[ACS-8862] bump Keycloak to 25.0.6 and kecloakx to 2.5.1 #269
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Alfresco Identity Service CI | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - AUTH-** | |
| - OPSEXP-** | |
| - feature/** | |
| - fix/** | |
| - release/** | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "0 5 * * 3" | |
| env: | |
| S3_ARTIFACTS_BUCKET: ${{ secrets.S3_ARTIFACTS_BUCKET }} | |
| AUTH0_CLIENT_ID: ${{ secrets.AUTH0_CLIENT_ID }} | |
| AUTH0_CLIENT_SECRET: ${{ secrets.AUTH0_CLIENT_SECRET }} | |
| MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }} | |
| MAVEN_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} | |
| HELM_DOCS_VERSION: 1.11.0 | |
| AWS_REGION: eu-west-1 | |
| jobs: | |
| pre-commit: | |
| name: "Pre-commit" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "Install helm-docs" | |
| run: | | |
| curl -fsSL https://github.com/norwoodj/helm-docs/releases/download/v$HELM_DOCS_VERSION/helm-docs_${HELM_DOCS_VERSION}_$(uname)_x86_64.tar.gz | sudo tar xz -C /usr/local/bin/ helm-docs | |
| helm-docs --version | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v7.0.0 | |
| build: | |
| name: "Build" | |
| runs-on: ubuntu-latest | |
| needs: pre-commit | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0 | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0 | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_S3_PIPELINE_AMPS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_S3_PIPELINE_AMPS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: "Build" | |
| id: build | |
| run: | | |
| source distribution/build.properties | |
| export KEYCLOAK_VERSION=${KEYCLOAK_VERSION} | |
| echo "KEYCLOAK_VERSION=${KEYCLOAK_VERSION}" | |
| # build and package | |
| cd distribution | |
| make || { echo "Command failed with error code $?"; sleep 1; exit 1; } | |
| # upload ZIP file to S3 bucket | |
| aws s3 cp alfresco-keycloak-${KEYCLOAK_VERSION}.md5 s3://${S3_ARTIFACTS_BUCKET}/ci-${BUILD_NUMBER}/ | |
| aws s3 cp alfresco-keycloak-${KEYCLOAK_VERSION}.zip s3://${S3_ARTIFACTS_BUCKET}/ci-${BUILD_NUMBER}/ | |
| test_linux: | |
| name: "Test on Linux" | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: ${{ !contains(github.event.head_commit.message, '[skip tests]') }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0 | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0 | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_S3_PIPELINE_AMPS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_S3_PIPELINE_AMPS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: "Test" | |
| run: | | |
| source distribution/build.properties | |
| export KEYCLOAK_VERSION=${KEYCLOAK_VERSION} | |
| echo "KEYCLOAK_VERSION=${KEYCLOAK_VERSION}" | |
| aws s3 cp s3://${S3_ARTIFACTS_BUCKET}/ci-${BUILD_NUMBER}/alfresco-keycloak-${KEYCLOAK_VERSION}.zip . | |
| ./distribution/tests/endpoints.sh | |
| test_windows: | |
| name: "Test on Windows" | |
| runs-on: windows-latest | |
| needs: build | |
| if: ${{ !contains(github.event.head_commit.message, '[skip tests]') }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0 | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_S3_PIPELINE_AMPS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_S3_PIPELINE_AMPS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: "Get BUILD_NUMBER" | |
| run: | | |
| echo "BUILD_NUMBER=$env:GITHUB_RUN_NUMBER" | Out-File -FilePath $env:GITHUB_ENV -Append | |
| echo $env:GITHUB_RUN_NUMBER | |
| - name: "Test" | |
| run: | | |
