2021-08-30 18:21:15 +00:00
|
|
|
name: authentik-ci-main
|
|
|
|
|
|
|
|
|
|
on:
|
|
|
|
|
push:
|
2021-09-03 08:53:39 +00:00
|
|
|
branches:
|
2022-06-03 17:40:09 +00:00
|
|
|
- main
|
2021-09-03 08:53:39 +00:00
|
|
|
- next
|
|
|
|
|
- version-*
|
2021-08-30 18:21:15 +00:00
|
|
|
paths-ignore:
|
|
|
|
|
- website
|
2021-09-03 08:53:39 +00:00
|
|
|
pull_request:
|
2021-09-07 08:06:30 +00:00
|
|
|
branches:
|
2022-06-03 17:40:09 +00:00
|
|
|
- main
|
2021-08-30 18:21:15 +00:00
|
|
|
|
|
|
|
|
env:
|
|
|
|
|
POSTGRES_DB: authentik
|
|
|
|
|
POSTGRES_USER: authentik
|
|
|
|
|
POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
|
|
|
|
|
|
|
|
|
|
jobs:
|
2021-11-21 21:47:10 +00:00
|
|
|
lint:
|
|
|
|
|
strategy:
|
2021-11-21 22:44:09 +00:00
|
|
|
fail-fast: false
|
2021-11-21 21:47:10 +00:00
|
|
|
matrix:
|
|
|
|
|
job:
|
|
|
|
|
- pylint
|
|
|
|
|
- black
|
|
|
|
|
- isort
|
|
|
|
|
- bandit
|
|
|
|
|
- pyright
|
2021-12-03 09:05:21 +00:00
|
|
|
- pending-migrations
|
2023-03-23 23:24:55 +00:00
|
|
|
- codespell
|
2021-08-30 18:21:15 +00:00
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
steps:
|
2022-03-02 08:56:53 +00:00
|
|
|
- uses: actions/checkout@v3
|
2022-04-04 12:02:10 +00:00
|
|
|
- name: Setup authentik env
|
|
|
|
|
uses: ./.github/actions/setup
|
2021-12-19 12:44:34 +00:00
|
|
|
- name: run job
|
2021-12-24 22:25:38 +00:00
|
|
|
run: poetry run make ci-${{ matrix.job }}
|
2021-08-30 18:21:15 +00:00
|
|
|
test-migrations:
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
steps:
|
2022-03-02 08:56:53 +00:00
|
|
|
- uses: actions/checkout@v3
|
2022-04-04 12:02:10 +00:00
|
|
|
- name: Setup authentik env
|
|
|
|
|
uses: ./.github/actions/setup
|
2021-08-30 18:21:15 +00:00
|
|
|
- name: run migrations
|
2021-12-24 22:25:38 +00:00
|
|
|
run: poetry run python -m lifecycle.migrate
|
2021-08-30 18:21:15 +00:00
|
|
|
test-migrations-from-stable:
|
|
|
|
|
runs-on: ubuntu-latest
|
2022-11-14 20:52:31 +00:00
|
|
|
continue-on-error: true
|
2021-08-30 18:21:15 +00:00
|
|
|
steps:
|
2022-03-02 08:56:53 +00:00
|
|
|
- uses: actions/checkout@v3
|
2021-09-16 10:31:29 +00:00
|
|
|
with:
|
|
|
|
|
fetch-depth: 0
|
2022-04-04 12:02:10 +00:00
|
|
|
- name: Setup authentik env
|
|
|
|
|
uses: ./.github/actions/setup
|
2021-10-07 18:28:12 +00:00
|
|
|
- name: checkout stable
|
|
|
|
|
run: |
|
|
|
|
|
# Copy current, latest config to local
|
|
|
|
|
cp authentik/lib/default.yml local.env.yml
|
2021-12-08 20:00:58 +00:00
|
|
|
cp -R .github ..
|
|
|
|
|
cp -R scripts ..
