UNIX.dog
/
keycloak
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Keycloak CI workflow refactoring (#15968) 

* Keycloak CI workflow refactoring

Closes #15861

* Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>

* Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>

* Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>

* Update CodeQL actions

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
This commit is contained in:
Stian Thorgersen 2022-12-14 16:12:23 +01:00 committed by GitHub
parent 6f802b5c1f
commit a5670af745
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
35 changed files with 1027 additions and 925 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
.github/actions/build-keycloak/action.yml vendored Normal file
View File

@ -0,0 +1,82 @@
name: Build Keycloak
description: Builds Keycloak providing Maven repository with all artifacts
inputs:
upload-m2-repo:
description: Upload Maven repository for org.keycloak artifacts
required: false
default: true
upload-dist:
description: Upload distribution
required: false
default: false
jdk-dist:
description: JDK distribution
required: false
default: temurin
jdk-version:
description: JDK version
required: false
default: 11
runs:
using: composite
steps:
- id: setup-java
name: Setup Java
uses: actions/setup-java@v3
with:
distribution: ${{ inputs.jdk-dist }}
java-version: ${{ inputs.jdk-version }}
- id: maven-cache
name: Maven cache
uses: ./.github/actions/maven-cache
- id: phantomjs-cache
name: PhantomJS cache
uses: ./.github/actions/phantomjs-cache
- id: npm-cache
name: NPM cache
uses: ./.github/actions/npm-cache
- id: build-keycloak
name: Build Keycloak
shell: bash
run: |
MVN_HTTP_CONFIG="-Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120"
./mvnw install -nsu -B -e -DskipTests -DskipExamples $MVN_HTTP_CONFIG
- id: compress-keycloak-maven-repository
name: Compress Keycloak Maven artifacts
if: inputs.upload-m2-repo == 'true'
shell: bash
run: |
tar -C ~/ --use-compress-program zstd -cf m2-keycloak.tzts \
--exclude '*.tar.gz' \
.m2/repository/org/keycloak
- id: upload-keycloak-maven-repository
name: Upload Keycloak Maven artifacts
if: inputs.upload-m2-repo == 'true'
uses: actions/upload-artifact@v3
with:
name: m2-keycloak.tzts
path: m2-keycloak.tzts
retention-days: 1
- id: upload-keycloak-dist
name: Upload Keycloak dist
if: inputs.upload-dist == 'true'
uses: actions/upload-artifact@v3
with:
name: keycloak-dist
path: quarkus/dist/target/keycloak*.tar.gz
retention-days: 1
- id: maven-cache-cleanup
name: Maven cache cleanup
if: steps.maven-cache.outputs.cache-hit != 'true'
shell: bash
run: rm -rf ~/.m2/repository/org/keycloak

49
.github/actions/changed-files/action.yml vendored Normal file
View File

@ -0,0 +1,49 @@
name: Changed Files
description: Checks changes against target branch
outputs:
java:
description: Changes to Java files
value: ${{ steps.changes.outputs.java }}
themes:
description: Changes to themes
value: ${{ steps.changes.outputs.themes }}
js-adapter:
description: Changes to JavaScript adapter
value: ${{ steps.changes.outputs.js-adapter }}
runs:
using: composite
steps:
- id: changes
name: Find changes
shell: bash
run: |
BASE_REF=${{ github.base_ref }}
changed () {
git diff --name-only origin/${{ github.base_ref }} | grep -E "$1" &>/dev/null && echo true || echo false
}
if [ "$BASE_REF" != "" ]; then
echo "Checking changes against orgin/$BASE_REF"
git fetch origin
JAVA=`changed '^.*/.*.java$'`
THEMES=`changed '^themes/src/main/.*$'`
JS_ADAPTER=`changed '^adapters/oidc/js/.*$'`
else
echo "Not a pull request, marking everything as changed"
JAVA=true
THEMES=true
JS_ADAPTER=true
fi
echo "Java changed: $JAVA"
echo "Themes changed: $THEMES"
echo "JS adapter changed: $JS_ADAPTER"
echo "java=$JAVA" >> $GITHUB_OUTPUT
echo "themes=$THEMES" >> $GITHUB_OUTPUT
echo "js-adapter=$JS_ADAPTER" >> $GITHUB_OUTPUT

34
.github/actions/checks-job-pass/action.yml vendored Normal file
View File

@ -0,0 +1,34 @@
name: Check if a job passed
description: Fails if the job is required and was not successful
inputs:
required:
description: Is the job required
required: true
default: true
conclusion:
description: Job conclusion (success if passed, most likely empty otherwise)
required: true
outputs:
status:
description: "Check status"
value: ${{ steps.changes.outputs.java }}
runs:
using: "composite"
steps:
- id: check-job
name: Check job
shell: bash
run: |
if [ "${{ inputs.required }}" == "false" ]; then
echo "Not required to run, skipping"
else
if [ "${{ inputs.conclusion }}" == "success" ]; then
echo "Success"
else
echo "Required to run, but didn't succeed"
exit 1
fi
fi

16
.github/actions/checks-success/action.yml vendored Normal file
View File

@ -0,0 +1,16 @@
name: Mark job as successful
description: Workaround for GitHub Actions not setting conclusion on jobs passed through needs
outputs:
conclusion:
description: Conclusion
value: ${{ steps.check.outputs.conclusion }}
runs:
using: composite
steps:
- id: check
name: Set success
shell: bash
run: |
echo "conclusion=success" >> $GITHUB_OUTPUT

41
.github/actions/integration-test-setup/action.yml vendored Normal file
View File

@ -0,0 +1,41 @@
name: Setup integration test
description: Download Maven caches needed for integration tests
inputs:
jdk-dist:
description: JDK distribution
required: false
default: temurin
jdk-version:
description: JDK version
required: false
default: 11
runs:
using: composite
steps:
- id: setup-java
name: Setup Java
uses: actions/setup-java@v3
with:
distribution: ${{ inputs.jdk-dist }}
java-version: ${{ inputs.jdk-version }}
- id: maven-cache
name: Maven cache
uses: ./.github/actions/maven-cache
- id: phantomjs-cache
name: PhantomJS cache
uses: ./.github/actions/phantomjs-cache
- id: download-keycloak
name: Download Keycloak Maven artifacts
uses: actions/download-artifact@v3
with:
name: m2-keycloak.tzts
- id: extract-maven-artifacts
name: Extract Keycloak Maven artifacts
shell: bash
run: tar -C ~/ --use-compress-program unzstd -xf m2-keycloak.tzts

28
.github/actions/maven-cache/action.yml vendored Normal file
View File

@ -0,0 +1,28 @@
name: Maven Cache
description: Caches Maven artifacts
runs:
using: composite
steps:
- id: weekly-cache-key
name: Key for weekly rotation of cache
shell: bash
run: echo "key=mvn-`date -u "+%Y-%U"`" >> $GITHUB_OUTPUT
- id: cache-maven-repository
name: Maven cache
uses: actions/cache@v3
with:
path: ~/.m2/repository
key: ${{ steps.weekly-cache-key.outputs.key }}
- id: check-maven-cache
name: Check cache has no Keycloak artifacts
if: steps.cache-maven-repository.outputs.cache-hit == 'true'
shell: bash
run: |
if ( stat ~/.m2/repository/org/keycloak &>/dev/null ); then
echo "Found org/keycloak artifacts in Maven repository cache"
ls ~/.m2/repository/org/keycloak
exit 1
fi

17
.github/actions/npm-cache/action.yml vendored Normal file
View File

@ -0,0 +1,17 @@
name: NPM Cache
description: Caches NPM artifacts
runs:
using: composite
steps:
- id: weekly-cache-key
name: Key for weekly rotation of cache
shell: bash
run: echo "key=npm-`date -u "+%Y-%U"`" >> $GITHUB_OUTPUT
- id: cache-npm-repository
name: NPM cache
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ steps.weekly-cache-key.outputs.key }}

26
.github/actions/phantomjs-cache/action.yml vendored Normal file
View File

@ -0,0 +1,26 @@
name: PhantomJS Cache
description: Caches PhantomJS driver
inputs:
version:
description: PhantomJS Driver version
required: false
default: 2.1.1
runs:
using: composite
steps:
- id: cache-phantomjs-driver
name: PhantomJS Driver cache
uses: actions/cache@v3
with:
path: ~/.arquillian/drone
key: phantomjs-${{ inputs.version }}
- id: download-phantomjs-driver
name: Download PhantomJS Driver
if: steps.cache-phantomjs-driver.outputs.cache-hit != 'true'
shell: bash
run: |
mkdir -p ~/.arquillian/drone/phantomjs/${{ inputs.version }}/
curl -L https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-${{ inputs.version }}-linux-x86_64.tar.bz2 --output ~/.arquillian/drone/phantomjs/${{ inputs.version }}/phantomjs-${{ inputs.version }}-linux-x86_64.tar.bz2

