Update develop/v1 CI (#862)

* Update CI for develop/v1 * Update smoke as well * silence warning * regenerate file * Update stale action version * See if this allows us to bypass azure only when necessary * run apt-get update as well * Update ci.yml as well * remove sed magic * Check which algorithms are available before running tests * log skipped algorithms
lestrrat-go · Jun 14, 2023 · 9d988d3 · 9d988d3
1 parent 1753b7c
commit 9d988d3
Show file tree

Hide file tree

Showing 7 changed files with 105 additions and 49 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -11,23 +11,25 @@ jobs:
     strategy:
       matrix:
         go_tags: [ 'stdlib', 'goccy', 'es256k', 'all']
-        go: [ '1.17.x', '1.16.x' ]
+        go: [ '1.19.x', '1.18.x' ]
     name: "Test [ Go ${{ matrix.go }} / Tags ${{ matrix.go_tags }} ]"
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Cache Go modules
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: |
             ~/go/pkg/mod
             ~/.cache/go-build
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go-
+      - name: Munge APT Repositories
+        run: curl --connect-timeout 1 https://azure.archive.ubuntu.com || (sudo sed -i 's/azure\.//' /etc/apt/sources.list && sudo apt-get update)
       - name: Install Go stable version
         if: matrix.go != 'tip'
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
         with:
           go-version: ${{ matrix.go }}
       - name: Install Go tip
@@ -42,13 +44,14 @@ jobs:
       - name: Install stringer
         run: go install golang.org/x/tools/cmd/stringer@latest
       - name: Install jose
-        run: sudo apt-get install -y --no-install-recommends jose
+        run: |
+          sudo apt-get install -y --no-install-recommends jose
       - run: make generate
       - name: Test with coverage
         run: make cover-${{ matrix.go_tags }}
       - name: Upload code coverage to codecov
         if: matrix.go == '1.17.x'
-        uses: codecov/codecov-action@v1
+        uses: codecov/codecov-action@v3
         with:
           file: ./coverage.out
       - name: Check difference between generation code and commit code

diff --git a/.github/workflows/smoke.yml b/.github/workflows/smoke.yml
@@ -14,22 +14,24 @@ jobs:
     strategy:
       matrix:
         go_tags: [ 'stdlib', 'goccy', 'es256k', 'all' ]
-        go: [ '1.17.x', '1.16.x' ]
+        go: [ '1.19.x', '1.18.x' ]
     name: "Smoke [ Go ${{ matrix.go }} / Tags ${{ matrix.go_tags }} ]"
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Cache Go modules
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: |
             ~/go/pkg/mod
             ~/.cache/go-build
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go-
+      - name: Munge APT Repositories
+        run: curl --connect-timeout 1 https://azure.archive.ubuntu.com || (sudo sed -i 's/azure\.//' /etc/apt/sources.list && sudo apt-get update)
       - name: Install Go stable version
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
         with:
           go-version: ${{ matrix.go }}
       - name: Install stringer

diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -7,7 +7,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v4
+      - uses: actions/stale@v7
         with:
           stale-issue-message: 'This issue is stale because it has been open 14 days with no activity. Remove stale label or comment or this will be closed in 7 days.'
           stale-pr-message: 'This PR is stale because it has been open 14 days with no activity. Remove stale label or comment or this will be closed in 14 days.'

diff --git a/internal/jose/jose.go b/internal/jose/jose.go
@@ -1,6 +1,7 @@
 package jose
 
 import (
+	"bufio"
 	"bytes"
 	"context"
 	"fmt"
@@ -83,6 +84,41 @@ func RunJoseCommand(ctx context.Context, t *testing.T, args []string, outw, errw
 	return nil
 }
 
+type AlgorithmSet struct {
+	data map[string]struct{}
+}
+
+func NewAlgorithmSet() *AlgorithmSet {
+	return &AlgorithmSet{
+		data: make(map[string]struct{}),
+	}
+}
+
+func (set *AlgorithmSet) Add(s string) {
+	set.data[s] = struct{}{}
+}
+
+func (set *AlgorithmSet) Has(s string) bool {
+	_, ok := set.data[s]
+	return ok
+}
+
+func Algorithms(ctx context.Context, t *testing.T) (*AlgorithmSet, error) {
+	var buf bytes.Buffer
+	if err := RunJoseCommand(ctx, t, []string{"alg"}, &buf, nil); err != nil {
+		return nil, errors.Wrap(err, `failed to generate jose tool's supported algorithms`)
+	}
+
+	set := NewAlgorithmSet()
+
+	scanner := bufio.NewScanner(&buf)
+	for scanner.Scan() {
+		alg := scanner.Text()
+		set.Add(alg)
+	}
+	return set, nil
+}
+
 // GenerateJwk creates a new key using the jose tool, and returns its filename and
 // a cleanup function.
 // The caller is responsible for calling the cleanup

diff --git a/jwa/elliptic_gen.go b/jwa/elliptic_gen.go
@@ -10,7 +10,7 @@ import (
 	"github.com/pkg/errors"
 )
 
-//  EllipticCurveAlgorithm represents the algorithms used for EC keys
+// EllipticCurveAlgorithm represents the algorithms used for EC keys
 type EllipticCurveAlgorithm string
 
 // Supported values for EllipticCurveAlgorithm

diff --git a/jwa/internal/cmd/gentypes/main.go b/jwa/internal/cmd/gentypes/main.go
@@ -110,7 +110,7 @@ func _main() error {
 		},
 		{
 			name:     `EllipticCurveAlgorithm`,
-			comment:  ` EllipticCurveAlgorithm represents the algorithms used for EC keys`,
+			comment:  `EllipticCurveAlgorithm represents the algorithms used for EC keys`,
 			filename: `elliptic_gen.go`,
 			elements: []element{
 				{

