diff --git a/.github/workflows/pr_validation.yml b/.github/workflows/pr_validation.yml new file mode 100644 index 00000000..b188de62 --- /dev/null +++ b/.github/workflows/pr_validation.yml @@ -0,0 +1,66 @@ +# ========================================================================================= +# CAMARA Project - Pull Request Validation Workflow for Commonalities repository +# +# ========================================================================================= + + +name: PR validation for CAMARA Commonalities + +on: + # Pull Requests to main + pull_request: + branches: [master, main] + +jobs: + general: + name: MegaLinter + runs-on: ubuntu-latest + + steps: + - name: Checkout Code + uses: actions/checkout@v6 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Checkout linting config + uses: actions/checkout@v6 + with: + repository: rartych/tooling + path: lint-config + # using configurations from v0 floating tag + ref: main + sparse-checkout: | + linting/config/ + sparse-checkout-cone-mode: false + - name: Copy specified folder to workspace root + # --strip-trailing-slashes remove any trailing slashes from each SOURCE argument - when ${{ inputs.configurations }} is empty + run: cp -RT --strip-trailing-slashes ${{ github.workspace }}/lint-config/linting/config/ ${{ github.workspace }} + - name: MegaLinter + id: ml + # You can override MegaLinter flavor used to have faster performances + # c_cpp MegaLinter Flavor https://megalinter.io/latest/flavors/c_cpp/ includes all needed linters - can be upgraded to v8 + uses: oxsecurity/megalinter/flavors/c_cpp@v8 + # configuration of Megalinter + env: + VALIDATE_ALL_CODEBASE: true + PRINT_ALPACA: false + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_COMMENT_REPORTER: true + GITHUB_STATUS_REPORTER: true + DISABLE: COPYPASTE,SPELL,JAVASCRIPT,MARKDOWN + DISABLE_LINTERS: ACTION_ACTIONLINT,YAML_PRETTIER,REPOSITORY_GRYPE,REPOSITORY_SEMGREP,REPOSITORY_DEVSKIM,REPOSITORY_KICS,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,REPOSITORY_CHECKOV,REPOSITORY_GITLEAKS,YAML_V8R,JAVA_PMD + API_SPECTRAL_CONFIG_FILE: .spectral.yaml + YAML_YAMLLINT_CONFIG_FILE: .yamllint.yaml + GHERKIN_GHERKIN_LINT_CONFIG_FILE: .gherkin-lintrc + API_SPECTRAL_FILTER_REGEX_INCLUDE: (artifacts/) + YAML_YAMLLINT_FILTER_REGEX_INCLUDE: (artifacts/) + YAML_YAMLLINT_FILTER_REGEX_EXCLUDE: (artifacts/linting_rules) + GHERKIN_GHERKIN_LINT_FILTER_REGEX_INCLUDE: (artifacts/testing/) + - name: Archive production artifacts + if: success() || failure() + uses: actions/upload-artifact@v4 + with: + name: MegaLinter reports + include-hidden-files: "true" + path: | + megalinter-reports + mega-linter.log diff --git a/artifacts/testing/C01-device-errors.feature b/artifacts/testing/C01-device-errors.feature index f947ec5d..f74e7182 100644 --- a/artifacts/testing/C01-device-errors.feature +++ b/artifacts/testing/C01-device-errors.feature @@ -1,7 +1,7 @@ Feature: CAMARA Common Artifact C01 - Test scenarios for device errors CAMARA Commonalities: 0.6 - + Common error scenarios for operations with device as input either in the request body or implied from the access. @@ -18,91 +18,93 @@ Feature: CAMARA Common Artifact C01 - Test scenarios for device errors * {operationId} has to be substituted to the value of operationId for the tested operation - * {path_to_device} has to be substituted to the JSON path of the device property in the body request, typically + * {path_to_device} has to be substituted to the JSON path of the device property in the body request, typically "$.device" or "$.config.subscriptionDetail.device" for Subscription APIs # This feature file is to be used by CAMARA subproject when Common error scenarios for operations with device as input either in the request body or implied from the access. # # References to OAS spec schemas refer to schemas specified in {apiname}.yaml - # Error scenarios for management of input parameter device - - @{feature_identifier}_C01.01_device_empty - Scenario: The device value is an empty object - Given the header "Authorization" is set to a valid access token which does not identify a single device - And the request body property "{path_to_device}" is set to: {} - When the request "{operationId}" is sent - Then the response status code is 400 - And the response property "$.status" is 400 - And the response property "$.code" is "INVALID_ARGUMENT" - And the response property "$.message" contains a user friendly text - - @{feature_identifier}_C01.02_device_identifiers_not_schema_compliant - Scenario Outline: Some device identifier value does not comply with the schema - Given the header "Authorization" is set to a valid access token which does not identify a single device - And the request body property "" does not comply with the OAS schema at "" - When the request "{operationId}" is sent - Then the response status code is 400 - And the response property "$.status" is 400 - And the response property "$.code" is "INVALID_ARGUMENT" - And the response property "$.message" contains a user friendly text - - Examples: - | device_identifier | oas_spec_schema | - | {path_to_device}.phoneNumber | /components/schemas/PhoneNumber | - | {path_to_device}.ipv4Address | /components/schemas/DeviceIpv4Addr | - | {path_to_device}.ipv6Address | /components/schemas/DeviceIpv6Address | - | {path_to_device}.networkAccessIdentifier | /components/schemas/NetworkAccessIdentifier | - - # This scenario may happen e.g. with 2-legged access tokens, which do not identify a single device. - @{feature_identifier}_C01.03_device_not_found - Scenario: Some identifier cannot be matched to a device - Given the header "Authorization" is set to a valid access token which does not identify a single device - And the request body property "{path_to_device}" is compliant with the schema but does not identify a valid device - When the request "{operationId}" is sent - Then the response status code is 404 - And the response property "$.status" is 404 - And the response property "$.code" is "IDENTIFIER_NOT_FOUND" - And the response property "$.message" contains a user friendly text - - @{feature_identifier}_C01.04_unnecessary_device - Scenario: Device not to be included when it can be deduced from the access token - Given the header "Authorization" is set to a valid access token identifying a device - And the request body property "{path_to_device}" is set to a valid device - When the request "{operationId}" is sent - Then the response status code is 422 - And the response property "$.status" is 422 - And the response property "$.code" is "UNNECESSARY_IDENTIFIER" - And the response property "$.message" contains a user-friendly text - - @{feature_identifier}_C01.05_missing_device - Scenario: Device not included and cannot be deduced from the access token - Given the header "Authorization" is set to a valid access token which does not identify a single device - And the request body property "{path_to_device}" is not included - When the request "{operationId}" is sent - Then the response status code is 422 - And the response property "$.status" is 422 - And the response property "$.code" is "MISSING_IDENTIFIER" - And the response property "$.message" contains a user-friendly text - - @{feature_identifier}_C01.06_unsupported_device - Scenario: None of the provided device identifiers is supported by the implementation - Given that some types of device identifiers are not supported by the implementation - And the header "Authorization" is set to a valid access token which does not identify a single device - And the request body property "{path_to_device}" only includes device identifiers not supported by the implementation - When the request "{operationId}" is sent - Then the response status code is 422 - And the response property "$.status" is 422 - And the response property "$.code" is "UNSUPPORTED_IDENTIFIER" - And the response property "$.message" contains a user-friendly text - - # When the service is only offered to certain types of devices or subscriptions, e.g. IoT, B2C, etc. - @{feature_identifier}_C01.07_device_not_supported - Scenario: Service not available for the device - Given that the service is not available for all devices commercialized by the operator - And a valid device, identified by the token or provided in the request body, for which the service is not applicable - When the request "{operationId}" is sent - Then the response status code is 422 - And the response property "$.status" is 422 - And the response property "$.code" is "SERVICE_NOT_APPLICABLE" - And the response property "$.message" contains a user-friendly text +# Error scenarios for management of input parameter device + + @{feature_identifier}_C01.01_device_empty + Scenario: The device value is an empty object + Given the header "Authorization" is set to a valid access token which does not identify a single device + And the request body property "{path_to_device}" is set to: {} + When the request "{operationId}" is sent + Then the response status code is 400 + And the response property "$.status" is 400 + And the response property "$.code" is "INVALID_ARGUMENT" + And the response property "$.message" contains a user friendly text + + @{feature_identifier}_C01.02_device_identifiers_not_schema_compliant + Scenario Outline: Some device identifier value does not comply with the schema + Given the header "Authorization" is set to a valid access token which does not identify a single device + And the request body property "" does not comply with the OAS schema at "" + When the request "{operationId}" is sent + Then the response status code is 400 + And the response property "$.status" is 400 + And the response property "$.code" is "INVALID_ARGUMENT" + And the response property "$.message" contains a user friendly text + + Examples: + | device_identifier | oas_spec_schema | + | {path_to_device}.phoneNumber | /components/schemas/PhoneNumber | + | {path_to_device}.ipv4Address | /components/schemas/DeviceIpv4Addr | + | {path_to_device}.ipv6Address | /components/schemas/DeviceIpv6Address | + | {path_to_device}.networkAccessIdentifier | /components/schemas/NetworkAccessIdentifier | + + # This scenario may happen e.g. with 2-legged access tokens, which do not identify a single device. + @{feature_identifier}_C01.03_device_not_found + Scenario: Some identifier cannot be matched to a device + Given the header "Authorization" is set to a valid access token which does not identify a single device + And the request body property "{path_to_device}" is compliant with the schema but does not identify a valid device + When the request "{operationId}" is sent + Then the response status code is 404 + And the response property "$.status" is 404 + And the response property "$.code" is "IDENTIFIER_NOT_FOUND" + And the response property "$.message" contains a user friendly text + + @{feature_identifier}_C01.04_unnecessary_device + Scenario: Device not to be included when it can be deduced from the access token + Given the header "Authorization" is set to a valid access token identifying a device + And the request body property "{path_to_device}" is set to a valid device + When the request "{operationId}" is sent + Then the response status code is 422 + And the response property "$.status" is 422 + And the response property "$.code" is "UNNECESSARY_IDENTIFIER" + And the response property "$.message" contains a user-friendly text + + @{feature_identifier}_C01.05_missing_device + Scenario: Device not included and cannot be deduced from the access token + Given the header "Authorization" is set to a valid access token which does not identify a single device + And the request body property "{path_to_device}" is not included + When the request "{operationId}" is sent + Then the response status code is 422 + And the response property "$.status" is 422 + And the response property "$.code" is "MISSING_IDENTIFIER" + And the response property "$.message" contains a user-friendly text + + @{feature_identifier}_C01.06_unsupported_device + Scenario: None of the provided device identifiers is supported by the implementation + Given that some types of device identifiers are not supported by the implementation + And the header "Authorization" is set to a valid access token which does not identify a single device + And the request body property "{path_to_device}" only includes device identifiers not supported by the implementation + When the request "{operationId}" is sent + Then the response status code is 422 + And the response property "$.status" is 422 + And the response property "$.code" is "UNSUPPORTED_IDENTIFIER" + And the response property "$.message" contains a user-friendly text + + # When the service is only offered to certain types of devices or subscriptions, e.g. IoT, B2C, etc. + @{feature_identifier}_C01.07_device_not_supported + Scenario: Service not available for the device + Given that the service is not available for all devices commercialized by the operator + And a valid device, identified by the token or provided in the request body, for which the service is not applicable + When the request "{operationId}" is sent + Then the response status code is 422 + And the response property "$.status" is 422 + And the response property "$.code" is "SERVICE_NOT_APPLICABLE" + And the response property "$.message" contains a user-friendly text + + diff --git a/artifacts/testing/C02-phoneNumber-errors.feature b/artifacts/testing/C02-phoneNumber-errors.feature index 8330523b..a475f76e 100644 --- a/artifacts/testing/C02-phoneNumber-errors.feature +++ b/artifacts/testing/C02-phoneNumber-errors.feature @@ -18,62 +18,62 @@ Feature: CAMARA Common Artifact C02 - Test scenarios for phoneNumber errors * {operationId} has to be substituted to the value of operationId for the tested operation - * {path_to_phoneNumber} has to be substituted to the JSON path of the phoneNumber property in the body request, typically + * {path_to_phoneNumber} has to be substituted to the JSON path of the phoneNumber property in the body request, typically "$.phoneNumber" or "$.config.subscriptionDetail.phoneNumber" for Subscription APIs # This feature file is to be used by CAMARA subproject when Common error scenarios for operations with phoneNumber as input either in the request body or implied from the access # # References to OAS spec schemas refer to schemas specified in {apiname}.yaml - # Error scenarios for management of input parameter phoneNumber + # Error scenarios for management of input parameter phoneNumber - @{feature_identifier}_C02.01_phone_number_not_schema_compliant - Scenario: Phone number value does not comply with the schema - Given the header "Authorization" is set to a valid access token which does not identify a single phone number - And the request body property "{path_to_phoneNumber}" does not comply with the OAS schema at "/components/schemas/PhoneNumber" - When the request "{operationId}" is sent - Then the response status code is 400 - And the response property "$.status" is 400 - And the response property "$.code" is "INVALID_ARGUMENT" - And the response property "$.message" contains a user friendly text + @{feature_identifier}_C02.01_phone_number_not_schema_compliant + Scenario: Phone number value does not comply with the schema + Given the header "Authorization" is set to a valid access token which does not identify a single phone number + And the request body property "{path_to_phoneNumber}" does not comply with the OAS schema at "/components/schemas/PhoneNumber" + When the request "{operationId}" is sent + Then the response status code is 400 + And the response property "$.status" is 400 + And the response property "$.code" is "INVALID_ARGUMENT" + And the response property "$.message" contains a user friendly text @{feature_identifier}_C02.02_phone_number_not_found Scenario: Phone number not found - Given the header "Authorization" is set to a valid access token which does not identify a single phone number - And the request body property "{path_to_phoneNumber}" is compliant with the schema but does not identify a valid phone number - When the request "{operationId}" is sent - Then the response status code is 404 - And the response property "$.status" is 404 - And the response property "$.code" is "IDENTIFIER_NOT_FOUND" - And the response property "$.message" contains a user friendly text + Given the header "Authorization" is set to a valid access token which does not identify a single phone number + And the request body property "{path_to_phoneNumber}" is compliant with the schema but does not identify a valid phone number + When the request "{operationId}" is sent + Then the response status code is 404 + And the response property "$.status" is 404 + And the response property "$.code" is "IDENTIFIER_NOT_FOUND" + And the response property "$.message" contains a user friendly text - @{feature_identifier}_C02.03_unnecessary_phone_number - Scenario: Phone number not to be included when it can be deduced from the access token - Given the header "Authorization" is set to a valid access token identifying a phone number - And the request body property "{path_to_phoneNumber}" is set to a valid phone number - When the request "{operationId}" is sent - Then the response status code is 422 - And the response property "$.status" is 422 - And the response property "$.code" is "UNNECESSARY_IDENTIFIER" - And the response property "$.message" contains a user friendly text + @{feature_identifier}_C02.03_unnecessary_phone_number + Scenario: Phone number not to be included when it can be deduced from the access token + Given the header "Authorization" is set to a valid access token identifying a phone number + And the request body property "{path_to_phoneNumber}" is set to a valid phone number + When the request "{operationId}" is sent + Then the response status code is 422 + And the response property "$.status" is 422 + And the response property "$.code" is "UNNECESSARY_IDENTIFIER" + And the response property "$.message" contains a user friendly text - @{feature_identifier}_C02.04_missing_phone_number - Scenario: Phone number not included and cannot be deducted from the access token - Given the header "Authorization" is set to a valid access token which does not identify a single phone number - And the request body property "{path_to_phoneNumber}" is not included - When the request "{operationId}" is sent - Then the response status code is 422 - And the response property "$.status" is 422 - And the response property "$.code" is "MISSING_IDENTIFIER" - And the response property "$.message" contains a user friendly text + @{feature_identifier}_C02.04_missing_phone_number + Scenario: Phone number not included and cannot be deducted from the access token + Given the header "Authorization" is set to a valid access token which does not identify a single phone number + And the request body property "{path_to_phoneNumber}" is not included + When the request "{operationId}" is sent + Then the response status code is 422 + And the response property "$.status" is 422 + And the response property "$.code" is "MISSING_IDENTIFIER" + And the response property "$.message" contains a user friendly text - # When the service is only offered to certain type of subscriptions, e.g. IoT, , B2C, etc - @{feature_identifier}_C02.05_phone_number_not_supported - Scenario: Service not available for the phone number - Given that the service is not available for all phone numbers commercialized by the operator - And a valid phone number, identified by the token or provided in the request body, for which the service is not applicable - When the request "{operationId}" is sent - Then the response status code is 422 - And the response property "$.status" is 422 - And the response property "$.code" is "SERVICE_NOT_APPLICABLE" - And the response property "$.message" contains a user friendly text + # When the service is only offered to certain type of subscriptions, e.g. IoT, , B2C, etc + @{feature_identifier}_C02.05_phone_number_not_supported + Scenario: Service not available for the phone number + Given that the service is not available for all phone numbers commercialized by the operator + And a valid phone number, identified by the token or provided in the request body, for which the service is not applicable + When the request "{operationId}" is sent + Then the response status code is 422 + And the response property "$.status" is 422 + And the response property "$.code" is "SERVICE_NOT_APPLICABLE" + And the response property "$.message" contains a user friendly text