Run the "generic IMAP test suite" against Gmail.

I investigated how to manage login and user accounts. My idea to avoid the OAuth2 flow was to have a service account with access to Gmail that could impersonate an existing user. We could export the service account's private keys and pass them as secrets from CI. This way we would already be "authenticated" as the service account and would use the impersonation to obtain a valid OAuth token for the user, all of that without the UI flow and 2FA stuff. This is theoretically possible, unfortunately it requires having the account be part of a Google Workspace, which is paid ($8/month isn't that much, but I'm not willing pay for that for now) and the service account having workspace-wide access.

Alternative solution is to manually sign in once to obtain a refresh token and then rely on the refresh token being valid for at least a week or so. This way each test run would use the refresh token to obtain a new OAuth2 token to configure the resource with without having to bother with the full OAuth login flow in browser. What needs to be solved is how to automatically update the refresh token in the CI secrets, if it changes. Also if the refresh token expires, the tests will start failing until someone goes and fetches a new one.

As a last resort, we would need to go through the full OAuth login flow in a headless browser using pupeteer/selenium/whatever. This is probably the most reliable but at the same time the most fragile and complicated solution.