Implement CI-CD (#1)

Reviewed-on: #1 Co-authored-by: Guillaume "B.B." Van Hemmen <GuillaumeHemmen@noreply.git.van-hemmen.com> Co-committed-by: Guillaume "B.B." Van Hemmen <GuillaumeHemmen@noreply.git.van-hemmen.com>
2024-10-17 11:41:36 +02:00 · 2024-10-17 11:41:36 +02:00 · c728b3ebe2
commit c728b3ebe2
parent 144e823c77
4 changed files with 54 additions and 67 deletions
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@ -0,0 +1,43 @@
+steps:
+  install-npm:
+    image: git.van-hemmen.com/guillaumehemmen/debian-node-firebase:debian_12-node_20
+    commands:
+      - npm install
+
+  build-web:
+    image: git.van-hemmen.com/guillaumehemmen/debian-node-firebase:debian_12-node_20
+    commands:
+      - npx expo export --platform web
+
+  docker-master:
+    image: woodpeckerci/plugin-docker-buildx
+    settings:
+      repo: git.van-hemmen.com/GuillaumeHemmen/sso-poc-marn
+      tags: latest,${CI_COMMIT_SHA:0:8}
+      registry: git.van-hemmen.com
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+    when:
+      event:
+        - push
+        - manual
+      branch: 'master'
+
+  docker-other:
+    image: woodpeckerci/plugin-docker-buildx
+    settings:
+      repo: git.van-hemmen.com/guillaumehemmen/sso-poc-marn
+      tags: ${CI_COMMIT_SHA:0:8-tag-sha},${CI_COMMIT_BRANCH/\//-}
+      registry: git.van-hemmen.com
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+    when:
+      event:
+        - push
+        - manual
+      branch:
+        exclude: 'master'
--- a/3
+++ b/3
@ -0,0 +1,3 @@
+FROM nginx:alpine3.20
+
+COPY dist /usr/share/nginx/html
--- a/app/_layout.tsx
+++ b/app/_layout.tsx
@ -15,7 +15,7 @@ export {

 export const unstable_settings = {
    // Ensure that reloading on `/modal` keeps a back button present.
-    initialRouteName: '(tabs)',
+    initialRouteName: 'index',
 };

 // Prevent the splash screen from auto-hiding before asset loading is complete.
--- a/app/index.tsx
+++ b/app/index.tsx
@ -13,72 +13,13 @@ console.log(redirectURI);
 export default function indexScreen() {
    const [tokenResponse, setTokenResponse] = useState<TokenResponse | null>(null);

-    // const discovery = AuthSession.useAutoDiscovery('https://fes509-integ.m-team.be/login/oauth2/realms/root/realms/509');
-    const discovery: AuthSession.DiscoveryDocument = {
-        tokenEndpoint: 'https://fes509-integ.m-team.be:443/login/oauth2/access_token',
-        revocationEndpoint: 'https://fes509-integ.m-team.be:443/login/oauth2/token/revoke',
-        endSessionEndpoint: 'https://fes509-integ.m-team.be:443/login/oauth2/connect/endSession',
-        authorizationEndpoint: 'https://fes509-integ.m-team.be:443/login/oauth2/authorize',
-        userInfoEndpoint: 'https://fes509-integ.m-team.be:443/login/oauth2/userinfo',
-        registrationEndpoint: 'https://fes509-integ.m-team.be:443/login/oauth2/register',
-        discoveryDocument: {
-            "request_parameter_supported": true,
-            "pushed_authorization_request_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/par",
-            "introspection_encryption_alg_values_supported": ["RSA-OAEP-256", "ECDH-ES+A256KW", "A128KW", "A192KW", "RSA-OAEP", "ECDH-ES+A192KW", "A256KW", "ECDH-ES", "ECDH-ES+A128KW", "dir"],
-            "claims_parameter_supported": false,
-            "introspection_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/introspect",
-            "issuer": "https://fes509-integ.m-team.be:443/login/oauth2",
-            "id_token_encryption_enc_values_supported": ["A256GCM", "A128GCM", "A256CBC-HS512", "A128CBC-HS256", "A192CBC-HS384", "A192GCM"],
