feature: password age in days policy #32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Keycloak CI | |
on: | |
push: | |
branches-ignore: | |
- main | |
- dependabot/** | |
pull_request: | |
workflow_dispatch: | |
env: | |
MAVEN_ARGS: "-B -nsu -Daether.connector.http.connectionMaxTtl=25" | |
SUREFIRE_RERUN_FAILING_COUNT: 2 | |
SUREFIRE_RETRY: "-Dsurefire.rerunFailingTestsCount=2" | |
concurrency: | |
# Only cancel jobs for PR updates | |
group: ci-${{ github.ref }} | |
cancel-in-progress: true | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
conditional: | |
name: Check conditional workflows and jobs | |
runs-on: ubuntu-latest | |
outputs: | |
ci: ${{ steps.conditional.outputs.ci }} | |
ci-quarkus: ${{ steps.conditional.outputs.ci-quarkus }} | |
ci-store: ${{ steps.conditional.outputs.ci-store }} | |
ci-sssd: ${{ steps.conditional.outputs.ci-sssd }} | |
ci-webauthn: ${{ steps.conditional.outputs.ci-webauthn }} | |
ci-store-matrix: ${{ steps.conditional-stores.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v4 | |
- id: conditional | |
uses: ./.github/actions/conditional | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- id: conditional-stores | |
run: | | |
STORES="postgres, mysql, oracle, mssql, mariadb" | |
if [[ $GITHUB_EVENT_NAME != "pull_request" && -n "${{ secrets.AWS_SECRET_ACCESS_KEY }}" ]]; then | |
STORES+=", aurora-postgres" | |
fi | |
echo "matrix=$(echo $STORES | jq -Rc 'split(", ")')" >> $GITHUB_OUTPUT | |
build: | |
name: Build | |
if: needs.conditional.outputs.ci == 'true' | |
runs-on: ubuntu-latest | |
needs: conditional | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build Keycloak | |
uses: ./.github/actions/build-keycloak | |
unit-tests: | |
name: Base UT | |
runs-on: ubuntu-latest | |
needs: build | |
timeout-minutes: 30 | |
steps: | |
- uses: actions/checkout@v4 | |
- id: unit-test-setup | |
name: Unit test setup | |
uses: ./.github/actions/unit-test-setup | |
- name: Run unit tests | |
run: | | |
SEP="" | |
PROJECTS="" | |
for i in `find -name '*Test.java' -type f | egrep -v './(testsuite|quarkus|docs|test-poc)/' | sed 's|/src/test/java/.*||' | sort | uniq | sed 's|./||'`; do | |
PROJECTS="$PROJECTS$SEP$i" | |
SEP="," | |
done | |
./mvnw test -pl "$PROJECTS" -am | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: unit-tests | |
base-integration-tests: | |
name: Base IT | |
needs: build | |
runs-on: ubuntu-latest | |
timeout-minutes: 100 | |
strategy: | |
matrix: | |
group: [1, 2, 3, 4, 5, 6] | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Run base tests | |
run: | | |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh ${{ matrix.group }}` | |
echo "Tests: $TESTS" | |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: Base IT | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: base-integration-tests-${{ matrix.group }} | |
adapter-integration-tests: | |
name: Adapter IT | |
needs: build | |
runs-on: ubuntu-latest | |
timeout-minutes: 100 | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Build adapter distributions | |
run: ./mvnw install -DskipTests -f distribution/pom.xml | |
- name: Build app servers | |
run: ./mvnw install -DskipTests -Pbuild-app-servers -f testsuite/integration-arquillian/servers/app-server/pom.xml | |
- name: Run adapter tests | |
run: | | |
TESTS="org.keycloak.testsuite.adapter.**" | |
echo "Tests: $TESTS" | |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Papp-server-wildfly -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: Base IT | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: adapter-integration-tests | |
quarkus-unit-tests: | |
name: Quarkus UT | |
needs: [build, conditional] | |
if: needs.conditional.outputs.ci-quarkus == 'true' | |
timeout-minutes: 15 | |
strategy: | |
matrix: | |
os: [ ubuntu-latest, windows-latest ] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
# We want to download Keycloak artifacts | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Run unit tests | |
run: | | |
./mvnw test -f quarkus/pom.xml -pl '!tests,!tests/junit5,!tests/integration,!dist' | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: quarkus-unit-tests | |
quarkus-integration-tests: | |
name: Quarkus IT | |
needs: [build, conditional] | |
timeout-minutes: 115 | |
strategy: | |
matrix: | |
os: [ubuntu-latest] | |
suite: [zip, container, storage, smoke] | |
full-testsuite: | |
- ${{ needs.conditional.outputs.ci-quarkus == 'true' }} | |
# Win runs always as includes are evaluated after excludes | |
include: | |
- os: windows-latest | |
suite: win | |
# Either run smoke tests, or full testsuite | |
exclude: | |
- full-testsuite: false | |
suite: zip | |
- full-testsuite: false | |
suite: container | |
- full-testsuite: false | |
suite: storage | |
- full-testsuite: true | |
suite: smoke | |
fail-fast: false | |
runs-on: ${{ matrix.os }} | |
env: | |
MAVEN_OPTS: -Xmx1024m | |
steps: | |
- uses: actions/checkout@v4 | |
- id: unit-test-setup | |
name: Unit test setup | |
uses: ./.github/actions/unit-test-setup | |
# Not sure why, but needs to re-build otherwise there's some failures starting up | |
# Smoke tests should cover scenarios that could be broken by changes in other modules that quarkus | |
- name: Run Quarkus integration Tests | |
run: | | |
declare -A PARAMS | |
PARAMS["win"]="-Dtest=StartCommandDistTest,StartDevCommandDistTest,BuildAndStartDistTest,ImportAtStartupDistTest" | |
PARAMS["zip"]="" | |
PARAMS["container"]="-Dkc.quarkus.tests.dist=docker" | |
PARAMS["storage"]="-Ptest-database -Dtest=PostgreSQLDistTest,MariaDBDistTest#testSuccessful,MySQLDistTest#testSuccessful,DatabaseOptionsDistTest,JPAStoreDistTest,HotRodStoreDistTest,MixedStoreDistTest,TransactionConfigurationDistTest,ExternalInfinispanTest" | |
PARAMS["smoke"]="-Dtest=ClusterConfigDistTest,CustomJpaEntityProviderDistTest,ExportDistTest,FeaturesDistTest,ImportAtStartupDistTest,ImportDistTest,JaxRsDistTest,TruststoreDistTest" | |
./mvnw install -pl quarkus/tests/integration -am -DskipTests | |
./mvnw test -pl quarkus/tests/integration ${PARAMS["${{ matrix.suite }}"]} 2>&1 | misc/log/trimmer.sh | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: quarkus-integration-tests-${{ matrix.os }}-${{ matrix.server }} | |
jdk-integration-tests: | |
name: Java Distribution IT | |
needs: build | |
timeout-minutes: 100 | |
strategy: | |
matrix: | |
os: [ubuntu-latest, windows-latest] | |
dist: [temurin] | |
version: [17] | |
fail-fast: false | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
with: | |
jdk-dist: ${{ matrix.dist }} | |
jdk-version: ${{ matrix.version }} | |
- name: Prepare Quarkus distribution with current JDK | |
run: ./mvnw install -e -pl testsuite/integration-arquillian/servers/auth-server/quarkus | |
- name: Run base tests | |
run: | | |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh jdk` | |
echo "Tests: $TESTS" | |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh | |
- name: Build with JDK | |
run: | |
./mvnw install -e -DskipTests -DskipExamples | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: Java Distribution IT | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: jdk-integration-tests-${{ matrix.os }}-${{ matrix.dist }}-${{ matrix.version }} | |
persistent-sessions-tests: | |
name: Persistent Sessions IT | |
needs: [build, conditional] | |
if: needs.conditional.outputs.ci-store == 'true' | |
runs-on: ubuntu-latest | |
timeout-minutes: 150 | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Run base tests without cache | |
run: | | |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh persistent-sessions` | |
echo "Tests: $TESTS" | |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dauth.server.feature="persistent-user-sessions" -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: Store IT | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: store-integration-tests-${{ matrix.db }} | |
- name: EC2 Maven Logs | |
if: failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: store-it-mvn-logs | |
path: .github/scripts/ansible/files | |
external-infinispan-tests: | |
name: External Infinispan IT | |
needs: [ build, conditional ] | |
if: needs.conditional.outputs.ci-store == 'true' | |
runs-on: ubuntu-latest | |
timeout-minutes: 150 | |
strategy: | |
matrix: | |
variant: [ "remote-cache,multi-site" ] | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Run base tests without cache | |
run: | | |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh remote-cache` | |
echo "Tests: $TESTS" | |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Pinfinispan-server -Dauth.server.feature=${{ matrix.variant }} -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: Remote Infinispan IT | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: remote-infinispan-integration-tests | |
store-integration-tests: | |
name: Store IT | |
needs: [build, conditional] | |
if: needs.conditional.outputs.ci-store == 'true' | |
runs-on: ubuntu-latest | |
timeout-minutes: 150 | |
strategy: | |
matrix: | |
db: ${{ fromJson(needs.conditional.outputs.ci-store-matrix) }} | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- id: aurora-init | |
name: Initialize Aurora environment | |
if: ${{ matrix.db == 'aurora-postgres' }} | |
run: | | |
AWS_REGION=us-east-1 | |
echo "Region: ${AWS_REGION}" | |
aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws configure set region ${AWS_REGION} | |
PASS=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 13; echo) | |
echo "::add-mask::${PASS}" | |
echo "name=gh-action-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
echo "password=${PASS}" >> $GITHUB_OUTPUT | |
echo "region=${AWS_REGION}" >> $GITHUB_OUTPUT | |
- id: aurora-create | |
name: Create Aurora DB | |
if: ${{ matrix.db == 'aurora-postgres' }} | |
uses: ./.github/actions/aurora-create-database | |
with: | |
name: ${{ steps.aurora-init.outputs.name }} | |
password: ${{ steps.aurora-init.outputs.password }} | |
region: ${{ steps.aurora-init.outputs.region }} | |
- id: integration-test-setup | |
name: Integration test setup | |
if: ${{ matrix.db != 'aurora-postgres' }} | |
uses: ./.github/actions/integration-test-setup | |
- name: Run Aurora tests on EC2 | |
id: aurora-tests | |
if: ${{ matrix.db == 'aurora-postgres' }} | |
run: | | |
PROPS="-Dauth.server.db.host=${{ steps.aurora-create.outputs.endpoint }}" | |
PROPS+=" -Dkeycloak.connectionsJpa.password=${{ steps.aurora-init.outputs.password }}" | |
REGION=${{ steps.aurora-init.outputs.region }} | |
curl --fail-with-body https://truststore.pki.rds.amazonaws.com/${REGION}/${REGION}-bundle.pem -o aws.pem | |
PROPS+=" -Dkeycloak.connectionsJpa.jdbcParameters=\"?ssl=true&sslmode=verify-ca&sslrootcert=/opt/keycloak/aws.pem\"" | |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh database` | |
echo "Tests: $TESTS" | |
git archive --format=zip --output /tmp/keycloak.zip $GITHUB_REF | |
zip -u /tmp/keycloak.zip aws.pem | |
cd .github/scripts/ansible | |
export CLUSTER_NAME=keycloak_$(git rev-parse --short HEAD) | |
echo "ec2_cluster=${CLUSTER_NAME}" >> $GITHUB_OUTPUT | |
./aws_ec2.sh requirements | |
./aws_ec2.sh create ${REGION} | |
./keycloak_ec2_installer.sh ${REGION} /tmp/keycloak.zip | |
./mvn_ec2_runner.sh ${REGION} "clean install -B -DskipTests -Pdistribution" | |
./mvn_ec2_runner.sh ${REGION} "clean install -B -DskipTests -pl testsuite/integration-arquillian/servers/auth-server/quarkus -Pauth-server-quarkus -Pdb-aurora-postgres -Dmaven.build.cache.enabled=true" | |
./mvn_ec2_runner.sh ${REGION} "test -B ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Pdb-${{ matrix.db }} $PROPS -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh" | |
# Copy returned surefire-report directories to workspace root to ensure they're discovered | |
results=(files/keycloak/results/*) | |
rsync -a $results/* ../../../ | |
rm -rf $results | |
- name: Run base tests | |
if: ${{ matrix.db != 'aurora-postgres' }} | |
run: | | |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh database` | |
echo "Tests: $TESTS" | |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Pdb-${{ matrix.db }} -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: Store IT | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: store-integration-tests-${{ matrix.db }} | |
- name: EC2 Maven Logs | |
if: failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: store-it-mvn-logs | |
path: .github/scripts/ansible/files | |
- name: Delete Aurora EC2 Instance | |
if: ${{ always() && matrix.db == 'aurora-postgres' }} | |
working-directory: .github/scripts/ansible | |
run: | | |
export CLUSTER_NAME=${{ steps.aurora-tests.outputs.ec2_cluster }} | |
./aws_ec2.sh delete ${{ steps.aurora-init.outputs.region }} | |
- name: Delete Aurora DB | |
if: ${{ always() && matrix.db == 'aurora-postgres' }} | |
run: | | |
gh workflow run aurora-delete.yml \ | |
-f name=${{ steps.aurora-init.outputs.name }} \ | |
-f region=${{ steps.aurora-init.outputs.region }} \ | |
--repo ${{ github.repository }} \ | |
--ref ${{ github.ref_name }} | |
env: | |
GH_TOKEN: ${{ github.token }} | |
store-model-tests: | |
name: Store Model Tests | |
runs-on: ubuntu-latest | |
needs: [build, conditional] | |
if: needs.conditional.outputs.ci-store == 'true' | |
timeout-minutes: 75 | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Run model tests | |
run: testsuite/model/test-all-profiles.sh ${{ env.SUREFIRE_RETRY }} | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: Store Model Tests | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: store-model-tests | |
clustering-integration-tests: | |
name: Clustering IT | |
needs: build | |
runs-on: ubuntu-latest | |
timeout-minutes: 35 | |
env: | |
MAVEN_OPTS: -Xmx1024m | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Run cluster tests | |
run: | | |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-cluster-quarkus,db-postgres -Dsession.cache.owners=2 -Dtest=**.cluster.** -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: Clustering IT | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: clustering-integration-tests | |
fips-unit-tests: | |
name: FIPS UT | |
runs-on: ubuntu-latest | |
needs: build | |
timeout-minutes: 20 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Fake fips | |
run: | | |
cd .github/fake_fips | |
make | |
sudo insmod fake_fips.ko | |
- id: unit-test-setup | |
name: Unit test setup | |
uses: ./.github/actions/unit-test-setup | |
- name: Run crypto tests | |
run: docker run --rm --workdir /github/workspace -v "${{ github.workspace }}":"/github/workspace" -v "$HOME/.m2":"/root/.m2" registry.access.redhat.com/ubi8/ubi:latest .github/scripts/run-fips-ut.sh | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: fips-unit-tests | |
fips-integration-tests: | |
name: FIPS IT | |
needs: build | |
runs-on: ubuntu-latest | |
timeout-minutes: 45 | |
strategy: | |
matrix: | |
mode: [non-strict, strict] | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Fake fips | |
run: | | |
cd .github/fake_fips | |
make | |
sudo insmod fake_fips.ko | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
with: | |
jdk-version: 21 | |
- name: Build adapter distributions | |
run: ./mvnw install -DskipTests -f distribution/pom.xml | |
- name: Build app servers | |
run: ./mvnw install -DskipTests -Pbuild-app-servers -f testsuite/integration-arquillian/servers/app-server/pom.xml | |
- name: Prepare Quarkus distribution with BCFIPS | |
run: ./mvnw install -e -pl testsuite/integration-arquillian/servers/auth-server/quarkus -Pauth-server-quarkus,auth-server-fips140-2 | |
- name: Run base tests | |
run: docker run --rm --workdir /github/workspace -e "SUREFIRE_RERUN_FAILING_COUNT" -v "${{ github.workspace }}":"/github/workspace" -v "$HOME/.m2":"/root/.m2" registry.access.redhat.com/ubi8/ubi:latest .github/scripts/run-fips-it.sh ${{ matrix.mode }} | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: FIPS IT | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: fips-integration-tests-${{ matrix.mode }} | |
forms-integration-tests: | |
name: Forms IT | |
runs-on: ubuntu-latest | |
needs: build | |
timeout-minutes: 75 | |
strategy: | |
matrix: | |
browser: [chrome, firefox] | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Run Forms IT | |
run: | | |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh forms` | |
echo "Tests: $TESTS" | |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -Dbrowser=${{ matrix.browser }} -f testsuite/integration-arquillian/tests/base/pom.xml 2>&1 | misc/log/trimmer.sh | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: Forms IT | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: forms-integration-tests-${{ matrix.browser }} | |
webauthn-integration-tests: | |
name: WebAuthn IT | |
if: needs.conditional.outputs.ci-webauthn == 'true' | |
runs-on: ubuntu-latest | |
needs: build | |
timeout-minutes: 45 | |
strategy: | |
matrix: | |
browser: | |
- chrome | |
- firefox | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Run WebAuthn IT | |
run: | | |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh webauthn` | |
echo "Tests: $TESTS" | |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -Dbrowser=${{ matrix.browser }} -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: WebAuthn IT | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: webauthn-integration-tests-${{ matrix.browser }} | |
sssd-unit-tests: | |
name: SSSD | |
runs-on: ubuntu-latest | |
if: needs.conditional.outputs.ci-sssd == 'true' | |
needs: | |
- conditional | |
- build | |
timeout-minutes: 30 | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- id: weekly-cache-key | |
name: Key for weekly rotation of cache | |
shell: bash | |
run: echo "key=ipa-data-`date -u "+%Y-%U"`" >> $GITHUB_OUTPUT | |
- id: cache-maven-repository | |
name: ipa-data cache | |
uses: actions/cache@v4 | |
with: | |
path: ~/ipa-data.tar | |
key: ${{ steps.weekly-cache-key.outputs.key }} | |
- name: Run tests | |
run: .github/scripts/run-ipa.sh "${{ github.workspace }}" | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: sssd-unit-tests | |
migration-tests: | |
name: Migration Tests | |
runs-on: ubuntu-latest | |
needs: build | |
timeout-minutes: 45 | |
strategy: | |
matrix: | |
old-version: [24.0.4] | |
database: [postgres, mysql, oracle, mssql, mariadb] | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- id: integration-test-setup | |
name: Integration test setup | |
uses: ./.github/actions/integration-test-setup | |
- name: Run Migration Tests | |
run: | | |
./mvnw clean install ${{ env.SUREFIRE_RETRY }} \ | |
-Pauth-server-quarkus -Pdb-${{ matrix.database }} -Pauth-server-migration \ | |
-Dtest=MigrationTest \ | |
-Dmigration.mode=auto \ | |
-Dmigrated.auth.server.version=${{ matrix.old-version }} \ | |
-Dmigration.import.file.name=migration-realm-${{ matrix.old-version }}.json \ | |
-Dauth.server.ssl.required=false \ | |
-Dauth.server.db.host=localhost \ | |
-f testsuite/integration-arquillian/pom.xml 2>&1 | misc/log/trimmer.sh | |
- name: Upload JVM Heapdumps | |
if: always() | |
uses: ./.github/actions/upload-heapdumps | |
- uses: ./.github/actions/upload-flaky-tests | |
name: Upload flaky tests | |
env: | |
GH_TOKEN: ${{ github.token }} | |
with: | |
job-name: Migration Tests | |
- name: Surefire reports | |
if: always() | |
uses: ./.github/actions/archive-surefire-reports | |
with: | |
job-id: migration-tests-${{ matrix.old-version }}-${{ matrix.database }} | |
check: | |
name: Status Check - Keycloak CI | |
if: always() | |
needs: | |
- conditional | |
- build | |
- unit-tests | |
- base-integration-tests | |
- adapter-integration-tests | |
- quarkus-unit-tests | |
- quarkus-integration-tests | |
- jdk-integration-tests | |
- store-integration-tests | |
- persistent-sessions-tests | |
- store-model-tests | |
- clustering-integration-tests | |
- fips-unit-tests | |
- fips-integration-tests | |
- forms-integration-tests | |
- webauthn-integration-tests | |
- sssd-unit-tests | |
- migration-tests | |
- external-infinispan-tests | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/status-check | |
with: | |
jobs: ${{ toJSON(needs) }} |