Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions .github/build-rust/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
name: 'Build Rust WASM'
description: 'Builds a Rust cdylib package to wasm32-wasip1 using the FastEdge compiler image.'
inputs:
rust_package:
description: 'Cargo package name (hyphens allowed; output filename uses underscores)'
required: true
working_directory:
description: 'Directory containing the Cargo workspace (relative to repo root)'
required: true
output_path:
description: 'Destination path for the built .wasm file (relative to repo root)'
required: true

runs:
using: 'composite'
steps:
- name: Build ${{ inputs.rust_package }}
shell: bash
run: |
docker run --rm \
-v ${{ github.workspace }}:/usr/src/myapp \
-w /usr/src/myapp/${{ inputs.working_directory }} \
harbor.p.gc.onl/fastedge/fastedge-apps-compiler:0.0.1 \
cargo build --release --target wasm32-wasip1 --package ${{ inputs.rust_package }}

- name: Copy wasm to output path
shell: bash
run: |
WASM_FILE=$(echo "${{ inputs.rust_package }}" | tr '-' '_').wasm
mkdir -p $(dirname "${{ inputs.output_path }}")
cp "${{ inputs.working_directory }}/target/wasm32-wasip1/release/$WASM_FILE" \
"${{ inputs.output_path }}"
23 changes: 23 additions & 0 deletions .github/setup-harbor-pull/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
name: 'Login to Harbor and Pull Compiler'
description: 'Logs in to the Harbor registry and pulls the FastEdge compiler image.'
inputs:
harbor_login:
description: 'Harbor registry username'
required: true
harbor_password:
description: 'Harbor registry password'
required: true

runs:
using: 'composite'
steps:
- name: Login to Harbor
uses: docker/login-action@v3
with:
registry: harbor.p.gc.onl
username: ${{ inputs.harbor_login }}
password: ${{ inputs.harbor_password }}

- name: Pull FastEdge compiler image
shell: bash
run: docker pull harbor.p.gc.onl/fastedge/fastedge-apps-compiler:0.0.1
47 changes: 47 additions & 0 deletions .github/setup-node/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
name: 'Setup Node.js'
description: 'Sets up Node.js environment and installs dependencies.'
inputs:
node_version:
description: 'Node.js version to use, e.g. 20.x'
required: false
default: '24.12.0'
pnpm_version:
description: 'pnpm version to use, e.g. 10.x'
required: false
default: '10.x'
working_directory:
description: 'Directory to run pnpm install in (relative to repo root)'
required: false
default: '.'

runs:
using: 'composite'
steps:
- name: Use Node.js ${{ inputs.node_version }}
uses: actions/setup-node@v6
with:
node-version: ${{ inputs.node_version }}

- name: Install pnpm
uses: pnpm/action-setup@v4
with:
version: ${{ inputs.pnpm_version }}

- name: Get pnpm store location
shell: bash
run: |
echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV

- name: Setup pnpm cache
uses: actions/cache@v4
with:
path: ${{ env.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-

- name: Install dependencies (pnpm)
shell: bash
working-directory: ${{ inputs.working_directory }}
run: |
pnpm install --frozen-lockfile
263 changes: 263 additions & 0 deletions .github/workflows/publish-edge-sso-templates.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,263 @@
name: Publish edge-sso Templates

on:
workflow_dispatch:
push:
branches:
- feature/saml-app
paths:
- 'edge-sso/**'

jobs:
build_and_publish:
name: Build and publish edge-sso templates
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Import credentials from Vault
uses: hashicorp/vault-action@v3
id: creds
with:
url: https://puppet-vault.gc.onl
token: ${{ secrets.VAULT_TOKEN }}
secrets: |
secret/project_fastedge/harbor-robot-account username | HARBOR_LOGIN ;
secret/project_fastedge/harbor-robot-account password | HARBOR_PASSWORD ;
secret/project_fastedge/gcore_api/preprod/token token | PREPROD_API_KEY ;
secret/project_fastedge/gcore_api/preprod/hostname url | PREPROD_API_URL ;
secret/project_fastedge/gcore_api/prod/token token | PROD_API_KEY ;
secret/project_fastedge/gcore_api/prod/hostname url | PROD_API_URL ;

- name: Login to Harbor and pull compiler
uses: ./.github/setup-harbor-pull
with:
harbor_login: ${{ steps.creds.outputs.HARBOR_LOGIN }}
harbor_password: ${{ steps.creds.outputs.HARBOR_PASSWORD }}

- name: Setup Node.js and install dependencies
uses: ./.github/setup-node
with:
working_directory: edge-sso

# --- Unit tests (no wasm needed — fast gate before any build) ---

- name: Unit tests
working-directory: edge-sso
run: pnpm -C templates/cookie/auth-app test:unit

# --- TypeScript auth-apps ---

- name: Build TS WASM
working-directory: edge-sso
run: pnpm -r --filter '!*cdn-filter' run --if-present build

