12
MAVEN_ARGS: "-B -nsu -Daether.connector.http.connectionMaxTtl=25"
13
SUREFIRE_RERUN_FAILING_COUNT: 2
14
SUREFIRE_RETRY: "-Dsurefire.rerunFailingTestsCount=2"
17
# Only cancel jobs for PR updates
18
group: ci-${{ github.ref }}
19
cancel-in-progress: true
28
name: Check conditional workflows and jobs
29
runs-on: ubuntu-latest
31
ci: ${{ steps.conditional.outputs.ci }}
32
ci-store: ${{ steps.conditional.outputs.ci-store }}
33
ci-sssd: ${{ steps.conditional.outputs.ci-sssd }}
34
ci-store-matrix: ${{ steps.conditional-stores.outputs.matrix }}
36
- uses: actions/checkout@v4
39
uses: ./.github/actions/conditional
41
token: ${{ secrets.GITHUB_TOKEN }}
43
- id: conditional-stores
45
STORES="postgres, mysql, oracle, mssql, mariadb"
46
if [[ $GITHUB_EVENT_NAME != "pull_request" && -n "${{ secrets.AWS_SECRET_ACCESS_KEY }}" ]]; then
47
STORES+=", aurora-postgres"
49
echo "matrix=$(echo $STORES | jq -Rc 'split(", ")')" >> $GITHUB_OUTPUT
53
if: needs.conditional.outputs.ci == 'true'
54
runs-on: ubuntu-latest
57
- uses: actions/checkout@v4
59
- name: Build Keycloak
60
uses: ./.github/actions/build-keycloak
64
runs-on: ubuntu-latest
68
- uses: actions/checkout@v4
72
uses: ./.github/actions/unit-test-setup
74
- name: Run unit tests
78
for i in `find -name '*Test.java' -type f | egrep -v './(testsuite|quarkus|docs)/' | sed 's|/src/test/java/.*||' | sort | uniq | sed 's|./||'`; do
79
PROJECTS="$PROJECTS$SEP$i"
83
./mvnw test -pl "$PROJECTS" -am
85
- name: Upload JVM Heapdumps
87
uses: ./.github/actions/upload-heapdumps
89
- name: Surefire reports
91
uses: ./.github/actions/archive-surefire-reports
95
base-integration-tests:
98
runs-on: ubuntu-latest
102
group: [1, 2, 3, 4, 5, 6]
105
- uses: actions/checkout@v4
107
- id: integration-test-setup
108
name: Integration test setup
109
uses: ./.github/actions/integration-test-setup
111
- name: Run base tests
113
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh ${{ matrix.group }}`
115
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
117
- name: Upload JVM Heapdumps
119
uses: ./.github/actions/upload-heapdumps
121
- uses: ./.github/actions/upload-flaky-tests
122
name: Upload flaky tests
124
GH_TOKEN: ${{ github.token }}
128
- name: Surefire reports
130
uses: ./.github/actions/archive-surefire-reports
132
job-id: base-integration-tests-${{ matrix.group }}
134
adapter-integration-tests:
137
runs-on: ubuntu-latest
140
- uses: actions/checkout@v4
142
- id: integration-test-setup
143
name: Integration test setup
144
uses: ./.github/actions/integration-test-setup
146
- name: Build adapter distributions
147
run: ./mvnw install -DskipTests -f distribution/pom.xml
149
- name: Build app servers
150
run: ./mvnw install -DskipTests -Pbuild-app-servers -f testsuite/integration-arquillian/servers/app-server/pom.xml
152
- name: Run adapter tests
154
TESTS="org.keycloak.testsuite.adapter.**"
156
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Papp-server-wildfly "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
158
- name: Upload JVM Heapdumps
160
uses: ./.github/actions/upload-heapdumps
162
- uses: ./.github/actions/upload-flaky-tests
163
name: Upload flaky tests
165
GH_TOKEN: ${{ github.token }}
169
- name: Surefire reports
171
uses: ./.github/actions/archive-surefire-reports
173
job-id: adapter-integration-tests
181
os: [ ubuntu-latest, windows-latest ]
182
runs-on: ${{ matrix.os }}
184
- uses: actions/checkout@v4
186
# We want to download Keycloak artifacts
187
- id: integration-test-setup
188
name: Integration test setup
189
uses: ./.github/actions/integration-test-setup
191
- name: Run unit tests
193
./mvnw test -f quarkus/pom.xml -pl '!tests,!tests/junit5,!tests/integration,!dist'
195
- name: Upload JVM Heapdumps
197
uses: ./.github/actions/upload-heapdumps
199
- name: Surefire reports
201
uses: ./.github/actions/archive-surefire-reports
203
job-id: quarkus-unit-tests
