providers/scim: ensure scim group member isn't None #10291
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: authentik-ci-main | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - next | |
| - version-* | |
| paths-ignore: | |
| - website | |
| pull_request: | |
| branches: | |
| - main | |
| env: | |
| POSTGRES_DB: authentik | |
| POSTGRES_USER: authentik | |
| POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77" | |
| jobs: | |
| lint: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| job: | |
| - bandit | |
| - black | |
| - codespell | |
| - isort | |
| - pending-migrations | |
| - pylint | |
| - pyright | |
| - ruff | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Setup authentik env | |
| uses: ./.github/actions/setup | |
| - name: run job | |
| run: poetry run make ci-${{ matrix.job }} | |
| test-migrations: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Setup authentik env | |
| uses: ./.github/actions/setup | |
| - name: run migrations | |
| run: poetry run python -m lifecycle.migrate | |
| test-migrations-from-stable: | |
| runs-on: ubuntu-latest | |
| continue-on-error: true | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup authentik env | |
| uses: ./.github/actions/setup | |
| - name: checkout stable | |
| run: | | |
| # Copy current, latest config to local | |
| cp authentik/lib/default.yml local.env.yml | |
| cp -R .github .. | |
| cp -R scripts .. | |
| git checkout $(git describe --tags $(git rev-list --tags --max-count=1)) | |
| rm -rf .github/ scripts/ | |
| mv ../.github ../scripts . | |
| - name: Setup authentik env (ensure stable deps are installed) | |
| uses: ./.github/actions/setup | |
| - name: run migrations to stable | |
| run: poetry run python -m lifecycle.migrate | |
| - name: checkout current code | |
| run: | | |
| set -x | |
| git fetch | |
| git reset --hard HEAD | |
| git clean -d -fx . | |
| git checkout $GITHUB_SHA | |
| poetry install | |
| - name: Setup authentik env (ensure latest deps are installed) | |
| uses: ./.github/actions/setup | |
| - name: migrate to latest | |
| run: poetry run python -m lifecycle.migrate | |
| test-unittest: | |
| name: test-unittest - PostgreSQL ${{ matrix.psql }} | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| psql: | |
| - 11-alpine | |
| - 12-alpine | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Setup authentik env | |
| uses: ./.github/actions/setup | |
| with: | |
| postgresql_tag: ${{ matrix.psql }} | |
| - name: run unittest | |
| run: | | |
| poetry run make test | |
| poetry run coverage xml | |
| - if: ${{ always() }} | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| flags: unit | |
| test-integration: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Setup authentik env | |
| uses: ./.github/actions/setup | |
| - name: Create k8s Kind Cluster | |
| uses: helm/kind-action@v1.5.0 | |
| - name: run integration | |
| run: | | |
| poetry run coverage run manage.py test tests/integration | |
| poetry run coverage xml | |
| - if: ${{ always() }} | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| flags: integration | |
| test-e2e: | |
| name: test-e2e (${{ matrix.job.name }}) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| job: | |
| - name: proxy | |
| glob: tests/e2e/test_provider_proxy* | |
| - name: oauth | |
| glob: tests/e2e/test_provider_oauth2* tests/e2e/test_source_oauth* | |
| - name: oauth-oidc | |
| glob: tests/e2e/test_provider_oidc* | |
| - name: saml | |
| glob: tests/e2e/test_provider_saml* tests/e2e/test_source_saml* | |
| - name: ldap | |
| glob: tests/e2e/test_provider_ldap* tests/e2e/test_source_ldap* | |
| - name: radius | |
| glob: tests/e2e/test_provider_radius* | |
| - name: flows | |
| glob: tests/e2e/test_flows* | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Setup authentik env | |
| uses: ./.github/actions/setup | |
| - name: Setup e2e env (chrome, etc) | |
| run: | | |
| docker-compose -f tests/e2e/docker-compose.yml up -d | |
| - id: cache-web | |
| uses: actions/cache@v3 | |
| with: | |
| path: web/dist | |
| key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'web/src/**') }} | |
| - name: prepare web ui | |
| if: steps.cache-web.outputs.cache-hit != 'true' | |
| working-directory: web | |
| run: | | |
| npm ci | |
| make -C .. gen-client-ts | |
| npm run build | |
| - name: run e2e | |
| run: | | |
| poetry run coverage run manage.py test ${{ matrix.job.glob }} | |
| poetry run coverage xml | |
| - if: ${{ always() }} | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| flags: e2e | |
| ci-core-mark: | |
| needs: | |
| - lint | |
| - test-migrations | |
| - test-migrations-from-stable | |
| - test-unittest | |
| - test-integration | |
| - test-e2e | |
| runs-on: ubuntu-latest | |
| steps: | |
| - run: echo mark | |
| build: | |
| needs: ci-core-mark | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 120 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2.1.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: prepare variables | |
| uses: ./.github/actions/docker-push-variables | |
| id: ev | |
| env: | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| - name: Login to Container Registry | |
| uses: docker/login-action@v2 | |
| if: ${{ steps.ev.outputs.shouldBuild == 'true' }} | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build Docker Image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| secrets: | | |
| GEOIPUPDATE_ACCOUNT_ID=${{ secrets.GEOIPUPDATE_ACCOUNT_ID }} | |
| GEOIPUPDATE_LICENSE_KEY=${{ secrets.GEOIPUPDATE_LICENSE_KEY }} | |
| push: ${{ steps.ev.outputs.shouldBuild == 'true' }} | |
| tags: | | |
| ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }} | |
| ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.sha }} | |
| ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}-${{ steps.ev.outputs.shortHash }} | |
| build-args: | | |
| GIT_BUILD_HASH=${{ steps.ev.outputs.sha }} | |
| VERSION_FAMILY=${{ steps.ev.outputs.versionFamily }} | |
| - name: Comment on PR | |
| if: github.event_name == 'pull_request' | |
| continue-on-error: true | |
| uses: ./.github/actions/comment-pr-instructions | |
| with: | |
| tag: gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}-${{ steps.ev.outputs.shortHash }} | |
| build-arm64: | |
| needs: ci-core-mark | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 120 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2.1.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: prepare variables | |
| uses: ./.github/actions/docker-push-variables | |
| id: ev | |
| env: | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| - name: Login to Container Registry | |
| uses: docker/login-action@v2 | |
| if: ${{ steps.ev.outputs.shouldBuild == 'true' }} | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build Docker Image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| secrets: | | |
| GEOIPUPDATE_ACCOUNT_ID=${{ secrets.GEOIPUPDATE_ACCOUNT_ID }} | |
| GEOIPUPDATE_LICENSE_KEY=${{ secrets.GEOIPUPDATE_LICENSE_KEY }} | |
| push: ${{ steps.ev.outputs.shouldBuild == 'true' }} | |
| tags: | | |
| ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }}-arm64 | |
| ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.sha }}-arm64 | |
| ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}-${{ steps.ev.outputs.shortHash }}-arm64 | |
| build-args: | | |
| GIT_BUILD_HASH=${{ steps.ev.outputs.sha }} | |
| VERSION_FAMILY=${{ steps.ev.outputs.versionFamily }} | |
| platforms: linux/arm64 |