action.yml

name: 'authentik Setup'
description: 'Sets up an authentik test environment'
inputs:
  version:
    description: 'stable/beta or any other version tag'
    required: false
    default: "stable"
  wait:
    description: 'If the action should wait for authentik to be available'
    required: false
    default: "true"
  sentry_env:
    description: 'Sentry environment to send traces to.'
    required: false
    default: "github-actions"

outputs:
  admin_token:
    description: "API token for akadmin User"
    value: ${{ steps.credentials.outputs.admin_token }}
  admin_password:
    description: "Password for akadmin User"
    value: ${{ steps.credentials.outputs.admin_password }}
  http_url:
    description: "Base URL to access authentik at"
    value: http://localhost:9000
  https_url:
    description: "Base URL to access authentik at (HTTPS)"
    value: https://localhost:9443
  server_container_id:
    description: id of the server container
    value: ${{ steps.run.outputs.server_container }}
  worker_container_id:
    description: id of the worker container
    value: ${{ steps.run.outputs.worker_container }}

runs:
  using: "composite"
  steps:
    - name: Prepare common variables
      shell: bash
      run: |
        echo "PG_PASS=$(openssl rand -base64 32)" >> .env
        echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 40)" >> .env
        echo "AUTHENTIK_ERROR_REPORTING__ENABLED=true" >> .env
        echo "AUTHENTIK_ERROR_REPORTING__ENVIRONMENT=${{ inputs.sentry_env }}" >> .env
        echo "AUTHENTIK_DISABLE_UPDATE_CHECK=true" >> .env
        echo "AUTHENTIK_DISABLE_STARTUP_ANALYTICS=true" >> .env

    - name: Generate credentials
      shell: bash
      id: credentials
      run: |
        AUTHENTIK_BOOTSTRAP_TOKEN=$(openssl rand -base64 32)
        echo "AUTHENTIK_BOOTSTRAP_TOKEN=${AUTHENTIK_BOOTSTRAP_TOKEN}" >> .env
        echo "admin_token=${AUTHENTIK_BOOTSTRAP_TOKEN}" >> $GITHUB_OUTPUT

        AUTHENTIK_BOOTSTRAP_PASSWORD=$(openssl rand -base64 32)
        echo "AUTHENTIK_BOOTSTRAP_PASSWORD=${AUTHENTIK_BOOTSTRAP_PASSWORD}" >> .env
        echo "admin_password=${AUTHENTIK_BOOTSTRAP_PASSWORD}" >> $GITHUB_OUTPUT

    - name: Configure
      shell: bash
      run: |
        if [ "${{ inputs.version }}" = "beta" ]; then
          echo "AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server" >> .env
          echo "AUTHENTIK_TAG=gh-next" >> .env
          echo "AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s" >> .env
        elif [ "${{ inputs.version }}" != "stable" ]; then
          echo "AUTHENTIK_TAG=${{ inputs.version }}" >> .env
        fi
        wget https://goauthentik.io/docker-compose.yml

    - name: Run
      shell: bash
      id: run
      run: |
        export COMPOSE_PROJECT_NAME=authentik
        docker compose pull -q
        docker compose up -d

        server_container=$(docker ps -f label=com.docker.compose.project=authentik -f label=com.docker.compose.service=server --format "{{.ID}}")
        worker_container=$(docker ps -f label=com.docker.compose.project=authentik -f label=com.docker.compose.service=worker --format "{{.ID}}")
        echo "server_container=${server_container}" >> $GITHUB_OUTPUT
        echo "worker_container=${worker_container}" >> $GITHUB_OUTPUT

        if [ "${{ inputs.wait }}" = "true" ]; then
          timeout 600 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' http://localhost:9000/api/v3/root/config/)" != "200" ]]; do sleep 5; done' || false
        fi
        docker compose logs