From 9d5d81854fd04aabe549e864ab2672fe728383d7 Mon Sep 17 00:00:00 2001
From: lilly <li@lly.sh>
Date: Fri, 15 May 2026 09:40:53 +0200
Subject: [PATCH] migrate keycloak workflows to forgejo actions

---
 .forgejo/workflows/build_keycloak.yml | 47 +++++++++++++++
 .woodpecker/keycloak.yaml             | 85 ---------------------------
 2 files changed, 47 insertions(+), 85 deletions(-)
 create mode 100644 .forgejo/workflows/build_keycloak.yml
 delete mode 100644 .woodpecker/keycloak.yaml

diff --git a/.forgejo/workflows/build_keycloak.yml b/.forgejo/workflows/build_keycloak.yml
new file mode 100644
index 0000000..7403007
--- /dev/null
+++ b/.forgejo/workflows/build_keycloak.yml
@@ -0,0 +1,47 @@
+name: Build Keycloak
+
+on:
+  workflow_dispatch: {}
+  push: {}
+  schedule:
+    - cron: "@daily"
+
+jobs:
+  build-container:
+    name: Build Keycloak Image
+    runs-on: docker
+    container:
+      image: ghcr.io/osscontainertools/kaniko:alpine
+    strategy:
+      matrix:
+         # renovate: datasource=docker depName=quay.io/keycloak/keycloak
+        keycloak-version: [ 26.6.0 ]
+    steps:
+      - name: Install required system packages
+        run: apk add --no-cache nodejs maven git
+
+      - name: Checkout Source Code
+        uses: actions/checkout@v6
+
+      - name: Build attribute-endpoints-provider
+        run: |
+          git clone https://git.hamburg.ccc.de/CCCHH/keycloak-attribute-endpoints-provider.git
+          cd keycloak-attribute-endpoints-provider
+          mvn -f attribute-endpoints-provider verify
+          cp attribute-endpoints-provider/target/attribute-endpoints-provider-1.0-SNAPSHOT.jar ${{ forgejo.workspace }}/keycloak/attribute-endpoints-provider.jar
+
+      - name: Build Container
+        env:
+          KANIKO_NO_PUSH: ${{ forgejo.ref_name != 'main' }}
+          KANIKO_GIT_HAMBURG_CCC_DE_USER: forgejo-actions
+          KANIKO_GIT_HAMBURG_CCC_DE_PASSWORD: ${{ secrets.PACKAGES_TOKEN }}
+        run: /kaniko/executor
+          --dockerfile="${{forgejo.workspace }}/keycloak/Containerfile"
+          --context="dir://${{ forgejo.workspace }}/keycloak"
+          --build-arg=TAG=${{ matrix.keycloak-version }}
+          --destination=git.hamburg.ccc.de/ccchh/oci-images/keycloak:${{ matrix.keycloak-version }}
+          --no-push-cache
+          --credential-helpers=env
+          --annotation=org.opencontainers.image.ref.name=keycloak
+          --annotation=org.opencontainers.image.url=${{ forgejo.server_url }}/${{ forgejo.repository }}
+          --annotation=org.opencontainers.image.source=${{ forgejo.server_url }}/${{ forgejo.repository }}
diff --git a/.woodpecker/keycloak.yaml b/.woodpecker/keycloak.yaml
deleted file mode 100644
index 2f76bd8..0000000
--- a/.woodpecker/keycloak.yaml
+++ /dev/null
@@ -1,85 +0,0 @@
-when:
-  - event: push
-    path: 
-      - 'keycloak/**'
-      - '.woodpecker/keycloak.yaml'
-  - event: cron
-    cron: daily
-
-# Manually set a workspace path, so we can use it literally, without using
-# ${CI_WORKSPACE}, when running kaniko, since using ${CI_WORKSPACE} doesn't work.
-# https://github.com/woodpecker-ci/woodpecker/issues/3982
-workspace:
-  path: src
-
-# Use matrix to set KEYCLOAK_VERSION instead of setting the KEYCLOAK_VERSION as
-# an environment variable in the build-images step, since string substitution
-# doesn't work for custom environment variables.
-# https://github.com/woodpecker-ci/woodpecker/issues/3983
-# Also because global environment variables aren't a thing.
-matrix:
-  KEYCLOAK_VERSION:
-    # renovate: datasource=docker depName=quay.io/keycloak/keycloak
-    - 26.6.0
-  IMAGE_NAME:
-  - git.hamburg.ccc.de/ccchh/oci-images/keycloak
-
-steps:
-  - name: setup-image-path
-    image: alpine
-    commands:
-      - mkdir /woodpecker/images
-
-  - name: build-attribute-endpoints-provider
-    image: alpine
-    commands:
-      - apk -u add maven git
-      - git clone https://git.hamburg.ccc.de/CCCHH/keycloak-attribute-endpoints-provider.git
-      - cd keycloak-attribute-endpoints-provider
-      - mvn -f attribute-endpoints-provider verify
-      - cp attribute-endpoints-provider/target/attribute-endpoints-provider-1.0-SNAPSHOT.jar /woodpecker/src/keycloak/attribute-endpoints-provider.jar
-
-  - name: build-image
-    image: gcr.io/kaniko-project/executor
-    entrypoint:
-      - /kaniko/executor
-      - --context=dir:///woodpecker/src/keycloak
-      - --dockerfile=./Containerfile
-      - --build-arg=TAG=${KEYCLOAK_VERSION}
-      - --destination=${IMAGE_NAME}:${KEYCLOAK_VERSION}
-      - --no-push
-      - --tar-path=/woodpecker/images/keycloak.tar
-
-  - name: publish-image
-    image: alpine
-    environment:
-      GIT_API_TOKEN:
-        from_secret: GIT_API_TOKEN
-    commands:
-      - apk -u add crane
-      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
-      - crane push /woodpecker/images/keycloak.tar $IMAGE_NAME:$KEYCLOAK_VERSION-$CI_COMMIT_BRANCH
-
-  - name: tag-version
-    image: alpine
-    when:
-      - branch: main
-    environment:
-      GIT_API_TOKEN:
-        from_secret: GIT_API_TOKEN
-    commands:
-      - apk -u add crane
-      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
-      - crane tag $IMAGE_NAME:$KEYCLOAK_VERSION-$CI_COMMIT_BRANCH $KEYCLOAK_VERSION
-
-  - name: tag-latest
-    image: alpine
-    when:
-      - branch: main
-    environment:
-      GIT_API_TOKEN:
-        from_secret: GIT_API_TOKEN
-    commands:
-      - apk -u add crane
-      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
-      - crane tag $IMAGE_NAME:$KEYCLOAK_VERSION-$CI_COMMIT_BRANCH latest