setup automated Keycloak image builds with Woodpecker, kaniko and crane
All checks were successful
ci/woodpecker/push/keycloak Pipeline was successful
All checks were successful
ci/woodpecker/push/keycloak Pipeline was successful
This way the Keycloak host can simply pull a finished image and doesn't need to build a Keycloak image itself. Co-authored-by: c6ristian <c6ristian@christian.moe>
This commit is contained in:
commit
00158d0205
SSH key fingerprint:
SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
56
.woodpecker/keycloak.yaml
Normal file
56
.woodpecker/keycloak.yaml
Normal file
|
|
@ -0,0 +1,56 @@
|
|||
when:
|
||||
- event: push
|
||||
- event: cron
|
||||
cron: daily
|
||||
|
||||
# Manually set a workspace path, so we can use it literally, without using
|
||||
# ${CI_WORKSPACE}, when running kaniko, since using ${CI_WORKSPACE} doesn't work.
|
||||
# https://github.com/woodpecker-ci/woodpecker/issues/3982
|
||||
workspace:
|
||||
path: src
|
||||
|
||||
# Use matrix to set KEYCLOAK_VERSION instead of setting the KEYCLOAK_VERSION as
|
||||
# an environment variable in the build-images step, since string substitution
|
||||
# doesn't work for custom environment variables.
|
||||
# https://github.com/woodpecker-ci/woodpecker/issues/3983
|
||||
# Also because global environment variables aren't a thing.
|
||||
matrix:
|
||||
KEYCLOAK_VERSION:
|
||||
- 25.0
|
||||
IMAGE_NAME:
|
||||
- git.hamburg.ccc.de/ccchh/oci-images/keycloak
|
||||
|
||||
steps:
|
||||
- name: setup-image-path
|
||||
image: alpine
|
||||
commands:
|
||||
- mkdir /woodpecker/images
|
||||
- name: build-image
|
||||
image: gcr.io/kaniko-project/executor
|
||||
entrypoint:
|
||||
- /kaniko/executor
|
||||
- --context=dir:///woodpecker/src/keycloak
|
||||
- --dockerfile=./Containerfile
|
||||
- --build-arg=TAG=${KEYCLOAK_VERSION}
|
||||
- --destination=${IMAGE_NAME}:${KEYCLOAK_VERSION}
|
||||
- --no-push
|
||||
- --tar-path=/woodpecker/images/keycloak.tar
|
||||
- name: publish-image
|
||||
image: alpine
|
||||
secrets:
|
||||
- GIT_API_TOKEN
|
||||
commands:
|
||||
- apk -u add crane
|
||||
- crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
|
||||
- crane push /woodpecker/images/keycloak.tar $IMAGE_NAME:$KEYCLOAK_VERSION
|
||||
- name: tag-main-and-latest
|
||||
image: alpine
|
||||
when:
|
||||
- branch: main
|
||||
secrets:
|
||||
- GIT_API_TOKEN
|
||||
commands:
|
||||
- apk -u add crane
|
||||
- crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
|
||||
- crane tag $IMAGE_NAME:$KEYCLOAK_VERSION main
|
||||
- crane tag $IMAGE_NAME:$KEYCLOAK_VERSION latest
|
||||
14
keycloak/Containerfile
Normal file
14
keycloak/Containerfile
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
ARG TAG=latest
|
||||
FROM quay.io/keycloak/keycloak:${TAG} as builder
|
||||
|
||||
ENV KC_DB=postgres
|
||||
|
||||
WORKDIR /opt/keycloak
|
||||
RUN /opt/keycloak/bin/kc.sh build
|
||||
|
||||
FROM quay.io/keycloak/keycloak:${TAG}
|
||||
COPY --from=builder /opt/keycloak/ /opt/keycloak/
|
||||
|
||||
# Runtime options to be set in compose directly.
|
||||
|
||||
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
|
||||
Loading…
Reference in a new issue