diff --git a/.github/actions/build-keycloak/action.yml b/.github/actions/build-keycloak/action.yml
new file mode 100644
index 0000000000..8587495e29
--- /dev/null
+++ b/.github/actions/build-keycloak/action.yml
@@ -0,0 +1,82 @@
+name: Build Keycloak
+description: Builds Keycloak providing Maven repository with all artifacts
+
+inputs:
+ upload-m2-repo:
+ description: Upload Maven repository for org.keycloak artifacts
+ required: false
+ default: true
+ upload-dist:
+ description: Upload distribution
+ required: false
+ default: false
+ jdk-dist:
+ description: JDK distribution
+ required: false
+ default: temurin
+ jdk-version:
+ description: JDK version
+ required: false
+ default: 11
+
+runs:
+ using: composite
+ steps:
+ - id: setup-java
+ name: Setup Java
+ uses: actions/setup-java@v3
+ with:
+ distribution: ${{ inputs.jdk-dist }}
+ java-version: ${{ inputs.jdk-version }}
+
+ - id: maven-cache
+ name: Maven cache
+ uses: ./.github/actions/maven-cache
+
+ - id: phantomjs-cache
+ name: PhantomJS cache
+ uses: ./.github/actions/phantomjs-cache
+
+ - id: npm-cache
+ name: NPM cache
+ uses: ./.github/actions/npm-cache
+
+ - id: build-keycloak
+ name: Build Keycloak
+ shell: bash
+ run: |
+ MVN_HTTP_CONFIG="-Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120"
+ ./mvnw install -nsu -B -e -DskipTests -DskipExamples $MVN_HTTP_CONFIG
+
+ - id: compress-keycloak-maven-repository
+ name: Compress Keycloak Maven artifacts
+ if: inputs.upload-m2-repo == 'true'
+ shell: bash
+ run: |
+ tar -C ~/ --use-compress-program zstd -cf m2-keycloak.tzts \
+ --exclude '*.tar.gz' \
+ .m2/repository/org/keycloak
+
+ - id: upload-keycloak-maven-repository
+ name: Upload Keycloak Maven artifacts
+ if: inputs.upload-m2-repo == 'true'
+ uses: actions/upload-artifact@v3
+ with:
+ name: m2-keycloak.tzts
+ path: m2-keycloak.tzts
+ retention-days: 1
+
+ - id: upload-keycloak-dist
+ name: Upload Keycloak dist
+ if: inputs.upload-dist == 'true'
+ uses: actions/upload-artifact@v3
+ with:
+ name: keycloak-dist
+ path: quarkus/dist/target/keycloak*.tar.gz
+ retention-days: 1
+
+ - id: maven-cache-cleanup
+ name: Maven cache cleanup
+ if: steps.maven-cache.outputs.cache-hit != 'true'
+ shell: bash
+ run: rm -rf ~/.m2/repository/org/keycloak
diff --git a/.github/actions/changed-files/action.yml b/.github/actions/changed-files/action.yml
new file mode 100644
index 0000000000..cf9dbeb6bd
--- /dev/null
+++ b/.github/actions/changed-files/action.yml
@@ -0,0 +1,49 @@
+name: Changed Files
+description: Checks changes against target branch
+
+outputs:
+ java:
+ description: Changes to Java files
+ value: ${{ steps.changes.outputs.java }}
+ themes:
+ description: Changes to themes
+ value: ${{ steps.changes.outputs.themes }}
+ js-adapter:
+ description: Changes to JavaScript adapter
+ value: ${{ steps.changes.outputs.js-adapter }}
+
+runs:
+ using: composite
+ steps:
+ - id: changes
+ name: Find changes
+ shell: bash
+ run: |
+ BASE_REF=${{ github.base_ref }}
+
+ changed () {
+ git diff --name-only origin/${{ github.base_ref }} | grep -E "$1" &>/dev/null && echo true || echo false
+ }
+
+ if [ "$BASE_REF" != "" ]; then
+ echo "Checking changes against orgin/$BASE_REF"
+ git fetch origin
+
+ JAVA=`changed '^.*/.*.java$'`
+ THEMES=`changed '^themes/src/main/.*$'`
+ JS_ADAPTER=`changed '^adapters/oidc/js/.*$'`
+ else
+ echo "Not a pull request, marking everything as changed"
+
+ JAVA=true
+ THEMES=true
+ JS_ADAPTER=true
+ fi
+
+ echo "Java changed: $JAVA"
+ echo "Themes changed: $THEMES"
+ echo "JS adapter changed: $JS_ADAPTER"
+
+ echo "java=$JAVA" >> $GITHUB_OUTPUT
+ echo "themes=$THEMES" >> $GITHUB_OUTPUT
+ echo "js-adapter=$JS_ADAPTER" >> $GITHUB_OUTPUT
diff --git a/.github/actions/checks-job-pass/action.yml b/.github/actions/checks-job-pass/action.yml
new file mode 100644
index 0000000000..30b782a7e8
--- /dev/null
+++ b/.github/actions/checks-job-pass/action.yml
@@ -0,0 +1,34 @@
+name: Check if a job passed
+description: Fails if the job is required and was not successful
+
+inputs:
+ required:
+ description: Is the job required
+ required: true
+ default: true
+ conclusion:
+ description: Job conclusion (success if passed, most likely empty otherwise)
+ required: true
+
+outputs:
+ status:
+ description: "Check status"
+ value: ${{ steps.changes.outputs.java }}
+
+runs:
+ using: "composite"
+ steps:
+ - id: check-job
+ name: Check job
+ shell: bash
+ run: |
+ if [ "${{ inputs.required }}" == "false" ]; then
+ echo "Not required to run, skipping"
+ else
+ if [ "${{ inputs.conclusion }}" == "success" ]; then
+ echo "Success"
+ else
+ echo "Required to run, but didn't succeed"
+ exit 1
+ fi
+ fi
diff --git a/.github/actions/checks-success/action.yml b/.github/actions/checks-success/action.yml
new file mode 100644
index 0000000000..64377fb426
--- /dev/null
+++ b/.github/actions/checks-success/action.yml
@@ -0,0 +1,16 @@
+name: Mark job as successful
+description: Workaround for GitHub Actions not setting conclusion on jobs passed through needs
+
+outputs:
+ conclusion:
+ description: Conclusion
+ value: ${{ steps.check.outputs.conclusion }}
+
+runs:
+ using: composite
+ steps:
+ - id: check
+ name: Set success
+ shell: bash
+ run: |
+ echo "conclusion=success" >> $GITHUB_OUTPUT
diff --git a/.github/actions/integration-test-setup/action.yml b/.github/actions/integration-test-setup/action.yml
new file mode 100644
index 0000000000..f698c51206
--- /dev/null
+++ b/.github/actions/integration-test-setup/action.yml
@@ -0,0 +1,41 @@
+name: Setup integration test
+description: Download Maven caches needed for integration tests
+
+inputs:
+ jdk-dist:
+ description: JDK distribution
+ required: false
+ default: temurin
+ jdk-version:
+ description: JDK version
+ required: false
+ default: 11
+
+runs:
+ using: composite
+ steps:
+ - id: setup-java
+ name: Setup Java
+ uses: actions/setup-java@v3
+ with:
+ distribution: ${{ inputs.jdk-dist }}
+ java-version: ${{ inputs.jdk-version }}
+
+ - id: maven-cache
+ name: Maven cache
+ uses: ./.github/actions/maven-cache
+
+ - id: phantomjs-cache
+ name: PhantomJS cache
+ uses: ./.github/actions/phantomjs-cache
+
+ - id: download-keycloak
+ name: Download Keycloak Maven artifacts
+ uses: actions/download-artifact@v3
+ with:
+ name: m2-keycloak.tzts
+
+ - id: extract-maven-artifacts
+ name: Extract Keycloak Maven artifacts
+ shell: bash
+ run: tar -C ~/ --use-compress-program unzstd -xf m2-keycloak.tzts
diff --git a/.github/actions/maven-cache/action.yml b/.github/actions/maven-cache/action.yml
new file mode 100644
index 0000000000..7d2c56f8e4
--- /dev/null
+++ b/.github/actions/maven-cache/action.yml
@@ -0,0 +1,28 @@
+name: Maven Cache
+description: Caches Maven artifacts
+
+runs:
+ using: composite
+ steps:
+ - id: weekly-cache-key
+ name: Key for weekly rotation of cache
+ shell: bash
+ run: echo "key=mvn-`date -u "+%Y-%U"`" >> $GITHUB_OUTPUT
+
+ - id: cache-maven-repository
+ name: Maven cache
+ uses: actions/cache@v3
+ with:
+ path: ~/.m2/repository
+ key: ${{ steps.weekly-cache-key.outputs.key }}
+
+ - id: check-maven-cache
+ name: Check cache has no Keycloak artifacts
+ if: steps.cache-maven-repository.outputs.cache-hit == 'true'
+ shell: bash
+ run: |
+ if ( stat ~/.m2/repository/org/keycloak &>/dev/null ); then
+ echo "Found org/keycloak artifacts in Maven repository cache"
+ ls ~/.m2/repository/org/keycloak
+ exit 1
+ fi
diff --git a/.github/actions/npm-cache/action.yml b/.github/actions/npm-cache/action.yml
new file mode 100644
index 0000000000..efc9c3faa9
--- /dev/null
+++ b/.github/actions/npm-cache/action.yml
@@ -0,0 +1,17 @@
+name: NPM Cache
+description: Caches NPM artifacts
+
+runs:
+ using: composite
+ steps:
+ - id: weekly-cache-key
+ name: Key for weekly rotation of cache
+ shell: bash
+ run: echo "key=npm-`date -u "+%Y-%U"`" >> $GITHUB_OUTPUT
+
+ - id: cache-npm-repository
+ name: NPM cache
+ uses: actions/cache@v3
+ with:
+ path: ~/.npm
+ key: ${{ steps.weekly-cache-key.outputs.key }}
diff --git a/.github/actions/phantomjs-cache/action.yml b/.github/actions/phantomjs-cache/action.yml
new file mode 100644
index 0000000000..6b17be10c1
--- /dev/null
+++ b/.github/actions/phantomjs-cache/action.yml
@@ -0,0 +1,26 @@
+name: PhantomJS Cache
+description: Caches PhantomJS driver
+
+inputs:
+ version:
+ description: PhantomJS Driver version
+ required: false
