Keycloak CI workflow refactoring (#15968)
* Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
This commit is contained in:
parent
6f802b5c1f
commit
a5670af745
35 changed files with 1027 additions and 925 deletions
82
.github/actions/build-keycloak/action.yml
vendored
Normal file
82
.github/actions/build-keycloak/action.yml
vendored
Normal file
|
@ -0,0 +1,82 @@
|
||||||
|
name: Build Keycloak
|
||||||
|
description: Builds Keycloak providing Maven repository with all artifacts
|
||||||
|
|
||||||
|
inputs:
|
||||||
|
upload-m2-repo:
|
||||||
|
description: Upload Maven repository for org.keycloak artifacts
|
||||||
|
required: false
|
||||||
|
default: true
|
||||||
|
upload-dist:
|
||||||
|
description: Upload distribution
|
||||||
|
required: false
|
||||||
|
default: false
|
||||||
|
jdk-dist:
|
||||||
|
description: JDK distribution
|
||||||
|
required: false
|
||||||
|
default: temurin
|
||||||
|
jdk-version:
|
||||||
|
description: JDK version
|
||||||
|
required: false
|
||||||
|
default: 11
|
||||||
|
|
||||||
|
runs:
|
||||||
|
using: composite
|
||||||
|
steps:
|
||||||
|
- id: setup-java
|
||||||
|
name: Setup Java
|
||||||
|
uses: actions/setup-java@v3
|
||||||
|
with:
|
||||||
|
distribution: ${{ inputs.jdk-dist }}
|
||||||
|
java-version: ${{ inputs.jdk-version }}
|
||||||
|
|
||||||
|
- id: maven-cache
|
||||||
|
name: Maven cache
|
||||||
|
uses: ./.github/actions/maven-cache
|
||||||
|
|
||||||
|
- id: phantomjs-cache
|
||||||
|
name: PhantomJS cache
|
||||||
|
uses: ./.github/actions/phantomjs-cache
|
||||||
|
|
||||||
|
- id: npm-cache
|
||||||
|
name: NPM cache
|
||||||
|
uses: ./.github/actions/npm-cache
|
||||||
|
|
||||||
|
- id: build-keycloak
|
||||||
|
name: Build Keycloak
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
MVN_HTTP_CONFIG="-Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120"
|
||||||
|
./mvnw install -nsu -B -e -DskipTests -DskipExamples $MVN_HTTP_CONFIG
|
||||||
|
|
||||||
|
- id: compress-keycloak-maven-repository
|
||||||
|
name: Compress Keycloak Maven artifacts
|
||||||
|
if: inputs.upload-m2-repo == 'true'
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
tar -C ~/ --use-compress-program zstd -cf m2-keycloak.tzts \
|
||||||
|
--exclude '*.tar.gz' \
|
||||||
|
.m2/repository/org/keycloak
|
||||||
|
|
||||||
|
- id: upload-keycloak-maven-repository
|
||||||
|
name: Upload Keycloak Maven artifacts
|
||||||
|
if: inputs.upload-m2-repo == 'true'
|
||||||
|
uses: actions/upload-artifact@v3
|
||||||
|
with:
|
||||||
|
name: m2-keycloak.tzts
|
||||||
|
path: m2-keycloak.tzts
|
||||||
|
retention-days: 1
|
||||||
|
|
||||||
|
- id: upload-keycloak-dist
|
||||||
|
name: Upload Keycloak dist
|
||||||
|
if: inputs.upload-dist == 'true'
|
||||||
|
uses: actions/upload-artifact@v3
|
||||||
|
with:
|
||||||
|
name: keycloak-dist
|
||||||
|
path: quarkus/dist/target/keycloak*.tar.gz
|
||||||
|
retention-days: 1
|
||||||
|
|
||||||
|
- id: maven-cache-cleanup
|
||||||
|
name: Maven cache cleanup
|
||||||
|
if: steps.maven-cache.outputs.cache-hit != 'true'
|
||||||
|
shell: bash
|
||||||
|
run: rm -rf ~/.m2/repository/org/keycloak
|
49
.github/actions/changed-files/action.yml
vendored
Normal file
49
.github/actions/changed-files/action.yml
vendored
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
name: Changed Files
|
||||||
|
description: Checks changes against target branch
|
||||||
|
|
||||||
|
outputs:
|
||||||
|
java:
|
||||||
|
description: Changes to Java files
|
||||||
|
value: ${{ steps.changes.outputs.java }}
|
||||||
|
themes:
|
||||||
|
description: Changes to themes
|
||||||
|
value: ${{ steps.changes.outputs.themes }}
|
||||||
|
js-adapter:
|
||||||
|
description: Changes to JavaScript adapter
|
||||||
|
value: ${{ steps.changes.outputs.js-adapter }}
|
||||||
|
|
||||||
|
runs:
|
||||||
|
using: composite
|
||||||
|
steps:
|
||||||
|
- id: changes
|
||||||
|
name: Find changes
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
BASE_REF=${{ github.base_ref }}
|
||||||
|
|
||||||
|
changed () {
|
||||||
|
git diff --name-only origin/${{ github.base_ref }} | grep -E "$1" &>/dev/null && echo true || echo false
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ "$BASE_REF" != "" ]; then
|
||||||
|
echo "Checking changes against orgin/$BASE_REF"
|
||||||
|
git fetch origin
|
||||||
|
|
||||||
|
JAVA=`changed '^.*/.*.java$'`
|
||||||
|
THEMES=`changed '^themes/src/main/.*$'`
|
||||||
|
JS_ADAPTER=`changed '^adapters/oidc/js/.*$'`
|
||||||
|
else
|
||||||
|
echo "Not a pull request, marking everything as changed"
|
||||||
|
|
||||||
|
JAVA=true
|
||||||
|
THEMES=true
|
||||||
|
JS_ADAPTER=true
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Java changed: $JAVA"
|
||||||
|
echo "Themes changed: $THEMES"
|
||||||
|
echo "JS adapter changed: $JS_ADAPTER"
|
||||||
|
|
||||||
|
echo "java=$JAVA" >> $GITHUB_OUTPUT
|
||||||
|
echo "themes=$THEMES" >> $GITHUB_OUTPUT
|
||||||
|
echo "js-adapter=$JS_ADAPTER" >> $GITHUB_OUTPUT
|
34
.github/actions/checks-job-pass/action.yml
vendored
Normal file
34
.github/actions/checks-job-pass/action.yml
vendored
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
name: Check if a job passed
|
||||||
|
description: Fails if the job is required and was not successful
|
||||||
|
|
||||||
|
inputs:
|
||||||
|
required:
|
||||||
|
description: Is the job required
|
||||||
|
required: true
|
||||||
|
default: true
|
||||||
|
conclusion:
|
||||||
|
description: Job conclusion (success if passed, most likely empty otherwise)
|
||||||
|
required: true
|
||||||
|
|
||||||
|
outputs:
|
||||||
|
status:
|
||||||
|
description: "Check status"
|
||||||
|
value: ${{ steps.changes.outputs.java }}
|
||||||
|
|
||||||
|
runs:
|
||||||
|
using: "composite"
|
||||||
|
steps:
|
||||||
|
- id: check-job
|
||||||
|
name: Check job
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
if [ "${{ inputs.required }}" == "false" ]; then
|
||||||
|
echo "Not required to run, skipping"
|
||||||
|
else
|
||||||
|
if [ "${{ inputs.conclusion }}" == "success" ]; then
|
||||||
|
echo "Success"
|
||||||
|
else
|
||||||
|
echo "Required to run, but didn't succeed"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
16
.github/actions/checks-success/action.yml
vendored
Normal file
16
.github/actions/checks-success/action.yml
vendored
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
name: Mark job as successful
|
||||||
|
description: Workaround for GitHub Actions not setting conclusion on jobs passed through needs
|
||||||
|
|
||||||
|
outputs:
|
||||||
|
conclusion:
|
||||||
|
description: Conclusion
|
||||||
|
value: ${{ steps.check.outputs.conclusion }}
|
||||||
|
|
||||||
|
runs:
|
||||||
|
using: composite
|
||||||
|
steps:
|
||||||
|
- id: check
|
||||||
|
name: Set success
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
echo "conclusion=success" >> $GITHUB_OUTPUT
|
41
.github/actions/integration-test-setup/action.yml
vendored
Normal file
41
.github/actions/integration-test-setup/action.yml
vendored
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
name: Setup integration test
|
||||||
|
description: Download Maven caches needed for integration tests
|
||||||
|
|
||||||
|
inputs:
|
||||||
|
jdk-dist:
|
||||||
|
description: JDK distribution
|
||||||
|
required: false
|
||||||
|
default: temurin
|
||||||
|
jdk-version:
|
||||||
|
description: JDK version
|
||||||
|
required: false
|
||||||
|
default: 11
|
||||||
|
|
||||||
|
runs:
|
||||||
|
using: composite
|
||||||
|
steps:
|
||||||
|
- id: setup-java
|
||||||
|
name: Setup Java
|
||||||
|
uses: actions/setup-java@v3
|
||||||
|
with:
|
||||||
|
distribution: ${{ inputs.jdk-dist }}
|
||||||
|
java-version: ${{ inputs.jdk-version }}
|
||||||
|
|
||||||
|
- id: maven-cache
|
||||||
|
name: Maven cache
|
||||||
|
uses: ./.github/actions/maven-cache
|
||||||
|
|
||||||
|
- id: phantomjs-cache
|
||||||
|
name: PhantomJS cache
|
||||||
|
uses: ./.github/actions/phantomjs-cache
|
||||||
|
|
||||||
|
- id: download-keycloak
|
||||||
|
name: Download Keycloak Maven artifacts
|
||||||
|
uses: actions/download-artifact@v3
|
||||||
|
with:
|
||||||
|
name: m2-keycloak.tzts
|
||||||
|
|
||||||
|
- id: extract-maven-artifacts
|
||||||
|
name: Extract Keycloak Maven artifacts
|
||||||
|
shell: bash
|
||||||
|
run: tar -C ~/ --use-compress-program unzstd -xf m2-keycloak.tzts
|
28
.github/actions/maven-cache/action.yml
vendored
Normal file
28
.github/actions/maven-cache/action.yml
vendored
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
name: Maven Cache
|
||||||
|
description: Caches Maven artifacts
|
||||||
|
|
||||||
|
runs:
|
||||||
|
using: composite
|
||||||
|
steps:
|
||||||
|
- id: weekly-cache-key
|
||||||
|
name: Key for weekly rotation of cache
|
||||||
|
shell: bash
|
||||||
|
run: echo "key=mvn-`date -u "+%Y-%U"`" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
- id: cache-maven-repository
|
||||||
|
name: Maven cache
|
||||||
|
uses: actions/cache@v3
|
||||||
|
with:
|
||||||
|
path: ~/.m2/repository
|
||||||
|
key: ${{ steps.weekly-cache-key.outputs.key }}
|
||||||
|
|
||||||
|
- id: check-maven-cache
|
||||||
|
name: Check cache has no Keycloak artifacts
|
||||||
|
if: steps.cache-maven-repository.outputs.cache-hit == 'true'
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
if ( stat ~/.m2/repository/org/keycloak &>/dev/null ); then
|
||||||
|
echo "Found org/keycloak artifacts in Maven repository cache"
|
||||||
|
ls ~/.m2/repository/org/keycloak
|
||||||
|
exit 1
|
||||||
|
fi
|
17
.github/actions/npm-cache/action.yml
vendored
Normal file
17
.github/actions/npm-cache/action.yml
vendored
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
name: NPM Cache
|
||||||
|
description: Caches NPM artifacts
|
||||||
|
|
||||||
|
runs:
|
||||||
|
using: composite
|
||||||
|
steps:
|
||||||
|
- id: weekly-cache-key
|
||||||
|
name: Key for weekly rotation of cache
|
||||||
|
shell: bash
|
||||||
|
run: echo "key=npm-`date -u "+%Y-%U"`" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
- id: cache-npm-repository
|
||||||
|
name: NPM cache
|
||||||
|
uses: actions/cache@v3
|
||||||
|
with:
|
||||||
|
path: ~/.npm
|
||||||
|
key: ${{ steps.weekly-cache-key.outputs.key }}
|
26
.github/actions/phantomjs-cache/action.yml
vendored
Normal file
26
.github/actions/phantomjs-cache/action.yml
vendored
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
name: PhantomJS Cache
|
||||||
|
description: Caches PhantomJS driver
|
||||||
|
|
||||||
|
inputs:
|
||||||
|
version:
|
||||||
|
description: PhantomJS Driver version
|
||||||
|
required: false
|
||||||
|
default: 2.1.1
|
||||||
|
|
||||||
|
runs:
|
||||||
|
using: composite
|
||||||
|
steps:
|
||||||
|
- id: cache-phantomjs-driver
|
||||||
|
name: PhantomJS Driver cache
|
||||||
|
uses: actions/cache@v3
|
||||||
|
with:
|
||||||
|
path: ~/.arquillian/drone
|
||||||
|
key: phantomjs-${{ inputs.version }}
|
||||||
|
|
||||||
|
- id: download-phantomjs-driver
|
||||||