| $Props = convertfrom-stringdata (get-content ./distribution/build.properties -raw) | |
| $env:KEYCLOAK_VERSION = $Props.'KEYCLOAK_VERSION' | |
| echo "KEYCLOAK_VERSION=$env:KEYCLOAK_VERSION" | |
| aws s3 ls s3://$env:S3_ARTIFACTS_BUCKET/ci-$env:BUILD_NUMBER/ | |
| aws s3 cp s3://$env:S3_ARTIFACTS_BUCKET/ci-$env:BUILD_NUMBER/alfresco-keycloak-$env:KEYCLOAK_VERSION.zip . | |
| unzip alfresco-keycloak-$env:KEYCLOAK_VERSION.zip | |
| cd alfresco-keycloak-$env:KEYCLOAK_VERSION/bin | |
| powershell -Command Get-ExecutionPolicy | |
| powershell -Command 'Set-ExecutionPolicy unrestricted' | |
| powershell -Command $env:GITHUB_WORKSPACE/distribution/tests/endpoints_ps.ps1 | |
| powershell -Command $env:GITHUB_WORKSPACE/distribution/tests/endpoints_bat.ps1 | |
| test_helm: | |
| name: "Test Helm Chart" | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: ${{ !contains(github.event.head_commit.message, '[skip tests]') }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0 | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0 | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_S3_PIPELINE_AMPS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_S3_PIPELINE_AMPS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Login to Quay.io | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.QUAY_USERNAME }} | |
| password: ${{ secrets.QUAY_PASSWORD }} | |
| - name: Setup cluster | |
| uses: Alfresco/alfresco-build-tools/.github/actions/setup-kind@v7.0.0 | |
| - name: Create registries auth secret | |
| run: | | |
| kubectl create secret generic regcred \ | |
| --from-file=.dockerconfigjson=$HOME/.docker/config.json \ | |
| --type=kubernetes.io/dockerconfigjson | |
| - name: "Prepare test environment" | |
| run: | | |
| openssl aes-256-cbc -K ${{ secrets.ENCRYPTED_E69BEC42AE64_KEY }} -iv ${{ secrets.ENCRYPTED_E69BEC42AE64_IV }} -in test/scripts/config-files/realmRsaKeys.json.enc -out test/scripts/config-files/realmRsaKeys.json -d | |
| - name: "Set KC_BUILD_NAME" | |
| run: | | |
| KC_BUILD_NAME=$(echo ${BRANCH_NAME} | cut -c1-28 | tr /_ - | tr -d [:punct:] | awk '{print tolower($0)}')-${BUILD_NUMBER} | |
| echo "KC_BUILD_NAME=$KC_BUILD_NAME" >> "$GITHUB_ENV" | |
| echo $KC_BUILD_NAME | |
| - name: "Test" | |
| run: | | |
| set +e | |
| export HOST=localhost | |
| export release_name_kc=kc | |
| export openldap_release=openldap | |
| # install openldap | |
| helm upgrade --install $openldap_release --repo https://geek-cookbook.github.io/helm-openldap openldap --version 1.2.9 \ | |
| -f test/scripts/ldap-config.yaml \ | |
| --wait | |
| # install Keycloak | |
| helm dep up helm/alfresco-keycloak | |
| helm upgrade --install $release_name_kc helm/alfresco-keycloak \ | |
| --values helm/alfresco-keycloak/ci/ci-values.yaml \ | |
| --set ingress.hostName=$HOST \ | |
| --set realm.alfresco.client.redirectUris[0]="https://${HOST}\*" \ | |
| --set realm.alfresco.client.webOrigins[0]="https://${HOST}\*" \ | |
| --set keycloakx.command[0]="/opt/keycloak/bin/kc.sh" \ | |
| --set keycloakx.command[1]="start" \ | |
| --set keycloakx.command[2]="--import-realm" \ | |
| --set keycloakx.command[3]="--http-relative-path=/auth" \ | |
| --set keycloakx.command[4]="--hostname=${HOST}" \ | |
| --set keycloakx.imagePullSecrets[0].name="regcred" \ | |
| --wait | |
| # Set IDP Config | |
| ./test/scripts/set_idp_config.sh | |
| postman_image=postman/newman_alpine33:3.9.2 | |
| # run Keycloak checks | |
| docker run -a STDOUT --volume $PWD/test/postman:/etc/newman --network host $postman_image run "keycloak-test-collection.json" --insecure --global-var "keycloak_host=$HOST" | |