26
.github/actions/unit-test-setup/action.yml vendored Normal file
View File

@ -0,0 +1,26 @@
name: Setup unit test
description: Download Maven caches needed for unit tests
inputs:
jdk-dist:
description: JDK distribution
required: false
default: temurin
jdk-version:
description: JDK version
required: false
default: 11
runs:
using: composite
steps:
- id: setup-java
name: Setup Java
uses: actions/setup-java@v3
with:
distribution: ${{ inputs.jdk-dist }}
java-version: ${{ inputs.jdk-version }}
- id: maven-cache
name: Maven cache
uses: ./.github/actions/maven-cache

11
.github/scripts/quickstarts/prepare-server.sh vendored
View File

@ -1,11 +0,0 @@
#!/bin/bash -e
VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec -f keycloak)
unzip ~/.m2/repository/org/keycloak/keycloak-server-dist/${VERSION}/keycloak-server-dist-${VERSION}.zip
mv keycloak-${VERSION} keycloak-dist
keycloak-dist/bin/add-user-keycloak.sh -u admin -p admin
# update QS version to match KC version
mvn versions:set -DnewVersion=$VERSION -DgenerateBackupPoms=false -DgroupId=org.keycloak* -DartifactId=* -Pbump-version -B

48
.github/settings.xml vendored
View File

@ -1,48 +0,0 @@
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
https://maven.apache.org/xsd/settings-1.0.0.xsd">
<profiles>
<profile>
<id>update-policy</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<repositories>
<repository>
<id>central</id>
<name>Maven Central</name>
<url>https://repo.maven.apache.org/maven2</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
<releases>
<updatePolicy>interval:43200</updatePolicy>
</releases>
</repository>
<repository>
<id>jboss-public-repository</id>
<name>Jboss Public</name>
<url>https://repository.jboss.org/nexus/content/groups/public/</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
<releases>
<updatePolicy>interval:43200</updatePolicy>
</releases>
</repository>
<repository>
<id>redhat-enterprise-maven-repository</id>
<name>Red Hat Enterprise Maven Repository</name>
<url>https://maven.repository.redhat.com/ga/</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
<releases>
<updatePolicy>interval:43200</updatePolicy>
</releases>
</repository>
</repositories>
</profile>
</profiles>
</settings>

673
.github/workflows/ci.yml vendored
View File

@ -2,374 +2,198 @@ name: Keycloak CI
on: on:
push: push:
branches-ignore: [main] branches-ignore:
# as the ci.yml contains actions that are required for PRs to be merged, it will always need to run on all PRs - main
pull_request: {} - dependabot/**
pull_request:
schedule: schedule:
- cron: '0 20,23,2,5 * * *' - cron: 0 20,23,2,5 * * *
workflow_dispatch: workflow_dispatch:
env: env:
DEFAULT_JDK_VERSION: 11 DEFAULT_JDK_VERSION: 11
MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120 DEFAULT_JDK_DIST: temurin
concurrency: concurrency:
# Only cancel jobs for new commits on PRs, and always do a complete run on other branches (e.g. `main`). # Only cancel jobs for PR updates
# See: https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value group: ci-${{ github.head_ref || github.run_id }}
group: keycloak-ci-${{ github.head_ref || github.run_id }}
cancel-in-progress: true cancel-in-progress: true
defaults:
run:
shell: bash
jobs: jobs:
build: build:
name: Build name: Build
if: ${{ ( github.event_name != 'schedule' ) || ( github.event_name == 'schedule' && github.repository == 'keycloak/keycloak' ) }} if: github.event_name != 'schedule' || github.repository == 'keycloak/keycloak'
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: ${{ env.DEFAULT_JDK_VERSION }}
cache: 'maven'
- name: Update maven settings
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
- name: Build Keycloak - name: Build Keycloak
run: | uses: ./.github/actions/build-keycloak
./mvnw clean install -nsu -B -e -DskipTests -Pdistribution
./mvnw clean install -nsu -B -e -f testsuite/integration-arquillian/servers/auth-server -Pauth-server-quarkus
./mvnw clean install -nsu -B -e -f testsuite/integration-arquillian/servers/auth-server -Pauth-server-undertow
- name: Store Keycloak artifacts
id: store-keycloak
uses: actions/upload-artifact@v3
with:
name: keycloak-artifacts.zip
retention-days: 1
path: |
~/.m2/repository/org/keycloak
!~/.m2/repository/org/keycloak/**/*.tar.gz
- name: Remove keycloak artifacts before caching
if: steps.cache.outputs.cache-hit != 'true'
run: rm -rf ~/.m2/repository/org/keycloak
# Tests: Regular distribution
unit-tests: unit-tests:
name: Unit Tests name: Base UT
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: build needs: build
timeout-minutes: 30 timeout-minutes: 30
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- uses: actions/setup-java@v3
with: - id: unit-test-setup
distribution: 'temurin' name: Unit test setup
java-version: ${{ env.DEFAULT_JDK_VERSION }} uses: ./.github/actions/unit-test-setup
cache: 'maven'
- name: Update maven settings
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
- name: Cleanup org.keycloak artifacts
run: rm -rf ~/.m2/repository/org/keycloak >/dev/null || true
- name: Download built keycloak
id: download-keycloak
uses: actions/download-artifact@v3
with:
path: ~/.m2/repository/org/keycloak/
name: keycloak-artifacts.zip
- name: Run unit tests - name: Run unit tests
run: | run: ./mvnw install -nsu -B -DskipTestsuite -DskipQuarkus -DskipExamples
if ! ./mvnw install -nsu -B -DskipTestsuite -DskipQuarkus -DskipExamples -f pom.xml; then
find . -path '*/target/surefire-reports/*.xml' | zip -q reports-unit-tests.zip -@
exit 1
fi
- name: Analyze Test and/or Coverage Results base-integration-tests:
uses: runforesight/foresight-test-kit-action@v1.3.0 name: Base IT
if: always() && github.repository == 'keycloak/keycloak'
with:
api_key: ${{ secrets.FORESIGHT_API_KEY }}
test_format: JUNIT
test_framework: JUNIT
test_path: '**/target/surefire-reports/*.xml'
- name: Unit test reports
uses: actions/upload-artifact@v3
if: failure()
with:
name: reports-unit-tests
retention-days: 14
path: reports-unit-tests.zip
if-no-files-found: ignore
crypto-tests:
name: Crypto Tests
runs-on: ubuntu-latest
needs: build
timeout-minutes: 20
steps:
- uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: ${{ env.DEFAULT_JDK_VERSION }}
cache: 'maven'
- name: Update maven settings
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
- name: Cleanup org.keycloak artifacts
run: rm -rf ~/.m2/repository/org/keycloak >/dev/null || true
- name: Download built keycloak
id: download-keycloak
uses: actions/download-artifact@v3
with:
path: ~/.m2/repository/org/keycloak/
name: keycloak-artifacts.zip
- name: Run crypto tests (BCFIPS non-approved mode)
run: |
if ! ./mvnw install -nsu -B -f crypto/pom.xml -Dcom.redhat.fips=true; then
find . -path 'crypto/target/surefire-reports/*.xml' | zip -q reports-crypto-tests.zip -@
exit 1
fi
- name: Run crypto tests (BCFIPS approved mode)
run: |
if ! ./mvnw install -nsu -B -f crypto/pom.xml -Dcom.redhat.fips=true -Dorg.bouncycastle.fips.approved_only=true; then
find . -path 'crypto/target/surefire-reports/*.xml' | zip -q reports-crypto-tests.zip -@
exit 1
fi
- name: Crypto test reports
uses: actions/upload-artifact@v3
if: failure()
with:
name: reports-crypto-tests
retention-days: 14
path: reports-crypto-tests.zip
if-no-files-found: ignore
model-tests:
name: Model Tests
runs-on: ubuntu-latest
needs: build
timeout-minutes: 60
steps:
- uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: ${{ env.DEFAULT_JDK_VERSION }}
cache: 'maven'
- name: Update maven settings
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
- name: Cleanup org.keycloak artifacts
run: rm -rf ~/.m2/repository/org/keycloak >/dev/null || true
- name: Download built keycloak
id: download-keycloak
uses: actions/download-artifact@v3
with:
path: ~/.m2/repository/org/keycloak/
name: keycloak-artifacts.zip
- name: Run model tests
run: |
if ! testsuite/model/test-all-profiles.sh; then
find . -path '*/target/surefire-reports*/*.xml' | zip -q reports-model-tests.zip -@
exit 1
fi
- name: Analyze Test and/or Coverage Results
uses: runforesight/foresight-test-kit-action@v1.3.0
if: always() && github.repository == 'keycloak/keycloak'
with:
api_key: ${{ secrets.FORESIGHT_API_KEY }}
test_format: JUNIT
test_framework: JUNIT
test_path: 'testsuite/model/target/surefire-reports/*.xml'
- name: Model test reports
uses: actions/upload-artifact@v3
if: failure()
with:
name: reports-model-tests
retention-days: 14
path: reports-model-tests.zip
if-no-files-found: ignore
test:
name: Base testsuite
needs: build needs: build
runs-on: ubuntu-latest runs-on: ubuntu-latest
timeout-minutes: 100 timeout-minutes: 100
strategy: strategy:
matrix: matrix:
server: ['quarkus', 'quarkus-map', 'quarkus-map-hot-rod', 'quarkus-map-jpa'] group: [1, 2, 3, 4, 5, 6]
tests: ['group1','group2','group3']
fail-fast: false fail-fast: false
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Check whether HEAD^ contains HotRod storage relevant changes - id: integration-test-setup
run: echo "GIT_HOTROD_RELEVANT_DIFF=$( git diff --name-only HEAD^ | egrep -ic -e '^model/map-hot-rod|^model/map/|^model/build-processor' )" >> $GITHUB_ENV name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Check whether HotRod storage matrix should be executed
if: ${{ endsWith(matrix.server, '-map-hot-rod') && env.GIT_HOTROD_RELEVANT_DIFF == 0 }}
run: echo "SHOULD_BE_EXECUTED=false" >> $GITHUB_ENV
- name: Check whether HEAD^ contains JPA map storage relevant changes
run: echo "GIT_MAP_JPA_RELEVANT_DIFF=$( git diff --name-only HEAD^ | egrep -ic -e '^model/map-jpa/|^model/map/|^model/build-processor' )" >> $GITHUB_ENV
- name: Check whether Map-JPA storage matrix should be executed
if: ${{ endsWith(matrix.server, '-map-jpa') && env.GIT_MAP_JPA_RELEVANT_DIFF == 0 }}
run: echo "SHOULD_BE_EXECUTED=false" >> $GITHUB_ENV
- name: Cache Maven packages
if: ${{ github.event_name != 'pull_request' || env.SHOULD_BE_EXECUTED != 'false' }}
uses: actions/cache@v3
with:
path: ~/.m2/repository
key: cache-2-${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: cache-1-${{ runner.os }}-m2
- name: Download built keycloak
if: ${{ github.event_name != 'pull_request' || env.SHOULD_BE_EXECUTED != 'false' }}
id: download-keycloak
uses: actions/download-artifact@v3
with:
path: ~/.m2/repository/org/keycloak/
name: keycloak-artifacts.zip
# - name: List M2 repo
# run: |
# find ~ -name *dist*.zip
# ls -lR ~/.m2/repository
- uses: actions/setup-java@v3
if: ${{ github.event_name != 'pull_request' || env.SHOULD_BE_EXECUTED != 'false' }}
with:
distribution: 'temurin'
java-version: ${{ env.DEFAULT_JDK_VERSION }}
- name: Update maven settings
if: ${{ github.event_name != 'pull_request' || env.SHOULD_BE_EXECUTED != 'false' }}
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
- name: Prepare test providers
if: ${{ matrix.server == 'quarkus' || matrix.server == 'quarkus-map' }}
run: ./mvnw clean install -nsu -B -e -f testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers -Pauth-server-quarkus
- name: Run base tests - name: Run base tests
if: ${{ github.event_name != 'pull_request' || env.SHOULD_BE_EXECUTED != 'false' }}
run: | run: |
declare -A PARAMS TESTGROUP TESTS=`testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh ${{ matrix.group }}`
PARAMS["quarkus"]="-Pauth-server-quarkus" echo "Tests: $TESTS"
PARAMS["quarkus-map"]="-Pauth-server-quarkus -Pmap-storage -Dpageload.timeout=90000" ./mvnw install -nsu -B -Pauth-server-quarkus -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base | misc/log/trimmer.sh
PARAMS["quarkus-map-hot-rod"]="-Pauth-server-quarkus -Pmap-storage,map-storage-hot-rod -Dpageload.timeout=90000"
PARAMS["quarkus-map-jpa"]="-Pauth-server-quarkus -Pmap-storage,map-storage-jpa -Dpageload.timeout=90000"
TESTGROUP["group1"]="-Dtest=!**.crossdc.**,!**.cluster.**,%regex[org.keycloak.testsuite.(a[abc]|ad[a-l]|[^a-q]).*]" # Tests alphabetically before admin tests and those after "r"
TESTGROUP["group2"]="-Dtest=!**.crossdc.**,!**.cluster.**,%regex[org.keycloak.testsuite.(ad[^a-l]|a[^a-d]|b).*]" # Admin tests and those starting with "b"
TESTGROUP["group3"]="-Dtest=!**.crossdc.**,!**.cluster.**,%regex[org.keycloak.testsuite.([c-q]).*]" # All the rest
./mvnw clean install -nsu -B ${PARAMS["${{ matrix.server }}"]} ${TESTGROUP["${{ matrix.tests }}"]} -f testsuite/integration-arquillian/tests/base/pom.xml | misc/log/trimmer.sh quarkus-integration-tests:
name: Quarkus IT
needs: build
runs-on: ubuntu-latest
timeout-minutes: 115
strategy:
matrix:
server: [zip, container, storage]
fail-fast: false
env:
MAVEN_OPTS: -Xmx1024m
steps:
- uses: actions/checkout@v3
TEST_RESULT=${PIPESTATUS[0]} - id: unit-test-setup
find . -path '*/target/surefire-reports/*.xml' | zip -q reports-${{ matrix.server }}-base-tests-${{ matrix.tests }}.zip -@ name: Unit test setup
exit $TEST_RESULT uses: ./.github/actions/unit-test-setup
- name: Analyze Test and/or Coverage Results - name: Run Quarkus integration Tests
uses: runforesight/foresight-test-kit-action@v1.3.0 run: |
if: always() && github.repository == 'keycloak/keycloak' declare -A PARAMS
PARAMS["zip"]=""
PARAMS["container"]="-Dkc.quarkus.tests.dist=docker"
PARAMS["storage"]="-Ptest-database -Dtest=PostgreSQLDistTest,MariaDBDistTest#testSuccessful,MySQLDistTest#testSuccessful,DatabaseOptionsDistTest,JPAStoreDistTest,HotRodStoreDistTest,MixedStoreDistTest"
./mvnw install -nsu -B -pl quarkus/tests/integration -am -DskipTests
./mvnw test -nsu -B -pl quarkus/tests/integration ${PARAMS["${{ matrix.server }}"]} | misc/log/trimmer.sh
jdk-integration-tests:
name: Java Distribution IT
needs: build
runs-on: ubuntu-latest
timeout-minutes: 100
strategy:
matrix:
dist: [temurin]
version: [17, 19]
fail-fast: false
steps:
- uses: actions/checkout@v3
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
with: with:
api_key: ${{ secrets.FORESIGHT_API_KEY }} jdk-dist: ${{ matrix.dist }}
test_format: JUNIT jdk-version: ${{ matrix.version }}
test_framework: JUNIT
test_path: 'testsuite/integration-arquillian/tests/base/target/surefire-reports/*.xml'
- name: Base test reports - name: Prepare Quarkus distribution with current JDK
uses: actions/upload-artifact@v3 run: ./mvnw install -nsu -B -e -pl testsuite/integration-arquillian/servers/auth-server/quarkus
if: failure()
with:
name: reports-${{ matrix.server }}-base-tests-${{ matrix.tests }}
retention-days: 14
path: reports-${{ matrix.server }}-base-tests-${{ matrix.tests }}.zip
if-no-files-found: ignore
test-fips: - name: Run base tests
name: Base testsuite (fips) run: |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh jdk`
echo "Tests: $TESTS"
./mvnw install -nsu -B -Pauth-server-quarkus -Pdb-${{ matrix.db }} -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base | misc/log/trimmer.sh
