Feat: Upgrade Keycloak 20+ (#100)

* Modify Dockerfile for Keycloak Quarkus * Fix Copy * Add extra image for Admin-IAM * Fix CI Job Fix Dockerfile * Fix Dockerfile * Fix Dockerfile * Fix Dockerfile * Update Image Tag for Admin Iam * Add Theme-Property Files for Quicktest Theme * Update Dockerfile
corona-warn-app · Jan 27, 2023 · a50fe14 · a50fe14
1 parent 8f3c227
commit a50fe14
Show file tree

Hide file tree

Showing 9 changed files with 44 additions and 1,525 deletions.
diff --git a/.github/workflows/ci-master.yml b/.github/workflows/ci-master.yml
@@ -5,7 +5,7 @@ on:
     branches:
       - master
 jobs:
-  build:
+  build-public:
     runs-on: ubuntu-latest
     steps:
       - uses: sigstore/cosign-installer@main
@@ -20,6 +20,7 @@ jobs:
           --tag docker.pkg.github.com/${GITHUB_REPOSITORY}/cwa-verification-iam:latest \
           --tag docker.pkg.github.com/${GITHUB_REPOSITORY}/cwa-verification-iam:${VERSION} \
           --tag ${MTR_REPOSITORY}/cwa-verification-iam:${VERSION} \
+          --build-arg IAM_FLAVOUR=public \
           .
         env:
           MTR_REPOSITORY: ${{ secrets.MTR_REPOSITORY }}
@@ -41,7 +42,7 @@ jobs:
           MTR_TOKEN: ${{ secrets.MTR_TOKEN }}
           MTR_PRIVATE_KEY: ${{ secrets.MTR_PRIVATE_KEY }}
           COSIGN_PASSWORD: ${{ secrets.MTR_PRIVATE_KEY_PASSWORD }}
-  build-qt:
+  build-admin:
     runs-on: ubuntu-latest
     steps:
       - uses: sigstore/cosign-installer@main
@@ -53,25 +54,25 @@ jobs:
       - name: docker build
         run: |
           docker build \
-          --tag docker.pkg.github.com/${GITHUB_REPOSITORY}/cwa-verification-iam:latest-qt \
-          --tag docker.pkg.github.com/${GITHUB_REPOSITORY}/cwa-verification-iam:${VERSION}-qt \
-          --tag ${MTR_REPOSITORY}/cwa-verification-iam:${VERSION}-qt \
-          -f ./Dockerfile-QT \
+          --tag docker.pkg.github.com/${GITHUB_REPOSITORY}/cwa-verification-iam:latest-ADMIN \
+          --tag docker.pkg.github.com/${GITHUB_REPOSITORY}/cwa-verification-iam:${VERSION}-ADMIN \
+          --tag ${MTR_REPOSITORY}/cwa-verification-iam:${VERSION}-ADMIN \
+          --build-arg IAM_FLAVOUR=admin \
           .
         env:
           MTR_REPOSITORY: ${{ secrets.MTR_REPOSITORY }}
       - name: docker push github
         run: |
           echo ${GITHUB_TOKEN} | docker login docker.pkg.github.com -u ${GITHUB_REPOSITORY_OWNER} --password-stdin
-          docker push docker.pkg.github.com/${GITHUB_REPOSITORY}/cwa-verification-iam:latest-qt
-          docker push docker.pkg.github.com/${GITHUB_REPOSITORY}/cwa-verification-iam:${VERSION}-qt
+          docker push docker.pkg.github.com/${GITHUB_REPOSITORY}/cwa-verification-iam:latest-ADMIN
+          docker push docker.pkg.github.com/${GITHUB_REPOSITORY}/cwa-verification-iam:${VERSION}-ADMIN
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: docker push mtr
         run: |
           echo ${MTR_TOKEN} | docker login ${MTR_REPOSITORY} -u ${MTR_USER} --password-stdin
-          docker push ${MTR_REPOSITORY}/cwa-verification-iam:${VERSION}-qt
-          cosign sign --key env://MTR_PRIVATE_KEY ${MTR_REPOSITORY}/cwa-verification-iam:${VERSION}-qt
+          docker push ${MTR_REPOSITORY}/cwa-verification-iam:${VERSION}-ADMIN
+          cosign sign --key env://MTR_PRIVATE_KEY ${MTR_REPOSITORY}/cwa-verification-iam:${VERSION}-ADMIN
         env:
           MTR_REPOSITORY: ${{ secrets.MTR_REPOSITORY }}
           MTR_USER: ${{ secrets.MTR_USER }}

diff --git a/Dockerfile b/Dockerfile
@@ -1,25 +1,29 @@
-FROM quay.io/keycloak/keycloak:15.1.0
+ARG IAM_FLAVOUR=public
+FROM quay.io/keycloak/keycloak:20.0.3 as base-image
 
-ARG WORK_DIR=/build
-WORKDIR ${WORK_DIR}
+# Enables Features for Admin Flavour of IAM Image
+FROM base-image as builder-admin
+ENV KC_FEATURES_ENABLED=admin2,admin-api
 
-COPY . ${WORK_DIR}/
+# Disable Features for Public Flavour of IAM Image
+FROM base-image as builder-public
+ENV KC_FEATURES_DISABLED=admin,admin2,admin-api
 
-RUN mkdir /opt/jboss/keycloak/themes/cwa && \
-    mkdir /opt/jboss/keycloak/themes/quick-test && \
-    cp -r /opt/jboss/keycloak/themes/base/* /opt/jboss/keycloak/themes/cwa/ && \
-    cp -r ${WORK_DIR}/src/themes/cwa/login /opt/jboss/keycloak/themes/cwa/ && \
-    cp -r ${WORK_DIR}/src/themes/cwa/account /opt/jboss/keycloak/themes/cwa/ && \
-    cp -r /opt/jboss/keycloak/themes/base/* /opt/jboss/keycloak/themes/quick-test/ && \
-    cp -r ${WORK_DIR}/src/themes/quick-test/login /opt/jboss/keycloak/themes/quick-test/ && \
-    cp -r ${WORK_DIR}/src/themes/quick-test/account /opt/jboss/keycloak/themes/quick-test/ && \
-    cp ${WORK_DIR}/src/standalone/configuration/standalone-ha.xml /opt/jboss/keycloak/standalone/configuration/standalone-ha.xml
+FROM builder-${IAM_FLAVOUR} as builder
+WORKDIR /opt/keycloak
+ENV KC_HEALTH_ENABLED=true
+ENV KC_METRICS_ENABLED=false
+ENV KC_CACHE=ispn
+ENV KC_CACHE_STACK=kubernetes
+ENV KC_DB=postgres
+COPY src/themes/cwa /opt/keycloak/themes/cwa
+COPY src/themes/quick-test /opt/keycloak/themes/quick-test
+RUN /opt/keycloak/bin/kc.sh build
 
-EXPOSE 8080
-EXPOSE 8443
-EXPOSE 7080
-EXPOSE 7443
+FROM base-image
+COPY --from=builder /opt/keycloak/ /opt/keycloak/
 
-ENTRYPOINT [ "/opt/jboss/tools/docker-entrypoint.sh" ]
+EXPOSE 8443
 
-CMD ["-b", "0.0.0.0"]
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
+CMD ["start", "--optimized"]
diff --git a/Dockerfile-QT b/Dockerfile-QT