# --- Rust CDN filters ---

- name: Build gate-only CDN filter
uses: ./.github/build-rust
with:
rust_package: sso-guard-gate-only
working_directory: edge-sso
output_path: edge-sso/templates/gate-only/cdn-filter/wasm/gate_sso_guard.wasm

- name: Build cookie CDN filter
uses: ./.github/build-rust
with:
rust_package: sso-guard-cookie
working_directory: edge-sso
output_path: edge-sso/templates/cookie/cdn-filter/wasm/cookie_sso_guard.wasm

- name: Build header CDN filter
uses: ./.github/build-rust
with:
rust_package: sso-guard-header
working_directory: edge-sso
output_path: edge-sso/templates/header/cdn-filter/wasm/headers_sso_guard.wasm

# --- Integration, filter, and e2e tests (require wasm) ---

- name: Integration tests
working-directory: edge-sso
run: |
pnpm -C templates/cookie/auth-app test
pnpm -C templates/gate-only/auth-app test
pnpm -C templates/header/auth-app test

- name: Filter tests
working-directory: edge-sso
run: |
pnpm -C templates/cookie/cdn-filter test
pnpm -C templates/header/cdn-filter test

- name: E2E tests
working-directory: edge-sso
run: pnpm -C templates/cookie/auth-app test:e2e

# --- Deploy ---
# preprod: always (workflow_dispatch or push to main)
# prod: push to main only

- name: Read sso-gate-only-auth registry
id: gate-only-auth
run: |
echo "descr=$(jq -r '.description' edge-sso/templates/gate-only/auth-app/registry.json)" >> "$GITHUB_OUTPUT"
echo "params=$(jq -c '.params' edge-sso/templates/gate-only/auth-app/registry.json)" >> "$GITHUB_OUTPUT"

- name: Deploy sso-gate-only-auth to preprod
uses: gcore-github-actions/fastedge/deploy-template@v1
with:
api_key: ${{ steps.creds.outputs.PREPROD_API_KEY }}
api_url: ${{ steps.creds.outputs.PREPROD_API_URL }}
wasm_file: edge-sso/templates/gate-only/auth-app/wasm/gate-auth-app.wasm
template_name: sso-gate-only-auth
short_descr: ${{ steps.gate-only-auth.outputs.descr }}
params: ${{ steps.gate-only-auth.outputs.params }}

- name: Deploy sso-gate-only-auth to prod
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
uses: gcore-github-actions/fastedge/deploy-template@v1
with:
api_key: ${{ steps.creds.outputs.PROD_API_KEY }}
api_url: ${{ steps.creds.outputs.PROD_API_URL }}
wasm_file: edge-sso/templates/gate-only/auth-app/wasm/gate-auth-app.wasm
template_name: sso-gate-only-auth
short_descr: ${{ steps.gate-only-auth.outputs.descr }}
params: ${{ steps.gate-only-auth.outputs.params }}

- name: Read sso-gate-only-filter registry
id: gate-only-filter
run: |
echo "descr=$(jq -r '.description' edge-sso/templates/gate-only/cdn-filter/registry.json)" >> "$GITHUB_OUTPUT"
echo "params=$(jq -c '.params' edge-sso/templates/gate-only/cdn-filter/registry.json)" >> "$GITHUB_OUTPUT"

- name: Deploy sso-gate-only-filter to preprod
uses: gcore-github-actions/fastedge/deploy-template@v1
with:
api_key: ${{ steps.creds.outputs.PREPROD_API_KEY }}
api_url: ${{ steps.creds.outputs.PREPROD_API_URL }}
wasm_file: edge-sso/templates/gate-only/cdn-filter/wasm/gate_sso_guard.wasm
template_name: sso-gate-only-filter
short_descr: ${{ steps.gate-only-filter.outputs.descr }}
params: ${{ steps.gate-only-filter.outputs.params }}

- name: Deploy sso-gate-only-filter to prod
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
uses: gcore-github-actions/fastedge/deploy-template@v1
with:
api_key: ${{ steps.creds.outputs.PROD_API_KEY }}
api_url: ${{ steps.creds.outputs.PROD_API_URL }}
wasm_file: edge-sso/templates/gate-only/cdn-filter/wasm/gate_sso_guard.wasm
template_name: sso-gate-only-filter
short_descr: ${{ steps.gate-only-filter.outputs.descr }}
params: ${{ steps.gate-only-filter.outputs.params }}

- name: Read sso-cookie-auth registry
id: cookie-auth
run: |
echo "descr=$(jq -r '.description' edge-sso/templates/cookie/auth-app/registry.json)" >> "$GITHUB_OUTPUT"
echo "params=$(jq -c '.params' edge-sso/templates/cookie/auth-app/registry.json)" >> "$GITHUB_OUTPUT"

- name: Deploy sso-cookie-auth to preprod
uses: gcore-github-actions/fastedge/deploy-template@v1
with:
api_key: ${{ steps.creds.outputs.PREPROD_API_KEY }}
api_url: ${{ steps.creds.outputs.PREPROD_API_URL }}
wasm_file: edge-sso/templates/cookie/auth-app/wasm/cookie-auth-app.wasm
template_name: sso-cookie-auth
short_descr: ${{ steps.cookie-auth.outputs.descr }}
params: ${{ steps.cookie-auth.outputs.params }}

