chore: Update smb-kerberos workflow

Signed-off-by: Louis Chemineau <louis@chmn.me>
nextcloud · Sep 30, 2024 · 15b695d · 15b695d
1 parent fc6ab73
commit 15b695d
Showing 1 changed file with 31 additions and 58 deletions.
diff --git a/.github/workflows/smb-kerberos.yml b/.github/workflows/smb-kerberos.yml
@@ -1,83 +1,56 @@
 name: Samba Kerberos SSO
 on:
-  push:
-    branches:
-      - master
-      - stable*
-    paths:
-      - "apps/files_external/**"
-      - ".github/workflows/smb-kerberos.yml"
   pull_request:
     paths:
-      - "apps/files_external/**"
-      - ".github/workflows/smb-kerberos.yml"
+      - 'apps/files_external/**'
+      - '.github/workflows/smb-kerberos.yml'
+
+concurrency:
+  group: smb-kerberos-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
 
 jobs:
   smb-kerberos-tests:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
 
     if: ${{ github.repository_owner != 'nextcloud-gmbh' }}
 
-    strategy:
-      fail-fast: false
-      matrix:
-        php-versions: ["7.4", "8.0"]
-
     name: smb-kerberos-sso
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@v2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           submodules: true
+      - name: Checkout user_saml
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          repository: nextcloud/user_saml
+          path: apps/user_saml
+          ref: stable-5.2
       - name: Pull images
         run: |
-          docker pull icewind1991/samba-krb-test-dc
-          docker pull icewind1991/samba-krb-test-apache
-          docker pull icewind1991/samba-krb-test-client
+          docker pull ghcr.io/icewind1991/samba-krb-test-dc
+          docker pull ghcr.io/icewind1991/samba-krb-test-apache
+          docker pull ghcr.io/icewind1991/samba-krb-test-client
+          docker tag ghcr.io/icewind1991/samba-krb-test-dc icewind1991/samba-krb-test-dc
+          docker tag ghcr.io/icewind1991/samba-krb-test-apache icewind1991/samba-krb-test-apache
+          docker tag ghcr.io/icewind1991/samba-krb-test-client icewind1991/samba-krb-test-client
       - name: Setup AD-DC
         run: |
-          cp apps/files_external/tests/*.sh .
-          mkdir data
-          sudo chown -R 33 data apps config
-          DC_IP=$(./start-dc.sh)
-          ./start-apache.sh $DC_IP $PWD
+          DC_IP=$(apps/files_external/tests/sso-setup/start-dc.sh)
+          sleep 1
+          apps/files_external/tests/sso-setup/start-apache.sh $DC_IP $PWD
           echo "DC_IP=$DC_IP" >> $GITHUB_ENV
       - name: Set up Nextcloud
         run: |
-          docker exec --user 33 apache ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass password
-          docker exec --user 33 apache ./occ config:system:set trusted_domains 1 --value 'httpd.domain.test'
-
-          # setup user_saml
-          docker exec --user 33 apache ./occ app:enable user_saml --force
-          docker exec --user 33 apache ./occ config:app:set user_saml type --value 'environment-variable'
-          docker exec --user 33 apache ./occ saml:config:create
-          docker exec --user 33 apache ./occ saml:config:set 1 --general-uid_mapping=REMOTE_USER
-
-          # setup external storage
-          docker exec --user 33 apache ./occ app:enable files_external --force
-          docker exec --user 33 apache ./occ files_external:create smb smb smb::kerberosapache
-          docker exec --user 33 apache ./occ files_external:config 1 host krb.domain.test
-          docker exec --user 33 apache ./occ files_external:config 1 share netlogon
-          docker exec --user 33 apache ./occ files_external:list
+          apps/files_external/tests/sso-setup/setup-sso-nc.sh
       - name: Test SSO
         run: |
-          mkdir /tmp/shared/cookies
-          chmod 0777 /tmp/shared/cookies
-
-          echo "SAML login"
-          ./client-cmd.sh ${{ env.DC_IP }} curl -c /shared/cookies/jar -s --negotiate -u testuser@DOMAIN.TEST: --delegation always http://httpd.domain.test/index.php/apps/user_saml/saml/login
-          echo "Check we are logged in"
-          CONTENT=$(./client-cmd.sh ${{ env.DC_IP }} curl -b /shared/cookies/jar -s --negotiate -u testuser@DOMAIN.TEST: --delegation always http://httpd.domain.test/remote.php/webdav/smb/test.txt)
-          CONTENT=$(echo $CONTENT | head -n 1 | tr -d '[:space:]')
-          [[ $CONTENT == "testfile" ]]
-
-  smb-kerberos-summary:
-    runs-on: ubuntu-latest
-    needs: smb-kerberos-tests
-
-    if: always()
-
-    steps:
-      - name: Summary status
-        run: if ${{ needs.smb-kerberos-tests.result != 'success' }}; then exit 1; fi
+          apps/files_external/tests/sso-setup/test-sso-smb.sh ${{ env.DC_IP }}
+      - name: Show logs
+        if: failure()
+        run: |
+          FILEPATH=$(docker exec --user 33 apache ./occ log:file | grep "Log file:" | cut -d' ' -f3)
+          echo "$FILEPATH:"
+          docker exec --user 33 apache cat $FILEPATH