name: authentik-ci-main on: push: branches: - master - next - version-* paths-ignore: - website pull_request: branches: - master env: POSTGRES_DB: authentik POSTGRES_USER: authentik POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77" jobs: lint: strategy: fail-fast: false matrix: job: - pylint - black - isort - bandit - pyright - pending-migrations runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v2 - uses: actions/setup-node@v2 with: node-version: '16' - id: cache-poetry uses: actions/cache@v2.1.7 with: path: ~/.cache/pypoetry/virtualenvs key: ${{ runner.os }}-poetry-cache-v3-${{ hashFiles('**/poetry.lock') }} - name: prepare env: INSTALL: ${{ steps.cache-poetry.outputs.cache-hit }} run: scripts/ci_prepare.sh - name: run job run: poetry run make ci-${{ matrix.job }} test-migrations: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v2 - id: cache-poetry uses: actions/cache@v2.1.7 with: path: ~/.cache/pypoetry/virtualenvs key: ${{ runner.os }}-poetry-cache-v3-${{ hashFiles('**/poetry.lock') }} - name: prepare env: INSTALL: ${{ steps.cache-poetry.outputs.cache-hit }} run: scripts/ci_prepare.sh - name: run migrations run: poetry run python -m lifecycle.migrate test-migrations-from-stable: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 with: fetch-depth: 0 - uses: actions/setup-python@v2 - name: prepare variables id: ev run: | python ./scripts/gh_env.py sudo pip install -U pipenv - id: cache-poetry uses: actions/cache@v2.1.7 with: path: ~/.cache/pypoetry/virtualenvs key: ${{ runner.os }}-poetry-cache-v3-${{ hashFiles('**/poetry.lock') }} - name: checkout stable run: | # Copy current, latest config to local cp authentik/lib/default.yml local.env.yml cp -R .github .. cp -R scripts .. cp -R poetry.lock pyproject.toml .. git checkout $(git describe --abbrev=0 --match 'version/*') rm -rf .github/ scripts/ mv ../.github ../scripts ../poetry.lock ../pyproject.toml . - name: prepare env: INSTALL: ${{ steps.cache-poetry.outputs.cache-hit }} run: | scripts/ci_prepare.sh # Sync anyways since stable will have different dependencies # TODO: Remove after next stable release if [[ -f "Pipfile.lock" ]]; then pipenv install --dev fi poetry install - name: run migrations to stable run: poetry run python -m lifecycle.migrate - name: checkout current code run: | set -x git fetch git reset --hard HEAD # TODO: Remove after next stable release rm -f poetry.lock git checkout $GITHUB_SHA # TODO: Remove after next stable release if [[ -f "Pipfile.lock" ]]; then pipenv install --dev fi poetry install - name: prepare env: INSTALL: ${{ steps.cache-poetry.outputs.cache-hit }} run: scripts/ci_prepare.sh - name: migrate to latest run: poetry run python -m lifecycle.migrate test-unittest: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v2 - id: cache-poetry uses: actions/cache@v2.1.7 with: path: ~/.cache/pypoetry/virtualenvs key: ${{ runner.os }}-poetry-cache-v3-${{ hashFiles('**/poetry.lock') }} - name: prepare env: INSTALL: ${{ steps.cache-poetry.outputs.cache-hit }} run: scripts/ci_prepare.sh - uses: testspace-com/setup-testspace@v1 with: domain: ${{github.repository_owner}} - name: run unittest run: | poetry run make test poetry run coverage xml - name: run testspace if: ${{ always() }} run: | testspace [unittest]unittest.xml --link=codecov - if: ${{ always() }} uses: codecov/codecov-action@v2 test-integration: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v2 - id: cache-poetry uses: actions/cache@v2.1.7 with: path: ~/.cache/pypoetry/virtualenvs key: ${{ runner.os }}-poetry-cache-v3-${{ hashFiles('**/poetry.lock') }} - name: prepare env: INSTALL: ${{ steps.cache-poetry.outputs.cache-hit }} run: scripts/ci_prepare.sh - uses: testspace-com/setup-testspace@v1 with: domain: ${{github.repository_owner}} - name: Create k8s Kind Cluster uses: helm/kind-action@v1.2.0 - name: run integration run: | poetry run make test-integration poetry run coverage xml - name: run testspace if: ${{ always() }} run: | testspace [integration]unittest.xml --link=codecov - if: ${{ always() }} uses: codecov/codecov-action@v2 test-e2e-provider: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v2 - uses: actions/setup-node@v2 with: node-version: '16' cache: 'npm' cache-dependency-path: web/package-lock.json - uses: testspace-com/setup-testspace@v1 with: domain: ${{github.repository_owner}} - id: cache-poetry uses: actions/cache@v2.1.7 with: path: ~/.cache/pypoetry/virtualenvs key: ${{ runner.os }}-poetry-cache-v3-${{ hashFiles('**/poetry.lock') }} - name: prepare env: INSTALL: ${{ steps.cache-poetry.outputs.cache-hit }} run: | scripts/ci_prepare.sh docker-compose -f tests/e2e/docker-compose.yml up -d - id: cache-web uses: actions/cache@v2.1.7 with: path: web/dist key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'web/**') }} - name: prepare web ui if: steps.cache-web.outputs.cache-hit != 'true' run: | cd web npm i npm run build - name: run e2e run: | poetry run make test-e2e-provider poetry run coverage xml - name: run testspace if: ${{ always() }} run: | testspace [e2e-provider]unittest.xml --link=codecov - if: ${{ always() }} uses: codecov/codecov-action@v2 test-e2e-rest: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v2 - uses: actions/setup-node@v2 with: node-version: '16' cache: 'npm' cache-dependency-path: web/package-lock.json - uses: testspace-com/setup-testspace@v1 with: domain: ${{github.repository_owner}} - id: cache-poetry uses: actions/cache@v2.1.7 with: path: ~/.cache/pypoetry/virtualenvs key: ${{ runner.os }}-poetry-cache-v3-${{ hashFiles('**/poetry.lock') }} - name: prepare env: INSTALL: ${{ steps.cache-poetry.outputs.cache-hit }} run: | scripts/ci_prepare.sh docker-compose -f tests/e2e/docker-compose.yml up -d - id: cache-web uses: actions/cache@v2.1.7 with: path: web/dist key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'web/**') }} - name: prepare web ui if: steps.cache-web.outputs.cache-hit != 'true' run: | cd web npm i npm run build - name: run e2e run: | poetry run make test-e2e-rest poetry run coverage xml - name: run testspace if: ${{ always() }} run: | testspace [e2e-rest]unittest.xml --link=codecov - if: ${{ always() }} uses: codecov/codecov-action@v2 ci-core-mark: needs: - lint - test-migrations - test-migrations-from-stable - test-unittest - test-integration - test-e2e-rest - test-e2e-provider runs-on: ubuntu-latest steps: - run: echo mark build: needs: ci-core-mark runs-on: ubuntu-latest timeout-minutes: 120 strategy: fail-fast: false matrix: arch: - 'linux/amd64' steps: - uses: actions/checkout@v2 - name: Set up QEMU uses: docker/setup-qemu-action@v1.2.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 - name: prepare variables id: ev env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} run: | python ./scripts/gh_env.py - name: Login to Container Registry uses: docker/login-action@v1 if: ${{ steps.ev.outputs.shouldBuild == 'true' }} with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Building Docker Image uses: docker/build-push-action@v2 with: push: ${{ steps.ev.outputs.shouldBuild == 'true' }} tags: | ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }} ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}-${{ steps.ev.outputs.sha }} build-args: | GIT_BUILD_HASH=${{ steps.ev.outputs.sha }} platforms: ${{ matrix.arch }}