fix authentication_flow_binding_overrides's browserIdRef being replaced #2

Workflow file for this run

	name: CI

	on:
	push:
	branches:
	- main
	- release-*
	pull_request: {}
	workflow_dispatch: {}

	env:
	# Common versions
	GO_VERSION: '1.25'
	GOLANGCI_VERSION: 'v2.7.2'
	DOCKER_BUILDX_VERSION: 'v0.22.0'
	UP_VERSION: 'v0.38.4'

	# Registry/Org names
	CROSSPLANE_REGORG: 'ghcr.io/crossplane-contrib' # xpkg.crossplane.io/crossplane-contrib
	UPBOUND_REGORG: 'xpkg.upbound.io/crossplane-contrib'

	PROVIDER_REPO: provider-keycloak

	# Upbound registry specific variables
	UP_DOMAIN: "https://upbound.io"

	# Common users. We can't run a step 'if secrets.XXX != ""' but we can run a
	# step 'if env.XXX != ""', so we copy these to succinctly test whether
	# credentials have been provided before trying to run steps that need them.
	UPBOUND_MARKETPLACE_PUSH_ROBOT_USR: ${{ secrets.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR }}

	jobs:
	detect-noop:
	runs-on: ubuntu-24.04
	outputs:
	noop: ${{ steps.noop.outputs.should_skip }}
	skip-e2e: ${{ steps.skip-e2e.outputs.skip }}
	steps:
	- name: Detect No-op Changes
	id: noop
	uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1
	with:
	github_token: ${{ secrets.GITHUB_TOKEN }}
	paths_ignore: '[".md", ".png", "**.jpg"]'
	do_not_skip: '["workflow_dispatch", "schedule", "push"]'

	- name: Checkout
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
	with:
	fetch-depth: 0

	- name: Check for skip e2e in commit message
	id: skip-e2e
	run: \|
	COMMIT_MESSAGE=$(git log -1 --pretty=%B)
	if echo "$COMMIT_MESSAGE" \| grep -iq "\[skip e2e\]"; then
	echo "skip=true" >> $GITHUB_OUTPUT
	echo "Found [skip e2e] in commit message, will skip e2e tests"
	else
	echo "skip=false" >> $GITHUB_OUTPUT
	echo "No [skip e2e] found in commit message"
	fi


	lint:
	runs-on: ubuntu-24.04
	needs: detect-noop
	if: needs.detect-noop.outputs.noop != 'true'

	steps:
	- name: Checkout
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
	with:
	submodules: true

	- name: Setup Go
	uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Find the Go Build Cache
	id: go
	run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

	- name: Cache the Go Build Cache
	uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5
	with:
	path: ${{ steps.go.outputs.cache }}
	key: ${{ runner.os }}-build-lint-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-build-lint-

	- name: Cache Go Dependencies
	uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5
	with:
	path: .work/pkg
	key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-pkg-

	- name: Vendor Dependencies
	run: make vendor vendor.check

	# We could run 'make lint' but we prefer this action because it leaves
	# 'annotations' (i.e. it comments on PRs to point out linter violations).
	- name: Lint
	uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9
	with:
	version: ${{ env.GOLANGCI_VERSION }}

	check-diff:
	runs-on: ubuntu-24.04
	needs: detect-noop
	if: needs.detect-noop.outputs.noop != 'true'

	steps:
	- name: Checkout
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
	with:
	submodules: true

	- name: Setup Go
	uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Install goimports
	run: go install golang.org/x/tools/cmd/goimports@latest

	- name: Find the Go Build Cache
	id: go
	run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

	- name: Cache the Go Build Cache
	uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5
	with:
	path: ${{ steps.go.outputs.cache }}
	key: ${{ runner.os }}-build-check-diff-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-build-check-diff-

	- name: Cache Go Dependencies
	uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5
	with:
	path: .work/pkg
	key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-pkg-

	- name: Vendor Dependencies
	run: make vendor vendor.check

	- name: Check Diff
	run: make check-diff

	unit-tests:
	runs-on: ubuntu-24.04
	needs: detect-noop
	if: needs.detect-noop.outputs.noop != 'true'

	steps:
	- name: Checkout
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
	with:
	submodules: true