205
quarkus-integration-tests:
211
os: [ubuntu-latest, windows-latest]
212
server: [sanity-check-zip, zip, container, storage]
221
server: sanity-check-zip
223
runs-on: ${{ matrix.os }}
225
MAVEN_OPTS: -Xmx1024m
227
- uses: actions/checkout@v4
229
- id: unit-test-setup
230
name: Unit test setup
231
uses: ./.github/actions/unit-test-setup
233
# Not sure why, but needs to re-build otherwise there's some failures starting up
234
- name: Run Quarkus integration Tests
237
PARAMS["sanity-check-zip"]="-Dtest=StartCommandDistTest,StartDevCommandDistTest,BuildAndStartDistTest,ImportAtStartupDistTest"
239
PARAMS["container"]="-Dkc.quarkus.tests.dist=docker"
240
PARAMS["storage"]="-Ptest-database -Dtest=PostgreSQLDistTest,MariaDBDistTest#testSuccessful,MySQLDistTest#testSuccessful,DatabaseOptionsDistTest,JPAStoreDistTest,HotRodStoreDistTest,MixedStoreDistTest,TransactionConfigurationDistTest,ExternalInfinispanTest"
242
./mvnw install -pl quarkus/tests/integration -am -DskipTests
243
./mvnw test -pl quarkus/tests/integration ${PARAMS["${{ matrix.server }}"]} 2>&1 | misc/log/trimmer.sh
245
- name: Upload JVM Heapdumps
247
uses: ./.github/actions/upload-heapdumps
249
- name: Surefire reports
251
uses: ./.github/actions/archive-surefire-reports
253
job-id: quarkus-integration-tests-${{ matrix.os }}-${{ matrix.server }}
255
jdk-integration-tests:
256
name: Java Distribution IT
261
os: [ubuntu-latest, windows-latest]
265
runs-on: ${{ matrix.os }}
267
- uses: actions/checkout@v4
269
- id: integration-test-setup
270
name: Integration test setup
271
uses: ./.github/actions/integration-test-setup
273
jdk-dist: ${{ matrix.dist }}
274
jdk-version: ${{ matrix.version }}
276
- name: Prepare Quarkus distribution with current JDK
277
run: ./mvnw install -e -pl testsuite/integration-arquillian/servers/auth-server/quarkus
279
- name: Run base tests
281
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh jdk`
283
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
285
- name: Build with JDK
287
./mvnw install -e -DskipTests -DskipExamples
289
- name: Upload JVM Heapdumps
291
uses: ./.github/actions/upload-heapdumps
293
- uses: ./.github/actions/upload-flaky-tests
294
name: Upload flaky tests
296
GH_TOKEN: ${{ github.token }}
298
job-name: Java Distribution IT
300
- name: Surefire reports
302
uses: ./.github/actions/archive-surefire-reports
304
job-id: jdk-integration-tests-${{ matrix.os }}-${{ matrix.dist }}-${{ matrix.version }}
306
store-integration-tests:
308
needs: [build, conditional]
309
if: needs.conditional.outputs.ci-store == 'true'
310
runs-on: ubuntu-latest
314
db: ${{ fromJson(needs.conditional.outputs.ci-store-matrix) }}
317
- uses: actions/checkout@v4
320
name: Initialize Aurora environment
321
if: ${{ matrix.db == 'aurora-postgres' }}
324
echo "Region: ${AWS_REGION}"
326
aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }}
327
aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }}
328
aws configure set region ${AWS_REGION}
329
PASS=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 13; echo)
330
echo "::add-mask::${PASS}"
332
echo "name=gh-action-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
333
echo "password=${PASS}" >> $GITHUB_OUTPUT
334
echo "region=${AWS_REGION}" >> $GITHUB_OUTPUT
337
name: Create Aurora DB
338
if: ${{ matrix.db == 'aurora-postgres' }}
339
uses: ./.github/actions/aurora-create-database
341
name: ${{ steps.aurora-init.outputs.name }}
342
password: ${{ steps.aurora-init.outputs.password }}
343
region: ${{ steps.aurora-init.outputs.region }}
345
- id: integration-test-setup
346
name: Integration test setup
347
if: ${{ matrix.db != 'aurora-postgres' }}
348
uses: ./.github/actions/integration-test-setup
350
- name: Run Aurora tests on EC2
352
if: ${{ matrix.db == 'aurora-postgres' }}
354
PROPS="-Dauth.server.db.host=${{ steps.aurora-create.outputs.endpoint }}"
355
