c580c88c93
Adding two feature toggles for new code paths to store online sessions in the existing offline sessions table. Separate the code which is due to be changed in the next iteration in new classes/providers which used instead of the old one. Closes #27976 Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>
831 lines
27 KiB
YAML
831 lines
27 KiB
YAML
name: Keycloak CI
|
|
|
|
on:
|
|
push:
|
|
branches-ignore:
|
|
- main
|
|
- dependabot/**
|
|
pull_request:
|
|
workflow_dispatch:
|
|
|
|
env:
|
|
MAVEN_ARGS: "-B -nsu -Daether.connector.http.connectionMaxTtl=25"
|
|
SUREFIRE_RERUN_FAILING_COUNT: 2
|
|
SUREFIRE_RETRY: "-Dsurefire.rerunFailingTestsCount=2"
|
|
|
|
concurrency:
|
|
# Only cancel jobs for PR updates
|
|
group: ci-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
|
|
jobs:
|
|
|
|
conditional:
|
|
name: Check conditional workflows and jobs
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
ci: ${{ steps.conditional.outputs.ci }}
|
|
ci-store: ${{ steps.conditional.outputs.ci-store }}
|
|
ci-sssd: ${{ steps.conditional.outputs.ci-sssd }}
|
|
ci-store-matrix: ${{ steps.conditional-stores.outputs.matrix }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: conditional
|
|
uses: ./.github/actions/conditional
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- id: conditional-stores
|
|
run: |
|
|
STORES="postgres, mysql, oracle, mssql, mariadb"
|
|
if [[ $GITHUB_EVENT_NAME != "pull_request" && -n "${{ secrets.AWS_SECRET_ACCESS_KEY }}" ]]; then
|
|
STORES+=", aurora-postgres"
|
|
fi
|
|
echo "matrix=$(echo $STORES | jq -Rc 'split(", ")')" >> $GITHUB_OUTPUT
|
|
|
|
build:
|
|
name: Build
|
|
if: needs.conditional.outputs.ci == 'true'
|
|
runs-on: ubuntu-latest
|
|
needs: conditional
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Build Keycloak
|
|
uses: ./.github/actions/build-keycloak
|
|
|
|
unit-tests:
|
|
name: Base UT
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
timeout-minutes: 30
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: unit-test-setup
|
|
name: Unit test setup
|
|
uses: ./.github/actions/unit-test-setup
|
|
|
|
- name: Run unit tests
|
|
run: |
|
|
SEP=""
|
|
PROJECTS=""
|
|
for i in `find -name '*Test.java' -type f | egrep -v './(testsuite|quarkus|docs)/' | sed 's|/src/test/java/.*||' | sort | uniq | sed 's|./||'`; do
|
|
PROJECTS="$PROJECTS$SEP$i"
|
|
SEP=","
|
|
done
|
|
|
|
./mvnw test -pl "$PROJECTS" -am
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: unit-tests
|
|
|
|
base-integration-tests:
|
|
name: Base IT
|
|
needs: build
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 100
|
|
strategy:
|
|
matrix:
|
|
group: [1, 2, 3, 4, 5, 6]
|
|
fail-fast: false
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- name: Run base tests
|
|
run: |
|
|
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh ${{ matrix.group }}`
|
|
echo "Tests: $TESTS"
|
|
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: Base IT
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: base-integration-tests-${{ matrix.group }}
|
|
|
|
adapter-integration-tests:
|
|
name: Adapter IT
|
|
needs: build
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 100
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- name: Build adapter distributions
|
|
run: ./mvnw install -DskipTests -f distribution/pom.xml
|
|
|
|
- name: Build app servers
|
|
run: ./mvnw install -DskipTests -Pbuild-app-servers -f testsuite/integration-arquillian/servers/app-server/pom.xml
|
|
|
|
- name: Run adapter tests
|
|
run: |
|
|
TESTS="org.keycloak.testsuite.adapter.**"
|
|
echo "Tests: $TESTS"
|
|
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Papp-server-wildfly "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: Base IT
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: adapter-integration-tests
|
|
|
|
quarkus-unit-tests:
|
|
name: Quarkus UT
|
|
needs: build
|
|
timeout-minutes: 15
|
|
strategy:
|
|
matrix:
|
|
os: [ ubuntu-latest, windows-latest ]
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
# We want to download Keycloak artifacts
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- name: Run unit tests
|
|
run: |
|
|
./mvnw test -f quarkus/pom.xml -pl '!tests,!tests/junit5,!tests/integration,!dist'
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: quarkus-unit-tests
|
|
|
|
quarkus-integration-tests:
|
|
name: Quarkus IT
|
|
needs: build
|
|
timeout-minutes: 115
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-latest, windows-latest]
|
|
server: [sanity-check-zip, zip, container, storage]
|
|
exclude:
|
|
- os: windows-latest
|
|
server: zip
|
|
- os: windows-latest
|
|
server: container
|
|
- os: windows-latest
|
|
server: storage
|
|
- os: ubuntu-latest
|
|
server: sanity-check-zip
|
|
fail-fast: false
|
|
runs-on: ${{ matrix.os }}
|
|
env:
|
|
MAVEN_OPTS: -Xmx1024m
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: unit-test-setup
|
|
name: Unit test setup
|
|
uses: ./.github/actions/unit-test-setup
|
|
|
|
# Not sure why, but needs to re-build otherwise there's some failures starting up
|
|
- name: Run Quarkus integration Tests
|
|
run: |
|
|
declare -A PARAMS
|
|
PARAMS["sanity-check-zip"]="-Dtest=StartCommandDistTest,StartDevCommandDistTest,BuildAndStartDistTest,ImportAtStartupDistTest"
|
|
PARAMS["zip"]=""
|
|
PARAMS["container"]="-Dkc.quarkus.tests.dist=docker"
|
|
PARAMS["storage"]="-Ptest-database -Dtest=PostgreSQLDistTest,MariaDBDistTest#testSuccessful,MySQLDistTest#testSuccessful,DatabaseOptionsDistTest,JPAStoreDistTest,HotRodStoreDistTest,MixedStoreDistTest,TransactionConfigurationDistTest,ExternalInfinispanTest"
|
|
|
|
./mvnw install -pl quarkus/tests/integration -am -DskipTests
|
|
./mvnw test -pl quarkus/tests/integration ${PARAMS["${{ matrix.server }}"]} 2>&1 | misc/log/trimmer.sh
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: quarkus-integration-tests-${{ matrix.os }}-${{ matrix.server }}
|
|
|
|
jdk-integration-tests:
|
|
name: Java Distribution IT
|
|
needs: build
|
|
timeout-minutes: 100
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-latest, windows-latest]
|
|
dist: [temurin]
|
|
version: [19]
|
|
fail-fast: false
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
with:
|
|
jdk-dist: ${{ matrix.dist }}
|
|
jdk-version: ${{ matrix.version }}
|
|
|
|
- name: Prepare Quarkus distribution with current JDK
|
|
run: ./mvnw install -e -pl testsuite/integration-arquillian/servers/auth-server/quarkus
|
|
|
|
- name: Run base tests
|
|
run: |
|
|
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh jdk`
|
|
echo "Tests: $TESTS"
|
|
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
|
|
|
|
- name: Build with JDK
|
|
run:
|
|
./mvnw install -e -DskipTests -DskipExamples
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: Java Distribution IT
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: jdk-integration-tests-${{ matrix.os }}-${{ matrix.dist }}-${{ matrix.version }}
|
|
|
|
persistent-sessions-tests:
|
|
name: Persistent Sessions IT
|
|
needs: [build, conditional]
|
|
if: needs.conditional.outputs.ci-store == 'true'
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 150
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- name: Run base tests
|
|
run: |
|
|
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh persistent-sessions`
|
|
echo "Tests: $TESTS"
|
|
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dauth.server.features=persistent-user-sessions,persistent-user-sessions-no-cache -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: Store IT
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: store-integration-tests-${{ matrix.db }}
|
|
|
|
- name: EC2 Maven Logs
|
|
if: failure()
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: store-it-mvn-logs
|
|
path: .github/scripts/ansible/files
|
|
|
|
- name: Delete Aurora EC2 Instance
|
|
if: ${{ always() && matrix.db == 'aurora-postgres' }}
|
|
working-directory: .github/scripts/ansible
|
|
run: |
|
|
export CLUSTER_NAME=${{ steps.aurora-tests.outputs.ec2_cluster }}
|
|
./aws_ec2.sh delete ${{ steps.aurora-init.outputs.region }}
|
|
|
|
- name: Delete Aurora DB
|
|
if: ${{ always() && matrix.db == 'aurora-postgres' }}
|
|
uses: ./.github/actions/aurora-delete-database
|
|
with:
|
|
name: ${{ steps.aurora-init.outputs.name }}
|
|
region: ${{ steps.aurora-init.outputs.region }}
|
|
|
|
store-integration-tests:
|
|
name: Store IT
|
|
needs: [build, conditional]
|
|
if: needs.conditional.outputs.ci-store == 'true'
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 150
|
|
strategy:
|
|
matrix:
|
|
db: ${{ fromJson(needs.conditional.outputs.ci-store-matrix) }}
|
|
fail-fast: false
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: aurora-init
|
|
name: Initialize Aurora environment
|
|
if: ${{ matrix.db == 'aurora-postgres' }}
|
|
run: |
|
|
AWS_REGION=us-east-1
|
|
echo "Region: ${AWS_REGION}"
|
|
|
|
aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
aws configure set region ${AWS_REGION}
|
|
PASS=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 13; echo)
|
|
echo "::add-mask::${PASS}"
|
|
|
|
echo "name=gh-action-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
|
|
echo "password=${PASS}" >> $GITHUB_OUTPUT
|
|
echo "region=${AWS_REGION}" >> $GITHUB_OUTPUT
|
|
|
|
- id: aurora-create
|
|
name: Create Aurora DB
|
|
if: ${{ matrix.db == 'aurora-postgres' }}
|
|
uses: ./.github/actions/aurora-create-database
|
|
with:
|
|
name: ${{ steps.aurora-init.outputs.name }}
|
|
password: ${{ steps.aurora-init.outputs.password }}
|
|
region: ${{ steps.aurora-init.outputs.region }}
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
if: ${{ matrix.db != 'aurora-postgres' }}
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- name: Run Aurora tests on EC2
|
|
id: aurora-tests
|
|
if: ${{ matrix.db == 'aurora-postgres' }}
|
|
run: |
|
|
PROPS="-Dauth.server.db.host=${{ steps.aurora-create.outputs.endpoint }}"
|
|
PROPS+=" -Dkeycloak.connectionsJpa.password=${{ steps.aurora-init.outputs.password }}"
|
|
|
|
REGION=${{ steps.aurora-init.outputs.region }}
|
|
|
|
curl --fail-with-body https://truststore.pki.rds.amazonaws.com/${REGION}/${REGION}-bundle.pem -o aws.pem
|
|
PROPS+=" -Dkeycloak.connectionsJpa.jdbcParameters=\"?ssl=true&sslmode=verify-ca&sslrootcert=/opt/keycloak/aws.pem\""
|
|
|
|
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh database`
|
|
echo "Tests: $TESTS"
|
|
|
|
git archive --format=zip --output /tmp/keycloak.zip $GITHUB_REF
|
|
zip -u /tmp/keycloak.zip aws.pem
|
|
|
|
cd .github/scripts/ansible
|
|
export CLUSTER_NAME=keycloak_$(git rev-parse --short HEAD)
|
|
echo "ec2_cluster=${CLUSTER_NAME}" >> $GITHUB_OUTPUT
|
|
./aws_ec2.sh requirements
|
|
./aws_ec2.sh create ${REGION}
|
|
./keycloak_ec2_installer.sh ${REGION} /tmp/keycloak.zip
|
|
./mvn_ec2_runner.sh ${REGION} "clean install -B -DskipTests -Pdistribution"
|
|
./mvn_ec2_runner.sh ${REGION} "clean install -B -DskipTests -pl testsuite/integration-arquillian/servers/auth-server/quarkus -Pauth-server-quarkus -Pdb-aurora-postgres -Dmaven.build.cache.enabled=true"
|
|
./mvn_ec2_runner.sh ${REGION} "test -B ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Pdb-${{ matrix.db }} $PROPS -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh"
|
|
|
|
# Copy returned surefire-report directories to workspace root to ensure they're discovered
|
|
results=(files/keycloak/results/*)
|
|
rsync -a $results/* ../../../
|
|
rm -rf $results
|
|
|
|
- name: Run base tests
|
|
if: ${{ matrix.db != 'aurora-postgres' }}
|
|
run: |
|
|
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh database`
|
|
echo "Tests: $TESTS"
|
|
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Pdb-${{ matrix.db }} -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: Store IT
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: store-integration-tests-${{ matrix.db }}
|
|
|
|
- name: EC2 Maven Logs
|
|
if: failure()
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: store-it-mvn-logs
|
|
path: .github/scripts/ansible/files
|
|
|
|
- name: Delete Aurora EC2 Instance
|
|
if: ${{ always() && matrix.db == 'aurora-postgres' }}
|
|
working-directory: .github/scripts/ansible
|
|
run: |
|
|
export CLUSTER_NAME=${{ steps.aurora-tests.outputs.ec2_cluster }}
|
|
./aws_ec2.sh delete ${{ steps.aurora-init.outputs.region }}
|
|
|
|
- name: Delete Aurora DB
|
|
if: ${{ always() && matrix.db == 'aurora-postgres' }}
|
|
uses: ./.github/actions/aurora-delete-database
|
|
with:
|
|
name: ${{ steps.aurora-init.outputs.name }}
|
|
region: ${{ steps.aurora-init.outputs.region }}
|
|
|
|
store-model-tests:
|
|
name: Store Model Tests
|
|
runs-on: ubuntu-latest
|
|
needs: [build, conditional]
|
|
if: needs.conditional.outputs.ci-store == 'true'
|
|
timeout-minutes: 75
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- name: Run model tests
|
|
run: testsuite/model/test-all-profiles.sh ${{ env.SUREFIRE_RETRY }}
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: Store Model Tests
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: store-model-tests
|
|
|
|
clustering-integration-tests:
|
|
name: Clustering IT
|
|
needs: build
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 35
|
|
env:
|
|
MAVEN_OPTS: -Xmx1024m
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- name: Run cluster tests
|
|
run: |
|
|
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-cluster-quarkus -Dsession.cache.owners=2 -Dtest=**.cluster.** -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: Clustering IT
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: clustering-integration-tests
|
|
|
|
fips-unit-tests:
|
|
name: FIPS UT
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
timeout-minutes: 20
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Fake fips
|
|
run: |
|
|
cd .github/fake_fips
|
|
make
|
|
sudo insmod fake_fips.ko
|
|
|
|
- id: unit-test-setup
|
|
name: Unit test setup
|
|
uses: ./.github/actions/unit-test-setup
|
|
|
|
- name: Run crypto tests
|
|
run: docker run --rm --workdir /github/workspace -v "${{ github.workspace }}":"/github/workspace" -v "$HOME/.m2":"/root/.m2" registry.access.redhat.com/ubi8/ubi:latest .github/scripts/run-fips-ut.sh
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: fips-unit-tests
|
|
|
|
fips-integration-tests:
|
|
name: FIPS IT
|
|
needs: build
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 45
|
|
strategy:
|
|
matrix:
|
|
mode: [non-strict, strict]
|
|
fail-fast: false
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Fake fips
|
|
run: |
|
|
cd .github/fake_fips
|
|
make
|
|
sudo insmod fake_fips.ko
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
with:
|
|
jdk-version: 17
|
|
|
|
- name: Build adapter distributions
|
|
run: ./mvnw install -DskipTests -f distribution/pom.xml
|
|
|
|
- name: Build app servers
|
|
run: ./mvnw install -DskipTests -Pbuild-app-servers -f testsuite/integration-arquillian/servers/app-server/pom.xml
|
|
|
|
|
|
- name: Prepare Quarkus distribution with BCFIPS
|
|
run: ./mvnw install -e -pl testsuite/integration-arquillian/servers/auth-server/quarkus -Pauth-server-quarkus,auth-server-fips140-2
|
|
|
|
- name: Run base tests
|
|
run: docker run --rm --workdir /github/workspace -e "SUREFIRE_RERUN_FAILING_COUNT" -v "${{ github.workspace }}":"/github/workspace" -v "$HOME/.m2":"/root/.m2" registry.access.redhat.com/ubi8/ubi:latest .github/scripts/run-fips-it.sh ${{ matrix.mode }}
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: FIPS IT
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: fips-integration-tests-${{ matrix.mode }}
|
|
|
|
forms-integration-tests:
|
|
name: Forms IT
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
timeout-minutes: 75
|
|
strategy:
|
|
matrix:
|
|
browser: [chrome, firefox]
|
|
fail-fast: false
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- name: Run Forms IT
|
|
run: |
|
|
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh forms`
|
|
echo "Tests: $TESTS"
|
|
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -Dbrowser=${{ matrix.browser }} "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" "-Dwebdriver.gecko.driver=$GECKOWEBDRIVER/geckodriver" -f testsuite/integration-arquillian/tests/base/pom.xml 2>&1 | misc/log/trimmer.sh
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: Forms IT
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: forms-integration-tests-${{ matrix.browser }}
|
|
|
|
webauthn-integration-tests:
|
|
name: WebAuthn IT
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
timeout-minutes: 45
|
|
strategy:
|
|
matrix:
|
|
browser:
|
|
- chrome
|
|
# - firefox disabled until https://github.com/keycloak/keycloak/issues/20777 is resolved
|
|
fail-fast: false
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
# Don't use Chrome for testing (just regular Chrome) until https://github.com/keycloak/keycloak/issues/22214 is resolved
|
|
#- id: install-chrome
|
|
# name: Install Chrome browser
|
|
# uses: ./.github/actions/install-chrome
|
|
# if: matrix.browser == 'chrome'
|
|
|
|
- name: Run WebAuthn IT
|
|
run: ./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=org.keycloak.testsuite.webauthn.**.*Test -Dbrowser=${{ matrix.browser }} "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" "-Dwebdriver.gecko.driver=$GECKOWEBDRIVER/geckodriver" -Pwebauthn -f testsuite/integration-arquillian/tests/other/pom.xml 2>&1 | misc/log/trimmer.sh
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: WebAuthn IT
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: webauthn-integration-tests-${{ matrix.browser }}
|
|
|
|
sssd-unit-tests:
|
|
name: SSSD
|
|
runs-on: ubuntu-latest
|
|
if: needs.conditional.outputs.ci-sssd == 'true'
|
|
needs:
|
|
- conditional
|
|
- build
|
|
timeout-minutes: 30
|
|
steps:
|
|
- name: checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- id: weekly-cache-key
|
|
name: Key for weekly rotation of cache
|
|
shell: bash
|
|
run: echo "key=ipa-data-`date -u "+%Y-%U"`" >> $GITHUB_OUTPUT
|
|
|
|
- id: cache-maven-repository
|
|
name: ipa-data cache
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: ~/ipa-data.tar
|
|
key: ${{ steps.weekly-cache-key.outputs.key }}
|
|
|
|
- name: Run tests
|
|
run: .github/scripts/run-ipa.sh "${{ github.workspace }}"
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: sssd-unit-tests
|
|
|
|
migration-tests:
|
|
name: Migration Tests
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
timeout-minutes: 45
|
|
strategy:
|
|
matrix:
|
|
old-version: [19.0.3]
|
|
database: [postgres, mysql, oracle, mssql, mariadb]
|
|
fail-fast: false
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- id: integration-test-setup
|
|
name: Integration test setup
|
|
uses: ./.github/actions/integration-test-setup
|
|
|
|
- name: Run Migration Tests
|
|
run: |
|
|
./mvnw clean install ${{ env.SUREFIRE_RETRY }} \
|
|
-Pauth-server-quarkus -Pdb-${{ matrix.database }} -Pauth-server-migration \
|
|
-Dtest=MigrationTest \
|
|
-Dmigration.mode=auto \
|
|
-Dmigrated.auth.server.version=${{ matrix.old-version }} \
|
|
-Dmigration.import.file.name=migration-realm-${{ matrix.old-version }}.json \
|
|
-Dauth.server.ssl.required=false \
|
|
-Dauth.server.db.host=localhost \
|
|
-f testsuite/integration-arquillian/pom.xml 2>&1 | misc/log/trimmer.sh
|
|
|
|
- name: Upload JVM Heapdumps
|
|
if: always()
|
|
uses: ./.github/actions/upload-heapdumps
|
|
|
|
- uses: ./.github/actions/upload-flaky-tests
|
|
name: Upload flaky tests
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
with:
|
|
job-name: Migration Tests
|
|
|
|
- name: Surefire reports
|
|
if: always()
|
|
uses: ./.github/actions/archive-surefire-reports
|
|
with:
|
|
job-id: migration-tests-${{ matrix.old-version }}-${{ matrix.database }}
|
|
|
|
check:
|
|
name: Status Check - Keycloak CI
|
|
if: always()
|
|
needs:
|
|
- conditional
|
|
- build
|
|
- unit-tests
|
|
- base-integration-tests
|
|
- adapter-integration-tests
|
|
- quarkus-unit-tests
|
|
- quarkus-integration-tests
|
|
- jdk-integration-tests
|
|
- store-integration-tests
|
|
- persistent-sessions-tests
|
|
- store-model-tests
|
|
- clustering-integration-tests
|
|
- fips-unit-tests
|
|
- fips-integration-tests
|
|
- forms-integration-tests
|
|
- webauthn-integration-tests
|
|
- sssd-unit-tests
|
|
- migration-tests
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: ./.github/actions/status-check
|
|
with:
|
|
jobs: ${{ toJSON(needs) }}
|