-            "userinfo_encryption_enc_values_supported": ["A256GCM", "A128CBC-HS256", "A192CBC-HS384", "A192GCM", "A128GCM", "A256CBC-HS512"],
-            "authorization_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/authorize",
-            "authorization_encryption_alg_values_supported": ["ECDH-ES+A256KW", "ECDH-ES", "A256KW", "RSA-OAEP", "A128KW", "RSA-OAEP-256", "A192KW", "ECDH-ES+A192KW", "dir", "ECDH-ES+A128KW"],
-            "introspection_encryption_enc_values_supported": ["A128CBC-HS256", "A192CBC-HS384", "A256GCM", "A256CBC-HS512", "A128GCM", "A192GCM"],
-            "claims_supported": [],
-            "rcs_request_signing_alg_values_supported": ["RS512", "PS384", "PS256", "HS256", "HS384", "ES512", "RS256", "RS384", "HS512", "ES384", "ES256", "PS512"],
-            "token_endpoint_auth_methods_supported": ["client_secret_post", "private_key_jwt", "self_signed_tls_client_auth", "tls_client_auth", "none", "client_secret_basic"],
-            "tls_client_certificate_bound_access_tokens": true,
-            "response_modes_supported": ["query", "fragment.jwt", "form_post", "form_post.jwt", "jwt", "fragment", "query.jwt"],
-            "backchannel_logout_session_supported": true,
-            "token_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/access_token",
-            "response_types_supported": ["code token id_token", "code", "code id_token", "id_token", "code token", "token", "token id_token"],
-            "authorization_encryption_enc_values_supported": ["A192CBC-HS384", "A256CBC-HS512", "A128CBC-HS256", "A256GCM", "A192GCM", "A128GCM"],
-            "revocation_endpoint_auth_methods_supported": ["client_secret_post", "private_key_jwt", "self_signed_tls_client_auth", "tls_client_auth", "none", "client_secret_basic"],
-            "request_uri_parameter_supported": true,
-            "grant_types_supported": ["implicit", "urn:ietf:params:oauth:grant-type:saml2-bearer", "refresh_token", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:device_code", "authorization_code", "urn:openid:params:grant-type:ciba", "urn:ietf:params:oauth:grant-type:uma-ticket", "urn:ietf:params:oauth:grant-type:token-exchange", "urn:ietf:params:oauth:grant-type:jwt-bearer"],
-            "version": "3.0",
-            "userinfo_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/userinfo",
-            "require_request_uri_registration": true,
-            "code_challenge_methods_supported": ["plain", "S256"],
-            "id_token_encryption_alg_values_supported": ["A128KW", "A192KW", "ECDH-ES+A256KW", "RSA-OAEP-256", "RSA-OAEP", "A256KW", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES", "dir"],
-            "authorization_signing_alg_values_supported": ["PS256", "ES256", "RS512", "ES384", "RS384", "HS256", "PS512", "ES512", "RS256", "HS384", "HS512", "PS384", "EdDSA"],
-            "request_object_signing_alg_values_supported": ["RS256", "ES512", "PS512", "RS384", "HS512", "ES256", "ES384", "HS256", "HS384", "PS384", "RS512", "PS256"],
-            "request_object_encryption_alg_values_supported": ["RSA-OAEP-256", "ECDH-ES", "ECDH-ES+A192KW", "ECDH-ES+A128KW", "A256KW", "RSA-OAEP", "dir", "A128KW", "ECDH-ES+A256KW", "A192KW"],
-            "rcs_response_signing_alg_values_supported": ["PS256", "ES384", "RS512", "ES256", "HS512", "PS384", "RS256", "ES512", "PS512", "HS384", "HS256", "RS384"],
-            "introspection_signing_alg_values_supported": ["ES384", "PS384", "ES256", "PS256", "PS512", "EdDSA", "HS512", "RS384", "RS256", "RS512", "HS256", "ES512", "HS384"],
-            "check_session_iframe": "https://fes509-integ.m-team.be:443/login/oauth2/connect/checkSession",