new-store-integration-tests:
name: New Store IT
needs: build needs: build
runs-on: ubuntu-latest runs-on: ubuntu-latest
timeout-minutes: 45 timeout-minutes: 45
strategy: strategy:
matrix: matrix:
server: ['bcfips-nonapproved-pkcs12'] db: [chm, hot-rod, jpa]
tests: ['group1', 'group2']
fail-fast: false fail-fast: false
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Cache Maven packages - id: integration-test-setup
uses: actions/cache@v3 name: Integration test setup
with: uses: ./.github/actions/integration-test-setup
path: ~/.m2/repository
key: cache-2-${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: cache-1-${{ runner.os }}-m2
- name: Download built keycloak
id: download-keycloak
uses: actions/download-artifact@v3
with:
path: ~/.m2/repository/org/keycloak/
name: keycloak-artifacts.zip
# - name: List M2 repo
# run: |
# find ~ -name *dist*.zip
# ls -lR ~/.m2/repository
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: ${{ env.DEFAULT_JDK_VERSION }}
- name: Update maven settings
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
- name: Prepare quarkus distribution with BCFIPS
run: ./mvnw clean install -nsu -B -e -f testsuite/integration-arquillian/servers/auth-server/quarkus -Pauth-server-quarkus,auth-server-fips140-2
- name: Run base tests - name: Run base tests
run: | run: |
declare -A PARAMS TESTGROUP declare -A PARAMS
PARAMS["bcfips-nonapproved-pkcs12"]="-Pauth-server-quarkus,auth-server-fips140-2" PARAMS["chm"]="-Pmap-storage -Dpageload.timeout=90000"
# Tests in the package "forms" and some keystore related tests PARAMS["hot-rod"]="-Pmap-storage,map-storage-hot-rod -Dpageload.timeout=90000"
TESTGROUP["group1"]="-Dtest=org.keycloak.testsuite.forms.**,ClientAuthSignedJWTTest,CredentialsTest,JavaKeystoreKeyProviderTest,ServerInfoTest,UserFederationLdapConnectionTest,LDAPUserLoginTest" PARAMS["jpa"]="-Pmap-storage,map-storage-jpa -Dpageload.timeout=90000"
TESTGROUP["group2"]="-Dtest=org.keycloak.testsuite.x509.**,MutualTLSClientTest,FAPI1Test,FAPICIBATest,KcRegTest,KcRegCreateTest,KcAdmTest,KcAdmCreateTest" # Tests for X.509 authentication with users and clients and CLI tests
./mvnw clean install -nsu -B ${PARAMS["${{ matrix.server }}"]} ${TESTGROUP["${{ matrix.tests }}"]} -f testsuite/integration-arquillian/tests/base/pom.xml | misc/log/trimmer.sh
TEST_RESULT=${PIPESTATUS[0]}
find . -path '*/target/surefire-reports/*.xml' | zip -q reports-${{ matrix.server }}-base-tests-${{ matrix.tests }}.zip -@
exit $TEST_RESULT
- name: Analyze Test and/or Coverage Results TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh database`
uses: runforesight/foresight-test-kit-action@v1.3.0 echo "Tests: $TESTS"
if: always() && github.repository == 'keycloak/keycloak' ./mvnw install -nsu -B -Pauth-server-quarkus ${PARAMS["${{ matrix.db }}"]} -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base | misc/log/trimmer.sh
with:
api_key: ${{ secrets.FORESIGHT_API_KEY }}
test_format: JUNIT
test_framework: JUNIT
test_path: 'testsuite/integration-arquillian/tests/base/target/surefire-reports/*.xml'
- name: Base test reports legacy-store-integration-tests:
uses: actions/upload-artifact@v3 name: Legacy Store IT
if: failure() needs: build
with: runs-on: ubuntu-latest
name: reports-${{ matrix.server }}-base-tests-${{ matrix.tests }} timeout-minutes: 45
retention-days: 14 strategy:
path: reports-${{ matrix.server }}-base-tests-${{ matrix.tests }}.zip matrix:
if-no-files-found: ignore db: [postgres, mysql] # 'mariadb' is not always shutting down, 'mssql', 'oracle11g' containers not available
fail-fast: false
steps:
- uses: actions/checkout@v3
### Tests: Quarkus distribution - id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
quarkus-test-cluster: - name: Run base tests
name: Quarkus Test Clustering run: |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh database`
echo "Tests: $TESTS"
./mvnw install -nsu -B -Pauth-server-quarkus -Pdb-${{ matrix.db }} -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base | misc/log/trimmer.sh
store-model-tests:
name: Store Model Tests
runs-on: ubuntu-latest
needs: build
timeout-minutes: 60
steps:
- uses: actions/checkout@v3
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Run model tests
run: testsuite/model/test-all-profiles.sh
clustering-integration-tests:
name: Legacy Clustering IT
needs: build needs: build
runs-on: ubuntu-latest runs-on: ubuntu-latest
timeout-minutes: 35 timeout-minutes: 35
@ -378,181 +202,86 @@ jobs:
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- uses: actions/setup-java@v3 - id: integration-test-setup
with: name: Integration test setup
distribution: 'temurin' uses: ./.github/actions/integration-test-setup
java-version: ${{ env.DEFAULT_JDK_VERSION }}
cache: 'maven'
- name: Cleanup org.keycloak artifacts - name: Run cluster tests
run: rm -rf ~/.m2/repository/org/keycloak >/dev/null || true
- name: Download built keycloak
id: download-keycloak
uses: actions/download-artifact@v3
with:
path: ~/.m2/repository/org/keycloak/
name: keycloak-artifacts.zip
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: ${{ env.DEFAULT_JDK_VERSION }}
- name: Update maven settings
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
- name: Run Quarkus cluster tests
run: | run: |
echo '::group::Compiling testsuite' ./mvnw install -nsu -B -Pauth-server-cluster-quarkus -Dsession.cache.owners=2 -Dtest=**.cluster.** -pl testsuite/integration-arquillian/tests/base | misc/log/trimmer.sh
./mvnw clean install -nsu -B -Pauth-server-quarkus -DskipTests -f testsuite/pom.xml
echo '::endgroup::'
./mvnw clean install -nsu -B -Pauth-server-cluster-quarkus -Dsession.cache.owners=2 -Dtest=**.cluster.** -f testsuite/integration-arquillian/pom.xml | misc/log/trimmer.sh
TEST_RESULT=${PIPESTATUS[0]}
find . -path '*/target/surefire-reports/*.xml' | zip -q reports-quarkus-cluster-tests.zip -@
exit $TEST_RESULT
- name: Analyze Test and/or Coverage Results fips-unit-tests:
uses: runforesight/foresight-test-kit-action@v1.3.0 name: FIPS UT
if: always() && github.repository == 'keycloak/keycloak'
with:
api_key: ${{ secrets.FORESIGHT_API_KEY }}
test_format: JUNIT
test_framework: JUNIT
test_path: 'testsuite/integration-arquillian/tests/base/target/surefire-reports/*.xml'
- name: Quarkus cluster test reports
uses: actions/upload-artifact@v3
if: failure()
with:
name: reports-quarkus-cluster-tests
retention-days: 14
path: reports-quarkus-cluster-tests.zip
if-no-files-found: ignore
### Tests: Quarkus distribution
quarkus-tests:
name: Quarkus Tests
needs: build
runs-on: ubuntu-latest runs-on: ubuntu-latest
timeout-minutes: 115 needs: build
env: timeout-minutes: 20
MAVEN_OPTS: -Xmx1024m
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: ${{ env.DEFAULT_JDK_VERSION }}
cache: 'maven'
- name: Cleanup org.keycloak artifacts
run: rm -rf ~/.m2/repository/org/keycloak >/dev/null || true
- name: Download built keycloak - id: unit-test-setup
id: download-keycloak name: Unit test setup
uses: actions/download-artifact@v3 uses: ./.github/actions/unit-test-setup
with:
path: ~/.m2/repository/org/keycloak/
name: keycloak-artifacts.zip
- name: Update maven settings
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
- name: Prepare the local distribution archives - name: Run crypto tests (BCFIPS non-approved mode)
run: ./mvnw clean install -DskipTests -Pdistribution run: ./mvnw install -nsu -B -am -pl crypto/default,crypto/fips1402,crypto/elytron -Dcom.redhat.fips=true
- name: Run Quarkus Integration Tests - name: Run crypto tests (BCFIPS approved mode)
run: ./mvnw install -nsu -B -am -pl crypto/default,crypto/fips1402,crypto/elytron -Dcom.redhat.fips=true -Dorg.bouncycastle.fips.approved_only=true
fips-integration-tests:
name: FIPS IT
needs: build
runs-on: ubuntu-latest
timeout-minutes: 45
steps:
- uses: actions/checkout@v3
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Prepare Quarkus distribution with BCFIPS
run: ./mvnw install -nsu -B -e -pl testsuite/integration-arquillian/servers/auth-server/quarkus -Pauth-server-quarkus,auth-server-fips140-2
- name: Run base tests
run: | run: |
./mvnw clean install -nsu -B -f quarkus/tests/pom.xml | misc/log/trimmer.sh TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh fips`
TEST_RESULT=${PIPESTATUS[0]} echo "Tests: $TESTS"
find . -path '*/target/surefire-reports/*.xml' | zip -q reports-quarkus-tests.zip -@ ./mvnw install -nsu -B -Pauth-server-quarkus,auth-server-fips140-2 -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base | misc/log/trimmer.sh
exit $TEST_RESULT
- name: Run Quarkus Storage Tests check-set-status:
run: | name: Set check conclusion
./mvnw clean install -nsu -B -f quarkus/tests/pom.xml -Ptest-database -Dtest=PostgreSQLDistTest,MariaDBDistTest#testSuccessful,MySQLDistTest#testSuccessful,DatabaseOptionsDistTest,JPAStoreDistTest,HotRodStoreDistTest,MixedStoreDistTest | misc/log/trimmer.sh needs:
TEST_RESULT=${PIPESTATUS[0]} - unit-tests
find . -path '*/target/surefire-reports/*.xml' | zip -q reports-quarkus-tests.zip -@ - base-integration-tests
exit $TEST_RESULT - quarkus-integration-tests
- jdk-integration-tests
- new-store-integration-tests
- legacy-store-integration-tests
- store-model-tests
- clustering-integration-tests
- fips-unit-tests
- fips-integration-tests
runs-on: ubuntu-latest
outputs:
conclusion: ${{ steps.check.outputs.conclusion }}
- name: Run Quarkus Tests in Docker steps:
run: | - uses: actions/checkout@v3
./mvnw clean install -nsu -B -f quarkus/tests/pom.xml -Dkc.quarkus.tests.dist=docker -Dtest=StartCommandDistTest | misc/log/trimmer.sh
TEST_RESULT=${PIPESTATUS[0]}
exit $TEST_RESULT
- name: Analyze Test and/or Coverage Results - id: check
uses: runforesight/foresight-test-kit-action@v1.3.0 uses: ./.github/actions/checks-success
if: always() && github.repository == 'keycloak/keycloak'
check:
name: Check
if: always() && ( github.event_name != 'schedule' || github.repository == 'keycloak/keycloak' )
needs: [check-set-status]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Check status
uses: ./.github/actions/checks-job-pass
with: with:
api_key: ${{ secrets.FORESIGHT_API_KEY }} conclusion: ${{ needs.check-set-status.outputs.conclusion }}
test_format: JUNIT
test_framework: JUNIT
test_path: 'quarkus/tests/integration/target/surefire-reports/*.xml'
- name: Quarkus test reports
uses: actions/upload-artifact@v3
if: failure()
with:
name: reports-quarkus-tests
retention-days: 14
path: reports-quarkus-tests.zip
if-no-files-found: ignore
# NOTE: WebAuthn tests can be enabled once the issue #12621 is resolved
#
# webauthn-test:
# name: WebAuthn Tests
# needs: build
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v2
# with:
# fetch-depth: 2
#
# - name: Check whether this phase should run
# run: echo "GIT_DIFF=$[ $( git diff --name-only HEAD^ | egrep -ic 'webauthn|passwordless' ) ]" >> $GITHUB_ENV
#
# - uses: actions/setup-java@v1
# if: ${{ github.event_name != 'pull_request' || env.GIT_DIFF != 0 }}
# with:
# java-version: ${{ env.DEFAULT_JDK_VERSION }}
#
# - name: Update maven settings
# if: ${{ github.event_name != 'pull_request' || env.GIT_DIFF != 0 }}
# run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
#
# - name: Cache Maven packages
# if: ${{ github.event_name != 'pull_request' || env.GIT_DIFF != 0 }}
# uses: actions/cache@v2
# with:
# path: ~/.m2/repository
# key: cache-1-${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
# restore-keys: cache-1-${{ runner.os }}-m2
#
# - name: Cleanup org.keycloak artifacts
# if: ${{ github.event_name != 'pull_request' || env.GIT_DIFF != 0 }}
# run: rm -rf ~/.m2/repository/org/keycloak >/dev/null || true
#
# - name: Download built keycloak
# if: ${{ github.event_name != 'pull_request' || env.GIT_DIFF != 0 }}
# id: download-keycloak
# uses: actions/download-artifact@v2
# with:
# path: ~/.m2/repository/org/keycloak/
# name: keycloak-artifacts.zip
#
# - name: Run WebAuthn tests
# if: ${{ github.event_name != 'pull_request' || env.GIT_DIFF != 0 }}
# run: |
# mvn clean install -nsu -B -Dbrowser=chrome -Pwebauthn -f testsuite/integration-arquillian/tests/other/pom.xml -Dtest=org.keycloak.testsuite.webauthn.**.*Test | misc/log/trimmer.sh
#
# TEST_RESULT=${PIPESTATUS[0]}
# find . -path '*/target/surefire-reports/*.xml' | zip -q reports-webauthn-tests.zip -@
# exit $TEST_RESULT
#
# - name: WebAuthn test reports
# uses: actions/upload-artifact@v2
# if: failure()
# with:
# name: reports-webauthn-tests
# retention-days: 14
# path: reports-webauthn-tests.zip
# if-no-files-found: ignore

