[ENG-715] feat: Add SAML SSO support#25
Merged
Merged
Conversation
- For the upcoming release
📝 WalkthroughWalkthroughThis PR adds SAML SSO documentation and compose/configuration support for mounting SSO files, plus related quickstart and backup/restore updates. It also updates several GitHub Actions references and one Podman validation step. ChangesSAML SSO Documentation and Volume Wiring
Estimated code review effort: 2 (Simple) | ~10 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/check-compose-sync.yml:
- Line 28: The checkout step in the check-compose-sync workflow is persisting
credentials unnecessarily. Update the existing actions/checkout@v5 step to
disable credential persistence by setting persist-credentials to false, since
this job only generates and diffs compose files and does not need authenticated
git access.
In @.github/workflows/smoke-test-services.yml:
- Line 29: The checkout step in this workflow currently keeps repository
credentials available even though the job does not perform any authenticated git
operations afterward. Update the actions/checkout usage in the smoke test job to
disable credential persistence by setting persist-credentials to false so the
job does not retain unnecessary git auth access.
In @.github/workflows/validate-compose.yml:
- Around line 22-23: The Checkout steps in both validation jobs are leaving
repository credentials persisted by default; update the actions/checkout usage
in the validate-compose workflow to disable persisted credentials. Add
persist-credentials set to false on each checkout step so the validation jobs
only fetch the repo without exposing the token to later steps.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: d218abf2-3111-46f5-9ce9-4dad993a3c75
📒 Files selected for processing (3)
.github/workflows/check-compose-sync.yml.github/workflows/smoke-test-services.yml.github/workflows/validate-compose.yml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add new feature from the upcoming release, SAML SSO support.
Users just need to provide their idp metadata file and a matching issuer id and SSO is enabled. Also includes support for restricting to specific domains, and auth signing. Tested with Okta.
Checklist
(fix|feat|chore): title [CSR-xxx]Summary by CodeRabbit