|
2023-04-14 11:51:57 +00:00
|
|
|
git checkout $(git describe --tags $(git rev-list --tags --max-count=1))
|
2021-12-08 20:00:58 +00:00
|
|
|
rm -rf .github/ scripts/
|
2022-02-05 17:54:15 +00:00
|
|
|
mv ../.github ../scripts .
|
2022-04-04 12:02:10 +00:00
|
|
|
- name: Setup authentik env (ensure stable deps are installed)
|
|
|
|
|
uses: ./.github/actions/setup
|
2021-08-30 18:21:15 +00:00
|
|
|
- name: run migrations to stable
|
2021-12-24 22:25:38 +00:00
|
|
|
run: poetry run python -m lifecycle.migrate
|
2021-08-30 18:21:15 +00:00
|
|
|
- name: checkout current code
|
|
|
|
|
run: |
|
|
|
|
|
set -x
|
2021-09-08 18:04:56 +00:00
|
|
|
git fetch
|
2021-12-08 20:00:58 +00:00
|
|
|
git reset --hard HEAD
|
2022-04-04 12:02:10 +00:00
|
|
|
git clean -d -fx .
|
2021-12-24 22:25:38 +00:00
|
|
|
git checkout $GITHUB_SHA
|
|
|
|
|
poetry install
|
2022-04-04 12:02:10 +00:00
|
|
|
- name: Setup authentik env (ensure latest deps are installed)
|
|
|
|
|
uses: ./.github/actions/setup
|
2021-08-30 18:21:15 +00:00
|
|
|
- name: migrate to latest
|
2021-12-24 22:25:38 +00:00
|
|
|
run: poetry run python -m lifecycle.migrate
|
2021-08-30 18:21:15 +00:00
|
|
|
test-unittest:
|
2023-04-13 12:10:12 +00:00
|
|
|
name: test-unittest - PostgreSQL ${{ matrix.psql }}
|
2021-08-30 18:21:15 +00:00
|
|
|
runs-on: ubuntu-latest
|
2023-02-14 23:28:36 +00:00
|
|
|
timeout-minutes: 30
|
2023-04-13 12:10:12 +00:00
|
|
|
strategy:
|
|
|
|
|
fail-fast: false
|
|
|
|
|
matrix:
|
|
|
|
|
psql:
|
|
|
|
|
- 11-alpine
|
|
|
|
|
- 12-alpine
|
2021-08-30 18:21:15 +00:00
|
|
|
steps:
|
2022-03-02 08:56:53 +00:00
|
|
|
- uses: actions/checkout@v3
|
2022-04-04 12:02:10 +00:00
|
|
|
- name: Setup authentik env
|
|
|
|
|
uses: ./.github/actions/setup
|
2023-04-13 12:10:12 +00:00
|
|
|
with:
|
|
|
|
|
postgresql_tag: ${{ matrix.psql }}
|
2021-08-30 18:21:15 +00:00
|
|
|
- name: run unittest
|
|
|
|
|
run: |
|
2021-12-24 22:25:38 +00:00
|
|
|
poetry run make test
|
|
|
|
|
poetry run coverage xml
|
2021-09-01 20:59:51 +00:00
|
|
|
- if: ${{ always() }}
|
2022-04-06 07:50:54 +00:00
|
|
|
uses: codecov/codecov-action@v3
|
2022-09-15 19:15:25 +00:00
|
|
|
with:
|
|
|
|
|
flags: unit
|
2021-08-30 18:21:15 +00:00
|
|
|
test-integration:
|
|
|
|
|
runs-on: ubuntu-latest
|
2023-02-14 23:28:36 +00:00
|
|
|
timeout-minutes: 30
|
2021-08-30 18:21:15 +00:00
|
|
|
steps:
|
2022-03-02 08:56:53 +00:00
|
|
|
- uses: actions/checkout@v3
|
2022-04-04 12:02:10 +00:00
|
|
|
- name: Setup authentik env
|
|
|
|
|
uses: ./.github/actions/setup
|
2021-09-04 14:06:44 +00:00
