Bump aquasecurity/trivy-action from 0.20.0 to 0.22.0 #1725
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Keycloak JavaScript CI | |
on: | |
push: | |
branches-ignore: | |
- main | |
- dependabot/** | |
- quarkus-next | |
pull_request: | |
workflow_dispatch: | |
env: | |
MAVEN_ARGS: "-B -nsu -Daether.connector.http.connectionMaxTtl=25" | |
concurrency: | |
# Only cancel jobs for PR updates | |
group: js-ci-${{ github.ref }} | |
cancel-in-progress: true | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
conditional: | |
name: Check conditional workflows and jobs | |
runs-on: ubuntu-latest | |
outputs: | |
js-ci: ${{ steps.conditional.outputs.js }} | |
steps: | |
- uses: actions/checkout@v4 | |
- id: conditional | |
uses: ./.github/actions/conditional | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
build-keycloak: | |
name: Build Keycloak | |
needs: conditional | |
if: needs.conditional.outputs.js-ci == 'true' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: temurin | |
java-version: 17 | |
check-latest: true | |
cache: maven | |
- name: Build Keycloak | |
run: | | |
./mvnw clean install --errors -DskipTests -DskipTestsuite -DskipExamples -Pdistribution | |
mv ./quarkus/dist/target/keycloak-999.0.0-SNAPSHOT.tar.gz ./keycloak-999.0.0-SNAPSHOT.tar.gz | |
- name: Upload Keycloak dist | |
uses: actions/upload-artifact@v4 | |
with: | |
name: keycloak | |
path: keycloak-999.0.0-SNAPSHOT.tar.gz | |
admin-client: | |
name: Admin Client | |
needs: conditional | |
if: needs.conditional.outputs.js-ci == 'true' | |
runs-on: ubuntu-latest | |
env: | |
WORKSPACE: "@keycloak/keycloak-admin-client" | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/pnpm-setup | |
- run: pnpm --filter ${{ env.WORKSPACE }} lint | |
- run: pnpm --filter ${{ env.WORKSPACE }} build | |
keycloak-js: | |
name: Keycloak JS | |
needs: conditional | |
if: needs.conditional.outputs.js-ci == 'true' | |
runs-on: ubuntu-latest | |
env: | |
WORKSPACE: keycloak-js | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/pnpm-setup | |
- run: pnpm --filter ${{ env.WORKSPACE }} build | |
keycloak-masthead: | |
name: Keycloak Masthead | |
needs: conditional | |
if: needs.conditional.outputs.js-ci == 'true' | |
runs-on: ubuntu-latest | |
env: | |
WORKSPACE: keycloak-masthead | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/pnpm-setup | |
- run: pnpm --filter ${{ env.WORKSPACE }} lint | |
- run: pnpm --filter ${{ env.WORKSPACE }} build | |
ui-shared: | |
name: UI Shared | |
needs: conditional | |
if: needs.conditional.outputs.js-ci == 'true' | |
runs-on: ubuntu-latest | |
env: | |
WORKSPACE: ui-shared | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/pnpm-setup | |
- run: pnpm --filter ${{ env.WORKSPACE }} lint | |
- run: pnpm --filter ${{ env.WORKSPACE }} build | |
account-ui: | |
name: Account UI | |
needs: conditional | |
if: needs.conditional.outputs.js-ci == 'true' | |
runs-on: ubuntu-latest | |
env: | |
WORKSPACE: account-ui | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/pnpm-setup | |
- run: pnpm --filter ${{ env.WORKSPACE }} lint | |
- run: pnpm --filter ${{ env.WORKSPACE }} build | |
admin-ui: | |
name: Admin UI | |
needs: conditional | |
if: needs.conditional.outputs.js-ci == 'true' | |
runs-on: ubuntu-latest | |
env: | |
WORKSPACE: admin-ui | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/pnpm-setup | |
- run: pnpm --filter ${{ env.WORKSPACE }} lint | |
- run: pnpm --filter ${{ env.WORKSPACE }} test | |
- run: pnpm --filter ${{ env.WORKSPACE }} build | |
- run: pnpm --filter ${{ env.WORKSPACE }} cy:check-types | |
account-ui-e2e: | |
name: Account UI E2E | |
needs: | |
- conditional | |
- build-keycloak | |
if: needs.conditional.outputs.js-ci == 'true' | |
runs-on: ubuntu-latest | |
env: | |
WORKSPACE: account-ui | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/pnpm-setup | |
- name: Download Keycloak server | |
uses: actions/download-artifact@v4 | |
with: | |
name: keycloak | |
- name: Setup Java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: temurin | |
