[AUTH-544] Keycloak containers (16.1.1-patch)

Alfresco · Mar 10, 2022 · c349b0b · c349b0b
1 parent 1999e68
commit c349b0b
Show file tree

Hide file tree

Showing 8 changed files with 241 additions and 53 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -0,0 +1,73 @@
+dist: xenial
+sudo: required
+
+services:
+  - docker
+
+cache:
+  directories:
+    - $HOME/.m2
+    - $HOME/.npm
+
+before_cache:
+  - rm -rf $HOME/.m2/repository/org/keycloak
+
+env:
+  global:
+    - MAVEN_OPTS="-Xms512m -Xmx1536m"
+    - THEME_VERSION=0.3.2
+
+branches:
+  only:
+    - master
+    - develop
+    - /AUTH-.*/
+    - /OPSEXP-.*/
+
+stages:
+  - name: "Build Dev"
+    if: branch = develop
+  - name: Build
+    if: (branch = master AND type != pull_request) OR branch =~ /AUTH-.*/ OR branch =~ /OPSEXP-.*/
+  - name: Release
+    if: commit_message =~ /\[release\]/
+
+before_script:
+  - echo "${QUAY_PASSWORD}" | docker login quay.io --username ${QUAY_USERNAME} --password-stdin
+
+jobs:
+  include:
+    - stage: "Build Dev"
+      name: "Build from develop branch and Push images"
+      language: java
+      jdk: openjdk11
+      script: |
+        cd server
+        IDS_VERSION=$(cat build.properties | grep IDENTITY_VERSION | awk -F "=" '{print $2}')
+        DEV_VERSION="develop-${TRAVIS_BUILD_NUMBER}"
+        echo "Changing the image tag from '${IDS_VERSION}' to '${DEV_VERSION}' ..."
+        sed -i "s/$IDS_VERSION/$DEV_VERSION/g" build.properties
+        travis_fold start build_keycloak_server
+        make build_keycloak build_image push_private cleanup
+        travis_fold end build_keycloak_server
+    - stage: "Build"
+      name: "Build from distribution zip and Push images"
+      language: minimal
+      script: |
+        cd server
+        if [[ "${TRAVIS_COMMIT_MESSAGE}" = *"[release]"* ]]; then
+          make download_keycloak build_image push_private cleanup
+        else
+          IDS_VERSION=$(cat build.properties | grep IDENTITY_VERSION | awk -F "=" '{print $2}')
+          SUFFIX=$(echo ${TRAVIS_BRANCH} | cut -c1-20 | tr /_ - | tr -d [:punct:] | awk '{print tolower($0)}')
+          ALPHA_BUILD_VERSION="${SUFFIX}-${TRAVIS_BUILD_NUMBER}"
+          echo "Changing the image tag from '${IDS_VERSION}' to '${ALPHA_BUILD_VERSION}' as this is not a release commit..."
+          sed -i "s/$IDS_VERSION/$ALPHA_BUILD_VERSION/g" build.properties
+          make download_keycloak build_image push_private cleanup
+        fi
+    - stage: release
+      name: "Release keycloak-containers in GitHub"
+      script:
+        - git config --local user.email "${GIT_EMAIL}"
+        - git config --local user.name "${GIT_USERNAME}"
+        - cd server && ./release.sh
diff --git a/server/Dockerfile b/server/Dockerfile
@@ -7,18 +7,15 @@ ENV JDBC_MARIADB_VERSION 2.5.4
 ENV JDBC_MSSQL_VERSION 8.2.2.jre11
 
 ENV LAUNCH_JBOSS_IN_BACKGROUND 1
-ENV PROXY_ADDRESS_FORWARDING false
+ENV PROXY_ADDRESS_FORWARDING true
 ENV JBOSS_HOME /opt/jboss/keycloak
 ENV LANG en_US.UTF-8
 
-ARG GIT_REPO
-ARG GIT_BRANCH
-ARG KEYCLOAK_DIST=https://github.com/keycloak/keycloak/releases/download/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz
-
 USER root
 
-RUN microdnf update -y && microdnf install -y glibc-langpack-en gzip hostname java-11-openjdk-headless openssl tar which && microdnf clean all
+RUN microdnf update -y && microdnf install -y glibc-langpack-en hostname java-11-openjdk-headless openssl tar which && microdnf clean all
 
+COPY temp/keycloak /opt/jboss/keycloak
 ADD tools /opt/jboss/tools
 RUN /opt/jboss/tools/build-keycloak.sh
 

diff --git a/server/Makefile b/server/Makefile
@@ -0,0 +1,54 @@
+include build.properties
+export $(shell sed 's/=.*//' build.properties)
+
+IMAGE_NAME							:=alfresco/alfresco-identity-service:$(IDENTITY_VERSION)
+IMAGE_NAME_WITH_BASE_OS				:=$(IMAGE_NAME)-java-11-openjdk-ubi8-minimal
+IMAGE_NAME_WITH_BASE_OS_AND_SHA		:=$(IMAGE_NAME_WITH_BASE_OS)-$(shell git rev-parse HEAD | cut -c1-12)
+export IMAGE_NAME
+export IMAGE_NAME_WITH_BASE_OS
+export IMAGE_NAME_WITH_BASE_OS_AND_SHA
+
+# Alfresco keycloak variables
+KEYCLOAK_DIST	:=https://github.com/Alfresco/keycloak/releases/download/$(KEYCLOAK_VERSION)/keycloak-$(KEYCLOAK_VERSION).zip
+# Dev properties
+GIT_REPO		:=Alfresco/keycloak
+# 'master' will be used if not set
+GIT_BRANCH		:=
+THEME_VERSION	?=0.3.2
+
+
+build: download_keycloak build_image push_private cleanup
+
+download_keycloak:
+	@./build-keycloak-locally.sh keycloak_dist=$(KEYCLOAK_DIST)
+
+# Dev time rule
+build_keycloak:
+	@./build-keycloak-locally.sh git_repo=$(GIT_REPO) git_branch=$(GIT_BRANCH) theme_version=$(THEME_VERSION) || (echo "Couldn't build keycloak. Make sure you are building with the correct Java version."; rm -rf temp; exit 1)
+
+build_image:
+	@./build-image.sh
+
+push_private:
+	@echo "Push private docker image..."
+	@docker push quay.io/$(IMAGE_NAME)
+	@docker push quay.io/$(IMAGE_NAME_WITH_BASE_OS)
+	@docker push quay.io/$(IMAGE_NAME_WITH_BASE_OS_AND_SHA)
+
+tag_push_public:
+	@echo "Tag and push public image..."
+	@docker tag quay.io/$(IMAGE_NAME_WITH_BASE_OS_AND_SHA) $(IMAGE_NAME) && docker push $(IMAGE_NAME)
+	@docker tag quay.io/$(IMAGE_NAME_WITH_BASE_OS_AND_SHA) $(IMAGE_NAME_WITH_BASE_OS) && docker push $(IMAGE_NAME_WITH_BASE_OS)
+	@docker tag quay.io/$(IMAGE_NAME_WITH_BASE_OS_AND_SHA) $(IMAGE_NAME_WITH_BASE_OS_AND_SHA) && docker push $(IMAGE_NAME_WITH_BASE_OS_AND_SHA)
+
+cleanup:
+	@rm -rf temp
+
+run:
+	@docker run -e DB_VENDOR=h2 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin --name alfresco-ids -p 8080:8080  --rm quay.io/$(IMAGE_NAME)
+
+stop:
+	@docker stop alfresco-ids
+
+sh:
+	@docker exec -it $$(docker ps -aq --filter name=alfresco-ids) bash
diff --git a/server/build-image.sh b/server/build-image.sh
@@ -0,0 +1,17 @@
+#!/bin/bash -e
+
+EXPIRE_AFTER="${EXPIRE_AFTER:-2w}"
+
+EXPIRES_AFTER_LABEL=""
+if [ ! -z "$BRANCH_NAME" -a "$BRANCH_NAME" != "master" -a "$BRANCH_NAME" != "develop" ]; then
+    # Add expiration label so it can be deleted by quay automatically
+    EXPIRES_AFTER_LABEL="--label quay.expires-after=$EXPIRE_AFTER"
+fi
+
+if [ -z "$EXPIRES_AFTER_LABEL" ]; then
+    echo "Building image with three tags: '$IMAGE_NAME', '$IMAGE_NAME_WITH_BASE_OS', and '$IMAGE_NAME_WITH_BASE_OS_AND_SHA' ..."
+else
+    echo "Building image with three tags: '$IMAGE_NAME', '$IMAGE_NAME_WITH_BASE_OS', and '$IMAGE_NAME_WITH_BASE_OS_AND_SHA' with label: '$EXPIRES_AFTER_LABEL'..."
+fi
+
+docker build --force-rm=true --no-cache=true --build-arg KEYCLOAK_VERSION=$KEYCLOAK_VERSION -t quay.io/$IMAGE_NAME_WITH_BASE_OS_AND_SHA -t quay.io/$IMAGE_NAME -t quay.io/$IMAGE_NAME_WITH_BASE_OS -f Dockerfile . $EXPIRES_AFTER_LABEL
diff --git a/server/build-keycloak-locally.sh b/server/build-keycloak-locally.sh
@@ -0,0 +1,72 @@
+#!/bin/bash -e
+
+### Available environment variables:
+# - GIT_REPO
+# - GIT_BRANCH ('master' will be used if not set)
+# - THEME_VERSION
+# or
+# - KEYCLOAK_DIST
+#
+### Available parameters:
+# - git_repo
+# - git_branch ('master' will be used if not set)
+# - theme_version
+# or
+# - keycloak_dist
+#
+# Example:
+# sh build-keycloak-locally.sh git_repo=Alfresco/myrepo git_branch=test-branch theme_version=0.3.2
+#
+### Note: ENV variables will take precedence over the passed parameters.
+#
+
+ARGS=$@
+for arg in $ARGS; do
+    eval "$arg"
+done
+
+mkdir -p temp
+cd temp
+
+GIT_REPO="${GIT_REPO:-$git_repo}"
+GIT_BRANCH="${GIT_BRANCH:-$git_branch}"
+KEYCLOAK_DIST="${KEYCLOAK_DIST:-$keycloak_dist}"
+
+if [ "$GIT_REPO" != "" ]; then
+    if [ "$GIT_BRANCH" == "" ]; then
+        GIT_BRANCH="master"
+    fi
+
+    THEME_VERSION="${THEME_VERSION:-$theme_version}"
+    export THEME_VERSION="$THEME_VERSION"
+
+    # Clone repository
+    git clone --depth 1 https://github.com/$GIT_REPO.git -b $GIT_BRANCH keycloak-source
+
+    # Build
+    cd keycloak-source
+
+    MASTER_HEAD=$(git log -n1 --format="%H")
+    echo "Build Keycloak from: $GIT_REPO/$GIT_BRANCH/commit/$MASTER_HEAD"
+
+    mvn -Pdistribution -pl distribution/server-dist -am -Dmaven.test.skip clean install
+    # Add Alfresco theme
+    ./add-alfresco-theme.sh
+
+    cd ..
+    unzip -oq keycloak-source/distribution/server-dist/target/keycloak-*.zip
+    rm -rf keycloak-source
+    mv keycloak-* keycloak
+
+else
+    echo "Download Keycloak from: $KEYCLOAK_DIST"
+    if [ -z "$KEYCLOAK_DIST" ]; then
+        echo "KEYCLOAK_DIST variable is not set."
+        exit 1
+    fi
+
+    curl -sSLO $KEYCLOAK_DIST
+    unzip -oq keycloak-*.zip
+    rm keycloak-*.zip
+    mv keycloak-* keycloak
+fi
diff --git a/server/build.properties b/server/build.properties
@@ -0,0 +1,2 @@
+KEYCLOAK_VERSION=16.1.1-patch
+IDENTITY_VERSION=1.7.0
diff --git a/server/release.sh b/server/release.sh
@@ -0,0 +1,20 @@
+#!/bin/bash -e
+
+declare -r currentDir="$(dirname "${BASH_SOURCE[0]}")"
+source "${currentDir}/build.properties"
+
+TAG=${KEYCLOAK_VERSION}
+if [ -z "$TAG" ]; then
+  echo "KEYCLOAK_VERSION variable is not set."
+  exit 1
+fi
+
+CURRENT_BRANCH=$(git branch | grep '*' | cut -d' ' -f 2)
+
+echo "Tag '$CURRENT_BRANCH' branch as '$TAG'"
+git tag -f ${TAG} -m "[release-script][skip ci]"
+git remote rm origin
+echo "Push $TAG tag."
+GITHUB_REPO=https://$GITHUB_TOKEN:[email protected]/Alfresco/keycloak-containers.git
+git remote add origin $GITHUB_REPO
+git push origin --tags
diff --git a/server/tools/build-keycloak.sh b/server/tools/build-keycloak.sh
@@ -1,52 +1,5 @@
 #!/bin/bash -e
 
