From 00158d0205c8a372b181d5d728ff9fd9350a1db4 Mon Sep 17 00:00:00 2001 From: Julian Schacher Date: Sat, 27 Jul 2024 01:16:31 +0200 Subject: [PATCH] setup automated Keycloak image builds with Woodpecker, kaniko and crane This way the Keycloak host can simply pull a finished image and doesn't need to build a Keycloak image itself. Co-authored-by: c6ristian --- .woodpecker/keycloak.yaml | 56 +++++++++++++++++++++++++++++++++++++++ keycloak/Containerfile | 14 ++++++++++ 2 files changed, 70 insertions(+) create mode 100644 .woodpecker/keycloak.yaml create mode 100644 keycloak/Containerfile diff --git a/.woodpecker/keycloak.yaml b/.woodpecker/keycloak.yaml new file mode 100644 index 0000000..168e5e8 --- /dev/null +++ b/.woodpecker/keycloak.yaml @@ -0,0 +1,56 @@ +when: + - event: push + - event: cron + cron: daily + +# Manually set a workspace path, so we can use it literally, without using +# ${CI_WORKSPACE}, when running kaniko, since using ${CI_WORKSPACE} doesn't work. +# https://github.com/woodpecker-ci/woodpecker/issues/3982 +workspace: + path: src + +# Use matrix to set KEYCLOAK_VERSION instead of setting the KEYCLOAK_VERSION as +# an environment variable in the build-images step, since string substitution +# doesn't work for custom environment variables. +# https://github.com/woodpecker-ci/woodpecker/issues/3983 +# Also because global environment variables aren't a thing. +matrix: + KEYCLOAK_VERSION: + - 25.0 + IMAGE_NAME: + - git.hamburg.ccc.de/ccchh/oci-images/keycloak + +steps: + - name: setup-image-path + image: alpine + commands: + - mkdir /woodpecker/images + - name: build-image + image: gcr.io/kaniko-project/executor + entrypoint: + - /kaniko/executor + - --context=dir:///woodpecker/src/keycloak + - --dockerfile=./Containerfile + - --build-arg=TAG=${KEYCLOAK_VERSION} + - --destination=${IMAGE_NAME}:${KEYCLOAK_VERSION} + - --no-push + - --tar-path=/woodpecker/images/keycloak.tar + - name: publish-image + image: alpine + secrets: + - GIT_API_TOKEN + commands: + - apk -u add crane + - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN + - crane push /woodpecker/images/keycloak.tar $IMAGE_NAME:$KEYCLOAK_VERSION + - name: tag-main-and-latest + image: alpine + when: + - branch: main + secrets: + - GIT_API_TOKEN + commands: + - apk -u add crane + - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN + - crane tag $IMAGE_NAME:$KEYCLOAK_VERSION main + - crane tag $IMAGE_NAME:$KEYCLOAK_VERSION latest diff --git a/keycloak/Containerfile b/keycloak/Containerfile new file mode 100644 index 0000000..e4149bd --- /dev/null +++ b/keycloak/Containerfile @@ -0,0 +1,14 @@ +ARG TAG=latest +FROM quay.io/keycloak/keycloak:${TAG} as builder + +ENV KC_DB=postgres + +WORKDIR /opt/keycloak +RUN /opt/keycloak/bin/kc.sh build + +FROM quay.io/keycloak/keycloak:${TAG} +COPY --from=builder /opt/keycloak/ /opt/keycloak/ + +# Runtime options to be set in compose directly. + +ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]