New workflow for DAST scanning #3506
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Keycloak CI | |
on: | |
push: | |
branches-ignore: | |
- main | |
- dependabot/** | |
pull_request: | |
workflow_dispatch: | |
env: | |
MAVEN_ARGS: "-B -nsu -Daether.connector.http.connectionMaxTtl=25" | |
SUREFIRE_RERUN_FAILING_COUNT: 2 | |
SUREFIRE_RETRY: "-Dsurefire.rerunFailingTestsCount=2" | |
concurrency: | |
# Only cancel jobs for PR updates | |
group: ci-${{ github.ref }} | |
cancel-in-progress: true | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
conditional: | |
name: Check conditional workflows and jobs | |
runs-on: ubuntu-latest | |
outputs: | |
ci: ${{ steps.conditional.outputs.ci }} | |
ci-quarkus: ${{ steps.conditional.outputs.ci-quarkus }} | |
ci-store: ${{ steps.conditional.outputs.ci-store }} | |
ci-sssd: ${{ steps.conditional.outputs.ci-sssd }} | |
ci-webauthn: ${{ steps.conditional.outputs.ci-webauthn }} | |
ci-test-poc: ${{ steps.conditional.outputs.ci-test-poc }} | |
ci-aurora: ${{ steps.auroradb-tests.outputs.run-aurora-tests }} | |
steps: | |
- uses: actions/checkout@v4 | |
- id: conditional | |
uses: ./.github/actions/conditional | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: AuroraDB conditional check | |
id: auroradb-tests | |
run: | | |
RUN_AURORADB_TESTS=false | |
if [[ $GITHUB_EVENT_NAME != "pull_request" && -n "${{ secrets.AWS_SECRET_ACCESS_KEY }}" ]]; then | |
RUN_AURORADB_TESTS=true | |
fi | |
echo "run-aurora-tests=$RUN_AURORADB_TESTS" >> $GITHUB_OUTPUT | |
build: | |
name: Build | |
if: needs.conditional.outputs.ci == 'true' | |
runs-on: ubuntu-latest | |
needs: conditional | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build Keycloak | |
uses: ./.github/actions/build-keycloak | |
- name: Check for unstaged proto.lock files | |
if: github.event_name == 'pull_request' && startsWith(github.event.pull_request.base.ref, 'release/') | |
run: git diff --name-only --exit-code -- "**/proto.lock" | |
unit-tests: | |
name: Base UT | |
runs-on: ubuntu-latest | |
needs: build | |
timeout-minutes: 30 | |
steps: | |
- uses: actions/checkout@v4 | |
- id: unit-test-setup | |
name: Unit test setup | |
uses: ./.github/actions/unit-test-setup | |
- name: Run unit tests | |
run: | | |
SEP="" | |
PROJECTS="" | |
for i in `find -name '*Test.java' -type f | egrep -v './(testsuite|quarkus|docs|test-poc|test-framework)/' | sed 's|/src/test/java/.*||' | sort | uniq | sed 's|./||'`; do | |
PROJECTS="$PROJECTS$SEP$i" | |
SEP="," | |
done | |
./mvnw install -pl "$PROJECTS" -am | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: unit-tests | |
base-integration-tests: | |
name: Base IT | |
needs: build | |
runs-on: ubuntu-latest | |
timeout-minutes: 100 | |
strategy: | |
matrix: | |
group: [1, 2, 3, 4, 5, 6] | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Run base tests | |
run: | | |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh ${{ matrix.group }}` | |
echo "Tests: $TESTS" | |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: Base IT | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: base-integration-tests-${{ matrix.group }} | |
adapter-integration-tests: | |
name: Adapter IT | |
needs: build | |
runs-on: ubuntu-latest | |
timeout-minutes: 100 | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Build adapter distributions | |
run: ./mvnw install -DskipTests -f distribution/pom.xml | |
- name: Build app servers | |
run: ./mvnw install -DskipTests -Pbuild-app-servers -f testsuite/integration-arquillian/servers/app-server/pom.xml | |
- name: Run adapter tests | |
run: | | |
TESTS="org.keycloak.testsuite.adapter.**" | |
echo "Tests: $TESTS" | |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Papp-server-wildfly -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: Base IT | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: adapter-integration-tests | |
quarkus-unit-tests: | |
name: Quarkus UT | |