+ default: 2.1.1
+
+runs:
+ using: composite
+ steps:
+ - id: cache-phantomjs-driver
+ name: PhantomJS Driver cache
+ uses: actions/cache@v3
+ with:
+ path: ~/.arquillian/drone
+ key: phantomjs-${{ inputs.version }}
+
+ - id: download-phantomjs-driver
+ name: Download PhantomJS Driver
+ if: steps.cache-phantomjs-driver.outputs.cache-hit != 'true'
+ shell: bash
+ run: |
+ mkdir -p ~/.arquillian/drone/phantomjs/${{ inputs.version }}/
+ curl -L https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-${{ inputs.version }}-linux-x86_64.tar.bz2 --output ~/.arquillian/drone/phantomjs/${{ inputs.version }}/phantomjs-${{ inputs.version }}-linux-x86_64.tar.bz2
diff --git a/.github/actions/unit-test-setup/action.yml b/.github/actions/unit-test-setup/action.yml
new file mode 100644
index 0000000000..763506f809
--- /dev/null
+++ b/.github/actions/unit-test-setup/action.yml
@@ -0,0 +1,26 @@
+name: Setup unit test
+description: Download Maven caches needed for unit tests
+
+inputs:
+ jdk-dist:
+ description: JDK distribution
+ required: false
+ default: temurin
+ jdk-version:
+ description: JDK version
+ required: false
+ default: 11
+
+runs:
+ using: composite
+ steps:
+ - id: setup-java
+ name: Setup Java
+ uses: actions/setup-java@v3
+ with:
+ distribution: ${{ inputs.jdk-dist }}
+ java-version: ${{ inputs.jdk-version }}
+
+ - id: maven-cache
+ name: Maven cache
+ uses: ./.github/actions/maven-cache
diff --git a/.github/scripts/quickstarts/prepare-server.sh b/.github/scripts/quickstarts/prepare-server.sh
deleted file mode 100755
index a036908bd0..0000000000
--- a/.github/scripts/quickstarts/prepare-server.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash -e
-
-VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec -f keycloak)
-
-unzip ~/.m2/repository/org/keycloak/keycloak-server-dist/${VERSION}/keycloak-server-dist-${VERSION}.zip
-mv keycloak-${VERSION} keycloak-dist
-
-keycloak-dist/bin/add-user-keycloak.sh -u admin -p admin
-
-# update QS version to match KC version
-mvn versions:set -DnewVersion=$VERSION -DgenerateBackupPoms=false -DgroupId=org.keycloak* -DartifactId=* -Pbump-version -B
\ No newline at end of file
diff --git a/.github/settings.xml b/.github/settings.xml
deleted file mode 100644
index e7974ab9bb..0000000000
--- a/.github/settings.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-
-
-
- update-policy
-
- true
-
-
-
- central
- Maven Central
- https://repo.maven.apache.org/maven2
-
- false
-
-
- interval:43200
-
-
-
- jboss-public-repository
- Jboss Public
- https://repository.jboss.org/nexus/content/groups/public/
-
- false
-
-
- interval:43200
-
-
-
- redhat-enterprise-maven-repository
- Red Hat Enterprise Maven Repository
- https://maven.repository.redhat.com/ga/
-
- false
-
-
- interval:43200
-
-
-
-
-
-
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 25fc14bf8c..3b81676ee6 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -2,374 +2,198 @@ name: Keycloak CI
on:
push:
- branches-ignore: [main]
- # as the ci.yml contains actions that are required for PRs to be merged, it will always need to run on all PRs
- pull_request: {}
+ branches-ignore:
+ - main
+ - dependabot/**
+ pull_request:
schedule:
- - cron: '0 20,23,2,5 * * *'
+ - cron: 0 20,23,2,5 * * *
workflow_dispatch:
env:
DEFAULT_JDK_VERSION: 11
- MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120
+ DEFAULT_JDK_DIST: temurin
concurrency:
- # Only cancel jobs for new commits on PRs, and always do a complete run on other branches (e.g. `main`).
- # See: https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value
- group: keycloak-ci-${{ github.head_ref || github.run_id }}
+ # Only cancel jobs for PR updates
+ group: ci-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
+defaults:
+ run:
+ shell: bash
+
jobs:
build:
name: Build
- if: ${{ ( github.event_name != 'schedule' ) || ( github.event_name == 'schedule' && github.repository == 'keycloak/keycloak' ) }}
+ if: github.event_name != 'schedule' || github.repository == 'keycloak/keycloak'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- - uses: actions/setup-java@v3
- with:
- distribution: 'temurin'
- java-version: ${{ env.DEFAULT_JDK_VERSION }}
- cache: 'maven'
- - name: Update maven settings
- run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
- name: Build Keycloak
- run: |
- ./mvnw clean install -nsu -B -e -DskipTests -Pdistribution
- ./mvnw clean install -nsu -B -e -f testsuite/integration-arquillian/servers/auth-server -Pauth-server-quarkus
- ./mvnw clean install -nsu -B -e -f testsuite/integration-arquillian/servers/auth-server -Pauth-server-undertow
-
- - name: Store Keycloak artifacts
- id: store-keycloak
- uses: actions/upload-artifact@v3
- with:
- name: keycloak-artifacts.zip
- retention-days: 1
- path: |
- ~/.m2/repository/org/keycloak
- !~/.m2/repository/org/keycloak/**/*.tar.gz
-
- - name: Remove keycloak artifacts before caching
- if: steps.cache.outputs.cache-hit != 'true'
- run: rm -rf ~/.m2/repository/org/keycloak
-
-# Tests: Regular distribution
+ uses: ./.github/actions/build-keycloak
unit-tests:
- name: Unit Tests
+ name: Base UT
runs-on: ubuntu-latest
needs: build
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
- - uses: actions/setup-java@v3
- with:
- distribution: 'temurin'
- java-version: ${{ env.DEFAULT_JDK_VERSION }}
- cache: 'maven'
- - name: Update maven settings
- run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
- - name: Cleanup org.keycloak artifacts
- run: rm -rf ~/.m2/repository/org/keycloak >/dev/null || true
- - name: Download built keycloak
- id: download-keycloak
- uses: actions/download-artifact@v3
- with:
- path: ~/.m2/repository/org/keycloak/
- name: keycloak-artifacts.zip
+
+ - id: unit-test-setup
+ name: Unit test setup
+ uses: ./.github/actions/unit-test-setup
+
- name: Run unit tests
- run: |
- if ! ./mvnw install -nsu -B -DskipTestsuite -DskipQuarkus -DskipExamples -f pom.xml; then
- find . -path '*/target/surefire-reports/*.xml' | zip -q reports-unit-tests.zip -@
- exit 1
- fi
+ run: ./mvnw install -nsu -B -DskipTestsuite -DskipQuarkus -DskipExamples
- - name: Analyze Test and/or Coverage Results
- uses: runforesight/foresight-test-kit-action@v1.3.0
- if: always() && github.repository == 'keycloak/keycloak'
- with:
- api_key: ${{ secrets.FORESIGHT_API_KEY }}
- test_format: JUNIT
- test_framework: JUNIT
- test_path: '**/target/surefire-reports/*.xml'
-
- - name: Unit test reports
- uses: actions/upload-artifact@v3
- if: failure()
- with:
- name: reports-unit-tests
- retention-days: 14
- path: reports-unit-tests.zip
- if-no-files-found: ignore
-
- crypto-tests:
- name: Crypto Tests
- runs-on: ubuntu-latest
- needs: build
- timeout-minutes: 20
- steps:
- - uses: actions/checkout@v3
- - uses: actions/setup-java@v3
- with:
- distribution: 'temurin'
- java-version: ${{ env.DEFAULT_JDK_VERSION }}
- cache: 'maven'
- - name: Update maven settings
- run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
- - name: Cleanup org.keycloak artifacts
- run: rm -rf ~/.m2/repository/org/keycloak >/dev/null || true
- - name: Download built keycloak
- id: download-keycloak
- uses: actions/download-artifact@v3
- with:
- path: ~/.m2/repository/org/keycloak/
- name: keycloak-artifacts.zip
- - name: Run crypto tests (BCFIPS non-approved mode)
- run: |
- if ! ./mvnw install -nsu -B -f crypto/pom.xml -Dcom.redhat.fips=true; then
- find . -path 'crypto/target/surefire-reports/*.xml' | zip -q reports-crypto-tests.zip -@
- exit 1
- fi
-
- - name: Run crypto tests (BCFIPS approved mode)
- run: |
- if ! ./mvnw install -nsu -B -f crypto/pom.xml -Dcom.redhat.fips=true -Dorg.bouncycastle.fips.approved_only=true; then
- find . -path 'crypto/target/surefire-reports/*.xml' | zip -q reports-crypto-tests.zip -@
- exit 1
- fi
-
- - name: Crypto test reports
- uses: actions/upload-artifact@v3
- if: failure()
- with:
- name: reports-crypto-tests
- retention-days: 14
- path: reports-crypto-tests.zip
- if-no-files-found: ignore
-
- model-tests:
- name: Model Tests
- runs-on: ubuntu-latest
- needs: build
- timeout-minutes: 60
- steps:
- - uses: actions/checkout@v3
- - uses: actions/setup-java@v3
- with:
- distribution: 'temurin'
- java-version: ${{ env.DEFAULT_JDK_VERSION }}
- cache: 'maven'
- - name: Update maven settings
- run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
