mirror of
https://github.com/goauthentik/authentik.git
synced 2026-06-17 19:09:11 +03:00
dependabot[bot]
91b8f85788
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 6.0.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
160 lines
5.2 KiB
YAML
160 lines
5.2 KiB
YAML
---
|
|
name: CI - Outpost
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- next
|
|
- version-*
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
- version-*
|
|
|
|
env:
|
|
POSTGRES_DB: authentik
|
|
POSTGRES_USER: authentik
|
|
POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
|
|
|
|
jobs:
|
|
lint-golint:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v5
|
|
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
|
|
with:
|
|
go-version-file: "go.mod"
|
|
- name: Prepare and generate API
|
|
run: |
|
|
# Create folder structure for go embeds
|
|
mkdir -p web/dist
|
|
mkdir -p website/help
|
|
touch web/dist/test website/help/test
|
|
- name: golangci-lint
|
|
uses: golangci/golangci-lint-action@82606bf257cbaff209d206a39f5134f0cfbfd2ee # v8
|
|
with:
|
|
version: latest
|
|
args: --timeout 5000s --verbose
|
|
skip-cache: true
|
|
test-unittest:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v5
|
|
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
|
|
with:
|
|
go-version-file: "go.mod"
|
|
- name: Setup authentik env
|
|
uses: ./.github/actions/setup
|
|
- name: prepare database
|
|
run: |
|
|
uv run make migrate
|
|
- name: Go unittests
|
|
run: |
|
|
go test -timeout 0 -v -race -coverprofile=coverage.out -covermode=atomic -cover ./...
|
|
ci-outpost-mark:
|
|
if: always()
|
|
needs:
|
|
- lint-golint
|
|
- test-unittest
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # release/v1
|
|
with:
|
|
jobs: ${{ toJSON(needs) }}
|
|
build-container:
|
|
timeout-minutes: 120
|
|
needs:
|
|
- ci-outpost-mark
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
type:
|
|
- proxy
|
|
- ldap
|
|
- radius
|
|
- rac
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
# Needed to upload container images to ghcr.io
|
|
packages: write
|
|
# Needed for attestation
|
|
id-token: write
|
|
attestations: write
|
|
steps:
|
|
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v5
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4.1.0
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
|
|
- name: prepare variables
|
|
uses: ./.github/actions/docker-push-variables
|
|
id: ev
|
|
env:
|
|
DOCKER_USERNAME: ${{ secrets.DOCKER_CORP_USERNAME }}
|
|
with:
|
|
image-name: ghcr.io/goauthentik/dev-${{ matrix.type }}
|
|
- name: Login to Container Registry
|
|
if: ${{ steps.ev.outputs.shouldPush == 'true' }}
|
|
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
- name: Build Docker Image
|
|
id: push
|
|
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
|
|
with:
|
|
tags: ${{ steps.ev.outputs.imageTags }}
|
|
file: lifecycle/container/${{ matrix.type }}.Dockerfile
|
|
push: ${{ steps.ev.outputs.shouldPush == 'true' }}
|
|
build-args: |
|
|
GIT_BUILD_HASH=${{ steps.ev.outputs.sha }}
|
|
platforms: linux/amd64,linux/arm64
|
|
context: .
|
|
cache-from: type=registry,ref=ghcr.io/goauthentik/dev-${{ matrix.type }}:buildcache
|
|
cache-to: ${{ steps.ev.outputs.shouldPush == 'true' && format('type=registry,ref=ghcr.io/goauthentik/dev-{0}:buildcache,mode=max', matrix.type) || '' }}
|
|
- uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v3
|
|
id: attest
|
|
if: ${{ steps.ev.outputs.shouldPush == 'true' }}
|
|
with:
|
|
subject-name: ${{ steps.ev.outputs.attestImageNames }}
|
|
subject-digest: ${{ steps.push.outputs.digest }}
|
|
push-to-registry: true
|
|
build-binary:
|
|
timeout-minutes: 120
|
|
needs:
|
|
- ci-outpost-mark
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
type:
|
|
- proxy
|
|
- ldap
|
|
- radius
|
|
- rac
|
|
goos: [linux]
|
|
goarch: [amd64, arm64]
|
|
steps:
|
|
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v5
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
|
|
with:
|
|
go-version-file: "go.mod"
|
|
- uses: ./.github/actions/setup-node
|
|
with:
|
|
working-directory: web
|
|
- name: Build web
|
|
run: corepack npm run build-proxy --prefix web
|
|
- name: Build outpost
|
|
run: |
|
|
set -x
|
|
export GOOS=${{ matrix.goos }}
|
|
export GOARCH=${{ matrix.goarch }}
|
|
export CGO_ENABLED=0
|
|
go build -tags=outpost_static_embed -v -o ./authentik-outpost-${{ matrix.type }}_${{ matrix.goos }}_${{ matrix.goarch }} ./cmd/${{ matrix.type }}
|