chore: Run TCK with user authentication

jmesnil · jmesnil · commit 961fec4fe79d · 2026-02-10T15:02:13.000+01:00
Signed-off-by: Jeff Mesnil &lt;jmesnil@ibm.com&gt;
diff --git a/.github/workflows/run-tck-1.0-wip.yml b/.github/workflows/run-tck-1.0-wip.yml
@@ -5,9 +5,9 @@ on:
   push:
     branches:
       - main
-  #pull_request:
-  #  branches:
-  #     - main
+  pull_request:
+    branches:
+       - main
   workflow_dispatch:
 
 env:
@@ -64,8 +64,12 @@ jobs:
         working-directory: tck/a2a-tck
       - name: Build with Maven, skipping tests
         run: mvn -B install -DskipTests
+      - name: Generate random password
+        run: |
+          A2A_PASSWORD=$(openssl rand -base64 16)
+          echo "A2A_PASSWORD=$A2A_PASSWORD" >> $GITHUB_ENV
       - name: Start SUT
-        run: SUT_GRPC_URL=${{ env.SUT_JSONRPC_URL }} SUT_REST_URL=${{ env.SUT_JSONRPC_URL }} mvn -B quarkus:dev & #SUT_JSONRPC_URL already set
+        run: SUT_GRPC_URL=${{ env.SUT_JSONRPC_URL }} SUT_REST_URL=${{ env.SUT_JSONRPC_URL }} mvn -B quarkus:dev -Dquarkus.security.users.embedded.users.alice=${A2A_PASSWORD} &
         working-directory: tck
       - name: Wait for SUT to start
         run: |
@@ -101,12 +105,16 @@ jobs:
             sleep "$RETRY_INTERVAL"
           done
           
-      - name: Run TCK (JSONRPC)
+      - name: Run TCK
         id: run-tck
-        timeout-minutes: 5
+        timeout-minutes: 10
         run: |
           set -o pipefail
-          ./run_tck.py --sut-url ${{ env.SUT_JSONRPC_URL }} --category all --transports jsonrpc --compliance-report report.json 2>&1 | tee tck-output.log
+          export PYTHONUNBUFFERED=1
+          A2A_AUTH_TYPE=basic \
+          A2A_AUTH_USERNAME=alice \
+          A2A_AUTH_PASSWORD=$A2A_PASSWORD \
+          ./run_tck.py --sut-url ${{ env.SUT_JSONRPC_URL }} --category all --transports jsonrpc,grpc,rest --compliance-report report.json 2>&1 | tee tck-output.log
         working-directory: tck/a2a-tck
       - name: Capture Diagnostics on Failure
         if: failure()
diff --git a/tck/src/main/java/io/a2a/tck/server/AgentCardProducer.java b/tck/src/main/java/io/a2a/tck/server/AgentCardProducer.java
@@ -42,12 +42,12 @@ public AgentCard agentCard() {
                 .capabilities(AgentCapabilities.builder()
                         .streaming(true)
                         .pushNotifications(true)
+                        .extendedAgentCard(true)
                         .build())
                 .securitySchemes(Map.of("acme", HTTPAuthSecurityScheme.builder()
                        .scheme("basic")
                        .build()))
-                .security(List.of(Map.of("acme", Collections.emptyList())))
-                .supportsExtendedAgentCard(true)
+                .securityRequirements(List.of(Map.of("acme", Collections.emptyList())))
                 .defaultInputModes(Collections.singletonList("text"))
                 .defaultOutputModes(Collections.singletonList("text"))
                 .skills(Collections.singletonList(AgentSkill.builder()
diff --git a/tck/src/main/resources/application.properties b/tck/src/main/resources/application.properties
@@ -23,5 +23,4 @@ quarkus.log.console.level=INFO
 # Enable basic authentication
 quarkus.http.auth.basic=true
 quarkus.security.users.embedded.enabled=true
-quarkus.security.users.embedded.plain-text=true
-quarkus.security.users.embedded.users.alice=a2a-p4ssw0rd
+quarkus.security.users.embedded.plain-text=true
