bf2343b7e4
Integration Tests - MySQL + Elasticsearch / Detect Changes (push) Waiting to run
Integration Tests - MySQL + Elasticsearch / integration-tests-mysql-elasticsearch (push) Blocked by required conditions
Integration Tests - PostgreSQL + Elasticsearch + Redis / Detect Changes (push) Waiting to run
Integration Tests - PostgreSQL + Elasticsearch + Redis / integration-tests-postgres-elasticsearch-redis (push) Blocked by required conditions
Integration Tests - PostgreSQL + OpenSearch / Detect Changes (push) Waiting to run
Integration Tests - PostgreSQL + OpenSearch / integration-tests-postgres-opensearch (push) Blocked by required conditions
Java Checkstyle / java-checkstyle (push) Waiting to run
Maven Collate Tests / maven-collate-ci (push) Waiting to run
OpenMetadata Service Unit Tests / Detect Changes (push) Waiting to run
OpenMetadata Service Unit Tests / openmetadata-service-unit-tests (push) Blocked by required conditions
OpenMetadata Service Unit Tests / k8s_operator-unit-tests (push) Blocked by required conditions
OpenMetadata Service Unit Tests / openmetadata-service-unit-tests-status (push) Blocked by required conditions
Publish Package to Maven Central Repository / publish-maven-packages (push) Waiting to run
156 lines
6.6 KiB
YAML
156 lines
6.6 KiB
YAML
# Copyright 2025 Collate
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
name: SSO Login Nightly
|
|
|
|
on:
|
|
schedule:
|
|
- cron: '0 3 * * *'
|
|
workflow_dispatch:
|
|
inputs:
|
|
sso_provider:
|
|
description: 'SSO provider (or "all")'
|
|
required: true
|
|
default: okta
|
|
type: choice
|
|
options:
|
|
- okta
|
|
- keycloak-azure-saml
|
|
- keycloak-azure-saml-crosssite
|
|
- all
|
|
send_slack_notification:
|
|
description: "Send Slack notification with test results"
|
|
required: false
|
|
type: boolean
|
|
default: false
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
concurrency:
|
|
group: sso-login-nightly-${{ github.event.inputs.sso_provider || 'scheduled' }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
# To onboard a new provider:
|
|
# 1. Add a matrix entry below (`name` is the lowercase provider id used by
|
|
# the Playwright helper; `env_prefix` is the uppercase/underscore form
|
|
# used to look up credentials). Also add `name` to the dispatch
|
|
# `options:` list above.
|
|
# 2. Add <ENV_PREFIX>_SSO_USERNAME (variable) and <ENV_PREFIX>_SSO_PASSWORD
|
|
# (variable) to the `test` environment. Use a secret instead of a
|
|
# variable for the password if the provider uses a real (non-fixture)
|
|
# credential.
|
|
# 3. Register the helper in playwright/utils/sso-providers/index.ts.
|
|
sso-login:
|
|
runs-on: ubuntu-latest
|
|
environment: test
|
|
timeout-minutes: 45
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
provider:
|
|
${{ (github.event_name == 'schedule' || github.event.inputs.sso_provider == 'all')
|
|
&& fromJSON('[{"name":"okta","env_prefix":"OKTA"},{"name":"keycloak-azure-saml","env_prefix":"KEYCLOAK_AZURE_SAML"},{"name":"keycloak-azure-saml-crosssite","env_prefix":"KEYCLOAK_AZURE_SAML"}]')
|
|
|| (github.event.inputs.sso_provider == 'keycloak-azure-saml'
|
|
&& fromJSON('[{"name":"keycloak-azure-saml","env_prefix":"KEYCLOAK_AZURE_SAML"}]')
|
|
|| (github.event.inputs.sso_provider == 'keycloak-azure-saml-crosssite'
|
|
&& fromJSON('[{"name":"keycloak-azure-saml-crosssite","env_prefix":"KEYCLOAK_AZURE_SAML"}]')
|
|
|| fromJSON('[{"name":"okta","env_prefix":"OKTA"}]'))) }}
|
|
steps:
|
|
- name: Free Disk Space (Ubuntu)
|
|
uses: jlumbroso/free-disk-space@main
|
|
with:
|
|
tool-cache: false
|
|
android: true
|
|
dotnet: true
|
|
haskell: true
|
|
large-packages: false
|
|
swap-storage: true
|
|
docker-images: false
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Cache Maven Dependencies
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: ~/.m2
|
|
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-maven-
|
|
|
|
- name: Setup OpenMetadata Test Environment
|
|
uses: ./.github/actions/setup-openmetadata-test-environment
|
|
with:
|
|
python-version: '3.10'
|
|
args: '-d postgresql -i false'
|
|
ingestion_dependency: 'all'
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version-file: 'openmetadata-ui/src/main/resources/ui/.nvmrc'
|
|
|
|
- name: Install dependencies
|
|
working-directory: openmetadata-ui/src/main/resources/ui/
|
|
run: yarn --ignore-scripts --frozen-lockfile
|
|
|
|
- name: Install Playwright Browsers
|
|
run: npx playwright@1.57.0 install chromium --with-deps
|
|
|
|
- name: Start Keycloak SAML IdP
|
|
if: startsWith(matrix.provider.name, 'keycloak-')
|
|
run: |
|
|
docker compose -f docker/local-sso/keycloak-saml/docker-compose.yml up -d
|
|
timeout 180 bash -c 'until curl -fsS http://localhost:8080/realms/om-azure-saml >/dev/null; do sleep 2; done'
|
|
|
|
- name: Run SSO Login Spec
|
|
working-directory: openmetadata-ui/src/main/resources/ui
|
|
env:
|
|
SSO_PROVIDER_TYPE: ${{ matrix.provider.name }}
|
|
SSO_USERNAME: ${{ vars[format('{0}_SSO_USERNAME', matrix.provider.env_prefix)] }}
|
|
SSO_PASSWORD: ${{ vars[format('{0}_SSO_PASSWORD', matrix.provider.env_prefix)] || secrets[format('{0}_SSO_PASSWORD', matrix.provider.env_prefix)] }}
|
|
# The '-crosssite' variant fronts the IdP on 127.0.0.1 while OM stays on localhost. The two
|
|
# are a same registrable-domain pair but a *different site* (SameSite ignores port; 127.0.0.1
|
|
# and localhost are distinct sites), so the SAML callback POST is cross-site and the browser
|
|
# drops the SameSite=Lax OM_SESSION cookie. This reproduces the production "No pending session"
|
|
# failure that the localhost-only job cannot, guarding the SAML RelayState fix.
|
|
KEYCLOAK_SAML_BASE_URL: ${{ matrix.provider.name == 'keycloak-azure-saml-crosssite' && 'http://127.0.0.1:8080' || 'http://localhost:8080' }}
|
|
PLAYWRIGHT_IS_OSS: true
|
|
run: npx playwright test --project=sso-auth --workers=1
|
|
|
|
- name: Upload HTML report
|
|
if: always()
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: sso-login-html-report-${{ matrix.provider.name }}
|
|
path: openmetadata-ui/src/main/resources/ui/playwright/output/playwright-report
|
|
retention-days: 5
|
|
|
|
- name: Send Slack Notification
|
|
if: ${{ always() && (github.event_name == 'schedule' || inputs.send_slack_notification == true) }}
|
|
working-directory: openmetadata-ui/src/main/resources/ui
|
|
env:
|
|
RUN_TITLE: "SSO Login Nightly: ${{ matrix.provider.name }} (${{ github.ref_name }})"
|
|
RUN_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
|
|
SLACK_BOT_USER_OAUTH_TOKEN: ${{ secrets.E2E_SLACK_BOT_OAUTH_TOKEN }}
|
|
run: |
|
|
npx playwright-slack-report -c playwright/slack-cli.config.json -j playwright/output/results.json > slack_report.json
|
|
|
|
- name: Clean Up
|
|
if: always()
|
|
run: |
|
|
docker compose -f docker/local-sso/keycloak-saml/docker-compose.yml down --remove-orphans || true
|
|
cd ./docker/development
|
|
docker compose down --remove-orphans
|
|
sudo rm -rf ${PWD}/docker-volume
|