	- name: Fetch History
	run: git fetch --prune --unshallow

	- name: Setup Go
	uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Find the Go Build Cache
	id: go
	run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

	- name: Cache the Go Build Cache
	uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5
	with:
	path: ${{ steps.go.outputs.cache }}
	key: ${{ runner.os }}-build-unit-tests-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-build-unit-tests-

	- name: Cache Go Dependencies
	uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5
	with:
	path: .work/pkg
	key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-pkg-

	- name: Vendor Dependencies
	run: make vendor vendor.check

	- name: Run Unit Tests
	run: make -j2 test

	- name: Publish Unit Test Coverage
	uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5
	with:
	flags: unittests
	file: _output/tests/linux_amd64/coverage.txt

	local-deploy:
	runs-on: ubuntu-24.04
	needs: detect-noop
	if: needs.detect-noop.outputs.noop != 'true'

	steps:
	- name: Checkout
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
	with:
	submodules: true

	- name: Fetch History
	run: git fetch --prune --unshallow

	- name: Setup Go
	uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Find the Go Build Cache
	id: go
	run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

	- name: Cache the Go Build Cache
	uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5
	with:
	path: ${{ steps.go.outputs.cache }}
	key: ${{ runner.os }}-build-unit-tests-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-build-unit-tests-

	- name: Cache Go Dependencies
	uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5
	with:
	path: .work/pkg
	key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-pkg-

	- name: Vendor Dependencies
	run: make vendor vendor.check

	- name: Deploying locally built provider package
	run: make local-deploy

	e2e-tests:
	runs-on: ubuntu-24.04
	needs: detect-noop
	if: needs.detect-noop.outputs.noop != 'true' && needs.detect-noop.outputs.skip-e2e != 'true'
	concurrency:
	group: ${{ github.head_ref \|\| github.run_id }}-${{ matrix.keycloak-version }}
	cancel-in-progress: true
	strategy:
	fail-fast: false
	matrix:
	keycloak-version:
	- '26.4.4'
	- '26.3.5'
	- '26.2.5'
	- '26.1.5'
	- '26.0.8'
	steps:
	- name: Checkout
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
	with:
	submodules: true

	- name: Fetch History
	run: git fetch --prune --unshallow

	- name: Setup Go
	uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Find the Go Build Cache
	id: go
	run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

	- name: Cache the Go Build Cache
	uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5
	with:
	path: ${{ steps.go.outputs.cache }}
	key: ${{ runner.os }}-build-unit-tests-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-build-unit-tests-

	- name: Cache Go Dependencies
	uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5
	with:
	path: .work/pkg
	key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-pkg-

	- name: Vendor Dependencies
	run: make vendor vendor.check

	- name: Starting testsetup for E2E Tests
	run: \|
	set -o pipefail
	mkdir -p logs
	./dev/setup_dev_environment.sh --cluster-name fenrir-1 --deploy-local-provider --keycloak-version ${{ matrix.keycloak-version }} \| tee logs/setup-environment.log

	- name: Verify kind cluster exists
	run: \|
	echo "Checking for kind cluster fenrir-1..."
	kind get clusters
	if ! kind get clusters \| grep -q "fenrir-1"; then
	echo "ERROR: kind cluster fenrir-1 was not created"
	exit 1
	fi

	- name: Set kind cluster as context
	run: kind export kubeconfig --name fenrir-1

	- name: Running E2E Tests
	id: e2eTests
	continue-on-error: true
	shell: bash
	run:
	#!/bin/bash
	set -o pipefail;
	make uptest \| tee logs/uptest.log;
	exit $?;

	- name: Collect logs
	if: steps.e2eTests.outcome == 'failure'
	shell: bash
	run: ./dev/collect-logs.sh

	- name: Upload logs
	if: steps.e2eTests.outcome == 'failure'
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
	with:
	name: e2e-logs-${{ matrix.keycloak-version }}
	path: \|
	logs/

