@@ -3,11 +3,12 @@ name: CI
33on :
44 push :
55 branches-ignore :
6- - main
76 - " stable/**"
87 pull_request :
98
109jobs :
10+ # Runs on every push (non-stable branches) and every pull request, including
11+ # pull requests from forks. No secrets required.
1112 unit-tests :
1213 runs-on : ubuntu-latest
1314 steps :
@@ -28,11 +29,11 @@ jobs:
2829 - name : Run Unit Tests
2930 run : npm run test
3031
31- local_integration :
32- if : github.actor != 'dependabot[bot]'
32+ # 8.8 self-managed integration tests. Uses only the public docker-compose
33+ # stack — no secrets required. Runs on every push and every pull request
34+ # (including fork PRs) so external contributors get PR feedback.
35+ local_integration_8_8 :
3336 runs-on : ubuntu-latest
34- environment :
35- name : selfhosted
3637 steps :
3738 - name : Check out the repo
3839 uses : actions/checkout@v6
@@ -49,37 +50,39 @@ jobs:
4950 - name : Remove mono blocking 8084 port
5051 run : sudo lsof -t -i:8084 | xargs -r sudo kill -9
5152
52- - name : Set up Docker
53+ - name : Set up Docker Compose
5354 run : |
54- echo ${{ secrets.DOCKER_PASSWORD }} | docker login --username joshua.wulf --password-stdin registry.camunda.cloud
55+ docker compose -f docker/docker-compose-8.8.yaml up -d
5556
56- - name : Set up Docker Compose
57+ - name : Wait for Services Healthy
5758 run : |
58- docker compose -f docker/docker-compose.yaml -f docker/docker-compose-modeler.yaml up -d
59- timeout-minutes : 10
59+ set -e
60+ attempts=0
61+ max_attempts=60
62+ while [ $attempts -lt $max_attempts ]; do
63+ code=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:9600/actuator/health/status || true)
64+ [ "$code" = "200" ] && echo "Broker healthy" && break
65+ attempts=$((attempts+1))
66+ sleep 5
67+ done
68+ [ $attempts -ge $max_attempts ] && echo "Broker not healthy" && exit 1 || true
6069
6170 - name : Run Integration Tests
6271 run : |
63- npm run test:8.7 :sm
72+ npm run test:8.8 :sm
6473 env :
6574 ZEEBE_GRPC_ADDRESS : grpc://localhost:26500
66- ZEEBE_CLIENT_ID : zeebe
67- ZEEBE_CLIENT_SECRET : zecret
68- CAMUNDA_OAUTH_URL : http://localhost:18080/auth/realms/camunda-platform/protocol/openid-connect/token
69- CAMUNDA_TASKLIST_BASE_URL : http://localhost:8082
70- CAMUNDA_OPERATE_BASE_URL : http://localhost:8081
71- CAMUNDA_OPTIMIZE_BASE_URL : http://localhost:8083
72- CAMUNDA_MODELER_BASE_URL : http://localhost:8070/api
75+ CAMUNDA_AUTH_STRATEGY : NONE
76+ CAMUNDA_TENANT_ID : <default>
7377
7478 - name : Cleanup
7579 if : always()
76- run : docker compose -f docker/docker-compose.yaml -f docker/docker-compose-modeler .yaml down
80+ run : docker compose -f docker/docker-compose-8.8 .yaml down
7781
78- local_multitenancy_integration :
79- if : github.actor != 'dependabot[bot]'
82+ # 8.8 test suite run against an 8.9 self-managed broker. Public stack — no
83+ # secrets required. Runs on every push and every pull request.
84+ local_integration_8_8_against_8_9 :
8085 runs-on : ubuntu-latest
81- environment :
82- name : selfhosted
8386 steps :
8487 - name : Check out the repo
8588 uses : actions/checkout@v6
@@ -96,36 +99,41 @@ jobs:
9699 - name : Remove mono blocking 8084 port
97100 run : sudo lsof -t -i:8084 | xargs -r sudo kill -9
98101
99- - name : Set up Docker
102+ - name : Set up Docker Compose
100103 run : |
101- echo ${{ secrets.DOCKER_PASSWORD }} | docker login --username joshua.wulf --password-stdin registry.camunda.cloud
104+ docker compose -f docker/8.9/docker-compose.yaml up -d
102105
103- - name : Set up Docker Compose
106+ - name : Wait for Services Healthy
104107 run : |
105- docker compose -f docker/docker-compose-multitenancy.yaml -f docker/docker-compose-modeler.yaml up -d
106- timeout-minutes : 10
108+ set -e
109+ attempts=0
110+ max_attempts=60
111+ while [ $attempts -lt $max_attempts ]; do
112+ code=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:9600/actuator/health/status || true)
113+ [ "$code" = "200" ] && echo "Broker healthy" && break
114+ attempts=$((attempts+1))
115+ sleep 5
116+ done
117+ [ $attempts -ge $max_attempts ] && echo "Broker not healthy" && exit 1 || true
107118
108- - name : Run Integration Tests
119+ - name : Run Integration Tests (8.8 tests against 8.9 server)
109120 run : |
110- npm run test:8.7:mt
121+ npm run test:8.8:sm
111122 env :
112123 ZEEBE_GRPC_ADDRESS : grpc://localhost:26500
113- ZEEBE_CLIENT_ID : zeebe
114- ZEEBE_CLIENT_SECRET : zecret
115- CAMUNDA_OAUTH_URL : http://localhost:18080/auth/realms/camunda-platform/protocol/openid-connect/token
116- CAMUNDA_TASKLIST_BASE_URL : http://localhost:8082
117- CAMUNDA_OPERATE_BASE_URL : http://localhost:8081
118- CAMUNDA_OPTIMIZE_BASE_URL : http://localhost:8083
119- CAMUNDA_MODELER_BASE_URL : http://localhost:8070/api
120- # Needed for Multi-Tenancy
124+ CAMUNDA_AUTH_STRATEGY : NONE
121125 CAMUNDA_TENANT_ID : <default>
122126
123127 - name : Cleanup
124128 if : always()
125- run : docker compose -f docker/docker-compose-multitenancy.yaml -f docker /docker-compose-modeler .yaml down
129+ run : docker compose -f docker/8.9 /docker-compose.yaml down
126130
131+ # SaaS integration tests hit real SaaS endpoints and require environment
132+ # secrets. To protect secret material and avoid running untrusted code
133+ # against production-like infrastructure, these only run on pushes to
134+ # `main` — i.e. after a PR has been reviewed and merged.