- - name: Cleanup org.keycloak artifacts
- run: rm -rf ~/.m2/repository/org/keycloak >/dev/null || true
- - name: Download built keycloak
- id: download-keycloak
- uses: actions/download-artifact@v3
- with:
- path: ~/.m2/repository/org/keycloak/
- name: keycloak-artifacts.zip
- - name: Run model tests
- run: |
- if ! testsuite/model/test-all-profiles.sh; then
- find . -path '*/target/surefire-reports*/*.xml' | zip -q reports-model-tests.zip -@
- exit 1
- fi
-
- - name: Analyze Test and/or Coverage Results
- uses: runforesight/foresight-test-kit-action@v1.3.0
- if: always() && github.repository == 'keycloak/keycloak'
- with:
- api_key: ${{ secrets.FORESIGHT_API_KEY }}
- test_format: JUNIT
- test_framework: JUNIT
- test_path: 'testsuite/model/target/surefire-reports/*.xml'
-
- - name: Model test reports
- uses: actions/upload-artifact@v3
- if: failure()
- with:
- name: reports-model-tests
- retention-days: 14
- path: reports-model-tests.zip
- if-no-files-found: ignore
-
- test:
- name: Base testsuite
+ base-integration-tests:
+ name: Base IT
needs: build
runs-on: ubuntu-latest
timeout-minutes: 100
strategy:
matrix:
- server: ['quarkus', 'quarkus-map', 'quarkus-map-hot-rod', 'quarkus-map-jpa']
- tests: ['group1','group2','group3']
+ group: [1, 2, 3, 4, 5, 6]
fail-fast: false
steps:
- uses: actions/checkout@v3
- with:
- fetch-depth: 2
- - name: Check whether HEAD^ contains HotRod storage relevant changes
- run: echo "GIT_HOTROD_RELEVANT_DIFF=$( git diff --name-only HEAD^ | egrep -ic -e '^model/map-hot-rod|^model/map/|^model/build-processor' )" >> $GITHUB_ENV
+ - id: integration-test-setup
+ name: Integration test setup
+ uses: ./.github/actions/integration-test-setup
- - name: Check whether HotRod storage matrix should be executed
- if: ${{ endsWith(matrix.server, '-map-hot-rod') && env.GIT_HOTROD_RELEVANT_DIFF == 0 }}
- run: echo "SHOULD_BE_EXECUTED=false" >> $GITHUB_ENV
-
- - name: Check whether HEAD^ contains JPA map storage relevant changes
- run: echo "GIT_MAP_JPA_RELEVANT_DIFF=$( git diff --name-only HEAD^ | egrep -ic -e '^model/map-jpa/|^model/map/|^model/build-processor' )" >> $GITHUB_ENV
-
- - name: Check whether Map-JPA storage matrix should be executed
- if: ${{ endsWith(matrix.server, '-map-jpa') && env.GIT_MAP_JPA_RELEVANT_DIFF == 0 }}
- run: echo "SHOULD_BE_EXECUTED=false" >> $GITHUB_ENV
-
- - name: Cache Maven packages
- if: ${{ github.event_name != 'pull_request' || env.SHOULD_BE_EXECUTED != 'false' }}
- uses: actions/cache@v3
- with:
- path: ~/.m2/repository
- key: cache-2-${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
- restore-keys: cache-1-${{ runner.os }}-m2
-
- - name: Download built keycloak
- if: ${{ github.event_name != 'pull_request' || env.SHOULD_BE_EXECUTED != 'false' }}
- id: download-keycloak
- uses: actions/download-artifact@v3
- with:
- path: ~/.m2/repository/org/keycloak/
- name: keycloak-artifacts.zip
-
- # - name: List M2 repo
- # run: |
- # find ~ -name *dist*.zip
- # ls -lR ~/.m2/repository
-
- - uses: actions/setup-java@v3
- if: ${{ github.event_name != 'pull_request' || env.SHOULD_BE_EXECUTED != 'false' }}
- with:
- distribution: 'temurin'
- java-version: ${{ env.DEFAULT_JDK_VERSION }}
- - name: Update maven settings
- if: ${{ github.event_name != 'pull_request' || env.SHOULD_BE_EXECUTED != 'false' }}
- run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
- - name: Prepare test providers
- if: ${{ matrix.server == 'quarkus' || matrix.server == 'quarkus-map' }}
- run: ./mvnw clean install -nsu -B -e -f testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers -Pauth-server-quarkus
- name: Run base tests
- if: ${{ github.event_name != 'pull_request' || env.SHOULD_BE_EXECUTED != 'false' }}
run: |
- declare -A PARAMS TESTGROUP
- PARAMS["quarkus"]="-Pauth-server-quarkus"
- PARAMS["quarkus-map"]="-Pauth-server-quarkus -Pmap-storage -Dpageload.timeout=90000"
- PARAMS["quarkus-map-hot-rod"]="-Pauth-server-quarkus -Pmap-storage,map-storage-hot-rod -Dpageload.timeout=90000"
- PARAMS["quarkus-map-jpa"]="-Pauth-server-quarkus -Pmap-storage,map-storage-jpa -Dpageload.timeout=90000"
- TESTGROUP["group1"]="-Dtest=!**.crossdc.**,!**.cluster.**,%regex[org.keycloak.testsuite.(a[abc]|ad[a-l]|[^a-q]).*]" # Tests alphabetically before admin tests and those after "r"
- TESTGROUP["group2"]="-Dtest=!**.crossdc.**,!**.cluster.**,%regex[org.keycloak.testsuite.(ad[^a-l]|a[^a-d]|b).*]" # Admin tests and those starting with "b"
- TESTGROUP["group3"]="-Dtest=!**.crossdc.**,!**.cluster.**,%regex[org.keycloak.testsuite.([c-q]).*]" # All the rest
+ TESTS=`testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh ${{ matrix.group }}`
+ echo "Tests: $TESTS"
+ ./mvnw install -nsu -B -Pauth-server-quarkus -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base | misc/log/trimmer.sh
- ./mvnw clean install -nsu -B ${PARAMS["${{ matrix.server }}"]} ${TESTGROUP["${{ matrix.tests }}"]} -f testsuite/integration-arquillian/tests/base/pom.xml | misc/log/trimmer.sh
+ quarkus-integration-tests:
+ name: Quarkus IT
+ needs: build
+ runs-on: ubuntu-latest
+ timeout-minutes: 115
+ strategy:
+ matrix:
+ server: [zip, container, storage]
+ fail-fast: false
+ env:
+ MAVEN_OPTS: -Xmx1024m
+ steps:
+ - uses: actions/checkout@v3
- TEST_RESULT=${PIPESTATUS[0]}
- find . -path '*/target/surefire-reports/*.xml' | zip -q reports-${{ matrix.server }}-base-tests-${{ matrix.tests }}.zip -@
- exit $TEST_RESULT
+ - id: unit-test-setup
+ name: Unit test setup
+ uses: ./.github/actions/unit-test-setup
- - name: Analyze Test and/or Coverage Results
- uses: runforesight/foresight-test-kit-action@v1.3.0
- if: always() && github.repository == 'keycloak/keycloak'
+ - name: Run Quarkus integration Tests
+ run: |
+ declare -A PARAMS
+ PARAMS["zip"]=""
+ PARAMS["container"]="-Dkc.quarkus.tests.dist=docker"
+ PARAMS["storage"]="-Ptest-database -Dtest=PostgreSQLDistTest,MariaDBDistTest#testSuccessful,MySQLDistTest#testSuccessful,DatabaseOptionsDistTest,JPAStoreDistTest,HotRodStoreDistTest,MixedStoreDistTest"
+
+ ./mvnw install -nsu -B -pl quarkus/tests/integration -am -DskipTests
+ ./mvnw test -nsu -B -pl quarkus/tests/integration ${PARAMS["${{ matrix.server }}"]} | misc/log/trimmer.sh
+
+ jdk-integration-tests:
+ name: Java Distribution IT
+ needs: build
+ runs-on: ubuntu-latest
+ timeout-minutes: 100
+ strategy:
+ matrix:
+ dist: [temurin]
+ version: [17, 19]
+ fail-fast: false
+ steps:
+ - uses: actions/checkout@v3
+
+ - id: integration-test-setup
+ name: Integration test setup
+ uses: ./.github/actions/integration-test-setup
with:
- api_key: ${{ secrets.FORESIGHT_API_KEY }}
- test_format: JUNIT
- test_framework: JUNIT
- test_path: 'testsuite/integration-arquillian/tests/base/target/surefire-reports/*.xml'
+ jdk-dist: ${{ matrix.dist }}
+ jdk-version: ${{ matrix.version }}
- - name: Base test reports
- uses: actions/upload-artifact@v3
- if: failure()
- with:
- name: reports-${{ matrix.server }}-base-tests-${{ matrix.tests }}
- retention-days: 14
- path: reports-${{ matrix.server }}-base-tests-${{ matrix.tests }}.zip
- if-no-files-found: ignore
+ - name: Prepare Quarkus distribution with current JDK
+ run: ./mvnw install -nsu -B -e -pl testsuite/integration-arquillian/servers/auth-server/quarkus
- test-fips:
- name: Base testsuite (fips)
+ - name: Run base tests
+ run: |
+ TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh jdk`
+ echo "Tests: $TESTS"
+ ./mvnw install -nsu -B -Pauth-server-quarkus -Pdb-${{ matrix.db }} -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base | misc/log/trimmer.sh
+
+ new-store-integration-tests:
+ name: New Store IT
needs: build
runs-on: ubuntu-latest
timeout-minutes: 45
strategy:
matrix:
- server: ['bcfips-nonapproved-pkcs12']
- tests: ['group1', 'group2']
+ db: [chm, hot-rod, jpa]
fail-fast: false
steps:
- uses: actions/checkout@v3
- with:
- fetch-depth: 2
- - name: Cache Maven packages
- uses: actions/cache@v3
- with:
- path: ~/.m2/repository
- key: cache-2-${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
- restore-keys: cache-1-${{ runner.os }}-m2
+ - id: integration-test-setup
+ name: Integration test setup
+ uses: ./.github/actions/integration-test-setup
- - name: Download built keycloak
- id: download-keycloak
- uses: actions/download-artifact@v3
- with:
- path: ~/.m2/repository/org/keycloak/
- name: keycloak-artifacts.zip
