E2E: Re-Add test for login with GitHub OAuth
Description of the test
Adds back the E2E test for OAuth login with GitHub
The OAuth tests will only run in the scheduled nightly pipelines on the canonical GitLab project. This is to avoid running the tests in parallel to ensure we do not hit any limits with external OAuth applications that we had previously encountered. The job will exist as manual in other pipelines. The job will also run when pipeline:run-all-e2e label is present on an MR.
Note: This MR is blocked by the GitLab-QA MR. It should be merged once the GitLab-QA MR is merged and the gitlab-qa
gem has been version bumped and released.
Related testcase issue: https://gitlab.com/gitlab-org/quality/testcases/-/issues/3981
Related GiLab-QA MR: gitlab-qa!1148 (merged)
These tests were previously removed based on this conversation and now being added back as corrective action on this incident as based on feedback from the ~"group::authentication and authorization" team.
How to set up and validate locally
In your /private/etc/hosts
file, add this line:
127.0.0.1 gitlab-oauth.test
Create test network
docker network create test
Start GitLab in a docker with:
sudo docker run \
--hostname gitlab-oauth.test \
--publish 443:443 --publish 80:80 --publish 22:22 \
--env GITLAB_OMNIBUS_CONFIG="gitlab_rails['initial_root_password']='5iveL\!fe'; gitlab_rails['omniauth_enabled'] = true; gitlab_rails['omniauth_allow_single_sign_on'] = ['github']; gitlab_rails['omniauth_block_auto_created_users'] = false; gitlab_rails['omniauth_providers'] = [{ name: 'github',app_id: '$QA_GITHUB_OAUTH_APP_SECRET', app_secret: '$GITHUB_OAUTH_APP_SECRET', url: 'https://github.com/', verify_ssl: false, args: { scope: 'user:email' }}];" \
--name gitlab \
registry.gitlab.com/gitlab-org/build/omnibus-gitlab-mirror/gitlab-ee:222288103355cd9f147b475ce732e5daed84a268
From the qa
directory:
bundle install
GITHUB_USERNAME="gitlab-qa" GITHUB_PASSWORD=<GITHUB_PASSWORD> QA_1P_EMAIL="<QA_1P_EMAIL>" QA_1P_PASSWORD="<QA_1P_PASSWORD>" QA_1P_SECRET="<QA_1P_SECRET>" QA_1P_GITHUB_UUID="<QA_1P_GITHUB_UUID>" QA_DEBUG=true CHROME_HEADLESS=false bundle exec bin/qa Test::Instance::All http://gitlab-oauth.test qa/specs/features/browser_ui/1_manage/login/oauth_login_with_github_spec.rb -- --tag orchestrated
All variables are in 1Password with the placeholder names.
Checklist
-
Confirm the test has a testcase:
tag linking to an existing test case in the test case project. -
Note if the test is intended to run in specific scenarios. If a scenario is new, add a link to the MR that adds the new scenario. -
Follow the end-to-end tests style guide and best practices. -
Use the appropriate RSpec metadata tag(s). - Most resources will be cleaned up via the general cleanup task. Check that is successful, or ensure resources are cleaned up in the test:
-
New resources have api_get_path
andapi_delete_path
implemented if possible. -
If any resource cannot be deleted in the general delete task, make sure it is ignored. -
If any resource cannot be deleted in the general delete task, remove it in the test (e.g., in an after
block).
-
-
Ensure that no transient bugs are hidden accidentally due to the usage of waits
andreloads
. -
Verify the tags to ensure it runs on the desired test environments. -
If this MR has a dependency on another MR, such as a GitLab QA MR, specify the order in which the MRs should be merged. -
(If applicable) Create a follow-up issue to document the special setup necessary to run the test: ISSUE_LINK -
If the test requires an admin's personal access token, ensure that the test passes on your local environment with and without the GITLAB_QA_ADMIN_ACCESS_TOKEN
provided.