From 4947806b4d64377ac00b9e1ac9153bdf4ef131c4 Mon Sep 17 00:00:00 2001 From: Sean Melissari Date: Thu, 16 Apr 2020 14:31:45 -0400 Subject: [PATCH] bump keycloak 9.x --- Dockerfile | 36 +++++++++++------------------------- Jenkinsfile | 2 +- README.md | 8 ++++---- download.yaml | 4 ++-- scripts/prebuild.sh | 24 ------------------------ 5 files changed, 18 insertions(+), 56 deletions(-) delete mode 100644 scripts/prebuild.sh diff --git a/Dockerfile b/Dockerfile index 09ce039..3dc3308 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,8 @@ -ARG BASE_REGISTRY=nexus-docker-secure.levelup-dev.io -ARG BASE_IMAGE=redhat/ubi/ubi8 +ARG BASE_REGISTRY=registry.access.redhat.com +ARG BASE_IMAGE=ubi8 ARG BASE_TAG=8.1 -# This builder image was pushed to Nexus using prebuild.sh and will be used to copy binaries from -FROM keycloak-oss:8.0.1 AS builder +FROM jboss/keycloak:9.0.3 AS builder # This is the base image FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} @@ -13,13 +12,13 @@ LABEL name="Keycloak" \ vendor="Opensource" \ summary="Keycloak Container" \ maintainer="Red Hat " \ - version="8.0.1" + version="9.0.3" -ENV KEYCLOAK_VERSION="8.0.1" \ +ENV KEYCLOAK_VERSION="9.0.3" \ JDBC_POSTGRES_VERSION="42.2.5" \ JDBC_MYSQL_VERSION="5.1.46" \ - JDBC_MARIADB_VERSION="2.2.3" \ - JDBC_MSSQL_VERSION="7.4.1.jre8" \ + JDBC_MARIADB_VERSION="2.5.4" \ + JDBC_MSSQL_VERSION="7.4.1.jre11" \ LAUNCH_JBOSS_IN_BACKGROUND="1" \ PROXY_ADDRESS_FORWARDING="false" \ JBOSS_HOME="/opt/jboss/keycloak" \ @@ -28,34 +27,21 @@ ENV KEYCLOAK_VERSION="8.0.1" \ KEYCLOAK_USER_ID="1000" \ KEYCLOAK_HOME="/opt/jboss" +RUN dnf install -y hostname java-11-openjdk-headless openssl && \ + dnf clean all && \ + rm -rf /var/cache/dnf # Copy binaries from builder image COPY --from=builder /opt/jboss /opt/jboss -# Run as root for admin commands -USER root - # Create the user, fix file system ownership RUN useradd -u $KEYCLOAK_USER_ID -g 0 -M -d /opt/jboss $KEYCLOAK_USER_NAME && \ chown -R ${KEYCLOAK_USER_NAME}:0 ${KEYCLOAK_HOME} && \ chmod -R o-w /opt/jboss/keycloak -# Install dependencies -RUN yum update -y --disableplugin=subsciption-manager \ - --nogpgcheck \ - --disablerepo=unified_platform_ubi8_appstream \ - --disablerepo=unified_platform_ubi8_os && \ - yum install -y --disableplugin=subsciption-manager \ - --nogpgcheck \ - --disablerepo=unified_platform_ubi8_appstream \ - --disablerepo=unified_platform_ubi8_os \ - hostname java-11-openjdk-headless openssl && \ - yum clean all && [ ! -d /var/cache/yum ] || rm -rf /var/cache/yum - USER ${KEYCLOAK_USER_ID} -EXPOSE 8080 -EXPOSE 8443 +EXPOSE 8080 8443 HEALTHCHECK --timeout=5m --start-period=2m --retries=3 CMD curl http://localhost/auth || exit 1 diff --git a/Jenkinsfile b/Jenkinsfile index 1f7713c..7131760 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,2 +1,2 @@ @Library('DCCSCR@master') _ -dccscrPipeline(version: "8.0.1") +dccscrPipeline(version: "9.0.3") diff --git a/README.md b/README.md index ecbe3d1..fe23fc1 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ -# Keycloak (Opensource) 8.0.1 +# Keycloak (Opensource) 9.0.3 -This is derived from https://hub.docker.com/layers/jboss/keycloak/8.0.1/images/sha256-9a91f646de4becefbae9bd3e5e0cd8de21bf17a22055ccabff324798c2be68a0 +This is derived from https://hub.docker.com/layers/jboss/keycloak/9.0.3/images/sha256-e327b52ed4dbdb1875250d6eaed803d7a5453d0ca3e8f2a35b662499293d684c -More information: https://github.com/keycloak/keycloak-containers/blob/8.0.1 +More information: https://github.com/keycloak/keycloak-containers/blob/9.0.3 ## Running the container In order to run the container, enter the following command: `podman run -d -p 8080:8080 . Please see full Keycloak documentation for more information: https://www.keycloak.org/documentation.html. @@ -32,4 +32,4 @@ If you've found a security vulnerability, please look at the [instructions on ho If you believe you have discovered a defect in Keycloak please open an issue in our [Issue Tracker](https://issues.jboss.org/projects/KEYCLOAK). Please remember to provide a good summary, description as well as steps to reproduce the issue. -## [Keycloak Public Repo](https://github.com/keycloak/keycloak) \ No newline at end of file +## [Keycloak Public Repo](https://github.com/keycloak/keycloak) diff --git a/download.yaml b/download.yaml index 5f337eb..3846588 100644 --- a/download.yaml +++ b/download.yaml @@ -1,3 +1,3 @@ resources: - - url: "docker://docker.io/jboss/keycloak@sha256:9a91f646de4becefbae9bd3e5e0cd8de21bf17a22055ccabff324798c2be68a0" - tag: "keycloak-oss:8.0.1" + - url: "docker://docker.io/jboss/keycloak@sha256:e327b52ed4dbdb1875250d6eaed803d7a5453d0ca3e8f2a35b662499293d684c" + tag: "jboss/keycloak:9.0.3" diff --git a/scripts/prebuild.sh b/scripts/prebuild.sh deleted file mode 100644 index 1c395ab..0000000 --- a/scripts/prebuild.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -VERSION=8.0.1 -IMAGE_NAME=opensource/keycloak -IMAGE_DIGEST=sha256:9a91f646de4becefbae9bd3e5e0cd8de21bf17a22055ccabff324798c2be68a0 -IMAGE_ID=09676d6523523e6f37932a604a63d53b3e605459cbecc999b3e95d6770a3ccd6 -NEXUS_REGISTRY=nexus-docker-secure.levelup-dev.io -NEXUS_TAG=${NEXUS_REGISTRY}/builder-${IMAGE_NAME}:${VERSION} - -set -e - -# pull builder image; no GPG/sha checks are necessary because an explicit content hash (i.e. image digest) is used -sudo podman pull docker.io/jboss/keycloak@${IMAGE_DIGEST} - -# re-tag image for Nexus Registry -sudo podman tag ${IMAGE_ID} ${NEXUS_TAG} - -# push newly tagged image -sudo podman push ${NEXUS_TAG} - -# clean up, including all tags for image -sudo podman rmi --force ${IMAGE_ID} - -# Image digest and ID can be retrieved by doing a `podman inspect` once you have pulled the Docker image by its tag on your local machine -- GitLab