|
|
|
- name: Create k8s Kind Cluster
|
2022-12-14 13:46:57 +00:00
|
|
|
uses: helm/kind-action@v1.5.0
|
2021-08-30 18:21:15 +00:00
|
|
|
- name: run integration
|
|
|
|
|
run: |
|
2023-01-04 18:45:31 +00:00
|
|
|
poetry run coverage run manage.py test tests/integration
|
2021-12-24 22:25:38 +00:00
|
|
|
poetry run coverage xml
|
2021-09-01 20:59:51 +00:00
|
|
|
- if: ${{ always() }}
|
2022-04-06 07:50:54 +00:00
|
|
|
uses: codecov/codecov-action@v3
|
2022-09-15 19:15:25 +00:00
|
|
|
with:
|
|
|
|
|
flags: integration
|
2023-01-04 18:45:31 +00:00
|
|
|
test-e2e:
|
|
|
|
|
name: test-e2e (${{ matrix.job.name }})
|
2021-08-30 18:21:15 +00:00
|
|
|
runs-on: ubuntu-latest
|
2023-02-14 23:28:36 +00:00
|
|
|
timeout-minutes: 30
|
2023-01-04 18:45:31 +00:00
|
|
|
strategy:
|
|
|
|
|
fail-fast: false
|
|
|
|
|
matrix:
|
|
|
|
|
job:
|
|
|
|
|
- name: proxy
|
|
|
|
|
glob: tests/e2e/test_provider_proxy*
|
|
|
|
|
- name: oauth
|
2023-01-19 11:28:51 +00:00
|
|
|
glob: tests/e2e/test_provider_oauth2* tests/e2e/test_source_oauth*
|
2023-01-04 18:45:31 +00:00
|
|
|
- name: oauth-oidc
|
2023-01-19 11:28:51 +00:00
|
|
|
glob: tests/e2e/test_provider_oidc*
|
2023-01-04 18:45:31 +00:00
|
|
|
- name: saml
|
|
|
|
|
glob: tests/e2e/test_provider_saml* tests/e2e/test_source_saml*
|
|
|
|
|
- name: ldap
|
2023-01-19 14:03:56 +00:00
|
|
|
glob: tests/e2e/test_provider_ldap* tests/e2e/test_source_ldap*
|
2023-03-20 15:54:35 +00:00
|
|
|
- name: radius
|
|
|
|
|
glob: tests/e2e/test_provider_radius*
|
2023-01-04 18:45:31 +00:00
|
|
|
- name: flows
|
|
|
|
|
glob: tests/e2e/test_flows*
|
2021-08-30 18:21:15 +00:00
|
|
|
steps:
|
2022-03-02 08:56:53 +00:00
|
|
|
- uses: actions/checkout@v3
|
2022-04-04 12:02:10 +00:00
|
|
|
- name: Setup authentik env
|
|
|
|
|
uses: ./.github/actions/setup
|
2022-10-18 21:53:31 +00:00
|
|
|
- name: Setup e2e env (chrome, etc)
|
2021-08-30 18:21:15 +00:00
|
|
|
run: |
|
2021-10-13 17:06:19 +00:00
|
|
|
docker-compose -f tests/e2e/docker-compose.yml up -d
|
2021-09-04 13:15:40 +00:00
|
|
|
- id: cache-web
|
2022-03-22 09:04:35 +00:00
|
|
|
uses: actions/cache@v3
|
2021-09-04 13:15:40 +00:00
|
|
|
with:
|
|
|
|
|
path: web/dist
|
2022-06-26 16:18:36 +00:00
|
|
|
key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'web/src/**') }}
|
2021-08-30 18:21:15 +00:00
|
|
|
- name: prepare web ui
|
2021-09-04 13:15:40 +00:00
|
|
|
if: steps.cache-web.outputs.cache-hit != 'true'
|
2022-05-09 19:22:41 +00:00
|
|
|
working-directory: web
|
2021-08-30 18:21:15 +00:00
|
|
|
run: |
|
2022-04-14 20:30:44 +00:00
|
|
|
npm ci
|
2022-09-11 21:01:26 +00:00
|
|
|
make -C .. gen-client-ts
|
2021-08-30 18:21:15 +00:00
|
|
|
npm run build
|
|
|
|
|
- name: run e2e
|
|
|
|
|
run: |
|
2023-01-04 18:45:31 +00:00
|
|
|
poetry run coverage run manage.py test ${{ matrix.job.glob }}
|
2021-12-24 22:25:38 +00:00
|
|
|
poetry run coverage xml
|
2021-09-01 20:59:51 +00:00
|
|
|
- if: ${{ always() }}
|
2022-04-06 07:50:54 +00:00
|
|
|
uses: codecov/codecov-action@v3
|
2022-09-15 19:15:25 +00:00
|
|
|
with:
|
|
|
|
|
flags: e2e
|
2021-12-08 20:00:58 +00:00
|
|
|
ci-core-mark:
|
2021-08-30 18:21:15 +00:00
|
|
|
needs:
|
2021-11-21 21:47:10 +00:00
|
|
|
- lint
|
2021-08-30 18:21:15 +00:00
|
|
|
- test-migrations
|
|
|
|
|
- test-migrations-from-stable
|
|
|
|
|
- test-unittest
|
|
|
|
|
- test-integration
|
2023-01-04 18:45:31 +00:00
|
|
|
- test-e2e
|
2021-08-30 18:21:15 +00:00
|
|
|
runs-on: ubuntu-latest
|
2021-12-08 20:00:58 +00:00
|
|
|
steps:
|
|
|
|
|
- run: echo mark
|
|
|
|
|
build:
|
|
|
|
|
needs: ci-core-mark
|
|
|
|
|
runs-on: ubuntu-latest
|
2021-11-10 08:31:56 +00:00
|
|
|
timeout-minutes: 120
|
2021-08-30 18:21:15 +00:00
|
|
|
steps:
|
2022-03-02 08:56:53 +00:00
|
|
|
- uses: actions/checkout@v3
|
2021-11-21 22:35:23 +00:00
|
|
|
- name: Set up QEMU
|
2022-10-13 09:55:04 +00:00
|
|
|
uses: docker/setup-qemu-action@v2.1.0
|
2021-08-30 18:21:15 +00:00
|
|
|
- name: Set up Docker Buildx
|
2022-05-06 07:53:40 +00:00
|
|
|
uses: docker/setup-buildx-action@v2
|
2021-08-30 18:21:15 +00:00
|
|
|
- name: prepare variables
|
2022-06-21 21:31:27 +00:00
|
|
|
uses: ./.github/actions/docker-push-variables
|
2021-08-30 18:21:15 +00:00
|
|
|
id: ev
|
2021-09-03 08:57:44 +00:00
|
|
|
env:
|
2021-12-18 16:01:51 +00:00
|
|
|
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
2021-09-01 13:03:27 +00:00
|
|
|
- name: Login to Container Registry
|
2022-05-06 07:53:49 +00:00
|
|
|
uses: docker/login-action@v2
|
2021-09-03 08:57:44 +00:00
|
|
|
if: ${{ steps.ev.outputs.shouldBuild == 'true' }}
|
2021-08-30 18:21:15 +00:00
|
|
|
with:
|
2021-10-11 12:08:34 +00:00
|
|
|
registry: ghcr.io
|
|
|
|
|
username: ${{ github.repository_owner }}
|
|
|
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
2023-01-11 16:15:19 +00:00
|
|
|
- name: Build Docker Image
|
2023-01-31 09:35:45 +00:00
|
|
|
uses: docker/build-push-action@v4
|
2021-08-30 18:21:15 +00:00
|
|
|
with:
|
2022-12-20 21:09:30 +00:00
|
|
|
secrets: |
|
|
|
|
|
GEOIPUPDATE_ACCOUNT_ID=${{ secrets.GEOIPUPDATE_ACCOUNT_ID }}
|
|
|
|
|
GEOIPUPDATE_LICENSE_KEY=${{ secrets.GEOIPUPDATE_LICENSE_KEY }}
