTGRES_PASSWORD: postgres_password + POSTGRES_HOST_AUTH_METHOD: trust + RAILS_ENV: test + services: + - name: postgres:13.9 + alias: db-postgres + command: ['--fsync=false', '--synchronous_commit=false', '--full_page_writes=false'] + - name: redis:7.0 + alias: db-redis + artifacts: + expire_in: 31d + when: always + paths: + - coverage/ + - rspec.xml + - rspec.json + reports: + junit: rspec.xml + script: + - *bundle_install + - "echo -e \"test:\n nonce_bloom_filter_server: 'redis://redis:6379/0'\" > config/application.yml" + - bundle exec rake db:setup --trace + - bundle exec rspec --format documentation --format RspecJunitFormatter --out rspec.xml --format json --out rspec.json + +lint: + stage: test + cache: + - <<: *ruby_cache + script: + - *bundle_install + - make lint + +check_certificate_bundle: + stage: test + cache: + - <<: *ruby_cache + variables: + DOCKER_DB_HOST: db-postgres + POSTGRES_DB: identity_idp_test + POSTGRES_USER: postgres_user + POSTGRES_PASSWORD: postgres_password + POSTGRES_HOST_AUTH_METHOD: trust + RAILS_ENV: test + services: + - name: postgres:13.9 + alias: db-postgres + command: ['--fsync=false', '--synchronous_commit=false', '--full_page_writes=false'] + script: + - *bundle_install + - bundle exec rake db:setup --trace + - bundle exec rake certs:check_certificate_bundle + +check_expiring_certificates: + stage: test + cache: + - <<: *ruby_cache + variables: + DOCKER_DB_HOST: db-postgres + POSTGRES_DB: identity_idp_test + POSTGRES_USER: postgres_user + POSTGRES_PASSWORD: postgres_password + POSTGRES_HOST_AUTH_METHOD: trust + RAILS_ENV: test + services: + - name: postgres:13.9 + alias: db-postgres + command: ['--fsync=false', '--synchronous_commit=false', '--full_page_writes=false'] + script: + - *bundle_install + - bundle exec rake db:setup --trace + - bundle exec rake certs:print_expiring + # Build a container image async, and don't block CI tests # Cache intermediate images for 1 week (168 hours) build-pivcac-image: diff --git a/Gemfile b/Gemfile index 62a35248d..95283e3cc 100644 --- a/Gemfile +++ b/Gemfile @@ -43,6 +43,7 @@ group :test do gem 'factory_bot_rails', '>= 5.2.0' gem 'fakefs', require: 'fakefs/safe' gem 'rails-controller-testing', '>= 1.0.4' + gem 'rspec_junit_formatter' gem 'shoulda-matchers', '~> 3.1', '>= 3.1.3', require: false gem 'simplecov', '>= 0.13.0' gem 'timecop' diff --git a/Gemfile.lock b/Gemfile.lock index 19f59a14e..49fc1d800 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -135,7 +135,7 @@ GEM descendants_tracker (0.0.4) thread_safe (~> 0.3, >= 0.3.1) diff-lcs (1.5.0) - docile (1.1.5) + docile (1.4.0) dumb_delegator (0.8.1) equalizer (0.0.11) erubi (1.12.0) @@ -306,6 +306,8 @@ GEM rspec-mocks (~> 3.9) rspec-support (~> 3.9) rspec-support (3.10.3) + rspec_junit_formatter (0.6.0) + rspec-core (>= 2, < 4, != 2.12.0) rubocop (1.50.1) json (~> 2.3) parallel (~> 1.10) @@ -331,11 +333,12 @@ GEM shellany (0.0.1) shoulda-matchers (3.1.3) activesupport (>= 4.0.0) - simplecov (0.13.0) - docile (~> 1.1.0) - json (>= 1.8, < 3) - simplecov-html (~> 0.10.0) - simplecov-html (0.10.2) + simplecov (0.22.0) + docile (~> 1.1) + simplecov-html (~> 0.11) + simplecov_json_formatter (~> 0.1) + simplecov-html (0.12.3) + simplecov_json_formatter (0.1.4) sprockets (4.2.0) concurrent-ruby (~> 1.0) rack (>= 2.2.4, < 4) @@ -399,6 +402,7 @@ DEPENDENCIES redacted_struct (~> 1.0) rgl rspec-rails (>= 3.8.3) + rspec_junit_formatter rubocop rubocop-performance (~> 1.17) rubocop-rails (>= 2.19.0) diff --git a/config/database.yml b/config/database.yml index d1b95b14d..2f2c60da0 100644 --- a/config/database.yml +++ b/config/database.yml @@ -25,6 +25,9 @@ development: test: <<: *defaults + database: <%= ENV['POSTGRES_DB'] || "identity_pki_#{Rails.env}" %> + user: <%= ENV['POSTGRES_USER'] %> + password: <%= ENV['POSTGRES_PASSWORD'] %> production: <<: *defaults diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index c756608da..6254c5cd7 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,8 +1,19 @@ if ENV['COVERAGE'] require 'simplecov' SimpleCov.start 'rails' do + track_files '{app,lib}/**/*.rb' + + add_group 'Controllers', 'app/controllers' + add_group 'Services', 'app/services' + add_group 'Helpers', 'app/helpers' + add_group 'Models', 'app/models' add_filter '/config/' add_filter '/k8files/' + add_filter %r{^/spec/} + add_filter '/vendor/bundle/' + add_filter %r{^/db/} + add_filter %r{^/\.gem/} + add_filter %r{/vendor/ruby/} end end