bump keycloak 9.x

Dockerfile

-ARG BASE_REGISTRY=nexus-docker-secure.levelup-dev.io
-ARG BASE_IMAGE=redhat/ubi/ubi8
+ARG BASE_REGISTRY=registry.access.redhat.com
+ARG BASE_IMAGE=ubi8
 ARG BASE_TAG=8.1
 
-# This builder image was pushed to Nexus using prebuild.sh and will be used to copy binaries from
-FROM keycloak-oss:8.0.1 AS builder
+FROM jboss/keycloak:9.0.3 AS builder
 
 # This is the base image
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
@@ -13,13 +12,13 @@ LABEL name="Keycloak" \
       vendor="Opensource" \
       summary="Keycloak Container" \
       maintainer="Red Hat <hojeda@redhat.com>" \
-      version="8.0.1"
+      version="9.0.3"
 
-ENV KEYCLOAK_VERSION="8.0.1" \
+ENV KEYCLOAK_VERSION="9.0.3" \
     JDBC_POSTGRES_VERSION="42.2.5" \
     JDBC_MYSQL_VERSION="5.1.46" \
-    JDBC_MARIADB_VERSION="2.2.3" \
-    JDBC_MSSQL_VERSION="7.4.1.jre8" \
+    JDBC_MARIADB_VERSION="2.5.4" \
+    JDBC_MSSQL_VERSION="7.4.1.jre11" \
     LAUNCH_JBOSS_IN_BACKGROUND="1" \
     PROXY_ADDRESS_FORWARDING="false" \
     JBOSS_HOME="/opt/jboss/keycloak" \
@@ -28,34 +27,21 @@ ENV KEYCLOAK_VERSION="8.0.1" \
     KEYCLOAK_USER_ID="1000" \
     KEYCLOAK_HOME="/opt/jboss"
 
+RUN dnf install -y hostname java-11-openjdk-headless openssl && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf
 
 # Copy binaries from builder image
 COPY --from=builder /opt/jboss /opt/jboss
 
-# Run as root for admin commands
-USER root
-
 # Create the user, fix file system ownership
 RUN useradd -u $KEYCLOAK_USER_ID -g 0 -M -d /opt/jboss $KEYCLOAK_USER_NAME && \
     chown -R ${KEYCLOAK_USER_NAME}:0 ${KEYCLOAK_HOME} && \
     chmod -R o-w /opt/jboss/keycloak
 
-# Install dependencies
-RUN yum update -y --disableplugin=subsciption-manager \
-                  --nogpgcheck \
-                  --disablerepo=unified_platform_ubi8_appstream \
-                  --disablerepo=unified_platform_ubi8_os && \
-    yum install -y --disableplugin=subsciption-manager \
-                  --nogpgcheck \
-                  --disablerepo=unified_platform_ubi8_appstream \
-                  --disablerepo=unified_platform_ubi8_os \
-                  hostname java-11-openjdk-headless openssl && \
-    yum clean all && [ ! -d /var/cache/yum ] || rm -rf /var/cache/yum
-
 USER ${KEYCLOAK_USER_ID}
 
-EXPOSE 8080
-EXPOSE 8443
+EXPOSE 8080 8443
 
 HEALTHCHECK --timeout=5m --start-period=2m --retries=3 CMD curl http://localhost/auth || exit 1
 

Jenkinsfile

 @Library('DCCSCR@master') _
-dccscrPipeline(version: "8.0.1")
+dccscrPipeline(version: "9.0.3")

README.md

-# Keycloak (Opensource) 8.0.1
+# Keycloak (Opensource) 9.0.3
 
-This is derived from https://hub.docker.com/layers/jboss/keycloak/8.0.1/images/sha256-9a91f646de4becefbae9bd3e5e0cd8de21bf17a22055ccabff324798c2be68a0
+This is derived from https://hub.docker.com/layers/jboss/keycloak/9.0.3/images/sha256-e327b52ed4dbdb1875250d6eaed803d7a5453d0ca3e8f2a35b662499293d684c
 
