diff --git a/.github/workflows/oidc-integration-test.yml b/.github/workflows/oidc-integration-test.yml new file mode 100644 index 0000000000..f2b7ca4612 --- /dev/null +++ b/.github/workflows/oidc-integration-test.yml @@ -0,0 +1,43 @@ +name: OIDC integration tests +on: + pull_request: + push: + branches: + - qa/** + - stable/** + - dev/oidc-tests +jobs: + integration-tests: + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + matrix: + browser: [Chrome, Electron, Firefox] + name: ${{ matrix.browser }} + env: + COMPOSE_FILE: ${{ github.workspace }}/docker/docker-compose.dev.yml + steps: + - name: Check out code + uses: actions/checkout@v3 + + - name: Start containerized services + run: | + sudo sysctl -w vm.max_map_count=262144 + docker compose -p ci up -d percona elasticsearch gearmand + + - name: Launch Keycloak service + run: | + docker compose -p ci -f ${{ github.workspace }}/docker/docker-compose.keycloak.yml up -d + + + - name: Wait for Keycloak to be Ready + run: | + echo "Waiting for Keycloak to be ready..." + for i in {1..30}; do + if nc -z localhost 8080; then + echo "Keycloak is up!" + break + fi + echo "Waiting for Keycloak..." + sleep 5 + done diff --git a/docker/docker-compose.keycloak.yml b/docker/docker-compose.keycloak.yml new file mode 100644 index 0000000000..399d5d4701 --- /dev/null +++ b/docker/docker-compose.keycloak.yml @@ -0,0 +1,15 @@ +--- +services: + keycloak: + image: quay.io/keycloak/keycloak:latest + command: ["start-dev", "--import-realm"] + restart: unless-stopped + environment: + KEYCLOAK_ADMIN: admin + KEYCLOAK_ADMIN_PASSWORD: admin + KC_METRICS_ENABLED: true + KC_LOG_LEVEL: INFO + ports: + - 8080:8080 + volumes: + - .etc/keycloak/realm.json:/opt/keycloak/data/import/realm.json:ro diff --git a/docker/etc/keycloak/realm.json b/docker/etc/keycloak/realm.json new file mode 100644 index 0000000000..fa2bf59cee --- /dev/null +++ b/docker/etc/keycloak/realm.json @@ -0,0 +1,98 @@ +[ + { + "id": "demo", + "realm": "demo", + "sslRequired": "none", + "enabled": true, + "eventsEnabled": true, + "eventsExpiration": 900, + "adminEventsEnabled": true, + "adminEventsDetailsEnabled": true, + "attributes": { + "adminEventsExpiration": "900" + }, + "clients": [ + { + "id": "atom", + "clientId": "atom", + "name": "atom", + "enabled": true, + "rootUrl": "http://docker-atom:63001", + "adminUrl": "http://docker-atom:63001", + "baseUrl": "http://docker-atom:63001", + "clientAuthenticatorType": "client-secret", + "secret": "example-secret", + "redirectUris": ["http://docker-atom:63001/*"], + "webOrigins": ["http://docker-atom:63001"], + "standardFlowEnabled": true, + "serviceAccountsEnabled": true, + "authorizationServicesEnabled": true, + "publicClient": false + } + ], + "users": [ + { + "id": "demo", + "email": "demo@example.com", + "username": "demo", + "enabled": true, + "emailVerified": true, + "credentials": [ + { + "temporary": false, + "type": "password", + "value": "demo" + } + ] + } + ] + }, + { + "id": "secondary", + "realm": "secondary", + "sslRequired": "none", + "enabled": true, + "eventsEnabled": true, + "eventsExpiration": 900, + "adminEventsEnabled": true, + "adminEventsDetailsEnabled": true, + "attributes": { + "adminEventsExpiration": "900" + }, + "clients": [ + { + "id": "atom-secondary", + "clientId": "atom-secondary", + "name": "atom-secondary", + "enabled": true, + "rootUrl": "http://docker-atom:63001", + "adminUrl": "http://docker-atom:63001", + "baseUrl": "http://docker-atom:63001", + "clientAuthenticatorType": "client-secret", + "secret": "example-secret", + "redirectUris": ["http://docker-atom:63001/*"], + "webOrigins": ["http://docker-atom:63001"], + "standardFlowEnabled": true, + "serviceAccountsEnabled": true, + "authorizationServicesEnabled": true, + "publicClient": false + } + ], + "users": [ + { + "id": "support", + "email": "support@example.com", + "username": "support", + "enabled": true, + "emailVerified": true, + "credentials": [ + { + "temporary": false, + "type": "password", + "value": "support" + } + ] + } + ] + } +]