From 1341646b5a3c7580978bf10bbeae803d460db12c Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens@goauthentik.io>
Date: Sat, 25 Jan 2025 00:24:56 +0100
Subject: [PATCH 1/5] move pre-release docker test to script

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 .github/workflows/release-tag.yml | 11 +----------
 Makefile                          | 12 +++---------
 scripts/test_docker.sh            | 17 +++++++++++++++++
 3 files changed, 21 insertions(+), 19 deletions(-)
 create mode 100755 scripts/test_docker.sh

diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml
index 96461b09f6db..198570d8e716 100644
--- a/.github/workflows/release-tag.yml
+++ b/.github/workflows/release-tag.yml
@@ -14,16 +14,7 @@ jobs:
       - uses: actions/checkout@v4
       - name: Pre-release test
         run: |
-          echo "PG_PASS=$(openssl rand 32 | base64 -w 0)" >> .env
-          echo "AUTHENTIK_SECRET_KEY=$(openssl rand 32 | base64 -w 0)" >> .env
-          docker buildx install
-          mkdir -p ./gen-ts-api
-          docker build -t testing:latest .
-          echo "AUTHENTIK_IMAGE=testing" >> .env
-          echo "AUTHENTIK_TAG=latest" >> .env
-          docker compose up --no-start
-          docker compose start postgresql redis
-          docker compose run -u root server test-all
+          make test-docker
       - id: generate_token
         uses: tibdex/github-app-token@v2
         with:
diff --git a/Makefile b/Makefile
index 582efb546d39..aa802c69b251 100644
--- a/Makefile
+++ b/Makefile
@@ -45,15 +45,6 @@ help:  ## Show this help
 go-test:
 	go test -timeout 0 -v -race -cover ./...
 
-test-docker:  ## Run all tests in a docker-compose
-	echo "PG_PASS=$(shell openssl rand 32 | base64 -w 0)" >> .env
-	echo "AUTHENTIK_SECRET_KEY=$(shell openssl rand 32 | base64 -w 0)" >> .env
-	docker compose pull -q
-	docker compose up --no-start
-	docker compose start postgresql redis
-	docker compose run -u root server test-all
-	rm -f .env
-
 test: ## Run the server tests and produce a coverage report (locally)
 	coverage run manage.py test --keepdb authentik
 	coverage html
@@ -263,6 +254,9 @@ docker:  ## Build a docker image of the current source tree
 	mkdir -p ${GEN_API_TS}
 	DOCKER_BUILDKIT=1 docker build . --progress plain --tag ${DOCKER_IMAGE}
 
+test-docker:
+	./scripts/test_docker.sh
+
 #########################
 ## CI
 #########################
diff --git a/scripts/test_docker.sh b/scripts/test_docker.sh
new file mode 100755
index 000000000000..ef26cfe8da4a
--- /dev/null
+++ b/scripts/test_docker.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+set -e -x -o pipefail
+
+export PG_PASS=$(openssl rand -base64 36 | tr -d '\n')
+export AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')
+export AUTHENTIK_TAG=$(git rev-parse HEAD | cut -c1-15)
+export COMPOSE_PROJECT_NAME="authentik-test-${AUTHENTIK_TAG}"
+
+# Ensure buildx is installed
+docker buildx install
+# For release builds we have an empty client here as we use the NPM package
+mkdir -p ./gen-ts-api
+docker build -t ghcr.io/goauthentik/server:${AUTHENTIK_TAG} .
+docker compose up --no-start
+docker compose start postgresql redis
+docker compose run -u root server test-all
+docker compose down -v

From 5c8c042dbc3b59187b82d1f259cef0491e7f4b84 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens@goauthentik.io>
Date: Sat, 25 Jan 2025 00:25:03 +0100
Subject: [PATCH 2/5] set pipefail in ak

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 lifecycle/ak           | 3 ++-
 scripts/test_docker.sh | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/lifecycle/ak b/lifecycle/ak
index 2d52023bb997..8850e8307c03 100755
--- a/lifecycle/ak
+++ b/lifecycle/ak
@@ -1,4 +1,5 @@
-#!/usr/bin/env -S bash -e
+#!/usr/bin/env -S bash
+set -e -o pipefail
 MODE_FILE="${TMPDIR}/authentik-mode"
 
 function log {
diff --git a/scripts/test_docker.sh b/scripts/test_docker.sh
index ef26cfe8da4a..eb3c682e8f97 100755
--- a/scripts/test_docker.sh
+++ b/scripts/test_docker.sh
@@ -3,6 +3,7 @@ set -e -x -o pipefail
 
 export PG_PASS=$(openssl rand -base64 36 | tr -d '\n')
 export AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')
+export AUTHENTIK_IMAGE="xghcr.io/goauthentik/server"
 export AUTHENTIK_TAG=$(git rev-parse HEAD | cut -c1-15)
 export COMPOSE_PROJECT_NAME="authentik-test-${AUTHENTIK_TAG}"
 

From 7fe56494381c03202be601a74e4fcfb7fc2d9d34 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens@goauthentik.io>
Date: Sat, 25 Jan 2025 00:25:30 +0100
Subject: [PATCH 3/5] don't reinstall wheels since they don't exist anymore

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 lifecycle/ak | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lifecycle/ak b/lifecycle/ak
index 8850e8307c03..44dc4807077f 100755
--- a/lifecycle/ak
+++ b/lifecycle/ak
@@ -88,7 +88,6 @@ elif [[ "$1" == "bash" ]]; then
 elif [[ "$1" == "test-all" ]]; then
     prepare_debug
     chmod 777 /root
-    pip install --force-reinstall /wheels/*
     check_if_root "python -m manage test authentik"
 elif [[ "$1" == "healthcheck" ]]; then
     run_authentik healthcheck $(cat $MODE_FILE)

From 631d9850d5d89abded67b0912a21e9d81f0e678e Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens@goauthentik.io>
Date: Sat, 25 Jan 2025 00:26:01 +0100
Subject: [PATCH 4/5] fix image

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 scripts/test_docker.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/test_docker.sh b/scripts/test_docker.sh
index eb3c682e8f97..97234f515b9a 100755
--- a/scripts/test_docker.sh
+++ b/scripts/test_docker.sh
@@ -11,7 +11,7 @@ export COMPOSE_PROJECT_NAME="authentik-test-${AUTHENTIK_TAG}"
 docker buildx install
 # For release builds we have an empty client here as we use the NPM package
 mkdir -p ./gen-ts-api
-docker build -t ghcr.io/goauthentik/server:${AUTHENTIK_TAG} .
+docker build -t ${AUTHENTIK_IMAGE}:${AUTHENTIK_TAG} .
 docker compose up --no-start
 docker compose start postgresql redis
 docker compose run -u root server test-all

From a5db8d85a1a63da9ce828eaffdef0136572384e2 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens@goauthentik.io>
Date: Sat, 25 Jan 2025 00:42:12 +0100
Subject: [PATCH 5/5] fix config error on startup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 authentik/lib/config.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/authentik/lib/config.py b/authentik/lib/config.py
index d7e78ea2dc28..f395abcab56a 100644
--- a/authentik/lib/config.py
+++ b/authentik/lib/config.py
@@ -283,7 +283,8 @@ def get_int(self, path: str, default=0) -> int:
     def get_optional_int(self, path: str, default=None) -> int | None:
         """Wrapper for get that converts value into int or None if set"""
         value = self.get(path, default)
-
+        if value is UNSET:
+            return default
         try:
             return int(value)
         except (ValueError, TypeError) as exc: