Add github action workflow for tests and playlist acl tests (#1097)

* Fix studip perm checks * Tests: Add configurations with environment variables Furthermore, adds some fixes * Add playlist acl tests * Add github action workflow for tests Includes docker compose setup for studip and opencast. Adds more configs and adjustments to the tests. * Run on every push * Add npm script for dev build * Allow read, write and execute permission for all users * Run tests when pushing changes on master or create pull request against master * Remove useless comments
elan-ev · Dec 9, 2024 · c8c1e75 · c8c1e75
1 parent 34181c6
commit c8c1e75
Show file tree

Hide file tree

Showing 31 changed files with 2,007 additions and 44 deletions.
diff --git a/.github/docker/docker-compose.opencast.yml b/.github/docker/docker-compose.opencast.yml
@@ -0,0 +1,42 @@
+services:
+  opencast_opensearch:
+    image: opensearchproject/opensearch:1
+    ports:
+      - "9200:9200"
+    environment:
+      discovery.type: single-node
+      bootstrap.memory_lock: 'true'
+      OPENSEARCH_JAVA_OPTS: -Xms128m -Xmx512m
+      DISABLE_INSTALL_DEMO_CONFIG: 'true'
+      DISABLE_SECURITY_PLUGIN: 'true'
+    volumes:
+      - opencast_opensearch:/usr/share/opensearch/data
+
+  opencast:
+    image: quay.io/opencast/allinone:16.6
+    network_mode: host
+    environment:
+      ORG_OPENCASTPROJECT_SERVER_URL: http://127.0.0.1:8081
+      ORG_OPENCASTPROJECT_DOWNLOAD_URL: http://127.0.0.1:8081/static
+      ORG_OPENCASTPROJECT_SECURITY_ADMIN_USER: admin
+      ORG_OPENCASTPROJECT_SECURITY_ADMIN_PASS: opencast
+      ORG_OPENCASTPROJECT_SECURITY_DIGEST_USER: opencast_system_account
+      ORG_OPENCASTPROJECT_SECURITY_DIGEST_PASS: CHANGE_ME
+      ELASTICSEARCH_SERVER_HOST: localhost
+    volumes:
+      - opencast_data:/data
+      - ./opencast/etc/opencast/security/mh_default_org.xml:/opencast/etc/security/mh_default_org.xml
+      - ./opencast/etc/opencast/org.opencastproject.kernel.security.OAuthConsumerDetailsService.cfg:/opencast/etc/org.opencastproject.kernel.security.OAuthConsumerDetailsService.cfg
+      - ./opencast/etc/opencast/org.opencastproject.plugin.impl.PluginManagerImpl.cfg:/opencast/etc/org.opencastproject.plugin.impl.PluginManagerImpl.cfg
+      - ./opencast/etc/opencast/org.opencastproject.security.lti.LtiLaunchAuthenticationHandler.cfg:/opencast/etc/org.opencastproject.security.lti.LtiLaunchAuthenticationHandler.cfg
+      - ./opencast/etc/opencast/org.opencastproject.userdirectory.studip-default.cfg:/opencast/etc/org.opencastproject.userdirectory.studip-default.cfg
+
+  opencast_nginx:
+    image: nginx:1.24
+    network_mode: host
+    volumes:
+      - ./opencast/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+
+volumes:
+  opencast_opensearch: {}
+  opencast_data: {}
diff --git a/.github/docker/docker-compose.studip.yml b/.github/docker/docker-compose.studip.yml
@@ -0,0 +1,43 @@
+services:
+  studip_db:
+    image: mariadb:10.4
+    volumes:
+      - studip_db_data:/var/lib/mysql
+    ports:
+      - "3306:3306"
+    command: mysqld --sql_mode=""
+    restart: always
+    environment:
+      MYSQL_RANDOM_ROOT_PASSWORD: 1
+      MYSQL_DATABASE: studip_db
+      MYSQL_USER: studip_user
+      MYSQL_PASSWORD: studip_password
+  studip:
+    image: studip/studip:5.4
+    network_mode: host
+    depends_on:
+      - studip_db
+    volumes:
+      - studip_data:/var/www/studip/data
+      - ../..:/var/www/studip/public/plugins_packages/elan-ev/OpencastV3
+    restart: always
+    environment:
+      MYSQL_DATABASE: studip_db
+      MYSQL_USER: studip_user
+      MYSQL_PASSWORD: studip_password
+      MYSQL_HOST: 127.0.0.1
+      STUDIP_MAIL_TRANSPORT: debug
+
+      # Use automigrate to migrate your instance on startup
+      AUTO_MIGRATE: 1
+
+      # Use proxy url OR autoproxy if run behind a proxy
+      # PROXY_URL: https://studip.example.com/
+      # AUTO_PROXY: 1
+
+      # Demo data for your studip instance
+      DEMO_DATA: 1
+
+volumes:
+  studip_data: {}
+  studip_db_data: {}
diff --git a/.github/docker/docker-compose.yml b/.github/docker/docker-compose.yml
@@ -0,0 +1,3 @@
+include:
+  - docker-compose.opencast.yml
+  - docker-compose.studip.yml
diff --git a/.github/docker/oc.sql b/.github/docker/oc.sql
@@ -0,0 +1,174 @@
+SET FOREIGN_KEY_CHECKS=0;
+
+REPLACE INTO `oc_config`
+    (`id`, `service_url`, `service_user`, `service_password`, `service_version`, `settings`) VALUES
+    (1,	'http://127.0.0.1:8081', 'admin', 'opencast', '16.6', '{\"lti_consumerkey\":\"CONSUMERKEY\",\"lti_consumersecret\":\"CONSUMERSECRET\"}');
+
+
+REPLACE INTO `oc_endpoints` (`config_id`, `service_url`, `service_type`) VALUES
+(1,	'http://127.0.0.1:8081/api/events',	'apievents'),
+(1,    'http://127.0.0.1:8081/api/playlists', 'apiplaylists'),
+(1,	'http://127.0.0.1:8081/api/series',	'apiseries'),
+(1,	'http://127.0.0.1:8081/api/workflows',	'apiworkflows'),
+(1,	'http://127.0.0.1:8081/capture-admin',	'capture-admin'),
+(1,	'http://127.0.0.1:8081/ingest',	'ingest'),
+(1,    'http://127.0.0.1:8081/play', 'play'),
+(1,	'http://127.0.0.1:8081/recordings',	'recordings'),
+(1,	'http://127.0.0.1:8081/search',	'search'),
+(1,	'http://127.0.0.1:8081/series',	'series'),
+(1,	'http://127.0.0.1:8081/services',	'services'),
+(1,	'http://127.0.0.1:8081/upload',	'upload'),
+(1,	'http://127.0.0.1:8081/workflow',	'workflow');
+
+
+REPLACE INTO `config_values` (`field`, `range_id`, `value`, `mkdate`, `chdate`, `comment`) VALUES
+('OPENCAST_API_TOKEN',	'studip',	'mytoken1234abcdef',	1693295334,	1693295334,	'');
+
+
+REPLACE INTO `config_values` (`field`, `range_id`, `value`, `mkdate`, `chdate`, `comment`) VALUES
+('OPENCAST_DEFAULT_SERVER ',	'studip',	'1',	1693295334,	1693295334,	'');
+
+REPLACE INTO `roles_plugins` (`roleid`, `pluginid`) VALUES
+(7,	29);
+
+
+REPLACE INTO `auth_user_md5` (`user_id`, `username`, `password`, `perms`, `Vorname`, `Nachname`, `Email`, `validation_key`, `auth_plugin`, `locked`, `lock_comment`, `locked_by`, `visible`) VALUES
+('fad0229f8b0573cda5fbdf5fcfa89362', 'simple_autor', 0x24326124303824756C6A4D587969786C71376939634D6539775841364F526C612E466C6E46743370762F45754E5150356C58516A775070634442462E, 'autor', 'Simple', 'Autor', '[email protected]', '', 'standard', 0, NULL, NULL, 'unknown');
+
+UPDATE auth_user_md5 SET visible = 'always' WHERE 1;
+
+REPLACE INTO config_values (field, range_id, value) VALUES ('TERMS_ACCEPTED', '205f3efb7997a0fc9755da2b535038da', 1);
+REPLACE INTO config_values (field, range_id, value) VALUES ('TERMS_ACCEPTED', '6235c46eb9e962866ebdceece739ace5', 1);
+REPLACE INTO config_values (field, range_id, value) VALUES ('TERMS_ACCEPTED', '76ed43ef286fb55cf9e41beadb484a9f', 1);
+REPLACE INTO config_values (field, range_id, value) VALUES ('TERMS_ACCEPTED', '7e81ec247c151c02ffd479511e24cc03', 1);
+REPLACE INTO config_values (field, range_id, value) VALUES ('TERMS_ACCEPTED', 'e7a0a84b161f3e8c09b4a0a2e8a58147', 1);
+REPLACE INTO config_values (field, range_id, value) VALUES ('TERMS_ACCEPTED', 'fad0229f8b0573cda5fbdf5fcfa89362', 1);
+
+-- add videos so foreign keys are working
+# REPLACE INTO `oc_video` (`id`, `config_id`, `episode`, `available`, `duration`) VALUES
+# (1,	1,	'ID-goat',	1,	NULL),
+# (2,	1,	'ID-weitsprung',	1,	NULL),
+# (3,	1,	'ID-nasa-earth-4k',	1,	NULL),
+# (4,	1,	'ID-strong-river-flowing-down-the-green-forest',	1,	NULL),
+# (5,	1,	'ID-marguerite',	1,	NULL),
+# (6,	1,	'ID-espresso-video',	1,	NULL),
+# (7,	1,	'ID-westerberg',	1,	NULL),
+# (8,	1,	'ID-cats',	1,	NULL),
+# (9,	1,	'ID-spring',	1,	NULL),
+# (10,	1,	'ID-dog-rose',	1,	NULL),
+# (11,	1,	'ID-nasa-rocket-booster',	1,	NULL),
+# (12,	1,	'ID-was-ist-chaos',	1,	NULL),
+# (13,	1,	'ID-3d-print',	1,	NULL),
+# (14,	1,	'ID-perseverance-arrives-at-mars',	1,	NULL),
+# (15,	1,	'ID-pendulum-with-spring-damper',	1,	NULL),
+# (16,	1,	'ID-coffee-run',	1,	NULL),
+# (17,	1,	'ID-lavender',	1,	NULL),
+# (18,	1,	'ID-subtitle-demo',	1,	NULL),
+# (19,	1,	'ID-about-opencast',	1,	NULL),
+# (20,	1,	'ID-dual-stream-demo',	1,	NULL);
+
+
+# REPLACE INTO `oc_video_sync`
+#     VALUES (1,1,'scheduled','2023-11-10 11:06:02',NULL,'0000-00-00 00:00:00','0000-00-00 00:00:00'),
+#     (2,2,'scheduled','2023-11-10 11:06:02',NULL,'0000-00-00 00:00:00','0000-00-00 00:00:00'),
+#     (3,3,'scheduled','2023-11-10 11:06:02',NULL,'0000-00-00 00:00:00','0000-00-00 00:00:00'),
+#     (4,4,'scheduled','2023-11-10 11:06:03',NULL,'0000-00-00 00:00:00','0000-00-00 00:00:00'),
+#     (5,5,'scheduled','2023-11-10 11:06:03',NULL,'0000-00-00 00:00:00','0000-00-00 00:00:00'),
+#     (6,6,'scheduled','2023-11-10 11:06:03',NULL,'0000-00-00 00:00:00','0000-00-00 00:00:00'),
+#     (7,7,'scheduled','2023-11-10 11:06:03',NULL,'0000-00-00 00:00:00','0000-00-00 00:00:00'),
+#     (8,8,'scheduled','2023-11-10 11:06:03',NULL,'0000-00-00 00:00:00','0000-00-00 00:00:00'),
+#     (9,9,'scheduled','2023-11-10 11:06:03',NULL,'0000-00-00 00:00:00','0000-00-00 00:00:00'),
+#     (10,10,'scheduled','2023-11-10 11:06:03',NULL,'0000-00-00 00:00:00','0000-00-00 00:00:00'),
+#     (11,11,'scheduled','2023-11-10 11:06:03',NULL,'0000-00-00 00:00:00','0000-00-00 00:00:00'),
+#     (12,12,'scheduled','2023-11-10 11:06:03',NULL,'0000-00-00 00:00:00','0000-00-00 00:00:00'),
+#     (13,13,'scheduled','2023-11-10 11:06:03',NULL,'0000-00-00 00:00:00','0000-00-00 00:00:00'),
+#     (14,14,'scheduled','2023-11-10 11:06:04',NULL,'0000-00-00 00:00:00','0000-00-00 00:00:00'),
+#     (15,15,'scheduled','2023-11-10 11:06:04',NULL,'0000-00-00 00:00:00','0000-00-00 00:00:00'),
+#     (16,16,'scheduled','2023-11-10 11:06:04',NULL,'0000-00-00 00:00:00','0000-00-00 00:00:00'),
+#     (17,17,'scheduled','2023-11-10 11:06:04',NULL,'0000-00-00 00:00:00','0000-00-00 00:00:00'),
+#     (18,18,'scheduled','2023-11-10 11:06:04',NULL,'0000-00-00 00:00:00','0000-00-00 00:00:00'),
+#     (19,19,'scheduled','2023-11-10 11:06:04',NULL,'0000-00-00 00:00:00','0000-00-00 00:00:00'),
+#     (20,20,'scheduled','2023-11-10 11:06:04',NULL,'0000-00-00 00:00:00','0000-00-00 00:00:00');