needs: [build, conditional] | |
if: needs.conditional.outputs.ci-quarkus == 'true' | |
timeout-minutes: 15 | |
strategy: | |
matrix: | |
os: [ ubuntu-latest, windows-latest ] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
# We want to download Keycloak artifacts | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Run unit tests | |
run: | | |
./mvnw test -f quarkus/pom.xml -pl '!tests,!tests/junit5,!tests/integration,!dist' | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: quarkus-unit-tests | |
quarkus-integration-tests: | |
name: Quarkus IT | |
needs: [build, conditional] | |
timeout-minutes: 115 | |
strategy: | |
matrix: | |
os: [ubuntu-latest] | |
suite: [zip, container, storage, smoke] | |
full-testsuite: | |
- ${{ needs.conditional.outputs.ci-quarkus == 'true' }} | |
# Win runs always as includes are evaluated after excludes | |
include: | |
- os: windows-latest | |
suite: win | |
# Either run smoke tests, or full testsuite | |
exclude: | |
- full-testsuite: false | |
suite: zip | |
- full-testsuite: false | |
suite: container | |
- full-testsuite: false | |
suite: storage | |
- full-testsuite: true | |
suite: smoke | |
fail-fast: false | |
runs-on: ${{ matrix.os }} | |
env: | |
MAVEN_OPTS: -Xmx1024m | |
steps: | |
- uses: actions/checkout@v4 | |
- id: unit-test-setup | |
name: Unit test setup | |
uses: ./.github/actions/unit-test-setup | |
# Not sure why, but needs to re-build otherwise there's some failures starting up | |
# Smoke tests should cover scenarios that could be broken by changes in other modules that quarkus | |
- name: Run Quarkus integration Tests | |
run: | | |
declare -A PARAMS | |
PARAMS["win"]="-Dtest=JavaOptsScriptTest,StartCommandDistTest,StartDevCommandDistTest,BuildAndStartDistTest,ImportAtStartupDistTest" | |
PARAMS["zip"]="" | |
PARAMS["container"]="-Dkc.quarkus.tests.dist=docker" | |
PARAMS["storage"]="-Ptest-database -Dtest=PostgreSQLDistTest,MariaDBDistTest#testSuccessful,MySQLDistTest#testSuccessful,DatabaseOptionsDistTest,JPAStoreDistTest,HotRodStoreDistTest,MixedStoreDistTest,TransactionConfigurationDistTest,ExternalInfinispanTest" | |
PARAMS["smoke"]="-Dtest=ClusterConfigDistTest,CustomJpaEntityProviderDistTest,ExportDistTest,FeaturesDistTest,ImportAtStartupDistTest,ImportDistTest,JaxRsDistTest,TruststoreDistTest" | |
./mvnw install -pl quarkus/tests/integration -am -DskipTests | |
./mvnw test -pl quarkus/tests/integration ${PARAMS["${{ matrix.suite }}"]} 2>&1 | misc/log/trimmer.sh | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: quarkus-integration-tests-${{ matrix.os }}-${{ matrix.server }} | |
jdk-integration-tests: | |
name: Java Distribution IT | |
needs: build | |
timeout-minutes: 100 | |
strategy: | |
matrix: | |
os: [ubuntu-latest, windows-latest] | |
dist: [temurin] | |
version: [17] | |
fail-fast: false | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
with: | |
jdk-dist: ${{ matrix.dist }} | |
jdk-version: ${{ matrix.version }} | |
- name: Prepare Quarkus distribution with current JDK | |
run: ./mvnw install -e -pl testsuite/integration-arquillian/servers/auth-server/quarkus | |
- name: Run base tests | |
run: | | |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh jdk` | |
echo "Tests: $TESTS" | |
if [ "$OSTYPE" == "msys" ]; then | |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS "-Dwebdriver.chrome.driver=$ChromeWebDriver/chromedriver.exe" -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh | |
else | |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh | |
fi | |
- name: Build with JDK | |
run: | |
./mvnw install -e -DskipTests -DskipExamples | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: Java Distribution IT | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: jdk-integration-tests-${{ matrix.os }}-${{ matrix.dist }}-${{ matrix.version }} | |
volatile-sessions-tests: | |
name: Volatile Sessions IT | |
needs: [build, conditional] | |
