keycloak-scim/.github/workflows/ci.yml
Martin Bartoš 5ad3abaa96
Enable WebAuthn tests for Firefox (#30374)
Closes #22075

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-06-18 10:36:01 +02:00

831 lines
27 KiB
YAML

name: Keycloak CI
on:
push:
branches-ignore:
- main
- dependabot/**
pull_request:
workflow_dispatch:
env:
MAVEN_ARGS: "-B -nsu -Daether.connector.http.connectionMaxTtl=25"
SUREFIRE_RERUN_FAILING_COUNT: 2
SUREFIRE_RETRY: "-Dsurefire.rerunFailingTestsCount=2"
concurrency:
# Only cancel jobs for PR updates
group: ci-${{ github.ref }}
cancel-in-progress: true
defaults:
run:
shell: bash
jobs:
conditional:
name: Check conditional workflows and jobs
runs-on: ubuntu-latest
outputs:
ci: ${{ steps.conditional.outputs.ci }}
ci-quarkus: ${{ steps.conditional.outputs.ci-quarkus }}
ci-store: ${{ steps.conditional.outputs.ci-store }}
ci-sssd: ${{ steps.conditional.outputs.ci-sssd }}
ci-webauthn: ${{ steps.conditional.outputs.ci-webauthn }}
ci-store-matrix: ${{ steps.conditional-stores.outputs.matrix }}
steps:
- uses: actions/checkout@v4
- id: conditional
uses: ./.github/actions/conditional
with:
token: ${{ secrets.GITHUB_TOKEN }}
- id: conditional-stores
run: |
STORES="postgres, mysql, oracle, mssql, mariadb"
if [[ $GITHUB_EVENT_NAME != "pull_request" && -n "${{ secrets.AWS_SECRET_ACCESS_KEY }}" ]]; then
STORES+=", aurora-postgres"
fi
echo "matrix=$(echo $STORES | jq -Rc 'split(", ")')" >> $GITHUB_OUTPUT
build:
name: Build
if: needs.conditional.outputs.ci == 'true'
runs-on: ubuntu-latest
needs: conditional
steps:
- uses: actions/checkout@v4
- name: Build Keycloak
uses: ./.github/actions/build-keycloak
unit-tests:
name: Base UT
runs-on: ubuntu-latest
needs: build
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- id: unit-test-setup
name: Unit test setup
uses: ./.github/actions/unit-test-setup
- name: Run unit tests
run: |
SEP=""
PROJECTS=""
for i in `find -name '*Test.java' -type f | egrep -v './(testsuite|quarkus|docs|test-poc)/' | sed 's|/src/test/java/.*||' | sort | uniq | sed 's|./||'`; do
PROJECTS="$PROJECTS$SEP$i"
SEP=","
done
./mvnw test -pl "$PROJECTS" -am
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: unit-tests
base-integration-tests:
name: Base IT
needs: build
runs-on: ubuntu-latest
timeout-minutes: 100
strategy:
matrix:
group: [1, 2, 3, 4, 5, 6]
fail-fast: false
steps:
- uses: actions/checkout@v4
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Run base tests
run: |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh ${{ matrix.group }}`
echo "Tests: $TESTS"
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- uses: ./.github/actions/upload-flaky-tests
name: Upload flaky tests
env:
GH_TOKEN: ${{ github.token }}
with:
job-name: Base IT
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: base-integration-tests-${{ matrix.group }}
adapter-integration-tests:
name: Adapter IT
needs: build
runs-on: ubuntu-latest
timeout-minutes: 100
steps:
- uses: actions/checkout@v4
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Build adapter distributions
run: ./mvnw install -DskipTests -f distribution/pom.xml
- name: Build app servers
run: ./mvnw install -DskipTests -Pbuild-app-servers -f testsuite/integration-arquillian/servers/app-server/pom.xml
- name: Run adapter tests
run: |
TESTS="org.keycloak.testsuite.adapter.**"
echo "Tests: $TESTS"
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Papp-server-wildfly "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- uses: ./.github/actions/upload-flaky-tests
name: Upload flaky tests
env:
GH_TOKEN: ${{ github.token }}
with:
job-name: Base IT
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: adapter-integration-tests
quarkus-unit-tests:
name: Quarkus UT
needs: [build, conditional]
if: needs.conditional.outputs.ci-quarkus == 'true'
timeout-minutes: 15
strategy:
matrix:
os: [ ubuntu-latest, windows-latest ]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
# We want to download Keycloak artifacts
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Run unit tests
run: |
./mvnw test -f quarkus/pom.xml -pl '!tests,!tests/junit5,!tests/integration,!dist'
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: quarkus-unit-tests
quarkus-integration-tests:
name: Quarkus IT
needs: [build, conditional]
timeout-minutes: 115
strategy:
matrix:
os: [ubuntu-latest]
suite: [zip, container, storage, smoke]
full-testsuite:
- ${{ needs.conditional.outputs.ci-quarkus == 'true' }}
# Win runs always as includes are evaluated after excludes
include:
- os: windows-latest
suite: win
# Either run smoke tests, or full testsuite
exclude:
- full-testsuite: false
suite: zip
- full-testsuite: false
suite: container
- full-testsuite: false
suite: storage
- full-testsuite: true
suite: smoke
fail-fast: false
runs-on: ${{ matrix.os }}
env:
MAVEN_OPTS: -Xmx1024m
steps:
- uses: actions/checkout@v4
- id: unit-test-setup
name: Unit test setup
uses: ./.github/actions/unit-test-setup
# Not sure why, but needs to re-build otherwise there's some failures starting up
# Smoke tests should cover scenarios that could be broken by changes in other modules that quarkus
- name: Run Quarkus integration Tests
run: |
declare -A PARAMS
PARAMS["win"]="-Dtest=StartCommandDistTest,StartDevCommandDistTest,BuildAndStartDistTest,ImportAtStartupDistTest"
PARAMS["zip"]=""
PARAMS["container"]="-Dkc.quarkus.tests.dist=docker"
PARAMS["storage"]="-Ptest-database -Dtest=PostgreSQLDistTest,MariaDBDistTest#testSuccessful,MySQLDistTest#testSuccessful,DatabaseOptionsDistTest,JPAStoreDistTest,HotRodStoreDistTest,MixedStoreDistTest,TransactionConfigurationDistTest,ExternalInfinispanTest"
PARAMS["smoke"]="-Dtest=ClusterConfigDistTest,CustomJpaEntityProviderDistTest,ExportDistTest,FeaturesDistTest,ImportAtStartupDistTest,ImportDistTest,JaxRsDistTest,TruststoreDistTest"
./mvnw install -pl quarkus/tests/integration -am -DskipTests
./mvnw test -pl quarkus/tests/integration ${PARAMS["${{ matrix.suite }}"]} 2>&1 | misc/log/trimmer.sh
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: quarkus-integration-tests-${{ matrix.os }}-${{ matrix.server }}
jdk-integration-tests:
name: Java Distribution IT
needs: build
timeout-minutes: 100
strategy:
matrix:
os: [ubuntu-latest, windows-latest]
dist: [temurin]
version: [17]
fail-fast: false
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
with:
jdk-dist: ${{ matrix.dist }}
jdk-version: ${{ matrix.version }}
- name: Prepare Quarkus distribution with current JDK
run: ./mvnw install -e -pl testsuite/integration-arquillian/servers/auth-server/quarkus
- name: Run base tests
run: |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh jdk`
echo "Tests: $TESTS"
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
- name: Build with JDK
run:
./mvnw install -e -DskipTests -DskipExamples
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- uses: ./.github/actions/upload-flaky-tests
name: Upload flaky tests
env:
GH_TOKEN: ${{ github.token }}
with:
job-name: Java Distribution IT
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: jdk-integration-tests-${{ matrix.os }}-${{ matrix.dist }}-${{ matrix.version }}
persistent-sessions-tests:
name: Persistent Sessions IT
needs: [build, conditional]
if: needs.conditional.outputs.ci-store == 'true'
runs-on: ubuntu-latest
timeout-minutes: 150
steps:
- uses: actions/checkout@v4
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Run base tests without cache
run: |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh persistent-sessions`
echo "Tests: $TESTS"
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dauth.server.feature="persistent-user-sessions" -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- uses: ./.github/actions/upload-flaky-tests
name: Upload flaky tests
env:
GH_TOKEN: ${{ github.token }}
with:
job-name: Store IT
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: store-integration-tests-${{ matrix.db }}
- name: EC2 Maven Logs
if: failure()
uses: actions/upload-artifact@v4
with:
name: store-it-mvn-logs
path: .github/scripts/ansible/files
store-integration-tests:
name: Store IT
needs: [build, conditional]
if: needs.conditional.outputs.ci-store == 'true'
runs-on: ubuntu-latest
timeout-minutes: 150
strategy:
matrix:
db: ${{ fromJson(needs.conditional.outputs.ci-store-matrix) }}
fail-fast: false
steps:
- uses: actions/checkout@v4
- id: aurora-init
name: Initialize Aurora environment
if: ${{ matrix.db == 'aurora-postgres' }}
run: |
AWS_REGION=us-east-1
echo "Region: ${AWS_REGION}"
aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }}
aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws configure set region ${AWS_REGION}
PASS=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 13; echo)
echo "::add-mask::${PASS}"
echo "name=gh-action-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
echo "password=${PASS}" >> $GITHUB_OUTPUT
echo "region=${AWS_REGION}" >> $GITHUB_OUTPUT
- id: aurora-create
name: Create Aurora DB
if: ${{ matrix.db == 'aurora-postgres' }}
uses: ./.github/actions/aurora-create-database
with:
name: ${{ steps.aurora-init.outputs.name }}
password: ${{ steps.aurora-init.outputs.password }}
region: ${{ steps.aurora-init.outputs.region }}
- id: integration-test-setup
name: Integration test setup
if: ${{ matrix.db != 'aurora-postgres' }}
uses: ./.github/actions/integration-test-setup
- name: Run Aurora tests on EC2
id: aurora-tests
if: ${{ matrix.db == 'aurora-postgres' }}
run: |
PROPS="-Dauth.server.db.host=${{ steps.aurora-create.outputs.endpoint }}"
PROPS+=" -Dkeycloak.connectionsJpa.password=${{ steps.aurora-init.outputs.password }}"
REGION=${{ steps.aurora-init.outputs.region }}
curl --fail-with-body https://truststore.pki.rds.amazonaws.com/${REGION}/${REGION}-bundle.pem -o aws.pem
PROPS+=" -Dkeycloak.connectionsJpa.jdbcParameters=\"?ssl=true&sslmode=verify-ca&sslrootcert=/opt/keycloak/aws.pem\""
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh database`
echo "Tests: $TESTS"
git archive --format=zip --output /tmp/keycloak.zip $GITHUB_REF
zip -u /tmp/keycloak.zip aws.pem
cd .github/scripts/ansible
export CLUSTER_NAME=keycloak_$(git rev-parse --short HEAD)
echo "ec2_cluster=${CLUSTER_NAME}" >> $GITHUB_OUTPUT
./aws_ec2.sh requirements
./aws_ec2.sh create ${REGION}
./keycloak_ec2_installer.sh ${REGION} /tmp/keycloak.zip
./mvn_ec2_runner.sh ${REGION} "clean install -B -DskipTests -Pdistribution"
./mvn_ec2_runner.sh ${REGION} "clean install -B -DskipTests -pl testsuite/integration-arquillian/servers/auth-server/quarkus -Pauth-server-quarkus -Pdb-aurora-postgres -Dmaven.build.cache.enabled=true"
./mvn_ec2_runner.sh ${REGION} "test -B ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Pdb-${{ matrix.db }} $PROPS -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh"
# Copy returned surefire-report directories to workspace root to ensure they're discovered
results=(files/keycloak/results/*)
rsync -a $results/* ../../../
rm -rf $results
- name: Run base tests
if: ${{ matrix.db != 'aurora-postgres' }}
run: |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh database`
echo "Tests: $TESTS"
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Pdb-${{ matrix.db }} -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- uses: ./.github/actions/upload-flaky-tests
name: Upload flaky tests
env:
GH_TOKEN: ${{ github.token }}
with:
job-name: Store IT
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: store-integration-tests-${{ matrix.db }}
- name: EC2 Maven Logs
if: failure()
uses: actions/upload-artifact@v4
with:
name: store-it-mvn-logs
path: .github/scripts/ansible/files
- name: Delete Aurora EC2 Instance
if: ${{ always() && matrix.db == 'aurora-postgres' }}
working-directory: .github/scripts/ansible
run: |
export CLUSTER_NAME=${{ steps.aurora-tests.outputs.ec2_cluster }}
./aws_ec2.sh delete ${{ steps.aurora-init.outputs.region }}
- name: Delete Aurora DB
if: ${{ always() && matrix.db == 'aurora-postgres' }}
run: |
gh workflow run aurora-delete.yml \
-f name=${{ steps.aurora-init.outputs.name }} \
-f region=${{ steps.aurora-init.outputs.region }} \
--repo ${{ github.repository }} \
--ref ${{ github.ref_name }}
env:
GH_TOKEN: ${{ github.token }}
store-model-tests:
name: Store Model Tests
runs-on: ubuntu-latest
needs: [build, conditional]
if: needs.conditional.outputs.ci-store == 'true'
timeout-minutes: 75
steps:
- uses: actions/checkout@v4
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Run model tests
run: testsuite/model/test-all-profiles.sh ${{ env.SUREFIRE_RETRY }}
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- uses: ./.github/actions/upload-flaky-tests
name: Upload flaky tests
env:
GH_TOKEN: ${{ github.token }}
with:
job-name: Store Model Tests
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: store-model-tests
clustering-integration-tests:
name: Clustering IT
needs: build
runs-on: ubuntu-latest
timeout-minutes: 35
env:
MAVEN_OPTS: -Xmx1024m
steps:
- uses: actions/checkout@v4
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Run cluster tests
run: |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-cluster-quarkus -Dsession.cache.owners=2 -Dtest=**.cluster.** -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- uses: ./.github/actions/upload-flaky-tests
name: Upload flaky tests
env:
GH_TOKEN: ${{ github.token }}
with:
job-name: Clustering IT
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: clustering-integration-tests
fips-unit-tests:
name: FIPS UT
runs-on: ubuntu-latest
needs: build
timeout-minutes: 20
steps:
- uses: actions/checkout@v4
- name: Fake fips
run: |
cd .github/fake_fips
make
sudo insmod fake_fips.ko
- id: unit-test-setup
name: Unit test setup
uses: ./.github/actions/unit-test-setup
- name: Run crypto tests
run: docker run --rm --workdir /github/workspace -v "${{ github.workspace }}":"/github/workspace" -v "$HOME/.m2":"/root/.m2" registry.access.redhat.com/ubi8/ubi:latest .github/scripts/run-fips-ut.sh
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: fips-unit-tests
fips-integration-tests:
name: FIPS IT
needs: build
runs-on: ubuntu-latest
timeout-minutes: 45
strategy:
matrix:
mode: [non-strict, strict]
fail-fast: false
steps:
- uses: actions/checkout@v4
- name: Fake fips
run: |
cd .github/fake_fips
make
sudo insmod fake_fips.ko
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
with:
jdk-version: 21
- name: Build adapter distributions
run: ./mvnw install -DskipTests -f distribution/pom.xml
- name: Build app servers
run: ./mvnw install -DskipTests -Pbuild-app-servers -f testsuite/integration-arquillian/servers/app-server/pom.xml
- name: Prepare Quarkus distribution with BCFIPS
run: ./mvnw install -e -pl testsuite/integration-arquillian/servers/auth-server/quarkus -Pauth-server-quarkus,auth-server-fips140-2
- name: Run base tests
run: docker run --rm --workdir /github/workspace -e "SUREFIRE_RERUN_FAILING_COUNT" -v "${{ github.workspace }}":"/github/workspace" -v "$HOME/.m2":"/root/.m2" registry.access.redhat.com/ubi8/ubi:latest .github/scripts/run-fips-it.sh ${{ matrix.mode }}
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- uses: ./.github/actions/upload-flaky-tests
name: Upload flaky tests
env:
GH_TOKEN: ${{ github.token }}
with:
job-name: FIPS IT
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: fips-integration-tests-${{ matrix.mode }}
forms-integration-tests:
name: Forms IT
runs-on: ubuntu-latest
needs: build
timeout-minutes: 75
strategy:
matrix:
browser: [chrome, firefox]
fail-fast: false
steps:
- uses: actions/checkout@v4
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Run Forms IT
run: |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh forms`
echo "Tests: $TESTS"
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -Dbrowser=${{ matrix.browser }} "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" "-Dwebdriver.gecko.driver=$GECKOWEBDRIVER/geckodriver" -f testsuite/integration-arquillian/tests/base/pom.xml 2>&1 | misc/log/trimmer.sh
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- uses: ./.github/actions/upload-flaky-tests
name: Upload flaky tests
env:
GH_TOKEN: ${{ github.token }}
with:
job-name: Forms IT
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: forms-integration-tests-${{ matrix.browser }}
webauthn-integration-tests:
name: WebAuthn IT
if: needs.conditional.outputs.ci-webauthn == 'true'
runs-on: ubuntu-latest
needs: build
timeout-minutes: 45
strategy:
matrix:
browser:
- chrome
- firefox
fail-fast: false
steps:
- uses: actions/checkout@v4
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Run WebAuthn IT
run: |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh webauthn`
echo "Tests: $TESTS"
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -Dbrowser=${{ matrix.browser }} "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" "-Dwebdriver.gecko.driver=$GECKOWEBDRIVER/geckodriver" -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- uses: ./.github/actions/upload-flaky-tests
name: Upload flaky tests
env:
GH_TOKEN: ${{ github.token }}
with:
job-name: WebAuthn IT
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: webauthn-integration-tests-${{ matrix.browser }}
sssd-unit-tests:
name: SSSD
runs-on: ubuntu-latest
if: needs.conditional.outputs.ci-sssd == 'true'
needs:
- conditional
- build
timeout-minutes: 30
steps:
- name: checkout
uses: actions/checkout@v4
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- id: weekly-cache-key
name: Key for weekly rotation of cache
shell: bash
run: echo "key=ipa-data-`date -u "+%Y-%U"`" >> $GITHUB_OUTPUT
- id: cache-maven-repository
name: ipa-data cache
uses: actions/cache@v4
with:
path: ~/ipa-data.tar
key: ${{ steps.weekly-cache-key.outputs.key }}
- name: Run tests
run: .github/scripts/run-ipa.sh "${{ github.workspace }}"
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: sssd-unit-tests
migration-tests:
name: Migration Tests
runs-on: ubuntu-latest
needs: build
timeout-minutes: 45
strategy:
matrix:
old-version: [24.0.4]
database: [postgres, mysql, oracle, mssql, mariadb]
fail-fast: false
steps:
- uses: actions/checkout@v4
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Run Migration Tests
run: |
./mvnw clean install ${{ env.SUREFIRE_RETRY }} \
-Pauth-server-quarkus -Pdb-${{ matrix.database }} -Pauth-server-migration \
-Dtest=MigrationTest \
-Dmigration.mode=auto \
-Dmigrated.auth.server.version=${{ matrix.old-version }} \
-Dmigration.import.file.name=migration-realm-${{ matrix.old-version }}.json \
-Dauth.server.ssl.required=false \
-Dauth.server.db.host=localhost \
-f testsuite/integration-arquillian/pom.xml 2>&1 | misc/log/trimmer.sh
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- uses: ./.github/actions/upload-flaky-tests
name: Upload flaky tests
env:
GH_TOKEN: ${{ github.token }}
with:
job-name: Migration Tests
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: migration-tests-${{ matrix.old-version }}-${{ matrix.database }}
check:
name: Status Check - Keycloak CI
if: always()
needs:
- conditional
- build
- unit-tests
- base-integration-tests
- adapter-integration-tests
- quarkus-unit-tests
- quarkus-integration-tests
- jdk-integration-tests
- store-integration-tests
- persistent-sessions-tests
- store-model-tests
- clustering-integration-tests
- fips-unit-tests
- fips-integration-tests
- forms-integration-tests
- webauthn-integration-tests
- sssd-unit-tests
- migration-tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/status-check
with:
jobs: ${{ toJSON(needs) }}