feat(integration): INT-02 Nextcloud OIDC docker test + CI #12

Workflow file for this run

	name: CI

	on:
	push:
	branches: [main, develop, 'feature/', 'bugfix/']
	pull_request:
	branches: [main, develop]

	permissions:
	contents: read
	security-events: write

	jobs:
	validate:
	name: Validate Configuration
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: Validate Docker Compose files
	run: \|
	for f in docker/docker-compose.*.yml; do
	echo "Validating: $f"
	docker compose -f "$f" config --no-interpolate -q
	done

	- name: ShellCheck — lab test scripts
	run: \|
	sudo apt-get install -y shellcheck -qq
	shellcheck --severity=warning tests/labs/*.sh

	- name: Validate module manifest
	run: \|
	python3 -c "
	import sys, re
	with open('it-stack-nextcloud.yml') as f:
	content = f.read()
	required = ['module:', 'version:', 'phase:', 'category:', 'ports:']
	missing = [k for k in required if k not in content]
	if missing:
	print('Missing fields:', missing); sys.exit(1)
	print('Manifest valid')
	"

	security-scan:
	name: Security Scan
	runs-on: ubuntu-latest
	needs: validate
	steps:
	- uses: actions/checkout@v4

	- name: Trivy — scan Dockerfile
	uses: aquasecurity/trivy-action@0.28.0
	with:
	scan-type: config
	scan-ref: .
	exit-code: '0'
	severity: CRITICAL,HIGH

	- name: Trivy — SARIF output
	uses: aquasecurity/trivy-action@0.28.0
	with:
	scan-type: config
	scan-ref: .
	format: sarif
	output: trivy-results.sarif

	- name: Upload SARIF to GitHub Security
	uses: github/codeql-action/upload-sarif@v3
	if: always()
	with:
	sarif_file: trivy-results.sarif

	lab-01-smoke:
	name: Lab 01 — Nextcloud standalone (status.php, occ, WebDAV)
	runs-on: ubuntu-latest
	needs: validate
	continue-on-error: true
	steps:
	- uses: actions/checkout@v4

	- name: Install tools
	run: sudo apt-get install -y curl

	- name: Validate standalone compose
	run: \|
	docker compose -f docker/docker-compose.standalone.yml config -q
	echo "Standalone compose valid"

	- name: Start standalone stack
	run: docker compose -f docker/docker-compose.standalone.yml up -d

	- name: Wait for Nextcloud (first-boot SQLite setup ~2 min)
	run: timeout 300 bash -c 'until curl -sf http://localhost:8080/status.php \| grep -q \'"installed":true\'; do sleep 10; done'

	- name: Run Lab 06-01 test script
	run: bash tests/labs/test-lab-06-01.sh

	- name: Collect logs on failure
	if: failure()
	run: docker compose -f docker/docker-compose.standalone.yml logs

	- name: Cleanup
	if: always()
	run: docker compose -f docker/docker-compose.standalone.yml down -v

	lab-02-smoke:
	name: Lab 02 — Nextcloud LAN (PG, Redis, pgsql backend, Redis config)
	runs-on: ubuntu-latest
	needs: validate
	continue-on-error: true
	steps:
	- uses: actions/checkout@v4

	- name: Install tools
	run: sudo apt-get install -y curl

	- name: Validate LAN compose
	run: docker compose -f docker/docker-compose.lan.yml config -q && echo "LAN compose valid"

	- name: Start LAN stack
	run: docker compose -f docker/docker-compose.lan.yml up -d

	- name: Wait for PostgreSQL
	run: timeout 60 bash -c 'until docker compose -f docker/docker-compose.lan.yml exec -T db pg_isready -U ncuser -d nextcloud; do sleep 3; done'

	- name: Wait for Redis
	run: timeout 30 bash -c 'until docker compose -f docker/docker-compose.lan.yml exec -T redis redis-cli -a Lab02Redis! ping \| grep -q PONG; do sleep 2; done'

	- name: Wait for Nextcloud (PG first-boot ~3 min)
	run: timeout 360 bash -c 'until curl -sf http://localhost:8080/status.php \| grep -q "\"installed\":true"; do sleep 10; done'

	- name: Run Lab 06-02 test script
	run: bash tests/labs/test-lab-06-02.sh

	- name: Collect logs on failure
	if: failure()
	run: docker compose -f docker/docker-compose.lan.yml logs

	- name: Cleanup
	if: always()
	run: docker compose -f docker/docker-compose.lan.yml down -v