-
- # - name: List M2 repo
- # run: |
- # find ~ -name *dist*.zip
- # ls -lR ~/.m2/repository
-
- - uses: actions/setup-java@v3
- with:
- distribution: 'temurin'
- java-version: ${{ env.DEFAULT_JDK_VERSION }}
- - name: Update maven settings
- run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
- - name: Prepare quarkus distribution with BCFIPS
- run: ./mvnw clean install -nsu -B -e -f testsuite/integration-arquillian/servers/auth-server/quarkus -Pauth-server-quarkus,auth-server-fips140-2
- name: Run base tests
run: |
- declare -A PARAMS TESTGROUP
- PARAMS["bcfips-nonapproved-pkcs12"]="-Pauth-server-quarkus,auth-server-fips140-2"
- # Tests in the package "forms" and some keystore related tests
- TESTGROUP["group1"]="-Dtest=org.keycloak.testsuite.forms.**,ClientAuthSignedJWTTest,CredentialsTest,JavaKeystoreKeyProviderTest,ServerInfoTest,UserFederationLdapConnectionTest,LDAPUserLoginTest"
- TESTGROUP["group2"]="-Dtest=org.keycloak.testsuite.x509.**,MutualTLSClientTest,FAPI1Test,FAPICIBATest,KcRegTest,KcRegCreateTest,KcAdmTest,KcAdmCreateTest" # Tests for X.509 authentication with users and clients and CLI tests
-
- ./mvnw clean install -nsu -B ${PARAMS["${{ matrix.server }}"]} ${TESTGROUP["${{ matrix.tests }}"]} -f testsuite/integration-arquillian/tests/base/pom.xml | misc/log/trimmer.sh
-
- TEST_RESULT=${PIPESTATUS[0]}
- find . -path '*/target/surefire-reports/*.xml' | zip -q reports-${{ matrix.server }}-base-tests-${{ matrix.tests }}.zip -@
- exit $TEST_RESULT
+ declare -A PARAMS
+ PARAMS["chm"]="-Pmap-storage -Dpageload.timeout=90000"
+ PARAMS["hot-rod"]="-Pmap-storage,map-storage-hot-rod -Dpageload.timeout=90000"
+ PARAMS["jpa"]="-Pmap-storage,map-storage-jpa -Dpageload.timeout=90000"
- - name: Analyze Test and/or Coverage Results
- uses: runforesight/foresight-test-kit-action@v1.3.0
- if: always() && github.repository == 'keycloak/keycloak'
- with:
- api_key: ${{ secrets.FORESIGHT_API_KEY }}
- test_format: JUNIT
- test_framework: JUNIT
- test_path: 'testsuite/integration-arquillian/tests/base/target/surefire-reports/*.xml'
+ TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh database`
+ echo "Tests: $TESTS"
+ ./mvnw install -nsu -B -Pauth-server-quarkus ${PARAMS["${{ matrix.db }}"]} -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base | misc/log/trimmer.sh
- - name: Base test reports
- uses: actions/upload-artifact@v3
- if: failure()
- with:
- name: reports-${{ matrix.server }}-base-tests-${{ matrix.tests }}
- retention-days: 14
- path: reports-${{ matrix.server }}-base-tests-${{ matrix.tests }}.zip
- if-no-files-found: ignore
+ legacy-store-integration-tests:
+ name: Legacy Store IT
+ needs: build
+ runs-on: ubuntu-latest
+ timeout-minutes: 45
+ strategy:
+ matrix:
+ db: [postgres, mysql] # 'mariadb' is not always shutting down, 'mssql', 'oracle11g' containers not available
+ fail-fast: false
+ steps:
+ - uses: actions/checkout@v3
-### Tests: Quarkus distribution
+ - id: integration-test-setup
+ name: Integration test setup
+ uses: ./.github/actions/integration-test-setup
- quarkus-test-cluster:
- name: Quarkus Test Clustering
+ - name: Run base tests
+ run: |
+ TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh database`
+ echo "Tests: $TESTS"
+ ./mvnw install -nsu -B -Pauth-server-quarkus -Pdb-${{ matrix.db }} -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base | misc/log/trimmer.sh
+
+ store-model-tests:
+ name: Store Model Tests
+ runs-on: ubuntu-latest
+ needs: build
+ timeout-minutes: 60
+ steps:
+ - uses: actions/checkout@v3
+
+ - id: integration-test-setup
+ name: Integration test setup
+ uses: ./.github/actions/integration-test-setup
+
+ - name: Run model tests
+ run: testsuite/model/test-all-profiles.sh
+
+ clustering-integration-tests:
+ name: Legacy Clustering IT
needs: build
runs-on: ubuntu-latest
timeout-minutes: 35
@@ -378,181 +202,86 @@ jobs:
steps:
- uses: actions/checkout@v3
- - uses: actions/setup-java@v3
- with:
- distribution: 'temurin'
- java-version: ${{ env.DEFAULT_JDK_VERSION }}
- cache: 'maven'
+ - id: integration-test-setup
+ name: Integration test setup
+ uses: ./.github/actions/integration-test-setup
- - name: Cleanup org.keycloak artifacts
- run: rm -rf ~/.m2/repository/org/keycloak >/dev/null || true
-
- - name: Download built keycloak
- id: download-keycloak
- uses: actions/download-artifact@v3
- with:
- path: ~/.m2/repository/org/keycloak/
- name: keycloak-artifacts.zip
- - uses: actions/setup-java@v3
- with:
- distribution: 'temurin'
- java-version: ${{ env.DEFAULT_JDK_VERSION }}
- - name: Update maven settings
- run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
- - name: Run Quarkus cluster tests
+ - name: Run cluster tests
run: |
- echo '::group::Compiling testsuite'
- ./mvnw clean install -nsu -B -Pauth-server-quarkus -DskipTests -f testsuite/pom.xml
- echo '::endgroup::'
- ./mvnw clean install -nsu -B -Pauth-server-cluster-quarkus -Dsession.cache.owners=2 -Dtest=**.cluster.** -f testsuite/integration-arquillian/pom.xml | misc/log/trimmer.sh
- TEST_RESULT=${PIPESTATUS[0]}
- find . -path '*/target/surefire-reports/*.xml' | zip -q reports-quarkus-cluster-tests.zip -@
- exit $TEST_RESULT
+ ./mvnw install -nsu -B -Pauth-server-cluster-quarkus -Dsession.cache.owners=2 -Dtest=**.cluster.** -pl testsuite/integration-arquillian/tests/base | misc/log/trimmer.sh
- - name: Analyze Test and/or Coverage Results
- uses: runforesight/foresight-test-kit-action@v1.3.0
- if: always() && github.repository == 'keycloak/keycloak'
- with:
- api_key: ${{ secrets.FORESIGHT_API_KEY }}
- test_format: JUNIT
- test_framework: JUNIT
- test_path: 'testsuite/integration-arquillian/tests/base/target/surefire-reports/*.xml'
-
- - name: Quarkus cluster test reports
- uses: actions/upload-artifact@v3
- if: failure()
- with:
- name: reports-quarkus-cluster-tests
- retention-days: 14
- path: reports-quarkus-cluster-tests.zip
- if-no-files-found: ignore
-
- ### Tests: Quarkus distribution
-
- quarkus-tests:
- name: Quarkus Tests
- needs: build
+ fips-unit-tests:
+ name: FIPS UT
runs-on: ubuntu-latest
- timeout-minutes: 115
- env:
- MAVEN_OPTS: -Xmx1024m
+ needs: build
+ timeout-minutes: 20
steps:
- uses: actions/checkout@v3
- - uses: actions/setup-java@v3
- with:
- distribution: 'temurin'
- java-version: ${{ env.DEFAULT_JDK_VERSION }}
- cache: 'maven'
- - name: Cleanup org.keycloak artifacts
- run: rm -rf ~/.m2/repository/org/keycloak >/dev/null || true
- - name: Download built keycloak
- id: download-keycloak
- uses: actions/download-artifact@v3
- with:
- path: ~/.m2/repository/org/keycloak/
- name: keycloak-artifacts.zip
- - name: Update maven settings
- run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
+ - id: unit-test-setup
+ name: Unit test setup
+ uses: ./.github/actions/unit-test-setup
- - name: Prepare the local distribution archives
- run: ./mvnw clean install -DskipTests -Pdistribution
+ - name: Run crypto tests (BCFIPS non-approved mode)
+ run: ./mvnw install -nsu -B -am -pl crypto/default,crypto/fips1402,crypto/elytron -Dcom.redhat.fips=true
- - name: Run Quarkus Integration Tests
+ - name: Run crypto tests (BCFIPS approved mode)
+ run: ./mvnw install -nsu -B -am -pl crypto/default,crypto/fips1402,crypto/elytron -Dcom.redhat.fips=true -Dorg.bouncycastle.fips.approved_only=true
+
+ fips-integration-tests:
+ name: FIPS IT
+ needs: build
+ runs-on: ubuntu-latest
+ timeout-minutes: 45
+ steps:
+ - uses: actions/checkout@v3
+
+ - id: integration-test-setup
+ name: Integration test setup
+ uses: ./.github/actions/integration-test-setup
+
+ - name: Prepare Quarkus distribution with BCFIPS
+ run: ./mvnw install -nsu -B -e -pl testsuite/integration-arquillian/servers/auth-server/quarkus -Pauth-server-quarkus,auth-server-fips140-2
+
+ - name: Run base tests
run: |
- ./mvnw clean install -nsu -B -f quarkus/tests/pom.xml | misc/log/trimmer.sh
- TEST_RESULT=${PIPESTATUS[0]}
- find . -path '*/target/surefire-reports/*.xml' | zip -q reports-quarkus-tests.zip -@
- exit $TEST_RESULT
+ TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh fips`
+ echo "Tests: $TESTS"
+ ./mvnw install -nsu -B -Pauth-server-quarkus,auth-server-fips140-2 -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base | misc/log/trimmer.sh
- - name: Run Quarkus Storage Tests
- run: |
- ./mvnw clean install -nsu -B -f quarkus/tests/pom.xml -Ptest-database -Dtest=PostgreSQLDistTest,MariaDBDistTest#testSuccessful,MySQLDistTest#testSuccessful,DatabaseOptionsDistTest,JPAStoreDistTest,HotRodStoreDistTest,MixedStoreDistTest | misc/log/trimmer.sh
- TEST_RESULT=${PIPESTATUS[0]}
- find . -path '*/target/surefire-reports/*.xml' | zip -q reports-quarkus-tests.zip -@
- exit $TEST_RESULT
+ check-set-status:
+ name: Set check conclusion
+ needs:
+ - unit-tests
+ - base-integration-tests
+ - quarkus-integration-tests
+ - jdk-integration-tests
+ - new-store-integration-tests
+ - legacy-store-integration-tests
+ - store-model-tests
+ - clustering-integration-tests
+ - fips-unit-tests
+ - fips-integration-tests
+ runs-on: ubuntu-latest
+ outputs:
+ conclusion: ${{ steps.check.outputs.conclusion }}
- - name: Run Quarkus Tests in Docker
- run: |
- ./mvnw clean install -nsu -B -f quarkus/tests/pom.xml -Dkc.quarkus.tests.dist=docker -Dtest=StartCommandDistTest | misc/log/trimmer.sh
- TEST_RESULT=${PIPESTATUS[0]}
- exit $TEST_RESULT
+ steps:
+ - uses: actions/checkout@v3
- - name: Analyze Test and/or Coverage Results
- uses: runforesight/foresight-test-kit-action@v1.3.0
- if: always() && github.repository == 'keycloak/keycloak'
+ - id: check
+ uses: ./.github/actions/checks-success
+
+ check:
+ name: Check
+ if: always() && ( github.event_name != 'schedule' || github.repository == 'keycloak/keycloak' )
+ needs: [check-set-status]
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v3
+
+ - name: Check status
+ uses: ./.github/actions/checks-job-pass
with:
- api_key: ${{ secrets.FORESIGHT_API_KEY }}
- test_format: JUNIT
- test_framework: JUNIT
- test_path: 'quarkus/tests/integration/target/surefire-reports/*.xml'
-
- - name: Quarkus test reports
- uses: actions/upload-artifact@v3
- if: failure()
- with:
- name: reports-quarkus-tests
- retention-days: 14
- path: reports-quarkus-tests.zip
- if-no-files-found: ignore
-
-# NOTE: WebAuthn tests can be enabled once the issue #12621 is resolved
-#
-# webauthn-test:
-# name: WebAuthn Tests
-# needs: build
-# runs-on: ubuntu-latest
-# steps:
-# - uses: actions/checkout@v2
-# with:
-# fetch-depth: 2
-#
-# - name: Check whether this phase should run
-# run: echo "GIT_DIFF=$[ $( git diff --name-only HEAD^ | egrep -ic 'webauthn|passwordless' ) ]" >> $GITHUB_ENV
-#
-# - uses: actions/setup-java@v1
-# if: ${{ github.event_name != 'pull_request' || env.GIT_DIFF != 0 }}
-# with:
-# java-version: ${{ env.DEFAULT_JDK_VERSION }}
-#
-# - name: Update maven settings
-# if: ${{ github.event_name != 'pull_request' || env.GIT_DIFF != 0 }}
-# run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
-#
-# - name: Cache Maven packages
-# if: ${{ github.event_name != 'pull_request' || env.GIT_DIFF != 0 }}
-# uses: actions/cache@v2
-# with:
-# path: ~/.m2/repository
-# key: cache-1-${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
-# restore-keys: cache-1-${{ runner.os }}-m2
-#
-# - name: Cleanup org.keycloak artifacts
-# if: ${{ github.event_name != 'pull_request' || env.GIT_DIFF != 0 }}
-# run: rm -rf ~/.m2/repository/org/keycloak >/dev/null || true
-#
-# - name: Download built keycloak
-# if: ${{ github.event_name != 'pull_request' || env.GIT_DIFF != 0 }}
-# id: download-keycloak
-# uses: actions/download-artifact@v2
-# with:
-# path: ~/.m2/repository/org/keycloak/
-# name: keycloak-artifacts.zip
-#
-# - name: Run WebAuthn tests
-# if: ${{ github.event_name != 'pull_request' || env.GIT_DIFF != 0 }}
-# run: |
-# mvn clean install -nsu -B -Dbrowser=chrome -Pwebauthn -f testsuite/integration-arquillian/tests/other/pom.xml -Dtest=org.keycloak.testsuite.webauthn.**.*Test | misc/log/trimmer.sh
-#
-# TEST_RESULT=${PIPESTATUS[0]}
-# find . -path '*/target/surefire-reports/*.xml' | zip -q reports-webauthn-tests.zip -@
-# exit $TEST_RESULT
-#
-# - name: WebAuthn test reports
-# uses: actions/upload-artifact@v2
-# if: failure()
-# with:
-# name: reports-webauthn-tests
-# retention-days: 14
-# path: reports-webauthn-tests.zip
-# if-no-files-found: ignore
+ conclusion: ${{ needs.check-set-status.outputs.conclusion }}
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
new file mode 100644
index 0000000000..c1d4fc8338
--- /dev/null
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,150 @@
+name: CodeQL
+
+on:
+ push:
+ branches-ignore:
+ - main
+ - dependabot/**
+ pull_request:
+ branches: [main]
+ schedule:
+ - cron: 0 9 * * 2
+
+concurrency:
+ # Only cancel jobs for PR updates
+ group: codeql-analysis-${{ github.head_ref || github.run_id }}
+ cancel-in-progress: true
+
+defaults:
+ run:
+ shell: bash
+
+jobs:
+
+ changes:
+ name: Check changes
+ if: github.event_name != 'schedule' || github.repository == 'keycloak/keycloak'
+ runs-on: ubuntu-latest
+ outputs:
+ java: ${{ steps.changes.outputs.java }}
+ themes: ${{ steps.changes.outputs.themes }}
+ js-adapter: ${{ steps.changes.outputs.js-adapter }}
+ steps:
+ - uses: actions/checkout@v3
+
+ - id: changes
+ uses: ./.github/actions/changed-files
+
+ java:
+ name: CodeQL Java
+ needs: changes
+ runs-on: ubuntu-latest
+ if: needs.changes.outputs.java == 'true'
+ outputs:
+ conclusion: ${{ steps.check.outputs.conclusion }}
+
+ steps:
+ - uses: actions/checkout@v3
+
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v2.1.36
+ with:
+ languages: java
+
+ - name: Build Keycloak
+ uses: ./.github/actions/build-keycloak
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v2.1.36
+ with:
+ wait-for-processing: true
+ env:
+ CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'
+
+ - id: check
+ uses: ./.github/actions/checks-success
+
+ js-adapter:
+ name: CodeQL JavaScript Adapter
+ needs: changes
+ runs-on: ubuntu-latest
+ if: needs.changes.outputs.js-adapter == 'true'
+ outputs:
+ conclusion: ${{ steps.check.outputs.conclusion }}
+
+ steps:
+ - uses: actions/checkout@v3
+
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v2.1.36
+ env:
+ CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"finalize":["--no-run-unnecessary-builds"]}}'
+ with:
+ languages: javascript
+ source-root: adapters/oidc/js/src/
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v2.1.36
+ with:
+ wait-for-processing: true
+ env:
+ CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'
+
+ - id: check
+ uses: ./.github/actions/checks-success
+
+ themes:
+ name: CodeQL Themes
+ needs: changes
+ runs-on: ubuntu-latest
+ if: needs.changes.outputs.themes == 'true'
+ outputs:
+ conclusion: ${{ steps.check.outputs.conclusion }}
+
+ steps:
+ - uses: actions/checkout@v3
+
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v2.1.36
+ env:
+ CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"finalize":["--no-run-unnecessary-builds"]}}'
+ with:
+ languages: javascript
+ source-root: themes/src/main/
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v2.1.36
+ with:
+ wait-for-processing: true
+ env:
+ CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'
+
+ - id: check
+ uses: ./.github/actions/checks-success
+
+ check:
+ name: Check
+ if: always() && ( github.event_name != 'schedule' || github.repository == 'keycloak/keycloak' )
+ needs: [changes, java, js-adapter, themes]
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v3
+
+ - name: CodeQL Java
+ uses: ./.github/actions/checks-job-pass
+ with:
+ required: ${{ needs.changes.outputs.java }}
+ conclusion: ${{ needs.java.outputs.conclusion }}
+
+ - name: CodeQL JavaScript Adapter
+ uses: ./.github/actions/checks-job-pass
+ with:
+ required: ${{ needs.changes.outputs.js-adapter }}
+ conclusion: ${{ needs.js-adapter.outputs.conclusion }}
+
+ - name: CodeQL Themes
+ uses: ./.github/actions/checks-job-pass
+ with:
+ required: ${{ needs.changes.outputs.themes }}
+ conclusion: ${{ needs.themes.outputs.conclusion }}
diff --git a/.github/workflows/codeql-java-analysis.yml b/.github/workflows/codeql-java-analysis.yml
deleted file mode 100644
index 23af7d1df4..0000000000
--- a/.github/workflows/codeql-java-analysis.yml
+++ /dev/null
@@ -1,59 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-name: "CodeQL Java"
-
-on:
- push:
- branches-ignore:
- - 'main'
- - 'dependabot/**'
- pull_request:
- branches: [main]
- paths:
- - '**.java'
- - '.github/workflows/codeql-java-analysis.yml'
- schedule:
- - cron: '0 9 * * 2'
-
-concurrency:
- # Only run once for latest commit per ref and cancel other (previous) runs.
