feat: Add github workflow (#2)

Author: kingluo

.github/workflows/release.yml

@@ -0,0 +1,54 @@
+name: Release
+
+on:
+  push:
+    branches:
+      - "main"
+    paths:
+      - 'rockspec/**'
+
+jobs:
+  release:
+    name: Release
+    runs-on: "ubuntu-20.04"
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Install Lua
+        uses: leafo/gh-actions-lua@v8
+
+      - name: Install Luarocks
+        uses: leafo/gh-actions-luarocks@v4
+
+      - name: Extract release name
+        id: release_env
+        shell: bash
+        run: |
+          title="${{ github.event.head_commit.message }}"
+          re="^feat: release v*(\S+)"
+          if [[ $title =~ $re ]]; then
+              v=v${BASH_REMATCH[1]}
+              echo "##[set-output name=version;]${v}"
+              echo "##[set-output name=version_withou_v;]${BASH_REMATCH[1]}"
+          else
+              echo "commit format is not correct"
+              exit 1
+          fi
+
+      - name: Create Release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ steps.release_env.outputs.version }}
+          release_name: ${{ steps.release_env.outputs.version }}
+          draft: false
+          prerelease: false
+
+      - name: Upload to luarocks
+        env:
+          LUAROCKS_TOKEN: ${{ secrets.LUAROCKS_TOKEN }}
+        run: |
+          luarocks install dkjson
+          luarocks upload rockspec/lua-resty-saml-${{ steps.release_env.outputs.version_withou_v }}-0.rockspec --api-key=${LUAROCKS_TOKEN}

.github/workflows/test.yml

@@ -0,0 +1,40 @@
+name: CI
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+
+jobs:
+  build:
+    runs-on: "ubuntu-20.04"
+    env:
+      OPENRESTY_PREFIX: "/usr/local/openresty"
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: get dependencies
+        run: |
+          sudo apt install -y cpanminus build-essential libncurses5-dev libreadline-dev libssl-dev perl lua5.1 liblua5.1-0-dev libxmlsec1-dev
+
+          # openresty
+          wget -O - https://openresty.org/package/pubkey.gpg | sudo apt-key add -
+          echo "deb http://openresty.org/package/ubuntu $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/openresty.list
+          sudo apt-get update
+          sudo apt-get -y install openresty
+
+          # Test::Nginx
+          sudo cpanm --notest Test::Nginx > build.log 2>&1 || (cat build.log && exit 1)
+
+          # luarocks
+          curl -fsSL https://raw.githubusercontent.com/apache/apisix/master/utils/linux-install-luarocks.sh | sudo sh
+
+      - name: script
+        run: |
+          sudo docker run --rm --name keycloak -d -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin -v $PWD/t/test-realm-keycloak-18.0.2.json:/opt/keycloak/data/import/realm.json quay.io/keycloak/keycloak:18.0.2 start-dev --import-realm
+          sleep 8
+          export PATH=$OPENRESTY_PREFIX/nginx/sbin:$OPENRESTY_PREFIX/luajit/bin:$PATH
+          make test

.gitignore

@@ -1,5 +1,4 @@
 *.o
 *.so
-demo/*
-!demo/logs/.gitkeep
-!demo/nginx.conf
+t/servroot
+deps

Makefile

@@ -1,7 +1,10 @@
-VERSION=0.1
+INST_PREFIX ?= /usr
+INST_LIBDIR ?= $(INST_PREFIX)/lib/lua/5.1
+INST_LUADIR ?= $(INST_PREFIX)/share/lua/5.1
+INSTALL ?= install
 
-# Default locations
 LUA_INCDIR=/usr/local/openresty/luajit/include/luajit-2.1/
+LUAJIT_DIR=/usr/local/openresty/luajit
 
 CC=gcc
 CFLAGS=-g -fPIC -O2
@@ -15,18 +18,33 @@ LDFLAGS_ALL=$(LIBFLAG) $(LDFLAGS) $(XMLSEC1_LDFLAGS)
 .PHONY: build
 build: saml.so
 
+.PHONY: test
+test: build deps
+	prove -r t/
+
 .PHONY: clean
 clean:
 	rm -f *.so *.o
 
 saml.o: src/*.c
 	$(CC) -c $(CFLAGS_ALL) -o saml.o src/saml.c
 
-src/saml.o:
-	$(MAKE) -C src saml.o
-
 lua_saml.o: src/lua_saml.c
 	$(CC) -c $(CFLAGS_ALL) -I$(LUA_INCDIR) -Isrc/ -o $@ $<
 
 saml.so: lua_saml.o saml.o
 	$(CC) -o $@ $^ $(LDFLAGS_ALL)
+
+.PHONY: install
+install:
+	$(INSTALL) -d $(INST_LUADIR)/resty/
+	$(INSTALL) lua/resty/*.lua $(INST_LUADIR)/resty/
+	$(INSTALL) -d $(INST_LIBDIR)/
+	$(INSTALL) saml.so $(INST_LIBDIR)/
+	$(INSTALL) -d $(INST_LUADIR)/resty/saml/xsd/
+	$(INSTALL) xsd/* $(INST_LUADIR)/resty/saml/xsd/
+	$(INSTALL) t/lib/keycloak.lua $(INST_LUADIR)/resty/saml/
+
+.PHONY: deps
+deps:
+	luarocks install --lua-dir=$(LUAJIT_DIR) rockspec/lua-resty-saml-main-0-0.rockspec --tree=deps --only-deps --local

demo/logs/.gitkeep

@@ -0,0 +1,37 @@
+package = "lua-resty-saml-main"
+version = "0-0"
+source = {
+    url = "git://github.com/api7/lua-resty-saml",
+    branch = "main",
+}
+
+description = {
+    summary = "SAML 2.0 auth lib for Nginx + Lua",
+    homepage = "https://github.com/api7/lua-resty-saml",
+    license = "Apache License 2.0",
+}
+
+dependencies = {
+    "api7-lua-resty-http = 0.2.0",
+    "lua-resty-jit-uuid = 0.0.7",
+    "lua-resty-cookie = 0.1.0",
+}
+
+build = {
+    type = "make",
+    build_variables = {
+        CFLAGS="$(CFLAGS)",
+        LIBFLAG="$(LIBFLAG)",
+        LUA_LIBDIR="$(LUA_LIBDIR)",
+        LUA_BINDIR="$(LUA_BINDIR)",
+        LUA_INCDIR="$(LUA_INCDIR)",
+        LUA="$(LUA)",
+    },
+    install_variables = {
+        INST_PREFIX="$(PREFIX)",
+        INST_BINDIR="$(BINDIR)",
+        INST_LIBDIR="$(LIBDIR)",
+        INST_LUADIR="$(LUADIR)",
+        INST_CONFDIR="$(CONFDIR)",
+    },
+}

demo/nginx.conf

@@ -0,0 +1,77 @@
+# How to setup keycloak for test
+
+## Version
+
+We choose [new keycloak image](https://quay.io/repository/keycloak/keycloak) docker image as test IdP. The version is `18.0.2`.
+
+The lastest version has issues to import client key, so it's pending to check in future:
+
+https://github.com/keycloak/keycloak/issues/13668
+
+https://github.com/keycloak/keycloak/issues/13812
+
+## Configuring keycloak for test
+
+### 1. Run keycloak
+
+```
+docker run --rm --name keycloak -d -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:18.0.2 start-dev
+```
+
+### 2. Configuring keycloak
+
+#### 2.1 Create realm "test"
+
+#### 2.2 Create User "test"
+
+After completion, in the `Credential` tab page, change password to "test" and disable `Temporary`.
+
+#### 2.3 Create client
+
+##### sp
+
+* Name: sp
+* Client Protocol: saml
+* Set "Force POST Binding" to "OFF"
+* Set Root URL "http://127.0.0.1:8088"
+* Valid Redirect URIs: /acs
+* Logout Service Redirect Binding URL: /sls
+* From the keys tab page, import Signing Key, just paste your cert file content in PEM format
+
+##### sp2
+
+* Name: sp2
+* Client Protocol: saml
+* Set "Force POST Binding" to "OFF"
+* Set Root URL "http://127.0.0.2:8099"
+* Valid Redirect URIs: /acs
+* Logout Service Redirect Binding URL: /sls
+* From the keys tab page, import Signing Key, just paste your cert file content in PEM format
+
+#### 2.4 Check IdP signing key
+
+curl -s http://127.0.0.1:8080/realms/test/protocol/saml/descriptor
+
+Copy and paste `<ds:X509Certificate>` block of the output to a file, e.g. `/tmp/idp.cert`, and use `utils/read_cert.py` to convert it into string.
+
+```
+# for test file
+python3 utils/read_cert.py /tmp/idp.cert t
+
+# for opts in `saml.new(opts)`
+python3 utils/read_cert.py /tmp/idp.cert
+```
+
+#### 2.5 export the test realm
+
+```
+docker exec -it keycloak bash
+/opt/keycloak/bin/kc.sh export --file /tmp/test-realm.json --realm test --users realm_file
+docker cp keycloak:/tmp/test-realm.json /tmp/
+```
+
+## Run keycloak with import realm
+
+```
+docker run --rm --name keycloak -d -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin -v /tmp/test-realm.json:/opt/keycloak/data/import/realm.json quay.io/keycloak/keycloak:18.0.2 start-dev --import-realm
+```