This action deploys a local authentik instance in Docker using compose.
version: can be set tostable,betaor any valid verison. Defaults tostable.wait: bool, if set to true the action will wait for authentik to be available (waits 600 seconds)sentry_env: Optionally set an environment for sentry reportsblueprints_path: Optional path to a folder containing blueprints, which are mounted into the authentik containers.cache: bool, if set to true the action caches the required container images using the GitHub Actions cache, to speed up subsequent runs. Defaults totrue.enterprise_license: bool, if set to true the action will automatically retrieve and install a dev enterprise license from the goauthentik customer portal. Defaults tofalse. Requires the calling workflow to grantpermissions: id-token: write, and is only usable from contexts the customer portal's OIDC trust recognizes (primarily goauthentik's own repos/CI).enterprise_license_users_internal: Number of internal users to request for the enterprise license. Defaults to1.enterprise_license_users_external: Number of external users to request for the enterprise license. Defaults to1.
admin_token: Auto-generated token for the akadmin useradmin_password: Auto-generated password for the akadmin userhttp_url: http URL to access authentikhttps_url: https URL to access authentikenterprise_license_key: The enterprise license key retrieved and installed, ifenterprise_licenseis set to true
This action is written in TypeScript (src/) and bundled to dist/index.js / dist/post.js
with esbuild. The bundled output is committed so consumers don't need a build step.
npm install
npm run build # regenerate dist/index.js and dist/post.js
npm run lint # eslint
npm run typecheck # tsc --noEmit
npm run format # prettier --writeIf you change anything under src/, run npm run build and commit the updated dist/
output — CI (the check-dist job) fails the build if dist/ doesn't match what
npm run build produces from the current src/.