diff --git a/jwx_test.go b/jwx_test.go
@@ -17,6 +17,7 @@ import (
 	"github.com/lestrrat-go/jwx/jwe"
 	"github.com/lestrrat-go/jwx/jwk"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestShowBuildInfo(t *testing.T) {
@@ -173,43 +174,57 @@ func TestJoseCompatibility(t *testing.T) {
 		}
 	})
 	t.Run("jwe", func(t *testing.T) {
+		// For some reason "jose" does not come with RSA-OAEP on some platforms.
+		// In order to avoid doing this in an ad-hoc way, we're just going to
+		// ask our jose package for the algorithms that it supports, and generate
+		// the list dynamically
+
 		t.Parallel()
-		tests := []interopTest{
-			{jwa.RSA1_5, jwa.A128GCM},
-			{jwa.RSA1_5, jwa.A128CBC_HS256},
-			{jwa.RSA1_5, jwa.A256CBC_HS512},
-			{jwa.RSA_OAEP, jwa.A128GCM},
-			{jwa.RSA_OAEP, jwa.A128CBC_HS256},
-			{jwa.RSA_OAEP, jwa.A256CBC_HS512},
-			{jwa.RSA_OAEP_256, jwa.A128GCM},
-			{jwa.RSA_OAEP_256, jwa.A128CBC_HS256},
-			{jwa.RSA_OAEP_256, jwa.A256CBC_HS512},
-			{jwa.ECDH_ES, jwa.A128GCM},
-			{jwa.ECDH_ES, jwa.A256GCM},
-			{jwa.ECDH_ES, jwa.A128CBC_HS256},
-			{jwa.ECDH_ES, jwa.A256CBC_HS512},
-			{jwa.ECDH_ES_A128KW, jwa.A128GCM},
-			{jwa.ECDH_ES_A128KW, jwa.A128CBC_HS256},
-			{jwa.ECDH_ES_A256KW, jwa.A256GCM},
-			{jwa.ECDH_ES_A256KW, jwa.A256CBC_HS512},
-			{jwa.A128KW, jwa.A128GCM},
-			{jwa.A128KW, jwa.A128CBC_HS256},
-			{jwa.A256KW, jwa.A256GCM},
-			{jwa.A256KW, jwa.A256CBC_HS512},
-			{jwa.A128GCMKW, jwa.A128GCM},
-			{jwa.A128GCMKW, jwa.A128CBC_HS256},
-			{jwa.A256GCMKW, jwa.A256GCM},
-			{jwa.A256GCMKW, jwa.A256CBC_HS512},
-			{jwa.PBES2_HS256_A128KW, jwa.A128GCM},
-			{jwa.PBES2_HS256_A128KW, jwa.A128CBC_HS256},
-			{jwa.PBES2_HS384_A192KW, jwa.A192GCM},
-			{jwa.PBES2_HS384_A192KW, jwa.A192CBC_HS384},
-			{jwa.PBES2_HS512_A256KW, jwa.A256GCM},
-			{jwa.PBES2_HS512_A256KW, jwa.A256CBC_HS512},
-			{jwa.DIRECT, jwa.A128GCM},
-			{jwa.DIRECT, jwa.A128CBC_HS256},
-			{jwa.DIRECT, jwa.A256GCM},
-			{jwa.DIRECT, jwa.A256CBC_HS512},
+		ctx, cancel := context.WithCancel(context.Background())
+		defer cancel()
+		set, err := jose.Algorithms(ctx, t)
+		require.NoError(t, err)
+
+		var tests []interopTest
+
+		for _, keyenc := range []jwa.KeyEncryptionAlgorithm{jwa.RSA1_5, jwa.RSA_OAEP, jwa.RSA_OAEP_256} {
+			if !set.Has(keyenc.String()) {
+				t.Logf("jose does not support key encryption algorithm %q: skipping", keyenc)
+				continue
+			}
+			for _, contentenc := range []jwa.ContentEncryptionAlgorithm{jwa.A128GCM, jwa.A128CBC_HS256, jwa.A256CBC_HS512} {
+				tests = append(tests, interopTest{keyenc, contentenc})
+			}
+		}
+
+		for _, keyenc := range []jwa.KeyEncryptionAlgorithm{jwa.ECDH_ES, jwa.ECDH_ES_A128KW, jwa.A128KW, jwa.A128GCMKW, jwa.A256KW, jwa.A256GCMKW, jwa.PBES2_HS256_A128KW, jwa.DIRECT} {
+			if !set.Has(keyenc.String()) {
+				t.Logf("jose does not support key encryption algorithm %q: skipping", keyenc)
+				continue
+			}
+			for _, contentenc := range []jwa.ContentEncryptionAlgorithm{jwa.A128GCM, jwa.A128CBC_HS256} {
+				tests = append(tests, interopTest{keyenc, contentenc})
+			}
+		}
+
+		for _, keyenc := range []jwa.KeyEncryptionAlgorithm{jwa.ECDH_ES, jwa.ECDH_ES_A256KW, jwa.A256KW, jwa.A256GCMKW, jwa.PBES2_HS512_A256KW, jwa.DIRECT} {
+			if !set.Has(keyenc.String()) {
+				t.Logf("jose does not support key encryption algorithm %q: skipping", keyenc)
+				continue
+			}
+			for _, contentenc := range []jwa.ContentEncryptionAlgorithm{jwa.A256GCM, jwa.A256CBC_HS512} {
+				tests = append(tests, interopTest{keyenc, contentenc})
+			}
+		}
+
+		for _, keyenc := range []jwa.KeyEncryptionAlgorithm{jwa.PBES2_HS384_A192KW} {
+			if !set.Has(keyenc.String()) {
+				t.Logf("jose does not support key encryption algorithm %q: skipping", keyenc)
+				continue
+			}
+			for _, contentenc := range []jwa.ContentEncryptionAlgorithm{jwa.A192GCM, jwa.A192CBC_HS384} {
+				tests = append(tests, interopTest{keyenc, contentenc})
+			}
 		}
 
 		for _, test := range tests {