PROPS+=" -Dkeycloak.connectionsJpa.password=${{ steps.aurora-init.outputs.password }}"
357
REGION=${{ steps.aurora-init.outputs.region }}
359
curl --fail-with-body https://truststore.pki.rds.amazonaws.com/${REGION}/${REGION}-bundle.pem -o aws.pem
360
PROPS+=" -Dkeycloak.connectionsJpa.jdbcParameters=\"?ssl=true&sslmode=verify-ca&sslrootcert=/opt/keycloak/aws.pem\""
362
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh database`
365
git archive --format=zip --output /tmp/keycloak.zip $GITHUB_REF
366
zip -u /tmp/keycloak.zip aws.pem
368
cd .github/scripts/ansible
369
export CLUSTER_NAME=keycloak_$(git rev-parse --short HEAD)
370
echo "ec2_cluster=${CLUSTER_NAME}" >> $GITHUB_OUTPUT
371
./aws_ec2.sh requirements
372
./aws_ec2.sh create ${REGION}
373
./keycloak_ec2_installer.sh ${REGION} /tmp/keycloak.zip
374
./mvn_ec2_runner.sh ${REGION} "clean install -B -DskipTests -Pdistribution"
375
./mvn_ec2_runner.sh ${REGION} "clean install -B -DskipTests -pl testsuite/integration-arquillian/servers/auth-server/quarkus -Pauth-server-quarkus -Pdb-aurora-postgres -Dmaven.build.cache.enabled=true"
376
./mvn_ec2_runner.sh ${REGION} "test -B ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Pdb-${{ matrix.db }} $PROPS -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh"
378
# Copy returned surefire-report directories to workspace root to ensure they're discovered
379
results=(files/keycloak/results/*)
380
rsync -a $results/* ../../../
383
- name: Run base tests
384
if: ${{ matrix.db != 'aurora-postgres' }}
386
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh database`
388
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Pdb-${{ matrix.db }} -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
390
- name: Upload JVM Heapdumps
392
uses: ./.github/actions/upload-heapdumps
394
- uses: ./.github/actions/upload-flaky-tests
395
name: Upload flaky tests
397
GH_TOKEN: ${{ github.token }}
401
- name: Surefire reports
403
uses: ./.github/actions/archive-surefire-reports
405
job-id: store-integration-tests-${{ matrix.db }}
407
- name: EC2 Maven Logs
409
uses: actions/upload-artifact@v3
411
name: store-it-mvn-logs
412
path: .github/scripts/ansible/files
414
- name: Delete Aurora EC2 Instance
415
if: ${{ always() && matrix.db == 'aurora-postgres' }}
416
working-directory: .github/scripts/ansible
418
export CLUSTER_NAME=${{ steps.aurora-tests.outputs.ec2_cluster }}
419
./aws_ec2.sh delete ${{ steps.aurora-init.outputs.region }}
421
- name: Delete Aurora DB
422
if: ${{ always() && matrix.db == 'aurora-postgres' }}
423
uses: ./.github/actions/aurora-delete-database
425
name: ${{ steps.aurora-init.outputs.name }}
426
region: ${{ steps.aurora-init.outputs.region }}
429
name: Store Model Tests
430
runs-on: ubuntu-latest
431
needs: [build, conditional]
432
if: needs.conditional.outputs.ci-store == 'true'
435
- uses: actions/checkout@v4
437
- id: integration-test-setup
438
name: Integration test setup
439
uses: ./.github/actions/integration-test-setup
441
- name: Run model tests
442
run: testsuite/model/test-all-profiles.sh ${{ env.SUREFIRE_RETRY }}
444
- name: Upload JVM Heapdumps
446
uses: ./.github/actions/upload-heapdumps
448
- uses: ./.github/actions/upload-flaky-tests
449
name: Upload flaky tests
451
GH_TOKEN: ${{ github.token }}
453
job-name: Store Model Tests
455
- name: Surefire reports
457
uses: ./.github/actions/archive-surefire-reports
459
job-id: store-model-tests
461
clustering-integration-tests:
464
runs-on: ubuntu-latest
467
MAVEN_OPTS: -Xmx1024m
469
- uses: actions/checkout@v4
471
- id: integration-test-setup
472
name: Integration test setup
473
uses: ./.github/actions/integration-test-setup
475
- name: Run cluster tests
477
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-cluster-quarkus -Dsession.cache.owners=2 -Dtest=**.cluster.** -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
479
- name: Upload JVM Heapdumps