+
+-- allow test_dozent access to videos
+# REPLACE INTO oc_video_user_perms
+#     (video_id, user_id, perm) VALUES
+# (1, '205f3efb7997a0fc9755da2b535038da', 'owner'),
+# (2, '205f3efb7997a0fc9755da2b535038da', 'owner'),
+# (3, '205f3efb7997a0fc9755da2b535038da', 'owner'),
+# (4, '205f3efb7997a0fc9755da2b535038da', 'owner'),
+# (5, '205f3efb7997a0fc9755da2b535038da', 'owner'),
+# (6, '205f3efb7997a0fc9755da2b535038da', 'owner'),
+# (7, '205f3efb7997a0fc9755da2b535038da', 'owner'),
+# (8, '205f3efb7997a0fc9755da2b535038da', 'owner'),
+# (9, '205f3efb7997a0fc9755da2b535038da', 'owner'),
+# (10, '205f3efb7997a0fc9755da2b535038da', 'owner'),
+# (11, '205f3efb7997a0fc9755da2b535038da', 'owner'),
+# (12, '205f3efb7997a0fc9755da2b535038da', 'owner'),
+# (13, '205f3efb7997a0fc9755da2b535038da', 'owner'),
+# (14, '205f3efb7997a0fc9755da2b535038da', 'owner'),
+# (15, '205f3efb7997a0fc9755da2b535038da', 'owner'),
+# (16, '205f3efb7997a0fc9755da2b535038da', 'owner'),
+# (17, '205f3efb7997a0fc9755da2b535038da', 'owner'),
+# (18, '205f3efb7997a0fc9755da2b535038da', 'owner'),
+# (19, '205f3efb7997a0fc9755da2b535038da', 'owner'),
+# (20, '205f3efb7997a0fc9755da2b535038da', 'owner');
+
+-- activate plugin in course
+REPLACE INTO tools_activated
+    (range_id, range_type, plugin_id, position, metadata, mkdate, chdate) VALUES
+('a07535cf2f8a72df33c12ddfa4b53dde', 'course', 29, 11, '[]', 1699267230, 1699267230);
+
+-- add videos to course playlist
+# REPLACE INTO oc_playlist
+#     (id, token, config_id, service_playlist_id, title, visibility, chdate, mkdate, sort_order, allow_download) VALUES
+#     (1, 'fce2a63c', 1, 'studip-playlist', '12345 Test Lehrveranstaltung (WS 2023/2024)', NULL, '2023-11-10 12:50:57', '2023-11-10 12:50:57', 'created_desc', NULL);
+
+# REPLACE INTO `oc_playlist_seminar` (`id`, `playlist_id`, `seminar_id`, `is_default`, `visibility`) VALUES
+#     (1,	1,	'a07535cf2f8a72df33c12ddfa4b53dde',	1,	'visible');
+
+# REPLACE INTO oc_playlist_video
+#     (playlist_id, video_id, `order`) VALUES
+# (1, 1, 0),
+# (1, 2, 0),
+# (1, 3, 0),
+# (1, 4, 0),
+# (1, 5, 0),
+# (1, 6, 0),
+# (1, 7, 0),
+# (1, 8, 0),
+# (1, 9, 0),
+# (1, 10, 0),
+# (1, 11, 0),
+# (1, 12, 0),
+# (1, 13, 0),
+# (1, 14, 0),
+# (1, 15, 0),
+# (1, 16, 0),
+# (1, 17, 0),
+# (1, 18, 0),
+# (1, 19, 0),
+# (1, 20, 0);
+
+
+REPLACE INTO `oc_workflow` (`id`, `config_id`, `name`, `tag`, `displayname`) VALUES
+(1,	1,	'delete',	'delete',	'Delete'),
+(2,	1,	'duplicate-event',	'archive',	'Duplicate Event'),
+(3,	1,	'fast',	'schedule',	'Fast Testing Workflow'),
+(4,	1,	'fast',	'upload',	'Fast Testing Workflow'),
+(5,	1,	'schedule-and-upload',	'schedule',	'Process upon upload and schedule'),
+(6,	1,	'schedule-and-upload',	'upload',	'Process upon upload and schedule'),
+(7,	1,	'publish',	'archive',	'Publish'),
+(8,	1,	'publish',	'editor',	'Publish'),
+(9,	1,	'republish-metadata',	'archive',	'Republish metadata'),
+(10,	1,	'retract',	'archive',	'Retract');
+
+
+REPLACE INTO `oc_workflow_config` (`id`, `config_id`, `used_for`, `workflow_id`) VALUES
+(1,	1,	'schedule',	5),
+(2,	1,	'upload',	6),
+(3,	1,	'studio',	6),
+(4,	1,	'delete',	1),
+(5,	1,	'subtitles',	9);
+
+SET FOREIGN_KEY_CHECKS=1;
diff --git a/.github/docker/opencast/etc/nginx/nginx.conf b/.github/docker/opencast/etc/nginx/nginx.conf
@@ -0,0 +1,79 @@
+
