defenseunicorns · andrewrisse · Aug 23, 2024 · Aug 14, 2024 · Aug 14, 2024 · Aug 14, 2024
@@ -11,12 +11,16 @@ runs:
   using: composite
   steps:
     - name: Setup UDS Environment
-      uses: defenseunicorns/uds-common/.github/actions/setup@05f42bb3117b66ebef8c72ae050b34bce19385f5
+      uses: defenseunicorns/uds-common/.github/actions/setup@822dac4452e6815aadcf09f487406ff258756a0c # v0.14.0
       with:
         username: ${{ inputs.registry1Username }}
         password: ${{ inputs.registry1Password }}
+        udsCliVersion: 0.14.0
+
+    - name: Checkout Repo
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
     - name: Create UDS Cluster
       shell: bash
       run: |
-        make create-uds-cpu-cluster
+        UDS_CONFIG=.github/config/uds-config.yaml make create-uds-cpu-cluster
@@ -0,0 +1,3 @@
+variables:
+  core-slim-dev:
+    INSECURE_ADMIN_PASSWORD_GENERATION: "true"
@@ -0,0 +1,57 @@
+KEYCLOAK_ADMIN_PASSWORD=$(uds zarf tools kubectl get secret -n keycloak keycloak-admin-password -o jsonpath={.data.password} | base64 -d)
+echo "::add-mask::$KEYCLOAK_ADMIN_PASSWORD"
+
+KEYCLOAK_ADMIN_TOKEN=$(curl --location "https://keycloak.admin.uds.dev/realms/master/protocol/openid-connect/token" \
+--http1.1 \
+--header "Content-Type: application/x-www-form-urlencoded" \
+--data-urlencode "username=admin" \
+--data-urlencode "password=${KEYCLOAK_ADMIN_PASSWORD}" \
+--data-urlencode "client_id=admin-cli" \
+--data-urlencode "grant_type=password" | uds zarf tools yq .access_token)
+echo "::add-mask::$KEYCLOAK_ADMIN_TOKEN"
+
+
+curl --location "https://keycloak.admin.uds.dev/admin/realms/uds/users" \
+--http1.1 \
+--header "Content-Type: application/json" \
+--header "Authorization: Bearer ${KEYCLOAK_ADMIN_TOKEN}" \
+--data "{
+  \"username\": \"doug\",
+  \"firstName\": \"Doug\",
+  \"lastName\": \"Unicorn\",
+  \"email\": \"[email protected]\",
+  \"attributes\": {
+    \"mattermostid\": \"1\"
+  },
+  \"emailVerified\": true,
+  \"enabled\": true,
+  \"requiredActions\": [],
+  \"credentials\": [
+    {
+      \"type\": \"password\",
+      \"value\": \"${FAKE_E2E_USER_PASSWORD}\",
+      \"temporary\": false
+    }
+  ]
+}"
+
+CONDITIONAL_OTP_ID=$(curl --location "https://keycloak.admin.uds.dev/admin/realms/uds/authentication/flows/Authentication/executions" \
+--http1.1 \
+--header "Authorization: Bearer ${KEYCLOAK_ADMIN_TOKEN}" | uds zarf tools yq '.[] | select(.displayName == "Conditional OTP") | .id')
+
+curl --location --request PUT "https://keycloak.admin.uds.dev/admin/realms/uds/authentication/flows/Authentication/executions" \
+--http1.1 \
+--header "Content-Type: application/json" \
+--header "Authorization: Bearer ${KEYCLOAK_ADMIN_TOKEN}" \
+--data "{
+\"id\": \"${CONDITIONAL_OTP_ID}\",
+\"requirement\": \"DISABLED\"
+}"
+
+USER=$(curl --location "https://keycloak.admin.uds.dev/admin/realms/uds/users?user=doug" \
+--http1.1 \
+--header "Content-Type: application/json" \
+--header "Authorization: Bearer ${KEYCLOAK_ADMIN_TOKEN}" \
+)
+
+echo "User: $USER"
@@ -17,6 +17,8 @@ on:
       - "!.github/**"
       - ".github/workflows/e2e-playwright.yaml"
       - ".github/actions/uds-cluster/action.yaml"
+      - ".github/actions/scripts/createUser.sh"
+      - ".github/actions/config/uds-config.yaml"
 
       # Ignore docs and website things
       - "!**.md"
@@ -64,20 +66,27 @@ jobs:
           with:
             node-version-file: 'src/leapfrogai_ui/package.json'
 
-        - name: Install UI/Playwright Dependencies
-          run: |
-            npm --prefix src/leapfrogai_ui ci
-            npx --prefix src/leapfrogai_ui playwright install
-
         - name: Setup Python
           uses: ./.github/actions/python
 
+        - name: Generate Fake Playwright User Password
+          id: generate-password
+          run: |
+            PASSWORD=$(cat <(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9!@#$%^&*()_+-=[]{}|;:,.<>?' | head -c 20 | sed 's/\(.\{5\}\)/\1!@/g' | head -c 22))
+            echo "::add-mask::$PASSWORD"
+            echo "FAKE_E2E_USER_PASSWORD=$PASSWORD" >> $GITHUB_ENV
+
         - name: Setup UDS Cluster
           uses: ./.github/actions/uds-cluster
           with:
             registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
             registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
 
+        - name: Create Test User
+          run: |
+            chmod +x ./.github/scripts/createUser.sh
+            ./.github/scripts/createUser.sh
+
         - name: Setup LFAI-API and Supabase
           uses: ./.github/actions/lfai-core
 
@@ -89,14 +98,20 @@ jobs:
           run: |
             python -m pytest ./tests/e2e/test_api.py -v
 
+
         ##########
         # UI
         ##########
+        - name: Install UI/Playwright Dependencies
+          run: |
+            npm --prefix src/leapfrogai_ui ci
+            npx --prefix src/leapfrogai_ui playwright install
+
         - name: Deploy LFAI-UI
           run: |
             make build-ui LOCAL_VERSION=e2e-test
             docker image prune -af
-            uds zarf package deploy packages/ui/zarf-package-leapfrogai-ui-amd64-e2e-test.tar.zst --confirm
+            uds zarf package deploy packages/ui/zarf-package-leapfrogai-ui-amd64-e2e-test.tar.zst --set DISABLE_KEYCLOAK=false --confirm
             rm packages/ui/zarf-package-leapfrogai-ui-amd64-e2e-test.tar.zst
 
         # Run the playwright UI tests using the deployed Supabase endpoint and upload report as an artifact
@@ -105,7 +120,7 @@ jobs:
             cp src/leapfrogai_ui/.env.example src/leapfrogai_ui/.env
             mkdir -p playwright/auth
             touch playwright/auth.user.json
-            SERVICE_ROLE_KEY=$(uds zarf tools kubectl get secret -n leapfrogai supabase-bootstrap-jwt -o jsonpath={.data.service-key} | base64 -d) TEST_ENV=CI PUBLIC_DISABLE_KEYCLOAK=true PUBLIC_SUPABASE_ANON_KEY=$ANON_KEY npm --prefix src/leapfrogai_ui run test:integration:ci
+            SERVICE_ROLE_KEY=$(uds zarf tools kubectl get secret -n leapfrogai supabase-bootstrap-jwt -o jsonpath={.data.service-key} | base64 -d) TEST_ENV=CI USERNAME=doug PASSWORD=$FAKE_E2E_USER_PASSWORD PUBLIC_SUPABASE_ANON_KEY=$ANON_KEY npm --prefix src/leapfrogai_ui run test:integration:ci
 
         # Upload the Playwright report as an artifact
         - name: Archive Playwright Report

@@ -18,7 +18,7 @@ create-uds-gpu-cluster: build-k3d-gpu
 	--set K3D_EXTRA_ARGS="--gpus=all \
 	--image=ghcr.io/defenseunicorns/leapfrogai/k3d-gpu:${LOCAL_VERSION}" --confirm
 
-create-uds-cpu-cluster: build-k3d-gpu
+create-uds-cpu-cluster:
 	@uds deploy k3d-core-slim-dev:${UDS_VERSION} \
 	${ZARF_FLAGS} \
 	--confirm

@@ -20,4 +20,5 @@ zarf-sbom/
 
 
 playwright/.auth
-test-results/
+test-results/
+e2e-report/
@@ -44,16 +44,18 @@ const doKeycloakLogin = async (page: Page) => {
   await page.getByLabel('Password').fill(process.env.PASSWORD!);
   await page.getByRole('button', { name: 'Log In' }).click();
 
-  const totp = new OTPAuth.TOTP({
-    issuer: 'Unicorn Delivery Service',
-    algorithm: 'SHA1',
-    digits: 6,
-    period: 30,
-    secret: process.env.MFA_SECRET!
-  });
-  const code = totp.generate();
-  await page.getByLabel('Six digit code').fill(code);
-  await page.getByRole('button', { name: 'Log In' }).click();
+  if (process.env.TEST_ENV !== 'CI') {
+    const totp = new OTPAuth.TOTP({
+      issuer: 'Unicorn Delivery Service',
+      algorithm: 'SHA1',
+      digits: 6,
+      period: 30,
+      secret: process.env.MFA_SECRET!
+    });
+    const code = totp.generate();
+    await page.getByLabel('Six digit code').fill(code);
+    await page.getByRole('button', { name: 'Log In' }).click();
+  }
 };
 
 const login = async (page: Page) => {