278 lines
8.0 KiB
YAML
278 lines
8.0 KiB
YAML
---
|
|
name: authentik-ci-main
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- next
|
|
- version-*
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
- version-*
|
|
|
|
env:
|
|
POSTGRES_DB: authentik
|
|
POSTGRES_USER: authentik
|
|
POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
|
|
|
|
jobs:
|
|
lint:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
job:
|
|
- bandit
|
|
- black
|
|
- codespell
|
|
- pending-migrations
|
|
- ruff
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Setup authentik env
|
|
uses: ./.github/actions/setup
|
|
- name: run job
|
|
run: uv run make ci-${{ matrix.job }}
|
|
test-migrations:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Setup authentik env
|
|
uses: ./.github/actions/setup
|
|
- name: run migrations
|
|
run: uv run python -m lifecycle.migrate
|
|
test-make-seed:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- id: seed
|
|
run: |
|
|
echo "seed=$(printf "%d\n" "0x$(openssl rand -hex 4)")" >> "$GITHUB_OUTPUT"
|
|
outputs:
|
|
seed: ${{ steps.seed.outputs.seed }}
|
|
test-migrations-from-stable:
|
|
name: test-migrations-from-stable - PostgreSQL ${{ matrix.psql }} - Run ${{ matrix.run_id }}/5
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 20
|
|
needs: test-make-seed
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
psql:
|
|
- 15-alpine
|
|
- 16-alpine
|
|
run_id: [1, 2, 3, 4, 5]
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
- name: checkout stable
|
|
run: |
|
|
# Copy current, latest config to local
|
|
cp authentik/lib/default.yml local.env.yml
|
|
cp -R .github ..
|
|
cp -R scripts ..
|
|
git checkout $(git tag --sort=version:refname | grep '^version/' | grep -vE -- '-rc[0-9]+$' | tail -n1)
|
|
rm -rf .github/ scripts/
|
|
mv ../.github ../scripts .
|
|
- name: Setup authentik env (stable)
|
|
uses: ./.github/actions/setup
|
|
with:
|
|
postgresql_version: ${{ matrix.psql }}
|
|
- name: run migrations to stable
|
|
run: uv run python -m lifecycle.migrate
|
|
- name: checkout current code
|
|
run: |
|
|
set -x
|
|
git fetch
|
|
git reset --hard HEAD
|
|
git clean -d -fx .
|
|
git checkout $GITHUB_SHA
|
|
- name: Setup authentik env (ensure latest deps are installed)
|
|
uses: ./.github/actions/setup
|
|
with:
|
|
postgresql_version: ${{ matrix.psql }}
|
|
- name: migrate to latest
|
|
run: |
|
|
uv run python -m lifecycle.migrate
|
|
- name: run tests
|
|
env:
|
|
# Test in the main database that we just migrated from the previous stable version
|
|
AUTHENTIK_POSTGRESQL__TEST__NAME: authentik
|
|
CI_TEST_SEED: ${{ needs.test-make-seed.outputs.seed }}
|
|
CI_RUN_ID: ${{ matrix.run_id }}
|
|
CI_TOTAL_RUNS: "5"
|
|
run: |
|
|
uv run make ci-test
|
|
test-unittest:
|
|
name: test-unittest - PostgreSQL ${{ matrix.psql }} - Run ${{ matrix.run_id }}/5
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 20
|
|
needs: test-make-seed
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
psql:
|
|
- 15-alpine
|
|
- 16-alpine
|
|
run_id: [1, 2, 3, 4, 5]
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Setup authentik env
|
|
uses: ./.github/actions/setup
|
|
with:
|
|
postgresql_version: ${{ matrix.psql }}
|
|
- name: run unittest
|
|
env:
|
|
CI_TEST_SEED: ${{ needs.test-make-seed.outputs.seed }}
|
|
CI_RUN_ID: ${{ matrix.run_id }}
|
|
CI_TOTAL_RUNS: "5"
|
|
run: |
|
|
uv run make ci-test
|
|
- if: ${{ always() }}
|
|
uses: codecov/codecov-action@v5
|
|
with:
|
|
flags: unit
|
|
token: ${{ secrets.CODECOV_TOKEN }}
|
|
- if: ${{ !cancelled() }}
|
|
uses: codecov/test-results-action@v1
|
|
with:
|
|
flags: unit
|
|
file: unittest.xml
|
|
token: ${{ secrets.CODECOV_TOKEN }}
|
|
test-integration:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 30
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Setup authentik env
|
|
uses: ./.github/actions/setup
|
|
- name: Create k8s Kind Cluster
|
|
uses: helm/kind-action@v1.12.0
|
|
- name: run integration
|
|
run: |
|
|
uv run coverage run manage.py test tests/integration
|
|
uv run coverage xml
|
|
- if: ${{ always() }}
|
|
uses: codecov/codecov-action@v5
|
|
with:
|
|
flags: integration
|
|
token: ${{ secrets.CODECOV_TOKEN }}
|
|
- if: ${{ !cancelled() }}
|
|
uses: codecov/test-results-action@v1
|
|
with:
|
|
flags: integration
|
|
file: unittest.xml
|
|
token: ${{ secrets.CODECOV_TOKEN }}
|
|
test-e2e:
|
|
name: test-e2e (${{ matrix.job.name }})
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 30
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
job:
|
|
- name: proxy
|
|
glob: tests/e2e/test_provider_proxy*
|
|
- name: oauth
|
|
glob: tests/e2e/test_provider_oauth2* tests/e2e/test_source_oauth*
|
|
- name: oauth-oidc
|
|
glob: tests/e2e/test_provider_oidc*
|
|
- name: saml
|
|
glob: tests/e2e/test_provider_saml* tests/e2e/test_source_saml*
|
|
- name: ldap
|
|
glob: tests/e2e/test_provider_ldap* tests/e2e/test_source_ldap*
|
|
- name: radius
|
|
glob: tests/e2e/test_provider_radius*
|
|
- name: scim
|
|
glob: tests/e2e/test_source_scim*
|
|
- name: flows
|
|
glob: tests/e2e/test_flows*
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Setup authentik env
|
|
uses: ./.github/actions/setup
|
|
- name: Setup e2e env (chrome, etc)
|
|
run: |
|
|
docker compose -f tests/e2e/docker-compose.yml up -d --quiet-pull
|
|
- id: cache-web
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: web/dist
|
|
key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'web/src/**') }}
|
|
- name: prepare web ui
|
|
if: steps.cache-web.outputs.cache-hit != 'true'
|
|
working-directory: web
|
|
run: |
|
|
npm ci
|
|
make -C .. gen-client-ts
|
|
npm run build
|
|
- name: run e2e
|
|
run: |
|
|
uv run coverage run manage.py test ${{ matrix.job.glob }}
|
|
uv run coverage xml
|
|
- if: ${{ always() }}
|
|
uses: codecov/codecov-action@v5
|
|
with:
|
|
flags: e2e
|
|
token: ${{ secrets.CODECOV_TOKEN }}
|
|
- if: ${{ !cancelled() }}
|
|
uses: codecov/test-results-action@v1
|
|
with:
|
|
flags: e2e
|
|
file: unittest.xml
|
|
token: ${{ secrets.CODECOV_TOKEN }}
|
|
ci-core-mark:
|
|
if: always()
|
|
needs:
|
|
- lint
|
|
- test-migrations
|
|
- test-migrations-from-stable
|
|
- test-unittest
|
|
- test-integration
|
|
- test-e2e
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: re-actors/alls-green@release/v1
|
|
with:
|
|
jobs: ${{ toJSON(needs) }}
|
|
build:
|
|
permissions:
|
|
# Needed to upload container images to ghcr.io
|
|
packages: write
|
|
# Needed for attestation
|
|
id-token: write
|
|
attestations: write
|
|
needs: ci-core-mark
|
|
uses: ./.github/workflows/_reusable-docker-build.yaml
|
|
secrets: inherit
|
|
with:
|
|
image_name: ghcr.io/goauthentik/dev-server
|
|
release: false
|
|
pr-comment:
|
|
needs:
|
|
- build
|
|
runs-on: ubuntu-latest
|
|
if: ${{ github.event_name == 'pull_request' }}
|
|
permissions:
|
|
# Needed to write comments on PRs
|
|
pull-requests: write
|
|
timeout-minutes: 120
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
- name: prepare variables
|
|
uses: ./.github/actions/docker-push-variables
|
|
id: ev
|
|
env:
|
|
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
|
with:
|
|
image-name: ghcr.io/goauthentik/dev-server
|
|
- name: Comment on PR
|
|
if: ${{ steps.ev.outputs.shouldPush == 'true' }}
|
|
uses: ./.github/actions/comment-pr-instructions
|
|
with:
|
|
tag: ${{ steps.ev.outputs.imageMainTag }}
|