-            "scopes_supported": [],
-            "backchannel_logout_supported": true,
-            "acr_values_supported": ["itsmeAffiliation", "eid", "impersonate", "impersonateNew", "usernamePassword", "itsme", "fasCitizenLevel400", "biometric"],
-            "request_object_encryption_enc_values_supported": ["A128GCM", "A256GCM", "A192CBC-HS384", "A256CBC-HS512", "A128CBC-HS256", "A192GCM"],
-            "rcs_request_encryption_alg_values_supported": ["dir", "A192KW", "RSA-OAEP-256", "ECDH-ES+A256KW", "RSA-OAEP", "ECDH-ES", "A256KW", "A128KW", "ECDH-ES+A128KW", "ECDH-ES+A192KW"],
-            "userinfo_signing_alg_values_supported": ["ES256", "HS512", "ES512", "HS384", "RS256", "ES384", "HS256"],
-            "require_pushed_authorization_requests": false,
-            "rcs_response_encryption_enc_values_supported": ["A256CBC-HS512", "A192CBC-HS384", "A256GCM", "A128GCM", "A192GCM", "A128CBC-HS256"],
-            "userinfo_encryption_alg_values_supported": ["RSA-OAEP", "dir", "A256KW", "ECDH-ES+A256KW", "ECDH-ES", "RSA-OAEP-256", "A128KW", "ECDH-ES+A192KW", "A192KW", "ECDH-ES+A128KW"],
-            "end_session_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/connect/endSession",
-            "rcs_request_encryption_enc_values_supported": ["A256GCM", "A256CBC-HS512", "A192GCM", "A128CBC-HS256", "A128GCM", "A192CBC-HS384"],
-            "revocation_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/token/revoke",
-            "rcs_response_encryption_alg_values_supported": ["ECDH-ES+A256KW", "dir", "A256KW", "ECDH-ES+A192KW", "RSA-OAEP-256", "ECDH-ES", "ECDH-ES+A128KW", "A128KW", "A192KW", "RSA-OAEP"],
-            "token_endpoint_auth_signing_alg_values_supported": ["RS512", "RS384", "RS256", "ES512", "HS256", "HS384", "PS512", "ES384", "PS256", "ES256", "HS512", "PS384"],
-            "jwks_uri": "https://fes509-integ.m-team.be:443/login/oauth2/connect/jwk_uri",
-            "subject_types_supported": ["public", "pairwise"],
-            "id_token_signing_alg_values_supported": ["RS384", "RS256", "PS512", "ES512", "HS384", "HS256", "PS256", "ES256", "PS384", "ES384", "RS512", "HS512"],
-            "registration_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/register"
-        }
-    };
+    const clientId = '509-marn-app';
+
+    const discovery = AuthSession.useAutoDiscovery('https://fes509-ref.m-team.be/login/oauth2/realms/root/realms/509');
+
    const [request, result, promptAsync] = AuthSession.useAuthRequest(
        {
-            clientId: '509-marn-app',
+            clientId,
            redirectUri: redirectURI,
            usePKCE: true,
        },
@ -148,14 +89,14 @@ export default function indexScreen() {
                        if (tokenResponse) {
                            const exCode = await AuthSession.revokeAsync(
                                {
-                                    clientId: '509-marn-app',
+                                    clientId,
                                    token: tokenResponse.accessToken!,
                                },
                                {revocationEndpoint: discovery!.revocationEndpoint?.replace(':443', '')},
                            );
                            const exCode2 = await AuthSession.revokeAsync(
                                {
-                                    clientId: '509-marn-app',
+                                    clientId,
                                    token: tokenResponse.refreshToken!,
                                },
                                {revocationEndpoint: discovery!.revocationEndpoint?.replace(':443', '')},