240cf6dd94
* add basic guacamole Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make everything mostly work Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add rac build to CI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix resize, fix web lint, sendSize correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * pre-send connection from client, format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve throughput Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework TokenOutpostConsumer into middleware Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix some layout issues Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add outpost controllers Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start testing audio things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix a bunch of things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add deps Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix to work with outpost group Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add simple loadbalancing Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add simple reconnect Signed-off-by: Jens Langhammer <jens@goauthentik.io> * show reconnecting text Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix error when checking ports Signed-off-by: Jens Langhammer <jens@goauthentik.io> * move to providers Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add flow check to interface Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix go lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix rac app label Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix audio Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add logging Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow overriding all settings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix duplicate keyboard, debug high DPI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-add deps Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix missing __init__.py breaking model loading I love python Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * bump successful ws connection to info Signed-off-by: Jens Langhammer <jens@goauthentik.io> * hide cursor since guac draws that Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add clipboard support (bidirectional) Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make codespell not want to break the code Signed-off-by: Jens Langhammer <jens@goauthentik.io> * run pr comment in separate task Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start endpoint and property mapping stuff Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more endpoint things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unrelated: fix event model_pk filtering with ints Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unrelated: improve event display for changelog Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rebuild endpoint stuff again Signed-off-by: Jens Langhammer <jens@goauthentik.io> * idk special url Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more stuff, connect token with session Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add disconnect Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework disconnect cleanly disconnect from guacd instead of just letting the connection timeout Signed-off-by: Jens Langhammer <jens@goauthentik.io> * clear cache when creating outpost Signed-off-by: Jens Langhammer <jens@goauthentik.io> * support host:port and fix protocol Signed-off-by: Jens Langhammer <jens@goauthentik.io> * center smaller viewport Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework connection to wait more and stop after some time Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add policy control to endpoints Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove provider protocol Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't switch to different outpost connection when already chosen Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start using property mappings, add static settings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add some RAC mapping settings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests for event changes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests and fix issues found by said tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add preview banner, move endpoints to main page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> * auto-select endpoint if only one is available Signed-off-by: Jens Langhammer <jens@goauthentik.io> * backport https://github.com/goauthentik/authentik/pull/7831 to rac Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dont select property mappings on endpoints Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make table modal only load when opened Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only auto-redirect when open Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web deps Signed-off-by: Jens Langhammer <jens@goauthentik.io> * check for token expiry and terminate session Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-add endpoint name to title Signed-off-by: Jens Langhammer <jens@goauthentik.io> * disconnect connection when token is manually deleted Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add initial RAC docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add connection expiry setting to provider Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix flaky tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
323 lines
10 KiB
YAML
323 lines
10 KiB
YAML
name: authentik-ci-main
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- next
|
|
- version-*
|
|
paths-ignore:
|
|
- website
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
- version-*
|
|
|
|
env:
|
|
POSTGRES_DB: authentik
|
|
POSTGRES_USER: authentik
|
|
POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
|
|
|
|
jobs:
|
|
lint:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
job:
|
|
- bandit
|
|
- black
|
|
- codespell
|
|
- isort
|
|
- pending-migrations
|
|
- pylint
|
|
- pyright
|
|
- ruff
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Setup authentik env
|
|
uses: ./.github/actions/setup
|
|
- name: run job
|
|
run: poetry run make ci-${{ matrix.job }}
|
|
test-migrations:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Setup authentik env
|
|
uses: ./.github/actions/setup
|
|
- name: run migrations
|
|
run: poetry run python -m lifecycle.migrate
|
|
test-migrations-from-stable:
|
|
name: test-migrations-from-stable - PostgreSQL ${{ matrix.psql }}
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
psql:
|
|
- 12-alpine
|
|
- 15-alpine
|
|
- 16-alpine
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
- name: checkout stable
|
|
run: |
|
|
# Delete all poetry envs
|
|
rm -rf /home/runner/.cache/pypoetry
|
|
# Copy current, latest config to local
|
|
cp authentik/lib/default.yml local.env.yml
|
|
cp -R .github ..
|
|
cp -R scripts ..
|
|
git checkout version/$(python -c "from authentik import __version__; print(__version__)")
|
|
rm -rf .github/ scripts/
|
|
mv ../.github ../scripts .
|
|
- name: Setup authentik env (stable)
|
|
uses: ./.github/actions/setup
|
|
with:
|
|
postgresql_version: ${{ matrix.psql }}
|
|
- name: run migrations to stable
|
|
run: poetry run python -m lifecycle.migrate
|
|
- name: checkout current code
|
|
run: |
|
|
set -x
|
|
git fetch
|
|
git reset --hard HEAD
|
|
git clean -d -fx .
|
|
git checkout $GITHUB_SHA
|
|
# Delete previous poetry env
|
|
rm -rf /home/runner/.cache/pypoetry/virtualenvs/*
|
|
- name: Setup authentik env (ensure latest deps are installed)
|
|
uses: ./.github/actions/setup
|
|
with:
|
|
postgresql_version: ${{ matrix.psql }}
|
|
- name: migrate to latest
|
|
run: |
|
|
poetry run python -m lifecycle.migrate
|
|
- name: run tests
|
|
env:
|
|
# Test in the main database that we just migrated from the previous stable version
|
|
AUTHENTIK_POSTGRESQL__TEST__NAME: authentik
|
|
run: |
|
|
poetry run make test
|
|
test-unittest:
|
|
name: test-unittest - PostgreSQL ${{ matrix.psql }}
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 30
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
psql:
|
|
- 12-alpine
|
|
- 15-alpine
|
|
- 16-alpine
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Setup authentik env
|
|
uses: ./.github/actions/setup
|
|
with:
|
|
postgresql_version: ${{ matrix.psql }}
|
|
- name: run unittest
|
|
run: |
|
|
poetry run make test
|
|
poetry run coverage xml
|
|
- if: ${{ always() }}
|
|
uses: codecov/codecov-action@v3
|
|
with:
|
|
flags: unit
|
|
test-integration:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 30
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Setup authentik env
|
|
uses: ./.github/actions/setup
|
|
- name: Create k8s Kind Cluster
|
|
uses: helm/kind-action@v1.8.0
|
|
- name: run integration
|
|
run: |
|
|
poetry run coverage run manage.py test tests/integration
|
|
poetry run coverage xml
|
|
- if: ${{ always() }}
|
|
uses: codecov/codecov-action@v3
|
|
with:
|
|
flags: integration
|
|
test-e2e:
|
|
name: test-e2e (${{ matrix.job.name }})
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 30
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
job:
|
|
- name: proxy
|
|
glob: tests/e2e/test_provider_proxy*
|
|
- name: oauth
|
|
glob: tests/e2e/test_provider_oauth2* tests/e2e/test_source_oauth*
|
|
- name: oauth-oidc
|
|
glob: tests/e2e/test_provider_oidc*
|
|
- name: saml
|
|
glob: tests/e2e/test_provider_saml* tests/e2e/test_source_saml*
|
|
- name: ldap
|
|
glob: tests/e2e/test_provider_ldap* tests/e2e/test_source_ldap*
|
|
- name: radius
|
|
glob: tests/e2e/test_provider_radius*
|
|
- name: flows
|
|
glob: tests/e2e/test_flows*
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Setup authentik env
|
|
uses: ./.github/actions/setup
|
|
- name: Setup e2e env (chrome, etc)
|
|
run: |
|
|
docker-compose -f tests/e2e/docker-compose.yml up -d
|
|
- id: cache-web
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: web/dist
|
|
key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'web/src/**') }}
|
|
- name: prepare web ui
|
|
if: steps.cache-web.outputs.cache-hit != 'true'
|
|
working-directory: web
|
|
run: |
|
|
npm ci
|
|
make -C .. gen-client-ts
|
|
npm run build
|
|
- name: run e2e
|
|
run: |
|
|
poetry run coverage run manage.py test ${{ matrix.job.glob }}
|
|
poetry run coverage xml
|
|
- if: ${{ always() }}
|
|
uses: codecov/codecov-action@v3
|
|
with:
|
|
flags: e2e
|
|
ci-core-mark:
|
|
needs:
|
|
- lint
|
|
- test-migrations
|
|
- test-migrations-from-stable
|
|
- test-unittest
|
|
- test-integration
|
|
- test-e2e
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- run: echo mark
|
|
build:
|
|
needs: ci-core-mark
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
# Needed to upload contianer images to ghcr.io
|
|
packages: write
|
|
timeout-minutes: 120
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v3.0.0
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
- name: prepare variables
|
|
uses: ./.github/actions/docker-push-variables
|
|
id: ev
|
|
env:
|
|
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
|
- name: Login to Container Registry
|
|
uses: docker/login-action@v3
|
|
if: ${{ steps.ev.outputs.shouldBuild == 'true' }}
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
- name: generate ts client
|
|
run: make gen-client-ts
|
|
- name: Build Docker Image
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
secrets: |
|
|
GEOIPUPDATE_ACCOUNT_ID=${{ secrets.GEOIPUPDATE_ACCOUNT_ID }}
|
|
GEOIPUPDATE_LICENSE_KEY=${{ secrets.GEOIPUPDATE_LICENSE_KEY }}
|
|
push: ${{ steps.ev.outputs.shouldBuild == 'true' }}
|
|
tags: |
|
|
ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }}
|
|
ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.sha }}
|
|
ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}-${{ steps.ev.outputs.shortHash }}
|
|
build-args: |
|
|
GIT_BUILD_HASH=${{ steps.ev.outputs.sha }}
|
|
VERSION=${{ steps.ev.outputs.version }}
|
|
VERSION_FAMILY=${{ steps.ev.outputs.versionFamily }}
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
build-arm64:
|
|
needs: ci-core-mark
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
# Needed to upload contianer images to ghcr.io
|
|
packages: write
|
|
timeout-minutes: 120
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v3.0.0
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
- name: prepare variables
|
|
uses: ./.github/actions/docker-push-variables
|
|
id: ev
|
|
env:
|
|
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
|
- name: Login to Container Registry
|
|
uses: docker/login-action@v3
|
|
if: ${{ steps.ev.outputs.shouldBuild == 'true' }}
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
- name: generate ts client
|
|
run: make gen-client-ts
|
|
- name: Build Docker Image
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
secrets: |
|
|
GEOIPUPDATE_ACCOUNT_ID=${{ secrets.GEOIPUPDATE_ACCOUNT_ID }}
|
|
GEOIPUPDATE_LICENSE_KEY=${{ secrets.GEOIPUPDATE_LICENSE_KEY }}
|
|
push: ${{ steps.ev.outputs.shouldBuild == 'true' }}
|
|
tags: |
|
|
ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }}-arm64
|
|
ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.sha }}-arm64
|
|
ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}-${{ steps.ev.outputs.shortHash }}-arm64
|
|
build-args: |
|
|
GIT_BUILD_HASH=${{ steps.ev.outputs.sha }}
|
|
VERSION=${{ steps.ev.outputs.version }}
|
|
VERSION_FAMILY=${{ steps.ev.outputs.versionFamily }}
|
|
platforms: linux/arm64
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
pr-comment:
|
|
needs:
|
|
- build
|
|
- build-arm64
|
|
runs-on: ubuntu-latest
|
|
if: ${{ github.event_name == 'pull_request' }}
|
|
permissions:
|
|
# Needed to write comments on PRs
|
|
pull-requests: write
|
|
timeout-minutes: 120
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
- name: prepare variables
|
|
uses: ./.github/actions/docker-push-variables
|
|
id: ev
|
|
env:
|
|
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
|
- name: Comment on PR
|
|
uses: ./.github/actions/comment-pr-instructions
|
|
with:
|
|
tag: gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}-${{ steps.ev.outputs.shortHash }}
|