|
2021-09-03 08:57:44 +00:00
|
|
|
push: ${{ steps.ev.outputs.shouldBuild == 'true' }}
|
2021-08-30 18:21:15 +00:00
|
|
|
tags: |
|
2021-10-11 12:08:34 +00:00
|
|
|
ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }}
|
2023-01-19 20:41:56 +00:00
|
|
|
ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}-${{ steps.ev.outputs.shortHash }}
|
2021-08-30 18:21:15 +00:00
|
|
|
build-args: |
|
2021-09-01 14:19:29 +00:00
|
|
|
GIT_BUILD_HASH=${{ steps.ev.outputs.sha }}
|
2022-06-21 21:31:27 +00:00
|
|
|
VERSION_FAMILY=${{ steps.ev.outputs.versionFamily }}
|
2022-07-30 19:22:27 +00:00
|
|
|
- name: Comment on PR
|
|
|
|
|
if: github.event_name == 'pull_request'
|
2022-08-16 09:02:53 +00:00
|
|
|
continue-on-error: true
|
2022-07-30 19:22:27 +00:00
|
|
|
uses: ./.github/actions/comment-pr-instructions
|
|
|
|
|
with:
|
2023-01-19 20:41:56 +00:00
|
|
|
tag: gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}-${{ steps.ev.outputs.shortHash }}
|
|
|
|
|
build-arm64:
|
|
|
|
|
needs: ci-core-mark
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
timeout-minutes: 120
|
|
|
|
|
steps:
|
|
|
|
|
- uses: actions/checkout@v3
|
|
|
|
|
- name: Set up QEMU
|
|
|
|
|
uses: docker/setup-qemu-action@v2.1.0
|
|
|
|
|
- name: Set up Docker Buildx
|
|
|
|
|
uses: docker/setup-buildx-action@v2
|
|
|
|
|
- name: prepare variables
|
|
|
|
|
uses: ./.github/actions/docker-push-variables
|
|
|
|
|
id: ev
|
|
|
|
|
env:
|
|
|
|
|
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
|
|
|
|
- name: Login to Container Registry
|
|
|
|
|
uses: docker/login-action@v2
|
|
|
|
|
if: ${{ steps.ev.outputs.shouldBuild == 'true' }}
|
|
|
|
|
with:
|
|
|
|
|
registry: ghcr.io
|
|
|
|
|
username: ${{ github.repository_owner }}
|
|
|
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
|
- name: Build Docker Image
|
2023-01-31 09:35:45 +00:00
|
|
|
uses: docker/build-push-action@v4
|
2023-01-19 20:41:56 +00:00
|
|
|
with:
|
|
|
|
|
secrets: |
|
|
|
|
|
GEOIPUPDATE_ACCOUNT_ID=${{ secrets.GEOIPUPDATE_ACCOUNT_ID }}
|
|
|
|
|
GEOIPUPDATE_LICENSE_KEY=${{ secrets.GEOIPUPDATE_LICENSE_KEY }}
|
|
|
|
|
push: ${{ steps.ev.outputs.shouldBuild == 'true' }}
|
|
|
|
|
tags: |
|
|
|
|
|
ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }}-arm64
|
|
|
|
|
ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}-${{ steps.ev.outputs.shortHash }}-arm64
|
|
|
|
|
build-args: |
|
|
|
|
|
GIT_BUILD_HASH=${{ steps.ev.outputs.sha }}
|
|
|
|
|
VERSION_FAMILY=${{ steps.ev.outputs.versionFamily }}
|
|
|
|
|
platforms: linux/arm64
|
