core: bump github.com/go-ldap/ldap/v3 from 3.4.10 to 3.4.11 #30892
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: authentik-ci-main | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - next | |
| - version-* | |
| pull_request: | |
| branches: | |
| - main | |
| - version-* | |
| env: | |
| POSTGRES_DB: authentik | |
| POSTGRES_USER: authentik | |
| POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77" | |
| jobs: | |
| lint: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| job: | |
| - bandit | |
| - black | |
| - codespell | |
| - pending-migrations | |
| - ruff | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup authentik env | |
| uses: ./.github/actions/setup | |
| - name: run job | |
| run: uv run make ci-${{ matrix.job }} | |
| test-migrations: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup authentik env | |
| uses: ./.github/actions/setup | |
| - name: run migrations | |
| run: uv run python -m lifecycle.migrate | |
| test-make-seed: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - id: seed | |
| run: | | |
| echo "seed=$(printf "%d\n" "0x$(openssl rand -hex 4)")" >> "$GITHUB_OUTPUT" | |
| outputs: | |
| seed: ${{ steps.seed.outputs.seed }} | |
| test-migrations-from-stable: | |
| name: test-migrations-from-stable - PostgreSQL ${{ matrix.psql }} - Run ${{ matrix.run_id }}/5 | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| needs: test-make-seed | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| psql: | |
| - 15-alpine | |
| - 16-alpine | |
| run_id: [1, 2, 3, 4, 5] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: checkout stable | |
| run: | | |
| # Copy current, latest config to local | |
| # Temporarly comment the .github backup while migrating to uv | |
| cp authentik/lib/default.yml local.env.yml | |
| # cp -R .github .. | |
| cp -R scripts .. | |
| git checkout $(git tag --sort=version:refname | grep '^version/' | grep -vE -- '-rc[0-9]+$' | tail -n1) | |
| # rm -rf .github/ scripts/ | |
| # mv ../.github ../scripts . | |
| rm -rf scripts/ | |
| mv ../scripts . | |
| - name: Setup authentik env (stable) | |
| uses: ./.github/actions/setup | |
| with: | |
| postgresql_version: ${{ matrix.psql }} | |
| continue-on-error: true | |
| - name: run migrations to stable | |
| run: poetry run python -m lifecycle.migrate | |
| - name: checkout current code | |
| run: | | |
| set -x | |
| git fetch | |
| git reset --hard HEAD | |
| git clean -d -fx . | |
| git checkout $GITHUB_SHA | |
| - name: Setup authentik env (ensure latest deps are installed) | |
| uses: ./.github/actions/setup | |
| with: | |
| postgresql_version: ${{ matrix.psql }} | |
| - name: migrate to latest | |
| run: | | |
| uv run python -m lifecycle.migrate | |
| - name: run tests | |
| env: | |
| # Test in the main database that we just migrated from the previous stable version | |
| AUTHENTIK_POSTGRESQL__TEST__NAME: authentik | |
| CI_TEST_SEED: ${{ needs.test-make-seed.outputs.seed }} | |
| CI_RUN_ID: ${{ matrix.run_id }} | |
| CI_TOTAL_RUNS: "5" | |
| run: | | |
| uv run make ci-test | |
| test-unittest: | |
| name: test-unittest - PostgreSQL ${{ matrix.psql }} - Run ${{ matrix.run_id }}/5 | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| needs: test-make-seed | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| psql: | |
| - 15-alpine | |
| - 16-alpine | |
| run_id: [1, 2, 3, 4, 5] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup authentik env | |
| uses: ./.github/actions/setup | |
| with: | |
| postgresql_version: ${{ matrix.psql }} | |
| - name: run unittest | |
| env: | |
| CI_TEST_SEED: ${{ needs.test-make-seed.outputs.seed }} | |
| CI_RUN_ID: ${{ matrix.run_id }} | |
| CI_TOTAL_RUNS: "5" | |
| run: | | |
| uv run make ci-test | |
| - if: ${{ always() }} | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| flags: unit | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| - if: ${{ !cancelled() }} | |
| uses: codecov/test-results-action@v1 | |
| with: | |
| flags: unit | |
| file: unittest.xml | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| test-integration: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup authentik env | |
| uses: ./.github/actions/setup | |
| - name: Create k8s Kind Cluster | |
| uses: helm/[email protected] | |
| - name: run integration | |
| run: | | |
| uv run coverage run manage.py test tests/integration | |
| uv run coverage xml | |
| - if: ${{ always() }} | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| flags: integration | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| - if: ${{ !cancelled() }} | |
| uses: codecov/test-results-action@v1 | |
| with: | |
| flags: integration | |
| file: unittest.xml | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| test-e2e: | |
| name: test-e2e (${{ matrix.job.name }}) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| job: | |
| - name: proxy | |
| glob: tests/e2e/test_provider_proxy* | |
| - name: oauth | |
| glob: tests/e2e/test_provider_oauth2* tests/e2e/test_source_oauth* | |
| - name: oauth-oidc | |
| glob: tests/e2e/test_provider_oidc* | |
| - name: saml | |
| glob: tests/e2e/test_provider_saml* tests/e2e/test_source_saml* | |
| - name: ldap | |
| glob: tests/e2e/test_provider_ldap* tests/e2e/test_source_ldap* | |
| - name: radius | |
| glob: tests/e2e/test_provider_radius* | |
| - name: scim | |
| glob: tests/e2e/test_source_scim* | |
| - name: flows | |
| glob: tests/e2e/test_flows* | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup authentik env | |
| uses: ./.github/actions/setup | |
| - name: Setup e2e env (chrome, etc) | |
| run: | | |
| docker compose -f tests/e2e/docker-compose.yml up -d --quiet-pull | |
| - id: cache-web | |
| uses: actions/cache@v4 | |
| with: | |
| path: web/dist | |
| key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'web/src/**') }} | |
| - name: prepare web ui | |
| if: steps.cache-web.outputs.cache-hit != 'true' | |
| working-directory: web | |
| run: | | |
| npm ci | |
| make -C .. gen-client-ts | |
| npm run build | |
| - name: run e2e | |
| run: | | |
| uv run coverage run manage.py test ${{ matrix.job.glob }} | |
| uv run coverage xml | |
| - if: ${{ always() }} | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| flags: e2e | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| - if: ${{ !cancelled() }} | |
| uses: codecov/test-results-action@v1 | |
| with: | |
| flags: e2e | |
| file: unittest.xml | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| ci-core-mark: | |
| if: always() | |
| needs: | |
| - lint | |
| - test-migrations | |
| - test-migrations-from-stable | |
| - test-unittest | |
| - test-integration | |
| - test-e2e | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: re-actors/alls-green@release/v1 | |
| with: | |
| jobs: ${{ toJSON(needs) }} | |
| build: | |
| permissions: | |
| # Needed to upload container images to ghcr.io | |
| packages: write | |
| # Needed for attestation | |
| id-token: write | |
| attestations: write | |
| needs: ci-core-mark | |
| uses: ./.github/workflows/_reusable-docker-build.yaml | |
| secrets: inherit | |
| with: | |
| image_name: ghcr.io/goauthentik/dev-server | |
| release: false | |
| pr-comment: | |
| needs: | |
| - build | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event_name == 'pull_request' }} | |
| permissions: | |
| # Needed to write comments on PRs | |
| pull-requests: write | |
| timeout-minutes: 120 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: prepare variables | |
| uses: ./.github/actions/docker-push-variables | |
| id: ev | |
| env: | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| with: | |
| image-name: ghcr.io/goauthentik/dev-server | |
| - name: Comment on PR | |
| if: ${{ steps.ev.outputs.shouldPush == 'true' }} | |
| uses: ./.github/actions/comment-pr-instructions | |
| with: | |
| tag: ${{ steps.ev.outputs.imageMainTag }} |