Skip to content

Add scope param to oidc refresh token request #1977

Add scope param to oidc refresh token request

Add scope param to oidc refresh token request #1977

Workflow file for this run

name: Keycloak CI
on:
push:
branches-ignore:
- main
- dependabot/**
pull_request:
workflow_dispatch:
env:
MAVEN_ARGS: "-B -nsu -Daether.connector.http.connectionMaxTtl=25"
SUREFIRE_RERUN_FAILING_COUNT: 2
SUREFIRE_RETRY: "-Dsurefire.rerunFailingTestsCount=2"
concurrency:
# Only cancel jobs for PR updates
group: ci-${{ github.ref }}
cancel-in-progress: true
defaults:
run:
shell: bash
jobs:
conditional:
name: Check conditional workflows and jobs
runs-on: ubuntu-latest
outputs:
ci: ${{ steps.conditional.outputs.ci }}
ci-store: ${{ steps.conditional.outputs.ci-store }}
ci-sssd: ${{ steps.conditional.outputs.ci-sssd }}
steps:
- uses: actions/checkout@v4
- id: conditional
uses: ./.github/actions/conditional
with:
token: ${{ secrets.GITHUB_TOKEN }}
build:
name: Build
if: needs.conditional.outputs.ci == 'true'
runs-on: ubuntu-latest
needs: conditional
steps:
- uses: actions/checkout@v4
- name: Build Keycloak
uses: ./.github/actions/build-keycloak
unit-tests:
name: Base UT
runs-on: ubuntu-latest
needs: build
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- id: unit-test-setup
name: Unit test setup
uses: ./.github/actions/unit-test-setup
- name: Run unit tests
run: |
SEP=""
PROJECTS=""
for i in `find -name '*Test.java' -type f | egrep -v './(testsuite|quarkus|docs)/' | sed 's|/src/test/java/.*||' | sort | uniq | sed 's|./||'`; do
PROJECTS="$PROJECTS$SEP$i"
SEP=","
done
./mvnw test -pl "$PROJECTS" -am
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: unit-tests
base-integration-tests:
name: Base IT
needs: build
runs-on: ubuntu-latest
timeout-minutes: 100
strategy:
matrix:
group: [1, 2, 3, 4, 5, 6]
fail-fast: false
steps:
- uses: actions/checkout@v4
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Run base tests
run: |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh ${{ matrix.group }}`
echo "Tests: $TESTS"
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- uses: ./.github/actions/upload-flaky-tests
name: Upload flaky tests
env:
GH_TOKEN: ${{ github.token }}
with:
job-name: Base IT
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: base-integration-tests-${{ matrix.group }}
quarkus-unit-tests:
name: Quarkus UT
needs: build
timeout-minutes: 15
strategy:
matrix:
os: [ ubuntu-latest, windows-latest ]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
# We want to download Keycloak artifacts
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Run unit tests
run: |
./mvnw test -f quarkus/pom.xml -pl '!tests,!tests/junit5,!tests/integration,!dist'
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: quarkus-unit-tests
quarkus-integration-tests:
name: Quarkus IT
needs: build
timeout-minutes: 115
strategy:
matrix:
os: [ubuntu-latest, windows-latest]
server: [sanity-check-zip, zip, container, storage]
exclude:
- os: windows-latest
server: zip
- os: windows-latest
server: container
- os: windows-latest
server: storage
fail-fast: false
runs-on: ${{ matrix.os }}
env:
MAVEN_OPTS: -Xmx1024m
steps:
- uses: actions/checkout@v4
- id: unit-test-setup
name: Unit test setup
uses: ./.github/actions/unit-test-setup
# Not sure why, but needs to re-build otherwise there's some failures starting up
- name: Run Quarkus integration Tests
run: |
declare -A PARAMS
PARAMS["sanity-check-zip"]="-Dtest=StartCommandDistTest,StartDevCommandDistTest,BuildAndStartDistTest,ImportAtStartupDistTest"
PARAMS["zip"]=""
PARAMS["container"]="-Dkc.quarkus.tests.dist=docker"
PARAMS["storage"]="-Ptest-database -Dtest=PostgreSQLDistTest,MariaDBDistTest#testSuccessful,MySQLDistTest#testSuccessful,DatabaseOptionsDistTest,JPAStoreDistTest,HotRodStoreDistTest,MixedStoreDistTest,TransactionConfigurationDistTest,ExternalInfinispanTest"
./mvnw install -pl quarkus/tests/integration -am -DskipTests
./mvnw test -pl quarkus/tests/integration ${PARAMS["${{ matrix.server }}"]} 2>&1 | misc/log/trimmer.sh
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: quarkus-integration-tests-${{ matrix.os }}-${{ matrix.server }}
jdk-integration-tests:
name: Java Distribution IT
needs: build
timeout-minutes: 100
strategy:
matrix:
os: [ubuntu-latest, windows-latest]
dist: [temurin]
version: [19]
fail-fast: false
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
with:
jdk-dist: ${{ matrix.dist }}
jdk-version: ${{ matrix.version }}
- name: Prepare Quarkus distribution with current JDK
run: ./mvnw install -e -pl testsuite/integration-arquillian/servers/auth-server/quarkus
- name: Run base tests
run: |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh jdk`
echo "Tests: $TESTS"
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
- name: Build with JDK
run:
./mvnw install -e -DskipTests -DskipExamples
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- uses: ./.github/actions/upload-flaky-tests
name: Upload flaky tests
env:
GH_TOKEN: ${{ github.token }}
with:
job-name: Java Distribution IT
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: jdk-integration-tests-${{ matrix.os }}-${{ matrix.dist }}-${{ matrix.version }}
legacy-store-integration-tests:
name: Legacy Store IT
needs: [build, conditional]
if: needs.conditional.outputs.ci-store == 'true'
runs-on: ubuntu-latest
timeout-minutes: 75
strategy:
matrix:
db: [postgres, mysql, oracle, mssql, mariadb]
fail-fast: false
steps:
- uses: actions/checkout@v4
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Run base tests
run: |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh database`
echo "Tests: $TESTS"
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Pdb-${{ matrix.db }} -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- uses: ./.github/actions/upload-flaky-tests
name: Upload flaky tests
env:
GH_TOKEN: ${{ github.token }}
with:
job-name: Legacy Store IT
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: legacy-store-integration-tests-${{ matrix.db }}
store-model-tests:
name: Store Model Tests
runs-on: ubuntu-latest
needs: [build, conditional]
if: needs.conditional.outputs.ci-store == 'true'
timeout-minutes: 75
steps:
- uses: actions/checkout@v4
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Run model tests
run: testsuite/model/test-all-profiles.sh ${{ env.SUREFIRE_RETRY }}
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- uses: ./.github/actions/upload-flaky-tests
name: Upload flaky tests
env:
GH_TOKEN: ${{ github.token }}
with:
job-name: Store Model Tests
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: store-model-tests
clustering-integration-tests:
name: Legacy Clustering IT
needs: build
runs-on: ubuntu-latest
timeout-minutes: 35
env:
MAVEN_OPTS: -Xmx1024m
steps:
- uses: actions/checkout@v4
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Run cluster tests
run: |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-cluster-quarkus -Dsession.cache.owners=2 -Dtest=**.cluster.** -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- uses: ./.github/actions/upload-flaky-tests
name: Upload flaky tests
env:
GH_TOKEN: ${{ github.token }}
with:
job-name: Legacy Clustering IT
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: clustering-integration-tests
fips-unit-tests:
name: FIPS UT
runs-on: ubuntu-latest
needs: build
timeout-minutes: 20
steps:
- uses: actions/checkout@v4
- name: Fake fips
run: |
cd .github/fake_fips
make
sudo insmod fake_fips.ko
- id: unit-test-setup
name: Unit test setup
uses: ./.github/actions/unit-test-setup
- name: Run crypto tests
run: docker run --rm --workdir /github/workspace -v "${{ github.workspace }}":"/github/workspace" -v "$HOME/.m2":"/root/.m2" registry.access.redhat.com/ubi8/ubi:latest .github/scripts/run-fips-ut.sh
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: fips-unit-tests
fips-integration-tests:
name: FIPS IT
needs: build
runs-on: ubuntu-latest
timeout-minutes: 45
strategy:
matrix:
mode: [non-strict, strict]
fail-fast: false
steps:
- uses: actions/checkout@v4
- name: Fake fips
run: |
cd .github/fake_fips
make
sudo insmod fake_fips.ko
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
with:
jdk-version: 17
- name: Prepare Quarkus distribution with BCFIPS
run: ./mvnw install -e -pl testsuite/integration-arquillian/servers/auth-server/quarkus -Pauth-server-quarkus,auth-server-fips140-2
- name: Run base tests
run: docker run --rm --workdir /github/workspace -e "SUREFIRE_RERUN_FAILING_COUNT" -v "${{ github.workspace }}":"/github/workspace" -v "$HOME/.m2":"/root/.m2" registry.access.redhat.com/ubi8/ubi:latest .github/scripts/run-fips-it.sh ${{ matrix.mode }}
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- uses: ./.github/actions/upload-flaky-tests
name: Upload flaky tests
env:
GH_TOKEN: ${{ github.token }}
with:
job-name: FIPS IT
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: fips-integration-tests-${{ matrix.mode }}
account-console-integration-tests:
name: Account Console IT
runs-on: ubuntu-latest
needs: build
timeout-minutes: 75
strategy:
matrix:
browser: [chrome]
fail-fast: false
steps:
- uses: actions/checkout@v4
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Run Account Console IT
run: ./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=**.account2.**,!SigningInTest#passwordlessWebAuthnTest,!SigningInTest#twoFactorWebAuthnTest -Dbrowser=${{ matrix.browser }} "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" -f testsuite/integration-arquillian/tests/other/base-ui/pom.xml 2>&1 | misc/log/trimmer.sh
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- uses: ./.github/actions/upload-flaky-tests
name: Upload flaky tests
env:
GH_TOKEN: ${{ github.token }}
with:
job-name: Account Console IT
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: account-console-integration-tests-${{ matrix.browser }}
forms-integration-tests:
name: Forms IT
runs-on: ubuntu-latest
needs: build
timeout-minutes: 75
strategy:
matrix:
browser: [chrome, firefox]
fail-fast: false
steps:
- uses: actions/checkout@v4
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Run Forms IT
run: |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh forms`
echo "Tests: $TESTS"
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -Dbrowser=${{ matrix.browser }} "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" "-Dwebdriver.gecko.driver=$GECKOWEBDRIVER/geckodriver" -f testsuite/integration-arquillian/tests/base/pom.xml 2>&1 | misc/log/trimmer.sh
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- uses: ./.github/actions/upload-flaky-tests
name: Upload flaky tests
env:
GH_TOKEN: ${{ github.token }}
with:
job-name: Forms IT
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: forms-integration-tests-${{ matrix.browser }}
webauthn-integration-tests:
name: WebAuthn IT
runs-on: ubuntu-latest
needs: build
timeout-minutes: 45
strategy:
matrix:
browser:
- chrome
# - firefox disabled until https://github.com/keycloak/keycloak/issues/20777 is resolved
fail-fast: false
steps:
- uses: actions/checkout@v4
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
# Don't use Chrome for testing (just regular Chrome) until https://github.com/keycloak/keycloak/issues/22214 is resolved
#- id: install-chrome
# name: Install Chrome browser
# uses: ./.github/actions/install-chrome
# if: matrix.browser == 'chrome'
- name: Run WebAuthn IT
run: ./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=org.keycloak.testsuite.webauthn.**.*Test -Dbrowser=${{ matrix.browser }} "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" "-Dwebdriver.gecko.driver=$GECKOWEBDRIVER/geckodriver" -Pwebauthn -f testsuite/integration-arquillian/tests/other/pom.xml 2>&1 | misc/log/trimmer.sh
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- uses: ./.github/actions/upload-flaky-tests
name: Upload flaky tests
env:
GH_TOKEN: ${{ github.token }}
with:
job-name: WebAuthn IT
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: webauthn-integration-tests-${{ matrix.browser }}
sssd-unit-tests:
name: SSSD
runs-on: ubuntu-latest
if: needs.conditional.outputs.ci-sssd == 'true'
needs:
- conditional
- build
timeout-minutes: 30
steps:
- name: checkout
uses: actions/checkout@v4
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- id: weekly-cache-key
name: Key for weekly rotation of cache
shell: bash
run: echo "key=ipa-data-`date -u "+%Y-%U"`" >> $GITHUB_OUTPUT
- id: cache-maven-repository
name: ipa-data cache
uses: actions/cache@v3
with:
path: ~/ipa-data.tar
key: ${{ steps.weekly-cache-key.outputs.key }}
- name: Run tests
run: .github/scripts/run-ipa.sh "${{ github.workspace }}"
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: sssd-unit-tests
migration-tests:
name: Migration Tests
runs-on: ubuntu-latest
needs: build
timeout-minutes: 45
strategy:
matrix:
old-version: [19.0.3]
database: [postgres, mysql, oracle, mssql, mariadb]
fail-fast: false
steps:
- uses: actions/checkout@v4
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Run Migration Tests
run: |
./mvnw clean install ${{ env.SUREFIRE_RETRY }} \
-Pauth-server-quarkus -Pdb-${{ matrix.database }} -Pauth-server-migration \
-Dtest=MigrationTest \
-Dmigration.mode=auto \
-Dmigrated.auth.server.version=${{ matrix.old-version }} \
-Dmigration.import.file.name=migration-realm-${{ matrix.old-version }}.json \
-Dauth.server.ssl.required=false \
-Dauth.server.db.host=localhost \
-f testsuite/integration-arquillian/pom.xml 2>&1 | misc/log/trimmer.sh
- name: Upload JVM Heapdumps
if: always()
uses: ./.github/actions/upload-heapdumps
- uses: ./.github/actions/upload-flaky-tests
name: Upload flaky tests
env:
GH_TOKEN: ${{ github.token }}
with:
job-name: Migration Tests
- name: Surefire reports
if: always()
uses: ./.github/actions/archive-surefire-reports
with:
job-id: migration-tests-${{ matrix.old-version }}-${{ matrix.database }}
check:
name: Status Check - Keycloak CI
if: always()
needs:
- conditional
- unit-tests
- base-integration-tests
- quarkus-unit-tests
- quarkus-integration-tests
- jdk-integration-tests
- legacy-store-integration-tests
- store-model-tests
- clustering-integration-tests
- fips-unit-tests
- fips-integration-tests
- account-console-integration-tests
- forms-integration-tests
- webauthn-integration-tests
- sssd-unit-tests
- migration-tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/status-check
with:
jobs: ${{ toJSON(needs) }}