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log notice;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    #include /etc/nginx/conf.d/*.conf;
+
+    # Do not send the nginx version number in error pages and Server header
+    server_tokens off;
+
+    server {
+
+        listen 8081;
+
+        # Only send the shortened referrer to a foreign origin, full referrer
+        # to a local host
+        # https://infosec.mozilla.org/guidelines/web_security#referrer-policy
+        add_header Referrer-Policy strict-origin-when-cross-origin;
+
+        # Basic open CORS for everyone
+        add_header Access-Control-Allow-Origin $http_origin always;
+        add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS' always;
+        add_header Access-Control-Allow-Credentials true always;
+        add_header Access-Control-Allow-Headers 'Origin,Content-Type,Accept,Authorization' always;
+
+        # Always respond with 200 to OPTIONS requests as browsers do not accept
+        # non-200 responses to CORS preflight requests.
+        if ($request_method = OPTIONS) {
+            return 200;
+        }
+
+        # Accept large ingests
+        client_max_body_size 0;
+
+        location / {
+
+            proxy_set_header        Host $host:8081;
+            proxy_set_header        X-Real-IP $remote_addr;
+            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header        X-Forwarded-Proto $scheme;
+
+            proxy_pass http://127.0.0.1:8080;
+
+            proxy_cookie_path / "/; HTTPOnly; Secure";
+
+
+            # Do not buffer responses
+            proxy_buffering         off;
+
+            # Do not buffer requests
+            proxy_request_buffering off;
+        }
+    }
+}
diff --git a/...opencast/etc/opencast/org.opencastproject.kernel.security.OAuthConsumerDetailsService.cfg b/...opencast/etc/opencast/org.opencastproject.kernel.security.OAuthConsumerDetailsService.cfg
@@ -0,0 +1,8 @@
+# OAuth consumer consisting of name, key and secret.
+#
+# Multiple OAuth consumers can be configured, by incrementing the counter. The list is read
+# sequentially incrementing the counter. If you miss any numbers it will stop looking for
+# further consumers.
+oauth.consumer.name.1=CONSUMERNAME
+oauth.consumer.key.1=CONSUMERKEY
+oauth.consumer.secret.1=CONSUMERSECRET
diff --git a/.github/docker/opencast/etc/opencast/org.opencastproject.plugin.impl.PluginManagerImpl.cfg b/.github/docker/opencast/etc/opencast/org.opencastproject.plugin.impl.PluginManagerImpl.cfg
@@ -0,0 +1,22 @@
+###
+# Opencast Plugins
+#
+# This configuration allows you to turn additional functionality of Opencast off and on.
+# Plugins can be enabled at runtime.
+##
+
+# List of available plugins
+opencast-plugin-admin-ng                    = off
+opencast-plugin-legacy-annotation           = off
+opencast-plugin-transcription-services      = off
+opencast-plugin-userdirectory-brightspace   = off
+opencast-plugin-userdirectory-canvas        = off
+opencast-plugin-userdirectory-moodle        = off
+opencast-plugin-userdirectory-sakai         = off
+opencast-plugin-userdirectory-studip        = on
+opencast-plugin-usertracking                = off
+
+# Enables Karaf's verbose feature activateion logs.
+# Note that Karaf writes these to stdout, not to the logger.
+# Default: false
+#verbose = false