	lab-03-smoke:
	name: Lab 03 - Nextcloud Advanced (cron, resource limits, Redis policy)
	runs-on: ubuntu-latest
	needs: validate
	continue-on-error: true
	steps:
	- uses: actions/checkout@v4
	- name: Install tools
	run: sudo apt-get install -y curl
	- name: Validate advanced compose
	run: docker compose -f docker/docker-compose.advanced.yml config -q && echo "Advanced compose valid"
	- name: Start advanced stack
	run: docker compose -f docker/docker-compose.advanced.yml up -d
	- name: Wait for PostgreSQL
	run: timeout 60 bash -c 'until docker compose -f docker/docker-compose.advanced.yml exec -T db pg_isready -U ncuser -d nextcloud; do sleep 3; done'
	- name: Wait for Nextcloud
	run: timeout 360 bash -c 'until curl -sf http://localhost:8080/status.php \| grep -q "\"installed\":true"; do sleep 10; done'
	- name: Run Lab 06-03 test script
	run: bash tests/labs/test-lab-06-03.sh
	- name: Collect logs on failure
	if: failure()
	run: docker compose -f docker/docker-compose.advanced.yml logs
	- name: Cleanup
	if: always()
	run: docker compose -f docker/docker-compose.advanced.yml down -v
	lab-04-smoke:
	name: Lab 04 — Nextcloud SSO Integration (Keycloak OIDC)
	runs-on: ubuntu-latest
	needs: validate
	continue-on-error: true
	steps:
	- uses: actions/checkout@v4
	- name: Install tools
	run: sudo apt-get install -y curl
	- name: Validate SSO compose
	run: docker compose -f docker/docker-compose.sso.yml config -q && echo "SSO compose valid"
	- name: Start SSO stack
	run: docker compose -f docker/docker-compose.sso.yml up -d
	- name: Wait for Keycloak
	run: timeout 120 bash -c 'until curl -sf http://localhost:8084/health/ready \| grep -q UP; do sleep 5; done'
	- name: Wait for PostgreSQL
	run: timeout 60 bash -c 'until docker compose -f docker/docker-compose.sso.yml exec -T db pg_isready -U ncuser -d nextcloud; do sleep 3; done'
	- name: Wait for Nextcloud
	run: timeout 360 bash -c 'until curl -sf http://localhost:8080/status.php \| grep -q "\"installed\":true"; do sleep 10; done'
	- name: Run Lab 06-04 test script
	run: bash tests/labs/test-lab-06-04.sh
	- name: Collect logs on failure
	if: failure()
	run: docker compose -f docker/docker-compose.sso.yml logs
	- name: Cleanup
	if: always()
	run: docker compose -f docker/docker-compose.sso.yml down -v
	lab-05-smoke:
	name: "Lab 05 — INT-02 Nextcloud+Keycloak OIDC, LDAP sync, user_oidc, WebDAV"
	runs-on: ubuntu-latest
	needs: validate
	continue-on-error: true
	steps:
	- uses: actions/checkout@v4
	- name: Install tools
	run: sudo apt-get install -y curl ldap-utils python3
	- name: Validate integration compose
	run: docker compose -f docker/docker-compose.integration.yml config -q && echo "Integration compose valid"
	- name: Start integration stack
	run: docker compose -f docker/docker-compose.integration.yml up -d
	- name: Wait for OpenLDAP + ldap-seed (Keycloak depends on it)
	run: timeout 90 bash -c 'until docker exec nc-int-ldap ldapsearch -x -H ldap://localhost -b dc=lab,dc=local -D cn=admin,dc=lab,dc=local -w LdapAdmin05! > /dev/null 2>&1; do sleep 5; done'
	- name: Wait for Keycloak (includes ldap-seed completion)
	run: timeout 240 bash -c 'until curl -sf http://localhost:8104/health/ready \| grep -q UP; do sleep 5; done'
	- name: Wait for Nextcloud
	run: timeout 300 bash -c 'until curl -sf http://localhost:8100/status.php \| grep -q "\"installed\":true"; do sleep 10; done'
	- name: Run Lab 06-05 test script
	run: bash tests/labs/test-lab-06-05.sh --no-cleanup
	- name: Collect logs on failure
	if: failure()
	run: docker compose -f docker/docker-compose.integration.yml logs
	- name: Cleanup
	if: always()
	run: docker compose -f docker/docker-compose.integration.yml down -v

	lab-06-smoke:
	name: Lab 06 -- Nextcloud Production Deployment (resource limits + metrics)
	runs-on: ubuntu-latest
	needs: validate
	continue-on-error: true
	steps:
	- uses: actions/checkout@v4
	- name: Install tools
	run: sudo apt-get install -y curl ldap-utils
	- name: Validate production compose
	run: docker compose -f docker/docker-compose.production.yml config -q && echo "Production compose valid"
	- name: Start production stack
	run: docker compose -f docker/docker-compose.production.yml up -d
	- name: Wait for Keycloak
	run: timeout 240 bash -c 'until curl -sf http://localhost:8204/health/ready \| grep -q UP; do sleep 5; done'
	- name: Wait for OpenLDAP
	run: timeout 120 bash -c 'until docker exec nc-prod-ldap ldapsearch -x -H ldap://localhost -b dc=lab,dc=local -D cn=admin,dc=lab,dc=local -w LdapProd06! > /dev/null 2>&1; do sleep 5; done'
	- name: Wait for Nextcloud
	run: timeout 360 bash -c 'until curl -sf http://localhost:8200/status.php; do sleep 10; done'
	- name: Run Lab 06-06 test script
	run: bash tests/labs/test-lab-06-06.sh --no-cleanup
	- name: Collect logs on failure
	if: failure()
	run: docker compose -f docker/docker-compose.production.yml logs
	- name: Cleanup
	if: always()
	run: docker compose -f docker/docker-compose.production.yml down -v

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(integration): INT-02 Nextcloud OIDC docker test + CI #12

Workflow file

feat(integration): INT-02 Nextcloud OIDC docker test + CI #12

Uh oh!

Workflow file for this run