Skip to content

CI

CI #2854

Workflow file for this run

name: CI
env:
# https://github.com/actions/virtual-environments/issues/1499
MAVEN_CLI_OPTS: '-ntp --batch-mode --errors --fail-at-end --show-version -Dmaven.wagon.httpconnectionManager.ttlSeconds=60 -Dmaven.wagon.http.retryHandler.count=3 -Dstyle.color=always'
on:
# allow to manual run the action
workflow_dispatch: {}
pull_request: {}
merge_group: {}
push:
branches:
- develop
tags:
- '*'
permissions:
contents: write
# For junit report
checks: write
pull-requests: write
jobs:
build:
name: Build and Test on JDK ${{ matrix.java }} and ${{ matrix.os }}
runs-on: ${{ matrix.os }}
strategy:
matrix:
os:
- "macos-latest"
- "ubuntu-latest"
java:
- "17"
- "21"
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- name: Set up JDK ${{ matrix.java }}
uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: ${{ matrix.java }}
- name: Cache .m2
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Build
run: |
./mvnw ${MAVEN_CLI_OPTS} clean verify
cd sdk && npm run clean && npm run build
- name: Publish Test Report
uses: mikepenz/action-junit-report@v5
if: success() || failure() # always run even if the previous step fails
with:
report_paths: '**/target/*-reports/TEST-*.xml'
- name: Upload coverage to Codecov
uses: codecov/[email protected]
with:
file: "${{ github.workspace }}/spi/target/jacoco.xml"
token: ${{ secrets.CODECOV_TOKEN }}
fail_ci_if_error: ${{ !startsWith(github.event.ref, 'refs/tags/v') }}
end2end:
name: "End2End Test on Keycloak ${{ matrix.kcVersion }} and ${{ matrix.os }}"
runs-on: "${{ matrix.os }}"
strategy:
matrix:
os: [ubuntu-latest]
kcVersion:
- "20.0.5"
- "21.1.2"
- "22.0.5"
- "23.0.7"
- "24.0.5"
# renovate: datasource=docker depName=quay.io/keycloak/keycloak
- "26.0.7"
- "nightly"
steps:
- uses: actions/checkout@v4
- name: "Use Node.js"
uses: actions/setup-node@v4
- name: Install Java
uses: actions/setup-java@v4
with:
distribution: "temurin" # See 'Supported distributions' for available options
java-version: "17"
- name: Build SPI
run: |
./mvnw clean verify -U
./mvnw javadoc:javadoc
- name: Run End2End Tests
uses: nick-fields/retry@v3
with:
max_attempts: 3
retry_on: error
timeout_minutes: 10
command: |
cd sdk
# Run end2end tests
.bin/run-end2tests.sh
- name: Build Container Image for End2End Testing
id: build-image
uses: redhat-actions/buildah-build@v2
with:
image: continuoussecuritytooling/audited-keycloak
tags: "end2end ${{ github.sha }}"
containerfiles: |
./Dockerfile
- name: Push To Docker Hub (Preview)
id: push-to-dockerhub-preview
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image.outputs.image }}
tags: ${{ steps.build-image.outputs.tags }}
registry: registry.hub.docker.com
username: continuoussecuritytooling
password: ${{ secrets.DOCKER_HUB_TOKEN }}
if: github.ref == 'refs/heads/develop'
build-results:
name: Build results
if: ${{ always() }}
runs-on: ubuntu-latest
needs:
- build
- end2end
steps:
- run: exit 1
# see https://stackoverflow.com/a/67532120/4907315
if: >-
${{
contains(needs.*.result, 'failure')
|| contains(needs.*.result, 'cancelled')
|| contains(needs.*.result, 'skipped')
}}
Sonar:
name: Analysis
runs-on: ubuntu-latest
needs: build
# main and Develop branch only
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up JDK
uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: 17
- name: Cache SonarCloud packages
uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Build and analyze
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar