From 873d51c7b94238481b818601e3a636ae5140e267 Mon Sep 17 00:00:00 2001 From: Renovate Date: Wed, 8 Apr 2026 09:31:25 +0000 Subject: [PATCH 01/12] Update quay.io/keycloak/keycloak Docker tag to v26.6.0 --- .woodpecker/keycloak.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.woodpecker/keycloak.yaml b/.woodpecker/keycloak.yaml index 1414999..2f76bd8 100644 --- a/.woodpecker/keycloak.yaml +++ b/.woodpecker/keycloak.yaml @@ -20,7 +20,7 @@ workspace: matrix: KEYCLOAK_VERSION: # renovate: datasource=docker depName=quay.io/keycloak/keycloak - - 26.5.7 + - 26.6.0 IMAGE_NAME: - git.hamburg.ccc.de/ccchh/oci-images/keycloak From 897ed8581369d0ea3cb3cd22dfa87686d84e71aa Mon Sep 17 00:00:00 2001 From: lilly Date: Fri, 15 May 2026 09:06:44 +0200 Subject: [PATCH 02/12] replace nextcloud image building with forgejo-actions --- .forgejo/workflows/build_nextcloud.yml | 39 +++++++++++++ .woodpecker/nextcloud.yaml | 78 -------------------------- 2 files changed, 39 insertions(+), 78 deletions(-) create mode 100644 .forgejo/workflows/build_nextcloud.yml delete mode 100644 .woodpecker/nextcloud.yaml diff --git a/.forgejo/workflows/build_nextcloud.yml b/.forgejo/workflows/build_nextcloud.yml new file mode 100644 index 0000000..e69aaeb --- /dev/null +++ b/.forgejo/workflows/build_nextcloud.yml @@ -0,0 +1,39 @@ +name: Build Nextcloud + +on: + workflow_dispatch: {} + push: {} + schedule: + - cron: "@daily" + +jobs: + build-container: + name: Build Container + runs-on: docker + container: + image: ghcr.io/osscontainertools/kaniko:alpine + strategy: + matrix: + nextcloud-version: [ 30, 31, 32 ] + steps: + - name: Install required system packages + run: apk add --no-cache nodejs + + - name: Build Container + uses: actions/checkout@v6 + + - name: Build Container + env: + KANIKO_NO_PUSH: ${{ forgejo.ref_name != 'main' }} + KANIKO_GIT_HAMBURG_CCC_DE_USER: forgejo-actions + KANIKO_GIT_HAMBURG_CCC_DE_PASSWORD: ${{ secrets.PACKAGES_TOKEN }} + run: /kaniko/executor + --dockerfile="${{forgejo.workspace }}/Containerfile" + --context="dir://${{ forgejo.workspace }}/nextcloud" + --build-arg=TAG=${{ matrix.nextcloud-version }} + --destination=git.hamburg.ccc.de/ccchh/oci-images/nextcloud:${{ matrix.nextcloud-version }} + --no-push-cache + --credential-helpers=env + --annotation=org.opencontainers.image.ref.name=nextcloud + --annotation=org.opencontainers.image.url=${{ forgejo.server_url }}/${{ forgejo.repository }} + --annotation=org.opencontainers.image.source=${{ forgejo.server_url }}/${{ forgejo.repository }} diff --git a/.woodpecker/nextcloud.yaml b/.woodpecker/nextcloud.yaml deleted file mode 100644 index 4639448..0000000 --- a/.woodpecker/nextcloud.yaml +++ /dev/null @@ -1,78 +0,0 @@ -when: - - event: push - path: - - 'nextcloud/**' - - '.woodpecker/nextcloud.yaml' - - event: cron - cron: daily - -# Manually set a workspace path, so we can use it literally, without using -# ${CI_WORKSPACE}, when running kaniko, since using ${CI_WORKSPACE} doesn't work. -# https://github.com/woodpecker-ci/woodpecker/issues/3982 -workspace: - path: src - -# Use matrix to set NEXTCLOUD_VERSION instead of setting the NEXTCLOUD_VERSION as -# an environment variable in the build-images step, since string substitution -# doesn't work for custom environment variables. -# https://github.com/woodpecker-ci/woodpecker/issues/3983 -# Also because global environment variables aren't a thing. -matrix: - NEXTCLOUD_VERSION: - - 30 - - 31 - - 32 - IMAGE_NAME: - - git.hamburg.ccc.de/ccchh/oci-images/nextcloud - -steps: - - name: setup-image-path - image: docker.io/library/alpine - commands: - - mkdir /woodpecker/images - - - name: build-image - image: gcr.io/kaniko-project/executor - entrypoint: - - /kaniko/executor - - --context=dir:///woodpecker/src/nextcloud - - --dockerfile=./Containerfile - - --build-arg=TAG=${NEXTCLOUD_VERSION} - - --destination=${IMAGE_NAME}:${NEXTCLOUD_VERSION} - - --no-push - - --tar-path=/woodpecker/images/nextcloud.tar - - - name: publish-image - image: docker.io/library/alpine - environment: - GIT_API_TOKEN: - from_secret: GIT_API_TOKEN - commands: - - apk -u add crane - - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN - - crane push /woodpecker/images/nextcloud.tar $IMAGE_NAME:$NEXTCLOUD_VERSION-$CI_COMMIT_BRANCH - - - name: tag-version - image: docker.io/library/alpine - when: - - branch: main - environment: - GIT_API_TOKEN: - from_secret: GIT_API_TOKEN - commands: - - apk -u add crane - - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN - - crane tag $IMAGE_NAME:$NEXTCLOUD_VERSION-$CI_COMMIT_BRANCH $NEXTCLOUD_VERSION - - - name: tag-latest - image: docker.io/library/alpine - when: - - branch: main - evaluate: 'NEXTCLOUD_VERSION == "29"' - environment: - GIT_API_TOKEN: - from_secret: GIT_API_TOKEN - commands: - - apk -u add crane - - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN - - crane tag $IMAGE_NAME:$NEXTCLOUD_VERSION-$CI_COMMIT_BRANCH latest From 1f89b8f89a23d30e23c3c1dcb9e02fefb13a82a0 Mon Sep 17 00:00:00 2001 From: lilly Date: Fri, 15 May 2026 09:10:12 +0200 Subject: [PATCH 03/12] fix nextcloud ci not specifying containerfile path correctly --- .forgejo/workflows/build_nextcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/build_nextcloud.yml b/.forgejo/workflows/build_nextcloud.yml index e69aaeb..c9a60cf 100644 --- a/.forgejo/workflows/build_nextcloud.yml +++ b/.forgejo/workflows/build_nextcloud.yml @@ -28,7 +28,7 @@ jobs: KANIKO_GIT_HAMBURG_CCC_DE_USER: forgejo-actions KANIKO_GIT_HAMBURG_CCC_DE_PASSWORD: ${{ secrets.PACKAGES_TOKEN }} run: /kaniko/executor - --dockerfile="${{forgejo.workspace }}/Containerfile" + --dockerfile="${{forgejo.workspace }}/nextcloud/Containerfile" --context="dir://${{ forgejo.workspace }}/nextcloud" --build-arg=TAG=${{ matrix.nextcloud-version }} --destination=git.hamburg.ccc.de/ccchh/oci-images/nextcloud:${{ matrix.nextcloud-version }} From dde5375ab53b99a0dee42758cf4eeb145ef0029c Mon Sep 17 00:00:00 2001 From: lilly Date: Fri, 15 May 2026 09:10:55 +0200 Subject: [PATCH 04/12] use more descriptive CI job names for nextcloud image building --- .forgejo/workflows/build_nextcloud.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/build_nextcloud.yml b/.forgejo/workflows/build_nextcloud.yml index c9a60cf..0f0619c 100644 --- a/.forgejo/workflows/build_nextcloud.yml +++ b/.forgejo/workflows/build_nextcloud.yml @@ -8,7 +8,7 @@ on: jobs: build-container: - name: Build Container + name: Build Nextcloud ${{ matrix.nextcloud-version }} Image runs-on: docker container: image: ghcr.io/osscontainertools/kaniko:alpine @@ -19,7 +19,7 @@ jobs: - name: Install required system packages run: apk add --no-cache nodejs - - name: Build Container + - name: Checkout Source Code uses: actions/checkout@v6 - name: Build Container From c741c9defcf5e04ece4f5b2b37c4c9979dfa26f3 Mon Sep 17 00:00:00 2001 From: lilly Date: Fri, 15 May 2026 09:13:06 +0200 Subject: [PATCH 05/12] migrate penpot image building to forgejo actions --- .forgejo/workflows/build_penpot.yml | 62 ++++++++++++++++++ .woodpecker/penpot.yaml | 98 ----------------------------- 2 files changed, 62 insertions(+), 98 deletions(-) create mode 100644 .forgejo/workflows/build_penpot.yml delete mode 100644 .woodpecker/penpot.yaml diff --git a/.forgejo/workflows/build_penpot.yml b/.forgejo/workflows/build_penpot.yml new file mode 100644 index 0000000..fd219db --- /dev/null +++ b/.forgejo/workflows/build_penpot.yml @@ -0,0 +1,62 @@ +name: Build Penpot + +on: + workflow_dispatch: {} + push: {} + schedule: + - cron: "@daily" + +jobs: + build-container: + name: Build Image penpot-${{ matrix.image-type }}:${{ matrix.penpot-version }} + runs-on: docker + container: + image: ghcr.io/osscontainertools/kaniko:alpine + strategy: + matrix: + penpot-version: [ "2.1.2" ] + image-type: [ frontend, backend, exporter ] + steps: + - name: Install required system packages + run: apk add --no-cache nodejs + + - name: Setup penpot repo + uses: actions/checkout@v6 + with: + github-server-url: github.com + repository: penpot/penpot + ref: ${{ matrix.image-penpot-version }} + submodules: recursive + path: penpot + + - name: Patch penpot to work with kaniko + run: | + # Get build system patch allowing for building images with kaniko. + # https://github.com/penpot/penpot/pull/4945 + # https://github.com/penpot/penpot/pull/4945/commits/752574bac789cc90cc218004bb9545cc6239895d + curl https://github.com/penpot/penpot/commit/752574bac789cc90cc218004bb9545cc6239895d.patch > 0001-move-entire-image-build-process-into-Dockerfiles.patch + + # Get patch disallowing registration with invitation token, when disable-login-with-password flag is set. + # https://github.com/penpot/penpot/issues/4975 + # https://github.com/june128/penpot/commit/f799da132bf5a51015859031f45154172fbf7cd0 + curl https://github.com/june128/penpot/commit/f799da132bf5a51015859031f45154172fbf7cd0.patch > 0002-hotfix-dont-allow-registration-with-invite-if-password-login- + + # apply patches + git config user.name "Woodpecker" + git config user.email "woodpecker@woodpecker.invalid" + git am *.patch + + - name: Build Container + env: + KANIKO_NO_PUSH: ${{ forgejo.ref_name != 'main' }} + KANIKO_GIT_HAMBURG_CCC_DE_USER: forgejo-actions + KANIKO_GIT_HAMBURG_CCC_DE_PASSWORD: ${{ secrets.PACKAGES_TOKEN }} + run: /kaniko/executor + --dockerfile="${{forgejo.workspace }}/penpot/Containerfile" + --context="dir://${{ forgejo.workspace }}/penpot/docker/images/Dockerfile.${{ matrix.image-type }}" + --destination=git.hamburg.ccc.de/ccchh/oci-images/penpot-${{ matrix.image-type }}:${{ matrix.penpot-version }} + --no-push-cache + --credential-helpers=env + --annotation=org.opencontainers.image.ref.name=penpot-${{ matrix.image-type }} + --annotation=org.opencontainers.image.url=${{ forgejo.server_url }}/${{ forgejo.repository }} + --annotation=org.opencontainers.image.source=${{ forgejo.server_url }}/${{ forgejo.repository }} diff --git a/.woodpecker/penpot.yaml b/.woodpecker/penpot.yaml deleted file mode 100644 index 8cedcbe..0000000 --- a/.woodpecker/penpot.yaml +++ /dev/null @@ -1,98 +0,0 @@ -when: - - event: push - path: - - 'penpot/**' - - '.woodpecker/penpot.yaml' - - event: cron - cron: daily - -# Manually set a workspace path, so we can use it literally, without using -# ${CI_WORKSPACE}, when running kaniko, since using ${CI_WORKSPACE} doesn't work. -# https://github.com/woodpecker-ci/woodpecker/issues/3982 -workspace: - path: src - -# Use matrix to set PENPOT_VERSION instead of setting the PENPOT_VERSION as an -# environment variable in the build-images step, since string substitution -# doesn't work for custom environment variables. -# https://github.com/woodpecker-ci/woodpecker/issues/3983 -# Also because global environment variables aren't a thing. -matrix: - PENPOT_VERSION: - - 2.1.2 - IMAGE_BASE_NAME: - - git.hamburg.ccc.de/ccchh/oci-images/penpot - IMAGE_TYPE: - - frontend - - backend - - exporter - -steps: - - name: setup-image-path - image: alpine - commands: - - mkdir /woodpecker/images - - - name: setup-penpot-repo - image: alpine - commands: - - apk -u add git curl - - git clone --branch $PENPOT_VERSION https://github.com/penpot/penpot.git /woodpecker/penpot - - cd /woodpecker/penpot - - git submodule update --init --recursive - # Get build system patch allowing for building images with kaniko. - # https://github.com/penpot/penpot/pull/4945 - # https://github.com/penpot/penpot/pull/4945/commits/752574bac789cc90cc218004bb9545cc6239895d - - curl https://github.com/penpot/penpot/commit/752574bac789cc90cc218004bb9545cc6239895d.patch > 0001-move-entire-image-build-process-into-Dockerfiles.patch - # Get patch disallowing registration with invitation token, when disable-login-with-password flag is set. - # https://github.com/penpot/penpot/issues/4975 - # https://github.com/june128/penpot/commit/f799da132bf5a51015859031f45154172fbf7cd0 - - curl https://github.com/june128/penpot/commit/f799da132bf5a51015859031f45154172fbf7cd0.patch > 0002-hotfix-dont-allow-registration-with-invite-if-password-login-is-disabled.patch - - git config user.name "Woodpecker" - - git config user.email "woodpecker@woodpecker.invalid" - - git am *.patch - - - name: build-image - image: gcr.io/kaniko-project/executor - entrypoint: - - /kaniko/executor - - --context=dir:///woodpecker/penpot - - --dockerfile=./docker/images/Dockerfile.${IMAGE_TYPE} - - --destination=${IMAGE_BASE_NAME}/${IMAGE_TYPE}:${PENPOT_VERSION} - - --no-push - - --tar-path=/woodpecker/images/penpot-${IMAGE_TYPE}.tar - - - name: publish-image - image: docker.io/library/alpine - environment: - GIT_API_TOKEN: - from_secret: GIT_API_TOKEN - commands: - - apk -u add crane - - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN - - crane push /woodpecker/images/penpot-$IMAGE_TYPE.tar $IMAGE_BASE_NAME/$IMAGE_TYPE:$PENPOT_VERSION-$CI_COMMIT_BRANCH - - - name: tag-version - image: docker.io/library/alpine - when: - - branch: main - environment: - GIT_API_TOKEN: - from_secret: GIT_API_TOKEN - commands: - - apk -u add crane - - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN - - crane tag $IMAGE_BASE_NAME/$IMAGE_TYPE:$PENPOT_VERSION-$CI_COMMIT_BRANCH $PENPOT_VERSION - - - name: tag-latest - image: docker.io/library/alpine - when: - - branch: main - evaluate: 'PENPOT_VERSION == "2.1.2"' - environment: - GIT_API_TOKEN: - from_secret: GIT_API_TOKEN - commands: - - apk -u add crane - - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN - - crane tag $IMAGE_BASE_NAME/$IMAGE_TYPE:$PENPOT_VERSION-$CI_COMMIT_BRANCH latest From 2b43002c9b28ca93186c352c09acbf812a5d3f03 Mon Sep 17 00:00:00 2001 From: lilly Date: Fri, 15 May 2026 09:23:10 +0200 Subject: [PATCH 06/12] fix penpot repo checkout in CICD --- .forgejo/workflows/build_penpot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/build_penpot.yml b/.forgejo/workflows/build_penpot.yml index fd219db..6a24fac 100644 --- a/.forgejo/workflows/build_penpot.yml +++ b/.forgejo/workflows/build_penpot.yml @@ -24,7 +24,7 @@ jobs: uses: actions/checkout@v6 with: github-server-url: github.com - repository: penpot/penpot + repository: penpot/penpot.git ref: ${{ matrix.image-penpot-version }} submodules: recursive path: penpot From 5ab9c077c25733844d759aca72aa32dbdaaf845e Mon Sep 