-###########################
-# Build/download Keycloak #
-###########################
-
-if [ "$GIT_REPO" != "" ]; then
-    if [ "$GIT_BRANCH" == "" ]; then
-        GIT_BRANCH="main"
-    fi
-
-    # Install Git
-    microdnf install -y git
-
-    # Install Maven
-    cd /opt/jboss 
-    curl -s https://apache.uib.no/maven/maven-3/3.5.4/binaries/apache-maven-3.5.4-bin.tar.gz | tar xz
-    mv apache-maven-3.5.4 /opt/jboss/maven
-    export M2_HOME=/opt/jboss/maven
-
-    # Clone repository
-    git clone --depth 1 https://github.com/$GIT_REPO.git -b $GIT_BRANCH /opt/jboss/keycloak-source
-
-    # Build
-    cd /opt/jboss/keycloak-source
-
-    MAIN_HEAD=`git log -n1 --format="%H"`
-    echo "Keycloak from [build]: $GIT_REPO/$GIT_BRANCH/commit/$MAIN_HEAD"
-
-    $M2_HOME/bin/mvn -Pdistribution -pl distribution/server-dist -am -Dmaven.test.skip clean install
-
-    cd /opt/jboss
-
-    tar xfz /opt/jboss/keycloak-source/distribution/server-dist/target/keycloak-*.tar.gz
-
-    # Remove temporary files
-    rm -rf /opt/jboss/maven
-    rm -rf /opt/jboss/keycloak-source
-    rm -rf $HOME/.m2/repository
-
-    mv /opt/jboss/keycloak-* /opt/jboss/keycloak
-else
-    echo "Keycloak from [download]: $KEYCLOAK_DIST"
-
-    cd /opt/jboss/
-    curl -L $KEYCLOAK_DIST | tar zx
-    mv /opt/jboss/keycloak-* /opt/jboss/keycloak
-fi
-
 #####################
 # Create DB modules #
 #####################
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		KEYCLOAK_VERSION=16.1.1-patch
		IDENTITY_VERSION=1.7.0