| TEST_RESULT=$? | |
| echo "TEST_RESULT=${TEST_RESULT}" | |
| if [[ "${TEST_RESULT}" == "0" ]]; then | |
| docker run -a STDOUT --volume $PWD/test/postman:/etc/newman --network host $postman_image run "change-keycloak-access-token-lifespan-collection.json" --insecure --global-var "keycloak_host=$HOST" | |
| ./test/helm/delete_keycloak_pods.sh | |
| docker run -a STDOUT --volume $PWD/test/postman:/etc/newman --network host $postman_image run "check-keycloak-access-token-lifespan-change-persisted.json" --insecure --global-var "keycloak_host=$HOST" | |
| TEST_RESULT=$? | |
| echo "TEST_RESULT=${TEST_RESULT}" | |
| fi | |
| if [[ "${TEST_RESULT}" == "0" ]]; then | |
| docker run -a STDOUT --volume $PWD/test/postman:/etc/newman --network host $postman_image run "ldap-user-provider-tests.postman_collection.json" -d "ldap-test-data.json" --insecure --global-var "keycloak_host=$HOST" | |
| TEST_RESULT=$? | |
| echo "TEST_RESULT=${TEST_RESULT}" | |
| fi | |
| if [[ "${TEST_RESULT}" == "0" ]]; then | |
| cd test/scripts | |
| ./auth0-api.sh create $KC_BUILD_NAME https://$HOST | |
| ./configure-saml-kc.sh app_name=$KC_BUILD_NAME kc_base_url=https://$HOST | |
| cd ../saml | |
| export KEYCLOAK_HOSTNAME=$HOST | |
| export KEYCLOAK_ISSUER=https://$HOST/auth/realms/alfresco | |
| mvn -B -ntp clean test | |
| TEST_RESULT=$? | |
| echo "TEST_RESULT=${TEST_RESULT}" | |
| cd ../.. | |
| fi | |
| if [[ "${{ github.event.head_commit.message }}" != *"[keep env]"* ]]; then | |
| cd test/scripts | |
| ./auth0-api.sh delete $KC_BUILD_NAME | |
| fi | |
| if [[ "${TEST_RESULT}" == "1" ]]; then | |
| echo "Tests failed, exiting" | |
| exit 1 | |
| fi | |
| - name: "Show cluster status after install" | |
| if: always() | |
| run: | | |
| helm ls --all-namespaces | |
| kubectl get all --all-namespaces | |
| kubectl describe pod | |
| test_upgrade: | |
| name: "Test Upgrade" | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: ${{ !contains(github.event.head_commit.message, '[skip tests]') }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0 | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0 | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_S3_PIPELINE_AMPS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_S3_PIPELINE_AMPS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: "Prepare test environment" | |
| run: | | |
| openssl aes-256-cbc -K ${{ secrets.ENCRYPTED_E69BEC42AE64_KEY }} -iv ${{ secrets.ENCRYPTED_E69BEC42AE64_IV }} -in test/scripts/config-files/realmRsaKeys.json.enc -out test/scripts/config-files/realmRsaKeys.json -d | |
| - name: "Set KC_BUILD_NAME" | |
| run: | | |
| KC_BUILD_NAME=$(echo ${BRANCH_NAME} | cut -c1-28 | tr /_ - | tr -d [:punct:] | awk '{print tolower($0)}')-${BUILD_NUMBER} | |
| echo "KC_BUILD_NAME=$KC_BUILD_NAME" >> "$GITHUB_ENV" | |
| echo $KC_BUILD_NAME | |
| - name: "Test" | |
| run: | | |
| cd test/saml | |
| mvn -B -ntp clean package -DskipTests | |
| ./upgrade/test-upgrade.sh | |
| cleanup: | |
| name: "Cleanup" | |
| runs-on: ubuntu-latest | |
| needs: [test_linux, test_windows, test_helm, test_upgrade] | |
| if: always() | |
| steps: | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0 | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_S3_PIPELINE_AMPS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_S3_PIPELINE_AMPS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: "Clean up S3" | |
| run: aws s3 rm s3://${S3_ARTIFACTS_BUCKET}/ci-${BUILD_NUMBER}/ --recursive |