name: Build Keycloak

on:
  workflow_dispatch: {}
  push: {}
  schedule:
    - cron: "@daily"

jobs:
  build-container:
    name: Build Keycloak Image
    runs-on: docker
    container:
      image: ghcr.io/osscontainertools/kaniko:alpine
    strategy:
      matrix:
         # renovate: datasource=docker depName=quay.io/keycloak/keycloak
        keycloak-version: [ 26.6.0 ]
    steps:
      - name: Install required system packages
        run: apk add --no-cache nodejs maven git

      - name: Checkout Source Code
        uses: actions/checkout@v6

      - name: Build attribute-endpoints-provider
        run: |
          git clone https://git.hamburg.ccc.de/CCCHH/keycloak-attribute-endpoints-provider.git
          cd keycloak-attribute-endpoints-provider
          mvn -f attribute-endpoints-provider verify
          cp attribute-endpoints-provider/target/attribute-endpoints-provider-1.0-SNAPSHOT.jar ${{ forgejo.workspace }}/keycloak/attribute-endpoints-provider.jar

      - name: Build Container
        env:
          KANIKO_NO_PUSH: ${{ forgejo.ref_name != 'main' }}
          KANIKO_GIT_HAMBURG_CCC_DE_USER: forgejo-actions
          KANIKO_GIT_HAMBURG_CCC_DE_PASSWORD: ${{ secrets.PACKAGES_TOKEN }}
        run: /kaniko/executor
          --dockerfile="${{forgejo.workspace }}/keycloak/Containerfile"
          --context="dir://${{ forgejo.workspace }}/keycloak"
          --build-arg=TAG=${{ matrix.keycloak-version }}
          --destination=git.hamburg.ccc.de/ccchh/oci-images/keycloak:${{ matrix.keycloak-version }}
          --no-push-cache
          --credential-helpers=env
          --annotation=org.opencontainers.image.ref.name=keycloak
          --annotation=org.opencontainers.image.url=${{ forgejo.server_url }}/${{ forgejo.repository }}
          --annotation=org.opencontainers.image.source=${{ forgejo.server_url }}/${{ forgejo.repository }}