name: Keycloak CI on: push: branches-ignore: - main - dependabot/** pull_request: workflow_dispatch: env: MAVEN_ARGS: "-B -nsu -Daether.connector.http.connectionMaxTtl=25" SUREFIRE_RERUN_FAILING_COUNT: 2 SUREFIRE_RETRY: "-Dsurefire.rerunFailingTestsCount=2" concurrency: # Only cancel jobs for PR updates group: ci-${{ github.ref }} cancel-in-progress: true defaults: run: shell: bash jobs: conditional: name: Check conditional workflows and jobs runs-on: ubuntu-latest outputs: ci: ${{ }} ci-store: ${{ }} ci-sssd: ${{ }} steps: - uses: actions/checkout@v3 - id: conditional uses: ./.github/actions/conditional with: token: ${{ secrets.GITHUB_TOKEN }} build: name: Build if: == 'true' runs-on: ubuntu-latest needs: conditional steps: - uses: actions/checkout@v3 - name: Build Keycloak uses: ./.github/actions/build-keycloak unit-tests: name: Base UT runs-on: ubuntu-latest needs: build timeout-minutes: 30 steps: - uses: actions/checkout@v3 - id: unit-test-setup name: Unit test setup uses: ./.github/actions/unit-test-setup - name: Run unit tests run: | SEP="" PROJECTS="" for i in `find -name '*' -type f | egrep -v './(testsuite|quarkus|docs)/' | sed 's|/src/test/java/.*||' | sort | uniq | sed 's|./||'`; do PROJECTS="$PROJECTS$SEP$i" SEP="," done ./mvnw test -pl "$PROJECTS" -am - name: Upload JVM Heapdumps if: always() uses: ./.github/actions/upload-heapdumps - name: Surefire reports if: always() uses: ./.github/actions/archive-surefire-reports with: job-id: unit-tests base-integration-tests: name: Base IT needs: build runs-on: ubuntu-latest timeout-minutes: 100 strategy: matrix: group: [1, 2, 3, 4, 5, 6] fail-fast: false steps: - uses: actions/checkout@v3 - id: integration-test-setup name: Integration test setup uses: ./.github/actions/integration-test-setup - name: Run base tests run: | TESTS=`testsuite/integration-arquillian/tests/base/testsuites/ ${{ }}` echo "Tests: $TESTS" ./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus "$CHROMEWEBDRIVER/chromedriver" -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base | misc/log/ - name: Upload JVM Heapdumps if: always() uses: ./.github/actions/upload-heapdumps - uses: ./.github/actions/upload-flaky-tests name: Upload flaky tests env: GH_TOKEN: ${{ github.token }} with: job-name: Base IT - name: Surefire reports if: always() uses: ./.github/actions/archive-surefire-reports with: job-id: base-integration-tests-${{ }} quarkus-unit-tests: name: Quarkus UT needs: build timeout-minutes: 15 runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 # We want to download Keycloak artifacts - id: integration-test-setup name: Integration test setup uses: ./.github/actions/integration-test-setup - name: Run unit tests run: | ./mvnw test -f quarkus/pom.xml -pl '!tests,!tests/junit5,!tests/integration,!dist' - name: Upload JVM Heapdumps if: always() uses: ./.github/actions/upload-heapdumps - name: Surefire reports if: always() uses: ./.github/actions/archive-surefire-reports with: job-id: quarkus-unit-tests quarkus-integration-tests: name: Quarkus IT needs: build timeout-minutes: 115 strategy: matrix: os: [ubuntu-latest, windows-latest] server: [sanity-check-zip, zip, container, storage] exclude: - os: windows-latest server: zip - os: windows-latest server: container - os: windows-latest server: storage fail-fast: false runs-on: ${{ matrix.os }} env: MAVEN_OPTS: -Xmx1024m steps: - uses: actions/checkout@v3 - id: unit-test-setup name: Unit test setup uses: ./.github/actions/unit-test-setup # Not sure why, but needs to re-build otherwise there's some failures starting up - name: Run Quarkus integration Tests run: | declare -A PARAMS PARAMS["sanity-check-zip"]="-Dtest=StartCommandDistTest,StartDevCommandDistTest,BuildAndStartDistTest,ImportAtStartupDistTest" PARAMS["zip"]="" PARAMS["container"]="-Dkc.quarkus.tests.dist=docker" PARAMS["storage"]="-Ptest-database -Dtest=PostgreSQLDistTest,MariaDBDistTest#testSuccessful,MySQLDistTest#testSuccessful,DatabaseOptionsDistTest,JPAStoreDistTest,HotRodStoreDistTest,MixedStoreDistTest,TransactionConfigurationDistTest" ./mvnw install -pl quarkus/tests/integration -am -DskipTests ./mvnw test -pl quarkus/tests/integration ${PARAMS["${{ matrix.server }}"]} | misc/log/ - name: Upload JVM Heapdumps if: always() uses: ./.github/actions/upload-heapdumps - name: Surefire reports if: always() uses: ./.github/actions/archive-surefire-reports with: job-id: quarkus-integration-tests-${{ matrix.os }}-${{ matrix.server }} jdk-integration-tests: name: Java Distribution IT needs: build timeout-minutes: 100 strategy: matrix: os: [ubuntu-latest, windows-latest] dist: [temurin] version: [19] fail-fast: false runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 - id: integration-test-setup name: Integration test setup uses: ./.github/actions/integration-test-setup with: jdk-dist: ${{ matrix.dist }} jdk-version: ${{ matrix.version }} - name: Prepare Quarkus distribution with current JDK run: ./mvnw install -e -pl testsuite/integration-arquillian/servers/auth-server/quarkus - name: Run base tests run: | TESTS=`testsuite/integration-arquillian/tests/base/testsuites/ jdk` echo "Tests: $TESTS" ./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base | misc/log/ - name: Build with JDK run: ./mvnw install -e -DskipTests -DskipExamples - name: Upload JVM Heapdumps if: always() uses: ./.github/actions/upload-heapdumps - uses: ./.github/actions/upload-flaky-tests name: Upload flaky tests env: GH_TOKEN: ${{ github.token }} with: job-name: Java Distribution IT - name: Surefire reports if: always() uses: ./.github/actions/archive-surefire-reports with: job-id: jdk-integration-tests-${{ matrix.os }}-${{ matrix.dist }}-${{ matrix.version }} databases-new-store: name: Databases New Store runs-on: ubuntu-latest needs: [conditional] if: == 'true' steps: - id: matrix-db # language=bash run: | # For PRs, run only PostgreSQL, on branches and nightly runs run all databases if [ "${{ github.event_name }}" == "pull_request" ]; then echo 'db=["chm", "hot-rod", "jpa-postgres"]' >> $GITHUB_OUTPUT else echo 'db=["chm", "hot-rod", "jpa-postgres", "jpa-cockroach"]' >> $GITHUB_OUTPUT fi outputs: db: ${{ steps.matrix-db.outputs.db }} new-store-integration-tests: name: New Store IT needs: [conditional, build, databases-new-store] if: == 'true' runs-on: ubuntu-latest # Currently, the run of CockroachDB (only branches and nightly runs) is the longest with 50-60 minutes timeout-minutes: 90 strategy: matrix: db: ${{ fromJson(needs.databases-new-store.outputs.db) }} fail-fast: false steps: - uses: actions/checkout@v3 - id: integration-test-setup name: Integration test setup uses: ./.github/actions/integration-test-setup - name: Run base tests run: | declare -A PARAMS PARAMS["chm"]="-Pmap-storage-chm -Dpageload.timeout=90000" PARAMS["hot-rod"]="-Pmap-storage-hot-rod -Dpageload.timeout=90000" PARAMS["jpa-postgres"]="-Pmap-storage-jpa-postgres -Dpageload.timeout=90000" PARAMS["jpa-cockroach"]="-Pmap-storage-jpa-cockroach -Dpageload.timeout=90000" TESTS=`testsuite/integration-arquillian/tests/base/testsuites/ database` echo "Tests: $TESTS" ./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus ${PARAMS["${{ matrix.db }}"]} -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base | misc/log/ - name: Upload JVM Heapdumps if: always() uses: ./.github/actions/upload-heapdumps - uses: ./.github/actions/upload-flaky-tests name: Upload flaky tests env: GH_TOKEN: ${{ github.token }} with: job-name: New Store IT - name: Surefire reports if: always() uses: ./.github/actions/archive-surefire-reports with: job-id: new-store-integration-tests-${{ matrix.db }} legacy-store-integration-tests: name: Legacy Store IT needs: [build, conditional] if: == 'true' runs-on: ubuntu-latest timeout-minutes: 75 strategy: matrix: db: [postgres, mysql, oracle, mssql, mariadb] fail-fast: false steps: - uses: actions/checkout@v3 - id: integration-test-setup name: Integration test setup uses: ./.github/actions/integration-test-setup - name: Run base tests run: | TESTS=`testsuite/integration-arquillian/tests/base/testsuites/ database` echo "Tests: $TESTS" ./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Pdb-${{ matrix.db }} -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base | misc/log/ - name: Upload JVM Heapdumps if: always() uses: ./.github/actions/upload-heapdumps - uses: ./.github/actions/upload-flaky-tests name: Upload flaky tests env: GH_TOKEN: ${{ github.token }} with: job-name: Legacy Store IT - name: Surefire reports if: always() uses: ./.github/actions/archive-surefire-reports with: job-id: legacy-store-integration-tests-${{ matrix.db }} store-model-tests: name: Store Model Tests runs-on: ubuntu-latest needs: [build, conditional] if: == 'true' timeout-minutes: 75 steps: - uses: actions/checkout@v3 - id: integration-test-setup name: Integration test setup uses: ./.github/actions/integration-test-setup - name: Run model tests run: testsuite/model/ ${{ env.SUREFIRE_RETRY }} - name: Upload JVM Heapdumps if: always() uses: ./.github/actions/upload-heapdumps - uses: ./.github/actions/upload-flaky-tests name: Upload flaky tests env: GH_TOKEN: ${{ github.token }} with: job-name: Store Model Tests - name: Surefire reports if: always() uses: ./.github/actions/archive-surefire-reports with: job-id: store-model-tests clustering-integration-tests: name: Legacy Clustering IT needs: build runs-on: ubuntu-latest timeout-minutes: 35 env: MAVEN_OPTS: -Xmx1024m steps: - uses: actions/checkout@v3 - id: integration-test-setup name: Integration test setup uses: ./.github/actions/integration-test-setup - name: Run cluster tests run: | ./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-cluster-quarkus -Dsession.cache.owners=2 -Dtest=**.cluster.** -pl testsuite/integration-arquillian/tests/base | misc/log/ - name: Upload JVM Heapdumps if: always() uses: ./.github/actions/upload-heapdumps - uses: ./.github/actions/upload-flaky-tests name: Upload flaky tests env: GH_TOKEN: ${{ github.token }} with: job-name: Legacy Clustering IT - name: Surefire reports if: always() uses: ./.github/actions/archive-surefire-reports with: job-id: clustering-integration-tests fips-unit-tests: name: FIPS UT runs-on: ubuntu-latest needs: build timeout-minutes: 20 steps: - uses: actions/checkout@v3 - name: Fake fips run: | cd .github/fake_fips make sudo insmod fake_fips.ko - id: unit-test-setup name: Unit test setup uses: ./.github/actions/unit-test-setup - name: Run crypto tests run: docker run --rm --workdir /github/workspace -v "${{ github.workspace }}":"/github/workspace" -v "$HOME/.m2":"/root/.m2" .github/scripts/ - name: Upload JVM Heapdumps if: always() uses: ./.github/actions/upload-heapdumps - name: Surefire reports if: always() uses: ./.github/actions/archive-surefire-reports with: job-id: fips-unit-tests fips-integration-tests: name: FIPS IT needs: build runs-on: ubuntu-latest timeout-minutes: 45 strategy: matrix: mode: [non-strict, strict] fail-fast: false steps: - uses: actions/checkout@v3 - name: Fake fips run: | cd .github/fake_fips make sudo insmod fake_fips.ko - id: integration-test-setup name: Integration test setup uses: ./.github/actions/integration-test-setup with: jdk-version: 17 - name: Prepare Quarkus distribution with BCFIPS run: ./mvnw install -e -pl testsuite/integration-arquillian/servers/auth-server/quarkus -Pauth-server-quarkus,auth-server-fips140-2 - name: Run base tests run: docker run --rm --workdir /github/workspace -e "SUREFIRE_RERUN_FAILING_COUNT" -v "${{ github.workspace }}":"/github/workspace" -v "$HOME/.m2":"/root/.m2" .github/scripts/ ${{ matrix.mode }} - name: Upload JVM Heapdumps if: always() uses: ./.github/actions/upload-heapdumps - uses: ./.github/actions/upload-flaky-tests name: Upload flaky tests env: GH_TOKEN: ${{ github.token }} with: job-name: FIPS IT - name: Surefire reports if: always() uses: ./.github/actions/archive-surefire-reports with: job-id: fips-integration-tests-${{ matrix.mode }} account-console-integration-tests: name: Account Console IT runs-on: ubuntu-latest needs: build timeout-minutes: 75 strategy: matrix: browser: [chrome, firefox] fail-fast: false steps: - uses: actions/checkout@v3 - id: integration-test-setup name: Integration test setup uses: ./.github/actions/integration-test-setup - name: Run Account Console IT run: ./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=**.account2.**,!SigningInTest#passwordlessWebAuthnTest,!SigningInTest#twoFactorWebAuthnTest -Dbrowser=${{ matrix.browser }} "$CHROMEWEBDRIVER/chromedriver" "-Dwebdriver.gecko.driver=$GECKOWEBDRIVER/geckodriver" -f testsuite/integration-arquillian/tests/other/base-ui/pom.xml | misc/log/ - name: Upload JVM Heapdumps if: always() uses: ./.github/actions/upload-heapdumps - uses: ./.github/actions/upload-flaky-tests name: Upload flaky tests env: GH_TOKEN: ${{ github.token }} with: job-name: Account Console IT - name: Surefire reports if: always() uses: ./.github/actions/archive-surefire-reports with: job-id: account-console-integration-tests-${{ matrix.browser }} forms-integration-tests: name: Forms IT runs-on: ubuntu-latest needs: build timeout-minutes: 75 strategy: matrix: browser: [chrome, firefox] fail-fast: false steps: - uses: actions/checkout@v3 - id: integration-test-setup name: Integration test setup uses: ./.github/actions/integration-test-setup - name: Run Forms IT run: | TESTS=`testsuite/integration-arquillian/tests/base/testsuites/ forms` echo "Tests: $TESTS" ./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -Dbrowser=${{ matrix.browser }} "$CHROMEWEBDRIVER/chromedriver" "-Dwebdriver.gecko.driver=$GECKOWEBDRIVER/geckodriver" -f testsuite/integration-arquillian/tests/base/pom.xml | misc/log/ - name: Upload JVM Heapdumps if: always() uses: ./.github/actions/upload-heapdumps - uses: ./.github/actions/upload-flaky-tests name: Upload flaky tests env: GH_TOKEN: ${{ github.token }} with: job-name: Forms IT - name: Surefire reports if: always() uses: ./.github/actions/archive-surefire-reports with: job-id: forms-integration-tests-${{ matrix.browser }} webauthn-integration-tests: name: WebAuthn IT runs-on: ubuntu-latest needs: build timeout-minutes: 45 strategy: matrix: browser: - chrome # - firefox disabled until is resolved fail-fast: false steps: - uses: actions/checkout@v3 - id: integration-test-setup name: Integration test setup uses: ./.github/actions/integration-test-setup # Don't use Chrome for testing (just regular Chrome) until is resolved #- id: install-chrome # name: Install Chrome browser # uses: ./.github/actions/install-chrome # if: matrix.browser == 'chrome' - name: Run WebAuthn IT run: ./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=org.keycloak.testsuite.webauthn.**.*Test -Dbrowser=${{ matrix.browser }} "$CHROMEWEBDRIVER/chromedriver" "-Dwebdriver.gecko.driver=$GECKOWEBDRIVER/geckodriver" -Pwebauthn -f testsuite/integration-arquillian/tests/other/pom.xml | misc/log/ - name: Upload JVM Heapdumps if: always() uses: ./.github/actions/upload-heapdumps - uses: ./.github/actions/upload-flaky-tests name: Upload flaky tests env: GH_TOKEN: ${{ github.token }} with: job-name: WebAuthn IT - name: Surefire reports if: always() uses: ./.github/actions/archive-surefire-reports with: job-id: webauthn-integration-tests-${{ matrix.browser }} sssd-unit-tests: name: SSSD runs-on: ubuntu-latest if: == 'true' needs: - conditional - build timeout-minutes: 30 steps: - name: checkout uses: actions/checkout@v3 - id: integration-test-setup name: Integration test setup uses: ./.github/actions/integration-test-setup - id: weekly-cache-key name: Key for weekly rotation of cache shell: bash run: echo "key=ipa-data-`date -u "+%Y-%U"`" >> $GITHUB_OUTPUT - id: cache-maven-repository name: ipa-data cache uses: actions/cache@v3 with: path: ~/ipa-data.tar key: ${{ steps.weekly-cache-key.outputs.key }} - name: Run tests run: .github/scripts/ "${{ github.workspace }}" - name: Surefire reports if: always() uses: ./.github/actions/archive-surefire-reports with: job-id: sssd-unit-tests migration-tests: name: Migration Tests runs-on: ubuntu-latest needs: build timeout-minutes: 45 strategy: matrix: old-version: [19.0.3] database: [postgres, mysql, oracle, mssql, mariadb] fail-fast: false steps: - uses: actions/checkout@v3 - id: integration-test-setup name: Integration test setup uses: ./.github/actions/integration-test-setup - name: Run Migration Tests run: | ./mvnw clean install ${{ env.SUREFIRE_RETRY }} \ -Pauth-server-quarkus -Pdb-${{ matrix.database }} -Pauth-server-migration \ -Dtest=MigrationTest \ -Dmigration.mode=auto \ -Dmigrated.auth.server.version=${{ matrix.old-version }} \${{ matrix.old-version }}.json \ -Dauth.server.ssl.required=false \ \ -f testsuite/integration-arquillian/pom.xml | misc/log/ - name: Upload JVM Heapdumps if: always() uses: ./.github/actions/upload-heapdumps - uses: ./.github/actions/upload-flaky-tests name: Upload flaky tests env: GH_TOKEN: ${{ github.token }} with: job-name: Migration Tests - name: Surefire reports if: always() uses: ./.github/actions/archive-surefire-reports with: job-id: migration-tests-${{ matrix.old-version }}-${{ matrix.database }} check: name: Status Check - Keycloak CI if: always() needs: - conditional - unit-tests - base-integration-tests - quarkus-unit-tests - quarkus-integration-tests - jdk-integration-tests - new-store-integration-tests - legacy-store-integration-tests - store-model-tests - clustering-integration-tests - fips-unit-tests - fips-integration-tests - account-console-integration-tests - forms-integration-tests - webauthn-integration-tests - sssd-unit-tests - migration-tests runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - uses: ./.github/actions/status-check with: jobs: ${{ toJSON(needs) }}