setup automated Keycloak image builds with Woodpecker, kaniko and crane
All checks were successful
ci/woodpecker/push/keycloak Pipeline was successful
All checks were successful
ci/woodpecker/push/keycloak Pipeline was successful
This way the Keycloak host can simply pull a finished image and doesn't need to build a Keycloak image itself. Co-authored-by: c6ristian <c6ristian@christian.moe>
This commit is contained in:
commit
00158d0205
2 changed files with 70 additions and 0 deletions
56
.woodpecker/keycloak.yaml
Normal file
56
.woodpecker/keycloak.yaml
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
when:
|
||||||
|
- event: push
|
||||||
|
- event: cron
|
||||||
|
cron: daily
|
||||||
|
|
||||||
|
# Manually set a workspace path, so we can use it literally, without using
|
||||||
|
# ${CI_WORKSPACE}, when running kaniko, since using ${CI_WORKSPACE} doesn't work.
|
||||||
|
# https://github.com/woodpecker-ci/woodpecker/issues/3982
|
||||||
|
workspace:
|
||||||
|
path: src
|
||||||
|
|
||||||
|
# Use matrix to set KEYCLOAK_VERSION instead of setting the KEYCLOAK_VERSION as
|
||||||
|
# an environment variable in the build-images step, since string substitution
|
||||||
|
# doesn't work for custom environment variables.
|
||||||
|
# https://github.com/woodpecker-ci/woodpecker/issues/3983
|
||||||
|
# Also because global environment variables aren't a thing.
|
||||||
|
matrix:
|
||||||
|
KEYCLOAK_VERSION:
|
||||||
|
- 25.0
|
||||||
|
IMAGE_NAME:
|
||||||
|
- git.hamburg.ccc.de/ccchh/oci-images/keycloak
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: setup-image-path
|
||||||
|
image: alpine
|
||||||
|
commands:
|
||||||
|
- mkdir /woodpecker/images
|
||||||
|
- name: build-image
|
||||||
|
image: gcr.io/kaniko-project/executor
|
||||||
|
entrypoint:
|
||||||
|
- /kaniko/executor
|
||||||
|
- --context=dir:///woodpecker/src/keycloak
|
||||||
|
- --dockerfile=./Containerfile
|
||||||
|
- --build-arg=TAG=${KEYCLOAK_VERSION}
|
||||||
|
- --destination=${IMAGE_NAME}:${KEYCLOAK_VERSION}
|
||||||
|
- --no-push
|
||||||
|
- --tar-path=/woodpecker/images/keycloak.tar
|
||||||
|
- name: publish-image
|
||||||
|
image: alpine
|
||||||
|
secrets:
|
||||||
|
- GIT_API_TOKEN
|
||||||
|
commands:
|
||||||
|
- apk -u add crane
|
||||||
|
- crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
|
||||||
|
- crane push /woodpecker/images/keycloak.tar $IMAGE_NAME:$KEYCLOAK_VERSION
|
||||||
|
- name: tag-main-and-latest
|
||||||
|
image: alpine
|
||||||
|
when:
|
||||||
|
- branch: main
|
||||||
|
secrets:
|
||||||
|
- GIT_API_TOKEN
|
||||||
|
commands:
|
||||||
|
- apk -u add crane
|
||||||
|
- crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
|
||||||
|
- crane tag $IMAGE_NAME:$KEYCLOAK_VERSION main
|
||||||
|
- crane tag $IMAGE_NAME:$KEYCLOAK_VERSION latest
|
14
keycloak/Containerfile
Normal file
14
keycloak/Containerfile
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
ARG TAG=latest
|
||||||
|
FROM quay.io/keycloak/keycloak:${TAG} as builder
|
||||||
|
|
||||||
|
ENV KC_DB=postgres
|
||||||
|
|
||||||
|
WORKDIR /opt/keycloak
|
||||||
|
RUN /opt/keycloak/bin/kc.sh build
|
||||||
|
|
||||||
|
FROM quay.io/keycloak/keycloak:${TAG}
|
||||||
|
COPY --from=builder /opt/keycloak/ /opt/keycloak/
|
||||||
|
|
||||||
|
# Runtime options to be set in compose directly.
|
||||||
|
|
||||||
|
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
|
Loading…
Reference in a new issue