From 00158d0205c8a372b181d5d728ff9fd9350a1db4 Mon Sep 17 00:00:00 2001
From: Julian Schacher <julian@jsts.xyz>
Date: Sat, 27 Jul 2024 01:16:31 +0200
Subject: [PATCH] setup automated Keycloak image builds with Woodpecker, kaniko
 and crane

This way the Keycloak host can simply pull a finished image and doesn't
need to build a Keycloak image itself.

Co-authored-by: c6ristian <c6ristian@christian.moe>
---
 .woodpecker/keycloak.yaml | 56 +++++++++++++++++++++++++++++++++++++++
 keycloak/Containerfile    | 14 ++++++++++
 2 files changed, 70 insertions(+)
 create mode 100644 .woodpecker/keycloak.yaml
 create mode 100644 keycloak/Containerfile

diff --git a/.woodpecker/keycloak.yaml b/.woodpecker/keycloak.yaml
new file mode 100644
index 0000000..168e5e8
--- /dev/null
+++ b/.woodpecker/keycloak.yaml
@@ -0,0 +1,56 @@
+when:
+  - event: push
+  - event: cron
+    cron: daily
+
+# Manually set a workspace path, so we can use it literally, without using
+# ${CI_WORKSPACE}, when running kaniko, since using ${CI_WORKSPACE} doesn't work.
+# https://github.com/woodpecker-ci/woodpecker/issues/3982
+workspace:
+  path: src
+
+# Use matrix to set KEYCLOAK_VERSION instead of setting the KEYCLOAK_VERSION as
+# an environment variable in the build-images step, since string substitution
+# doesn't work for custom environment variables.
+# https://github.com/woodpecker-ci/woodpecker/issues/3983
+# Also because global environment variables aren't a thing.
+matrix:
+  KEYCLOAK_VERSION:
+    - 25.0
+  IMAGE_NAME:
+  - git.hamburg.ccc.de/ccchh/oci-images/keycloak
+
+steps:
+  - name: setup-image-path
+    image: alpine
+    commands:
+      - mkdir /woodpecker/images
+  - name: build-image
+    image: gcr.io/kaniko-project/executor
+    entrypoint:
+      - /kaniko/executor
+      - --context=dir:///woodpecker/src/keycloak
+      - --dockerfile=./Containerfile
+      - --build-arg=TAG=${KEYCLOAK_VERSION}
+      - --destination=${IMAGE_NAME}:${KEYCLOAK_VERSION}
+      - --no-push
+      - --tar-path=/woodpecker/images/keycloak.tar
+  - name: publish-image
+    image: alpine
+    secrets:
+      - GIT_API_TOKEN
+    commands:
+      - apk -u add crane
+      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
+      - crane push /woodpecker/images/keycloak.tar $IMAGE_NAME:$KEYCLOAK_VERSION
+  - name: tag-main-and-latest
+    image: alpine
+    when:
+      - branch: main
+    secrets:
+      - GIT_API_TOKEN
+    commands:
+      - apk -u add crane
+      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
+      - crane tag $IMAGE_NAME:$KEYCLOAK_VERSION main
+      - crane tag $IMAGE_NAME:$KEYCLOAK_VERSION latest
diff --git a/keycloak/Containerfile b/keycloak/Containerfile
new file mode 100644
index 0000000..e4149bd
--- /dev/null
+++ b/keycloak/Containerfile
@@ -0,0 +1,14 @@
+ARG TAG=latest
+FROM quay.io/keycloak/keycloak:${TAG} as builder
+
+ENV KC_DB=postgres
+
+WORKDIR /opt/keycloak
+RUN /opt/keycloak/bin/kc.sh build
+
+FROM quay.io/keycloak/keycloak:${TAG}
+COPY --from=builder /opt/keycloak/ /opt/keycloak/
+
+# Runtime options to be set in compose directly.
+
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]