Restore the Stepup E2E behat tests

.github/workflows/build-push-test-docker-image.yml

@@ -0,0 +1,50 @@
+name: build-push-test-docker-image
+
+on:
+  workflow_dispatch:
+
+jobs:
+  build-push-test-docker-image:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set docker labels and tags
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/openconext/OpenConext-devconf/OpenConext-devconf
+          flavor: |
+            latest=false
+            suffix=-test
+          tags: |
+            type=ref,event=tag
+            type=semver,pattern={{version}}
+            type=sha
+            type=raw,suffix=,value=test
+
+      - name: Build and push the TEST image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: stepup/tests/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/stepup-behat.yml

@@ -0,0 +1,43 @@
+name: stepup-behat
+on:
+  pull_request:
+  push:
+    branches: [ main, feature/*, bugfix/* ]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    env:
+      DOCKER_COMPOSE: docker compose -f docker-compose.yml -f docker-compose-behat.yml
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+      - name: Get Composer Cache Directory
+        id: composer-cache
+        run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+      - uses: actions/cache@v2
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-
+      - name: Init environment
+        run: |
+          cd stepup
+          cp .env.test .env
+          cp gateway/surfnet_yubikey.yaml.dist gateway/surfnet_yubikey.yaml
+          ${DOCKER_COMPOSE} up -d
+      - name: Install composer dependencies on the Behat container
+        run: |
+          cd stepup
+          ${DOCKER_COMPOSE} exec -T behat bash -lc "composer install --ignore-platform-reqs -n"
+      - name: Sleep for 10 seconds
+        run: sleep 10s
+      - name: Run Behat tests
+        run: |
+          cd stepup
+          docker exec -t stepup-behat-1 bash -lc "./behat"
+      - name: Output logs on failure
+        if: failure()
+        run: |
+          cd stepup
+          ${DOCKER_COMPOSE} logs

stepup/.env.test

@@ -0,0 +1,2 @@
+APP_ENV=smoketest
+STEPUP_VERSION:test

stepup/README.md

@@ -74,6 +74,70 @@ To mount the code in multiple containers:
 You can add as many services+local code paths that you need.
 The recommended way is to use absolute paths and the script requires the name of the service and local code path to be separated by a `:`, for each service.
 
+# Accessing the database from your IDE
+The Maria DB container exposes her 3306 port to the outside. So you should be able to connect to the database with 
+your favorite DBA tool. In PHPStorm I was able to connect to the `mariadb` host by using these setting.
+
+```
+host: localhost
+user: root
+password: you know the secret ;)
+```
+
 # PHP 8.2 for development
 The default development container is based on the base image with PHP7.2. You can override this on a per service basis. Uncomment the appropiate line for this in the file ".env" so it uses the PHP8.2 container. An .env.dist is included that you can use to have your own .env. file. .env is in .gitigore so you can make your own changes.
 
+# Functional testing
+The stepup application suite comes with a set of Behat (Gherkin) features. These features test the stepup applications
+functionally. These tests range from simple smoketests (can we still vet a token), to more bug report driven 
+functional tests. And everything in between.
+
+These tests live in this folder: `stepup/tests/behat/features`
+
+Custom Contexts where created to perform Stepup specific actions. Some details about these contexts can be read about below.
+
+## Running the tests
+1. The tests are automatically triggered on GitHub Actions when building a Pull Request. The action is named: [`stepup-behat`](https://github.com/OpenConext/OpenConext-devconf/actions/workflows/stepup-behat.yml)
+2. Run them manually.
+
+Step two can be achieved by following these actions.
+
+1: You must instruct the `devconf` environment that you want to run functional tests.
+1. Option 1: Copy the `.env.test` to be the `.env`
+2. Option 2: Add these two lines to your existing `.env` file
+
+```shell
+APP_ENV=smoketest
+STEPUP_VERSION=test
+```
+
+2: Next you should start the devconf containers in test mode
+1. `$ ./start-dev-env.sh` will start the environment using test images for every component.
+2. `$ ./start-dev-env.sh selfservice:/path/to/SelfService` to start certain components with local code mounted (useful during development)
+3. Choose if you want to run the containers in the back- or foreground.
+
+3: Once the containers are up and running, you can run the behat tests
+1. Open a shell in the `behat` container `$ docker exec -it stepup-behat-1 bash`
+2. Run the tests:
+   1. `./behat` will run all available behat tests that are not excluded using the `@SKIP` tag
+   2. `./behat features/ra.feature` will only run the `ra.feature` found in the features folder
+   3. `./behat features/ra.feature:20` will only run the scenario found on line 20 of the `ra.feature`
+   4. TODO: `./behat --filter=selfservice` will only run features marked with the `@selfservice` tag
+
+## Writing tests
+Many of the step definitions are coded in our own Contexts. These contexts are divided into five main contexts.
+It should be straightforward where to add new definitions. The contexts are not following all the clean code or solid principles. This code is messy, be warned. 
+
+It can be useful during debugging to use the `$this->diePrintingContent();` statement. This outputs the URI of the browser, and the last received html response. As it is hard to step debug the code that is run in a CURL based browser.
+
+TODO: Mark your tests with at least one of the pre-defined tags:
+
+`selfservice`
+`ra`
+`gateway`
+`middleware`
+`tiqr`
+`demogssp`
+`webauthn`
+
+Note that these tags match the `devconf` names given to the different components.

stepup/azuremfa/docker-compose.override.yml

@@ -4,5 +4,5 @@ services:
     volumes:
       - ${AZUREMFA_CODE_PATH}:/var/www/html
     environment:
-      - APP_ENV=dev
+      - APP_ENV=${APP_ENV:-dev}
       - APP_DEBUG=true

stepup/dbschema/createdbs.sql

@@ -2,25 +2,39 @@ CREATE DATABASE IF NOT EXISTS webauthn;
 CREATE DATABASE IF NOT EXISTS tiqr;
 CREATE DATABASE IF NOT EXISTS gateway;
 CREATE DATABASE IF NOT EXISTS middleware;
+CREATE DATABASE IF NOT EXISTS webauthn_test;
+CREATE DATABASE IF NOT EXISTS tiqr_test;
+CREATE DATABASE IF NOT EXISTS gateway_test;
+CREATE DATABASE IF NOT EXISTS middleware_test;
 
 CREATE USER IF NOT EXISTS 'webauthn_user'@'%' IDENTIFIED BY 'webauthn_secret';
 GRANT ALL PRIVILEGES ON webauthn.* TO 'webauthn_user'@'%';
+GRANT ALL PRIVILEGES ON webauthn_test.* TO 'webauthn_user'@'%';
 
 CREATE USER IF NOT EXISTS 'tiqr_user'@'%' IDENTIFIED BY 'tiqr_secret';
 GRANT ALL PRIVILEGES ON tiqr.* TO 'tiqr_user'@'%';
+GRANT ALL PRIVILEGES ON tiqr_test.* TO 'tiqr_user'@'%';
 
 CREATE USER IF NOT EXISTS 'gateway_user'@'%' IDENTIFIED BY 'gateway_secret';
 GRANT SELECT ON gateway.* TO 'gateway_user'@'%';
+GRANT SELECT ON gateway_test.* TO 'gateway_user'@'%';
 
 CREATE USER IF NOT EXISTS 'middleware_user'@'%' IDENTIFIED BY 'middleware_secret';
 GRANT SELECT,INSERT,DELETE,UPDATE ON middleware.* TO 'middleware_user'@'%';
+GRANT SELECT,INSERT,DELETE,UPDATE ON middleware_test.* TO 'middleware_user'@'%';
 
 CREATE USER IF NOT EXISTS 'mw_gateway_user'@'%' IDENTIFIED BY 'mw_gateway_secret';
 GRANT SELECT,INSERT,DELETE,UPDATE ON gateway.* TO 'mw_gateway_user'@'%';
+GRANT SELECT,INSERT,DELETE,UPDATE ON middleware.* TO 'middleware_user'@'%';
+GRANT SELECT,INSERT,DELETE,UPDATE ON gateway_test.* TO 'mw_gateway_user'@'%';
+GRANT SELECT,INSERT,DELETE,UPDATE ON middleware_test.* TO 'middleware_user'@'%';
 
 CREATE USER IF NOT EXISTS 'mw_deploy_user'@'%' IDENTIFIED BY 'mw_deploy_secret';
 GRANT ALL PRIVILEGES ON gateway.* TO 'mw_deploy_user'@'%' WITH GRANT OPTION;
 GRANT ALL PRIVILEGES ON middleware.* TO 'mw_deploy_user'@'%' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON gateway_test.* TO 'mw_deploy_user'@'%' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON middleware_test.* TO 'mw_deploy_user'@'%' WITH GRANT OPTION;
 
 CREATE USER IF NOT EXISTS 'gw_deploy_user'@'%' IDENTIFIED BY 'gw_deploy_secret';
 GRANT ALL PRIVILEGES ON gateway.* TO 'gw_deploy_user'@'%';
+GRANT ALL PRIVILEGES ON gateway_test.* TO 'gw_deploy_user'@'%';

stepup/demogssp/docker-compose.override.yml

@@ -4,5 +4,5 @@ services:
     volumes:
       - ${DEMOGSSP_CODE_PATH}:/var/www/html
     environment:
-      - APP_ENV=dev
+      - APP_ENV=${APP_ENV:-dev}
       - APP_DEBUG=true

stepup/docker-compose-behat.yml

@@ -0,0 +1,13 @@
+version: '3.8'
+
+services:
+
+  behat: 
+    image: ghcr.io/openconext/openconext-devconf/openconext-devconf:test
+    environment:
+      - APP_ENV=${APP_ENV:-prod}
+    networks:
+      openconextdev:
+    volumes:
+      - ${PWD}/:/config
+      - /var/run/docker.sock:/var/run/docker.sock

stepup/docker-compose.yml

@@ -10,29 +10,47 @@ services:
       openconextdev:
         aliases:
           - ra.dev.openconext.local
+          - ssp.dev.openconext.local
+          - selfservice.dev.openconext.local
           - middleware.dev.openconext.local
           - gateway.dev.openconext.local
+          - demogssp.dev.openconext.local
+          - webauthn.dev.openconext.local
           - tiqr.dev.openconext.local
+          - mailcatcher.dev.openconext.local
     hostname: haproxy.docker
 