150
.github/workflows/codeql-analysis.yml vendored Normal file
View File

@ -0,0 +1,150 @@
name: CodeQL
on:
push:
branches-ignore:
- main
- dependabot/**
pull_request:
branches: [main]
schedule:
- cron: 0 9 * * 2
concurrency:
# Only cancel jobs for PR updates
group: codeql-analysis-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
defaults:
run:
shell: bash
jobs:
changes:
name: Check changes
if: github.event_name != 'schedule' || github.repository == 'keycloak/keycloak'
runs-on: ubuntu-latest
outputs:
java: ${{ steps.changes.outputs.java }}
themes: ${{ steps.changes.outputs.themes }}
js-adapter: ${{ steps.changes.outputs.js-adapter }}
steps:
- uses: actions/checkout@v3
- id: changes
uses: ./.github/actions/changed-files
java:
name: CodeQL Java
needs: changes
runs-on: ubuntu-latest
if: needs.changes.outputs.java == 'true'
outputs:
conclusion: ${{ steps.check.outputs.conclusion }}
steps:
- uses: actions/checkout@v3
- name: Initialize CodeQL
uses: github/codeql-action/init@v2.1.36
with:
languages: java
- name: Build Keycloak
uses: ./.github/actions/build-keycloak
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2.1.36
with:
wait-for-processing: true
env:
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'
- id: check
uses: ./.github/actions/checks-success
js-adapter:
name: CodeQL JavaScript Adapter
needs: changes
runs-on: ubuntu-latest
if: needs.changes.outputs.js-adapter == 'true'
outputs:
conclusion: ${{ steps.check.outputs.conclusion }}
steps:
- uses: actions/checkout@v3
- name: Initialize CodeQL
uses: github/codeql-action/init@v2.1.36
env:
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"finalize":["--no-run-unnecessary-builds"]}}'
with:
languages: javascript
source-root: adapters/oidc/js/src/
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2.1.36
with:
wait-for-processing: true
env:
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'
- id: check
uses: ./.github/actions/checks-success
themes:
name: CodeQL Themes
needs: changes
runs-on: ubuntu-latest
if: needs.changes.outputs.themes == 'true'
outputs:
conclusion: ${{ steps.check.outputs.conclusion }}
steps:
- uses: actions/checkout@v3
- name: Initialize CodeQL
uses: github/codeql-action/init@v2.1.36
env:
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"finalize":["--no-run-unnecessary-builds"]}}'
with:
languages: javascript
source-root: themes/src/main/
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2.1.36
with:
wait-for-processing: true
env:
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'
- id: check
uses: ./.github/actions/checks-success
check:
name: Check
if: always() && ( github.event_name != 'schedule' || github.repository == 'keycloak/keycloak' )
needs: [changes, java, js-adapter, themes]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: CodeQL Java
uses: ./.github/actions/checks-job-pass
with:
required: ${{ needs.changes.outputs.java }}
conclusion: ${{ needs.java.outputs.conclusion }}
- name: CodeQL JavaScript Adapter
uses: ./.github/actions/checks-job-pass
with:
required: ${{ needs.changes.outputs.js-adapter }}
conclusion: ${{ needs.js-adapter.outputs.conclusion }}
- name: CodeQL Themes
uses: ./.github/actions/checks-job-pass
with:
required: ${{ needs.changes.outputs.themes }}
conclusion: ${{ needs.themes.outputs.conclusion }}

59
.github/workflows/codeql-java-analysis.yml vendored
View File

@ -1,59 +0,0 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
name: "CodeQL Java"
on:
push:
branches-ignore:
- 'main'
- 'dependabot/**'
pull_request:
branches: [main]
paths:
- '**.java'
- '.github/workflows/codeql-java-analysis.yml'
schedule:
- cron: '0 9 * * 2'
concurrency:
# Only run once for latest commit per ref and cancel other (previous) runs.
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120
jobs:
analyze:
name: CodeQL analyze
runs-on: ubuntu-latest
if: github.repository == 'keycloak/keycloak'
steps:
- uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '11'
cache: 'maven'
- name: Update maven settings
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
- name: Initialize CodeQL
uses: github/codeql-action/init@v2.1.36
with:
languages: java
- name: Build Keycloak
run: mvn -B install -DskipTests -DskipQuarkus -DskipTestsuite -DskipExamples -DskipTests
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2.1.36
with:
wait-for-processing: true
env:
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'

