From 755fd78fa0ee0f2a67417a119382c63e02c1091e Mon Sep 17 00:00:00 2001 From: Alexandre Rocha Wendling <alexandrerw@celepar.pr.gov.br> Date: Tue, 16 Jul 2024 14:15:23 +0000 Subject: [PATCH] Proxy ticket service and proxy ticket validation Proxy endpoints improvements suggested by Jacek Kowalski Add ticket type to storage key Rename isreuse to isReusable Remove "parsing" of "codeUUID" that is String, not UUID Improve error reporting in CAS ticket validation --- .github/workflows/release.yml | 111 +++++++++++++++++++++++++------------------------------ 1 files changed, 50 insertions(+), 61 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6a6c638..8163160 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,6 +5,8 @@ name: Release +permissions: {} + jobs: build: name: Build @@ -12,34 +14,37 @@ steps: - id: checkout name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v3 - - name: Install Java and Maven - uses: actions/setup-java@v1 + - id: java + name: Install Java and Maven + uses: actions/setup-java@v3 with: - java-version: 8 + distribution: zulu + java-version: 17 - id: vars name: Get project variables run: | - echo -n "::set-output name=keycloakVersion::" - mvn -q help:evaluate -Dexpression=keycloak.version -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z.-]+$' - echo -n "::set-output name=artifactId::" - mvn -q help:evaluate -Dexpression=project.artifactId -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z.-]+$' - echo -n "::set-output name=projectName::" - mvn -q help:evaluate -Dexpression=project.name -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z :,.-]+$' - echo -n "::set-output name=projectVersion::" - mvn -q help:evaluate -Dexpression=project.version -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z.-]+$' + echo -n "keycloakVersion=" >> $GITHUB_OUTPUT + mvn -q help:evaluate -Dexpression=keycloak.version -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z.-]+$' >> $GITHUB_OUTPUT + echo -n "artifactId=" >> $GITHUB_OUTPUT + mvn -q help:evaluate -Dexpression=project.artifactId -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z.-]+$' >> $GITHUB_OUTPUT + echo -n "projectName=" >> $GITHUB_OUTPUT + mvn -q help:evaluate -Dexpression=project.name -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z :,.-]+$' >> $GITHUB_OUTPUT + echo -n "projectVersion=" >> $GITHUB_OUTPUT + mvn -q help:evaluate -Dexpression=project.version -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z.-]+$' >> $GITHUB_OUTPUT - name: Build project run: | mvn -B test package - name: Upload artifact - uses: actions/upload-artifact@v1 + uses: actions/upload-artifact@v3 with: name: jar path: target/${{ steps.vars.outputs.artifactId }}-${{ steps.vars.outputs.projectVersion }}.jar + if-no-files-found: error outputs: artifact_id: ${{ steps.vars.outputs.artifactId }} @@ -51,54 +56,49 @@ name: Test runs-on: ubuntu-latest needs: build - services: - keycloak: - image: quay.io/keycloak/keycloak:${{ needs.build.outputs.keycloak_version }} - env: - KEYCLOAK_USER: admin - KEYCLOAK_PASSWORD: admin - ports: - - 8080:8080 - volumes: - - '${{ github.workspace }}:/workspace' steps: - id: checkout name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v3 - id: download_artifact name: Download artifact - uses: actions/download-artifact@v1 + uses: actions/download-artifact@v3 with: name: jar + + - id: create_container + name: Create Keycloak container + run: | + docker run -i -t -d -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin -p 8080:8080 --name keycloak "quay.io/keycloak/keycloak:${{ needs.build.outputs.keycloak_version }}" start-dev - id: deploy name: Deploy artifact run: | - CONTAINER="${{ job.services.keycloak.id }}" + CONTAINER="keycloak" NAME="${{ needs.build.outputs.artifact_id }}-${{ needs.build.outputs.project_version }}.jar" - FILE="/opt/jboss/keycloak/standalone/deployments/${NAME}" - docker cp "jar/${NAME}" "${CONTAINER}:/tmp/" - docker exec -i "${CONTAINER}" /bin/bash <<EOF - cp "/tmp/${NAME}" "${FILE}" - for i in {1..60}; do - echo -n . - [ -f "${FILE}.deployed" ] && echo && echo "Deployment succeeded!" && exit 0 - [ -f "${FILE}.failed" ] && echo && echo "Deployment failed!" && exit 1 - sleep 1 - done - echo && echo "Deployment timeout!" && exit 1 - EOF + FILE="/opt/keycloak/providers/${NAME}" + docker cp "${NAME}" "${CONTAINER}:${FILE}" + docker restart "${CONTAINER}" + for i in {1..60}; do + if curl --silent --max-time 1 -o /dev/null http://localhost:8080; then + echo && echo "Deployment succeeded!" && exit 0 + else + sleep 1 + echo -n "." + fi + done + echo && echo "Deployment timeout!" && exit 1 - id: configure_keycloak name: Configure Keycloak run: | - CONTAINER="${{ job.services.keycloak.id }}" + CONTAINER="keycloak" docker exec -i "${CONTAINER}" /bin/bash <<EOF - /opt/jboss/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin --password admin - /opt/jboss/keycloak/bin/kcadm.sh create clients -r master -s clientId=test -s protocol=cas -s enabled=true -s publicClient=true \ + /opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin --password admin + /opt/keycloak/bin/kcadm.sh create clients -r master -s clientId=test -s protocol=cas -s enabled=true -s publicClient=true \ -s 'redirectUris=["http://localhost/*"]' -s baseUrl=http://localhost -s adminUrl=http://localhost - /opt/jboss/keycloak/bin/kcadm.sh get serverinfo -r master --fields "providers(login-protocol(providers(cas)))" | grep cas + /opt/keycloak/bin/kcadm.sh get serverinfo -r master --fields "providers(login-protocol(providers(cas)))" | grep cas EOF - id: run_tests @@ -110,31 +110,20 @@ name: Release runs-on: ubuntu-latest needs: [build, test] + permissions: + contents: write steps: - id: download_artifact name: Download artifact - uses: actions/download-artifact@v1 + uses: actions/download-artifact@v3 with: name: jar - id: create_release name: Create release - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + uses: softprops/action-gh-release@v1 with: - tag_name: ${{ github.ref }} - release_name: ${{ needs.build.outputs.project_name }} ${{ needs.build.outputs.project_version }} - draft: false - prerelease: false - - - id: upload_release - name: Upload release artifact - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: jar/${{ needs.build.outputs.artifact_id }}-${{ needs.build.outputs.project_version }}.jar - asset_name: ${{ needs.build.outputs.artifact_id }}-${{ needs.build.outputs.project_version }}.jar - asset_content_type: application/java-archive + name: ${{ needs.build.outputs.project_name }} ${{ needs.build.outputs.project_version }} + files: ${{ needs.build.outputs.artifact_id }}-${{ needs.build.outputs.project_version }}.jar + fail_on_unmatched_files: true + generate_release_notes: true -- Gitblit v1.9.1