481
uses: ./.github/actions/upload-heapdumps
483
- uses: ./.github/actions/upload-flaky-tests
484
name: Upload flaky tests
486
GH_TOKEN: ${{ github.token }}
488
job-name: Clustering IT
490
- name: Surefire reports
492
uses: ./.github/actions/archive-surefire-reports
494
job-id: clustering-integration-tests
498
runs-on: ubuntu-latest
502
- uses: actions/checkout@v4
508
sudo insmod fake_fips.ko
510
- id: unit-test-setup
511
name: Unit test setup
512
uses: ./.github/actions/unit-test-setup
514
- name: Run crypto tests
515
run: docker run --rm --workdir /github/workspace -v "${{ github.workspace }}":"/github/workspace" -v "$HOME/.m2":"/root/.m2" registry.access.redhat.com/ubi8/ubi:latest .github/scripts/run-fips-ut.sh
517
- name: Upload JVM Heapdumps
519
uses: ./.github/actions/upload-heapdumps
521
- name: Surefire reports
523
uses: ./.github/actions/archive-surefire-reports
525
job-id: fips-unit-tests
527
fips-integration-tests:
530
runs-on: ubuntu-latest
534
mode: [non-strict, strict]
537
- uses: actions/checkout@v4
543
sudo insmod fake_fips.ko
545
- id: integration-test-setup
546
name: Integration test setup
547
uses: ./.github/actions/integration-test-setup
551
- name: Build adapter distributions
552
run: ./mvnw install -DskipTests -f distribution/pom.xml
554
- name: Build app servers
555
run: ./mvnw install -DskipTests -Pbuild-app-servers -f testsuite/integration-arquillian/servers/app-server/pom.xml
558
- name: Prepare Quarkus distribution with BCFIPS
559
run: ./mvnw install -e -pl testsuite/integration-arquillian/servers/auth-server/quarkus -Pauth-server-quarkus,auth-server-fips140-2
561
- name: Run base tests
562
run: docker run --rm --workdir /github/workspace -e "SUREFIRE_RERUN_FAILING_COUNT" -v "${{ github.workspace }}":"/github/workspace" -v "$HOME/.m2":"/root/.m2" registry.access.redhat.com/ubi8/ubi:latest .github/scripts/run-fips-it.sh ${{ matrix.mode }}
564
- name: Upload JVM Heapdumps
566
uses: ./.github/actions/upload-heapdumps
568
- uses: ./.github/actions/upload-flaky-tests
569
name: Upload flaky tests
571
GH_TOKEN: ${{ github.token }}
575
- name: Surefire reports
577
uses: ./.github/actions/archive-surefire-reports
579
job-id: fips-integration-tests-${{ matrix.mode }}
581
account-console-integration-tests:
582
name: Account Console IT
583
runs-on: ubuntu-latest
591
- uses: actions/checkout@v4
593
- id: integration-test-setup
594
name: Integration test setup
595
uses: ./.github/actions/integration-test-setup
597
- name: Run Account Console IT
598
run: ./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=**.account2.**,!SigningInTest#passwordlessWebAuthnTest,!SigningInTest#twoFactorWebAuthnTest -Dbrowser=${{ matrix.browser }} "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" -f testsuite/integration-arquillian/tests/other/base-ui/pom.xml 2>&1 | misc/log/trimmer.sh
600
- name: Upload JVM Heapdumps
602
uses: ./.github/actions/upload-heapdumps
604
- uses: ./.github/actions/upload-flaky-tests
605
name: Upload flaky tests
607
GH_TOKEN: ${{ github.token }}
609
job-name: Account Console IT
611
- name: Surefire reports
613
uses: ./.github/actions/archive-surefire-reports
615
job-id: account-console-integration-tests-${{ matrix.browser }}
617
forms-integration-tests:
619
runs-on: ubuntu-latest
624
browser: [chrome, firefox]
627
- uses: actions/checkout@v4
629
- id: integration-test-setup
630
name: Integration test setup
631
uses: ./.github/actions/integration-test-setup
635
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh forms`
637
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -Dbrowser=${{ matrix.browser }} "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" "-Dwebdriver.gecko.driver=$GECKOWEBDRIVER/geckodriver" -f testsuite/integration-arquillian/tests/base/pom.xml 2>&1 | misc/log/trimmer.sh
639
- name: Upload JVM Heapdumps
641
uses: ./.github/actions/upload-heapdumps
643
- uses: ./.github/actions/upload-flaky-tests
644
name: Upload flaky tests
646
GH_TOKEN: ${{ github.token }}
650
- name: Surefire reports
652
uses: ./.github/actions/archive-surefire-reports
654
job-id: forms-integration-tests-${{ matrix.browser }}
656
webauthn-integration-tests:
658
runs-on: ubuntu-latest
665
# - firefox disabled until https://github.com/keycloak/keycloak/issues/20777 is resolved
668
- uses: actions/checkout@v4
670
- id: integration-test-setup
671
name: Integration test setup
672
uses: ./.github/actions/integration-test-setup
674
# Don't use Chrome for testing (just regular Chrome) until https://github.com/keycloak/keycloak/issues/22214 is resolved
675
#- id: install-chrome
676
# name: Install Chrome browser
677
# uses: ./.github/actions/install-chrome
678
# if: matrix.browser == 'chrome'
680
- name: Run WebAuthn IT
681
run: ./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=org.keycloak.testsuite.webauthn.**.*Test -Dbrowser=${{ matrix.browser }} "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" "-Dwebdriver.gecko.driver=$GECKOWEBDRIVER/geckodriver" -Pwebauthn -f testsuite/integration-arquillian/tests/other/pom.xml 2>&1 | misc/log/trimmer.sh
683
- name: Upload JVM Heapdumps
685
uses: ./.github/actions/upload-heapdumps
687
- uses: ./.github/actions/upload-flaky-tests
688
name: Upload flaky tests
690
GH_TOKEN: ${{ github.token }}
692
job-name: WebAuthn IT
694
- name: Surefire reports
696
uses: ./.github/actions/archive-surefire-reports
698
job-id: webauthn-integration-tests-${{ matrix.browser }}
702
runs-on: ubuntu-latest
703
if: needs.conditional.outputs.ci-sssd == 'true'
710
uses: actions/checkout@v4
712
- id: integration-test-setup
713
name: Integration test setup
714
uses: ./.github/actions/integration-test-setup
716
- id: weekly-cache-key
717
name: Key for weekly rotation of cache
719
run: echo "key=ipa-data-`date -u "+%Y-%U"`" >> $GITHUB_OUTPUT
721
- id: cache-maven-repository
723
uses: actions/cache@v3
726
key: ${{ steps.weekly-cache-key.outputs.key }}
729
run: .github/scripts/run-ipa.sh "${{ github.workspace }}"
731
- name: Surefire reports
733
uses: ./.github/actions/archive-surefire-reports
735
job-id: sssd-unit-tests
738
name: Migration Tests
739
runs-on: ubuntu-latest
744
old-version: [19.0.3]
745
database: [postgres, mysql, oracle, mssql, mariadb]
748
- uses: actions/checkout@v4
750
- id: integration-test-setup
751
name: Integration test setup
752
uses: ./.github/actions/integration-test-setup
754
- name: Run Migration Tests
756
./mvnw clean install ${{ env.SUREFIRE_RETRY }} \
757
-Pauth-server-quarkus -Pdb-${{ matrix.database }} -Pauth-server-migration \
758
-Dtest=MigrationTest \
759
-Dmigration.mode=auto \
760
-Dmigrated.auth.server.version=${{ matrix.old-version }} \
761
-Dmigration.import.file.name=migration-realm-${{ matrix.old-version }}.json \
762
-Dauth.server.ssl.required=false \
763
-Dauth.server.db.host=localhost \
764
-f testsuite/integration-arquillian/pom.xml 2>&1 | misc/log/trimmer.sh
766
- name: Upload JVM Heapdumps
768
uses: ./.github/actions/upload-heapdumps
770
- uses: ./.github/actions/upload-flaky-tests
771
name: Upload flaky tests
773
GH_TOKEN: ${{ github.token }}
775
job-name: Migration Tests
777
- name: Surefire reports
779
uses: ./.github/actions/archive-surefire-reports
781
job-id: migration-tests-${{ matrix.old-version }}-${{ matrix.database }}
784
name: Status Check - Keycloak CI
790
- base-integration-tests
791
- adapter-integration-tests
793
- quarkus-integration-tests
794
- jdk-integration-tests
795
- store-integration-tests
797
- clustering-integration-tests
799
- fips-integration-tests
800
- account-console-integration-tests
801
- forms-integration-tests
802
- webauthn-integration-tests
805
runs-on: ubuntu-latest
807
- uses: actions/checkout@v4
808
- uses: ./.github/actions/status-check
810
jobs: ${{ toJSON(needs) }}