-More information: https://github.com/keycloak/keycloak-containers/blob/8.0.1
+More information: https://github.com/keycloak/keycloak-containers/blob/9.0.3
 ## Running the container
 
 In order to run the container, enter the following command: `podman run -d -p 8080:8080 <image name>.  Please see full Keycloak documentation for more information: https://www.keycloak.org/documentation.html.
@@ -32,4 +32,4 @@ If you've found a security vulnerability, please look at the [instructions on ho
 If you believe you have discovered a defect in Keycloak please open an issue in our [Issue Tracker](https://issues.jboss.org/projects/KEYCLOAK).
 Please remember to provide a good summary, description as well as steps to reproduce the issue.
 
-## [Keycloak Public Repo](https://github.com/keycloak/keycloak)
\ No newline at end of file
+## [Keycloak Public Repo](https://github.com/keycloak/keycloak)

download.yaml

 resources:
-  - url: "docker://docker.io/jboss/keycloak@sha256:9a91f646de4becefbae9bd3e5e0cd8de21bf17a22055ccabff324798c2be68a0"
-    tag: "keycloak-oss:8.0.1"
+  - url: "docker://docker.io/jboss/keycloak@sha256:e327b52ed4dbdb1875250d6eaed803d7a5453d0ca3e8f2a35b662499293d684c"
+    tag: "jboss/keycloak:9.0.3"

scripts/prebuild.sh

-#!/bin/bash
-
-VERSION=8.0.1
-IMAGE_NAME=opensource/keycloak
-IMAGE_DIGEST=sha256:9a91f646de4becefbae9bd3e5e0cd8de21bf17a22055ccabff324798c2be68a0
-IMAGE_ID=09676d6523523e6f37932a604a63d53b3e605459cbecc999b3e95d6770a3ccd6
-NEXUS_REGISTRY=nexus-docker-secure.levelup-dev.io
-NEXUS_TAG=${NEXUS_REGISTRY}/builder-${IMAGE_NAME}:${VERSION}
-
-set -e
-
-# pull builder image; no GPG/sha checks are necessary because an explicit content hash (i.e. image digest) is used
-sudo podman pull docker.io/jboss/keycloak@${IMAGE_DIGEST}
-
-# re-tag image for Nexus Registry
-sudo podman tag ${IMAGE_ID} ${NEXUS_TAG}
-
-# push newly tagged image
-sudo podman push ${NEXUS_TAG}
-
-# clean up, including all tags for image
-sudo podman rmi --force ${IMAGE_ID}
-
-# Image digest and ID can be retrieved by doing a `podman inspect` once you have pulled the Docker image by its tag on your local machine

[jenkins-gitlab]

Pipeline Status: SUCCESS
Branch: keycloak-version-bump

graph LR
  0([setup]):::INTERNAL_SUCCESS --> 1([Import Artifacts]):::SUCCESS --> 2((/)):::INTERNAL_SUCCESS --> 3([Stage Artifacts]):::SUCCESS --> 4((/)):::INTERNAL_SUCCESS --> 5([Build]):::SUCCESS --> 6([Publish, Scan & Report]):::INTERNAL_NOT_BUILT

classDef SUCCESS font-size:10px
classDef FAILURE fill:#f44, font-size:10px
classDef SKIPPED font-size:10px
classDef ABORTED fill:#889, font-size:10px
classDef INTERNAL_SUCCESS font-size:10px, stroke-dasharray: 2, 1
classDef INTERNAL_FAILURE fill:#f44, font-size:10px, stroke-dasharray: 2, 1
classDef INTERNAL_SKIPPED font-size:10px, stroke-dasharray: 2, 1
classDef INTERNAL_ABORTED fill:#889, font-size:10px, stroke-dasharray: 2, 1