|
name: Download PhantomJS Driver
|
||||||
|
if: steps.cache-phantomjs-driver.outputs.cache-hit != 'true'
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
mkdir -p ~/.arquillian/drone/phantomjs/${{ inputs.version }}/
|
||||||
|
curl -L https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-${{ inputs.version }}-linux-x86_64.tar.bz2 --output ~/.arquillian/drone/phantomjs/${{ inputs.version }}/phantomjs-${{ inputs.version }}-linux-x86_64.tar.bz2
|
26
.github/actions/unit-test-setup/action.yml
vendored
Normal file
26
.github/actions/unit-test-setup/action.yml
vendored
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
name: Setup unit test
|
||||||
|
description: Download Maven caches needed for unit tests
|
||||||
|
|
||||||
|
inputs:
|
||||||
|
jdk-dist:
|
||||||
|
description: JDK distribution
|
||||||
|
required: false
|
||||||
|
default: temurin
|
||||||
|
jdk-version:
|
||||||
|
description: JDK version
|
||||||
|
required: false
|
||||||
|
default: 11
|
||||||
|
|
||||||
|
runs:
|
||||||
|
using: composite
|
||||||
|
steps:
|
||||||
|
- id: setup-java
|
||||||
|
name: Setup Java
|
||||||
|
uses: actions/setup-java@v3
|
||||||
|
with:
|
||||||
|
distribution: ${{ inputs.jdk-dist }}
|
||||||
|
java-version: ${{ inputs.jdk-version }}
|
||||||
|
|
||||||
|
- id: maven-cache
|
||||||
|
name: Maven cache
|
||||||
|
uses: ./.github/actions/maven-cache
|
11
.github/scripts/quickstarts/prepare-server.sh
vendored
11
.github/scripts/quickstarts/prepare-server.sh
vendored
|
@ -1,11 +0,0 @@
|
||||||
#!/bin/bash -e
|
|
||||||
|
|
||||||
VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec -f keycloak)
|
|
||||||
|
|
||||||
unzip ~/.m2/repository/org/keycloak/keycloak-server-dist/${VERSION}/keycloak-server-dist-${VERSION}.zip
|
|
||||||
mv keycloak-${VERSION} keycloak-dist
|
|
||||||
|
|
||||||
keycloak-dist/bin/add-user-keycloak.sh -u admin -p admin
|
|
||||||
|
|
||||||
# update QS version to match KC version
|
|
||||||
mvn versions:set -DnewVersion=$VERSION -DgenerateBackupPoms=false -DgroupId=org.keycloak* -DartifactId=* -Pbump-version -B
|
|
48
.github/settings.xml
vendored
48
.github/settings.xml
vendored
|
@ -1,48 +0,0 @@
|
||||||
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
|
|
||||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
||||||
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
|
|
||||||
https://maven.apache.org/xsd/settings-1.0.0.xsd">
|
|
||||||
<profiles>
|
|
||||||
<profile>
|
|
||||||
<id>update-policy</id>
|
|
||||||
<activation>
|
|
||||||
<activeByDefault>true</activeByDefault>
|
|
||||||
</activation>
|
|
||||||
<repositories>
|
|
||||||
<repository>
|
|
||||||
<id>central</id>
|
|
||||||
<name>Maven Central</name>
|
|
||||||
<url>https://repo.maven.apache.org/maven2</url>
|
|
||||||
<snapshots>
|
|
||||||
<enabled>false</enabled>
|
|
||||||
</snapshots>
|
|
||||||
<releases>
|
|
||||||
<updatePolicy>interval:43200</updatePolicy>
|
|
||||||
</releases>
|
|
||||||
</repository>
|
|
||||||
<repository>
|
|
||||||
<id>jboss-public-repository</id>
|
|
||||||
<name>Jboss Public</name>
|
|
||||||
<url>https://repository.jboss.org/nexus/content/groups/public/</url>
|
|
||||||
<snapshots>
|
|
||||||
<enabled>false</enabled>
|
|
||||||
</snapshots>
|
|
||||||
<releases>
|
|
||||||
<updatePolicy>interval:43200</updatePolicy>
|
|
||||||
</releases>
|
|
||||||
</repository>
|
|
||||||
<repository>
|
|
||||||
<id>redhat-enterprise-maven-repository</id>
|
|
||||||
<name>Red Hat Enterprise Maven Repository</name>
|
|
||||||
<url>https://maven.repository.redhat.com/ga/</url>
|
|
||||||
<snapshots>
|
|
||||||
<enabled>false</enabled>
|
|
||||||
</snapshots>
|
|
||||||
<releases>
|
|
||||||
<updatePolicy>interval:43200</updatePolicy>
|
|
||||||
</releases>
|
|
||||||
</repository>
|
|
||||||
</repositories>
|
|
||||||
</profile>
|
|
||||||
</profiles>
|
|
||||||
</settings>
|
|
669
.github/workflows/ci.yml
vendored
669
.github/workflows/ci.yml
vendored
|
@ -2,374 +2,198 @@ name: Keycloak CI
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches-ignore: [main]
|
branches-ignore:
|
||||||
# as the ci.yml contains actions that are required for PRs to be merged, it will always need to run on all PRs
|
- main
|
||||||
pull_request: {}
|
- dependabot/**
|
||||||
|
pull_request:
|
||||||
schedule:
|
schedule:
|
||||||
- cron: '0 20,23,2,5 * * *'
|
- cron: 0 20,23,2,5 * * *
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
|
||||||
env:
|
env:
|
||||||
DEFAULT_JDK_VERSION: 11
|
DEFAULT_JDK_VERSION: 11
|
||||||
MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120
|
DEFAULT_JDK_DIST: temurin
|
||||||
|
|
||||||
concurrency:
|
concurrency:
|
||||||
# Only cancel jobs for new commits on PRs, and always do a complete run on other branches (e.g. `main`).
|
# Only cancel jobs for PR updates
|
||||||
# See: https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value
|
group: ci-${{ github.head_ref || github.run_id }}
|
||||||
group: keycloak-ci-${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
cancel-in-progress: true
|
||||||
|
|
||||||
|
defaults:
|
||||||
|
run:
|
||||||
|
shell: bash
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
name: Build
|
name: Build
|
||||||
if: ${{ ( github.event_name != 'schedule' ) || ( github.event_name == 'schedule' && github.repository == 'keycloak/keycloak' ) }}
|
if: github.event_name != 'schedule' || github.repository == 'keycloak/keycloak'
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- uses: actions/setup-java@v3
|
|
||||||
with:
|
|
||||||
distribution: 'temurin'
|
|
||||||
java-version: ${{ env.DEFAULT_JDK_VERSION }}
|
|
||||||
cache: 'maven'
|
|
||||||
- name: Update maven settings
|
|
||||||
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
|
|
||||||
|
|
||||||
- name: Build Keycloak
|
- name: Build Keycloak
|
||||||
run: |
|
uses: ./.github/actions/build-keycloak
|
||||||
./mvnw clean install -nsu -B -e -DskipTests -Pdistribution
|
|
||||||
./mvnw clean install -nsu -B -e -f testsuite/integration-arquillian/servers/auth-server -Pauth-server-quarkus
|
|
||||||
./mvnw clean install -nsu -B -e -f testsuite/integration-arquillian/servers/auth-server -Pauth-server-undertow
|
|
||||||
|
|
||||||
- name: Store Keycloak artifacts
|
|
||||||
id: store-keycloak
|
|
||||||
uses: actions/upload-artifact@v3
|
|
||||||
with:
|
|
||||||
name: keycloak-artifacts.zip
|
|
||||||
retention-days: 1
|
|
||||||
path: |
|
|
||||||
~/.m2/repository/org/keycloak
|
|
||||||
!~/.m2/repository/org/keycloak/**/*.tar.gz
|
|
||||||
|
|
||||||
- name: Remove keycloak artifacts before caching
|
|
||||||
if: steps.cache.outputs.cache-hit != 'true'
|
|
||||||
run: rm -rf ~/.m2/repository/org/keycloak
|
|
||||||
|
|
||||||
# Tests: Regular distribution
|
|
||||||
|
|
||||||
unit-tests:
|
unit-tests:
|
||||||
name: Unit Tests
|
name: Base UT
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
needs: build
|
needs: build
|
||||||
timeout-minutes: 30
|
timeout-minutes: 30
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- uses: actions/setup-java@v3
|
|
||||||
with:
|
- id: unit-test-setup
|
||||||
distribution: 'temurin'
|
name: Unit test setup
|
||||||
java-version: ${{ env.DEFAULT_JDK_VERSION }}
|
uses: ./.github/actions/unit-test-setup
|
||||||
cache: 'maven'
|
|
||||||
- name: Update maven settings
|
|
||||||
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
|
|
||||||
- name: Cleanup org.keycloak artifacts
|
|
||||||
run: rm -rf ~/.m2/repository/org/keycloak >/dev/null || true
|
|
||||||
- name: Download built keycloak
|
|
||||||
id: download-keycloak
|
|
||||||
uses: actions/download-artifact@v3
|
|
||||||
with:
|
|
||||||
path: ~/.m2/repository/org/keycloak/
|
|
||||||
name: keycloak-artifacts.zip
|
|
||||||
- name: Run unit tests
|
- name: Run unit tests
|
||||||
run: |
|
run: ./mvnw install -nsu -B -DskipTestsuite -DskipQuarkus -DskipExamples
|
||||||
if ! ./mvnw install -nsu -B -DskipTestsuite -DskipQuarkus -DskipExamples -f pom.xml; then
|
|
||||||
find . -path '*/target/surefire-reports/*.xml' | zip -q reports-unit-tests.zip -@
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Analyze Test and/or Coverage Results
|
base-integration-tests:
|
||||||
uses: runforesight/foresight-test-kit-action@v1.3.0
|
name: Base IT
|
||||||
if: always() && github.repository == 'keycloak/keycloak'
|
|
||||||
with:
|
|
||||||
api_key: ${{ secrets.FORESIGHT_API_KEY }}
|
|
||||||
test_format: JUNIT
|
|
||||||
test_framework: JUNIT
|
|
||||||
test_path: '**/target/surefire-reports/*.xml'
|
|
||||||
|
|
||||||
- name: Unit test reports
|
|
||||||
uses: actions/upload-artifact@v3
|
|
||||||
if: failure()
|
|
||||||
with:
|
|
||||||
name: reports-unit-tests
|
|
||||||
retention-days: 14
|
|
||||||
path: reports-unit-tests.zip
|
|
||||||
if-no-files-found: ignore
|
|
||||||
|
|
||||||
crypto-tests:
|
|
||||||
name: Crypto Tests
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
needs: build
|
|
||||||
timeout-minutes: 20
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
- uses: actions/setup-java@v3
|
|
||||||
with:
|
|
||||||
distribution: 'temurin'
|
|
||||||
java-version: ${{ env.DEFAULT_JDK_VERSION }}
|
|
||||||
cache: 'maven'
|
|
||||||
- name: Update maven settings
|
|
||||||
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
|
|
||||||
- name: Cleanup org.keycloak artifacts
|
|
||||||
run: rm -rf ~/.m2/repository/org/keycloak >/dev/null || true
|
|
||||||
- name: Download built keycloak
|
|
||||||
id: download-keycloak
|
|
||||||
uses: actions/download-artifact@v3
|
|
||||||
with:
|
|
||||||
path: ~/.m2/repository/org/keycloak/
|
|
||||||
name: keycloak-artifacts.zip
|
|
||||||
- name: Run crypto tests (BCFIPS non-approved mode)
|
|
||||||
run: |
|
|
||||||
if ! ./mvnw install -nsu -B -f crypto/pom.xml -Dcom.redhat.fips=true; then
|
|
||||||
find . -path 'crypto/target/surefire-reports/*.xml' | zip -q reports-crypto-tests.zip -@
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Run crypto tests (BCFIPS approved mode)
|
|
||||||
run: |
|
|
||||||
if ! ./mvnw install -nsu -B -f crypto/pom.xml -Dcom.redhat.fips=true -Dorg.bouncycastle.fips.approved_only=true; then
|
|
||||||
find . -path 'crypto/target/surefire-reports/*.xml' | zip -q reports-crypto-tests.zip -@
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Crypto test reports
|
|
||||||
uses: actions/upload-artifact@v3
|
|
||||||
if: failure()
|
|
||||||
with:
|
|
||||||
name: reports-crypto-tests
|
|
||||||
retention-days: 14
|
|
||||||
path: reports-crypto-tests.zip
|
|
||||||
if-no-files-found: ignore
|
|
||||||
|
|
||||||
model-tests:
|
|
||||||
name: Model Tests
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
needs: build
|
|
||||||
timeout-minutes: 60
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
- uses: actions/setup-java@v3
|
|
||||||
with:
|
|
||||||
distribution: 'temurin'
|
|
||||||
java-version: ${{ env.DEFAULT_JDK_VERSION }}
|
|
||||||
cache: 'maven'
|
|
||||||
- name: Update maven settings
|
|
||||||
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
|
|
||||||
- name: Cleanup org.keycloak artifacts
|
|
||||||
run: rm -rf ~/.m2/repository/org/keycloak >/dev/null || true
|
|
||||||
- name: Download built keycloak
|
|
||||||
id: download-keycloak
|
|
||||||
uses: actions/download-artifact@v3
|
|
||||||
with:
|
|
||||||
path: ~/.m2/repository/org/keycloak/
|
|
||||||
name: keycloak-artifacts.zip
|
|
||||||
- name: Run model tests
|
|
||||||
run: |
|
|
||||||
if ! testsuite/model/test-all-profiles.sh; then
|
|
||||||
find . -path '*/target/surefire-reports*/*.xml' | zip -q reports-model-tests.zip -@
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Analyze Test and/or Coverage Results
|
|
||||||
uses: runforesight/foresight-test-kit-action@v1.3.0
|
|
||||||
if: always() && github.repository == 'keycloak/keycloak'
|
|
||||||
with:
|
|
||||||
api_key: ${{ secrets.FORESIGHT_API_KEY }}
|
|
||||||
test_format: JUNIT
|
|
||||||
test_framework: JUNIT
|
|
||||||
test_path: 'testsuite/model/target/surefire-reports/*.xml'
|
|
||||||
|
|
||||||
- name: Model test reports
|
|
||||||
uses: actions/upload-artifact@v3
|
|
||||||
if: failure()
|
|
||||||
with:
|
|
||||||
name: reports-model-tests
|
|
||||||
retention-days: 14
|
|
||||||
path: reports-model-tests.zip
|
|
||||||
if-no-files-found: ignore
|
|
||||||
|
|
||||||
test:
|
|
||||||
name: Base testsuite
|
|
||||||
needs: build
|
needs: build
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
timeout-minutes: 100
|
timeout-minutes: 100
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
server: ['quarkus', 'quarkus-map', 'quarkus-map-hot-rod', 'quarkus-map-jpa']
|
group: [1, 2, 3, 4, 5, 6]
|
||||||
tests: ['group1','group2','group3']
|
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- name: Check whether HEAD^ contains HotRod storage relevant changes
|
- id: integration-test-setup
|
||||||
run: echo "GIT_HOTROD_RELEVANT_DIFF=$( git diff --name-only HEAD^ | egrep -ic -e '^model/map-hot-rod|^model/map/|^model/build-processor' )" >> $GITHUB_ENV
|
name: Integration test setup
|
||||||
|
uses: ./.github/actions/integration-test-setup
|
||||||
|
|
||||||
- name: Check whether HotRod storage matrix should be executed
|
|
||||||
if: ${{ endsWith(matrix.server, '-map-hot-rod') && env.GIT_HOTROD_RELEVANT_DIFF == 0 }}
|
|
||||||
run: echo "SHOULD_BE_EXECUTED=false" >> $GITHUB_ENV
|
|
||||||
|
|
||||||
- name: Check whether HEAD^ contains JPA map storage relevant changes
|
|
||||||
run: echo "GIT_MAP_JPA_RELEVANT_DIFF=$( git diff --name-only HEAD^ | egrep -ic -e '^model/map-jpa/|^model/map/|^model/build-processor' )" >> $GITHUB_ENV
|
|
||||||
|
|
||||||
- name: Check whether Map-JPA storage matrix should be executed
|
|
||||||
if: ${{ endsWith(matrix.server, '-map-jpa') && env.GIT_MAP_JPA_RELEVANT_DIFF == 0 }}
|
|
||||||
run: echo "SHOULD_BE_EXECUTED=false" >> $GITHUB_ENV
|
|
||||||
|
|
||||||
- name: Cache Maven packages
|
|
||||||
if: ${{ github.event_name != 'pull_request' || env.SHOULD_BE_EXECUTED != 'false' }}
|
|
||||||
uses: actions/cache@v3
|
|
||||||
with:
|
|
||||||
path: ~/.m2/repository
|
|
||||||
key: cache-2-${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
|
|
||||||
restore-keys: cache-1-${{ runner.os }}-m2
|
|
||||||
|
|
||||||
- name: Download built keycloak
|
|
||||||
if: ${{ github.event_name != 'pull_request' || env.SHOULD_BE_EXECUTED != 'false' }}
|
|
||||||
id: download-keycloak
|
|
||||||
uses: actions/download-artifact@v3
|
|
||||||
with:
|
|
||||||
path: ~/.m2/repository/org/keycloak/
|
|
||||||
name: keycloak-artifacts.zip
|
|
||||||
|
|
||||||
# - name: List M2 repo
|
|
||||||
# run: |
|
|
||||||
# find ~ -name *dist*.zip
|
|
||||||
# ls -lR ~/.m2/repository
|
|
||||||
|
|
||||||
- uses: actions/setup-java@v3
|
|
||||||
if: ${{ github.event_name != 'pull_request' || env.SHOULD_BE_EXECUTED != 'false' }}
|
|
||||||
with:
|
|
||||||
distribution: 'temurin'
|
|
||||||
java-version: ${{ env.DEFAULT_JDK_VERSION }}
|
|
||||||
- name: Update maven settings
|
|
||||||
if: ${{ github.event_name != 'pull_request' || env.SHOULD_BE_EXECUTED != 'false' }}
|
|
||||||
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
|
|
||||||
- name: Prepare test providers
|
|
||||||
if: ${{ matrix.server == 'quarkus' || matrix.server == 'quarkus-map' }}
|
|
||||||
run: ./mvnw clean install -nsu -B -e -f testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers -Pauth-server-quarkus
|
|
||||||
- name: Run base tests
|
- name: Run base tests
|
||||||
if: ${{ github.event_name != 'pull_request' || env.SHOULD_BE_EXECUTED != 'false' }}
|
|
||||||
run: |
|
run: |
|
||||||
declare -A PARAMS TESTGROUP
|
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh ${{ matrix.group }}`
|
||||||
PARAMS["quarkus"]="-Pauth-server-quarkus"
|
echo "Tests: $TESTS"
|
||||||
PARAMS["quarkus-map"]="-Pauth-server-quarkus -Pmap-storage -Dpageload.timeout=90000"
|
./mvnw install -nsu -B -Pauth-server-quarkus -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base | misc/log/trimmer.sh
|
||||||
PARAMS["quarkus-map-hot-rod"]="-Pauth-server-quarkus -Pmap-storage,map-storage-hot-rod -Dpageload.timeout=90000"
|
|
||||||
PARAMS["quarkus-map-jpa"]="-Pauth-server-quarkus -Pmap-storage,map-storage-jpa -Dpageload.timeout=90000"
|
|
||||||
TESTGROUP["group1"]="-Dtest=!**.crossdc.**,!**.cluster.**,%regex[org.keycloak.testsuite.(a[abc]|ad[a-l]|[^a-q]).*]" # Tests alphabetically before admin tests and those after "r"
|
|
||||||
TESTGROUP["group2"]="-Dtest=!**.crossdc.**,!**.cluster.**,%regex[org.keycloak.testsuite.(ad[^a-l]|a[^a-d]|b).*]" # Admin tests and those starting with "b"
|
|
||||||
TESTGROUP["group3"]="-Dtest=!**.crossdc.**,!**.cluster.**,%regex[org.keycloak.testsuite.([c-q]).*]" # All the rest
|
|
||||||
|
|
||||||
./mvnw clean install -nsu -B ${PARAMS["${{ matrix.server }}"]} ${TESTGROUP["${{ matrix.tests }}"]} -f testsuite/integration-arquillian/tests/base/pom.xml | misc/log/trimmer.sh
|
quarkus-integration-tests:
|
||||||
|
name: Quarkus IT
|
||||||
|
needs: build
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
timeout-minutes: 115
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
server: [zip, container, storage]
|
||||||
|
fail-fast: false
|
||||||
|
env:
|
||||||
|
MAVEN_OPTS: -Xmx1024m
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
TEST_RESULT=${PIPESTATUS[0]}
|
- id: unit-test-setup
|
||||||
find . -path '*/target/surefire-reports/*.xml' | zip -q reports-${{ matrix.server }}-base-tests-${{ matrix.tests }}.zip -@
|
name: Unit test setup
|
||||||
exit $TEST_RESULT
|
uses: ./.github/actions/unit-test-setup
|
||||||
|
|
||||||
- name: Analyze Test and/or Coverage Results
|
- name: Run Quarkus integration Tests
|
||||||
uses: runforesight/foresight-test-kit-action@v1.3.0
|
run: |
|
||||||
if: always() && github.repository == 'keycloak/keycloak'
|
declare -A PARAMS
|
||||||
|
PARAMS["zip"]=""
|
||||||
|
PARAMS["container"]="-Dkc.quarkus.tests.dist=docker"
|
||||||
|
PARAMS["storage"]="-Ptest-database -Dtest=PostgreSQLDistTest,MariaDBDistTest#testSuccessful,MySQLDistTest#testSuccessful,DatabaseOptionsDistTest,JPAStoreDistTest,HotRodStoreDistTest,MixedStoreDistTest"
|
||||||
|
|
||||||
|
./mvnw install -nsu -B -pl quarkus/tests/integration -am -DskipTests
|
||||||
|
./mvnw test -nsu -B -pl quarkus/tests/integration ${PARAMS["${{ matrix.server }}"]} | misc/log/trimmer.sh
|
||||||
|
|
||||||
|
jdk-integration-tests:
|
||||||
|
name: Java Distribution IT
|
||||||
|
needs: build
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
timeout-minutes: 100
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
dist: [temurin]
|
||||||
|
version: [17, 19]
|
||||||
|
fail-fast: false
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
|
- id: integration-test-setup
|
||||||
|
name: Integration test setup
|
||||||
|
uses: ./.github/actions/integration-test-setup
|
||||||
with:
|
with:
|
||||||
api_key: ${{ secrets.FORESIGHT_API_KEY }}
|
jdk-dist: ${{ matrix.dist }}
|
||||||
test_format: JUNIT
|
jdk-version: ${{ matrix.version }}
|
||||||
test_framework: JUNIT
|
|
||||||
test_path: 'testsuite/integration-arquillian/tests/base/target/surefire-reports/*.xml'
|
|
||||||
|
|
||||||
- name: Base test reports
|
- name: Prepare Quarkus distribution with current JDK
|
||||||
uses: actions/upload-artifact@v3
|
run: ./mvnw install -nsu -B -e -pl testsuite/integration-arquillian/servers/auth-server/quarkus
|
||||||
if: failure()
|
|
||||||
with:
|
|
||||||
name: reports-${{ matrix.server }}-base-tests-${{ matrix.tests }}
|
|
||||||
retention-days: 14
|
|
||||||
path: reports-${{ matrix.server }}-base-tests-${{ matrix.tests }}.zip
|
|
||||||
if-no-files-found: ignore
|
|
||||||
|
|
||||||
test-fips:
|
- name: Run base tests
|
||||||
name: Base testsuite (fips)
|
run: |
|
||||||
|
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh jdk`
|
||||||
|
echo "Tests: $TESTS"
|
||||||
|
./mvnw install -nsu -B -Pauth-server-quarkus -Pdb-${{ matrix.db }} -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base | misc/log/trimmer.sh
|
||||||
|
|
||||||
|
new-store-integration-tests:
|
||||||
|
name: New Store IT
|
||||||
needs: build
|
needs: build
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
timeout-minutes: 45
|
timeout-minutes: 45
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
server: ['bcfips-nonapproved-pkcs12']
|
db: [chm, hot-rod, jpa]
|
||||||
tests: ['group1', 'group2']
|
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- name: Cache Maven packages
|
- id: integration-test-setup
|
||||||
uses: actions/cache@v3
|
name: Integration test setup
|
||||||
with:
|
uses: ./.github/actions/integration-test-setup
|
||||||
path: ~/.m2/repository
|
|
||||||
key: cache-2-${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
|
|
||||||
restore-keys: cache-1-${{ runner.os }}-m2
|
|
||||||
|
|
||||||
- name: Download built keycloak
|
|
||||||
id: download-keycloak
|
|
||||||
uses: actions/download-artifact@v3
|
|
||||||
with:
|
|
||||||
path: ~/.m2/repository/org/keycloak/
|
|
||||||
name: keycloak-artifacts.zip
|
|
||||||
|
|
||||||
# - name: List M2 repo
|
|
||||||
# run: |
|
|
||||||
# find ~ -name *dist*.zip
|
|
||||||
# ls -lR ~/.m2/repository
|
|
||||||
|
|
||||||
- uses: actions/setup-java@v3
|
|
||||||
with:
|
|
||||||
distribution: 'temurin'
|
|
||||||
java-version: ${{ env.DEFAULT_JDK_VERSION }}
|
|
||||||
- name: Update maven settings
|
|
||||||
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
|
|
||||||
- name: Prepare quarkus distribution with BCFIPS
|
|
||||||
run: ./mvnw clean install -nsu -B -e -f testsuite/integration-arquillian/servers/auth-server/quarkus -Pauth-server-quarkus,auth-server-fips140-2
|
|
||||||
- name: Run base tests
|
- name: Run base tests
|
||||||
run: |
|
run: |
|
||||||
declare -A PARAMS TESTGROUP
|
declare -A PARAMS
|
||||||
PARAMS["bcfips-nonapproved-pkcs12"]="-Pauth-server-quarkus,auth-server-fips140-2"
|
PARAMS["chm"]="-Pmap-storage -Dpageload.timeout=90000"
