Skip to content

improved creating permissions and policies #1289

improved creating permissions and policies

improved creating permissions and policies #1289

Workflow file for this run

name: Keycloak Operator CI
on:
push:
branches-ignore:
- main
- dependabot/**
pull_request:
workflow_dispatch:
env:
MAVEN_ARGS: "-B -nsu -Daether.connector.http.connectionMaxTtl=25"
MINIKUBE_VERSION: v1.32.0
KUBERNETES_VERSION: v1.27.10 # OCP 4.14
MINIKUBE_MEMORY: 4096 # Without explicitly setting memory, minikube uses ~25% of available memory which might be too little on smaller GitHub runners for running the tests
defaults:
run:
shell: bash
concurrency:
# Only cancel jobs for PR updates
group: operator-ci-${{ github.ref }}
cancel-in-progress: true
jobs:
conditional:
name: Check conditional workflows and jobs
runs-on: ubuntu-latest
outputs:
operator: ${{ steps.conditional.outputs.operator }}
steps:
- uses: actions/checkout@v4
- id: conditional
uses: ./.github/actions/conditional
with:
token: ${{ secrets.GITHUB_TOKEN }}
build:
name: Build distribution
if: needs.conditional.outputs.operator == 'true'
runs-on: ubuntu-latest
needs: conditional
steps:
- uses: actions/checkout@v4
- name: Build Keycloak
uses: ./.github/actions/build-keycloak
with:
upload-m2-repo: false
upload-dist: true
test-local:
name: Test local
runs-on: ubuntu-latest
needs: [build]
steps:
- uses: actions/checkout@v4
- name: Set version
id: vars
run: echo "version_local=0.0.1-${GITHUB_SHA::6}" >> $GITHUB_ENV
- name: Setup Java
uses: ./.github/actions/java-setup
- name: Setup Minikube-Kubernetes
uses: manusa/[email protected]
with:
minikube version: ${{ env.MINIKUBE_VERSION }}
kubernetes version: ${{ env.KUBERNETES_VERSION }}
github token: ${{ secrets.GITHUB_TOKEN }}
driver: docker
start args: --addons=ingress --memory=${{ env.MINIKUBE_MEMORY }} --cni cilium --cpus=max
- name: Download keycloak distribution
id: download-keycloak-dist
uses: actions/download-artifact@v4
with:
name: keycloak-dist
path: quarkus/container
- name: Build Keycloak Docker images
run: |
eval $(minikube -p minikube docker-env)
(cd quarkus/container && docker build --build-arg KEYCLOAK_DIST=$(ls keycloak-*.tar.gz) . -t keycloak:${{ env.version_local }})
(cd operator && ./scripts/build-testing-docker-images.sh ${{ env.version_local }} keycloak custom-keycloak)
- name: Test operator running locally
run: |
./mvnw install -Poperator -pl :keycloak-operator -am \
-Dquarkus.kubernetes.image-pull-policy=IfNotPresent \
-Dkc.operator.keycloak.image=keycloak:${{ env.version_local }} \
-Dtest.operator.custom.image=custom-keycloak:${{ env.version_local }} \
-Dkc.operator.keycloak.image-pull-policy=Never
test-remote:
name: Test remote
runs-on: ubuntu-latest
needs: [build]
steps:
- uses: actions/checkout@v4
- name: Set version
id: vars
run: echo "version_remote=0.0.1-${GITHUB_SHA::6}" >> $GITHUB_ENV
- name: Setup Java
uses: ./.github/actions/java-setup
- name: Setup Minikube-Kubernetes
uses: manusa/[email protected]
with:
minikube version: ${{ env.MINIKUBE_VERSION }}
kubernetes version: ${{ env.KUBERNETES_VERSION }}
github token: ${{ secrets.GITHUB_TOKEN }}
driver: docker
start args: --addons=ingress --memory=${{ env.MINIKUBE_MEMORY }} --cni cilium --cpus=max
- name: Download keycloak distribution
id: download-keycloak-dist
uses: actions/download-artifact@v4
with:
name: keycloak-dist
path: quarkus/container
- name: Build Keycloak Docker images
run: |
eval $(minikube -p minikube docker-env)
(cd quarkus/container && docker build --build-arg KEYCLOAK_DIST=$(ls keycloak-*.tar.gz) . -t keycloak:${{ env.version_remote }})
