10aca55523
Closes #33881 Signed-off-by: rmartinc <rmartinc@redhat.com>
980 lines
32 KiB
YAML
980 lines
32 KiB
YAML
name: Keycloak CI
|
|
|
|
on:
|
|
push:
|
|
branches-ignore:
|
|
- main
|
|
- dependabot/**
|
|
pull_request:
|
|
workflow_dispatch:
|
|
|
|
env:
|
|
MAVEN_ARGS: "-B -nsu -Daether.connector.http.connectionMaxTtl=25"
|
|
SUREFIRE_RERUN_FAILING_COUNT: 2
|
|
SUREFIRE_RETRY: "-Dsurefire.rerunFailingTestsCount=2"
|
|
|
|
concurrency:
|
|
# Only cancel jobs for PR updates
|
|
group: ci-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
|
|
jobs:
|
|
|
|
conditional:
|
|
name: Check conditional workflows and jobs
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
ci: ${{ steps.conditional.outputs.ci }}
|
|
ci-quarkus: ${{ steps.conditional.outputs.ci-quarkus }}
|
|
ci-store: ${{ steps.conditional.outputs.ci-store }}
|
|
ci-sssd: ${{ steps.conditional.outputs.ci-sssd }}
|
|
ci-webauthn: ${{ steps.conditional.outputs.ci-webauthn }}
|
|
ci-test-poc: ${{ steps.conditional.outputs.ci-test-poc }}
|
|
ci-aurora: ${{ steps.auroradb-tests.outputs.run-aurora-tests }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: conditional
|
|
uses: ./.github/actions/conditional
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: AuroraDB conditional check
|
|
id: auroradb-tests
|
|
run: |
|
|
RUN_AURORADB_TESTS=false
|
|
if [[ $GITHUB_EVENT_NAME != "pull_request" && -n "${{ secrets.AWS_SECRET_ACCESS_KEY }}" ]]; then
|
|
RUN_AURORADB_TESTS=true
|
|
fi
|
|
echo "run-aurora-tests=$RUN_AURORADB_TESTS" >> $GITHUB_OUTPUT
|
|
|
|
build:
|
|
name: Build
|
|
if: needs.conditional.outputs.ci == 'true'
|
|
runs-on: ubuntu-latest
|
|
needs: conditional
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Build Keycloak
|
|
uses: ./.github/actions/build-keycloak
|
|
|
|
unit-tests:
|
|
name: Base UT
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
timeout-minutes: 30
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: unit-test-setup
|
|
name: Unit test setup
|
|
uses: ./.github/actions/unit-test-setup
|
|
|
|
- name: Run unit tests
|
|
run: |
|
|
SEP=""
|
|
PROJECTS=""
|
|
for i in `find -name '*Test.java' -type f | egrep -v './(testsuite|quarkus|docs|test-poc|test-framework)/' | sed 's|/src/test/java/.*||' | sort | uniq | sed 's|./||'`; do
|
|
PROJECTS="$PROJECTS$SEP$i"
|
|
SEP=","
|
|
done
|
|
|
|
./mvnw install -pl "$PROJECTS" -am
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: unit-tests
|
|
|
|
base-integration-tests:
|
|
name: Base IT
|
|
needs: build
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 100
|
|
strategy:
|
|
matrix:
|
|
group: [1, 2, 3, 4, 5, 6]
|
|
fail-fast: false
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- name: Run base tests
|
|
run: |
|
|
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh ${{ matrix.group }}`
|
|
echo "Tests: $TESTS"
|
|
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: Base IT
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: base-integration-tests-${{ matrix.group }}
|
|
|
|
adapter-integration-tests:
|
|
name: Adapter IT
|
|
needs: build
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 100
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- name: Build adapter distributions
|
|
run: ./mvnw install -DskipTests -f distribution/pom.xml
|
|
|
|
- name: Build app servers
|
|
run: ./mvnw install -DskipTests -Pbuild-app-servers -f testsuite/integration-arquillian/servers/app-server/pom.xml
|
|
|
|
- name: Run adapter tests
|
|
run: |
|
|
TESTS="org.keycloak.testsuite.adapter.**"
|
|
echo "Tests: $TESTS"
|
|
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Papp-server-wildfly -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: Base IT
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: adapter-integration-tests
|
|
|
|
quarkus-unit-tests:
|
|
name: Quarkus UT
|
|
needs: [build, conditional]
|
|
if: needs.conditional.outputs.ci-quarkus == 'true'
|
|
timeout-minutes: 15
|
|
strategy:
|
|
matrix:
|
|
os: [ ubuntu-latest, windows-latest ]
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
# We want to download Keycloak artifacts
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- name: Run unit tests
|
|
run: |
|
|
./mvnw test -f quarkus/pom.xml -pl '!tests,!tests/junit5,!tests/integration,!dist'
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: quarkus-unit-tests
|
|
|
|
quarkus-integration-tests:
|
|
name: Quarkus IT
|
|
needs: [build, conditional]
|
|
timeout-minutes: 115
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-latest]
|
|
suite: [zip, container, storage, smoke]
|
|
full-testsuite:
|
|
- ${{ needs.conditional.outputs.ci-quarkus == 'true' }}
|
|
# Win runs always as includes are evaluated after excludes
|
|
include:
|
|
- os: windows-latest
|
|
suite: win
|
|
# Either run smoke tests, or full testsuite
|
|
exclude:
|
|
- full-testsuite: false
|
|
suite: zip
|
|
- full-testsuite: false
|
|
suite: container
|
|
- full-testsuite: false
|
|
suite: storage
|
|
- full-testsuite: true
|
|
suite: smoke
|
|
fail-fast: false
|
|
runs-on: ${{ matrix.os }}
|
|
env:
|
|
MAVEN_OPTS: -Xmx1024m
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: unit-test-setup
|
|
name: Unit test setup
|
|
uses: ./.github/actions/unit-test-setup
|
|
|
|
# Not sure why, but needs to re-build otherwise there's some failures starting up
|
|
# Smoke tests should cover scenarios that could be broken by changes in other modules that quarkus
|
|
- name: Run Quarkus integration Tests
|
|
run: |
|
|
declare -A PARAMS
|
|
PARAMS["win"]="-Dtest=StartCommandDistTest,StartDevCommandDistTest,BuildAndStartDistTest,ImportAtStartupDistTest"
|
|
PARAMS["zip"]=""
|
|
PARAMS["container"]="-Dkc.quarkus.tests.dist=docker"
|
|
PARAMS["storage"]="-Ptest-database -Dtest=PostgreSQLDistTest,MariaDBDistTest#testSuccessful,MySQLDistTest#testSuccessful,DatabaseOptionsDistTest,JPAStoreDistTest,HotRodStoreDistTest,MixedStoreDistTest,TransactionConfigurationDistTest,ExternalInfinispanTest"
|
|
PARAMS["smoke"]="-Dtest=ClusterConfigDistTest,CustomJpaEntityProviderDistTest,ExportDistTest,FeaturesDistTest,ImportAtStartupDistTest,ImportDistTest,JaxRsDistTest,TruststoreDistTest"
|
|
|
|
./mvnw install -pl quarkus/tests/integration -am -DskipTests
|
|
./mvnw test -pl quarkus/tests/integration ${PARAMS["${{ matrix.suite }}"]} 2>&1 | misc/log/trimmer.sh
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: quarkus-integration-tests-${{ matrix.os }}-${{ matrix.server }}
|
|
|
|
jdk-integration-tests:
|
|
name: Java Distribution IT
|
|
needs: build
|
|
timeout-minutes: 100
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-latest, windows-latest]
|
|
dist: [temurin]
|
|
version: [17]
|
|
fail-fast: false
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
with:
|
|
jdk-dist: ${{ matrix.dist }}
|
|
jdk-version: ${{ matrix.version }}
|
|
|
|
- name: Prepare Quarkus distribution with current JDK
|
|
run: ./mvnw install -e -pl testsuite/integration-arquillian/servers/auth-server/quarkus
|
|
|
|
- name: Run base tests
|
|
run: |
|
|
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh jdk`
|
|
echo "Tests: $TESTS"
|
|
if [ "$OSTYPE" == "msys" ]; then
|
|
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS "-Dwebdriver.chrome.driver=$ChromeWebDriver/chromedriver.exe" -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
|
|
else
|
|
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
|
|
fi
|
|
|
|
- name: Build with JDK
|
|
run:
|
|
./mvnw install -e -DskipTests -DskipExamples
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: Java Distribution IT
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: jdk-integration-tests-${{ matrix.os }}-${{ matrix.dist }}-${{ matrix.version }}
|
|
|
|
volatile-sessions-tests:
|
|
name: Volatile Sessions IT
|
|
needs: [build, conditional]
|
|
if: needs.conditional.outputs.ci-store == 'true'
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 150
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- name: Run base tests
|
|
run: |
|
|
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh volatile-sessions`
|
|
echo "Tests: $TESTS"
|
|
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" -Dauth.server.feature.disable=persistent-user-sessions -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: Store IT
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: store-integration-tests-${{ matrix.variant }}
|
|
|
|
- name: EC2 Maven Logs
|
|
if: failure()
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: store-it-mvn-logs
|
|
path: .github/scripts/ansible/files
|
|
|
|
external-infinispan-tests:
|
|
name: External Infinispan IT
|
|
needs: [ build, conditional ]
|
|
if: needs.conditional.outputs.ci-store == 'true'
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 150
|
|
strategy:
|
|
matrix:
|
|
variant: [ "clusterless,multi-site" ]
|
|
fail-fast: false
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- name: Run base tests without cache
|
|
run: |
|
|
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh clusterless`
|
|
echo "Tests: $TESTS"
|
|
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Pinfinispan-server -Dauth.server.feature=${{ matrix.variant }} -Dauth.server.feature.disable=persistent-user-sessions -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: Remote Infinispan IT
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: remote-infinispan-integration-tests
|
|
|
|
auroradb-integration-tests:
|
|
name: AuroraDB IT
|
|
needs: conditional
|
|
if: needs.conditional.outputs.ci-aurora == 'true'
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 150
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: aurora-init
|
|
name: Initialize Aurora environment
|
|
run: |
|
|
AWS_REGION=us-east-1
|
|
echo "AWS Region: ${AWS_REGION}"
|
|
|
|
aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
aws configure set region ${AWS_REGION}
|
|
|
|
AURORA_CLUSTER_NAME="gh-action-$(git rev-parse --short HEAD)-${{ github.run_id }}-${{ github.run_attempt }}"
|
|
PASS=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 13; echo)
|
|
echo "::add-mask::${PASS}"
|
|
|
|
echo "aurora-cluster-name=${AURORA_CLUSTER_NAME}" >> $GITHUB_OUTPUT
|
|
echo "aurora-cluster-password=${PASS}" >> $GITHUB_OUTPUT
|
|
echo "region=${AWS_REGION}" >> $GITHUB_OUTPUT
|
|
curl --fail-with-body https://truststore.pki.rds.amazonaws.com/${AWS_REGION}/${AWS_REGION}-bundle.pem -o aws.pem
|
|
PROPS+=' -Dkeycloak.connectionsJpa.jdbcParameters=\"?ssl=true&sslmode=verify-ca&sslrootcert=/opt/keycloak/aws.pem\"'
|
|
|
|
echo "maven_properties=${PROPS}" >> $GITHUB_OUTPUT
|
|
|
|
- id: aurora-create
|
|
name: Create Aurora DB
|
|
uses: ./.github/actions/aurora-create-database
|
|
with:
|
|
name: ${{ steps.aurora-init.outputs.aurora-cluster-name }}
|
|
password: ${{ steps.aurora-init.outputs.aurora-cluster-password }}
|
|
region: ${{ steps.aurora-init.outputs.region }}
|
|
|
|
- id: ec2-create
|
|
name: Create EC2 runner instance
|
|
run: |
|
|
AWS_REGION=${{ steps.aurora-init.outputs.region }}
|
|
EC2_CLUSTER_NAME=keycloak_$(git rev-parse --short HEAD)
|
|
echo "ec2_cluster=${EC2_CLUSTER_NAME}" >> $GITHUB_OUTPUT
|
|
|
|
git archive --format=zip --output /tmp/keycloak.zip $GITHUB_REF
|
|
zip -u /tmp/keycloak.zip aws.pem
|
|
|
|
cd .github/scripts/ansible
|
|
./aws_ec2.sh requirements
|
|
./aws_ec2.sh create ${AWS_REGION} ${EC2_CLUSTER_NAME}
|
|
./keycloak_ec2_installer.sh ${AWS_REGION} ${EC2_CLUSTER_NAME} /tmp/keycloak.zip
|
|
./mvn_ec2_runner.sh ${AWS_REGION} ${EC2_CLUSTER_NAME} "clean install -B -DskipTests -Pdistribution"
|
|
./mvn_ec2_runner.sh ${AWS_REGION} ${EC2_CLUSTER_NAME} "clean install -B -DskipTests -pl testsuite/integration-arquillian/servers/auth-server/quarkus -Pauth-server-quarkus -Pdb-aurora-postgres -Dmaven.build.cache.enabled=true"
|
|
|
|
- name: Run Aurora migration tests on EC2
|
|
id: aurora-migration-tests
|
|
env:
|
|
old-version: 24.0.4
|
|
run: |
|
|
EC2_CLUSTER_NAME=${{ steps.ec2-create.outputs.ec2_cluster }}
|
|
AWS_REGION=${{ steps.aurora-init.outputs.region }}
|
|
PROPS='${{ steps.aurora-init.outputs.maven_properties }}'
|
|
|
|
PROPS+=" -Dauth.server.db.host=${{ steps.aurora-create.outputs.endpoint }} -Dkeycloak.connectionsJpa.password=${{ steps.aurora-init.outputs.aurora-cluster-password }}"
|
|
PROPS+=" -Djdbc.mvn.groupId=software.amazon.jdbc -Djdbc.mvn.artifactId=aws-advanced-jdbc-wrapper -Djdbc.mvn.version=2.3.1 -Djdbc.driver.tmp.dir=target/unpacked/keycloak-${{ env.old-version }}/providers"
|
|
|
|
cd .github/scripts/ansible
|
|
./mvn_ec2_runner.sh ${AWS_REGION} ${EC2_CLUSTER_NAME} "clean install -B ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Pdb-aurora-postgres -Pauth-server-migration $PROPS -Dtest=MigrationTest -Dmigration.mode=auto -Dmigrated.auth.server.version=${{ env.old-version }} -Dmigration.import.file.name=migration-realm-${{ env.old-version }}.json -Dauth.server.ssl.required=false -f testsuite/integration-arquillian/pom.xml 2>&1 | misc/log/trimmer.sh"
|
|
|
|
# Copy returned surefire-report directories to workspace root to ensure they're discovered
|
|
results=(files/keycloak/results/*)
|
|
rsync -a $results/* ../../../
|
|
|
|
rm -rf $results
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: AuroraDB IT
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: migration-tests-${{ env.old-version }}-aurora-postgres
|
|
|
|
- name: EC2 Maven Logs
|
|
if: failure()
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: auroraDB-migration-tests-mvn-logs
|
|
path: .github/scripts/ansible/files
|
|
|
|
- name: Run Aurora integration tests on EC2
|
|
id: aurora-integration-tests
|
|
run: |
|
|
EC2_CLUSTER_NAME=${{ steps.ec2-create.outputs.ec2_cluster }}
|
|
AWS_REGION=${{ steps.aurora-init.outputs.region }}
|
|
PROPS='${{ steps.aurora-init.outputs.maven_properties }}'
|
|
PROPS+=" -Dauth.server.db.host=${{ steps.aurora-create.outputs.endpoint }} -Dkeycloak.connectionsJpa.password=${{ steps.aurora-init.outputs.aurora-cluster-password }}"
|
|
|
|
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh database`
|
|
echo "Tests: $TESTS"
|
|
|
|
cd .github/scripts/ansible
|
|
./mvn_ec2_runner.sh ${AWS_REGION} ${EC2_CLUSTER_NAME} "test -B ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Pdb-aurora-postgres $PROPS -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh"
|
|
|
|
# Copy returned surefire-report directories to workspace root to ensure they're discovered
|
|
results=(files/keycloak/results/*)
|
|
rsync -a $results/* ../../../
|
|
rm -rf $results
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: AuroraDB IT
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: aurora-integration-tests
|
|
|
|
- name: EC2 Maven Logs
|
|
if: failure()
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: aurora-integration-tests-mvn-logs
|
|
path: .github/scripts/ansible/files
|
|
|
|
- name: Delete EC2 Instance
|
|
if: always()
|
|
working-directory: .github/scripts/ansible
|
|
run: |
|
|
./aws_ec2.sh delete ${{ steps.aurora-init.outputs.region }} ${{ steps.ec2-create.outputs.ec2_cluster }}
|
|
|
|
- name: Delete Aurora DB
|
|
if: always()
|
|
run: |
|
|
gh workflow run aurora-delete.yml \
|
|
-f name=${{ steps.aurora-init.outputs.aurora-cluster-name }} \
|
|
-f region=${{ steps.aurora-init.outputs.region }} \
|
|
--repo ${{ github.repository }} \
|
|
--ref ${{ github.ref_name }}
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
|
|
store-integration-tests:
|
|
name: Store IT
|
|
needs: build
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 75
|
|
strategy:
|
|
matrix:
|
|
db: [postgres, mysql, oracle, mssql, mariadb]
|
|
fail-fast: false
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- name: Run base tests
|
|
run: |
|
|
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh database`
|
|
echo "Tests: $TESTS"
|
|
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Pdb-${{ matrix.db }} "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: Store IT
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: store-integration-tests-${{ matrix.db }}
|
|
|
|
store-model-tests:
|
|
name: Store Model Tests
|
|
runs-on: ubuntu-latest
|
|
needs: [build, conditional]
|
|
if: needs.conditional.outputs.ci-store == 'true'
|
|
timeout-minutes: 75
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- name: Run model tests
|
|
run: testsuite/model/test-all-profiles.sh ${{ env.SUREFIRE_RETRY }}
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: Store Model Tests
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: store-model-tests
|
|
|
|
clustering-integration-tests:
|
|
name: Clustering IT
|
|
needs: build
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 35
|
|
env:
|
|
MAVEN_OPTS: -Xmx1024m
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- name: Run cluster tests
|
|
run: |
|
|
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-cluster-quarkus,db-postgres "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" -Dsession.cache.owners=2 -Dtest=**.cluster.** -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: Clustering IT
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: clustering-integration-tests
|
|
|
|
fips-unit-tests:
|
|
name: FIPS UT
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
timeout-minutes: 20
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Fake fips
|
|
run: |
|
|
cd .github/fake_fips
|
|
make
|
|
sudo insmod fake_fips.ko
|
|
|
|
- id: unit-test-setup
|
|
name: Unit test setup
|
|
uses: ./.github/actions/unit-test-setup
|
|
|
|
- name: Run crypto tests
|
|
run: docker run --rm --workdir /github/workspace -v "${{ github.workspace }}":"/github/workspace" -v "$HOME/.m2":"/root/.m2" registry.access.redhat.com/ubi8/ubi:latest .github/scripts/run-fips-ut.sh
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: fips-unit-tests
|
|
|
|
fips-integration-tests:
|
|
name: FIPS IT
|
|
needs: build
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 45
|
|
strategy:
|
|
matrix:
|
|
mode: [non-strict, strict]
|
|
fail-fast: false
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Fake fips
|
|
run: |
|
|
cd .github/fake_fips
|
|
make
|
|
sudo insmod fake_fips.ko
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
with:
|
|
jdk-version: 21
|
|
|
|
- name: Run base tests
|
|
run: docker run --rm --workdir /github/workspace -e "SUREFIRE_RERUN_FAILING_COUNT" -v "${{ github.workspace }}":"/github/workspace" -v "$HOME/.m2":"/root/.m2" registry.access.redhat.com/ubi8/ubi:latest .github/scripts/run-fips-it.sh ${{ matrix.mode }}
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: FIPS IT
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: fips-integration-tests-${{ matrix.mode }}
|
|
|
|
forms-integration-tests:
|
|
name: Forms IT
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
timeout-minutes: 75
|
|
strategy:
|
|
matrix:
|
|
browser: [chrome, firefox]
|
|
fail-fast: false
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- name: Run Forms IT
|
|
run: |
|
|
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh forms`
|
|
echo "Tests: $TESTS"
|
|
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -Dbrowser=${{ matrix.browser }} -f testsuite/integration-arquillian/tests/base/pom.xml 2>&1 | misc/log/trimmer.sh
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: Forms IT
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: forms-integration-tests-${{ matrix.browser }}
|
|
|
|
webauthn-integration-tests:
|
|
name: WebAuthn IT
|
|
if: needs.conditional.outputs.ci-webauthn == 'true'
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
timeout-minutes: 45
|
|
strategy:
|
|
matrix:
|
|
browser:
|
|
- chrome
|
|
- firefox
|
|
fail-fast: false
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- name: Run WebAuthn IT
|
|
run: |
|
|
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh webauthn`
|
|
echo "Tests: $TESTS"
|
|
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -Dbrowser=${{ matrix.browser }} "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" "-Dwebdriver.gecko.driver=$GECKOWEBDRIVER/geckodriver" -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: WebAuthn IT
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: webauthn-integration-tests-${{ matrix.browser }}
|
|
|
|
sssd-unit-tests:
|
|
name: SSSD
|
|
runs-on: ubuntu-latest
|
|
if: needs.conditional.outputs.ci-sssd == 'true'
|
|
needs:
|
|
- conditional
|
|
- build
|
|
timeout-minutes: 30
|
|
steps:
|
|
- name: checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- id: weekly-cache-key
|
|
name: Key for weekly rotation of cache
|
|
shell: bash
|
|
run: echo "key=ipa-data-`date -u "+%Y-%U"`" >> $GITHUB_OUTPUT
|
|
|
|
- id: cache-maven-repository
|
|
name: ipa-data cache
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: ~/ipa-data.tar
|
|
key: ${{ steps.weekly-cache-key.outputs.key }}
|
|
|
|
- name: Run tests
|
|
run: .github/scripts/run-ipa.sh "${{ github.workspace }}"
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: sssd-unit-tests
|
|
|
|
migration-tests:
|
|
name: Migration Tests
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
timeout-minutes: 45
|
|
strategy:
|
|
matrix:
|
|
old-version: [24.0.4]
|
|
database: [postgres, mysql, oracle, mssql, mariadb]
|
|
fail-fast: false
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- name: Run Migration Tests
|
|
run: |
|
|
./mvnw clean install ${{ env.SUREFIRE_RETRY }} \
|
|
-Pauth-server-quarkus -Pdb-${{ matrix.database }} -Pauth-server-migration \
|
|
-Dtest=MigrationTest \
|
|
-Dmigration.mode=auto \
|
|
-Dmigrated.auth.server.version=${{ matrix.old-version }} \
|
|
-Dmigration.import.file.name=migration-realm-${{ matrix.old-version }}.json \
|
|
-Dauth.server.ssl.required=false \
|
|
-Dauth.server.db.host=localhost \
|
|
"-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" \
|
|
-f testsuite/integration-arquillian/pom.xml 2>&1 | misc/log/trimmer.sh
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: Migration Tests
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: migration-tests-${{ matrix.old-version }}-${{ matrix.database }}
|
|
|
|
test-framework:
|
|
name: Keycloak Test Framework
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
timeout-minutes: 30
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- name: Run tests
|
|
run: ./mvnw test -f test-framework/pom.xml
|
|
|
|
test-poc:
|
|
name: Test PoC
|
|
runs-on: ubuntu-latest
|
|
if: needs.conditional.outputs.ci-test-poc == 'true'
|
|
needs:
|
|
- conditional
|
|
- build
|
|
timeout-minutes: 30
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- name: Run tests
|
|
env:
|
|
KC_TEST_BROWSER: chrome-headless
|
|
run: ./mvnw clean install -f test-poc/pom.xml
|
|
|
|
check:
|
|
name: Status Check - Keycloak CI
|
|
if: always()
|
|
needs:
|
|
- conditional
|
|
- build
|
|
- unit-tests
|
|
- base-integration-tests
|
|
- adapter-integration-tests
|
|
- quarkus-unit-tests
|
|
- quarkus-integration-tests
|
|
- jdk-integration-tests
|
|
- store-integration-tests
|
|
- volatile-sessions-tests
|
|
- store-model-tests
|
|
- clustering-integration-tests
|
|
- fips-unit-tests
|
|
- fips-integration-tests
|
|
- forms-integration-tests
|
|
- webauthn-integration-tests
|
|
- sssd-unit-tests
|
|
- migration-tests
|
|
- external-infinispan-tests
|
|
- test-poc
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: ./.github/actions/status-check
|
|
with:
|
|
jobs: ${{ toJSON(needs) }}
|