	- name: Fail on error
	if: steps.e2eTests.outcome == 'failure'
	run: exit 1

	publish-artifacts:
	runs-on: ubuntu-24.04
	needs: [detect-noop, lint, check-diff, unit-tests, local-deploy, e2e-tests]
	if: \|
	needs.detect-noop.outputs.noop != 'true' && needs.lint.result == 'success' && needs.check-diff.result == 'success' && needs.unit-tests.result == 'success' && needs.local-deploy.result == 'success' &&
	(always() && (needs.e2e-tests.result == 'success' \|\| needs.e2e-tests.result == 'skipped' \|\| needs.detect-noop.outputs.skip-e2e == 'true'))
	outputs:
	version: ${{ steps.version.outputs.VERSION }}
	permissions:
	packages: write
	contents: read
	attestations: write
	id-token: write
	steps:
	- name: Setup QEMU
	uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
	with:
	platforms: all

	- name: Setup Docker Buildx
	uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
	with:
	version: ${{ env.DOCKER_BUILDX_VERSION }}
	install: true

	- name: Login to GHCR using PAT
	uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Checkout
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
	with:
	submodules: true

	- name: Fetch History
	run: git fetch --prune --unshallow

	- name: Setup Go
	uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Find the Go Build Cache
	id: go
	run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

	- name: Find the version
	id: version
	run: make common.buildvars >> $GITHUB_OUTPUT

	- name: Cache the Go Build Cache
	uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5
	with:
	path: ${{ steps.go.outputs.cache }}
	key: ${{ runner.os }}-build-publish-artifacts-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-build-publish-artifacts-

	- name: Cache Go Dependencies
	uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5
	with:
	path: .work/pkg
	key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-pkg-

	- name: Vendor Dependencies
	run: make vendor vendor.check

	- name: Build Artifacts
	run: \|-
	make -j2 XPKG_REG_ORGS="${{ env.CROSSPLANE_REGORG }}" XPKG_REG_ORGS_NO_PROMOTE="${{ env.CROSSPLANE_REGORG }}" BRANCH_NAME="main" VERSION="${{ steps.version.outputs.VERSION }}" build.all
	env:
	# We're using docker buildx, which doesn't actually load the images it
	# builds by default. Specifying --load does so.
	BUILD_ARGS: "--load"

	- name: Upload Artifacts to GitHub
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
	with:
	name: output
	path: _output/**

	- name: Publish Artifacts
	run: \|-
	make -j2 XPKG_REG_ORGS="${{ env.CROSSPLANE_REGORG }}" XPKG_REG_ORGS_NO_PROMOTE="${{ env.CROSSPLANE_REGORG }}" BRANCH_NAME="main" VERSION="${{ steps.version.outputs.VERSION }}" publish

	mirror-to-xpkg-upbound-io:
	needs: publish-artifacts
	runs-on: ubuntu-24.04
	steps:
	- name: Setup QEMU
	uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
	with:
	platforms: all

	- name: Setup Docker Buildx
	uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
	with:
	version: ${{ env.DOCKER_BUILDX_VERSION }}
	install: true

	- name: Setup crane
	# crane will inherit credentials from `docker login`
	uses: imjasonh/setup-crane@31b88efe9de28ae0ffa220711af4b60be9435f6e # v0.4

	- name: Validate crane installation
	run: crane version

	- name: Login to Upbound
	uses: docker/login-action@0567fa5ae8c9a197cb207537dc5cbb43ca3d803f
	with:
	registry: "xpkg.upbound.io"
	username: ${{ secrets.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR }}
	password: ${{ secrets.UPBOUND_MARKETPLACE_PUSH_ROBOT_PSW }}

	- name: Mirror to xpkg.upbound.io
	run: \|
	crane copy ${{ env.CROSSPLANE_REGORG }}/${{ env.PROVIDER_REPO }}:${{ needs.publish-artifacts.outputs.version }} ${{ env.UPBOUND_REGORG }}/${{ env.PROVIDER_REPO }}:${{ needs.publish-artifacts.outputs.version }} --allow-nondistributable-artifacts

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix authentication_flow_binding_overrides's browserIdRef being replaced #2

Workflow file

fix authentication_flow_binding_overrides's browserIdRef being replaced #2

Uh oh!

Workflow file for this run