(cd operator && ./scripts/build-testing-docker-images.sh ${{ env.version_remote }} keycloak custom-keycloak)
- name: Test operator running in cluster
run: |
eval $(minikube -p minikube docker-env)
./mvnw install -Poperator -pl :keycloak-operator -am \
-Dquarkus.container-image.build=true \
-Dquarkus.kubernetes.image-pull-policy=IfNotPresent \
-Dkc.operator.keycloak.image=keycloak:${{ env.version_remote }} \
-Dquarkus.kubernetes.env.vars.kc-operator-keycloak-image-pull-policy=Never \
-Dtest.operator.custom.image=custom-keycloak:${{ env.version_remote }} \
--no-transfer-progress -Dtest.operator.deployment=remote
test-olm:
name: Test OLM installation
runs-on: ubuntu-latest
needs: [build]
steps:
- uses: actions/checkout@v4
- name: Setup Java
uses: ./.github/actions/java-setup
- name: Setup Minikube-Kubernetes
uses: manusa/[email protected]
with:
minikube version: ${{ env.MINIKUBE_VERSION }}
kubernetes version: ${{ env.KUBERNETES_VERSION }}
github token: ${{ secrets.GITHUB_TOKEN }}
driver: docker
start args: --memory=${{ env.MINIKUBE_MEMORY }}
- name: Install OPM
uses: redhat-actions/openshift-tools-installer@v1
with:
source: github
opm: 1.21.0
- name: Install Yq
run: sudo snap install yq
- name: Install OLM
working-directory: operator
run: ./scripts/install-olm.sh
- name: Download keycloak distribution
id: download-keycloak-dist
uses: actions/download-artifact@v4
with:
name: keycloak-dist
path: quarkus/container
- name: Arrange OLM test installation
working-directory: operator
run: |
eval $(minikube -p minikube docker-env)
./scripts/olm-testing.sh ${GITHUB_SHA::6}
- name: Deploy an example Keycloak and wait for it to be ready
working-directory: operator
run: |
kubectl apply -f src/test/resources/example-postgres.yaml
./scripts/check-crds-installed.sh
kubectl apply -f src/test/resources/example-db-secret.yaml
kubectl apply -f src/test/resources/example-tls-secret.yaml
kubectl apply -f src/test/resources/example-keycloak.yaml
kubectl apply -f src/test/resources/example-realm.yaml
# Wait for the CRs to be ready
./scripts/check-examples-installed.sh
- name: Single namespace cleanup
working-directory: operator
run: |
kubectl delete -f src/test/resources/example-postgres.yaml
kubectl delete -f src/test/resources/example-db-secret.yaml
kubectl delete -f src/test/resources/example-tls-secret.yaml
kubectl delete -f src/test/resources/example-keycloak.yaml
kubectl delete -f src/test/resources/example-realm.yaml
- name: Arrange OLM test installation for all namespaces
working-directory: operator
run: |
kubectl patch csv keycloak-operator.v86400000.0.0 --type merge --patch '{"spec": {"installModes": [{"type": "AllNamespaces","supported": true}]}}'
kubectl patch operatorgroup og --type json --patch '[{"op":"remove","path":"/spec/targetNamespaces"}]'
- name: Deploy an example Keycloak in a different namespace and wait for it to be ready
working-directory: operator
run: |
kubectl create ns keycloak
kubectl apply -f src/test/resources/example-postgres.yaml -n keycloak
kubectl apply -f src/test/resources/example-db-secret.yaml -n keycloak
kubectl apply -f src/test/resources/example-tls-secret.yaml -n keycloak
kubectl apply -f src/test/resources/example-keycloak.yaml -n keycloak
kubectl apply -f src/test/resources/example-realm.yaml -n keycloak
# Wait for the CRs to be ready
./scripts/check-examples-installed.sh keycloak
check:
name: Status Check - Keycloak Operator CI
if: always()
needs:
- conditional
- build
- test-local
- test-remote
- test-olm
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/status-check
with:
jobs: ${{ toJSON(needs) }}