diff --git a/apps/emqx_auth_ldap/.ci/docker-compose.yml b/apps/emqx_auth_ldap/.ci/docker-compose.yml
new file mode 100644
index 000000000..bba9b711f
--- /dev/null
+++ b/apps/emqx_auth_ldap/.ci/docker-compose.yml
@@ -0,0 +1,26 @@
+version: '3'
+
+services:
+  erlang:
+    image: erlang:22.1
+    volumes:
+      - ../:/emqx_auth_ldap
+    networks:
+      - emqx_bridge
+    depends_on:
+      - ldap_server
+    tty: true
+
+  ldap_server:
+    build: ./emqx-ldap
+    image: emqx-ldap:1.0
+    restart: always
+    ports:
+      - 389:389
+      - 636:636
+    networks:
+      - emqx_bridge
+
+networks:
+  emqx_bridge:
+    driver: bridge
diff --git a/apps/emqx_auth_ldap/.ci/emqx-ldap/Dockerfile b/apps/emqx_auth_ldap/.ci/emqx-ldap/Dockerfile
new file mode 100644
index 000000000..0a01572c4
--- /dev/null
+++ b/apps/emqx_auth_ldap/.ci/emqx-ldap/Dockerfile
@@ -0,0 +1,26 @@
+FROM buildpack-deps:stretch
+
+ENV VERSION=2.4.50
+
+RUN apt-get update && apt-get install -y groff groff-base
+RUN wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-${VERSION}.tgz \
+    && gunzip -c openldap-${VERSION}.tgz | tar xvfB - \
+    && cd openldap-${VERSION} \
+    && ./configure && make depend && make && make install \
+    && cd .. && rm -rf  openldap-${VERSION}
+
+COPY ./slapd.conf /usr/local/etc/openldap/slapd.conf
+COPY ./emqx.io.ldif /usr/local/etc/openldap/schema/emqx.io.ldif
+COPY ./emqx.schema /usr/local/etc/openldap/schema/emqx.schema
+COPY ./*.pem /usr/local/etc/openldap/
+
+RUN mkdir -p /usr/local/etc/openldap/data \
+    && slapadd -l /usr/local/etc/openldap/schema/emqx.io.ldif -f /usr/local/etc/openldap/slapd.conf
+
+WORKDIR /usr/local/etc/openldap
+
+EXPOSE 389 636
+
+ENTRYPOINT ["/usr/local/libexec/slapd", "-h", "ldap:/// ldaps:///", "-d", "3", "-f", "/usr/local/etc/openldap/slapd.conf"]
+
+CMD []
diff --git a/apps/emqx_auth_ldap/.ci/emqx-ldap/slapd.conf b/apps/emqx_auth_ldap/.ci/emqx-ldap/slapd.conf
new file mode 100644
index 000000000..d6ba20caa
--- /dev/null
+++ b/apps/emqx_auth_ldap/.ci/emqx-ldap/slapd.conf
@@ -0,0 +1,16 @@
+include         /usr/local/etc/openldap/schema/core.schema
+include         /usr/local/etc/openldap/schema/cosine.schema
+include         /usr/local/etc/openldap/schema/inetorgperson.schema
+include         /usr/local/etc/openldap/schema/ppolicy.schema
+include         /usr/local/etc/openldap/schema/emqx.schema
+
+TLSCACertificateFile  /usr/local/etc/openldap/cacert.pem
+TLSCertificateFile    /usr/local/etc/openldap/cert.pem
+TLSCertificateKeyFile /usr/local/etc/openldap/key.pem
+
+database bdb
+suffix "dc=emqx,dc=io"
+rootdn "cn=root,dc=emqx,dc=io"
+rootpw {SSHA}eoF7NhNrejVYYyGHqnt+MdKNBh4r1w3W
+
+directory       /usr/local/etc/openldap/data
diff --git a/apps/emqx_auth_pgsql/.ci/docker-compose.yml b/apps/emqx_auth_pgsql/.ci/docker-compose.yml
new file mode 100644
index 000000000..8782a841d
--- /dev/null
+++ b/apps/emqx_auth_pgsql/.ci/docker-compose.yml
@@ -0,0 +1,30 @@
+version: '3'
+
+services:
+  erlang:
+    image: erlang:22.3
+    volumes:
+      - ../:/emqx_auth_pgsql
+    networks:
+      - emqx_bridge
+    depends_on:
+      - pgsql_server
+    tty: true
+
+  pgsql_server:
+    build:
+        context: ./pgsql
+        args:
+            BUILD_FROM: postgres:${PGSQL_TAG}
+    image: emqx-pgsql
+    restart: always
+    environment:
+      POSTGRES_PASSWORD: public
+      POSTGRES_USER: root
+      POSTGRES_DB: mqtt
+    networks:
+      - emqx_bridge
+
+networks:
+  emqx_bridge:
+    driver: bridge
diff --git a/apps/emqx_auth_pgsql/.ci/pgsql/Dockerfile b/apps/emqx_auth_pgsql/.ci/pgsql/Dockerfile
new file mode 100644
index 000000000..785bb875f
--- /dev/null
+++ b/apps/emqx_auth_pgsql/.ci/pgsql/Dockerfile
@@ -0,0 +1,8 @@
+ARG BUILD_FROM=postgres:11
+FROM ${BUILD_FROM}
+COPY pg.conf /etc/postgresql/postgresql.conf
+COPY server-cert.pem /etc/postgresql/server-cert.pem
+COPY server-key.pem /etc/postgresql/server-key.pem
+RUN chown -R postgres:postgres /etc/postgresql \
+    && chmod 600 /etc/postgresql/*.pem 
+CMD ["-c", "config_file=/etc/postgresql/postgresql.conf"]
diff --git a/apps/emqx_auth_redis/.ci/docker-compose-cluster-tls.yml b/apps/emqx_auth_redis/.ci/docker-compose-cluster-tls.yml
new file mode 100644
index 000000000..cde18759d
--- /dev/null
+++ b/apps/emqx_auth_redis/.ci/docker-compose-cluster-tls.yml
@@ -0,0 +1,39 @@
+version: '2.4'
+# network configuration is limited in version 3
+# https://github.com/docker/compose/issues/4958
+
+services:
+  erlang:
+    image: erlang:22.3
+    volumes:
+      - ../:/emqx_auth_redis
+    networks:
+      - app_net
+    depends_on:
+      - redis_cluster
+    tty: true
+
+  redis_cluster:
+    image: redis:6.0.9
+    container_name: redis-cluster
+    volumes:
+      - ../test/emqx_auth_redis_SUITE_data/certs:/tls
+      - ./redis/:/data/conf
+    command: bash -c "/bin/bash /data/conf/redis.sh -t && while true; do echo 1; sleep 1; done"
+    networks:
+      app_net:
+        # Assign a public address. Erlang container cannot find cluster nodes by network-scoped alias (redis_cluster).
+        ipv4_address: 172.16.239.10
+        ipv6_address: 2001:3200:3200::20
+
+networks:
+  app_net:
+    driver: bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.16.239.0/24
+          gateway: 172.16.239.1
+        - subnet: 2001:3200:3200::/64
+          gateway: 2001:3200:3200::1
\ No newline at end of file
diff --git a/apps/emqx_auth_redis/.ci/docker-compose-cluster.yml b/apps/emqx_auth_redis/.ci/docker-compose-cluster.yml
new file mode 100644
index 000000000..e2d023157
--- /dev/null
+++ b/apps/emqx_auth_redis/.ci/docker-compose-cluster.yml
@@ -0,0 +1,38 @@
+version: '2.4'
+# network configuration is limited in version 3
+# https://github.com/docker/compose/issues/4958
+
+services:
+  erlang:
+    image: erlang:22.3
+    volumes:
+      - ../:/emqx_auth_redis
+    networks:
+      - app_net
+    depends_on:
+      - redis_cluster
+    tty: true
+
+  redis_cluster:
+    image: redis:${REDIS_TAG}
+    container_name: redis-cluster
+    volumes:
+      - ./redis/:/data/conf
+    command: bash -c "/bin/bash /data/conf/redis.sh && while true; do echo 1; sleep 1; done"
+    networks:
+      app_net:
+        # Assign a public address. Erlang container cannot find cluster nodes by network-scoped alias (redis_cluster).
+        ipv4_address: 172.16.239.10
+        ipv6_address: 2001:3200:3200::20
+
+networks:
+  app_net:
+    driver: bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.16.239.0/24
+          gateway: 172.16.239.1
+        - subnet: 2001:3200:3200::/64
+          gateway: 2001:3200:3200::1
\ No newline at end of file
diff --git a/apps/emqx_auth_redis/.ci/docker-compose-tls.yml b/apps/emqx_auth_redis/.ci/docker-compose-tls.yml
new file mode 100644
index 000000000..2247cd21b
--- /dev/null
+++ b/apps/emqx_auth_redis/.ci/docker-compose-tls.yml
@@ -0,0 +1,31 @@
+version: '3'
+
+services:
+  erlang:
+    image: erlang:22.3
+    volumes:
+      - ../:/emqx_auth_redis
+    networks:
+      - emqx_bridge
+    depends_on:
+      - redis_server
+    tty: true
+
+  redis_server:
+    image: redis:6.0.9
+    volumes:
+      - ../test/emqx_auth_redis_SUITE_data/certs:/tls
+    command:
+      - redis-server
+      - "--bind 0.0.0.0 ::"
+      - --tls-port 6380
+      - --tls-cert-file /tls/redis.crt
+      - --tls-key-file /tls/redis.key
+      - --tls-ca-cert-file /tls/ca.crt
+    restart: always
+    networks:
+      - emqx_bridge
+
+networks:
+  emqx_bridge:
+    driver: bridge
diff --git a/apps/emqx_auth_redis/.ci/docker-compose.yml b/apps/emqx_auth_redis/.ci/docker-compose.yml
new file mode 100644
index 000000000..6716262ad
--- /dev/null
+++ b/apps/emqx_auth_redis/.ci/docker-compose.yml
@@ -0,0 +1,25 @@
+version: '3'
+
+services:
+  erlang:
+    image: erlang:22.3
+    volumes:
+      - ../:/emqx_auth_redis    
+    networks:
+      - emqx_bridge
+    depends_on:
+      - redis_server
+    tty: true
+
+  redis_server:
+    image: redis:${REDIS_TAG}
+    command:
+        - redis-server
+        - "--bind 0.0.0.0 ::"
+    restart: always
+    networks:
+      - emqx_bridge
+
+networks:
+  emqx_bridge:
+    driver: bridge
diff --git a/apps/emqx_auth_redis/.ci/redis/redis.conf b/apps/emqx_auth_redis/.ci/redis/redis.conf
new file mode 100644
index 000000000..ceb996960
--- /dev/null
+++ b/apps/emqx_auth_redis/.ci/redis/redis.conf
@@ -0,0 +1,3 @@
+cluster-enabled      yes
+cluster-node-timeout 10000
+bind 0.0.0.0 :: 
\ No newline at end of file
diff --git a/apps/emqx_auth_redis/.ci/redis/redis.sh b/apps/emqx_auth_redis/.ci/redis/redis.sh
new file mode 100755
index 000000000..44da4abed
--- /dev/null
+++ b/apps/emqx_auth_redis/.ci/redis/redis.sh
@@ -0,0 +1,71 @@
+#!/bin/bash
+
+tls=false;
+while getopts t OPT
+do
+    case $OPT in
+        t)  tls=true
+            ;;
+        \?) exit
+            ;;
+    esac
+done
+
+rm -f \
+    /data/conf/r7000i.log \
+    /data/conf/r7001i.log \
+    /data/conf/r7002i.log \
+    /data/conf/nodes.7000.conf \
+    /data/conf/nodes.7001.conf \
+    /data/conf/nodes.7002.conf ;
+
+if  $tls ; then
+  redis-server /data/conf/redis.conf --port 7000 --cluster-config-file /data/conf/nodes.7000.conf --daemonize yes \
+                                     --tls-port 8000 \
+                                     --tls-cert-file /tls/redis.crt \
+                                     --tls-key-file /tls/redis.key \
+                                     --tls-ca-cert-file /tls/ca.crt
+  redis-server /data/conf/redis.conf --port 7001 --cluster-config-file /data/conf/nodes.7001.conf --daemonize yes \
+                                     --tls-port 8001 \
+                                     --tls-cert-file /tls/redis.crt \
+                                     --tls-key-file /tls/redis.key \
+                                     --tls-ca-cert-file /tls/ca.crt
+  redis-server /data/conf/redis.conf --port 7002 --cluster-config-file /data/conf/nodes.7002.conf --daemonize yes \
+                                     --tls-port 8002 \
+                                     --tls-cert-file /tls/redis.crt \
+                                     --tls-key-file /tls/redis.key \
+                                     --tls-ca-cert-file /tls/ca.crt
+else
+  redis-server /data/conf/redis.conf --port 7000 --cluster-config-file /data/conf/nodes.7000.conf --daemonize yes ;
+  redis-server /data/conf/redis.conf --port 7001 --cluster-config-file /data/conf/nodes.7001.conf --daemonize yes ;
+  redis-server /data/conf/redis.conf --port 7002 --cluster-config-file /data/conf/nodes.7002.conf --daemonize yes ;
+fi
+
+REDIS_LOAD_FLG=true;
+
+while $REDIS_LOAD_FLG;
+do
+    sleep 1;
+    redis-cli -p 7000 info 1> /data/conf/r7000i.log 2> /dev/null;
+    if [ -s /data/conf/r7000i.log ]; then
+        :
+    else
+        continue;
+    fi
+    redis-cli -p 7001 info 1> /data/conf/r7001i.log 2> /dev/null;
+    if [ -s /data/conf/r7001i.log ]; then
+        :
+    else
+        continue;
+    fi
+    redis-cli -p 7002 info 1> /data/conf/r7002i.log 2> /dev/null;
+    if [ -s /data/conf/r7002i.log ]; then
+        :
+    else
+        continue;
+    fi
+    yes "yes" | redis-cli --cluster create 172.16.239.10:7000 172.16.239.10:7001 172.16.239.10:7002;
+    REDIS_LOAD_FLG=false;
+done
+
+exit 0;
diff --git a/sync-apps.sh b/sync-apps.sh
index 259d8db88..34cde0924 100755
--- a/sync-apps.sh
+++ b/sync-apps.sh
@@ -86,7 +86,7 @@ cleanup_app(){
     local app="$1"
     pushd "apps/$app"
     rm -f Makefile rebar.config.script LICENSE src/*.app.src.script src/*.appup.src
-    rm -rf ".github" ".ci"
+    rm -rf ".github"
     # restore rebar.config and app.src
     git checkout rebar.config
     git checkout src/*.app.src