fix: OIDC photos and SCIM pictures are absolute URLs #144
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # The runners use ubuntu-22.04, because ubuntu-24.04 on GHA does not have this fix yet: | |
| # https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2079019 | |
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - '*.*.*' | |
| tags: | |
| - '*.*.*' | |
| pull_request: | |
| branches: | |
| - main | |
| - '*.*.*' | |
| jobs: | |
| # ============================================================ | |
| # TESTS | |
| # ============================================================ | |
| tests-latest: | |
| name: py3.14 unit tests | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v3 | |
| with: | |
| enable-cache: true | |
| - name: Install Python 3.14 | |
| run: uv python install 3.14 | |
| - name: Install apt dependencies | |
| run: | | |
| sudo apt update | |
| sudo DEBIAN_FRONTEND=noninteractive apt --yes --quiet install apparmor-utils libsasl2-dev python3-dev libldap2-dev libssl-dev slapd ldap-utils | |
| - name: App armor configuration for slapd | |
| if: ${{ !env.ACT }} | |
| run: sudo aa-complain /usr/sbin/slapd | |
| - name: Run tests | |
| env: | |
| FORCE_COLOR: "1" | |
| run: | | |
| # python tzinfo fails on 'act' without this | |
| ulimit -n 1024 | |
| export TZ=UTC | |
| uv sync --all-extras | |
| uv run pytest --numprocesses auto | |
| tests: | |
| name: py${{ matrix.python }} unit tests | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python: | |
| - '3.13' | |
| - '3.12' | |
| - '3.11' | |
| - '3.10' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v3 | |
| with: | |
| enable-cache: true | |
| - name: Install Python ${{ matrix.python }} | |
| run: uv python install ${{ matrix.python }} | |
| - name: Install apt dependencies | |
| run: | | |
| sudo apt update | |
| sudo DEBIAN_FRONTEND=noninteractive apt --yes --quiet install apparmor-utils libsasl2-dev python3-dev libldap2-dev libssl-dev slapd ldap-utils | |
| - name: App armor configuration for slapd | |
| if: ${{ !env.ACT }} | |
| run: sudo aa-complain /usr/sbin/slapd | |
| - name: Run tests | |
| env: | |
| FORCE_COLOR: "1" | |
| run: | | |
| # python tzinfo fails on 'act' without this | |
| ulimit -n 1024 | |
| export TZ=UTC | |
| uv sync --all-extras --python ${{ matrix.python }} | |
| uv run pytest --numprocesses auto | |
| coverage: | |
| name: code coverage | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v3 | |
| with: | |
| enable-cache: true | |
| - name: Install Python 3.14 | |
| run: uv python install 3.14 | |
| - name: Install apt dependencies | |
| run: | | |
| sudo apt update | |
| sudo DEBIAN_FRONTEND=noninteractive apt --yes --quiet install apparmor-utils libsasl2-dev python3-dev libldap2-dev libssl-dev slapd ldap-utils | |
| - name: App armor configuration for slapd | |
| if: ${{ !env.ACT }} | |
| run: sudo aa-complain /usr/sbin/slapd | |
| - name: Run tests with coverage | |
| continue-on-error: true | |
| env: | |
| FORCE_COLOR: "1" | |
| run: | | |
| # python tzinfo fails on 'act' without this | |
| ulimit -n 1024 | |
| export TZ=UTC | |
| uv sync --all-extras | |
| uv run pytest --cov --cov-fail-under=100 --cov-report=term --cov-report=html --numprocesses auto | |
| - name: Upload coverage report | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: coverage-report | |
| path: htmlcov/ | |
| minversions: | |
| name: minimum dependency versions | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v3 | |
| with: | |
| enable-cache: true | |
| - name: Install Python 3.10 | |
| run: uv python install 3.10 | |
| - name: Install apt dependencies | |
| run: | | |
| sudo apt update | |
| sudo DEBIAN_FRONTEND=noninteractive apt --yes --quiet install apparmor-utils libsasl2-dev python3-dev libldap2-dev libssl-dev slapd ldap-utils | |
| - name: App armor configuration for slapd | |
| if: ${{ !env.ACT }} | |
| run: sudo aa-complain /usr/sbin/slapd | |
| - name: Run tests | |
| env: | |
| FORCE_COLOR: "1" | |
| run: | | |
| # python tzinfo fails on 'act' without this | |
| ulimit -n 1024 | |
| export TZ=UTC | |
| uv sync --all-extras --resolution=lowest-direct --python 3.10 | |
| uv run pytest --numprocesses auto | |
| style: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v3 | |
| with: | |
| enable-cache: true | |
| - name: Install Python 3.14 | |
| run: uv python install 3.14 | |
| - name: Install apt dependencies | |
| run: | | |
| sudo apt update | |
| sudo DEBIAN_FRONTEND=noninteractive apt --yes --quiet install apparmor-utils libsasl2-dev python3-dev libldap2-dev libssl-dev slapd ldap-utils | |
| - name: App armor configuration for slapd | |
| if: ${{ !env.ACT }} | |
| run: sudo aa-complain /usr/sbin/slapd | |
| - name: Run linters | |
| run: | | |
| # python tzinfo fails on 'act' without this | |
| ulimit -n 1024 | |
| export TZ=UTC | |
| uv sync --all-extras | |
| uv run prek run --all-files | |
| doc: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v3 | |
| with: | |
| enable-cache: true | |
| - name: Install Python 3.14 | |
| run: uv python install 3.14 | |
| - name: Install apt dependencies | |
| run: | | |
| sudo apt update | |
| sudo DEBIAN_FRONTEND=noninteractive apt --yes --quiet install libsasl2-dev python3-dev libldap2-dev libssl-dev slapd ldap-utils | |
| - name: Build documentation | |
| run: | | |
| export TZ=UTC | |
| uv sync --group doc --all-extras | |
| uv run playwright install --with-deps firefox | |
| uv run sphinx-build doc build/sphinx/html --fail-on-warning | |
| # ============================================================ | |
| # BUILD | |
| # ============================================================ | |
| build-wheel: | |
| needs: [tests-latest, tests, minversions, style] | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v3 | |
| with: | |
| enable-cache: true | |
| - name: Build wheel | |
| run: uv build --wheel | |
| - name: Upload wheel artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: canaille-wheel | |
| path: dist/*.whl | |
| retention-days: 1 | |
| build-pyinstaller: | |
| needs: [tests-latest, style] | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v3 | |
| with: | |
| enable-cache: true | |
| - name: Install Python 3.14 | |
| run: uv python install 3.14 | |
| - name: Install apt dependencies | |
| run: | | |
| sudo apt update | |
| sudo DEBIAN_FRONTEND=noninteractive apt --yes --quiet install libsasl2-dev python3-dev libldap2-dev libssl-dev | |
| - name: Build PyInstaller binary | |
| run: | | |
| export TZ=UTC | |
| uv sync --group release --all-extras --no-dev | |
| uv run pyinstaller canaille.spec | |
| ./dist/canaille --version | |
| uv cache prune --ci | |
| - name: Upload PyInstaller artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: canaille-pyinstaller | |
| path: dist/canaille | |
| retention-days: 1 | |
| build-docker: | |
| needs: [tests-latest, style] | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build Docker image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| push: false | |
| load: true | |
| tags: canaille:integration-test | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Save Docker image | |
| run: docker save canaille:integration-test | gzip > canaille-docker.tar.gz | |
| - name: Upload Docker image artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: canaille-docker | |
| path: canaille-docker.tar.gz | |
| retention-days: 1 | |
| # ============================================================ | |
| # INTEGRATION | |
| # ============================================================ | |
| integration-dev: | |
| name: integration (dev, ${{ matrix.database }}) | |
| needs: [tests-latest, tests, minversions, style] | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| database: [sqlite, postgresql, ldap] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v3 | |
| with: | |
| enable-cache: true | |
| - name: Install apt dependencies | |
| run: | | |
| sudo apt update | |
| sudo DEBIAN_FRONTEND=noninteractive apt --yes --quiet install libsasl2-dev python3-dev libldap2-dev libssl-dev | |
| - name: Install slapd for LDAP tests | |
| if: matrix.database == 'ldap' | |
| run: | | |
| sudo DEBIAN_FRONTEND=noninteractive apt --yes --quiet install apparmor-utils slapd ldap-utils | |
| sudo aa-complain /usr/sbin/slapd | |
| - name: Install Python 3.14 | |
| run: uv python install 3.14 | |
| - name: Run integration tests | |
| env: | |
| FORCE_COLOR: "1" | |
| run: | | |
| uv sync --all-groups --all-extras | |
| uv run pytest integration/ -v --build=dev --database=${{ matrix.database }} | |
| integration-package: | |
| name: integration (package, ${{ matrix.database }}) | |
| needs: [build-wheel] | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| database: [sqlite, postgresql, ldap] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v3 | |
| with: | |
| enable-cache: true | |
| - name: Install apt dependencies | |
| run: | | |
| sudo apt update | |
| sudo DEBIAN_FRONTEND=noninteractive apt --yes --quiet install libsasl2-dev python3-dev libldap2-dev libssl-dev | |
| - name: Install slapd for LDAP tests | |
| if: matrix.database == 'ldap' | |
| run: | | |
| sudo DEBIAN_FRONTEND=noninteractive apt --yes --quiet install apparmor-utils slapd ldap-utils | |
| sudo aa-complain /usr/sbin/slapd | |
| - name: Download wheel artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: canaille-wheel | |
| path: dist/ | |
| - name: Install Python 3.14 | |
| run: uv python install 3.14 | |
| - name: Run integration tests | |
| env: | |
| FORCE_COLOR: "1" | |
| run: | | |
| uv sync --all-groups --all-extras | |
| WHEEL=$(ls dist/*.whl | head -1) | |
| uv run pytest integration/ -v --build=package:$WHEEL --database=${{ matrix.database }} | |
| integration-pyinstaller: | |
| name: integration (pyinstaller, ${{ matrix.database }}) | |
| needs: [build-pyinstaller] | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| database: [sqlite, postgresql, ldap] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v3 | |
| with: | |
| enable-cache: true | |
| - name: Install apt dependencies | |
| run: | | |
| sudo apt update | |
| sudo DEBIAN_FRONTEND=noninteractive apt --yes --quiet install libsasl2-dev python3-dev libldap2-dev libssl-dev | |
| - name: Install slapd for LDAP tests | |
| if: matrix.database == 'ldap' | |
| run: | | |
| sudo DEBIAN_FRONTEND=noninteractive apt --yes --quiet install apparmor-utils slapd ldap-utils | |
| sudo aa-complain /usr/sbin/slapd | |
| - name: Download PyInstaller artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: canaille-pyinstaller | |
| path: dist/ | |
| - name: Make PyInstaller binary executable | |
| run: chmod +x dist/canaille | |
| - name: Install Python 3.14 | |
| run: uv python install 3.14 | |
| - name: Run integration tests | |
| env: | |
| FORCE_COLOR: "1" | |
| run: | | |
| uv sync --all-groups --all-extras | |
| uv run pytest integration/ -v --build=pyinstaller:dist/canaille --database=${{ matrix.database }} | |
| integration-docker: | |
| name: integration (docker, ${{ matrix.database }}) | |
| needs: [build-docker] | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| database: [sqlite, postgresql, ldap] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v3 | |
| with: | |
| enable-cache: true | |
| - name: Install apt dependencies | |
| run: | | |
| sudo apt update | |
| sudo DEBIAN_FRONTEND=noninteractive apt --yes --quiet install libsasl2-dev python3-dev libldap2-dev libssl-dev | |
| - name: Install slapd for LDAP tests | |
| if: matrix.database == 'ldap' | |
| run: | | |
| sudo DEBIAN_FRONTEND=noninteractive apt --yes --quiet install apparmor-utils slapd ldap-utils | |
| sudo aa-complain /usr/sbin/slapd | |
| - name: Download Docker image artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: canaille-docker | |
| path: . | |
| - name: Load Docker image | |
| run: gunzip -c canaille-docker.tar.gz | docker load | |
| - name: Install Python 3.14 | |
| run: uv python install 3.14 | |
| - name: Run integration tests | |
| env: | |
| FORCE_COLOR: "1" | |
| run: | | |
| uv sync --all-groups --all-extras | |
| uv run pytest integration/ -v --build=docker:canaille:integration-test --database=${{ matrix.database }} | |
| integration-minimal: | |
| name: integration (minimal extras) | |
| needs: [build-wheel] | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v3 | |
| with: | |
| enable-cache: true | |
| - name: Download wheel artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: canaille-wheel | |
| path: dist/ | |
| - name: Install Python 3.14 | |
| run: uv python install 3.14 | |
| - name: Run integration tests with minimal extras | |
| env: | |
| FORCE_COLOR: "1" | |
| run: | | |
| uv sync --all-groups --extra server --extra sqlite | |
| WHEEL=$(ls dist/*.whl | head -1) | |
| uv run pytest integration/ -v --build=package:$WHEEL --database=sqlite --extras=server,sqlite | |
| # ============================================================ | |
| # PUBLISH (only on tags) | |
| # ============================================================ | |
| publish-pypi: | |
| needs: [integration-dev, integration-package, integration-pyinstaller, integration-docker, integration-minimal] | |
| if: startsWith(github.ref, 'refs/tags/') | |
| runs-on: ubuntu-22.04 | |
| environment: pypi | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Download wheel artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: canaille-wheel | |
| path: dist/ | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| publish-github-release: | |
| needs: [integration-dev, integration-package, integration-pyinstaller, integration-docker, integration-minimal] | |
| if: startsWith(github.ref, 'refs/tags/') | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download wheel artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: canaille-wheel | |
| path: dist/ | |
| - name: Download PyInstaller artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: canaille-pyinstaller | |
| path: dist/ | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| dist/canaille | |
| dist/*.whl | |
| publish-docker-hub: | |
| needs: [integration-dev, integration-package, integration-pyinstaller, integration-docker, integration-minimal] | |
| if: startsWith(github.ref, 'refs/tags/') | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Download Docker image artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: canaille-docker | |
| path: . | |
| - name: Load Docker image | |
| run: gunzip -c canaille-docker.tar.gz | docker load | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Tag and push Docker image | |
| run: | | |
| VERSION="${GITHUB_REF_NAME}" | |
| docker tag canaille:integration-test yaalcoop/canaille:latest | |
| docker tag canaille:integration-test yaalcoop/canaille:${VERSION} | |
| docker push yaalcoop/canaille:latest | |
| docker push yaalcoop/canaille:${VERSION} |