62
.github/workflows/codeql-js-adapter-analysis.yml vendored
View File

@ -1,62 +0,0 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
name: "CodeQL JS Adapter"
on:
push:
branches-ignore:
- 'main'
- 'dependabot/**'
pull_request:
branches: [main]
paths:
- 'adapters/oidc/js/**'
- '.github/workflows/codeql-js-adapter-analysis.yml'
schedule:
- cron: '0 9 * * 2'
concurrency:
# Only run once for latest commit per ref and cancel other (previous) runs.
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120
jobs:
analyze:
name: CodeQL analyze
runs-on: ubuntu-latest
if: github.repository == 'keycloak/keycloak'
steps:
- uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '11'
cache: 'maven'
- name: Update maven settings
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
- name: Initialize CodeQL
uses: github/codeql-action/init@v2.1.36
env:
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"finalize":["--no-run-unnecessary-builds"]}}'
with:
languages: javascript
source-root: adapters/oidc/js/
- name: Build Keycloak
run: mvn -B install -DskipTests -DskipQuarkus -DskipTestsuite -DskipExamples -DskipTests
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2.1.36
with:
wait-for-processing: true
env:
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'

62
.github/workflows/codeql-theme-analysis.yml vendored
View File

@ -1,62 +0,0 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
name: "CodeQL Themes"
on:
push:
branches-ignore:
- 'main'
- 'dependabot/**'
pull_request:
branches: [main]
paths:
- 'themes/src/**'
- '.github/workflows/codeql-theme-analysis.yml'
schedule:
- cron: '0 9 * * 2'
concurrency:
# Only run once for latest commit per ref and cancel other (previous) runs.
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120
jobs:
analyze:
name: CodeQL analyze
runs-on: ubuntu-latest
if: github.repository == 'keycloak/keycloak'
steps:
- uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '11'
cache: 'maven'
- name: Update maven settings
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
- name: Initialize CodeQL
uses: github/codeql-action/init@v2.1.36
env:
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"finalize":["--no-run-unnecessary-builds"]}}'
with:
languages: javascript
source-root: themes/
- name: Build Keycloak
run: mvn -B install -DskipTests -DskipQuarkus -DskipTestsuite -DskipExamples -DskipTests
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2.1.36
with:
wait-for-processing: true
env:
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'

139
.github/workflows/operator-ci.yml vendored
View File

@ -2,49 +2,42 @@ name: Keycloak Operator CI
on: on:
push: push:
branches-ignore: [main] branches-ignore:
- main
- dependabot/**
pull_request: pull_request:
paths-ignore:
- '.github/workflows/**'
- '!.github/workflows/operator-ci.yml'
schedule: schedule:
- cron: '0 20,22,0,2,4 * * *' - cron: 0 20,23,2,5 * * *
workflow_dispatch:
env: env:
JDK_VERSION: 11 DEFAULT_JDK_VERSION: 11
MINIKUBE_VERSION: "v1.24.0" DEFAULT_JDK_DIST: temurin
KUBERNETES_VERSION: "v1.22.3" MINIKUBE_VERSION: v1.24.0
MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120 KUBERNETES_VERSION: v1.22.3
defaults:
run:
shell: bash
concurrency: concurrency:
# Only run once for latest commit per ref and cancel other (previous) runs. # Only cancel jobs for PR updates
group: ${{ github.workflow }}-${{ github.ref }} group: operator-ci-${{ github.head_ref || github.run_id }}
cancel-in-progress: true cancel-in-progress: true
jobs: jobs:
build: build:
name: Build distribution name: Build distribution
if: ${{ ( github.event_name != 'schedule' ) || ( github.event_name == 'schedule' && github.repository == 'keycloak/keycloak' ) }} if: github.event_name != 'schedule' || github.repository == 'keycloak/keycloak'
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Update maven settings
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/ - name: Build Keycloak
- uses: actions/setup-java@v3 uses: ./.github/actions/build-keycloak
with: with:
distribution: 'temurin' upload-m2-repo: false
java-version: ${{ env.JDK_VERSION }} upload-dist: true
cache: 'maven'
- name: Create the Keycloak distribution
run: |
mvn clean install -Pdistribution -DskipTests -DskipExamples -DskipTestsuite
- name: Store Keycloak distribution
id: store-keycloak
uses: actions/upload-artifact@v3
with:
name: keycloak-distribution
retention-days: 1
path: quarkus/dist/target/keycloak*.tar.gz
test-local: test-local:
name: Test local name: Test local
@ -52,16 +45,16 @@ jobs:
needs: [build] needs: [build]
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Set outputs
- name: Set version
id: vars id: vars
run: echo "version_local=0.0.1-${GITHUB_SHA::6}" >> $GITHUB_ENV run: echo "version_local=0.0.1-${GITHUB_SHA::6}" >> $GITHUB_ENV
- name: Update maven settings
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
- uses: actions/setup-java@v2 - uses: actions/setup-java@v2
with: with:
distribution: 'temurin' distribution: ${{ env.DEFAULT_JDK_DIST }}
java-version: ${{ env.JDK_VERSION }} java-version: ${{ env.DEFAULT_JDK_VERSION }}
cache: 'maven'
- name: Setup Minikube-Kubernetes - name: Setup Minikube-Kubernetes
uses: manusa/actions-setup-minikube@v2.7.1 uses: manusa/actions-setup-minikube@v2.7.1
with: with:
@ -69,13 +62,15 @@ jobs:
kubernetes version: ${{ env.KUBERNETES_VERSION }} kubernetes version: ${{ env.KUBERNETES_VERSION }}
github token: ${{ secrets.GITHUB_TOKEN }} github token: ${{ secrets.GITHUB_TOKEN }}
driver: docker driver: docker
start args: '--addons=ingress' start args: --addons=ingress
- name: Download keycloak distribution - name: Download keycloak distribution
id: download-keycloak-dist id: download-keycloak-dist
uses: actions/download-artifact@v3 uses: actions/download-artifact@v3
with: with:
name: keycloak-distribution name: keycloak-dist
path: quarkus/container path: quarkus/container
- name: Build Keycloak Docker images - name: Build Keycloak Docker images
run: | run: |
eval $(minikube -p minikube docker-env) eval $(minikube -p minikube docker-env)
@ -84,7 +79,7 @@ jobs:
- name: Test operator running locally - name: Test operator running locally
run: | run: |
mvn clean install -Poperator -pl :keycloak-operator -am \ mvn install -Poperator -pl :keycloak-operator -am \
-Dquarkus.kubernetes.image-pull-policy=IfNotPresent \ -Dquarkus.kubernetes.image-pull-policy=IfNotPresent \
-Doperator.keycloak.image=keycloak:${{ env.version_local }} \ -Doperator.keycloak.image=keycloak:${{ env.version_local }} \
-Dtest.operator.custom.image=custom-keycloak:${{ env.version_local }} \ -Dtest.operator.custom.image=custom-keycloak:${{ env.version_local }} \
@ -97,16 +92,16 @@ jobs:
needs: [build] needs: [build]
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Set outputs
- name: Set version
id: vars id: vars
run: echo "version_remote=0.0.1-${GITHUB_SHA::6}" >> $GITHUB_ENV run: echo "version_remote=0.0.1-${GITHUB_SHA::6}" >> $GITHUB_ENV
- name: Update maven settings
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
- uses: actions/setup-java@v2 - uses: actions/setup-java@v2
with: with:
distribution: 'temurin' distribution: ${{ env.DEFAULT_JDK_DIST }}
java-version: ${{ env.JDK_VERSION }} java-version: ${{ env.DEFAULT_JDK_VERSION }}
cache: 'maven'
- name: Setup Minikube-Kubernetes - name: Setup Minikube-Kubernetes
uses: manusa/actions-setup-minikube@v2.7.1 uses: manusa/actions-setup-minikube@v2.7.1
with: with:
@ -114,13 +109,15 @@ jobs:
kubernetes version: ${{ env.KUBERNETES_VERSION }} kubernetes version: ${{ env.KUBERNETES_VERSION }}
github token: ${{ secrets.GITHUB_TOKEN }} github token: ${{ secrets.GITHUB_TOKEN }}
driver: docker driver: docker
start args: '--addons=ingress' start args: --addons=ingress
- name: Download keycloak distribution - name: Download keycloak distribution
id: download-keycloak-dist id: download-keycloak-dist
uses: actions/download-artifact@v3 uses: actions/download-artifact@v3
with: with:
name: keycloak-distribution name: keycloak-dist
path: quarkus/container path: quarkus/container
- name: Build Keycloak Docker images - name: Build Keycloak Docker images
run: | run: |
eval $(minikube -p minikube docker-env) eval $(minikube -p minikube docker-env)
@ -130,7 +127,7 @@ jobs:
- name: Test operator running in cluster - name: Test operator running in cluster
run: | run: |
eval $(minikube -p minikube docker-env) eval $(minikube -p minikube docker-env)
mvn clean install -Poperator -pl :keycloak-operator -am \ mvn install -Poperator -pl :keycloak-operator -am \
-Dquarkus.container-image.build=true \ -Dquarkus.container-image.build=true \
-Dquarkus.kubernetes.image-pull-policy=IfNotPresent \ -Dquarkus.kubernetes.image-pull-policy=IfNotPresent \
-Doperator.keycloak.image=keycloak:${{ env.version_remote }} \ -Doperator.keycloak.image=keycloak:${{ env.version_remote }} \
@ -145,13 +142,12 @@ jobs:
needs: [build] needs: [build]
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Update maven settings
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
- uses: actions/setup-java@v2 - uses: actions/setup-java@v2
with: with:
distribution: 'temurin' distribution: ${{ env.DEFAULT_JDK_DIST }}
java-version: ${{ env.JDK_VERSION }} java-version: ${{ env.DEFAULT_JDK_VERSION }}
cache: 'maven'
- name: Setup Minikube-Kubernetes - name: Setup Minikube-Kubernetes
uses: manusa/actions-setup-minikube@v2.7.1 uses: manusa/actions-setup-minikube@v2.7.1
with: with:
@ -159,22 +155,27 @@ jobs:
kubernetes version: ${{ env.KUBERNETES_VERSION }} kubernetes version: ${{ env.KUBERNETES_VERSION }}
github token: ${{ secrets.GITHUB_TOKEN }} github token: ${{ secrets.GITHUB_TOKEN }}
driver: docker driver: docker
- name: Install OPM - name: Install OPM
uses: redhat-actions/openshift-tools-installer@v1 uses: redhat-actions/openshift-tools-installer@v1
with: with:
source: "github" source: github
opm: "1.21.0" opm: 1.21.0
- name: Install Yq - name: Install Yq
run: sudo snap install yq run: sudo snap install yq
- name: Install OLM - name: Install OLM
working-directory: operator working-directory: operator
run: ./scripts/install-olm.sh run: ./scripts/install-olm.sh
- name: Download keycloak distribution - name: Download keycloak distribution
id: download-keycloak-dist id: download-keycloak-dist
uses: actions/download-artifact@v3 uses: actions/download-artifact@v3
with: with:
name: keycloak-distribution name: keycloak-dist
path: quarkus/container path: quarkus/container
- name: Arrange OLM test installation - name: Arrange OLM test installation
working-directory: operator working-directory: operator
run: | run: |
@ -192,3 +193,33 @@ jobs:
kubectl apply -f src/main/resources/example-realm.yaml kubectl apply -f src/main/resources/example-realm.yaml
# Wait for the CRs to be ready # Wait for the CRs to be ready
./scripts/check-examples-installed.sh ./scripts/check-examples-installed.sh
check-set-status:
name: Set check conclusion
needs:
- test-local
- test-remote
- test-olm
runs-on: ubuntu-latest
outputs:
conclusion: ${{ steps.check.outputs.conclusion }}
steps:
- uses: actions/checkout@v3
- id: check
uses: ./.github/actions/checks-success
check:
name: Check
if: always() && ( github.event_name != 'schedule' || github.repository == 'keycloak/keycloak' )
needs: [check-set-status]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Check status
uses: ./.github/actions/checks-job-pass
with:
conclusion: ${{ needs.check-set-status.outputs.conclusion }}

