Bugfix/66602 keycloak access token is not refreshing properly #999
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test Docker Stack | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
jobs: | |
docker: | |
timeout-minutes: 20 | |
runs-on: ubuntu-24.04 | |
env: | |
# Overwrite dev.env to use http | |
PROXY_DEFAULT_ENTRYPOINTS: web | |
PROXY_DEFAULT_SCHEME: http | |
# Overwrite Addresses in dev.env | |
FRONTEND_ADDRESS: werkstatthub.docker.localhost | |
DOCS_ADDRESS: docs.werkstatthub.docker.localhost | |
KEYCLOAK_ADDRESS: keycloak.werkstatthub.docker.localhost | |
API_ADDRESS: api.werkstatthub.docker.localhost | |
DOCS_BUILD_WITH_PDF: 0 | |
COMPOSE_PROFILES: full | |
steps: | |
# Setup environment | |
- name: Checkout | |
uses: actions/checkout@v1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to GitHub Container Registry | |
if: ${{ !env.ACT }} | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{github.actor}} | |
password: ${{secrets.GITHUB_TOKEN}} | |
- name: Install Python Development package (only ACT) | |
if: ${{ env.ACT }} | |
run: sudo apt-get update && sudo apt-get install python3-dev -y | |
- name: Setup python venv | |
run: python3 -m venv .venv | |
- name: Install python dependecies | |
run: | | |
source .venv/bin/activate | |
pip3 install -r requirements.txt | |
deactivate | |
# Tag Containers | |
- name: Build containers and save cache (only on main) | |
if: ${{ github.ref_name == 'main' && github.ref_type == 'branch'}} | |
run: | | |
docker compose \ | |
--env-file=dev.env \ | |
-f docker-compose.yml \ | |
-f cache-from-override.yml \ | |
-f cache-to-override.yml \ | |
build | |
- name: Build containers (other than main) | |
if: ${{ github.ref_name != 'main' && github.ref_type == 'branch'}} | |
run: | | |
docker compose \ | |
--env-file=dev.env \ | |
-f docker-compose.yml \ | |
-f cache-from-override.yml \ | |
build | |
# Start Containers | |
- name: Start containers and wait for healthy state | |
run: | | |
docker compose \ | |
--env-file=dev.env \ | |
-f docker-compose.yml \ | |
-f cache-from-override.yml \ | |
up -d --wait | |
# Wait for Traefik to generate routes | |
- name: Proxy setup delay | |
run: sleep 10s | |
# Test API | |
- name: Check if API is healthy | |
run: | | |
curl -fs -o /dev/null -w 'http_code:%{http_code}' \ | |
$PROXY_DEFAULT_SCHEME://$API_ADDRESS/v1/health/ping \ | |
|| exit 1 | |
- name: Check for strict-transport-security header | |
run: | | |
curl -sIX GET $PROXY_DEFAULT_SCHEME://$API_ADDRESS/v1/health/ping \ | |
| grep -iq "strict-transport-security" \ | |
|| exit 1 | |
- name: Run pytest | |
run: | | |
source .venv/bin/activate | |
pytest ./api | |
deactivate | |
# Test documentation | |
- name: Check if documentation is reachable | |
run: | | |
curl -fs -o /dev/null -w 'http_code:%{http_code}' \ | |
$PROXY_DEFAULT_SCHEME://$DOCS_ADDRESS \ | |
|| exit 1 | |
# Test MongoDB | |
- name: Check if MongoDB is reachable | |
run: | | |
curl -fs -o /dev/null -w 'http_code:%{http_code}' \ | |
http://localhost:27017 \ | |
|| exit 1 | |
# Test Nautilus | |
- name: Check if Nautilus is reachable | |
run: | | |
curl -fs -o /dev/null -w 'http_code:%{http_code}' \ | |
http://localhost:3000/health \ | |
|| exit 1 | |
# Test Keycloak | |
- name: Check if Keycloak is healthy | |
run: | | |
curl -fs -o /dev/null -w 'http_code:%{http_code}' \ | |
$PROXY_DEFAULT_SCHEME://$KEYCLOAK_ADDRESS/health/live \ | |
|| exit 1 | |
# Test Frontend | |
- name: Check if Frontend is reachable | |
run: | | |
curl -fs -o /dev/null -w 'http_code:%{http_code}' \ | |
$PROXY_DEFAULT_SCHEME://$FRONTEND_ADDRESS \ | |
|| exit 1 | |
# Clean up | |
- name: Stop containers | |
if: always() | |
run: docker compose --env-file=dev.env down -v |