+
+
   mariadb:
     image: mariadb:10.6
     environment:
       MYSQL_ROOT_PASSWORD: secret
+    ports:
+      - 3306:3306
     networks:
       openconextdev:
     volumes:
       - ${PWD}/dbschema:/docker-entrypoint-initdb.d
       - stepup_mariadb:/var/lib/mysql
     hostname: mariadb.docker
 
+  behat:
+    image: ghcr.io/openconext/openconext-devconf/openconext-devconf:test
+    environment:
+      - APP_ENV=${APP_ENV:-prod}
+    networks:
+      openconextdev:
+    volumes:
+      - ${PWD}/:/config
+      - /var/run/docker.sock:/var/run/docker.sock
+
   webauthn:
-    image: ghcr.io/openconext/stepup-webauthn/stepup-webauthn:prod
+    image: ghcr.io/openconext/stepup-webauthn/stepup-webauthn:${STEPUP_VERSION:-prod}
     ports:
       - 8080:8080
     environment:
-      DATABASE_URL: "mysql://webauthn_user:webauthn_secret@mariadb:3306/webauthn"
-      APP_ENV: prod
+      - APP_ENV=${APP_ENV:-prod}
     volumes:
       - ${PWD}/:/config
     networks:
@@ -51,9 +69,9 @@ services:
 
 
   middleware:
-    image: ghcr.io/openconext/stepup-middleware/stepup-middleware:prod
+    image: ghcr.io/openconext/stepup-middleware/stepup-middleware:${STEPUP_VERSION:-prod}
     environment:
-      - APP_ENV=prod
+      - APP_ENV=${APP_ENV:-prod}
     networks:
       openconextdev:
     volumes:
@@ -63,9 +81,9 @@ services:
     hostname: middleware.docker
 
   gateway:
-    image: ghcr.io/openconext/stepup-gateway/stepup-gateway:prod
+    image: ghcr.io/openconext/stepup-gateway/stepup-gateway:${STEPUP_VERSION:-prod}
     environment:
-      - APP_ENV=prod
+      - APP_ENV=${APP_ENV:-prod}
     networks:
       openconextdev:
     volumes:
@@ -77,9 +95,9 @@ services:
 
 
   ra:
-    image: ghcr.io/openconext/stepup-ra/stepup-ra:prod
+    image: ghcr.io/openconext/stepup-ra/stepup-ra:${STEPUP_VERSION:-prod}
     environment:
-      - APP_ENV=prod
+      - APP_ENV=${APP_ENV:-prod}
     networks:
       openconextdev:
     volumes:
@@ -89,9 +107,9 @@ services:
     hostname: ra.docker
 
   selfservice:
-    image: ghcr.io/openconext/stepup-selfservice/stepup-selfservice:prod
+    image: ghcr.io/openconext/stepup-selfservice/stepup-selfservice:${STEPUP_VERSION:-prod}
     environment:
-      - APP_ENV=prod
+      - APP_ENV=${APP_ENV:-prod}
     networks:
       openconextdev:
     volumes:
@@ -101,41 +119,41 @@ services:
     hostname: selfservice.docker
 
   demogssp:
-    image: ghcr.io/openconext/stepup-gssp-example/stepup-gssp-example:prod
+    image: ghcr.io/openconext/stepup-gssp-example/stepup-gssp-example:${STEPUP_VERSION:-prod}
     environment:
-      - APP_ENV=prod
+      - APP_ENV=${APP_ENV:-prod}
     networks:
       openconextdev:
     volumes:
       - ${PWD}/:/config
     extra_hosts:
       - "host.docker.internal:host-gateway"
     hostname: demogssp.docker
-  
+
   tiqr:
     image: ghcr.io/openconext/stepup-tiqr/stepup-tiqr:prod
     environment:
-      - APP_ENV=prod
+      - APP_ENV=${APP_ENV:-prod}
     networks:
       openconextdev:
     volumes:
       - ${PWD}/:/config
     extra_hosts:
       - "host.docker.internal:host-gateway"
     hostname: tiqr.docker
-  
+
   azuremfa:
-    image: ghcr.io/openconext/stepup-azuremfa/stepup-azuremfa:prod
+    image: ghcr.io/openconext/stepup-azuremfa/stepup-azuremfa:${STEPUP_VERSION:-prod}
     environment:
-      - APP_ENV=prod
+      - APP_ENV=${APP_ENV:-prod}
     networks:
       openconextdev:
     volumes:
       - ${PWD}/:/config
     extra_hosts:
       - "host.docker.internal:host-gateway"
     hostname: azuremfa.docker
-  
+
   mailcatcher:
     image: sj26/mailcatcher:latest
     ports: