--- name: authentik-ci-main on: push: branches: - main - next - version-* pull_request: branches: - main - version-* env: POSTGRES_DB: authentik POSTGRES_USER: authentik POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77" jobs: lint: strategy: fail-fast: false matrix: job: - bandit - black - codespell - pending-migrations - ruff runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup authentik env uses: ./.github/actions/setup - name: run job run: uv run make ci-${{ matrix.job }} test-migrations: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup authentik env uses: ./.github/actions/setup - name: run migrations run: uv run python -m lifecycle.migrate test-make-seed: runs-on: ubuntu-latest steps: - id: seed run: | echo "seed=$(printf "%d\n" "0x$(openssl rand -hex 4)")" >> "$GITHUB_OUTPUT" outputs: seed: ${{ steps.seed.outputs.seed }} test-migrations-from-stable: name: test-migrations-from-stable - PostgreSQL ${{ matrix.psql }} - Run ${{ matrix.run_id }}/5 runs-on: ubuntu-latest timeout-minutes: 20 needs: test-make-seed strategy: fail-fast: false matrix: psql: - 15-alpine - 16-alpine - 17-alpine run_id: [1, 2, 3, 4, 5] steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: checkout stable run: | # Copy current, latest config to local cp authentik/lib/default.yml local.env.yml cp -R .github .. cp -R scripts .. git checkout $(git tag --sort=version:refname | grep '^version/' | grep -vE -- '-rc[0-9]+$' | tail -n1) rm -rf .github/ scripts/ mv ../.github ../scripts . - name: Setup authentik env (stable) uses: ./.github/actions/setup with: postgresql_version: ${{ matrix.psql }} - name: run migrations to stable run: uv run python -m lifecycle.migrate - name: checkout current code run: | set -x git fetch git reset --hard HEAD git clean -d -fx . git checkout $GITHUB_SHA - name: Setup authentik env (ensure latest deps are installed) uses: ./.github/actions/setup with: postgresql_version: ${{ matrix.psql }} - name: migrate to latest run: | uv run python -m lifecycle.migrate - name: run tests env: # Test in the main database that we just migrated from the previous stable version AUTHENTIK_POSTGRESQL__TEST__NAME: authentik CI_TEST_SEED: ${{ needs.test-make-seed.outputs.seed }} CI_RUN_ID: ${{ matrix.run_id }} CI_TOTAL_RUNS: "5" run: | uv run make ci-test test-unittest: name: test-unittest - PostgreSQL ${{ matrix.psql }} - Run ${{ matrix.run_id }}/5 runs-on: ubuntu-latest timeout-minutes: 20 needs: test-make-seed strategy: fail-fast: false matrix: psql: - 15-alpine - 16-alpine - 17-alpine run_id: [1, 2, 3, 4, 5] steps: - uses: actions/checkout@v4 - name: Setup authentik env uses: ./.github/actions/setup with: postgresql_version: ${{ matrix.psql }} - name: run unittest env: CI_TEST_SEED: ${{ needs.test-make-seed.outputs.seed }} CI_RUN_ID: ${{ matrix.run_id }} CI_TOTAL_RUNS: "5" run: | uv run make ci-test - if: ${{ always() }} uses: codecov/codecov-action@v5 with: flags: unit token: ${{ secrets.CODECOV_TOKEN }} - if: ${{ !cancelled() }} uses: codecov/test-results-action@v1 with: flags: unit file: unittest.xml token: ${{ secrets.CODECOV_TOKEN }} test-integration: runs-on: ubuntu-latest timeout-minutes: 30 steps: - uses: actions/checkout@v4 - name: Setup authentik env uses: ./.github/actions/setup - name: Create k8s Kind Cluster uses: helm/kind-action@v1.12.0 - name: run integration run: | uv run coverage run manage.py test tests/integration uv run coverage xml - if: ${{ always() }} uses: codecov/codecov-action@v5 with: flags: integration token: ${{ secrets.CODECOV_TOKEN }} - if: ${{ !cancelled() }} uses: codecov/test-results-action@v1 with: flags: integration file: unittest.xml token: ${{ secrets.CODECOV_TOKEN }} test-e2e: name: test-e2e (${{ matrix.job.name }}) runs-on: ubuntu-latest timeout-minutes: 30 strategy: fail-fast: false matrix: job: - name: proxy glob: tests/e2e/test_provider_proxy* - name: oauth glob: tests/e2e/test_provider_oauth2* tests/e2e/test_source_oauth* - name: oauth-oidc glob: tests/e2e/test_provider_oidc* - name: saml glob: tests/e2e/test_provider_saml* tests/e2e/test_source_saml* - name: ldap glob: tests/e2e/test_provider_ldap* tests/e2e/test_source_ldap* - name: radius glob: tests/e2e/test_provider_radius* - name: scim glob: tests/e2e/test_source_scim* - name: flows glob: tests/e2e/test_flows* steps: - uses: actions/checkout@v4 - name: Setup authentik env uses: ./.github/actions/setup - name: Setup e2e env (chrome, etc) run: | docker compose -f tests/e2e/docker-compose.yml up -d --quiet-pull - id: cache-web uses: actions/cache@v4 with: path: web/dist key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'package-lock.json', 'web/src/**', 'web/packages/sfe/src/**') }}-b - name: prepare web ui if: steps.cache-web.outputs.cache-hit != 'true' working-directory: web run: | npm ci make -C .. gen-client-ts npm run build npm run build:sfe - name: run e2e run: | uv run coverage run manage.py test ${{ matrix.job.glob }} uv run coverage xml - if: ${{ always() }} uses: codecov/codecov-action@v5 with: flags: e2e token: ${{ secrets.CODECOV_TOKEN }} - if: ${{ !cancelled() }} uses: codecov/test-results-action@v1 with: flags: e2e file: unittest.xml token: ${{ secrets.CODECOV_TOKEN }} ci-core-mark: if: always() needs: - lint - test-migrations - test-migrations-from-stable - test-unittest - test-integration - test-e2e runs-on: ubuntu-latest steps: - uses: re-actors/alls-green@release/v1 with: jobs: ${{ toJSON(needs) }} build: permissions: # Needed to upload container images to ghcr.io packages: write # Needed for attestation id-token: write attestations: write # Needed for checkout contents: read needs: ci-core-mark uses: ./.github/workflows/_reusable-docker-build.yaml secrets: inherit with: image_name: ${{ github.repository == 'goauthentik/authentik-internal' && 'ghcr.io/goauthentik/internal-server' || 'ghcr.io/goauthentik/dev-server' }} release: false pr-comment: needs: - build runs-on: ubuntu-latest if: ${{ github.event_name == 'pull_request' }} permissions: # Needed to write comments on PRs pull-requests: write timeout-minutes: 120 steps: - uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha }} - name: prepare variables uses: ./.github/actions/docker-push-variables id: ev env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} with: image-name: ghcr.io/goauthentik/dev-server - name: Comment on PR if: ${{ steps.ev.outputs.shouldPush == 'true' }} uses: ./.github/actions/comment-pr-instructions with: tag: ${{ steps.ev.outputs.imageMainTag }}