pam: start tests #1801
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| env: | |
| CARGO_TERM_COLOR: always | |
| jobs: | |
| build_go: | |
| name: Build | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - cli | |
| - agent | |
| - sysd | |
| # Browser support is always included in the agent bundle | |
| # - browser_support | |
| platform: | |
| - macos-15 | |
| - ubuntu-24.04 | |
| - ubuntu-24.04-arm | |
| - windows-2025 | |
| exclude: | |
| # CLI and sysd are included in the agent bundle | |
| - target: sysd | |
| platform: macos-15 | |
| - target: cli | |
| platform: macos-15 | |
| # CLI and sysd are included in the agent bundle | |
| - target: sysd | |
| platform: windows-2025 | |
| - target: cli | |
| platform: windows-2025 | |
| runs-on: ${{ matrix.platform }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5 | |
| - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 | |
| - id: platform_pure | |
| shell: bash | |
| run: | | |
| platform=$(uname -o | tr '[:upper:]' '[:lower:]') | |
| echo "platform=${platform}" >> "$GITHUB_OUTPUT" | |
| - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v4 | |
| with: | |
| path: cache/ | |
| key: target-cache-${{ matrix.target }}-${{ matrix.platform }} | |
| # macOS Specific | |
| - uses: ./.github/actions/macos-signing | |
| if: ${{ steps.platform_pure.outputs.platform == 'darwin' }} | |
| with: | |
| p12-file-base64: ${{ secrets.APPLE_SIGN_CERT }} | |
| p12-password: ${{ secrets.APPLE_SIGN_CERT_PASSWORD }} | |
| ac-issuer: ${{ secrets.APPLE_AC_ISSUER }} | |
| ac-kid: ${{ secrets.APPLE_AC_KID }} | |
| ac-key: ${{ secrets.APPLE_AC_KEY }} | |
| # Windows Specific | |
| - uses: ilammy/msvc-dev-cmd@v1 | |
| if: ${{ steps.platform_pure.outputs.platform == 'msys' }} | |
| with: | |
| arch: amd64 | |
| - shell: bash | |
| run: make ${{ matrix.target }}/package-${{ steps.platform_pure.outputs.platform }} | |
| env: | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v5 | |
| with: | |
| name: authentik_${{ matrix.platform }}_${{ matrix.target }} | |
| path: bin/ | |
| build_js: | |
| name: Build | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - browser-ext | |
| permissions: | |
| contents: read | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5 | |
| - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 | |
| with: | |
| node-version-file: "${{ matrix.target }}/package.json" | |
| cache: "npm" | |
| cache-dependency-path: "${{ matrix.target }}/package-lock.json" | |
| - run: make ${{ matrix.target }}/package | |
| - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v5 | |
| with: | |
| name: authentik_${{ matrix.target }} | |
| path: bin/ | |
| build_rs: | |
| name: Build | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - pam | |
| - nss | |
| platform: | |
| - ubuntu-24.04 | |
| - ubuntu-24.04-arm | |
| runs-on: ${{ matrix.platform }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5 | |
| - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libpam0g-dev libudev-dev | |
| - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v4 | |
| with: | |
| path: cache/ | |
| key: target-cache-${{ matrix.target }}-${{ matrix.platform }} | |
| - run: make ${{ matrix.target }}/build | |
| - run: make ${{ matrix.target }}/package | |
| - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v5 | |
| with: | |
| name: authentik_${{ matrix.platform }}_${{ matrix.target }} | |
| path: bin/ | |
| deploy: | |
| needs: | |
| - build_go | |
| - build_js | |
| - build_rs | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5 | |
| - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v6 | |
| with: | |
| path: ./bin | |
| - run: | | |
| sudo apt-get remove --purge man-db | |
| - uses: ./.github/actions/repo | |
| id: repo | |
| with: | |
| package-path: bin/ | |
| gpg-private-key: "${{ secrets.GPG_PRIVATE }}" | |
| - name: Upload repository | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v5 | |
| with: | |
| name: repo | |
| path: ./repo | |
| - name: Upload packages | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v5 | |
| with: | |
| name: all-packages | |
| path: ./bin | |
| deploy-to-netlify: | |
| needs: deploy | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' || github.event_name == 'pull_request' | |
| permissions: | |
| pull-requests: write | |
| outputs: | |
| deploy-url: ${{ steps.netlify.outputs.deploy-url }} | |
| steps: | |
| - name: Determine component name | |
| id: component | |
| run: | | |
| if [ "${{ github.event_name }}" = "pull_request" ]; then | |
| echo "component=pr-${{ github.event.number }}" >> $GITHUB_OUTPUT | |
| else | |
| echo "component=main" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Download repository | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v6 | |
| with: | |
| name: repo | |
| path: ./deploy | |
| - name: Download packages | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v6 | |
| with: | |
| name: all-packages | |
| path: ./deploy/packages | |
| - id: app-token | |
| uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v2 | |
| with: | |
| app-id: ${{ secrets.GH_APP_ID }} | |
| private-key: ${{ secrets.GH_APP_PRIV_KEY }} | |
| - uses: nwtgck/actions-netlify@4cbaf4c08f1a7bfa537d6113472ef4424e4eb654 # v3.0 | |
| id: netlify | |
| with: | |
| publish-dir: "./deploy" | |
| production-branch: main | |
| github-token: ${{ steps.app-token.outputs.token }} | |
| deploy-message: "Repo: ${{ github.event_name == 'pull_request' && format('PR #{0}', github.event.number) || 'main' }}" | |
| alias: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.number) || '' }} | |
| github-deployment-environment: ${{ github.event_name == 'pull_request' && '' || 'pkg' }} | |
| enable-commit-comment: false | |
| env: | |
| NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} | |
| NETLIFY_SITE_ID: authentik-pkg.netlify.app | |
| build-container: | |
| needs: deploy-to-netlify | |
| permissions: | |
| packages: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - containers/selenium | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5 | |
| - uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 | |
| - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 | |
| - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - id: meta | |
| env: | |
| AK_DEPLOY_URL: ${{ needs.deploy-to-netlify.outputs.deploy-url }} | |
| AK_TAG_SUFFIX: ${{ github.event_name == 'pull_request' && github.event.number || '' }} | |
| run: | | |
| cd ${{ matrix.target }} | |
| echo "tag<<EOF" >> $GITHUB_OUTPUT | |
| make ci-container-tag >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| echo "build-args<<EOF" >> $GITHUB_OUTPUT | |
| make ci-build-args >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 | |
| id: push | |
| with: | |
| context: ${{ matrix.target }} | |
| file: ${{ matrix.target }}/Dockerfile | |
| push: true | |
| build-args: ${{ steps.meta.outputs.build-args }} | |
| tags: ${{ steps.meta.outputs.tag }} | |
| platforms: linux/amd64,linux/arm64 |