keycloak/.github/workflows/stability-js-ci.yml

name: Stability - Keycloak JavaScript CI

on:
  workflow_dispatch:

env:
  MAVEN_ARGS: "-B -nsu -Daether.connector.http.connectionMaxTtl=25"

defaults:
  run:
    shell: bash

permissions:
  contents: read

jobs:
  build-keycloak:
    name: Build Keycloak
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Build Keycloak
        uses: ./.github/actions/build-keycloak

      - name: Prepare archive for upload
        run: |
          mv ./quarkus/dist/target/keycloak-999.0.0-SNAPSHOT.tar.gz ./keycloak-999.0.0-SNAPSHOT.tar.gz

      - name: Upload Keycloak dist
        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: keycloak
          path: keycloak-999.0.0-SNAPSHOT.tar.gz

  account-ui-e2e:
    name: Account UI E2E
    needs:
      - build-keycloak
    runs-on: ubuntu-latest
    env:
      WORKSPACE: "@keycloak/keycloak-account-ui"
    strategy:
      matrix:
        browser: [chromium, firefox]
        exclude:
          # Only test with Firefox on scheduled runs
          - browser: ${{ github.event_name != 'workflow_dispatch' && 'firefox' || '' }}
      fail-fast: false
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - uses: ./.github/actions/pnpm-setup

      - name: Download Keycloak server
        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
        with:
          name: keycloak

      - name: Setup Java
        uses: ./.github/actions/java-setup

      - name: Start Keycloak server
        run: |
          tar xfvz keycloak-999.0.0-SNAPSHOT.tar.gz
          keycloak-999.0.0-SNAPSHOT/bin/kc.sh start-dev --features=transient-users,oid4vc-vci &> ~/server.log &
        env:
          KC_BOOTSTRAP_ADMIN_USERNAME: admin
          KC_BOOTSTRAP_ADMIN_PASSWORD: admin

      - name: Install Playwright browsers
        run: pnpm --fail-if-no-match --filter ${{ env.WORKSPACE }} exec playwright install --with-deps
        working-directory: js

      - name: Run Playwright tests
        run: pnpm --fail-if-no-match --filter ${{ env.WORKSPACE }} test -- --project=${{ matrix.browser }}
        working-directory: js

      - name: Upload Playwright report
        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        if: failure()
        with:
          name: account-ui-playwright-report-${{ matrix.browser }}
          path: js/apps/account-ui/playwright-report
          retention-days: 7

      - name: Upload server logs
        if: failure()
        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: account-ui-server-log-${{ matrix.browser }}
          path: ~/server.log
          retention-days: 7

  admin-ui-e2e:
    name: Admin UI E2E
    needs:
      - build-keycloak
    runs-on: ubuntu-latest
    env:
      WORKSPACE: "@keycloak/keycloak-admin-ui"
    strategy:
      matrix:
        browser: [chromium, firefox]
        exclude:
          # Only test with Firefox on scheduled runs
          - browser: ${{ github.event_name != 'workflow_dispatch' && 'firefox' || '' }}
      fail-fast: false
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - uses: ./.github/actions/pnpm-setup

      - name: Download Keycloak server
        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
        with:
          name: keycloak

      - name: Setup Java
        uses: ./.github/actions/java-setup

      - name: Start Keycloak server
        run: |
          tar xfvz keycloak-999.0.0-SNAPSHOT.tar.gz
          keycloak-999.0.0-SNAPSHOT/bin/kc.sh start-dev --features=admin-fine-grained-authz:v2,transient-users,spiffe,oid4vc-vci &> ~/server.log &
        env:
          KC_BOOTSTRAP_ADMIN_USERNAME: admin
          KC_BOOTSTRAP_ADMIN_PASSWORD: admin
          KC_BOOTSTRAP_ADMIN_CLIENT_ID: temporary-admin-service
          KC_BOOTSTRAP_ADMIN_CLIENT_SECRET: temporary-admin-service

      - name: Install Playwright browsers
        run: pnpm --fail-if-no-match --filter ${{ env.WORKSPACE }} exec playwright install --with-deps
        working-directory: js

      - name: Run Playwright tests
        run: pnpm --fail-if-no-match --filter ${{ env.WORKSPACE }} test:integration -- --project=${{ matrix.browser }}
        working-directory: js

      - name: Upload Playwright report
        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        if: failure()
        with:
          name: admin-ui-playwright-report-${{ matrix.browser }}
          path: js/apps/admin-ui/playwright-report
          retention-days: 7

      - name: Upload server logs
        if: failure()
        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: admin-ui-server-log-${{ matrix.browser }}
          path: ~/server.log
          retention-days: 7

  delete-artifacts:
    name: Delete artifacts
    needs:
      - account-ui-e2e
      - admin-ui-e2e
    runs-on: ubuntu-latest
    if: always()
    env:
      GH_TOKEN: ${{ github.token }}
    permissions:
      actions: write
    steps:
      - name: Delete artifacts (excluding Playwright reports and server logs)
        run: |
          gh api /repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/artifacts \
          | jq '.artifacts[] | select(.name | test("playwright-report|server-log") | not) | .id' \
          | xargs -I {} gh api -X DELETE /repos/${{ github.repository }}/actions/artifacts/{}