|
||||||
# Tests in the package "forms" and some keystore related tests
|
PARAMS["hot-rod"]="-Pmap-storage,map-storage-hot-rod -Dpageload.timeout=90000"
|
||||||
TESTGROUP["group1"]="-Dtest=org.keycloak.testsuite.forms.**,ClientAuthSignedJWTTest,CredentialsTest,JavaKeystoreKeyProviderTest,ServerInfoTest,UserFederationLdapConnectionTest,LDAPUserLoginTest"
|
PARAMS["jpa"]="-Pmap-storage,map-storage-jpa -Dpageload.timeout=90000"
|
||||||
TESTGROUP["group2"]="-Dtest=org.keycloak.testsuite.x509.**,MutualTLSClientTest,FAPI1Test,FAPICIBATest,KcRegTest,KcRegCreateTest,KcAdmTest,KcAdmCreateTest" # Tests for X.509 authentication with users and clients and CLI tests
|
|
||||||
|
|
||||||
./mvnw clean install -nsu -B ${PARAMS["${{ matrix.server }}"]} ${TESTGROUP["${{ matrix.tests }}"]} -f testsuite/integration-arquillian/tests/base/pom.xml | misc/log/trimmer.sh
|
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh database`
|
||||||
|
echo "Tests: $TESTS"
|
||||||
|
./mvnw install -nsu -B -Pauth-server-quarkus ${PARAMS["${{ matrix.db }}"]} -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base | misc/log/trimmer.sh
|
||||||
|
|
||||||
TEST_RESULT=${PIPESTATUS[0]}
|
legacy-store-integration-tests:
|
||||||
find . -path '*/target/surefire-reports/*.xml' | zip -q reports-${{ matrix.server }}-base-tests-${{ matrix.tests }}.zip -@
|
name: Legacy Store IT
|
||||||
exit $TEST_RESULT
|
needs: build
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
timeout-minutes: 45
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
db: [postgres, mysql] # 'mariadb' is not always shutting down, 'mssql', 'oracle11g' containers not available
|
||||||
|
fail-fast: false
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
- name: Analyze Test and/or Coverage Results
|
- id: integration-test-setup
|
||||||
uses: runforesight/foresight-test-kit-action@v1.3.0
|
name: Integration test setup
|
||||||
if: always() && github.repository == 'keycloak/keycloak'
|
uses: ./.github/actions/integration-test-setup
|
||||||
with:
|
|
||||||
api_key: ${{ secrets.FORESIGHT_API_KEY }}
|
|
||||||
test_format: JUNIT
|
|
||||||
test_framework: JUNIT
|
|
||||||
test_path: 'testsuite/integration-arquillian/tests/base/target/surefire-reports/*.xml'
|
|
||||||
|
|
||||||
- name: Base test reports
|
- name: Run base tests
|
||||||
uses: actions/upload-artifact@v3
|
run: |
|
||||||
if: failure()
|
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh database`
|
||||||
with:
|
echo "Tests: $TESTS"
|
||||||
name: reports-${{ matrix.server }}-base-tests-${{ matrix.tests }}
|
./mvnw install -nsu -B -Pauth-server-quarkus -Pdb-${{ matrix.db }} -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base | misc/log/trimmer.sh
|
||||||
retention-days: 14
|
|
||||||
path: reports-${{ matrix.server }}-base-tests-${{ matrix.tests }}.zip
|
|
||||||
if-no-files-found: ignore
|
|
||||||
|
|
||||||
### Tests: Quarkus distribution
|
store-model-tests:
|
||||||
|
name: Store Model Tests
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
needs: build
|
||||||
|
timeout-minutes: 60
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
quarkus-test-cluster:
|
- id: integration-test-setup
|
||||||
name: Quarkus Test Clustering
|
name: Integration test setup
|
||||||
|
uses: ./.github/actions/integration-test-setup
|
||||||
|
|
||||||
|
- name: Run model tests
|
||||||
|
run: testsuite/model/test-all-profiles.sh
|
||||||
|
|
||||||
|
clustering-integration-tests:
|
||||||
|
name: Legacy Clustering IT
|
||||||
needs: build
|
needs: build
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
timeout-minutes: 35
|
timeout-minutes: 35
|
||||||
|
@ -378,181 +202,86 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
- uses: actions/setup-java@v3
|
- id: integration-test-setup
|
||||||
with:
|
name: Integration test setup
|
||||||
distribution: 'temurin'
|
uses: ./.github/actions/integration-test-setup
|
||||||
java-version: ${{ env.DEFAULT_JDK_VERSION }}
|
|
||||||
cache: 'maven'
|
|
||||||
|
|
||||||
- name: Cleanup org.keycloak artifacts
|
- name: Run cluster tests
|
||||||
run: rm -rf ~/.m2/repository/org/keycloak >/dev/null || true
|
|
||||||
|
|
||||||
- name: Download built keycloak
|
|
||||||
id: download-keycloak
|
|
||||||
uses: actions/download-artifact@v3
|
|
||||||
with:
|
|
||||||
path: ~/.m2/repository/org/keycloak/
|
|
||||||
name: keycloak-artifacts.zip
|
|
||||||
- uses: actions/setup-java@v3
|
|
||||||
with:
|
|
||||||
distribution: 'temurin'
|
|
||||||
java-version: ${{ env.DEFAULT_JDK_VERSION }}
|
|
||||||
- name: Update maven settings
|
|
||||||
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
|
|
||||||
- name: Run Quarkus cluster tests
|
|
||||||
run: |
|
run: |
|
||||||
echo '::group::Compiling testsuite'
|
./mvnw install -nsu -B -Pauth-server-cluster-quarkus -Dsession.cache.owners=2 -Dtest=**.cluster.** -pl testsuite/integration-arquillian/tests/base | misc/log/trimmer.sh
|
||||||
./mvnw clean install -nsu -B -Pauth-server-quarkus -DskipTests -f testsuite/pom.xml
|
|
||||||
echo '::endgroup::'
|
|
||||||
./mvnw clean install -nsu -B -Pauth-server-cluster-quarkus -Dsession.cache.owners=2 -Dtest=**.cluster.** -f testsuite/integration-arquillian/pom.xml | misc/log/trimmer.sh
|
|
||||||
TEST_RESULT=${PIPESTATUS[0]}
|
|
||||||
find . -path '*/target/surefire-reports/*.xml' | zip -q reports-quarkus-cluster-tests.zip -@
|
|
||||||
exit $TEST_RESULT
|
|
||||||
|
|
||||||
- name: Analyze Test and/or Coverage Results
|
fips-unit-tests:
|
||||||
uses: runforesight/foresight-test-kit-action@v1.3.0
|
name: FIPS UT
|
||||||
if: always() && github.repository == 'keycloak/keycloak'
|
|
||||||
with:
|
|
||||||
api_key: ${{ secrets.FORESIGHT_API_KEY }}
|
|
||||||
test_format: JUNIT
|
|
||||||
test_framework: JUNIT
|
|
||||||
test_path: 'testsuite/integration-arquillian/tests/base/target/surefire-reports/*.xml'
|
|
||||||
|
|
||||||
- name: Quarkus cluster test reports
|
|
||||||
uses: actions/upload-artifact@v3
|
|
||||||
if: failure()
|
|
||||||
with:
|
|
||||||
name: reports-quarkus-cluster-tests
|
|
||||||
retention-days: 14
|
|
||||||
path: reports-quarkus-cluster-tests.zip
|
|
||||||
if-no-files-found: ignore
|
|
||||||
|
|
||||||
### Tests: Quarkus distribution
|
|
||||||
|
|
||||||
quarkus-tests:
|
|
||||||
name: Quarkus Tests
|
|
||||||
needs: build
|
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
timeout-minutes: 115
|
needs: build
|
||||||
env:
|
timeout-minutes: 20
|
||||||
MAVEN_OPTS: -Xmx1024m
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- uses: actions/setup-java@v3
|
|
||||||
with:
|
|
||||||
distribution: 'temurin'
|
|
||||||
java-version: ${{ env.DEFAULT_JDK_VERSION }}
|
|
||||||
cache: 'maven'
|
|
||||||
- name: Cleanup org.keycloak artifacts
|
|
||||||
run: rm -rf ~/.m2/repository/org/keycloak >/dev/null || true
|
|
||||||
|
|
||||||
- name: Download built keycloak
|
- id: unit-test-setup
|
||||||
id: download-keycloak
|
name: Unit test setup
|
||||||
uses: actions/download-artifact@v3
|
uses: ./.github/actions/unit-test-setup
|
||||||
with:
|
|
||||||
path: ~/.m2/repository/org/keycloak/
|
|
||||||
name: keycloak-artifacts.zip
|
|
||||||
- name: Update maven settings
|
|
||||||
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
|
|
||||||
|
|
||||||
- name: Prepare the local distribution archives
|
- name: Run crypto tests (BCFIPS non-approved mode)
|
||||||
run: ./mvnw clean install -DskipTests -Pdistribution
|
run: ./mvnw install -nsu -B -am -pl crypto/default,crypto/fips1402,crypto/elytron -Dcom.redhat.fips=true
|
||||||
|
|
||||||
- name: Run Quarkus Integration Tests
|
- name: Run crypto tests (BCFIPS approved mode)
|
||||||
|
run: ./mvnw install -nsu -B -am -pl crypto/default,crypto/fips1402,crypto/elytron -Dcom.redhat.fips=true -Dorg.bouncycastle.fips.approved_only=true
|
||||||
|
|
||||||
|
fips-integration-tests:
|
||||||
|
name: FIPS IT
|
||||||
|
needs: build
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
timeout-minutes: 45
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
|
- id: integration-test-setup
|
||||||
|
name: Integration test setup
|
||||||
|
uses: ./.github/actions/integration-test-setup
|
||||||
|
|
||||||
|
- name: Prepare Quarkus distribution with BCFIPS
|
||||||
|
run: ./mvnw install -nsu -B -e -pl testsuite/integration-arquillian/servers/auth-server/quarkus -Pauth-server-quarkus,auth-server-fips140-2
|
||||||
|
|
||||||
|
- name: Run base tests
|
||||||
run: |
|
run: |
|
||||||
./mvnw clean install -nsu -B -f quarkus/tests/pom.xml | misc/log/trimmer.sh
|
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh fips`
|
||||||
TEST_RESULT=${PIPESTATUS[0]}
|
echo "Tests: $TESTS"
|
||||||
find . -path '*/target/surefire-reports/*.xml' | zip -q reports-quarkus-tests.zip -@
|
./mvnw install -nsu -B -Pauth-server-quarkus,auth-server-fips140-2 -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base | misc/log/trimmer.sh
|
||||||
exit $TEST_RESULT
|
|
||||||
|
|
||||||
- name: Run Quarkus Storage Tests
|
check-set-status:
|
||||||
run: |
|
name: Set check conclusion
|
||||||
./mvnw clean install -nsu -B -f quarkus/tests/pom.xml -Ptest-database -Dtest=PostgreSQLDistTest,MariaDBDistTest#testSuccessful,MySQLDistTest#testSuccessful,DatabaseOptionsDistTest,JPAStoreDistTest,HotRodStoreDistTest,MixedStoreDistTest | misc/log/trimmer.sh
|
needs:
|
||||||
TEST_RESULT=${PIPESTATUS[0]}
|
- unit-tests
|
||||||
find . -path '*/target/surefire-reports/*.xml' | zip -q reports-quarkus-tests.zip -@
|
- base-integration-tests
|
||||||
exit $TEST_RESULT
|
- quarkus-integration-tests
|
||||||
|
- jdk-integration-tests
|
||||||
|
- new-store-integration-tests
|
||||||
|
- legacy-store-integration-tests
|
||||||
|
- store-model-tests
|
||||||
|
- clustering-integration-tests
|
||||||
|
- fips-unit-tests
|
||||||
|
- fips-integration-tests
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
outputs:
|
||||||
|
conclusion: ${{ steps.check.outputs.conclusion }}
|
||||||
|
|
||||||
- name: Run Quarkus Tests in Docker
|
steps:
|
||||||
run: |
|
- uses: actions/checkout@v3
|
||||||
./mvnw clean install -nsu -B -f quarkus/tests/pom.xml -Dkc.quarkus.tests.dist=docker -Dtest=StartCommandDistTest | misc/log/trimmer.sh
|
|
||||||
TEST_RESULT=${PIPESTATUS[0]}
|
|
||||||
exit $TEST_RESULT
|
|
||||||
|
|
||||||
- name: Analyze Test and/or Coverage Results
|
- id: check
|
||||||
uses: runforesight/foresight-test-kit-action@v1.3.0
|
uses: ./.github/actions/checks-success
|
||||||
if: always() && github.repository == 'keycloak/keycloak'
|
|
||||||
|
check:
|
||||||
|
name: Check
|
||||||
|
if: always() && ( github.event_name != 'schedule' || github.repository == 'keycloak/keycloak' )
|
||||||
|
needs: [check-set-status]
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
|
- name: Check status
|
||||||
|
uses: ./.github/actions/checks-job-pass
|
||||||
with:
|
with:
|
||||||
api_key: ${{ secrets.FORESIGHT_API_KEY }}
|
conclusion: ${{ needs.check-set-status.outputs.conclusion }}