- group: ${{ github.workflow }}-${{ github.ref }}
- cancel-in-progress: true
-
-env:
- MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120
-
-jobs:
- analyze:
- name: CodeQL analyze
- runs-on: ubuntu-latest
- if: github.repository == 'keycloak/keycloak'
-
- steps:
- - uses: actions/checkout@v3
- - uses: actions/setup-java@v3
- with:
- distribution: 'temurin'
- java-version: '11'
- cache: 'maven'
-
- - name: Update maven settings
- run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
-
- - name: Initialize CodeQL
- uses: github/codeql-action/init@v2.1.36
- with:
- languages: java
-
- - name: Build Keycloak
- run: mvn -B install -DskipTests -DskipQuarkus -DskipTestsuite -DskipExamples -DskipTests
-
- - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v2.1.36
- with:
- wait-for-processing: true
- env:
- CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'
diff --git a/.github/workflows/codeql-js-adapter-analysis.yml b/.github/workflows/codeql-js-adapter-analysis.yml
deleted file mode 100644
index 22c9cb2273..0000000000
--- a/.github/workflows/codeql-js-adapter-analysis.yml
+++ /dev/null
@@ -1,62 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-name: "CodeQL JS Adapter"
-
-on:
- push:
- branches-ignore:
- - 'main'
- - 'dependabot/**'
- pull_request:
- branches: [main]
- paths:
- - 'adapters/oidc/js/**'
- - '.github/workflows/codeql-js-adapter-analysis.yml'
- schedule:
- - cron: '0 9 * * 2'
-
-concurrency:
- # Only run once for latest commit per ref and cancel other (previous) runs.
- group: ${{ github.workflow }}-${{ github.ref }}
- cancel-in-progress: true
-
-env:
- MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120
-
-jobs:
- analyze:
- name: CodeQL analyze
- runs-on: ubuntu-latest
- if: github.repository == 'keycloak/keycloak'
-
- steps:
- - uses: actions/checkout@v3
- - uses: actions/setup-java@v3
- with:
- distribution: 'temurin'
- java-version: '11'
- cache: 'maven'
-
- - name: Update maven settings
- run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
-
- - name: Initialize CodeQL
- uses: github/codeql-action/init@v2.1.36
- env:
- CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"finalize":["--no-run-unnecessary-builds"]}}'
- with:
- languages: javascript
- source-root: adapters/oidc/js/
-
- - name: Build Keycloak
- run: mvn -B install -DskipTests -DskipQuarkus -DskipTestsuite -DskipExamples -DskipTests
-
- - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v2.1.36
- with:
- wait-for-processing: true
- env:
- CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'
diff --git a/.github/workflows/codeql-theme-analysis.yml b/.github/workflows/codeql-theme-analysis.yml
deleted file mode 100644
index 594201f5ec..0000000000
--- a/.github/workflows/codeql-theme-analysis.yml
+++ /dev/null
@@ -1,62 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-name: "CodeQL Themes"
-
-on:
- push:
- branches-ignore:
- - 'main'
- - 'dependabot/**'
- pull_request:
- branches: [main]
- paths:
- - 'themes/src/**'
- - '.github/workflows/codeql-theme-analysis.yml'
- schedule:
- - cron: '0 9 * * 2'
-
-concurrency:
- # Only run once for latest commit per ref and cancel other (previous) runs.
- group: ${{ github.workflow }}-${{ github.ref }}
- cancel-in-progress: true
-
-env:
- MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120
-
-jobs:
- analyze:
- name: CodeQL analyze
- runs-on: ubuntu-latest
- if: github.repository == 'keycloak/keycloak'
-
- steps:
- - uses: actions/checkout@v3
- - uses: actions/setup-java@v3
- with:
- distribution: 'temurin'
- java-version: '11'
- cache: 'maven'
-
- - name: Update maven settings
- run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
-
- - name: Initialize CodeQL
- uses: github/codeql-action/init@v2.1.36
- env:
- CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"finalize":["--no-run-unnecessary-builds"]}}'
- with:
- languages: javascript
- source-root: themes/
-
- - name: Build Keycloak
- run: mvn -B install -DskipTests -DskipQuarkus -DskipTestsuite -DskipExamples -DskipTests
-
- - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v2.1.36
- with:
- wait-for-processing: true
- env:
- CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'
diff --git a/.github/workflows/operator-ci.yml b/.github/workflows/operator-ci.yml
index 4027419cd9..6082a73a71 100644
--- a/.github/workflows/operator-ci.yml
+++ b/.github/workflows/operator-ci.yml
@@ -2,49 +2,42 @@ name: Keycloak Operator CI
on:
push:
- branches-ignore: [main]
+ branches-ignore:
+ - main
+ - dependabot/**
pull_request:
- paths-ignore:
- - '.github/workflows/**'
- - '!.github/workflows/operator-ci.yml'
schedule:
- - cron: '0 20,22,0,2,4 * * *'
+ - cron: 0 20,23,2,5 * * *
+ workflow_dispatch:
env:
- JDK_VERSION: 11
- MINIKUBE_VERSION: "v1.24.0"
- KUBERNETES_VERSION: "v1.22.3"
- MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120
+ DEFAULT_JDK_VERSION: 11
+ DEFAULT_JDK_DIST: temurin
+ MINIKUBE_VERSION: v1.24.0
+ KUBERNETES_VERSION: v1.22.3
+
+defaults:
+ run:
+ shell: bash
concurrency:
- # Only run once for latest commit per ref and cancel other (previous) runs.
- group: ${{ github.workflow }}-${{ github.ref }}
+ # Only cancel jobs for PR updates
+ group: operator-ci-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
build:
name: Build distribution
- if: ${{ ( github.event_name != 'schedule' ) || ( github.event_name == 'schedule' && github.repository == 'keycloak/keycloak' ) }}
+ if: github.event_name != 'schedule' || github.repository == 'keycloak/keycloak'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- - name: Update maven settings
- run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
- - uses: actions/setup-java@v3
+
+ - name: Build Keycloak
+ uses: ./.github/actions/build-keycloak
with:
- distribution: 'temurin'
- java-version: ${{ env.JDK_VERSION }}
- cache: 'maven'
- - name: Create the Keycloak distribution
- run: |
- mvn clean install -Pdistribution -DskipTests -DskipExamples -DskipTestsuite
- - name: Store Keycloak distribution
- id: store-keycloak
- uses: actions/upload-artifact@v3
- with:
- name: keycloak-distribution
- retention-days: 1
- path: quarkus/dist/target/keycloak*.tar.gz
+ upload-m2-repo: false
+ upload-dist: true
test-local:
name: Test local
@@ -52,16 +45,16 @@ jobs:
needs: [build]
steps:
- uses: actions/checkout@v3
- - name: Set outputs
+
+ - name: Set version
id: vars
run: echo "version_local=0.0.1-${GITHUB_SHA::6}" >> $GITHUB_ENV
- - name: Update maven settings
- run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
+
- uses: actions/setup-java@v2
with:
- distribution: 'temurin'
- java-version: ${{ env.JDK_VERSION }}
- cache: 'maven'
+ distribution: ${{ env.DEFAULT_JDK_DIST }}
+ java-version: ${{ env.DEFAULT_JDK_VERSION }}
+
- name: Setup Minikube-Kubernetes
uses: manusa/actions-setup-minikube@v2.7.1
with:
@@ -69,13 +62,15 @@ jobs:
kubernetes version: ${{ env.KUBERNETES_VERSION }}
github token: ${{ secrets.GITHUB_TOKEN }}
driver: docker
- start args: '--addons=ingress'
+ start args: --addons=ingress
+
- name: Download keycloak distribution
id: download-keycloak-dist
uses: actions/download-artifact@v3
with:
- name: keycloak-distribution
+ name: keycloak-dist
path: quarkus/container
+
- name: Build Keycloak Docker images
run: |
eval $(minikube -p minikube docker-env)
@@ -84,7 +79,7 @@ jobs:
- name: Test operator running locally
run: |
- mvn clean install -Poperator -pl :keycloak-operator -am \
+ mvn install -Poperator -pl :keycloak-operator -am \
-Dquarkus.kubernetes.image-pull-policy=IfNotPresent \
-Doperator.keycloak.image=keycloak:${{ env.version_local }} \
-Dtest.operator.custom.image=custom-keycloak:${{ env.version_local }} \
@@ -97,16 +92,16 @@ jobs:
needs: [build]
steps:
- uses: actions/checkout@v3
- - name: Set outputs
+
+ - name: Set version
id: vars
run: echo "version_remote=0.0.1-${GITHUB_SHA::6}" >> $GITHUB_ENV
- - name: Update maven settings
- run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
+
- uses: actions/setup-java@v2
with:
- distribution: 'temurin'
- java-version: ${{ env.JDK_VERSION }}
- cache: 'maven'
+ distribution: ${{ env.DEFAULT_JDK_DIST }}
+ java-version: ${{ env.DEFAULT_JDK_VERSION }}
+
- name: Setup Minikube-Kubernetes
uses: manusa/actions-setup-minikube@v2.7.1
with:
@@ -114,13 +109,15 @@ jobs:
kubernetes version: ${{ env.KUBERNETES_VERSION }}
github token: ${{ secrets.GITHUB_TOKEN }}
driver: docker
- start args: '--addons=ingress'
+ start args: --addons=ingress
+
- name: Download keycloak distribution
id: download-keycloak-dist
uses: actions/download-artifact@v3
with:
- name: keycloak-distribution
+ name: keycloak-dist
path: quarkus/container
+
- name: Build Keycloak Docker images
run: |
eval $(minikube -p minikube docker-env)
@@ -130,7 +127,7 @@ jobs:
- name: Test operator running in cluster
run: |
eval $(minikube -p minikube docker-env)
- mvn clean install -Poperator -pl :keycloak-operator -am \
+ mvn install -Poperator -pl :keycloak-operator -am \
-Dquarkus.container-image.build=true \
-Dquarkus.kubernetes.image-pull-policy=IfNotPresent \
-Doperator.keycloak.image=keycloak:${{ env.version_remote }} \
@@ -145,13 +142,12 @@ jobs:
needs: [build]
steps:
- uses: actions/checkout@v3
- - name: Update maven settings
- run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
+
- uses: actions/setup-java@v2
with:
- distribution: 'temurin'
- java-version: ${{ env.JDK_VERSION }}
- cache: 'maven'
+ distribution: ${{ env.DEFAULT_JDK_DIST }}
+ java-version: ${{ env.DEFAULT_JDK_VERSION }}
+
- name: Setup Minikube-Kubernetes
uses: manusa/actions-setup-minikube@v2.7.1
with:
@@ -159,22 +155,27 @@ jobs:
kubernetes version: ${{ env.KUBERNETES_VERSION }}
github token: ${{ secrets.GITHUB_TOKEN }}
driver: docker
+
- name: Install OPM
uses: redhat-actions/openshift-tools-installer@v1
with:
- source: "github"
- opm: "1.21.0"
+ source: github
+ opm: 1.21.0
+
- name: Install Yq
run: sudo snap install yq
+
- name: Install OLM
working-directory: operator
run: ./scripts/install-olm.sh
+
- name: Download keycloak distribution
id: download-keycloak-dist
uses: actions/download-artifact@v3
with:
- name: keycloak-distribution
+ name: keycloak-dist
path: quarkus/container
+
- name: Arrange OLM test installation
working-directory: operator
run: |
@@ -192,3 +193,33 @@ jobs:
kubectl apply -f src/main/resources/example-realm.yaml
# Wait for the CRs to be ready
./scripts/check-examples-installed.sh
+
+ check-set-status:
+ name: Set check conclusion
+ needs:
+ - test-local
+ - test-remote
+ - test-olm
+ runs-on: ubuntu-latest
+ outputs:
+ conclusion: ${{ steps.check.outputs.conclusion }}
+
+ steps:
+ - uses: actions/checkout@v3
+
+ - id: check
+ uses: ./.github/actions/checks-success
+
+ check:
+ name: Check
+ if: always() && ( github.event_name != 'schedule' || github.repository == 'keycloak/keycloak' )
+ needs: [check-set-status]
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v3
+
+ - name: Check status
+ uses: ./.github/actions/checks-job-pass
+ with:
+ conclusion: ${{ needs.check-set-status.outputs.conclusion }}
diff --git a/.github/workflows/snyk-analysis.yml b/.github/workflows/snyk-analysis.yml
new file mode 100644
index 0000000000..a8ac9f96f5
--- /dev/null
+++ b/.github/workflows/snyk-analysis.yml
@@ -0,0 +1,45 @@
+name: Snyk
+
+on:
+ schedule:
+ - cron: 0 0 * * *
+ workflow_dispatch:
+
+defaults:
+ run:
+ shell: bash
+
+jobs:
+ analysis:
+ name: Analysis of Quarkus and Operator
+ runs-on: ubuntu-latest
+ if: github.repository == 'keycloak/keycloak'
+ steps:
+ - uses: actions/checkout@v3
+
+ - name: Build Keycloak
+ uses: ./.github/actions/build-keycloak
+
+ - uses: snyk/actions/setup@master
+
+ - name: Check for vulnerabilities in Quarkus
+ run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=quarkus-report.sarif quarkus
+ continue-on-error: true
+ env:
+ SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+ - name: Upload Quarkus scanner results to GitHub
+ uses: github/codeql-action/upload-sarif@v2.1.36
+ with:
+ sarif_file: quarkus-report.sarif
+
+ - name: Check for vulnerabilities in Operator
+ run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=operator-report.sarif operator
+ continue-on-error: true
+ env:
+ SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+ - name: Upload Operator scanner results to GitHub
+ uses: github/codeql-action/upload-sarif@v2.1.36
+ with:
+ sarif_file: operator-report.sarif
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
deleted file mode 100644
index bb5416270e..0000000000
--- a/.github/workflows/snyk.yml
+++ /dev/null
@@ -1,68 +0,0 @@
-name: "Snyk"
-
-on:
- schedule:
- - cron: "0 0 * * *"
-
-env:
- DEFAULT_JDK_VERSION: 11
- MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120
-
-jobs:
- quarkus:
- name: Quarkus
- runs-on: ubuntu-latest
- if: ${{ github.repository == 'keycloak/keycloak' }}
- steps:
- - name: Checkout repository
- uses: actions/checkout@v3
-
- - uses: actions/setup-java@v3
- with:
- java-version: ${{ env.DEFAULT_JDK_VERSION }}
- distribution: temurin
- cache: maven
-
- - name: Build Quarkus
- run: mvn -Psnyk-quarkus -pl quarkus/dist -am -DskipTests clean install
-
- - uses: snyk/actions/setup@master
- - name: Check for vulnerabilities
- run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=quarkus-report.sarif quarkus
- continue-on-error: true
- env:
- SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-
- - name: Upload scanner results to GitHub
- uses: github/codeql-action/upload-sarif@v2.1.36
- with:
- sarif_file: quarkus-report.sarif
-
- operator:
- name: Operator
- runs-on: ubuntu-latest
- if: ${{ github.repository == 'keycloak/keycloak' }}
- steps:
- - name: Checkout repository
- uses: actions/checkout@v3
-
- - uses: actions/setup-java@v3
- with:
- java-version: ${{ env.DEFAULT_JDK_VERSION }}
- distribution: temurin
- cache: maven
-
- - name: Build Keycloak
- run: mvn -Poperator -pl operator -am -DskipTests clean install
-
- - uses: snyk/actions/setup@master
- - name: Check for vulnerabilities for the Operator
- run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=operator-report.sarif operator
- continue-on-error: true
- env:
- SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-
- - name: Upload scanner results for the Operator to GitHub
- uses: github/codeql-action/upload-sarif@v2.1.36
- with:
- sarif_file: operator-report.sarif
diff --git a/.github/workflows/trivy-analysis.yml b/.github/workflows/trivy-analysis.yml
index 01fa7a6f4d..779a1e770c 100644
--- a/.github/workflows/trivy-analysis.yml
+++ b/.github/workflows/trivy-analysis.yml
@@ -1,63 +1,36 @@
name: Trivy
+
on:
- workflow_dispatch:
schedule:
- - cron: "0 6 * * *"
+ - cron: 0 6 * * *
+ workflow_dispatch:
+
+defaults:
+ run:
+ shell: bash
jobs:
- quarkus-dist:
- name: Vulnerability scanner for Quarkus distribution images
- runs-on: "ubuntu-18.04"
+
+ analysis:
+ name: Vulnerability scanner for nightly containers
+ runs-on: ubuntu-latest
+ if: github.repository == 'keycloak/keycloak'
+ strategy:
+ matrix:
+ container: [keycloak, keycloak-operator]
+ fail-fast: false
steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5
with:
- image-ref: 'quay.io/keycloak/keycloak:nightly'
- format: 'template'
+ image-ref: quay.io/keycloak/${{ matrix.container}}:nightly
+ format: template
template: '@/contrib/sarif.tpl'
- output: 'trivy-results.sarif'
- severity: 'MEDIUM,CRITICAL,HIGH'
+ output: trivy-results.sarif
+ severity: MEDIUM,CRITICAL,HIGH
ignore-unfixed: true
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2.1.36
with:
- sarif_file: 'trivy-results.sarif'
-
- legacy-dist:
- name: Vulnerability scanner for WildFly distribution images
- runs-on: "ubuntu-18.04"
- steps:
- - name: Run Trivy vulnerability scanner
- uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5
- with:
- image-ref: 'quay.io/keycloak/keycloak:legacy'
- format: 'template'
- template: '@/contrib/sarif.tpl'
- output: 'legacy-results.sarif'
- severity: 'MEDIUM,CRITICAL,HIGH'
- ignore-unfixed: true
-
- - name: Upload Trivy scan results to GitHub Security tab
- uses: github/codeql-action/upload-sarif@v2.1.36
- with:
- sarif_file: 'legacy-results.sarif'
-
- keycloak-operator:
- name: Vulnerability scanner for Keycloak Operator distribution images
- runs-on: "ubuntu-18.04"
- steps:
- - name: Run Trivy vulnerability scanner
- uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5
- with:
- image-ref: 'quay.io/keycloak/keycloak-operator:nightly'
- format: 'template'
- template: '@/contrib/sarif.tpl'
- output: 'operator-results.sarif'
- severity: 'MEDIUM,CRITICAL,HIGH'
- ignore-unfixed: true
-
- - name: Upload Trivy scan results to GitHub Security tab
- uses: github/codeql-action/upload-sarif@v2.1.36
- with:
- sarif_file: 'operator-results.sarif'
+ sarif_file: trivy-results.sarif
diff --git a/.gitignore b/.gitignore
index 028de3c76d..59a1cb100e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -83,3 +83,6 @@ quarkus/data/*.db
# Git ephemeral files
*.versionsBackup
+
+# Node.js for frontend-maven-plugin #
+node
diff --git a/adapters/oidc/js/pom.xml b/adapters/oidc/js/pom.xml
index 1c95abcfda..4e99c524e9 100755
--- a/adapters/oidc/js/pom.xml
+++ b/adapters/oidc/js/pom.xml
@@ -77,6 +77,7 @@
${node.version}
+ ../../../
diff --git a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/QuarkusPlatform.java b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/QuarkusPlatform.java
index 8ca454b15f..cad2c8dd20 100644
--- a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/QuarkusPlatform.java
+++ b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/QuarkusPlatform.java
@@ -44,6 +44,11 @@ public class QuarkusPlatform implements PlatformProvider {
private static final Logger log = Logger.getLogger(QuarkusPlatform.class);
+ @Override
+ public String name() {
+ return "Quarkus";
+ }
+
public static void addInitializationException(Throwable throwable) {
QuarkusPlatform platform = (QuarkusPlatform) Platform.getPlatform();
platform.addDeferredException(throwable);
diff --git a/services/src/main/java/org/keycloak/platform/PlatformProvider.java b/services/src/main/java/org/keycloak/platform/PlatformProvider.java
index 0d2aa1587b..159503c818 100644
--- a/services/src/main/java/org/keycloak/platform/PlatformProvider.java
+++ b/services/src/main/java/org/keycloak/platform/PlatformProvider.java
@@ -22,6 +22,8 @@ import java.io.File;
import org.keycloak.Config;
public interface PlatformProvider {
+
+ String name();
void onStartup(Runnable runnable);
diff --git a/testsuite/integration-arquillian/servers/auth-server/pom.xml b/testsuite/integration-arquillian/servers/auth-server/pom.xml
index a7747a86a1..cc1c415844 100644
--- a/testsuite/integration-arquillian/servers/auth-server/pom.xml
+++ b/testsuite/integration-arquillian/servers/auth-server/pom.xml
@@ -37,21 +37,6 @@
services
undertow
+ quarkus
-
-
-
- auth-server-quarkus
-
- quarkus
-
-
-
- auth-server-cluster-quarkus
-
- quarkus
-
-
-
-
diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml
index e44a157687..1749490245 100644
--- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml
+++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml
@@ -115,26 +115,4 @@
-
-
-
- auth-server-quarkus
-
-
-
- org.apache.maven.plugins
- maven-jar-plugin
-
-
-
-
- **/TestThemeResourceProvider**
- **/org.keycloak.theme.ThemeResourceProviderFactory
-
-
-
-
-
-
-
diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/theme/TestThemeResourceProvider.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/theme/TestThemeResourceProvider.java
index e621b82f8a..bdddbcc2a2 100644
--- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/theme/TestThemeResourceProvider.java
+++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/theme/TestThemeResourceProvider.java
@@ -1,11 +1,22 @@
package org.keycloak.testsuite.theme;
+import org.keycloak.platform.Platform;
+import org.keycloak.provider.EnvironmentDependentProviderFactory;
import org.keycloak.theme.ClasspathThemeResourceProviderFactory;
-public class TestThemeResourceProvider extends ClasspathThemeResourceProviderFactory {
+public class TestThemeResourceProvider extends ClasspathThemeResourceProviderFactory implements EnvironmentDependentProviderFactory {
public TestThemeResourceProvider() {
super("test-resources", TestThemeResourceProvider.class.getClassLoader());
}
+ /**
+ * Quarkus detects theme resources automatically, so this provider should only be enabled on Undertow
+ *
+ * @return true if platform is Undertow
+ */
+ @Override
+ public boolean isSupported() {
+ return Platform.getPlatform().name().equals("Undertow");
+ }
}
diff --git a/testsuite/integration-arquillian/tests/base/testsuites/base-suite b/testsuite/integration-arquillian/tests/base/testsuites/base-suite
new file mode 100644
index 0000000000..169b061442
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/testsuites/base-suite
@@ -0,0 +1,47 @@
+account,4
+actions,1
+adapter,2
+admin,1
+authz,3
+broker,3
+cli,4
+client,4
+cluster,IGNORED
+composites,4
+cookies,4
+crossdc,IGNORED
+docker,4
+domainextension,4
+error,4
+events,4
+exportimport,4
+feature,4
+federation,5
+forms,5
+i18n,5
+jaas,5
+javascript,5
+keys,4
+login,4
+metrics,4
+migration,4
+model,6
+oauth,6
+oidc,6
+openshift,6
+policy,6
+runonserver,6
+saml,6
+script,6
+session,6
+sessionlimits,6
+ssl,6
+theme,6
+transactions,6
+url,6
+user,4
+util,4
+validation,6
+vault,4
+welcomepage,6
+x509,4
diff --git a/testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh b/testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh
new file mode 100755
index 0000000000..3b200ee841
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh
@@ -0,0 +1,43 @@
+#!/bin/bash -e
+
+GROUP="$1"
+if [ "$GROUP" == "" ]; then
+ echo 'Usage: base-suite.sh '
+ exit
+fi
+
+cd "`readlink -f "$0" | xargs dirname`"
+
+TESTSUITE_FILE='base-suite'
+TEST_DIR='../src/test/java/org/keycloak/testsuite'
+BASE_PACKAGE='org.keycloak.testsuite'
+
+PACKAGES=`cat $TESTSUITE_FILE | grep -v '^[[:space:]]*$' | grep -v '^[[:space:]]*#'`
+
+# Check all packages in testsuite are included
+for i in `ls -d $TEST_DIR/*/ | sed "s|$TEST_DIR||g" | sed "s|/||g"`; do
+ if ( ! cat $TESTSUITE_FILE | grep "^$i," >/dev/null ); then
+ echo "Package 'org.keycloak.testsuite.$i' not defined in base-suite"
+ exit 1
+ fi
+done
+
+SEP=""
+TESTS=""
+for i in `echo $PACKAGES`; do
+ PACKAGE=`echo $i | cut -d ',' -f 1`
+ PACKAGE_GROUP=`echo $i | cut -d ',' -f 2`
+
+ # Check package exists
+ if [ ! -d "$TEST_DIR/$PACKAGE" ]; then
+ echo "Package 'org.keycloak.testsuite.$PACKAGE' not found"
+ exit 1
+ fi
+
+ if [ "$GROUP" == "$PACKAGE_GROUP" ]; then
+ TESTS="$TESTS$SEP$BASE_PACKAGE.$PACKAGE.**"
+ SEP=','
+ fi
+done
+
+echo "$TESTS"
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/testsuites/database-suite b/testsuite/integration-arquillian/tests/base/testsuites/database-suite
new file mode 100644
index 0000000000..8461a625a8
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/testsuites/database-suite
@@ -0,0 +1,18 @@
+AccountRestServiceTest
+AuthorizationCodeTest
+AuthorizationTest
+ClientRegistrationTest
+EventStoreProviderTest
+ExportImportTest
+GeneratedRsaKeyProviderTest
+KcOidcBrokerTest
+LDAPUserLoginTest
+LoginTest
+PasswordPolicyTest
+RequiredActionUpdateProfileTest
+SSOTest
+SamlClientTest
+TransactionsTest
+UserProfileTest
+org.keycloak.testsuite.admin.**
+org.keycloak.testsuite.authz.**ManagementTest
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/testsuites/fips-suite b/testsuite/integration-arquillian/tests/base/testsuites/fips-suite
new file mode 100644
index 0000000000..9845bfa38e
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/testsuites/fips-suite
@@ -0,0 +1,15 @@
+org.keycloak.testsuite.forms.**
+ClientAuthSignedJWTTest
+CredentialsTest
+JavaKeystoreKeyProviderTest
+ServerInfoTest
+UserFederationLdapConnectionTest
+LDAPUserLoginTest
+org.keycloak.testsuite.x509.**
+MutualTLSClientTest
+FAPI1Test
+FAPICIBATest
+KcRegTest
+KcRegCreateTest
+KcAdmTest
+KcAdmCreateTest
diff --git a/testsuite/integration-arquillian/tests/base/testsuites/jdk-suite b/testsuite/integration-arquillian/tests/base/testsuites/jdk-suite
new file mode 100644
index 0000000000..adc953a127
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/testsuites/jdk-suite
@@ -0,0 +1,17 @@
+AccountRestServiceTest
+AuthorizationCodeTest
+CredentialsTest
+DeployedScriptAuthenticatorTest
+ExportImportTest
+GeneratedRsaKeyProviderTest
+JavaKeystoreKeyProviderTest
+KcOidcBrokerTest
+KerberosLdapTest
+LDAPUserLoginTest
+LoginTest
+MutualTLSClientTest
+PasswordPolicyTest
+SSOTest
+SamlClientTest
+TransactionsTest
+X509BrowserLoginTest
diff --git a/testsuite/integration-arquillian/tests/base/testsuites/suite.sh b/testsuite/integration-arquillian/tests/base/testsuites/suite.sh
new file mode 100755
index 0000000000..27cf54732c
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/testsuites/suite.sh
@@ -0,0 +1,35 @@
+#!/bin/bash -e
+
+GROUP="$1"
+if [ "$GROUP" == "" ]; then
+ echo 'Usage: suite.sh '
+ exit
+fi
+
+cd "`readlink -f "$0" | xargs dirname`"
+
+TEST_DIR="../src/test/java/"
+SUITE_FILE="$GROUP-suite"
+
+if [ ! -f "$SUITE_FILE" ]; then
+ echo "$SUITE_FILE not found"
+ exit 1
+fi
+
+SEP=""
+TESTS=""
+for i in `cat "$SUITE_FILE" | grep -v '^[[:space:]]*$' | grep -v '^[[:space:]]*#'`; do
+ # Check test exists, ignoring checking packages for now
+ if [[ "$i" != *'.'* ]]; then
+ SEARCH=`find "$TEST_DIR" -name "$i.java"`
+ if [ "$SEARCH" == "" ]; then
+ echo "$i not found in testsuite"
+ exit 1
+ fi
+ fi
+
+ TESTS="$TESTS$SEP$i"
+ SEP=","
+done
+
+echo "$TESTS"
\ No newline at end of file
diff --git a/testsuite/utils/src/main/java/org/keycloak/testsuite/TestPlatform.java b/testsuite/utils/src/main/java/org/keycloak/testsuite/TestPlatform.java
index 81d034f5fc..76f097062e 100644
--- a/testsuite/utils/src/main/java/org/keycloak/testsuite/TestPlatform.java
+++ b/testsuite/utils/src/main/java/org/keycloak/testsuite/TestPlatform.java
@@ -41,6 +41,11 @@ public class TestPlatform implements PlatformProvider {
);
}
+ @Override
+ public String name() {
+ return "Undertow";
+ }
+
@Override
public void onStartup(Runnable startupHook) {
startupHook.run();
diff --git a/themes/pom.xml b/themes/pom.xml
index d671e1b049..bf9217029f 100755
--- a/themes/pom.xml
+++ b/themes/pom.xml
@@ -134,7 +134,7 @@
${node.version}
- ${project.basedir}
+ ../
@@ -187,7 +187,7 @@
${node.version}
- ${project.basedir}
+ ../