diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 10e0c0f..35750bc 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -40,6 +40,83 @@ updates:
commit-message:
prefix: "deps"
+ - package-ecosystem: "npm"
+ directory: "/samples/vue/login-pkce"
+ schedule:
+ interval: "weekly"
+ open-pull-requests-limit: 5
+ labels:
+ - "dependencies"
+ commit-message:
+ prefix: "deps"
+
+ - package-ecosystem: "npm"
+ directory: "/samples/vue/token-refresh"
+ schedule:
+ interval: "weekly"
+ open-pull-requests-limit: 5
+ labels:
+ - "dependencies"
+ commit-message:
+ prefix: "deps"
+
+ - package-ecosystem: "npm"
+ directory: "/samples/node/login-auth-code"
+ schedule:
+ interval: "weekly"
+ open-pull-requests-limit: 5
+ labels:
+ - "dependencies"
+ commit-message:
+ prefix: "deps"
+
+ - package-ecosystem: "npm"
+ directory: "/samples/node/saml-sp-login"
+ schedule:
+ interval: "weekly"
+ open-pull-requests-limit: 5
+ labels:
+ - "dependencies"
+ commit-message:
+ prefix: "deps"
+
+ - package-ecosystem: "npm"
+ directory: "/samples/node/token-refresh"
+ schedule:
+ interval: "weekly"
+ open-pull-requests-limit: 5
+ labels:
+ - "dependencies"
+ commit-message:
+ prefix: "deps"
+
+ # React Native samples — the auto-merge workflow excludes
+ # /samples/react-native/* by directory match, so bumps here always require
+ # human review. Dep bumps can break native autolinking / API shapes that
+ # `tsc --noEmit` doesn't catch. The "manual-review" label is informational
+ # only (the workflow filter is directory-based, not label-based).
+ - package-ecosystem: "npm"
+ directory: "/samples/react-native/login-pkce"
+ schedule:
+ interval: "weekly"
+ open-pull-requests-limit: 5
+ labels:
+ - "dependencies"
+ - "manual-review"
+ commit-message:
+ prefix: "deps"
+
+ - package-ecosystem: "npm"
+ directory: "/samples/react-native/token-refresh"
+ schedule:
+ interval: "weekly"
+ open-pull-requests-limit: 5
+ labels:
+ - "dependencies"
+ - "manual-review"
+ commit-message:
+ prefix: "deps"
+
- package-ecosystem: "npm"
directory: "/scripts"
schedule:
@@ -50,6 +127,66 @@ updates:
commit-message:
prefix: "deps"
+ - package-ecosystem: "maven"
+ directory: "/samples/java/login-auth-code"
+ schedule:
+ interval: "weekly"
+ open-pull-requests-limit: 5
+ labels:
+ - "dependencies"
+ commit-message:
+ prefix: "deps"
+
+ - package-ecosystem: "maven"
+ directory: "/samples/java/saml-sp-login"
+ schedule:
+ interval: "weekly"
+ open-pull-requests-limit: 5
+ labels:
+ - "dependencies"
+ commit-message:
+ prefix: "deps"
+
+ - package-ecosystem: "maven"
+ directory: "/samples/java/token-refresh"
+ schedule:
+ interval: "weekly"
+ open-pull-requests-limit: 5
+ labels:
+ - "dependencies"
+ commit-message:
+ prefix: "deps"
+
+ - package-ecosystem: "nuget"
+ directory: "/samples/dotnet/login-auth-code"
+ schedule:
+ interval: "weekly"
+ open-pull-requests-limit: 5
+ labels:
+ - "dependencies"
+ commit-message:
+ prefix: "deps"
+
+ - package-ecosystem: "nuget"
+ directory: "/samples/dotnet/saml-sp-login"
+ schedule:
+ interval: "weekly"
+ open-pull-requests-limit: 5
+ labels:
+ - "dependencies"
+ commit-message:
+ prefix: "deps"
+
+ - package-ecosystem: "nuget"
+ directory: "/samples/dotnet/token-refresh"
+ schedule:
+ interval: "weekly"
+ open-pull-requests-limit: 5
+ labels:
+ - "dependencies"
+ commit-message:
+ prefix: "deps"
+
- package-ecosystem: "github-actions"
directory: "/"
schedule:
diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
index c5d6bf7..f8f0af7 100644
--- a/.github/workflows/dependabot-auto-merge.yml
+++ b/.github/workflows/dependabot-auto-merge.yml
@@ -17,13 +17,22 @@ jobs:
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Approve PR
- if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'
+ # Auto-merge patch + minor updates EXCEPT for React Native samples.
+ # RN dep bumps can change native autolinking / API shapes that
+ # `tsc --noEmit` doesn't catch — require manual review.
+ if: |
+ (steps.metadata.outputs.update-type == 'version-update:semver-patch' ||
+ steps.metadata.outputs.update-type == 'version-update:semver-minor') &&
+ !startsWith(steps.metadata.outputs.directory, '/samples/react-native')
run: gh pr review --approve "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GH_TOKEN: ${{ secrets.GH_SERVICE_ACCOUNT_DEVOPS_2_PAT1 }}
- name: Enable auto-merge
- if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'
+ if: |
+ (steps.metadata.outputs.update-type == 'version-update:semver-patch' ||
+ steps.metadata.outputs.update-type == 'version-update:semver-minor') &&
+ !startsWith(steps.metadata.outputs.directory, '/samples/react-native')
run: gh pr merge --auto --squash "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
diff --git a/.github/workflows/test-android.yml b/.github/workflows/test-android.yml
new file mode 100644
index 0000000..63f0ac8
--- /dev/null
+++ b/.github/workflows/test-android.yml
@@ -0,0 +1,102 @@
+name: Test Android Builds
+
+on:
+ push:
+ paths:
+ - "samples/react-native/**"
+ - "samples/android/**"
+ - ".github/workflows/test-android.yml"
+ pull_request:
+ paths:
+ - "samples/react-native/**"
+ - "samples/android/**"
+ - ".github/workflows/test-android.yml"
+ schedule:
+ - cron: "0 9 * * 1"
+ workflow_dispatch:
+
+permissions:
+ contents: read
+
+jobs:
+ find-projects:
+ runs-on: ubuntu-latest
+ outputs:
+ matrix: ${{ steps.find.outputs.matrix }}
+ steps:
+ - uses: actions/checkout@v6
+ - id: find
+ # Discover any sample with an Android Gradle wrapper. Today: react-native
+ # samples; future: native android samples will surface automatically.
+ run: |
+ DIRS=$(find samples -name "gradlew" -not -path "*/node_modules/*" -not -path "*/build/*" -exec dirname {} \; 2>/dev/null \
+ | sort | jq -R -s -c 'split("\n") | map(select(. != ""))')
+ echo "matrix=$DIRS" >> "$GITHUB_OUTPUT"
+
+ build:
+ needs: find-projects
+ if: ${{ needs.find-projects.outputs.matrix != '[]' }}
+ runs-on: ubuntu-latest
+ strategy:
+ fail-fast: false
+ matrix:
+ android_dir: ${{ fromJson(needs.find-projects.outputs.matrix) }}
+ steps:
+ - uses: actions/checkout@v6
+
+ - name: Set up JDK 17
+ uses: actions/setup-java@v5
+ with:
+ distribution: "temurin"
+ java-version: "17"
+
+ - name: Set up Android SDK
+ uses: android-actions/setup-android@v3
+ with:
+ packages: "platform-tools platforms;android-36 build-tools;36.0.0"
+
+ # React Native samples need their JS deps installed first so autolinking
+ # can resolve native modules from node_modules. Detect by walking up to
+ # the directory that owns package.json.
+ - uses: actions/setup-node@v6
+ with:
+ node-version: "22"
+ - name: Enable Corepack
+ run: corepack enable
+
+ - name: Install JS dependencies (RN samples)
+ run: |
+ # ${{ matrix.android_dir }} is e.g. "samples/react-native/login-pkce/android".
+ # Walk up until we find a package.json or hit the repo root.
+ dir="${{ matrix.android_dir }}"
+ while [ "$dir" != "." ] && [ "$dir" != "/" ]; do
+ if [ -f "$dir/package.json" ]; then
+ echo "Installing JS deps in $dir"
+ (cd "$dir" && yarn install --immutable)
+ break
+ fi
+ dir=$(dirname "$dir")
+ done
+
+ - name: Generate debug keystore
+ # The committed sample doesn't ship debug.keystore (gitignored).
+ # Generate a throwaway one so Gradle's `validateSigningDebug` passes.
+ run: |
+ keytool -genkeypair -v \
+ -keystore "${{ matrix.android_dir }}/app/debug.keystore" \
+ -storepass android -alias androiddebugkey -keypass android \
+ -keyalg RSA -keysize 2048 -validity 10000 \
+ -dname "CN=Android Debug,O=Android,C=US"
+
+ - name: Cache Gradle
+ uses: actions/cache@v4
+ with:
+ path: |
+ ~/.gradle/caches
+ ~/.gradle/wrapper
+ key: gradle-${{ runner.os }}-${{ hashFiles(format('{0}/gradle/wrapper/gradle-wrapper.properties', matrix.android_dir), format('{0}/build.gradle*', matrix.android_dir), format('{0}/app/build.gradle*', matrix.android_dir)) }}
+ restore-keys: gradle-${{ runner.os }}-
+
+ - name: assembleDebug
+ working-directory: ${{ matrix.android_dir }}
+ run: ./gradlew assembleDebug --no-daemon
diff --git a/.github/workflows/test-dotnet.yml b/.github/workflows/test-dotnet.yml
index ad27138..eea8d5f 100644
--- a/.github/workflows/test-dotnet.yml
+++ b/.github/workflows/test-dotnet.yml
@@ -3,10 +3,12 @@ name: Test .NET Frameworks
on:
push:
paths:
- - "samples/**"
+ - "samples/dotnet/**"
+ - ".github/workflows/test-dotnet.yml"
pull_request:
paths:
- - "samples/**"
+ - "samples/dotnet/**"
+ - ".github/workflows/test-dotnet.yml"
schedule:
- cron: "0 8 * * 1"
workflow_dispatch:
diff --git a/.github/workflows/test-java.yml b/.github/workflows/test-java.yml
new file mode 100644
index 0000000..a87dea9
--- /dev/null
+++ b/.github/workflows/test-java.yml
@@ -0,0 +1,48 @@
+name: Test Java Frameworks
+
+on:
+ push:
+ paths:
+ - "samples/java/**"
+ - ".github/workflows/test-java.yml"
+ pull_request:
+ paths:
+ - "samples/java/**"
+ - ".github/workflows/test-java.yml"
+ schedule:
+ - cron: "0 8 * * 1"
+ workflow_dispatch:
+
+permissions:
+ contents: read
+
+jobs:
+ find-projects:
+ runs-on: ubuntu-latest
+ outputs:
+ matrix: ${{ steps.find.outputs.matrix }}
+ steps:
+ - uses: actions/checkout@v6
+ - id: find
+ run: |
+ DIRS=$(find samples -name "pom.xml" -not -path "*/target/*" -not -path "*/node_modules/*" -exec dirname {} \; 2>/dev/null | sort | jq -R -s -c 'split("\n") | map(select(. != ""))')
+ echo "matrix=$DIRS" >> "$GITHUB_OUTPUT"
+
+ test:
+ needs: find-projects
+ if: ${{ needs.find-projects.outputs.matrix != '[]' }}
+ runs-on: ubuntu-latest
+ strategy:
+ fail-fast: false
+ matrix:
+ project: ${{ fromJson(needs.find-projects.outputs.matrix) }}
+ steps:
+ - uses: actions/checkout@v6
+ - uses: actions/setup-java@v5
+ with:
+ distribution: "temurin"
+ java-version: "21"
+ cache: "maven"
+ - name: Build and test
+ working-directory: ${{ matrix.project }}
+ run: mvn -B verify
diff --git a/.github/workflows/test-js.yml b/.github/workflows/test-js.yml
index 2e9147e..772f718 100644
--- a/.github/workflows/test-js.yml
+++ b/.github/workflows/test-js.yml
@@ -3,10 +3,20 @@ name: Test JS Frameworks
on:
push:
paths:
- - "samples/**"
+ - "samples/react/**"
+ - "samples/angular/**"
+ - "samples/vue/**"
+ - "samples/node/**"
+ - "samples/react-native/**"
+ - ".github/workflows/test-js.yml"
pull_request:
paths:
- - "samples/**"
+ - "samples/react/**"
+ - "samples/angular/**"
+ - "samples/vue/**"
+ - "samples/node/**"
+ - "samples/react-native/**"
+ - ".github/workflows/test-js.yml"
schedule:
- cron: "0 8 * * 1"
workflow_dispatch:
diff --git a/samples/java/saml-sp-login/pom.xml b/samples/java/saml-sp-login/pom.xml
index 43af75e..51f2a8c 100644
--- a/samples/java/saml-sp-login/pom.xml
+++ b/samples/java/saml-sp-login/pom.xml
@@ -20,6 +20,15 @@
21
+
+
+
+ shibboleth
+ https://build.shibboleth.net/maven/releases/
+
+
+
org.springframework.boot