|
||||||
test_format: JUNIT
|
|
||||||
test_framework: JUNIT
|
|
||||||
test_path: 'quarkus/tests/integration/target/surefire-reports/*.xml'
|
|
||||||
|
|
||||||
- name: Quarkus test reports
|
|
||||||
uses: actions/upload-artifact@v3
|
|
||||||
if: failure()
|
|
||||||
with:
|
|
||||||
name: reports-quarkus-tests
|
|
||||||
retention-days: 14
|
|
||||||
path: reports-quarkus-tests.zip
|
|
||||||
if-no-files-found: ignore
|
|
||||||
|
|
||||||
# NOTE: WebAuthn tests can be enabled once the issue #12621 is resolved
|
|
||||||
#
|
|
||||||
# webauthn-test:
|
|
||||||
# name: WebAuthn Tests
|
|
||||||
# needs: build
|
|
||||||
# runs-on: ubuntu-latest
|
|
||||||
# steps:
|
|
||||||
# - uses: actions/checkout@v2
|
|
||||||
# with:
|
|
||||||
# fetch-depth: 2
|
|
||||||
#
|
|
||||||
# - name: Check whether this phase should run
|
|
||||||
# run: echo "GIT_DIFF=$[ $( git diff --name-only HEAD^ | egrep -ic 'webauthn|passwordless' ) ]" >> $GITHUB_ENV
|
|
||||||
#
|
|
||||||
# - uses: actions/setup-java@v1
|
|
||||||
# if: ${{ github.event_name != 'pull_request' || env.GIT_DIFF != 0 }}
|
|
||||||
# with:
|
|
||||||
# java-version: ${{ env.DEFAULT_JDK_VERSION }}
|
|
||||||
#
|
|
||||||
# - name: Update maven settings
|
|
||||||
# if: ${{ github.event_name != 'pull_request' || env.GIT_DIFF != 0 }}
|
|
||||||
# run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
|
|
||||||
#
|
|
||||||
# - name: Cache Maven packages
|
|
||||||
# if: ${{ github.event_name != 'pull_request' || env.GIT_DIFF != 0 }}
|
|
||||||
# uses: actions/cache@v2
|
|
||||||
# with:
|
|
||||||
# path: ~/.m2/repository
|
|
||||||
# key: cache-1-${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
|
|
||||||
# restore-keys: cache-1-${{ runner.os }}-m2
|
|
||||||
#
|
|
||||||
# - name: Cleanup org.keycloak artifacts
|
|
||||||
# if: ${{ github.event_name != 'pull_request' || env.GIT_DIFF != 0 }}
|
|
||||||
# run: rm -rf ~/.m2/repository/org/keycloak >/dev/null || true
|
|
||||||
#
|
|
||||||
# - name: Download built keycloak
|
|
||||||
# if: ${{ github.event_name != 'pull_request' || env.GIT_DIFF != 0 }}
|
|
||||||
# id: download-keycloak
|
|
||||||
# uses: actions/download-artifact@v2
|
|
||||||
# with:
|
|
||||||
# path: ~/.m2/repository/org/keycloak/
|
|
||||||
# name: keycloak-artifacts.zip
|
|
||||||
#
|
|
||||||
# - name: Run WebAuthn tests
|
|
||||||
# if: ${{ github.event_name != 'pull_request' || env.GIT_DIFF != 0 }}
|
|
||||||
# run: |
|
|
||||||
# mvn clean install -nsu -B -Dbrowser=chrome -Pwebauthn -f testsuite/integration-arquillian/tests/other/pom.xml -Dtest=org.keycloak.testsuite.webauthn.**.*Test | misc/log/trimmer.sh
|
|
||||||
#
|
|
||||||
# TEST_RESULT=${PIPESTATUS[0]}
|
|
||||||
# find . -path '*/target/surefire-reports/*.xml' | zip -q reports-webauthn-tests.zip -@
|
|
||||||
# exit $TEST_RESULT
|
|
||||||
#
|
|
||||||
# - name: WebAuthn test reports
|
|
||||||
# uses: actions/upload-artifact@v2
|
|
||||||
# if: failure()
|
|
||||||
# with:
|
|
||||||
# name: reports-webauthn-tests
|
|
||||||
# retention-days: 14
|
|
||||||
# path: reports-webauthn-tests.zip
|
|
||||||
# if-no-files-found: ignore
|
|
||||||
|
|
150
.github/workflows/codeql-analysis.yml
vendored
Normal file
150
.github/workflows/codeql-analysis.yml
vendored
Normal file
|
@ -0,0 +1,150 @@
|
||||||
|
name: CodeQL
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches-ignore:
|
||||||
|
- main
|
||||||
|
- dependabot/**
|
||||||
|
pull_request:
|
||||||
|
branches: [main]
|
||||||
|
schedule:
|
||||||
|
- cron: 0 9 * * 2
|
||||||
|
|
||||||
|
concurrency:
|
||||||
|
# Only cancel jobs for PR updates
|
||||||
|
group: codeql-analysis-${{ github.head_ref || github.run_id }}
|
||||||
|
cancel-in-progress: true
|
||||||
|
|
||||||
|
defaults:
|
||||||
|
run:
|
||||||
|
shell: bash
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
|
||||||
|
changes:
|
||||||
|
name: Check changes
|
||||||
|
if: github.event_name != 'schedule' || github.repository == 'keycloak/keycloak'
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
outputs:
|
||||||
|
java: ${{ steps.changes.outputs.java }}
|
||||||
|
themes: ${{ steps.changes.outputs.themes }}
|
||||||
|
js-adapter: ${{ steps.changes.outputs.js-adapter }}
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
|
- id: changes
|
||||||
|
uses: ./.github/actions/changed-files
|
||||||
|
|
||||||
|
java:
|
||||||
|
name: CodeQL Java
|
||||||
|
needs: changes
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
if: needs.changes.outputs.java == 'true'
|
||||||
|
outputs:
|
||||||
|
conclusion: ${{ steps.check.outputs.conclusion }}
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
|
- name: Initialize CodeQL
|
||||||
|
uses: github/codeql-action/init@v2.1.36
|
||||||
|
with:
|
||||||
|
languages: java
|
||||||
|
|
||||||
|
- name: Build Keycloak
|
||||||
|
uses: ./.github/actions/build-keycloak
|
||||||
|
|
||||||
|
- name: Perform CodeQL Analysis
|
||||||
|
uses: github/codeql-action/analyze@v2.1.36
|
||||||
|
with:
|
||||||
|
wait-for-processing: true
|
||||||
|
env:
|
||||||
|
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'
|
||||||
|
|
||||||
|
- id: check
|
||||||
|
uses: ./.github/actions/checks-success
|
||||||
|
|
||||||
|
js-adapter:
|
||||||
|
name: CodeQL JavaScript Adapter
|
||||||
|
needs: changes
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
if: needs.changes.outputs.js-adapter == 'true'
|
||||||
|
outputs:
|
||||||
|
conclusion: ${{ steps.check.outputs.conclusion }}
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
|
- name: Initialize CodeQL
|
||||||
|
uses: github/codeql-action/init@v2.1.36
|
||||||
|
env:
|
||||||
|
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"finalize":["--no-run-unnecessary-builds"]}}'
|
||||||
|
with:
|
||||||
|
languages: javascript
|
||||||
|
source-root: adapters/oidc/js/src/
|
||||||
|
|
||||||
|
- name: Perform CodeQL Analysis
|
||||||
|
uses: github/codeql-action/analyze@v2.1.36
|
||||||
|
with:
|
||||||
|
wait-for-processing: true
|
||||||
|
env:
|
||||||
|
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'
|
||||||
|
|
||||||
|
- id: check
|
||||||
|
uses: ./.github/actions/checks-success
|
||||||
|
|
||||||
|
themes:
|
||||||
|
name: CodeQL Themes
|
||||||
|
needs: changes
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
if: needs.changes.outputs.themes == 'true'
|
||||||
|
outputs:
|
||||||
|
conclusion: ${{ steps.check.outputs.conclusion }}
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
|
- name: Initialize CodeQL
|
||||||
|
uses: github/codeql-action/init@v2.1.36
|
||||||
|
env:
|
||||||
|
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"finalize":["--no-run-unnecessary-builds"]}}'
|
||||||
|
with:
|
||||||
|
languages: javascript
|
||||||
|
source-root: themes/src/main/
|
||||||
|
|
||||||
|
- name: Perform CodeQL Analysis
|
||||||
|
uses: github/codeql-action/analyze@v2.1.36
|
||||||
|
with:
|
||||||
|
wait-for-processing: true
|
||||||
|
env:
|
||||||
|
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'
|
||||||
|
|
||||||
|
- id: check
|
||||||
|
uses: ./.github/actions/checks-success
|
||||||
|
|
||||||
|
check:
|
||||||
|
name: Check
|
||||||
|
if: always() && ( github.event_name != 'schedule' || github.repository == 'keycloak/keycloak' )
|
||||||
|
needs: [changes, java, js-adapter, themes]
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
|
- name: CodeQL Java
|
||||||
|
uses: ./.github/actions/checks-job-pass
|
||||||
|
with:
|
||||||
|
required: ${{ needs.changes.outputs.java }}
|
||||||
|
conclusion: ${{ needs.java.outputs.conclusion }}
|
||||||
|
|
||||||
|
- name: CodeQL JavaScript Adapter
|
||||||
|
uses: ./.github/actions/checks-job-pass
|
||||||
|
with:
|
||||||
|
required: ${{ needs.changes.outputs.js-adapter }}
|
||||||
|
conclusion: ${{ needs.js-adapter.outputs.conclusion }}
|
||||||
|
|
||||||
|
- name: CodeQL Themes
|
||||||
|
uses: ./.github/actions/checks-job-pass
|
||||||
|
with:
|
||||||
|
required: ${{ needs.changes.outputs.themes }}
|
||||||
|
conclusion: ${{ needs.themes.outputs.conclusion }}
|
59
.github/workflows/codeql-java-analysis.yml
vendored
59
.github/workflows/codeql-java-analysis.yml
vendored
|
@ -1,59 +0,0 @@
|
||||||
# For most projects, this workflow file will not need changing; you simply need
|
|
||||||
# to commit it to your repository.
|
|
||||||
#
|
|
||||||
# You may wish to alter this file to override the set of languages analyzed,
|
|
||||||
# or to provide custom queries or build logic.
|
|
||||||
name: "CodeQL Java"
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches-ignore:
|
|
||||||
- 'main'
|
|
||||||
- 'dependabot/**'
|
|
||||||
pull_request:
|
|
||||||
branches: [main]
|
|
||||||
paths:
|
|
||||||
- '**.java'
|
|
||||||
- '.github/workflows/codeql-java-analysis.yml'
|
|
||||||
schedule:
|
|
||||||
- cron: '0 9 * * 2'
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
# Only run once for latest commit per ref and cancel other (previous) runs.
|
|
||||||
group: ${{ github.workflow }}-${{ github.ref }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
env:
|
|
||||||
MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
analyze:
|
|
||||||
name: CodeQL analyze
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: github.repository == 'keycloak/keycloak'
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
- uses: actions/setup-java@v3
|
|
||||||
with:
|
|
||||||
distribution: 'temurin'
|
|
||||||
java-version: '11'
|
|
||||||
cache: 'maven'
|
|
||||||
|
|
||||||
- name: Update maven settings
|
|
||||||
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
|
|
||||||
|
|
||||||
- name: Initialize CodeQL
|
|
||||||
uses: github/codeql-action/init@v2.1.36
|
|
||||||
with:
|
|
||||||
languages: java
|
|
||||||
|
|
||||||
- name: Build Keycloak
|
|
||||||
run: mvn -B install -DskipTests -DskipQuarkus -DskipTestsuite -DskipExamples -DskipTests
|
|
||||||
|
|
||||||
- name: Perform CodeQL Analysis
|
|
||||||
uses: github/codeql-action/analyze@v2.1.36
|
|
||||||
with:
|
|
||||||
wait-for-processing: true
|
|
||||||
env:
|
|
||||||
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'
|
|
62
.github/workflows/codeql-js-adapter-analysis.yml
vendored
62
.github/workflows/codeql-js-adapter-analysis.yml
vendored
|
@ -1,62 +0,0 @@
|
||||||
# For most projects, this workflow file will not need changing; you simply need
|
|
||||||
# to commit it to your repository.
|
|
||||||
#
|
|
||||||
# You may wish to alter this file to override the set of languages analyzed,
|
|
||||||
# or to provide custom queries or build logic.
|
|
||||||
name: "CodeQL JS Adapter"
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches-ignore:
|
|
||||||
- 'main'
|
|
||||||
- 'dependabot/**'
|
|
||||||
pull_request:
|
|
||||||
branches: [main]
|
|
||||||
paths:
|
|
||||||
- 'adapters/oidc/js/**'
|
|
||||||
- '.github/workflows/codeql-js-adapter-analysis.yml'
|
|
||||||
schedule:
|
|
||||||
- cron: '0 9 * * 2'
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
# Only run once for latest commit per ref and cancel other (previous) runs.
|
|
||||||
group: ${{ github.workflow }}-${{ github.ref }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
env:
|
|
||||||
MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
analyze:
|
|
||||||
name: CodeQL analyze
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: github.repository == 'keycloak/keycloak'
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
- uses: actions/setup-java@v3
|
|
||||||
with:
|
|
||||||
distribution: 'temurin'
|
|
||||||
java-version: '11'
|
|
||||||
cache: 'maven'
|
|
||||||
|
|
||||||
- name: Update maven settings
|
|
||||||
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
|
|
||||||
|
|
||||||
- name: Initialize CodeQL
|
|
||||||
uses: github/codeql-action/init@v2.1.36
|
|
||||||
env:
|
|
||||||
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"finalize":["--no-run-unnecessary-builds"]}}'
|
|
||||||
with:
|
|
||||||
languages: javascript
|
|
||||||
source-root: adapters/oidc/js/
|
|
||||||
|
|
||||||
- name: Build Keycloak
|
|
||||||
run: mvn -B install -DskipTests -DskipQuarkus -DskipTestsuite -DskipExamples -DskipTests
|
|
||||||
|
|
||||||
- name: Perform CodeQL Analysis
|
|
||||||
uses: github/codeql-action/analyze@v2.1.36
|
|
||||||
with:
|
|
||||||
wait-for-processing: true
|
|
||||||
env:
|
|
||||||
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'
|
|
62
.github/workflows/codeql-theme-analysis.yml
vendored
62
.github/workflows/codeql-theme-analysis.yml
vendored
|
@ -1,62 +0,0 @@
|
||||||
# For most projects, this workflow file will not need changing; you simply need
|
|
||||||
# to commit it to your repository.
|
|
||||||
#
|
|
||||||
# You may wish to alter this file to override the set of languages analyzed,
|
|
||||||
# or to provide custom queries or build logic.
|
|
||||||
name: "CodeQL Themes"
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches-ignore:
|
|
||||||
- 'main'
|
|
||||||
- 'dependabot/**'
|
|
||||||
pull_request:
|
|
||||||
branches: [main]
|
|
||||||
paths:
|
|
||||||
- 'themes/src/**'
|
|
||||||
- '.github/workflows/codeql-theme-analysis.yml'
|
|
||||||
schedule:
|
|
||||||
- cron: '0 9 * * 2'
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
# Only run once for latest commit per ref and cancel other (previous) runs.
|
|
||||||
group: ${{ github.workflow }}-${{ github.ref }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
env:
|
|
||||||
MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
analyze:
|
|
||||||
name: CodeQL analyze
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: github.repository == 'keycloak/keycloak'
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
- uses: actions/setup-java@v3
|
|
||||||
with:
|
|
||||||
distribution: 'temurin'
|
|
||||||
java-version: '11'
|
|
||||||
cache: 'maven'
|
|
||||||
|
|
||||||
- name: Update maven settings
|
|
||||||
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
|
|
||||||
|
|
||||||
- name: Initialize CodeQL
|
|
||||||
uses: github/codeql-action/init@v2.1.36
|
|
||||||
env:
|
|
||||||
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"finalize":["--no-run-unnecessary-builds"]}}'
|
|
||||||
with:
|
|
||||||
languages: javascript
|
|
||||||
source-root: themes/
|
|
||||||
|
|
||||||
- name: Build Keycloak
|
|
||||||
run: mvn -B install -DskipTests -DskipQuarkus -DskipTestsuite -DskipExamples -DskipTests
|
|
||||||
|
|
||||||
- name: Perform CodeQL Analysis
|
|
||||||
uses: github/codeql-action/analyze@v2.1.36
|
|
||||||
with:
|
|
||||||
wait-for-processing: true
|
|
||||||
env:
|
|
||||||
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'
|
|
139
.github/workflows/operator-ci.yml
vendored
139
.github/workflows/operator-ci.yml
vendored
|
@ -2,49 +2,42 @@ name: Keycloak Operator CI
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches-ignore: [main]
|
branches-ignore:
|
||||||
|
- main
|
||||||
|
- dependabot/**
|
||||||
pull_request:
|
pull_request:
|
||||||
paths-ignore:
|
|
||||||
- '.github/workflows/**'
|
|
||||||
- '!.github/workflows/operator-ci.yml'
|
|
||||||
schedule:
|
schedule:
|
||||||
- cron: '0 20,22,0,2,4 * * *'
|
- cron: 0 20,23,2,5 * * *
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
env:
|
env:
|
||||||
JDK_VERSION: 11
|
DEFAULT_JDK_VERSION: 11
|
||||||
MINIKUBE_VERSION: "v1.24.0"
|
DEFAULT_JDK_DIST: temurin
|
||||||
KUBERNETES_VERSION: "v1.22.3"
|
MINIKUBE_VERSION: v1.24.0
|
||||||
MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120
|
KUBERNETES_VERSION: v1.22.3
|
||||||
|
|
||||||
|
defaults:
|
||||||
|
run:
|
||||||
|
shell: bash
|
||||||
|
|
||||||
concurrency:
|
concurrency:
|
||||||
# Only run once for latest commit per ref and cancel other (previous) runs.
|
# Only cancel jobs for PR updates
|
||||||
group: ${{ github.workflow }}-${{ github.ref }}
|
group: operator-ci-${{ github.head_ref || github.run_id }}
|
||||||
cancel-in-progress: true
|
cancel-in-progress: true
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
name: Build distribution
|
name: Build distribution
|
||||||
if: ${{ ( github.event_name != 'schedule' ) || ( github.event_name == 'schedule' && github.repository == 'keycloak/keycloak' ) }}
|
if: github.event_name != 'schedule' || github.repository == 'keycloak/keycloak'
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- name: Update maven settings
|
|
||||||
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
|
- name: Build Keycloak
|
||||||
- uses: actions/setup-java@v3
|
uses: ./.github/actions/build-keycloak
|
||||||
with:
|
with:
|
||||||
distribution: 'temurin'
|
upload-m2-repo: false
|
||||||
java-version: ${{ env.JDK_VERSION }}
|
upload-dist: true
|
||||||
cache: 'maven'
|
|
||||||
- name: Create the Keycloak distribution
|
|
||||||
run: |
|
|
||||||
mvn clean install -Pdistribution -DskipTests -DskipExamples -DskipTestsuite
|
|
||||||
- name: Store Keycloak distribution
|
|
||||||
id: store-keycloak
|
|
||||||
uses: actions/upload-artifact@v3
|
|
||||||
with:
|
|
||||||
name: keycloak-distribution
|
|
||||||
retention-days: 1
|
|
||||||
path: quarkus/dist/target/keycloak*.tar.gz
|
|
||||||
|
|
||||||
test-local:
|
test-local:
|
||||||
name: Test local
|
name: Test local
|
||||||
|
@ -52,16 +45,16 @@ jobs:
|
||||||
needs: [build]
|
needs: [build]
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- name: Set outputs
|
|
||||||
|
- name: Set version
|
||||||
id: vars
|
id: vars
|
||||||
run: echo "version_local=0.0.1-${GITHUB_SHA::6}" >> $GITHUB_ENV
|
run: echo "version_local=0.0.1-${GITHUB_SHA::6}" >> $GITHUB_ENV
|
||||||
- name: Update maven settings
|
|
||||||
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
|
|
||||||
- uses: actions/setup-java@v2
|
- uses: actions/setup-java@v2
|
||||||
with:
|
with:
|
||||||
distribution: 'temurin'
|
distribution: ${{ env.DEFAULT_JDK_DIST }}
|
||||||
java-version: ${{ env.JDK_VERSION }}
|
java-version: ${{ env.DEFAULT_JDK_VERSION }}
|
||||||
cache: 'maven'
|
|
||||||
- name: Setup Minikube-Kubernetes
|
- name: Setup Minikube-Kubernetes
|
||||||
uses: manusa/actions-setup-minikube@v2.7.1
|
uses: manusa/actions-setup-minikube@v2.7.1
|
||||||
with:
|
with:
|
||||||
|
@ -69,13 +62,15 @@ jobs:
|
||||||
kubernetes version: ${{ env.KUBERNETES_VERSION }}
|
kubernetes version: ${{ env.KUBERNETES_VERSION }}
|
||||||
github token: ${{ secrets.GITHUB_TOKEN }}
|
github token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
driver: docker
|
driver: docker
|
||||||
start args: '--addons=ingress'
|
start args: --addons=ingress
|
||||||
|
|
||||||
- name: Download keycloak distribution
|
- name: Download keycloak distribution
|
||||||
id: download-keycloak-dist
|
id: download-keycloak-dist
|
||||||
uses: actions/download-artifact@v3
|
uses: actions/download-artifact@v3
|
||||||
with:
|
with:
|
||||||
name: keycloak-distribution
|
name: keycloak-dist
|
||||||
path: quarkus/container
|
path: quarkus/container
|
||||||
|
|
||||||
- name: Build Keycloak Docker images
|
- name: Build Keycloak Docker images
|
||||||
run: |
|
run: |
|
||||||
eval $(minikube -p minikube docker-env)
|
eval $(minikube -p minikube docker-env)
|
||||||
|
@ -84,7 +79,7 @@ jobs:
|
||||||
|
|
||||||
- name: Test operator running locally
|
- name: Test operator running locally
|
||||||
run: |
|
run: |
|
||||||
mvn clean install -Poperator -pl :keycloak-operator -am \
|
mvn install -Poperator -pl :keycloak-operator -am \
|
||||||
-Dquarkus.kubernetes.image-pull-policy=IfNotPresent \
|
-Dquarkus.kubernetes.image-pull-policy=IfNotPresent \
|
||||||
-Doperator.keycloak.image=keycloak:${{ env.version_local }} \
|
-Doperator.keycloak.image=keycloak:${{ env.version_local }} \
|
||||||
-Dtest.operator.custom.image=custom-keycloak:${{ env.version_local }} \
|
-Dtest.operator.custom.image=custom-keycloak:${{ env.version_local }} \
|
||||||
|
@ -97,16 +92,16 @@ jobs:
|
||||||
needs: [build]
|
needs: [build]
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- name: Set outputs
|
|
||||||
|
- name: Set version
|
||||||
id: vars
|
id: vars
|
||||||
run: echo "version_remote=0.0.1-${GITHUB_SHA::6}" >> $GITHUB_ENV
|
run: echo "version_remote=0.0.1-${GITHUB_SHA::6}" >> $GITHUB_ENV
|
||||||
- name: Update maven settings
|
|
||||||
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
|
|
||||||
- uses: actions/setup-java@v2
|
- uses: actions/setup-java@v2
|
||||||
with:
|
with:
|
||||||
distribution: 'temurin'
|
distribution: ${{ env.DEFAULT_JDK_DIST }}
|
||||||
java-version: ${{ env.JDK_VERSION }}
|
java-version: ${{ env.DEFAULT_JDK_VERSION }}
|
||||||
cache: 'maven'
|
|
||||||
- name: Setup Minikube-Kubernetes
|
- name: Setup Minikube-Kubernetes
|
||||||
uses: manusa/actions-setup-minikube@v2.7.1
|
uses: manusa/actions-setup-minikube@v2.7.1
|
||||||
with:
|
with:
|
||||||
|
@ -114,13 +109,15 @@ jobs:
|
||||||
kubernetes version: ${{ env.KUBERNETES_VERSION }}
|
kubernetes version: ${{ env.KUBERNETES_VERSION }}
|
||||||
github token: ${{ secrets.GITHUB_TOKEN }}
|
github token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
driver: docker
|
driver: docker
|
||||||
start args: '--addons=ingress'
|
start args: --addons=ingress
|
||||||
|
|
||||||
- name: Download keycloak distribution
|
- name: Download keycloak distribution
|
||||||
id: download-keycloak-dist
|
id: download-keycloak-dist
|
||||||
uses: actions/download-artifact@v3
|
uses: actions/download-artifact@v3
|
||||||
with:
|
with:
|
||||||
name: keycloak-distribution
|
name: keycloak-dist
|
||||||
path: quarkus/container
|
path: quarkus/container
|
||||||
|
|
||||||
- name: Build Keycloak Docker images
|
- name: Build Keycloak Docker images
|
||||||
run: |
|
run: |
|
||||||
eval $(minikube -p minikube docker-env)
|
eval $(minikube -p minikube docker-env)
|
||||||
|
@ -130,7 +127,7 @@ jobs:
|
||||||
- name: Test operator running in cluster
|
- name: Test operator running in cluster
|
||||||
run: |
|
run: |
|
||||||
eval $(minikube -p minikube docker-env)
|
eval $(minikube -p minikube docker-env)
|
||||||
mvn clean install -Poperator -pl :keycloak-operator -am \
|
mvn install -Poperator -pl :keycloak-operator -am \
|
||||||
-Dquarkus.container-image.build=true \
|
-Dquarkus.container-image.build=true \
|
||||||
-Dquarkus.kubernetes.image-pull-policy=IfNotPresent \
|
-Dquarkus.kubernetes.image-pull-policy=IfNotPresent \
|
||||||
-Doperator.keycloak.image=keycloak:${{ env.version_remote }} \
|
-Doperator.keycloak.image=keycloak:${{ env.version_remote }} \
|
||||||
|
@ -145,13 +142,12 @@ jobs:
|
||||||
needs: [build]
|
needs: [build]
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- name: Update maven settings
|
|
||||||
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
|
|
||||||
- uses: actions/setup-java@v2
|
- uses: actions/setup-java@v2
|
||||||
with:
|
with:
|
||||||
distribution: 'temurin'
|
distribution: ${{ env.DEFAULT_JDK_DIST }}
|
||||||
java-version: ${{ env.JDK_VERSION }}
|
java-version: ${{ env.DEFAULT_JDK_VERSION }}
|
||||||
cache: 'maven'
|
|
||||||
- name: Setup Minikube-Kubernetes
|
- name: Setup Minikube-Kubernetes
|
||||||
uses: manusa/actions-setup-minikube@v2.7.1
|
uses: manusa/actions-setup-minikube@v2.7.1
|
||||||
with:
|
with:
|
||||||
|
@ -159,22 +155,27 @@ jobs:
|
||||||
kubernetes version: ${{ env.KUBERNETES_VERSION }}
|
kubernetes version: ${{ env.KUBERNETES_VERSION }}
|
||||||
github token: ${{ secrets.GITHUB_TOKEN }}
|
github token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
driver: docker
|
driver: docker
|
||||||
|
|
||||||
- name: Install OPM
|
- name: Install OPM
|
||||||
uses: redhat-actions/openshift-tools-installer@v1
|
uses: redhat-actions/openshift-tools-installer@v1
|
||||||
with:
|
with:
|
||||||
source: "github"
|
source: github
|
||||||
opm: "1.21.0"
|
opm: 1.21.0
|
||||||
|
|
||||||
- name: Install Yq
|
- name: Install Yq
|
||||||
run: sudo snap install yq
|
run: sudo snap install yq
|
||||||
|
|
||||||
- name: Install OLM
|
- name: Install OLM
|
||||||
working-directory: operator
|
working-directory: operator
|
||||||
run: ./scripts/install-olm.sh
|
run: ./scripts/install-olm.sh
|
||||||
|
|
||||||
- name: Download keycloak distribution
|
- name: Download keycloak distribution
|
||||||
id: download-keycloak-dist
|
id: download-keycloak-dist
|
||||||
uses: actions/download-artifact@v3
|
uses: actions/download-artifact@v3
|
||||||
with:
|
with:
|
||||||
name: keycloak-distribution
|
name: keycloak-dist
|
||||||
path: quarkus/container
|
path: quarkus/container
|
||||||
|
|
||||||
- name: Arrange OLM test installation
|
- name: Arrange OLM test installation
|
||||||
working-directory: operator
|
working-directory: operator
|
||||||
run: |
|
run: |
|
||||||
|
@ -192,3 +193,33 @@ jobs:
|
||||||
kubectl apply -f src/main/resources/example-realm.yaml
|
kubectl apply -f src/main/resources/example-realm.yaml
|
||||||
# Wait for the CRs to be ready
|
# Wait for the CRs to be ready
|
||||||
./scripts/check-examples-installed.sh
|
./scripts/check-examples-installed.sh
|
||||||
|
|
||||||
|
check-set-status:
|
||||||
|
name: Set check conclusion
|
||||||
|
needs:
|
||||||
|
- test-local
|
||||||
|
- test-remote
|
||||||
|
- test-olm
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
outputs:
|
||||||
|
conclusion: ${{ steps.check.outputs.conclusion }}
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
|
- id: check
|
||||||
|
uses: ./.github/actions/checks-success
|
||||||
|
|
||||||
|
check:
|
||||||
|
name: Check
|
||||||
|
if: always() && ( github.event_name != 'schedule' || github.repository == 'keycloak/keycloak' )
|
||||||
|
needs: [check-set-status]
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
|
- name: Check status
|
||||||
|
uses: ./.github/actions/checks-job-pass
|
||||||
|
with:
|
||||||
|
conclusion: ${{ needs.check-set-status.outputs.conclusion }}
|
||||||
|
|
45
.github/workflows/snyk-analysis.yml
vendored
Normal file
45
.github/workflows/snyk-analysis.yml
vendored
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
name: Snyk
|
||||||
|
|
||||||
|
on:
|
||||||
|
schedule:
|
||||||
|
- cron: 0 0 * * *
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
defaults:
|
||||||
|
run:
|
||||||
|
shell: bash
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
analysis:
|
||||||
|
name: Analysis of Quarkus and Operator
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
if: github.repository == 'keycloak/keycloak'
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
|
- name: Build Keycloak
|
||||||
|
uses: ./.github/actions/build-keycloak
|
||||||
|
|
||||||
|
- uses: snyk/actions/setup@master
|
||||||
|
|
||||||
|
- name: Check for vulnerabilities in Quarkus
|
||||||
|
run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=quarkus-report.sarif quarkus
|
||||||
|
continue-on-error: true
|
||||||
|
env:
|
||||||
|
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
||||||
|
|
||||||
|
- name: Upload Quarkus scanner results to GitHub
|
||||||
|
uses: github/codeql-action/upload-sarif@v2.1.36
|
||||||
|
with:
|
||||||
|
sarif_file: quarkus-report.sarif
|
||||||
|
|
||||||
|
- name: Check for vulnerabilities in Operator
|
||||||
|
run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=operator-report.sarif operator
|
||||||
|
continue-on-error: true
|
||||||
|
env:
|
||||||
|
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
||||||
|
|
||||||
|
- name: Upload Operator scanner results to GitHub
|
||||||
|
uses: github/codeql-action/upload-sarif@v2.1.36
|
||||||
|
with:
|
||||||
|
sarif_file: operator-report.sarif
|
68
.github/workflows/snyk.yml
vendored
68
.github/workflows/snyk.yml
vendored
|
@ -1,68 +0,0 @@
|
||||||
name: "Snyk"
|
|
||||||
|
|
||||||
on:
|
|
||||||
schedule:
|
|
||||||
- cron: "0 0 * * *"
|
|
||||||
|
|
||||||
env:
|
|
||||||
DEFAULT_JDK_VERSION: 11
|
|
||||||
MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
quarkus:
|
|
||||||
name: Quarkus
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: ${{ github.repository == 'keycloak/keycloak' }}
|
|
||||||
steps:
|
|
||||||
- name: Checkout repository
|
|
||||||
uses: actions/checkout@v3
|
|
||||||
|
|
||||||
- uses: actions/setup-java@v3
|
|
||||||
with:
|
|
||||||
java-version: ${{ env.DEFAULT_JDK_VERSION }}
|
|
||||||
distribution: temurin
|
|
||||||
cache: maven
|
|
||||||
|
|
||||||
- name: Build Quarkus
|
|
||||||
run: mvn -Psnyk-quarkus -pl quarkus/dist -am -DskipTests clean install
|
|
||||||
|
|
||||||
- uses: snyk/actions/setup@master
|
|
||||||
- name: Check for vulnerabilities
|
|
||||||
run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=quarkus-report.sarif quarkus
|
|
||||||
continue-on-error: true
|
|
||||||
env:
|
|
||||||
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
|
||||||
|
|
||||||
- name: Upload scanner results to GitHub
|
|
||||||
uses: github/codeql-action/upload-sarif@v2.1.36
|
|
||||||
with:
|
|
||||||
sarif_file: quarkus-report.sarif
|
|
||||||
|
|
||||||
operator:
|
|
||||||
name: Operator
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: ${{ github.repository == 'keycloak/keycloak' }}
|
|
||||||
steps:
|
|
||||||
- name: Checkout repository
|
|
||||||
uses: actions/checkout@v3
|
|
||||||
|
|
||||||
- uses: actions/setup-java@v3
|
|
||||||
with:
|
|
||||||
java-version: ${{ env.DEFAULT_JDK_VERSION }}
|
|
||||||
distribution: temurin
|
|
||||||
cache: maven
|
|
||||||
|
|
||||||
- name: Build Keycloak
|
|
||||||
run: mvn -Poperator -pl operator -am -DskipTests clean install
|
|
||||||
|
|
||||||
- uses: snyk/actions/setup@master
|
|
||||||
- name: Check for vulnerabilities for the Operator
|
|
||||||
run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=operator-report.sarif operator
|
|
||||||
continue-on-error: true
|
|
||||||
env:
|
|
||||||
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
|
||||||
|
|
||||||
- name: Upload scanner results for the Operator to GitHub
|
|
||||||
uses: github/codeql-action/upload-sarif@v2.1.36
|
|
||||||
with:
|
|
||||||
sarif_file: operator-report.sarif
|
|
69
.github/workflows/trivy-analysis.yml
vendored
69
.github/workflows/trivy-analysis.yml
vendored
|
@ -1,63 +1,36 @@
|
||||||
name: Trivy
|
name: Trivy
|
||||||
|
|
||||||
on:
|
on:
|
||||||
workflow_dispatch:
|
|
||||||
schedule:
|
schedule:
|
||||||
- cron: "0 6 * * *"
|
- cron: 0 6 * * *
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
defaults:
|
||||||
|
run:
|
||||||
|
shell: bash
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
quarkus-dist:
|
|
||||||
name: Vulnerability scanner for Quarkus distribution images
|
analysis:
|
||||||
runs-on: "ubuntu-18.04"
|
name: Vulnerability scanner for nightly containers
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
if: github.repository == 'keycloak/keycloak'
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
container: [keycloak, keycloak-operator]
|
||||||
|
fail-fast: false
|
||||||
steps:
|
steps:
|
||||||
- name: Run Trivy vulnerability scanner
|
- name: Run Trivy vulnerability scanner
|
||||||
uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5
|
uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5
|
||||||
with:
|
with:
|
||||||
image-ref: 'quay.io/keycloak/keycloak:nightly'
|
image-ref: quay.io/keycloak/${{ matrix.container}}:nightly
|
||||||
format: 'template'
|
format: template
|
||||||
template: '@/contrib/sarif.tpl'
|
template: '@/contrib/sarif.tpl'
|
||||||
output: 'trivy-results.sarif'
|
output: trivy-results.sarif
|
||||||
severity: 'MEDIUM,CRITICAL,HIGH'
|
severity: MEDIUM,CRITICAL,HIGH
|
||||||
ignore-unfixed: true
|
ignore-unfixed: true
|
||||||
|
|
||||||
- name: Upload Trivy scan results to GitHub Security tab
|
- name: Upload Trivy scan results to GitHub Security tab
|
||||||
uses: github/codeql-action/upload-sarif@v2.1.36
|
uses: github/codeql-action/upload-sarif@v2.1.36
|
||||||
with:
|
with:
|
||||||
sarif_file: 'trivy-results.sarif'
|
sarif_file: trivy-results.sarif
|
||||||
|
|
||||||
legacy-dist:
|
|
||||||
name: Vulnerability scanner for WildFly distribution images
|
|
||||||
runs-on: "ubuntu-18.04"
|
|
||||||
steps:
|
|
||||||
- name: Run Trivy vulnerability scanner
|
|
||||||
uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5
|
|
||||||
with:
|
|
||||||
image-ref: 'quay.io/keycloak/keycloak:legacy'
|
|
||||||
format: 'template'
|
|
||||||
template: '@/contrib/sarif.tpl'
|
|
||||||
output: 'legacy-results.sarif'
|
|
||||||
severity: 'MEDIUM,CRITICAL,HIGH'
|
|
||||||
ignore-unfixed: true
|
|
||||||
|
|
||||||
- name: Upload Trivy scan results to GitHub Security tab
|
|
||||||
uses: github/codeql-action/upload-sarif@v2.1.36
|
|
||||||
with:
|
|
||||||
sarif_file: 'legacy-results.sarif'
|
|
||||||
|
|
||||||
keycloak-operator:
|
|
||||||
name: Vulnerability scanner for Keycloak Operator distribution images
|
|
||||||
runs-on: "ubuntu-18.04"
|
|
||||||
steps:
|
|
||||||
- name: Run Trivy vulnerability scanner
|
|
||||||
uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5
|
|
||||||
with:
|
|
||||||
image-ref: 'quay.io/keycloak/keycloak-operator:nightly'
|
|
||||||
format: 'template'
|
|
||||||
template: '@/contrib/sarif.tpl'
|
|
||||||
output: 'operator-results.sarif'
|
|
||||||
severity: 'MEDIUM,CRITICAL,HIGH'
|
|
||||||
ignore-unfixed: true
|
|
||||||
|
|
||||||
- name: Upload Trivy scan results to GitHub Security tab
|
|
||||||
uses: github/codeql-action/upload-sarif@v2.1.36
|
|
||||||
with:
|
|
||||||
sarif_file: 'operator-results.sarif'
|
|
||||||
|
|
3
.gitignore
vendored
3
.gitignore
vendored
|
@ -83,3 +83,6 @@ quarkus/data/*.db
|
||||||
|
|
||||||
# Git ephemeral files
|
# Git ephemeral files
|
||||||
*.versionsBackup
|
*.versionsBackup
|
||||||
|
|
||||||
|
# Node.js for frontend-maven-plugin #
|
||||||
|
node
|
||||||
|
|
|
@ -77,6 +77,7 @@
|
||||||
</executions>
|
</executions>
|
||||||
<configuration>
|
<configuration>
|
||||||
<nodeVersion>${node.version}</nodeVersion>
|
<nodeVersion>${node.version}</nodeVersion>
|
||||||
|
<installDirectory>../../../</installDirectory>
|
||||||
</configuration>
|
</configuration>
|
||||||
</plugin>
|
</plugin>
|
||||||
</plugins>
|
</plugins>
|
||||||
|
|
|
@ -44,6 +44,11 @@ public class QuarkusPlatform implements PlatformProvider {
|
||||||
|
|
||||||
private static final Logger log = Logger.getLogger(QuarkusPlatform.class);
|
private static final Logger log = Logger.getLogger(QuarkusPlatform.class);
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String name() {
|
||||||
|
return "Quarkus";
|
||||||
|
}
|
||||||
|
|
||||||
public static void addInitializationException(Throwable throwable) {
|
public static void addInitializationException(Throwable throwable) {
|
||||||
QuarkusPlatform platform = (QuarkusPlatform) Platform.getPlatform();
|
QuarkusPlatform platform = (QuarkusPlatform) Platform.getPlatform();
|
||||||
platform.addDeferredException(throwable);
|
platform.addDeferredException(throwable);
|
||||||
|
|
|
@ -23,6 +23,8 @@ import org.keycloak.Config;
|
||||||
|
|
||||||
public interface PlatformProvider {
|
public interface PlatformProvider {
|
||||||
|
|
||||||
|
String name();
|
||||||
|
|
||||||
void onStartup(Runnable runnable);
|
void onStartup(Runnable runnable);
|
||||||
|
|
||||||
void onShutdown(Runnable runnable);
|
void onShutdown(Runnable runnable);
|
||||||
|
|
|
@ -37,21 +37,6 @@
|
||||||
<modules>
|
<modules>
|
||||||
<module>services</module>
|
<module>services</module>
|
||||||
<module>undertow</module>
|
<module>undertow</module>
|
||||||
</modules>
|
|
||||||
|
|
||||||
<profiles>
|
|
||||||
<profile>
|
|
||||||
<id>auth-server-quarkus</id>
|
|
||||||
<modules>
|
|
||||||
<module>quarkus</module>
|
<module>quarkus</module>
|
||||||
</modules>
|
</modules>
|
||||||
</profile>
|
|
||||||
<profile>
|
|
||||||
<id>auth-server-cluster-quarkus</id>
|
|
||||||
<modules>
|
|
||||||
<module>quarkus</module>
|
|
||||||
</modules>
|
|
||||||
</profile>
|
|
||||||
</profiles>
|
|
||||||
|
|
||||||
</project>
|
</project>
|
||||||
|
|
|
@ -115,26 +115,4 @@
|
||||||
</plugin>
|
</plugin>
|
||||||
</plugins>
|
</plugins>
|
||||||
</build>
|
</build>
|
||||||
|
|
||||||
<profiles>
|
|
||||||
<profile>
|
|
||||||
<id>auth-server-quarkus</id>
|
|
||||||
<build>
|
|
||||||
<plugins>
|
|
||||||
<plugin>
|
|
||||||
<groupId>org.apache.maven.plugins</groupId>
|
|
||||||
<artifactId>maven-jar-plugin</artifactId>
|
|
||||||
<configuration>
|
|
||||||
<excludes>
|
|
||||||
<!-- For quarkus we don't want the test provider installed to avoid false positives -->
|
|
||||||
<!-- Themes from providers are automatically registered -->
|
|
||||||
<excludes>**/TestThemeResourceProvider**</excludes>
|
|
||||||
<excludes>**/org.keycloak.theme.ThemeResourceProviderFactory</excludes>
|
|
||||||
</excludes>
|
|
||||||
</configuration>
|
|
||||||
</plugin>
|
|
||||||
</plugins>
|
|
||||||
</build>
|
|
||||||
</profile>
|
|
||||||
</profiles>
|
|
||||||
</project>
|
</project>
|
||||||
|
|
|
@ -1,11 +1,22 @@
|
||||||
package org.keycloak.testsuite.theme;
|
package org.keycloak.testsuite.theme;
|
||||||
|
|
||||||
|
import org.keycloak.platform.Platform;
|
||||||
|
import org.keycloak.provider.EnvironmentDependentProviderFactory;
|
||||||
import org.keycloak.theme.ClasspathThemeResourceProviderFactory;
|
import org.keycloak.theme.ClasspathThemeResourceProviderFactory;
|
||||||
|
|
||||||
public class TestThemeResourceProvider extends ClasspathThemeResourceProviderFactory {
|
public class TestThemeResourceProvider extends ClasspathThemeResourceProviderFactory implements EnvironmentDependentProviderFactory {
|
||||||
|
|
||||||
public TestThemeResourceProvider() {
|
public TestThemeResourceProvider() {
|
||||||
super("test-resources", TestThemeResourceProvider.class.getClassLoader());
|
super("test-resources", TestThemeResourceProvider.class.getClassLoader());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Quarkus detects theme resources automatically, so this provider should only be enabled on Undertow
|
||||||
|
*
|
||||||
|
* @return true if platform is Undertow
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public boolean isSupported() {
|
||||||
|
return Platform.getPlatform().name().equals("Undertow");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,47 @@
|
||||||
|
account,4
|
||||||
|
actions,1
|
||||||
|
adapter,2
|
||||||
|
admin,1
|
||||||
|
authz,3
|
||||||
|
broker,3
|
||||||
|
cli,4
|
||||||
|
client,4
|
||||||
|
cluster,IGNORED
|
||||||
|
composites,4
|
||||||
|
cookies,4
|
||||||
|
crossdc,IGNORED
|
||||||
|
docker,4
|
||||||
|
domainextension,4
|
||||||
|
error,4
|
||||||
|
events,4
|
||||||
|
exportimport,4
|
||||||
|
feature,4
|
||||||
|
federation,5
|
||||||
|
forms,5
|
||||||
|
i18n,5
|
||||||
|
jaas,5
|
||||||
|
javascript,5
|
||||||
|
keys,4
|
||||||
|
login,4
|
||||||
|
metrics,4
|
||||||
|
migration,4
|
||||||
|
model,6
|
||||||
|
oauth,6
|
||||||
|
oidc,6
|
||||||
|
openshift,6
|
||||||
|
policy,6
|
||||||
|
runonserver,6
|
||||||
|
saml,6
|
||||||
|
script,6
|
||||||
|
session,6
|
||||||
|
sessionlimits,6
|
||||||
|
ssl,6
|
||||||
|
theme,6
|
||||||
|
transactions,6
|
||||||
|
url,6
|
||||||
|
user,4
|
||||||
|
util,4
|
||||||
|
validation,6
|
||||||
|
vault,4
|
||||||
|
welcomepage,6
|
||||||
|
x509,4
|
43
testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh
Executable file
43
testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh
Executable file
|
@ -0,0 +1,43 @@
|
||||||
|
#!/bin/bash -e
|
||||||
|
|
||||||
|
GROUP="$1"
|
||||||
|
if [ "$GROUP" == "" ]; then
|
||||||
|
echo 'Usage: base-suite.sh <group>'
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
cd "`readlink -f "$0" | xargs dirname`"
|
||||||
|
|
||||||
|
TESTSUITE_FILE='base-suite'
|
||||||
|
TEST_DIR='../src/test/java/org/keycloak/testsuite'
|
||||||
|
BASE_PACKAGE='org.keycloak.testsuite'
|
||||||
|
|
||||||
|
PACKAGES=`cat $TESTSUITE_FILE | grep -v '^[[:space:]]*$' | grep -v '^[[:space:]]*#'`
|
||||||
|
|
||||||
|
# Check all packages in testsuite are included
|
||||||
|
for i in `ls -d $TEST_DIR/*/ | sed "s|$TEST_DIR||g" | sed "s|/||g"`; do
|
||||||
|
if ( ! cat $TESTSUITE_FILE | grep "^$i," >/dev/null ); then
|
||||||
|
echo "Package 'org.keycloak.testsuite.$i' not defined in base-suite"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
SEP=""
|
||||||
|
TESTS=""
|
||||||
|
for i in `echo $PACKAGES`; do
|
||||||
|
PACKAGE=`echo $i | cut -d ',' -f 1`
|
||||||
|
PACKAGE_GROUP=`echo $i | cut -d ',' -f 2`
|
||||||
|
|
||||||
|
# Check package exists
|
||||||
|
if [ ! -d "$TEST_DIR/$PACKAGE" ]; then
|
||||||
|
echo "Package 'org.keycloak.testsuite.$PACKAGE' not found"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$GROUP" == "$PACKAGE_GROUP" ]; then
|
||||||
|
TESTS="$TESTS$SEP$BASE_PACKAGE.$PACKAGE.**"
|
||||||
|
SEP=','
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "$TESTS"
|
|
@ -0,0 +1,18 @@
|
||||||
|
AccountRestServiceTest
|
||||||
|
AuthorizationCodeTest
|
||||||
|
AuthorizationTest
|
||||||
|
ClientRegistrationTest
|
||||||
|
EventStoreProviderTest
|
||||||
|
ExportImportTest
|
||||||
|
GeneratedRsaKeyProviderTest
|
||||||
|
KcOidcBrokerTest
|
||||||
|
LDAPUserLoginTest
|
||||||
|
LoginTest
|
||||||
|
PasswordPolicyTest
|
||||||
|
RequiredActionUpdateProfileTest
|
||||||
|
SSOTest
|
||||||
|
SamlClientTest
|
||||||
|
TransactionsTest
|
||||||
|
UserProfileTest
|
||||||
|
org.keycloak.testsuite.admin.**
|
||||||
|
org.keycloak.testsuite.authz.**ManagementTest
|
|
@ -0,0 +1,15 @@
|
||||||
|
org.keycloak.testsuite.forms.**
|
||||||
|
ClientAuthSignedJWTTest
|
||||||
|
CredentialsTest
|
||||||
|
JavaKeystoreKeyProviderTest
|
||||||
|
ServerInfoTest
|
||||||
|
UserFederationLdapConnectionTest
|
||||||
|
LDAPUserLoginTest
|
||||||
|
org.keycloak.testsuite.x509.**
|
||||||
|
MutualTLSClientTest
|
||||||
|
FAPI1Test
|
||||||
|
FAPICIBATest
|
||||||
|
KcRegTest
|
||||||
|
KcRegCreateTest
|
||||||
|
KcAdmTest
|
||||||
|
KcAdmCreateTest
|
|
@ -0,0 +1,17 @@
|
||||||
|
AccountRestServiceTest
|
||||||
|
AuthorizationCodeTest
|
||||||
|
CredentialsTest
|
||||||
|
DeployedScriptAuthenticatorTest
|
||||||
|
ExportImportTest
|
||||||
|
GeneratedRsaKeyProviderTest
|
||||||
|
JavaKeystoreKeyProviderTest
|
||||||
|
KcOidcBrokerTest
|
||||||
|
KerberosLdapTest
|
||||||
|
LDAPUserLoginTest
|
||||||
|
LoginTest
|
||||||
|
MutualTLSClientTest
|
||||||
|
PasswordPolicyTest
|
||||||
|
SSOTest
|
||||||
|
SamlClientTest
|
||||||
|
TransactionsTest
|
||||||
|
X509BrowserLoginTest
|
35
testsuite/integration-arquillian/tests/base/testsuites/suite.sh
Executable file
35
testsuite/integration-arquillian/tests/base/testsuites/suite.sh
Executable file
|
@ -0,0 +1,35 @@
|
||||||
|
#!/bin/bash -e
|
||||||
|
|
||||||
|
GROUP="$1"
|
||||||
|
if [ "$GROUP" == "" ]; then
|
||||||
|
echo 'Usage: suite.sh <group>'
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
cd "`readlink -f "$0" | xargs dirname`"
|
||||||
|
|
||||||
|
TEST_DIR="../src/test/java/"
|
||||||
|
SUITE_FILE="$GROUP-suite"
|
||||||
|
|
||||||
|
if [ ! -f "$SUITE_FILE" ]; then
|
||||||
|
echo "$SUITE_FILE not found"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
SEP=""
|
||||||
|
TESTS=""
|
||||||
|
for i in `cat "$SUITE_FILE" | grep -v '^[[:space:]]*$' | grep -v '^[[:space:]]*#'`; do
|
||||||
|
# Check test exists, ignoring checking packages for now
|
||||||
|
if [[ "$i" != *'.'* ]]; then
|
||||||
|
SEARCH=`find "$TEST_DIR" -name "$i.java"`
|
||||||
|
if [ "$SEARCH" == "" ]; then
|
||||||
|
echo "$i not found in testsuite"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
TESTS="$TESTS$SEP$i"
|
||||||
|
SEP=","
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "$TESTS"
|
|
@ -41,6 +41,11 @@ public class TestPlatform implements PlatformProvider {
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String name() {
|
||||||
|
return "Undertow";
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void onStartup(Runnable startupHook) {
|
public void onStartup(Runnable startupHook) {
|
||||||
startupHook.run();
|
startupHook.run();
|
||||||
|
|
|
@ -134,7 +134,7 @@
|
||||||
</executions>
|
</executions>
|
||||||
<configuration>
|
<configuration>
|
||||||
<nodeVersion>${node.version}</nodeVersion>
|
<nodeVersion>${node.version}</nodeVersion>
|
||||||
<installDirectory>${project.basedir}</installDirectory>
|
<installDirectory>../</installDirectory>
|
||||||
</configuration>
|
</configuration>
|
||||||
</plugin>
|
</plugin>
|
||||||
</plugins>
|
</plugins>
|
||||||
|
@ -187,7 +187,7 @@
|
||||||
</executions>
|
</executions>
|
||||||
<configuration>
|
<configuration>
|
||||||
<nodeVersion>${node.version}</nodeVersion>
|
<nodeVersion>${node.version}</nodeVersion>
|
||||||
<installDirectory>${project.basedir}</installDirectory>
|
<installDirectory>../</installDirectory>
|
||||||
</configuration>
|
</configuration>
|
||||||
</plugin>
|
</plugin>
|
||||||
</plugins>
|
</plugins>
|
||||||
|
|
Loading…
Reference in a new issue