127135 saas_integration :
128- if : github.actor != 'dependabot[bot] '
136+ if : github.event_name == 'push' && github.ref == 'refs/heads/main '
129137 runs-on : ubuntu-latest
130138 environment : integration
131139 steps :
@@ -160,8 +168,9 @@ jobs:
160168 CAMUNDA_CONSOLE_BASE_URL : ${{ vars.CAMUNDA_CONSOLE_BASE_URL }}
161169 CAMUNDA_CONSOLE_OAUTH_AUDIENCE : ${{ vars.CAMUNDA_CONSOLE_OAUTH_AUDIENCE}}
162170
171+ # SaaS 8.8 integration. Same policy as saas_integration — main pushes only.
163172 saas_integration_8_8 :
164- if : github.actor != 'dependabot[bot] '
173+ if : github.event_name == 'push' && github.ref == 'refs/heads/main '
165174 runs-on : ubuntu-latest
166175 environment : integration-8.8
167176 steps :
@@ -194,98 +203,3 @@ jobs:
194203 CAMUNDA_CONSOLE_CLIENT_ID : ${{ secrets.CAMUNDA_CONSOLE_CLIENT_ID }}
195204 CAMUNDA_CONSOLE_CLIENT_SECRET : ${{ secrets.CAMUNDA_CONSOLE_CLIENT_SECRET }}
196205 CAMUNDA_CONSOLE_BASE_URL : ${{ vars.CAMUNDA_CONSOLE_BASE_URL }}
197- CAMUNDA_CONSOLE_OAUTH_AUDIENCE : ${{ vars.CAMUNDA_CONSOLE_OAUTH_AUDIENCE }}
198-
199- local_integration_8_8 :
200- runs-on : ubuntu-latest
201- steps :
202- - name : Check out the repo
203- uses : actions/checkout@v6
204-
205- - name : Use Node.js
206- uses : actions/setup-node@v4
207- with :
208- node-version : " 22"
209-
210- - name : Install dependencies
211- run : npm install
212-
213- # Workaround for https://github.com/actions/runner-images/issues/2821
214- - name : Remove mono blocking 8084 port
215- run : sudo lsof -t -i:8084 | xargs -r sudo kill -9
216-
217- - name : Set up Docker Compose
218- run : |
219- docker compose -f docker/docker-compose-8.8.yaml up -d
220-
221- - name : Wait for Services Healthy
222- run : |
223- set -e
224- attempts=0
225- max_attempts=60
226- while [ $attempts -lt $max_attempts ]; do
227- code=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:9600/actuator/health/status || true)
228- [ "$code" = "200" ] && echo "Broker healthy" && break
229- attempts=$((attempts+1))
230- sleep 5
231- done
232- [ $attempts -ge $max_attempts ] && echo "Broker not healthy" && exit 1 || true
233-
234- - name : Run Integration Tests
235- run : |
236- npm run test:8.8:sm
237- env :
238- ZEEBE_GRPC_ADDRESS : grpc://localhost:26500
239- CAMUNDA_AUTH_STRATEGY : NONE
240- CAMUNDA_TENANT_ID : <default>
241-
242- - name : Cleanup
243- if : always()
244- run : docker compose -f docker/docker-compose-8.8.yaml down
245-
246- local_integration_8_8_against_8_9 :
247- runs-on : ubuntu-latest
248- steps :
249- - name : Check out the repo
250- uses : actions/checkout@v6
251-
252- - name : Use Node.js
253- uses : actions/setup-node@v4
254- with :
255- node-version : " 22"
256-
257- - name : Install dependencies
258- run : npm install
259-
260- # Workaround for https://github.com/actions/runner-images/issues/2821
261- - name : Remove mono blocking 8084 port
262- run : sudo lsof -t -i:8084 | xargs -r sudo kill -9
263-
264- - name : Set up Docker Compose
265- run : |
266- docker compose -f docker/8.9/docker-compose.yaml up -d
267-
268- - name : Wait for Services Healthy
269- run : |
270- set -e
271- attempts=0
272- max_attempts=60
273- while [ $attempts -lt $max_attempts ]; do
274- code=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:9600/actuator/health/status || true)
275- [ "$code" = "200" ] && echo "Broker healthy" && break
276- attempts=$((attempts+1))
277- sleep 5
278- done
279- [ $attempts -ge $max_attempts ] && echo "Broker not healthy" && exit 1 || true
280-
281- - name : Run Integration Tests (8.8 tests against 8.9 server)
282- run : |
283- npm run test:8.8:sm
284- env :
285- ZEEBE_GRPC_ADDRESS : grpc://localhost:26500
286- CAMUNDA_AUTH_STRATEGY : NONE
287- CAMUNDA_TENANT_ID : <default>
288-
289- - name : Cleanup
290- if : always()
291- run : docker compose -f docker/8.9/docker-compose.yaml down
0 commit comments