17 00:00:00 2001 From: lilly Date: Fri, 15 May 2026 09:25:33 +0200 Subject: [PATCH 07/12] use manual git pull in penpot ci --- .forgejo/workflows/build_penpot.yml | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/.forgejo/workflows/build_penpot.yml b/.forgejo/workflows/build_penpot.yml index 6a24fac..69afc3c 100644 --- a/.forgejo/workflows/build_penpot.yml +++ b/.forgejo/workflows/build_penpot.yml @@ -18,19 +18,16 @@ jobs: image-type: [ frontend, backend, exporter ] steps: - name: Install required system packages - run: apk add --no-cache nodejs + run: apk add --no-cache nodejs git curl - - name: Setup penpot repo - uses: actions/checkout@v6 - with: - github-server-url: github.com - repository: penpot/penpot.git - ref: ${{ matrix.image-penpot-version }} - submodules: recursive - path: penpot + - name: Clone penpot repo + run: | + git clone --branch="${{ matrix.penpot-version }}" https://github.com/penpot/penpot.git "${{ forgejo.workspace }}/penpot" + cd "${{ forgejo.workspace }}/penpot" + git submodule update --init --recursive - name: Patch penpot to work with kaniko - run: | + run: | # Get build system patch allowing for building images with kaniko. # https://github.com/penpot/penpot/pull/4945 # https://github.com/penpot/penpot/pull/4945/commits/752574bac789cc90cc218004bb9545cc6239895d From 909739102df14e5e82d11916406ee92c04ee0b8a Mon Sep 17 00:00:00 2001 From: lilly Date: Fri, 15 May 2026 09:27:20 +0200 Subject: [PATCH 08/12] fix penpot working directory for source patching in CI --- .forgejo/workflows/build_penpot.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/build_penpot.yml b/.forgejo/workflows/build_penpot.yml index 69afc3c..8630df5 100644 --- a/.forgejo/workflows/build_penpot.yml +++ b/.forgejo/workflows/build_penpot.yml @@ -27,7 +27,9 @@ jobs: git submodule update --init --recursive - name: Patch penpot to work with kaniko - run: | + run: | + cd "${{ forgejo.workspace }}/penpot" + # Get build system patch allowing for building images with kaniko. # https://github.com/penpot/penpot/pull/4945 # https://github.com/penpot/penpot/pull/4945/commits/752574bac789cc90cc218004bb9545cc6239895d From 7174feb4dfeb52fe2309c036ec1ced9b509874a1 Mon Sep 17 00:00:00 2001 From: lilly Date: Fri, 15 May 2026 09:29:05 +0200 Subject: [PATCH 09/12] fix penpot kaniko excecutor being passed wrong path to Containerfile --- .forgejo/workflows/build_penpot.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/build_penpot.yml b/.forgejo/workflows/build_penpot.yml index 8630df5..f11ce23 100644 --- a/.forgejo/workflows/build_penpot.yml +++ b/.forgejo/workflows/build_penpot.yml @@ -51,8 +51,8 @@ jobs: KANIKO_GIT_HAMBURG_CCC_DE_USER: forgejo-actions KANIKO_GIT_HAMBURG_CCC_DE_PASSWORD: ${{ secrets.PACKAGES_TOKEN }} run: /kaniko/executor - --dockerfile="${{forgejo.workspace }}/penpot/Containerfile" - --context="dir://${{ forgejo.workspace }}/penpot/docker/images/Dockerfile.${{ matrix.image-type }}" + --dockerfile="${{forgejo.workspace }}/penpot/docker/images/Dockerfile.${{ matrix.image-type }}" + --context="dir://${{ forgejo.workspace }}/penpot/" --destination=git.hamburg.ccc.de/ccchh/oci-images/penpot-${{ matrix.image-type }}:${{ matrix.penpot-version }} --no-push-cache --credential-helpers=env From f5be174cff01cc8e20b2207a777953f218ceecab Mon Sep 17 00:00:00 2001 From: lilly Date: Fri, 15 May 2026 09:35:33 +0200 Subject: [PATCH 10/12] silence curl progress bar in penpot CI --- .forgejo/workflows/build_penpot.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/build_penpot.yml b/.forgejo/workflows/build_penpot.yml index f11ce23..c067263 100644 --- a/.forgejo/workflows/build_penpot.yml +++ b/.forgejo/workflows/build_penpot.yml @@ -33,12 +33,12 @@ jobs: # Get build system patch allowing for building images with kaniko. # https://github.com/penpot/penpot/pull/4945 # https://github.com/penpot/penpot/pull/4945/commits/752574bac789cc90cc218004bb9545cc6239895d - curl https://github.com/penpot/penpot/commit/752574bac789cc90cc218004bb9545cc6239895d.patch > 0001-move-entire-image-build-process-into-Dockerfiles.patch + curl -sSL https://github.com/penpot/penpot/commit/752574bac789cc90cc218004bb9545cc6239895d.patch > 0001-move-entire-image-build-process-into-Dockerfiles.patch # Get patch disallowing registration with invitation token, when disable-login-with-password flag is set. # https://github.com/penpot/penpot/issues/4975 # https://github.com/june128/penpot/commit/f799da132bf5a51015859031f45154172fbf7cd0 - curl https://github.com/june128/penpot/commit/f799da132bf5a51015859031f45154172fbf7cd0.patch > 0002-hotfix-dont-allow-registration-with-invite-if-password-login- + curl -sSL https://github.com/june128/penpot/commit/f799da132bf5a51015859031f45154172fbf7cd0.patch > 0002-hotfix-dont-allow-registration-with-invite-if-password-login- # apply patches git config user.name "Woodpecker" From 9d5d81854fd04aabe549e864ab2672fe728383d7 Mon Sep 17 00:00:00 2001 From: lilly Date: Fri, 15 May 2026 09:40:53 +0200 Subject: [PATCH 11/12] migrate keycloak workflows to forgejo actions --- .forgejo/workflows/build_keycloak.yml | 47 +++++++++++++++ .woodpecker/keycloak.yaml | 85 --------------------------- 2 files changed, 47 insertions(+), 85 deletions(-) create mode 100644 .forgejo/workflows/build_keycloak.yml delete mode 100644 .woodpecker/keycloak.yaml diff --git a/.forgejo/workflows/build_keycloak.yml b/.forgejo/workflows/build_keycloak.yml new file mode 100644 index 0000000..7403007 --- /dev/null +++ b/.forgejo/workflows/build_keycloak.yml @@ -0,0 +1,47 @@ +name: Build Keycloak + +on: + workflow_dispatch: {} + push: {} + schedule: + - cron: "@daily" + +jobs: + build-container: + name: Build Keycloak Image + runs-on: docker + container: + image: ghcr.io/osscontainertools/kaniko:alpine + strategy: + matrix: + # renovate: datasource=docker depName=quay.io/keycloak/keycloak + keycloak-version: [ 26.6.0 ] + steps: + - name: Install required system packages + run: apk add --no-cache nodejs maven git + + - name: Checkout Source Code + uses: actions/checkout@v6 + + - name: Build attribute-endpoints-provider + run: | + git clone https://git.hamburg.ccc.de/CCCHH/keycloak-attribute-endpoints-provider.git + cd keycloak-attribute-endpoints-provider + mvn -f attribute-endpoints-provider verify + cp attribute-endpoints-provider/target/attribute-endpoints-provider-1.0-SNAPSHOT.jar ${{ forgejo.workspace }}/keycloak/attribute-endpoints-provider.jar + + - name: Build Container + env: + KANIKO_NO_PUSH: ${{ forgejo.ref_name != 'main' }} + KANIKO_GIT_HAMBURG_CCC_DE_USER: forgejo-actions + KANIKO_GIT_HAMBURG_CCC_DE_PASSWORD: ${{ secrets.PACKAGES_TOKEN }} + run: /kaniko/executor + --dockerfile="${{forgejo.workspace }}/keycloak/Containerfile" + --context="dir://${{ forgejo.workspace }}/keycloak" + --build-arg=TAG=${{ matrix.keycloak-version }} + --destination=git.hamburg.ccc.de/ccchh/oci-images/keycloak:${{ matrix.keycloak-version }} + --no-push-cache + --credential-helpers=env + --annotation=org.opencontainers.image.ref.name=keycloak + --annotation=org.opencontainers.image.url=${{ forgejo.server_url }}/${{ forgejo.repository }} + --annotation=org.opencontainers.image.source=${{ forgejo.server_url }}/${{ forgejo.repository }} diff --git a/.woodpecker/keycloak.yaml b/.woodpecker/keycloak.yaml deleted file mode 100644 index 2f76bd8..0000000 --- a/.woodpecker/keycloak.yaml +++ /dev/null @@ -1,85 +0,0 @@ -when: - - event: push - path: - - 'keycloak/**' - - '.woodpecker/keycloak.yaml' - - event: cron - cron: daily - -# Manually set a workspace path, so we can use it literally, without using -# ${CI_WORKSPACE}, when running kaniko, since using ${CI_WORKSPACE} doesn't work. -# https://github.com/woodpecker-ci/woodpecker/issues/3982 -workspace: - path: src - -# Use matrix to set KEYCLOAK_VERSION instead of setting the KEYCLOAK_VERSION as -# an environment variable in the build-images step, since string substitution -# doesn't work for custom environment variables. -# https://github.com/woodpecker-ci/woodpecker/issues/3983 -# Also because global environment variables aren't a thing. -matrix: - KEYCLOAK_VERSION: - # renovate: datasource=docker depName=quay.io/keycloak/keycloak - - 26.6.0 - IMAGE_NAME: - - git.hamburg.ccc.de/ccchh/oci-images/keycloak - -steps: - - name: setup-image-path - image: alpine - commands: - - mkdir /woodpecker/images - - - name: build-attribute-endpoints-provider - image: alpine - commands: - - apk -u add maven git - - git clone https://git.hamburg.ccc.de/CCCHH/keycloak-attribute-endpoints-provider.git - - cd keycloak-attribute-endpoints-provider - - mvn -f attribute-endpoints-provider verify - - cp attribute-endpoints-provider/target/attribute-endpoints-provider-1.0-SNAPSHOT.jar /woodpecker/src/keycloak/attribute-endpoints-provider.jar - - - name: build-image - image: gcr.io/kaniko-project/executor - entrypoint: - - /kaniko/executor - - --context=dir:///woodpecker/src/keycloak - - --dockerfile=./Containerfile - - --build-arg=TAG=${KEYCLOAK_VERSION} - - --destination=${IMAGE_NAME}:${KEYCLOAK_VERSION} - - --no-push - - --tar-path=/woodpecker/images/keycloak.tar - - - name: publish-image - image: alpine - environment: - GIT_API_TOKEN: - from_secret: GIT_API_TOKEN - commands: - - apk -u add crane - - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN - - crane push /woodpecker/images/keycloak.tar $IMAGE_NAME:$KEYCLOAK_VERSION-$CI_COMMIT_BRANCH - - - name: tag-version - image: alpine - when: - - branch: main - environment: - GIT_API_TOKEN: - from_secret: GIT_API_TOKEN - commands: - - apk -u add crane - - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN - - crane tag $IMAGE_NAME:$KEYCLOAK_VERSION-$CI_COMMIT_BRANCH $KEYCLOAK_VERSION - - - name: tag-latest - image: alpine - when: - - branch: main - environment: - GIT_API_TOKEN: - from_secret: GIT_API_TOKEN - commands: - - apk -u add crane - - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN - - crane tag $IMAGE_NAME:$KEYCLOAK_VERSION-$CI_COMMIT_BRANCH latest From a1aec149aaf5abf0e15782c49c0acb09a1626f48 Mon Sep 17 00:00:00 2001 From: chris Date: Tue, 19 May 2026 21:28:11 +0200 Subject: [PATCH 12/12] nextcloud: also build version 33 of nextcloud --- .forgejo/workflows/build_nextcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/build_nextcloud.yml b/.forgejo/workflows/build_nextcloud.yml index 0f0619c..e2538a9 100644 --- a/.forgejo/workflows/build_nextcloud.yml +++ b/.forgejo/workflows/build_nextcloud.yml @@ -14,7 +14,7 @@ jobs: image: ghcr.io/osscontainertools/kaniko:alpine strategy: matrix: - nextcloud-version: [ 30, 31, 32 ] + nextcloud-version: [ 32, 33 ] steps: - name: Install required system packages run: apk add --no-cache nodejs