if: needs.conditional.outputs.ci-store == 'true' | |
runs-on: ubuntu-latest | |
timeout-minutes: 150 | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Run base tests | |
run: | | |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh volatile-sessions` | |
echo "Tests: $TESTS" | |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" -Dauth.server.feature.disable=persistent-user-sessions -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: Store IT | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: store-integration-tests-${{ matrix.variant }} | |
- name: EC2 Maven Logs | |
if: failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: store-it-mvn-logs | |
path: .github/scripts/ansible/files | |
external-infinispan-tests: | |
name: External Infinispan IT | |
needs: [ build, conditional ] | |
if: needs.conditional.outputs.ci-store == 'true' | |
runs-on: ubuntu-latest | |
timeout-minutes: 150 | |
strategy: | |
matrix: | |
variant: [ "clusterless,multi-site" ] | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Run base tests without cache | |
run: | | |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh clusterless` | |
echo "Tests: $TESTS" | |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Pinfinispan-server -Dauth.server.feature=${{ matrix.variant }} -Dauth.server.feature.disable=persistent-user-sessions -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: Remote Infinispan IT | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: remote-infinispan-integration-tests | |
auroradb-integration-tests: | |
name: AuroraDB IT | |
needs: conditional | |
if: needs.conditional.outputs.ci-aurora == 'true' | |
runs-on: ubuntu-latest | |
timeout-minutes: 150 | |
steps: | |
- uses: actions/checkout@v4 | |
- id: node-cache | |
name: Node cache | |
uses: ./.github/actions/node-cache | |
- id: aurora-init | |
name: Initialize Aurora environment | |
run: | | |
AWS_REGION=us-east-1 | |
echo "AWS Region: ${AWS_REGION}" | |
aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws configure set region ${AWS_REGION} | |
AURORA_CLUSTER_NAME="gh-action-$(git rev-parse --short HEAD)-${{ github.run_id }}-${{ github.run_attempt }}" | |
PASS=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 13; echo) | |
echo "::add-mask::${PASS}" | |
echo "aurora-cluster-name=${AURORA_CLUSTER_NAME}" >> $GITHUB_OUTPUT | |
echo "aurora-cluster-password=${PASS}" >> $GITHUB_OUTPUT | |
echo "region=${AWS_REGION}" >> $GITHUB_OUTPUT | |
curl --fail-with-body https://truststore.pki.rds.amazonaws.com/${AWS_REGION}/${AWS_REGION}-bundle.pem -o aws.pem | |
PROPS+=' -Dkeycloak.connectionsJpa.jdbcParameters=\"?ssl=true&sslmode=verify-ca&sslrootcert=/opt/keycloak/aws.pem\"' | |
echo "maven_properties=${PROPS}" >> $GITHUB_OUTPUT | |
- id: aurora-create | |
name: Create Aurora DB | |
uses: ./.github/actions/aurora-create-database | |
with: | |
name: ${{ steps.aurora-init.outputs.aurora-cluster-name }} | |
password: ${{ steps.aurora-init.outputs.aurora-cluster-password }} | |
region: ${{ steps.aurora-init.outputs.region }} | |
- id: ec2-create | |
name: Create EC2 runner instance | |
run: | | |
AWS_REGION=${{ steps.aurora-init.outputs.region }} | |
EC2_CLUSTER_NAME=keycloak_$(git rev-parse --short HEAD) | |
echo "ec2_cluster=${EC2_CLUSTER_NAME}" >> $GITHUB_OUTPUT | |
git archive --format=zip --output /tmp/keycloak.zip $GITHUB_REF | |
zip -u /tmp/keycloak.zip aws.pem | |
tar -C ~/ -czvf m2.tar.gz .m2 | |
cd .github/scripts/ansible | |
python3 -m venv .venv | |
source .venv/bin/activate | |
./aws_ec2.sh requirements | |
pipx inject ansible-core boto3 botocore | |
./aws_ec2.sh create ${AWS_REGION} ${EC2_CLUSTER_NAME} | |
./keycloak_ec2_installer.sh ${AWS_REGION} ${EC2_CLUSTER_NAME} /tmp/keycloak.zip m2.tar.gz | |
./mvn_ec2_runner.sh ${AWS_REGION} ${EC2_CLUSTER_NAME} "clean install -B -DskipTests -Pdistribution" | |
./mvn_ec2_runner.sh ${AWS_REGION} ${EC2_CLUSTER_NAME} "clean install -B -DskipTests -pl testsuite/integration-arquillian/servers/auth-server/quarkus -Pauth-server-quarkus -Pdb-aurora-postgres -Dmaven.build.cache.enabled=true" | |
- name: Run Aurora migration tests on EC2 | |
id: aurora-migration-tests | |
env: | |
old-version: 24.0.4 | |
run: | | |
EC2_CLUSTER_NAME=${{ steps.ec2-create.outputs.ec2_cluster }} | |
AWS_REGION=${{ steps.aurora-init.outputs.region }} | |
PROPS='${{ steps.aurora-init.outputs.maven_properties }}' | |
PROPS+=" -Dauth.server.db.host=${{ steps.aurora-create.outputs.endpoint }} -Dkeycloak.connectionsJpa.password=${{ steps.aurora-init.outputs.aurora-cluster-password }}" | |
PROPS+=" -Djdbc.mvn.groupId=software.amazon.jdbc -Djdbc.mvn.artifactId=aws-advanced-jdbc-wrapper -Djdbc.mvn.version=2.3.1 -Djdbc.driver.tmp.dir=target/unpacked/keycloak-${{ env.old-version }}/providers" | |
cd .github/scripts/ansible | |
./mvn_ec2_runner.sh ${AWS_REGION} ${EC2_CLUSTER_NAME} "clean install -B ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Pdb-aurora-postgres -Pauth-server-migration $PROPS -Dtest=MigrationTest -Dmigration.mode=auto -Dmigrated.auth.server.version=${{ env.old-version }} -Dmigration.import.file.name=migration-realm-${{ env.old-version }}.json -Dauth.server.ssl.required=false -f testsuite/integration-arquillian/pom.xml 2>&1 | misc/log/trimmer.sh" | |
# Copy returned surefire-report directories to workspace root to ensure they're discovered | |
results=(files/keycloak/results/*) | |
rsync -a $results/* ../../../ | |
rm -rf $results | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: AuroraDB IT | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: migration-tests-${{ env.old-version }}-aurora-postgres | |
- name: EC2 Maven Logs | |
if: failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: auroraDB-migration-tests-mvn-logs | |
path: .github/scripts/ansible/files | |
- name: Run Aurora integration tests on EC2 | |
id: aurora-integration-tests | |
run: | | |
EC2_CLUSTER_NAME=${{ steps.ec2-create.outputs.ec2_cluster }} | |
AWS_REGION=${{ steps.aurora-init.outputs.region }} | |
PROPS='${{ steps.aurora-init.outputs.maven_properties }}' | |
PROPS+=" -Dauth.server.db.host=${{ steps.aurora-create.outputs.endpoint }} -Dkeycloak.connectionsJpa.password=${{ steps.aurora-init.outputs.aurora-cluster-password }}" | |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh database` | |
echo "Tests: $TESTS" | |
cd .github/scripts/ansible | |
./mvn_ec2_runner.sh ${AWS_REGION} ${EC2_CLUSTER_NAME} "test -B ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Pdb-aurora-postgres $PROPS -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh" | |
# Copy returned surefire-report directories to workspace root to ensure they're discovered | |
results=(files/keycloak/results/*) | |
rsync -a $results/* ../../../ | |
rm -rf $results | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: AuroraDB IT | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: aurora-integration-tests | |
- name: EC2 Maven Logs | |
if: failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: aurora-integration-tests-mvn-logs | |
path: .github/scripts/ansible/files | |
- name: Delete EC2 Instance | |
if: always() | |
working-directory: .github/scripts/ansible | |
run: | | |
source .venv/bin/activate | |
./aws_ec2.sh delete ${{ steps.aurora-init.outputs.region }} ${{ steps.ec2-create.outputs.ec2_cluster }} | |
- name: Delete Aurora DB | |
if: always() | |
run: | | |
gh workflow run aurora-delete.yml \ | |
-f name=${{ steps.aurora-init.outputs.aurora-cluster-name }} \ | |
-f region=${{ steps.aurora-init.outputs.region }} \ | |
--repo ${{ github.repository }} \ | |
--ref ${{ github.ref_name }} | |
env: | |
GH_TOKEN: ${{ github.token }} | |
store-integration-tests: | |
name: Store IT | |
needs: build | |
runs-on: ubuntu-latest | |
timeout-minutes: 75 | |
strategy: | |
matrix: | |
db: [postgres, mysql, oracle, mssql, mariadb] | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Run base tests | |
run: | | |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh database` | |
echo "Tests: $TESTS" | |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Pdb-${{ matrix.db }} "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh | |
- name: Run cluster JDBC_PING2 smoke test | |
run: | | |
./mvnw test ${{ env.SUREFIRE_RETRY }} \ | |
-Pauth-server-cluster-quarkus \ | |
-Pdb-${{ matrix.db }} \ | |
-Dtest=RealmInvalidationClusterTest \ | |
-Dsession.cache.owners=2 \ | |
-Dauth.server.quarkus.cluster.stack=jdbc-ping \ | |
-pl testsuite/integration-arquillian/tests/base \ | |
2>&1 | misc/log/trimmer.sh | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: Store IT | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: store-integration-tests-${{ matrix.db }} | |
store-model-tests: | |
name: Store Model Tests | |
runs-on: ubuntu-latest | |
needs: [build, conditional] | |
if: needs.conditional.outputs.ci-store == 'true' | |
timeout-minutes: 75 | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Run model tests | |
run: testsuite/model/test-all-profiles.sh ${{ env.SUREFIRE_RETRY }} | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: Store Model Tests | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: store-model-tests | |
clustering-integration-tests: | |
name: Clustering IT | |
needs: build | |
runs-on: ubuntu-latest | |
timeout-minutes: 35 | |
env: | |
MAVEN_OPTS: -Xmx1024m | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Run cluster tests | |
run: | | |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-cluster-quarkus,db-postgres "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" -Dsession.cache.owners=2 -Dtest=**.cluster.** -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: Clustering IT | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: clustering-integration-tests | |
fips-unit-tests: | |
name: FIPS UT | |
runs-on: ubuntu-latest | |
needs: build | |
timeout-minutes: 20 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Fake fips | |
run: | | |
cd .github/fake_fips | |
make | |
sudo insmod fake_fips.ko | |
- id: unit-test-setup | |
name: Unit test setup | |
uses: ./.github/actions/unit-test-setup | |
- name: Run crypto tests | |
run: docker run --rm --workdir /github/workspace -v "${{ github.workspace }}":"/github/workspace" -v "$HOME/.m2":"/root/.m2" registry.access.redhat.com/ubi8/ubi:latest .github/scripts/run-fips-ut.sh | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: fips-unit-tests | |
fips-integration-tests: | |
name: FIPS IT | |
needs: build | |
runs-on: ubuntu-latest | |
timeout-minutes: 45 | |
strategy: | |
matrix: | |
mode: [non-strict, strict] | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Fake fips | |
run: | | |
cd .github/fake_fips | |
make | |
sudo insmod fake_fips.ko | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
with: | |
jdk-version: 21 | |
- name: Run base tests | |
run: docker run --rm --workdir /github/workspace -e "SUREFIRE_RERUN_FAILING_COUNT" -v "${{ github.workspace }}":"/github/workspace" -v "$HOME/.m2":"/root/.m2" registry.access.redhat.com/ubi8/ubi:latest .github/scripts/run-fips-it.sh ${{ matrix.mode }} | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: FIPS IT | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: fips-integration-tests-${{ matrix.mode }} | |
forms-integration-tests: | |
name: Forms IT | |
runs-on: ubuntu-latest | |
needs: build | |
timeout-minutes: 75 | |
strategy: | |
matrix: | |
browser: [chrome, firefox] | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Run Forms IT | |
run: | | |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh forms` | |
echo "Tests: $TESTS" | |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -Dbrowser=${{ matrix.browser }} -f testsuite/integration-arquillian/tests/base/pom.xml 2>&1 | misc/log/trimmer.sh | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: Forms IT | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: forms-integration-tests-${{ matrix.browser }} | |