45
.github/workflows/snyk-analysis.yml vendored Normal file
View File

@ -0,0 +1,45 @@
name: Snyk
on:
schedule:
- cron: 0 0 * * *
workflow_dispatch:
defaults:
run:
shell: bash
jobs:
analysis:
name: Analysis of Quarkus and Operator
runs-on: ubuntu-latest
if: github.repository == 'keycloak/keycloak'
steps:
- uses: actions/checkout@v3
- name: Build Keycloak
uses: ./.github/actions/build-keycloak
- uses: snyk/actions/setup@master
- name: Check for vulnerabilities in Quarkus
run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=quarkus-report.sarif quarkus
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: Upload Quarkus scanner results to GitHub
uses: github/codeql-action/upload-sarif@v2.1.36
with:
sarif_file: quarkus-report.sarif
- name: Check for vulnerabilities in Operator
run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=operator-report.sarif operator
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: Upload Operator scanner results to GitHub
uses: github/codeql-action/upload-sarif@v2.1.36
with:
sarif_file: operator-report.sarif

68
.github/workflows/snyk.yml vendored
View File

@ -1,68 +0,0 @@
name: "Snyk"
on:
schedule:
- cron: "0 0 * * *"
env:
DEFAULT_JDK_VERSION: 11
MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120
jobs:
quarkus:
name: Quarkus
runs-on: ubuntu-latest
if: ${{ github.repository == 'keycloak/keycloak' }}
steps:
- name: Checkout repository
uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
java-version: ${{ env.DEFAULT_JDK_VERSION }}
distribution: temurin
cache: maven
- name: Build Quarkus
run: mvn -Psnyk-quarkus -pl quarkus/dist -am -DskipTests clean install
- uses: snyk/actions/setup@master
- name: Check for vulnerabilities
run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=quarkus-report.sarif quarkus
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: Upload scanner results to GitHub
uses: github/codeql-action/upload-sarif@v2.1.36
with:
sarif_file: quarkus-report.sarif
operator:
name: Operator
runs-on: ubuntu-latest
if: ${{ github.repository == 'keycloak/keycloak' }}
steps:
- name: Checkout repository
uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
java-version: ${{ env.DEFAULT_JDK_VERSION }}
distribution: temurin
cache: maven
- name: Build Keycloak
run: mvn -Poperator -pl operator -am -DskipTests clean install
- uses: snyk/actions/setup@master
- name: Check for vulnerabilities for the Operator
run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=operator-report.sarif operator
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: Upload scanner results for the Operator to GitHub
uses: github/codeql-action/upload-sarif@v2.1.36
with:
sarif_file: operator-report.sarif

69
.github/workflows/trivy-analysis.yml vendored
View File

@ -1,63 +1,36 @@
name: Trivy name: Trivy
on: on:
workflow_dispatch:
schedule: schedule:
- cron: "0 6 * * *" - cron: 0 6 * * *
workflow_dispatch:
defaults:
run:
shell: bash
jobs: jobs:
quarkus-dist:
name: Vulnerability scanner for Quarkus distribution images analysis:
runs-on: "ubuntu-18.04" name: Vulnerability scanner for nightly containers
runs-on: ubuntu-latest
if: github.repository == 'keycloak/keycloak'
strategy:
matrix:
container: [keycloak, keycloak-operator]
fail-fast: false
steps: steps:
- name: Run Trivy vulnerability scanner - name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5
with: with:
image-ref: 'quay.io/keycloak/keycloak:nightly' image-ref: quay.io/keycloak/${{ matrix.container}}:nightly
format: 'template' format: template
template: '@/contrib/sarif.tpl' template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif' output: trivy-results.sarif
severity: 'MEDIUM,CRITICAL,HIGH' severity: MEDIUM,CRITICAL,HIGH
ignore-unfixed: true ignore-unfixed: true
- name: Upload Trivy scan results to GitHub Security tab - name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2.1.36 uses: github/codeql-action/upload-sarif@v2.1.36
with: with:
sarif_file: 'trivy-results.sarif' sarif_file: trivy-results.sarif
legacy-dist:
name: Vulnerability scanner for WildFly distribution images
runs-on: "ubuntu-18.04"
steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5
with:
image-ref: 'quay.io/keycloak/keycloak:legacy'
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'legacy-results.sarif'
severity: 'MEDIUM,CRITICAL,HIGH'
ignore-unfixed: true
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2.1.36
with:
sarif_file: 'legacy-results.sarif'
keycloak-operator:
name: Vulnerability scanner for Keycloak Operator distribution images
runs-on: "ubuntu-18.04"
steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5
with:
image-ref: 'quay.io/keycloak/keycloak-operator:nightly'
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'operator-results.sarif'
severity: 'MEDIUM,CRITICAL,HIGH'
ignore-unfixed: true
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2.1.36
with:
sarif_file: 'operator-results.sarif'

3
.gitignore vendored
View File

@ -83,3 +83,6 @@ quarkus/data/*.db
# Git ephemeral files # Git ephemeral files
*.versionsBackup *.versionsBackup
# Node.js for frontend-maven-plugin #
node

1
adapters/oidc/js/pom.xml
View File

@ -77,6 +77,7 @@
</executions> </executions>
<configuration> <configuration>
<nodeVersion>${node.version}</nodeVersion> <nodeVersion>${node.version}</nodeVersion>
<installDirectory>../../../</installDirectory>
</configuration> </configuration>
</plugin> </plugin>
</plugins> </plugins>

5
quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/QuarkusPlatform.java
View File

@ -44,6 +44,11 @@ public class QuarkusPlatform implements PlatformProvider {
private static final Logger log = Logger.getLogger(QuarkusPlatform.class); private static final Logger log = Logger.getLogger(QuarkusPlatform.class);
@Override
public String name() {
return "Quarkus";
}
public static void addInitializationException(Throwable throwable) { public static void addInitializationException(Throwable throwable) {
QuarkusPlatform platform = (QuarkusPlatform) Platform.getPlatform(); QuarkusPlatform platform = (QuarkusPlatform) Platform.getPlatform();
platform.addDeferredException(throwable); platform.addDeferredException(throwable);

2
services/src/main/java/org/keycloak/platform/PlatformProvider.java
View File

@ -22,6 +22,8 @@ import java.io.File;
import org.keycloak.Config; import org.keycloak.Config;
public interface PlatformProvider { public interface PlatformProvider {
String name();
void onStartup(Runnable runnable); void onStartup(Runnable runnable);

17
testsuite/integration-arquillian/servers/auth-server/pom.xml
View File

@ -37,21 +37,6 @@
<modules> <modules>
<module>services</module> <module>services</module>
<module>undertow</module> <module>undertow</module>
<module>quarkus</module>
</modules> </modules>
<profiles>
<profile>
<id>auth-server-quarkus</id>
<modules>
<module>quarkus</module>
</modules>
</profile>
<profile>
<id>auth-server-cluster-quarkus</id>
<modules>
<module>quarkus</module>
</modules>
</profile>
</profiles>
</project> </project>

22
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml
View File

@ -115,26 +115,4 @@
</plugin> </plugin>
</plugins> </plugins>
</build> </build>
<profiles>
<profile>
<id>auth-server-quarkus</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<configuration>
<excludes>
<!-- For quarkus we don't want the test provider installed to avoid false positives -->
<!-- Themes from providers are automatically registered -->
<excludes>**/TestThemeResourceProvider**</excludes>
<excludes>**/org.keycloak.theme.ThemeResourceProviderFactory</excludes>
</excludes>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project> </project>

13
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/theme/TestThemeResourceProvider.java
View File

@ -1,11 +1,22 @@
package org.keycloak.testsuite.theme; package org.keycloak.testsuite.theme;
import org.keycloak.platform.Platform;
import org.keycloak.provider.EnvironmentDependentProviderFactory;
import org.keycloak.theme.ClasspathThemeResourceProviderFactory; import org.keycloak.theme.ClasspathThemeResourceProviderFactory;
public class TestThemeResourceProvider extends ClasspathThemeResourceProviderFactory { public class TestThemeResourceProvider extends ClasspathThemeResourceProviderFactory implements EnvironmentDependentProviderFactory {
public TestThemeResourceProvider() { public TestThemeResourceProvider() {
super("test-resources", TestThemeResourceProvider.class.getClassLoader()); super("test-resources", TestThemeResourceProvider.class.getClassLoader());
} }
/**
* Quarkus detects theme resources automatically, so this provider should only be enabled on Undertow
*
* @return true if platform is Undertow
*/
@Override
public boolean isSupported() {
return Platform.getPlatform().name().equals("Undertow");
}
} }

47
testsuite/integration-arquillian/tests/base/testsuites/base-suite Normal file
View File

@ -0,0 +1,47 @@
account,4
actions,1
adapter,2
admin,1
authz,3
broker,3
cli,4
client,4
cluster,IGNORED
composites,4
cookies,4
crossdc,IGNORED
docker,4
domainextension,4
error,4
events,4
exportimport,4
feature,4
federation,5
forms,5
i18n,5
jaas,5
javascript,5
keys,4
login,4
metrics,4
migration,4
model,6
oauth,6
oidc,6
openshift,6
policy,6
runonserver,6
saml,6
script,6
session,6
sessionlimits,6
ssl,6
theme,6
transactions,6
url,6
user,4
util,4
validation,6
vault,4
welcomepage,6
x509,4

43
testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Executable file
View File

@ -0,0 +1,43 @@
#!/bin/bash -e
GROUP="$1"
if [ "$GROUP" == "" ]; then
echo 'Usage: base-suite.sh <group>'
exit
fi
cd "`readlink -f "$0" | xargs dirname`"
TESTSUITE_FILE='base-suite'
TEST_DIR='../src/test/java/org/keycloak/testsuite'
BASE_PACKAGE='org.keycloak.testsuite'
PACKAGES=`cat $TESTSUITE_FILE | grep -v '^[[:space:]]*$' | grep -v '^[[:space:]]*#'`
# Check all packages in testsuite are included
for i in `ls -d $TEST_DIR/*/ | sed "s|$TEST_DIR||g" | sed "s|/||g"`; do
if ( ! cat $TESTSUITE_FILE | grep "^$i," >/dev/null ); then
echo "Package 'org.keycloak.testsuite.$i' not defined in base-suite"
exit 1
fi
done
SEP=""
TESTS=""
for i in `echo $PACKAGES`; do
PACKAGE=`echo $i | cut -d ',' -f 1`
PACKAGE_GROUP=`echo $i | cut -d ',' -f 2`
# Check package exists
if [ ! -d "$TEST_DIR/$PACKAGE" ]; then
echo "Package 'org.keycloak.testsuite.$PACKAGE' not found"
exit 1
fi
if [ "$GROUP" == "$PACKAGE_GROUP" ]; then
TESTS="$TESTS$SEP$BASE_PACKAGE.$PACKAGE.**"
SEP=','
fi
done
echo "$TESTS"

18
testsuite/integration-arquillian/tests/base/testsuites/database-suite Normal file
View File

@ -0,0 +1,18 @@
AccountRestServiceTest
AuthorizationCodeTest
AuthorizationTest
ClientRegistrationTest
EventStoreProviderTest
ExportImportTest
GeneratedRsaKeyProviderTest
KcOidcBrokerTest
LDAPUserLoginTest
LoginTest
PasswordPolicyTest
RequiredActionUpdateProfileTest
SSOTest
SamlClientTest
TransactionsTest
UserProfileTest
org.keycloak.testsuite.admin.**
org.keycloak.testsuite.authz.**ManagementTest

15
testsuite/integration-arquillian/tests/base/testsuites/fips-suite Normal file
View File

@ -0,0 +1,15 @@
org.keycloak.testsuite.forms.**
ClientAuthSignedJWTTest
CredentialsTest
JavaKeystoreKeyProviderTest
ServerInfoTest
UserFederationLdapConnectionTest
LDAPUserLoginTest
org.keycloak.testsuite.x509.**
MutualTLSClientTest
FAPI1Test
FAPICIBATest
KcRegTest
KcRegCreateTest
KcAdmTest
KcAdmCreateTest

17
testsuite/integration-arquillian/tests/base/testsuites/jdk-suite Normal file
View File

@ -0,0 +1,17 @@
AccountRestServiceTest
AuthorizationCodeTest
CredentialsTest
DeployedScriptAuthenticatorTest
ExportImportTest
GeneratedRsaKeyProviderTest
JavaKeystoreKeyProviderTest
KcOidcBrokerTest
KerberosLdapTest
LDAPUserLoginTest
LoginTest
MutualTLSClientTest
PasswordPolicyTest
SSOTest
SamlClientTest
TransactionsTest
X509BrowserLoginTest

35
testsuite/integration-arquillian/tests/base/testsuites/suite.sh Executable file
View File

@ -0,0 +1,35 @@
#!/bin/bash -e
GROUP="$1"
if [ "$GROUP" == "" ]; then
echo 'Usage: suite.sh <group>'
exit
fi
cd "`readlink -f "$0" | xargs dirname`"
TEST_DIR="../src/test/java/"
SUITE_FILE="$GROUP-suite"
if [ ! -f "$SUITE_FILE" ]; then
echo "$SUITE_FILE not found"
exit 1
fi
SEP=""
TESTS=""
for i in `cat "$SUITE_FILE" | grep -v '^[[:space:]]*$' | grep -v '^[[:space:]]*#'`; do
# Check test exists, ignoring checking packages for now
if [[ "$i" != *'.'* ]]; then
SEARCH=`find "$TEST_DIR" -name "$i.java"`
if [ "$SEARCH" == "" ]; then
echo "$i not found in testsuite"
exit 1
fi
fi
TESTS="$TESTS$SEP$i"
SEP=","
done
echo "$TESTS"

5
testsuite/utils/src/main/java/org/keycloak/testsuite/TestPlatform.java
View File

@ -41,6 +41,11 @@ public class TestPlatform implements PlatformProvider {
); );
} }
@Override
public String name() {
return "Undertow";
}
@Override @Override
public void onStartup(Runnable startupHook) { public void onStartup(Runnable startupHook) {
startupHook.run(); startupHook.run();

4
themes/pom.xml
View File

@ -134,7 +134,7 @@
</executions> </executions>
<configuration> <configuration>
<nodeVersion>${node.version}</nodeVersion> <nodeVersion>${node.version}</nodeVersion>
<installDirectory>${project.basedir}</installDirectory> <installDirectory>../</installDirectory>
</configuration> </configuration>
</plugin> </plugin>
</plugins> </plugins>
@ -187,7 +187,7 @@
</executions> </executions>
<configuration> <configuration>
<nodeVersion>${node.version}</nodeVersion> <nodeVersion>${node.version}</nodeVersion>
<installDirectory>${project.basedir}</installDirectory> <installDirectory>../</installDirectory>
</configuration> </configuration>
</plugin> </plugin>
</plugins> </plugins>