providers/oauth2: Add provider federation between OAuth2 Providers #26087
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: authentik-ci-outpost | |
on: | |
push: | |
branches: | |
- main | |
- next | |
- version-* | |
pull_request: | |
branches: | |
- main | |
- version-* | |
jobs: | |
lint-golint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version-file: "go.mod" | |
- name: Prepare and generate API | |
run: | | |
# Create folder structure for go embeds | |
mkdir -p web/dist | |
mkdir -p website/help | |
touch web/dist/test website/help/test | |
- name: Generate API | |
run: make gen-client-go | |
- name: golangci-lint | |
uses: golangci/golangci-lint-action@v6 | |
with: | |
version: latest | |
args: --timeout 5000s --verbose | |
skip-cache: true | |
test-unittest: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version-file: "go.mod" | |
- name: Setup authentik env | |
uses: ./.github/actions/setup | |
- name: Generate API | |
run: make gen-client-go | |
- name: Go unittests | |
run: | | |
go test -timeout 0 -v -race -coverprofile=coverage.out -covermode=atomic -cover ./... | |
ci-outpost-mark: | |
needs: | |
- lint-golint | |
- test-unittest | |
runs-on: ubuntu-latest | |
steps: | |
- run: echo mark | |
build-container: | |
timeout-minutes: 120 | |
needs: | |
- ci-outpost-mark | |
strategy: | |
fail-fast: false | |
matrix: | |
type: | |
- proxy | |
- ldap | |
- radius | |
- rac | |
runs-on: ubuntu-latest | |
permissions: | |
# Needed to upload contianer images to ghcr.io | |
packages: write | |
# Needed for attestation | |
id-token: write | |
attestations: write | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Set up QEMU | |
uses: docker/[email protected] | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: prepare variables | |
uses: ./.github/actions/docker-push-variables | |
id: ev | |
env: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
with: | |
image-name: ghcr.io/goauthentik/dev-${{ matrix.type }} | |
- name: Login to Container Registry | |
if: ${{ steps.ev.outputs.shouldBuild == 'true' }} | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Generate API | |
run: make gen-client-go | |
- name: Build Docker Image | |
id: push | |
uses: docker/build-push-action@v6 | |
with: | |
tags: ${{ steps.ev.outputs.imageTags }} | |
file: ${{ matrix.type }}.Dockerfile | |
push: ${{ steps.ev.outputs.shouldBuild == 'true' }} | |
build-args: | | |
GIT_BUILD_HASH=${{ steps.ev.outputs.sha }} | |
platforms: linux/amd64,linux/arm64 | |
context: . | |
cache-from: type=registry,ref=ghcr.io/goauthentik/dev-${{ matrix.type }}:buildcache | |
cache-to: ${{ steps.ev.outputs.shouldBuild == 'true' && format('type=registry,ref=ghcr.io/goauthentik/dev-{0}:buildcache,mode=max', matrix.type) || '' }} | |
- uses: actions/attest-build-provenance@v1 | |
id: attest | |
if: ${{ steps.ev.outputs.shouldBuild == 'true' }} | |
with: | |
subject-name: ${{ steps.ev.outputs.attestImageNames }} | |
subject-digest: ${{ steps.push.outputs.digest }} | |
push-to-registry: true | |
build-binary: | |
timeout-minutes: 120 | |
needs: | |
- ci-outpost-mark | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
type: | |
- proxy | |
- ldap | |
- radius | |
- rac | |
goos: [linux] | |
goarch: [amd64, arm64] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- uses: actions/setup-go@v5 | |
with: | |
go-version-file: "go.mod" | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: web/package.json | |
cache: "npm" | |
cache-dependency-path: web/package-lock.json | |
- name: Generate API | |
run: make gen-client-go | |
- name: Build web | |
working-directory: web/ | |
run: | | |
npm ci | |
npm run build-proxy | |
- name: Build outpost | |
run: | | |
set -x | |
export GOOS=${{ matrix.goos }} | |
export GOARCH=${{ matrix.goarch }} | |
export CGO_ENABLED=0 | |
go build -tags=outpost_static_embed -v -o ./authentik-outpost-${{ matrix.type }}_${{ matrix.goos }}_${{ matrix.goarch }} ./cmd/${{ matrix.type }} |