webauthn-integration-tests: | |
name: WebAuthn IT | |
if: needs.conditional.outputs.ci-webauthn == 'true' | |
runs-on: ubuntu-latest | |
needs: build | |
timeout-minutes: 45 | |
strategy: | |
matrix: | |
browser: | |
- chrome | |
- firefox | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Run WebAuthn IT | |
run: | | |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh webauthn` | |
echo "Tests: $TESTS" | |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -Dbrowser=${{ matrix.browser }} "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" "-Dwebdriver.gecko.driver=$GECKOWEBDRIVER/geckodriver" -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: WebAuthn IT | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: webauthn-integration-tests-${{ matrix.browser }} | |
sssd-unit-tests: | |
name: SSSD | |
runs-on: ubuntu-latest | |
if: needs.conditional.outputs.ci-sssd == 'true' | |
needs: | |
- conditional | |
- build | |
timeout-minutes: 30 | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- id: weekly-cache-key | |
name: Key for weekly rotation of cache | |
shell: bash | |
run: echo "key=ipa-data-`date -u "+%Y-%U"`" >> $GITHUB_OUTPUT | |
- id: cache-maven-repository | |
name: ipa-data cache | |
uses: actions/cache@v4 | |
with: | |
path: ~/ipa-data.tar | |
key: ${{ steps.weekly-cache-key.outputs.key }} | |
- name: Run tests | |
run: .github/scripts/run-ipa.sh "${{ github.workspace }}" | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: sssd-unit-tests | |
migration-tests: | |
name: Migration Tests | |
runs-on: ubuntu-latest | |
needs: build | |
timeout-minutes: 45 | |
strategy: | |
matrix: | |
old-version: [24.0.4] | |
database: [postgres, mysql, oracle, mssql, mariadb] | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Run Migration Tests | |
run: | | |
./mvnw clean install ${{ env.SUREFIRE_RETRY }} \ | |
-Pauth-server-quarkus -Pdb-${{ matrix.database }} -Pauth-server-migration \ | |
-Dtest=MigrationTest \ | |
-Dmigration.mode=auto \ | |
-Dmigrated.auth.server.version=${{ matrix.old-version }} \ | |
-Dmigration.import.file.name=migration-realm-${{ matrix.old-version }}.json \ | |
-Dauth.server.ssl.required=false \ | |
-Dauth.server.db.host=localhost \ | |
"-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" \ | |
-f testsuite/integration-arquillian/pom.xml 2>&1 | misc/log/trimmer.sh | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: Migration Tests | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: migration-tests-${{ matrix.old-version }}-${{ matrix.database }} | |
test-framework: | |
name: Keycloak Test Framework | |
runs-on: ubuntu-latest | |
needs: build | |
timeout-minutes: 30 | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Run tests | |
run: ./mvnw test -f test-framework/pom.xml | |
test-poc: | |
name: Test PoC | |
runs-on: ubuntu-latest | |
if: needs.conditional.outputs.ci-test-poc == 'true' | |
needs: | |
- conditional | |
- build | |
timeout-minutes: 30 | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Run tests | |
env: | |
KC_TEST_BROWSER: chrome-headless | |
run: ./mvnw clean install -f test-poc/pom.xml | |
check: | |
name: Status Check - Keycloak CI | |
if: always() | |
needs: | |
- conditional | |
- build | |
- unit-tests | |
- base-integration-tests | |
- adapter-integration-tests | |
- quarkus-unit-tests | |
- quarkus-integration-tests | |
- jdk-integration-tests | |
- store-integration-tests | |
- volatile-sessions-tests | |
- store-model-tests | |
- clustering-integration-tests | |
- fips-unit-tests | |
- fips-integration-tests | |
- forms-integration-tests | |
- webauthn-integration-tests | |
- sssd-unit-tests | |
- migration-tests | |
- external-infinispan-tests | |
- test-poc | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/status-check | |
with: | |
jobs: ${{ toJSON(needs) }} |