- name: Deploy sso-cookie-auth to prod
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
uses: gcore-github-actions/fastedge/deploy-template@v1
with:
api_key: ${{ steps.creds.outputs.PROD_API_KEY }}
api_url: ${{ steps.creds.outputs.PROD_API_URL }}
wasm_file: edge-sso/templates/cookie/auth-app/wasm/cookie-auth-app.wasm
template_name: sso-cookie-auth
short_descr: ${{ steps.cookie-auth.outputs.descr }}
params: ${{ steps.cookie-auth.outputs.params }}

- name: Read sso-cookie-filter registry
id: cookie-filter
run: |
echo "descr=$(jq -r '.description' edge-sso/templates/cookie/cdn-filter/registry.json)" >> "$GITHUB_OUTPUT"
echo "params=$(jq -c '.params' edge-sso/templates/cookie/cdn-filter/registry.json)" >> "$GITHUB_OUTPUT"

- name: Deploy sso-cookie-filter to preprod
uses: gcore-github-actions/fastedge/deploy-template@v1
with:
api_key: ${{ steps.creds.outputs.PREPROD_API_KEY }}
api_url: ${{ steps.creds.outputs.PREPROD_API_URL }}
wasm_file: edge-sso/templates/cookie/cdn-filter/wasm/cookie_sso_guard.wasm
template_name: sso-cookie-filter
short_descr: ${{ steps.cookie-filter.outputs.descr }}
params: ${{ steps.cookie-filter.outputs.params }}

- name: Deploy sso-cookie-filter to prod
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
uses: gcore-github-actions/fastedge/deploy-template@v1
with:
api_key: ${{ steps.creds.outputs.PROD_API_KEY }}
api_url: ${{ steps.creds.outputs.PROD_API_URL }}
wasm_file: edge-sso/templates/cookie/cdn-filter/wasm/cookie_sso_guard.wasm
template_name: sso-cookie-filter
short_descr: ${{ steps.cookie-filter.outputs.descr }}
params: ${{ steps.cookie-filter.outputs.params }}

- name: Read sso-header-auth registry
id: header-auth
run: |
echo "descr=$(jq -r '.description' edge-sso/templates/header/auth-app/registry.json)" >> "$GITHUB_OUTPUT"
echo "params=$(jq -c '.params' edge-sso/templates/header/auth-app/registry.json)" >> "$GITHUB_OUTPUT"

- name: Deploy sso-header-auth to preprod
uses: gcore-github-actions/fastedge/deploy-template@v1
with:
api_key: ${{ steps.creds.outputs.PREPROD_API_KEY }}
api_url: ${{ steps.creds.outputs.PREPROD_API_URL }}
wasm_file: edge-sso/templates/header/auth-app/wasm/headers-auth-app.wasm
template_name: sso-header-auth
short_descr: ${{ steps.header-auth.outputs.descr }}
params: ${{ steps.header-auth.outputs.params }}

- name: Deploy sso-header-auth to prod
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
uses: gcore-github-actions/fastedge/deploy-template@v1
with:
api_key: ${{ steps.creds.outputs.PROD_API_KEY }}
api_url: ${{ steps.creds.outputs.PROD_API_URL }}
wasm_file: edge-sso/templates/header/auth-app/wasm/headers-auth-app.wasm
template_name: sso-header-auth
short_descr: ${{ steps.header-auth.outputs.descr }}
params: ${{ steps.header-auth.outputs.params }}

- name: Read sso-header-filter registry
id: header-filter
run: |
echo "descr=$(jq -r '.description' edge-sso/templates/header/cdn-filter/registry.json)" >> "$GITHUB_OUTPUT"
echo "params=$(jq -c '.params' edge-sso/templates/header/cdn-filter/registry.json)" >> "$GITHUB_OUTPUT"

- name: Deploy sso-header-filter to preprod
uses: gcore-github-actions/fastedge/deploy-template@v1
with:
api_key: ${{ steps.creds.outputs.PREPROD_API_KEY }}
api_url: ${{ steps.creds.outputs.PREPROD_API_URL }}
wasm_file: edge-sso/templates/header/cdn-filter/wasm/headers_sso_guard.wasm
template_name: sso-header-filter
short_descr: ${{ steps.header-filter.outputs.descr }}
params: ${{ steps.header-filter.outputs.params }}

- name: Deploy sso-header-filter to prod
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
uses: gcore-github-actions/fastedge/deploy-template@v1
with:
api_key: ${{ steps.creds.outputs.PROD_API_KEY }}
api_url: ${{ steps.creds.outputs.PROD_API_URL }}
wasm_file: edge-sso/templates/header/cdn-filter/wasm/headers_sso_guard.wasm
template_name: sso-header-filter
short_descr: ${{ steps.header-filter.outputs.descr }}
params: ${{ steps.header-filter.outputs.params }}
Loading