diff --git a/Dockerfile b/Dockerfile index 09ce0391bfddb56a8a030347e0a96d5b6d4f20f2..3dc33080ea21725ebf9e95f0e23a26d01f18f609 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,8 @@ -ARG BASE_REGISTRY=nexus-docker-secure.levelup-dev.io -ARG BASE_IMAGE=redhat/ubi/ubi8 +ARG BASE_REGISTRY=registry.access.redhat.com +ARG BASE_IMAGE=ubi8 ARG BASE_TAG=8.1 -# This builder image was pushed to Nexus using prebuild.sh and will be used to copy binaries from -FROM keycloak-oss:8.0.1 AS builder +FROM jboss/keycloak:9.0.3 AS builder # This is the base image FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} @@ -13,13 +12,13 @@ LABEL name="Keycloak" \ vendor="Opensource" \ summary="Keycloak Container" \ maintainer="Red Hat " \ - version="8.0.1" + version="9.0.3" -ENV KEYCLOAK_VERSION="8.0.1" \ +ENV KEYCLOAK_VERSION="9.0.3" \ JDBC_POSTGRES_VERSION="42.2.5" \ JDBC_MYSQL_VERSION="5.1.46" \ - JDBC_MARIADB_VERSION="2.2.3" \ - JDBC_MSSQL_VERSION="7.4.1.jre8" \ + JDBC_MARIADB_VERSION="2.5.4" \ + JDBC_MSSQL_VERSION="7.4.1.jre11" \ LAUNCH_JBOSS_IN_BACKGROUND="1" \ PROXY_ADDRESS_FORWARDING="false" \ JBOSS_HOME="/opt/jboss/keycloak" \ @@ -28,34 +27,21 @@ ENV KEYCLOAK_VERSION="8.0.1" \ KEYCLOAK_USER_ID="1000" \ KEYCLOAK_HOME="/opt/jboss" +RUN dnf install -y hostname java-11-openjdk-headless openssl && \ + dnf clean all && \ + rm -rf /var/cache/dnf # Copy binaries from builder image COPY --from=builder /opt/jboss /opt/jboss -# Run as root for admin commands -USER root - # Create the user, fix file system ownership RUN useradd -u $KEYCLOAK_USER_ID -g 0 -M -d /opt/jboss $KEYCLOAK_USER_NAME && \ chown -R ${KEYCLOAK_USER_NAME}:0 ${KEYCLOAK_HOME} && \ chmod -R o-w /opt/jboss/keycloak -# Install dependencies -RUN yum update -y --disableplugin=subsciption-manager \ - --nogpgcheck \ - --disablerepo=unified_platform_ubi8_appstream \ - --disablerepo=unified_platform_ubi8_os && \ - yum install -y --disableplugin=subsciption-manager \ - --nogpgcheck \ - --disablerepo=unified_platform_ubi8_appstream \ - --disablerepo=unified_platform_ubi8_os \ - hostname java-11-openjdk-headless openssl && \ - yum clean all && [ ! -d /var/cache/yum ] || rm -rf /var/cache/yum - USER ${KEYCLOAK_USER_ID} -EXPOSE 8080 -EXPOSE 8443 +EXPOSE 8080 8443 HEALTHCHECK --timeout=5m --start-period=2m --retries=3 CMD curl http://localhost/auth || exit 1 diff --git a/Jenkinsfile b/Jenkinsfile index 1f7713c7e50d8f816e090804eda9750d5e28b409..7131760ea85eb0c7eb48eb6622e531666fd4965c 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,2 +1,2 @@ @Library('DCCSCR@master') _ -dccscrPipeline(version: "8.0.1") +dccscrPipeline(version: "9.0.3") diff --git a/README.md b/README.md index ecbe3d165255ea4be58dafcc6f4d471c15306100..fe23fc1f63fc84fa032745d1592a679d133c593f 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ -# Keycloak (Opensource) 8.0.1 +# Keycloak (Opensource) 9.0.3 -This is derived from https://hub.docker.com/layers/jboss/keycloak/8.0.1/images/sha256-9a91f646de4becefbae9bd3e5e0cd8de21bf17a22055ccabff324798c2be68a0 +This is derived from https://hub.docker.com/layers/jboss/keycloak/9.0.3/images/sha256-e327b52ed4dbdb1875250d6eaed803d7a5453d0ca3e8f2a35b662499293d684c -More information: https://github.com/keycloak/keycloak-containers/blob/8.0.1 +More information: https://github.com/keycloak/keycloak-containers/blob/9.0.3 ## Running the container In order to run the container, enter the following command: `podman run -d -p 8080:8080 . Please see full Keycloak documentation for more information: https://www.keycloak.org/documentation.html. @@ -32,4 +32,4 @@ If you've found a security vulnerability, please look at the [instructions on ho If you believe you have discovered a defect in Keycloak please open an issue in our [Issue Tracker](https://issues.jboss.org/projects/KEYCLOAK). Please remember to provide a good summary, description as well as steps to reproduce the issue. -## [Keycloak Public Repo](https://github.com/keycloak/keycloak) \ No newline at end of file +## [Keycloak Public Repo](https://github.com/keycloak/keycloak) diff --git a/download.yaml b/download.yaml index 5f337ebb1813db8849d28ea30f7c59a381fbbf70..38465885e0b60283d2baf8cdc53af9ab4e349f49 100644 --- a/download.yaml +++ b/download.yaml @@ -1,3 +1,3 @@ resources: - - url: "docker://docker.io/jboss/keycloak@sha256:9a91f646de4becefbae9bd3e5e0cd8de21bf17a22055ccabff324798c2be68a0" - tag: "keycloak-oss:8.0.1" + - url: "docker://docker.io/jboss/keycloak@sha256:e327b52ed4dbdb1875250d6eaed803d7a5453d0ca3e8f2a35b662499293d684c" + tag: "jboss/keycloak:9.0.3" diff --git a/scripts/prebuild.sh b/scripts/prebuild.sh deleted file mode 100644 index 1c395abfd2e0f45628449683547ebb611cfeb1cc..0000000000000000000000000000000000000000 --- a/scripts/prebuild.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -VERSION=8.0.1 -IMAGE_NAME=opensource/keycloak -IMAGE_DIGEST=sha256:9a91f646de4becefbae9bd3e5e0cd8de21bf17a22055ccabff324798c2be68a0 -IMAGE_ID=09676d6523523e6f37932a604a63d53b3e605459cbecc999b3e95d6770a3ccd6 -NEXUS_REGISTRY=nexus-docker-secure.levelup-dev.io -NEXUS_TAG=${NEXUS_REGISTRY}/builder-${IMAGE_NAME}:${VERSION} - -set -e - -# pull builder image; no GPG/sha checks are necessary because an explicit content hash (i.e. image digest) is used -sudo podman pull docker.io/jboss/keycloak@${IMAGE_DIGEST} - -# re-tag image for Nexus Registry -sudo podman tag ${IMAGE_ID} ${NEXUS_TAG} - -# push newly tagged image -sudo podman push ${NEXUS_TAG} - -# clean up, including all tags for image -sudo podman rmi --force ${IMAGE_ID} - -# Image digest and ID can be retrieved by doing a `podman inspect` once you have pulled the Docker image by its tag on your local machine