feat: support android webauthn origins #4909
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- master | |
tags: | |
- "*" | |
pull_request: | |
# Cancel in-progress runs in current workflow. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
sdk-generate: | |
name: Generate SDKs | |
runs-on: ubuntu-latest | |
steps: | |
- uses: ory/ci/sdk/generate@master | |
with: | |
token: ${{ secrets.ORY_BOT_PAT }} | |
test: | |
name: Run tests and lints | |
runs-on: ubuntu-latest | |
needs: | |
- sdk-generate | |
services: | |
postgres: | |
image: postgres:14 | |
env: | |
POSTGRES_DB: postgres | |
POSTGRES_PASSWORD: test | |
POSTGRES_USER: test | |
ports: | |
- 5432:5432 | |
mysql: | |
image: mysql:8.0 | |
env: | |
MYSQL_ROOT_PASSWORD: test | |
ports: | |
- 3306:3306 | |
env: | |
TEST_MAILHOG_SMTP: "smtp://test:test@127.0.0.1:1025/?disable_starttls=true" | |
TEST_MAILHOG_API: http://127.0.0.1:8025 | |
TEST_SELFSERVICE_OIDC_HYDRA_ADMIN: http://localhost:4445 | |
TEST_SELFSERVICE_OIDC_HYDRA_PUBLIC: http://localhost:4444 | |
TEST_SELFSERVICE_OIDC_HYDRA_INTEGRATION_ADDR: http://127.0.0.1:4499 | |
TEST_DATABASE_POSTGRESQL: "postgres://test:test@localhost:5432/postgres?sslmode=disable" | |
TEST_DATABASE_MYSQL: "mysql://root:test@(localhost:3306)/mysql?parseTime=true&multiStatements=true" | |
TEST_DATABASE_COCKROACHDB: "cockroach://root@localhost:26257/defaultdb?sslmode=disable" | |
steps: | |
- run: | | |
docker create --name cockroach -p 26257:26257 \ | |
cockroachdb/cockroach:v22.2.6 start-single-node --insecure | |
docker start cockroach | |
name: Start CockroachDB | |
- run: | | |
docker create --name mailhog -p 8025:8025 -p 1025:1025 \ | |
mailhog/mailhog:v1.0.0 \ | |
MailHog -invite-jim -jim-linkspeed-affect=0.25 -jim-reject-auth=0.25 -jim-reject-recipient=0.25 -jim-reject-sender=0.25 -jim-disconnect=0.25 -jim-linkspeed-min=1250 -jim-linkspeed-max=12500 | |
docker start mailhog | |
name: Start MailHog | |
- run: | | |
docker create --name hydra -p 4445:4445 -p 4444:4444 \ | |
-e DSN=memory \ | |
-e URLS_SELF_ISSUER=http://localhost:4444/ \ | |
-e URLS_LOGIN=http://localhost:4499/login \ | |
-e URLS_CONSENT=http://localhost:4499/consent \ | |
-e LOG_LEAK_SENSITIVE_VALUES=true \ | |
-e SECRETS_SYSTEM=someverylongsecretthatis32byteslong \ | |
oryd/hydra:v2.2.0@sha256:6c0f9195fe04ae16b095417b323881f8c9008837361160502e11587663b37c09 serve all --dev | |
docker start hydra | |
docker logs -f hydra &> /tmp/hydra.log & | |
name: Start Hydra | |
- uses: ory/ci/checkout@master | |
with: | |
fetch-depth: 2 | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: "1.23" | |
- run: go list -json > go.list | |
- name: Run nancy | |
uses: sonatype-nexus-community/nancy-github-action@v1.0.2 | |
with: | |
nancyVersion: v1.0.42 | |
- run: npm install | |
name: Install node deps | |
- name: Run golangci-lint | |
uses: golangci/golangci-lint-action@v6 | |
env: | |
GOGC: 100 | |
with: | |
args: --timeout 10m0s | |
version: v1.61.0 | |
- name: Build Kratos | |
run: make install | |
- name: Run go-acc (tests) | |
run: make test-coverage | |
- name: Submit to Codecov | |
run: | | |
bash <(curl -s https://codecov.io/bash) | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
test-e2e: | |
name: Run end-to-end tests | |
runs-on: ubuntu-latest | |
needs: | |
- sdk-generate | |
services: | |
postgres: | |
image: postgres:14 | |
env: | |
POSTGRES_DB: postgres | |
POSTGRES_PASSWORD: test | |
POSTGRES_USER: test | |
ports: | |
- 5432:5432 | |
mysql: | |
image: mysql:8.0 | |
env: | |
MYSQL_ROOT_PASSWORD: test | |
ports: | |
- 3306:3306 | |
mailslurper: | |
image: oryd/mailslurper:latest-smtps | |
ports: | |
- 4436:4436 | |
- 4437:4437 | |
- 1025:1025 | |
env: | |
TEST_DATABASE_POSTGRESQL: "postgres://test:test@localhost:5432/postgres?sslmode=disable" | |
TEST_DATABASE_MYSQL: "mysql://root:test@(localhost:3306)/mysql?parseTime=true&multiStatements=true" | |
TEST_DATABASE_COCKROACHDB: "cockroach://root@localhost:26257/defaultdb?sslmode=disable" | |
strategy: | |
fail-fast: false | |
matrix: | |
database: ["postgres", "cockroach", "sqlite", "mysql"] | |
steps: | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 16 | |
- run: | | |
docker create --name cockroach -p 26257:26257 \ | |
cockroachdb/cockroach:v22.2.6 start-single-node --insecure | |
docker start cockroach | |
name: Start CockroachDB | |
- uses: browser-actions/setup-chrome@latest | |
name: Install Chrome | |
# - uses: browser-actions/setup-firefox@latest | |
# name: Install Firefox | |
# - uses: browser-actions/setup-geckodriver@latest | |
# name: Install Geckodriver | |
# with: | |
# geckodriver-version: 0.32.0 | |
- uses: ory/ci/checkout@master | |
with: | |
fetch-depth: 2 | |
- run: | | |
npm ci | |
cd test/e2e; npm ci | |
npm i -g expo-cli | |
name: Install node deps | |
- run: | | |
sudo apt-get install -y moreutils gettext | |
name: Install tools | |
- name: Setup Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: "1.23" | |
- name: Install selfservice-ui-react-native | |
uses: actions/checkout@v3 | |
with: | |
repository: ory/kratos-selfservice-ui-react-native | |
path: react-native-ui | |
- run: | | |
cd react-native-ui | |
npm install | |
- name: Install selfservice-ui-node | |
uses: actions/checkout@v3 | |
with: | |
repository: ory/kratos-selfservice-ui-node | |
path: node-ui | |
- run: | | |
cd node-ui | |
npm install --legacy-peer-deps | |
- name: Install selfservice-ui-react-nextjs | |
uses: actions/checkout@v3 | |
with: | |
repository: ory/kratos-selfservice-ui-react-nextjs | |
path: react-ui | |
- run: | | |
cd react-ui | |
npm ci | |
- run: | | |
echo 'RN_UI_PATH='"$(realpath react-native-ui)" >> $GITHUB_ENV | |
echo 'NODE_UI_PATH='"$(realpath node-ui)" >> $GITHUB_ENV | |
echo 'REACT_UI_PATH='"$(realpath react-ui)" >> $GITHUB_ENV | |
- name: "Run Cypress tests" | |
run: ./test/e2e/run.sh ${{ matrix.database }} | |
env: | |
RN_UI_PATH: react-native-ui | |
NODE_UI_PATH: node-ui | |
REACT_UI_PATH: react-ui | |
CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }} | |
- if: failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: cypress-${{ matrix.database }}-logs | |
path: test/e2e/*.e2e.log | |
test-e2e-playwright: | |
name: Run Playwright end-to-end tests | |
runs-on: ubuntu-latest | |
needs: | |
- sdk-generate | |
services: | |
postgres: | |
image: postgres:14 | |
env: | |
POSTGRES_DB: postgres | |
POSTGRES_PASSWORD: test | |
POSTGRES_USER: test | |
ports: | |
- 5432:5432 | |
mysql: | |
image: mysql:8.0 | |
env: | |
MYSQL_ROOT_PASSWORD: test | |
ports: | |
- 3306:3306 | |
mailslurper: | |
image: oryd/mailslurper:latest-smtps | |
ports: | |
- 4436:4436 | |
- 4437:4437 | |
- 1025:1025 | |
env: | |
TEST_DATABASE_POSTGRESQL: "postgres://test:test@localhost:5432/postgres?sslmode=disable" | |
TEST_DATABASE_MYSQL: "mysql://root:test@(localhost:3306)/mysql?parseTime=true&multiStatements=true" | |
TEST_DATABASE_COCKROACHDB: "cockroach://root@localhost:26257/defaultdb?sslmode=disable" | |
strategy: | |
fail-fast: false | |
matrix: | |
database: ["postgres", "cockroach", "sqlite", "mysql"] | |
steps: | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 16 | |
- run: | | |
docker create --name cockroach -p 26257:26257 \ | |
cockroachdb/cockroach:v22.2.6 start-single-node --insecure | |
docker start cockroach | |
name: Start CockroachDB | |
- uses: ory/ci/checkout@master | |
with: | |
fetch-depth: 2 | |
- run: | | |
npm ci | |
cd test/e2e; npm ci | |
npx playwright install --with-deps | |
npm i -g expo-cli | |
name: Install node deps | |
- run: | | |
sudo apt-get install -y moreutils gettext | |
name: Install tools | |
- name: Setup Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: "1.23" | |
- run: go build -tags sqlite,json1 . | |
- name: Install selfservice-ui-react-native | |
uses: actions/checkout@v3 | |
with: | |
repository: ory/kratos-selfservice-ui-react-native | |
path: react-native-ui | |
- run: | | |
cd react-native-ui | |
npm install | |
- name: Install selfservice-ui-node | |
uses: actions/checkout@v3 | |
with: | |
repository: ory/kratos-selfservice-ui-node | |
path: node-ui | |
- run: | | |
cd node-ui | |
npm install --legacy-peer-deps | |
- name: Install selfservice-ui-react-nextjs | |
uses: actions/checkout@v3 | |
with: | |
repository: ory/kratos-selfservice-ui-react-nextjs | |
path: react-ui | |
- run: | | |
cd react-ui | |
npm ci | |
- run: | | |
echo 'RN_UI_PATH='"$(realpath react-native-ui)" >> $GITHUB_ENV | |
echo 'NODE_UI_PATH='"$(realpath node-ui)" >> $GITHUB_ENV | |
echo 'REACT_UI_PATH='"$(realpath react-ui)" >> $GITHUB_ENV | |
- name: "Set up environment" | |
run: test/e2e/run.sh --only-setup | |
- name: "Run Playwright tests" | |
run: | | |
cd test/e2e | |
npm run playwright | |
env: | |
DB: ${{ matrix.database }} | |
RN_UI_PATH: react-native-ui | |
NODE_UI_PATH: node-ui | |
REACT_UI_PATH: react-ui | |
- if: failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: playwright-${{ matrix.database }}-logs | |
path: test/e2e/*.e2e.log | |
- if: failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: playwright-test-results-${{ matrix.database }}-${{ github.sha }} | |
path: | | |
test/e2e/test-results/ | |
test/e2e/playwright-report/ | |
docs-cli: | |
runs-on: ubuntu-latest | |
name: Build CLI docs | |
needs: | |
- test | |
steps: | |
- uses: ory/ci/docs/cli-next@master | |
with: | |
token: ${{ secrets.ORY_BOT_PAT }} | |
arg: "." | |
output-dir: docs/kratos | |
changelog: | |
name: Generate changelog | |
runs-on: ubuntu-latest | |
if: ${{ github.ref_type == 'tag' || github.ref_name == 'master' }} | |
needs: | |
- test | |
- test-e2e | |
steps: | |
- uses: ory/ci/changelog@master | |
with: | |
token: ${{ secrets.ORY_BOT_PAT }} | |
sdk-release: | |
name: Release SDKs | |
runs-on: ubuntu-latest | |
if: ${{ github.ref_type == 'tag' }} | |
needs: | |
- test | |
- test-e2e | |
- sdk-generate | |
- release | |
steps: | |
- uses: ory/ci/sdk/release@master | |
with: | |
token: ${{ secrets.ORY_BOT_PAT }} | |
swag-spec-location: "spec/api.json" | |
release: | |
name: Generate release | |
runs-on: ubuntu-latest | |
if: ${{ github.ref_type == 'tag' }} | |
needs: | |
- test | |
- test-e2e | |
- changelog | |
steps: | |
- uses: ory/ci/releaser@master | |
with: | |
token: ${{ secrets.ORY_BOT_PAT }} | |
goreleaser_key: ${{ secrets.GORELEASER_KEY }} | |
cosign_pwd: ${{ secrets.COSIGN_PWD }} | |
docker_username: ${{ secrets.DOCKERHUB_USERNAME }} | |
docker_password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
render-version-schema: | |
name: Render version schema | |
runs-on: ubuntu-latest | |
if: ${{ github.ref_type == 'tag' }} | |
needs: | |
- release | |
steps: | |
- uses: ory/ci/releaser/render-version-schema@master | |
with: | |
token: ${{ secrets.ORY_BOT_PAT }} | |
schema-path: .schemastore/config.schema.json | |
newsletter-draft: | |
name: Draft newsletter | |
runs-on: ubuntu-latest | |
if: ${{ github.ref_type == 'tag' }} | |
needs: | |
- release | |
steps: | |
- uses: ory/ci/newsletter@master | |
with: | |
mailchimp_list_id: f605a41b53 | |
mailchmip_segment_id: 6479477 | |
mailchimp_api_key: ${{ secrets.MAILCHIMP_API_KEY }} | |
draft: "true" | |
ssh_key: ${{ secrets.ORY_BOT_SSH_KEY }} | |
slack-approval-notification: | |
name: Pending approval Slack notification | |
runs-on: ubuntu-latest | |
if: ${{ github.ref_type == 'tag' }} | |
needs: | |
- newsletter-draft | |
steps: | |
- uses: ory/ci/newsletter/slack-notify@master | |
with: | |
slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} | |
newsletter-send: | |
name: Send newsletter | |
runs-on: ubuntu-latest | |
needs: | |
- newsletter-draft | |
if: ${{ github.ref_type == 'tag' }} | |
environment: production | |
steps: | |
- uses: ory/ci/newsletter@master | |
with: | |
mailchimp_list_id: f605a41b53 | |
mailchmip_segment_id: 6479477 | |
mailchimp_api_key: ${{ secrets.MAILCHIMP_API_KEY }} | |
draft: "false" | |
ssh_key: ${{ secrets.ORY_BOT_SSH_KEY }} |