java-version: 17 | |
- name: Start Keycloak server | |
run: | | |
tar xfvz keycloak-999.0.0-SNAPSHOT.tar.gz | |
keycloak-999.0.0-SNAPSHOT/bin/kc.sh start-dev --features=transient-users &> ~/server.log & | |
env: | |
KEYCLOAK_ADMIN: admin | |
KEYCLOAK_ADMIN_PASSWORD: admin | |
- name: Install Playwright browsers | |
run: pnpm --filter ${{ env.WORKSPACE }} exec playwright install --with-deps | |
- name: Run Playwright tests | |
run: pnpm --filter ${{ env.WORKSPACE }} test | |
env: | |
KEYCLOAK_SERVER: http://localhost:8080 | |
- uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: account-ui-playwright-report | |
path: js/apps/${{ env.WORKSPACE }}/playwright-report | |
retention-days: 30 | |
- name: Upload server logs | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: account-ui-server-log | |
path: ~/server.log | |
generate-test-seed: | |
name: Generate Test Seed | |
needs: | |
- conditional | |
if: needs.conditional.outputs.js-ci == 'true' | |
runs-on: ubuntu-latest | |
outputs: | |
seed: ${{ steps.generate-random-number.outputs.value }} | |
steps: | |
- name: Generate random number | |
id: generate-random-number | |
shell: bash | |
run: | | |
echo "value=$(shuf -i 1-100 -n 1)" >> $GITHUB_OUTPUT | |
admin-ui-e2e: | |
name: Admin UI E2E | |
needs: | |
- conditional | |
- build-keycloak | |
- generate-test-seed | |
if: needs.conditional.outputs.js-ci == 'true' | |
runs-on: ubuntu-latest | |
env: | |
WORKSPACE: admin-ui | |
strategy: | |
matrix: | |
container: [1, 2, 3, 4, 5] | |
browser: [chrome, firefox] | |
exclude: | |
# Only test with Firefox on scheduled runs | |
- browser: ${{ github.event_name != 'workflow_dispatch' && 'firefox' || '' }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install Google Chrome | |
if: matrix.browser == 'chrome' | |
uses: browser-actions/setup-chrome@v1 | |
with: | |
chrome-version: stable | |
- name: Install Firefox | |
if: matrix.browser == 'firefox' | |
uses: browser-actions/setup-firefox@v1 | |
with: | |
firefox-version: latest | |
- uses: ./.github/actions/pnpm-setup | |
- name: Compile Admin Client | |
run: pnpm --filter @keycloak/keycloak-admin-client build | |
- name: Download Keycloak server | |
uses: actions/download-artifact@v4 | |
with: | |
name: keycloak | |
- name: Setup Java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: temurin | |
java-version: 17 | |
- name: Start Keycloak server | |
run: | | |
tar xfvz keycloak-999.0.0-SNAPSHOT.tar.gz | |
keycloak-999.0.0-SNAPSHOT/bin/kc.sh start-dev --features=admin-fine-grained-authz,transient-users &> ~/server.log & | |
env: | |
KEYCLOAK_ADMIN: admin | |
KEYCLOAK_ADMIN_PASSWORD: admin | |
- name: Start LDAP server | |
run: pnpm --filter ${{ env.WORKSPACE }} cy:ldap-server & | |
- name: Run Cypress | |
uses: cypress-io/github-action@v6 | |
with: | |
install: false | |
browser: ${{ matrix.browser }} | |
wait-on: http://localhost:8080 | |
working-directory: js/apps/admin-ui | |
env: | |
CYPRESS_BASE_URL: http://localhost:8080/admin/ | |
CYPRESS_KEYCLOAK_SERVER: http://localhost:8080 | |
SPLIT: ${{ strategy.job-total }} | |
SPLIT_INDEX: ${{ strategy.job-index }} | |
SPLIT_RANDOM_SEED: ${{ needs.generate-test-seed.outputs.seed }} | |
- name: Upload server logs | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: admin-ui-server-log-${{ matrix.container }}-${{ matrix.browser }} | |
path: ~/server.log | |
- name: Upload Cypress videos | |
uses: actions/upload-artifact@v4 | |
if: always() && github.repository != 'keycloak/keycloak-private' | |
with: | |
name: cypress-videos-${{ matrix.container }}-${{ matrix.browser }} | |
path: js/apps/admin-ui/cypress/videos | |
if-no-files-found: ignore | |
retention-days: 10 | |
check: | |
name: Status Check - Keycloak JavaScript CI | |
if: always() | |
needs: | |
- conditional | |
- build-keycloak | |
- admin-client | |
- keycloak-js | |
- keycloak-masthead | |
- ui-shared | |
- account-ui | |
- account-ui-e2e | |
- admin-ui | |
- admin-ui-e2e | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/status-check | |
with: | |
jobs: ${{ toJSON(needs) }} |