Boots the full authentik stack (postgres + Go server + Rust worker)
inside the existing ci-web workflow, applies migrations and the
test-admin user blueprint, then runs `corepack npm run --prefix web
test:e2e` against http://localhost:9000. Uploads the HTML report,
traces/videos, and authentik logs as artifacts on failure so reviewers
can debug without rerunning locally.
Also enables the HTML reporter and screenshot/video capture on CI in
playwright.config.js, and updates the full dev-environment docs to
point at the same npm scripts CI uses so local and CI runs stay in
lockstep.
Closes#21994
Co-Authored-By: Agent (authentik-i21994-better-mobile-tangelo) <279763771+playpen-agent@users.noreply.github.com>
ci/web: make test-admin blueprint self-contained
The previous blueprint used !Find to look up the authentik Admins group,
which raced against system/bootstrap.yaml and resolved to None when the
explicit apply_blueprint step ran before the worker had applied bootstrap.
The serializer rejected groups: [None] with Invalid pk "None".
Define the group in the same blueprint with state: present and reference
it via !KeyOf, so the test admin setup does not depend on any pre-existing
data. If bootstrap has already created the group, state: present is a
no-op on the identifiers; otherwise the group is created here.
Co-Authored-By: Agent (authentik-i21994-better-mobile-tangelo) <279763771+playpen-agent@users.noreply.github.com>
ci/web: format test-admin-user.yaml with prettier
Pick up the 4-space indent that web/'s prettier config enforces. The
file was added under issue #21994 with 2-space indent and tripped the
ci-web format check on push.
Co-Authored-By: Agent (authentik-i21994-better-mobile-tangelo) <279763771+playpen-agent@users.noreply.github.com>
Use parallelism.
Remove guard.
Reorder tests.
Ignore playwright-traces.
Update expected path.
Always parallel.
Flesh out types.
ci/web: post Playwright result comment + gated S3 upload + !cancelled() guards
Three reviewer-facing improvements to the e2e job:
1. Idempotent PR comment summarising Playwright pass/fail/flaky/skipped
counts. Marker `<!-- playwright-result -->` lets re-runs edit the
same comment instead of piling up. Skipped on fork PRs where the
default GITHUB_TOKEN is read-only.
2. Optional S3 publish of the HTML report to
`s3://authentik-playwright-artifacts/pr-<n>/run-<id>/attempt-<n>/`,
gated behind `vars.PLAYWRIGHT_S3_ENABLED == 'true'`. The bucket is
pending infra provisioning; the public URL pattern is already wired
into the comment so flipping the variable on later requires no
workflow changes. Borrows the OIDC + IAM role plumbing from
`.github/workflows/release-publish.yml`.
3. Switch the failure-guarded reporting/upload steps to `!cancelled()`
so a superseded (cancelled) run no longer emits failure-shaped noise,
and so successful runs still produce the artifact bundle reviewers
expect.
Adds the Playwright JSON reporter so the parse step can pull pass/fail
counts from `playwright-report/results.json` for the comment body.
Co-Authored-By: Agent (authentik-i21996-internal-achievable-raisin) <279763771+playpen-agent@users.noreply.github.com>
web/e2e: fix three regressions blocking the parallel suite
Locally and in CI the new `e2e (playwright)` job appeared to "hang"
under `fullyParallel: true` + `workers: "50%"`. The hang was actually
five tests sharing two unrelated bugs that all manifest as 30s test
timeouts; the cluster only *looks* like a parallelism issue because
multiple workers stall on the same wall-clock window. With these three
fixes the full suite is green in 1m48s on `--workers=2` (was: 5 failed
/ 17 passed in 5m30s).
1. `web/test/browser/600-providers.test.ts`
PR #21647 dropped the `to:` argument on the `session.login()` call
in this file's `beforeEach`. Without it, `SessionFixture.login()`
waits for the auth-flow URL pattern to re-appear — which it does
immediately, since we just navigated there — so the helper returns
*before* the post-login redirect lands. The wizard buttons probed
afterward live on `/if/admin/#/core/providers`, which the user never
actually reaches; every test in the file then hits the 30s
`beforeEach` timeout. Pin the destination explicitly, matching the
shape of every other test file.
2. `web/src/admin/roles/ak-role-list.ts`
The role-list row anchor had no aria-label, so its accessible name
was the (random, generated) role name. `500-roles.test.ts` searches
for that anchor with `getByRole("link", { name: "view details" })`
— the same selector `400-groups.test.ts` uses against the group
list, where `GroupListPage.row()` *does* set
`aria-label="View details of group ..."`. Bring the role row to
parity with groups; the test wasn't wrong, the UI was missing the
accessibility hook.
3. `web/test/browser/500-roles.test.ts` ("Edit role from view page")
The post-edit verification used `page.getByText(updatedName)`, but
on the role view page the new name renders in two places (the
"Role <name>" page-navbar heading and the description-list value),
so the bare text match resolves to two elements and trips
strict-mode. Add `{ exact: true }` so we assert the canonical value
the edit wrote rather than the heading template.
Co-Authored-By: Agent (authentik-i21996-internal-achievable-raisin) <279763771+playpen-agent@users.noreply.github.com>
Use headless.
* initial
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use same startup template
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix check not working
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* unrelated: fix inspector auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ensure oobe flow can only accessed via correct url
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* set setup flag when applying bootstrap blueprint when env is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add system visibility to flags to make them non-editable
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* set setup flag for e2e tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests and linting
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make github lint happy
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make tests have less assumptions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Update docs
* include more heuristics in migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add management command to set any flag
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate worker command to signal
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improved api for setting flags
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* short circuit
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
* add info about make install and recovery key
* fix formatting on troubleshooting tip
* Apply suggestion from @dominic-r
Signed-off-by: Dominic R <dominic@sdko.org>
* tweak to bump
* tweak
* tweaked words abouot make install per jens
* build
---------
Signed-off-by: Dominic R <dominic@sdko.org>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Marcelo Elizeche Landó <marcelo@goauthentik.io>
* website/docs: misc changes to full dev environment setup
Yes, I redid my setup tonight, how did you know?
* Update website/docs/developer-docs/setup/full-dev-environment.mdx
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/developer-docs/setup/full-dev-environment.mdx
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/developer-docs/setup/full-dev-environment.mdx
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/developer-docs/setup/full-dev-environment.mdx
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* add worker threads hint
---------
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
