add schedule and release action #103
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# desc: build container images, perform static tests then publish | |
name: build-images | |
on: | |
push: | |
branches: | |
- "**" | |
tags: | |
- "*-*-*-*" | |
pull_request_target: | |
schedule: | |
- cron: '0 3 * * *' | |
jobs: | |
lint: | |
name: pre-commit | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v3 | |
- uses: pre-commit/[email protected] | |
# TODO: document dedicated tagging system: git commit <== tags: keycloak-22-2024-03-04-001 | |
list-keycloak-versions: | |
runs-on: ubuntu-latest | |
outputs: | |
matrix_keycloak_versions: ${{ steps.set-matrix.outputs.matrix_keycloak_versions }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: List Keycloak Versions from repository's folders | |
id: set-matrix | |
run: | | |
: # List folders matching the pattern keycloak-* | |
: # Export the list as an output in JSON format | |
matrix_json=$(printf "%s\n" keycloak-*/ | grep -v 'keycloak-latest/' | sed 's/\/$//' | jq -R -s -c 'split("\n")[:-1]') | |
echo "matrix_keycloak_versions=${matrix_json}" >> "$GITHUB_OUTPUT" | |
echo "matrix_keycloak_versions=${matrix_json}" | |
build-image: | |
runs-on: ubuntu-latest | |
if: ${{ github.event_name == 'push' }} | |
outputs: | |
full_image_name: ${{ steps.compute-image-name-step.outputs.full_image_name }} | |
needs: | |
- list-keycloak-versions | |
strategy: | |
matrix: | |
keycloak_version: ${{ fromJson(needs.list-keycloak-versions.outputs.matrix_keycloak_versions) }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install if required common software tooling | |
uses: camunda/infra-global-github-actions/common-tooling@main | |
with: | |
java-enabled: false | |
yarn-enabled: false | |
python-version: "3.12" | |
- name: Import secrets | |
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0 | |
id: secrets | |
with: | |
url: ${{ secrets.VAULT_ADDR }} | |
method: approle | |
roleId: ${{ secrets.VAULT_ROLE_ID }} | |
secretId: ${{ secrets.VAULT_SECRET_ID }} | |
secrets: | | |
secret/data/products/infrastructure-experience/ci/common MACHINE_PWD; | |
secret/data/products/infrastructure-experience/ci/common MACHINE_USR; | |
- name: Compute keycloak version | |
id: compute-keycloak-version | |
run: | | |
keycloak_version_number=$(echo "${{ matrix.keycloak_version }}" | sed 's/keycloak-//') | |
echo "keycloak_version_number=${keycloak_version_number}" >> "$GITHUB_OUTPUT" | |
echo "keycloak_version_number=${keycloak_version_number}" | |
- name: Build image using Camunda docker build | |
id: build-image-step | |
uses: camunda/infra-global-github-actions/build-docker-image@main | |
with: | |
registry_host: ${{ vars.CONTAINER_REGISTRY_CI }} | |
registry_username: ${{ steps.secrets.outputs.MACHINE_USR }} | |
registry_password: ${{ steps.secrets.outputs.MACHINE_PWD }} | |
force_push: true | |
image_name: ${{ vars.CONTAINER_IMAGE_NAME_CI }} | |
build_context: "./${{ matrix.keycloak_version }}/" | |
build_platforms: linux/amd64,linux/arm64 | |
extra_tags: | # the ci- prefix ensures a build context, this image is treated as "temporary" | |
type=sha,enable=true,priority=1000,prefix=ci-${{ steps.compute-keycloak-version.outputs.keycloak_version_number }}-sha-,suffix=,format=short | |
- name: Compute target built image fully qualified name from metadata | |
id: compute-image-name-step | |
run: | | |
image_metadata='${{ steps.build-image-step.outputs.image_metadata }}' | |
image_name=$(echo "${image_metadata}" | tr -d '\n' | jq -r '."image.name"' | tr ',' '\n' | head -n 1 | tr -d ' ') | |
digest=$(echo "${image_metadata}" | tr -d '\n' | jq -r '."containerimage.digest"') | |
full_image_name="${image_name}@${digest}" | |
echo "full_image_name=${full_image_name}" >> "$GITHUB_OUTPUT" | |
echo "$full_image_name" | |
## Write for matrix outputs workaround | |
- uses: cloudposse/github-action-matrix-outputs-write@v1 | |
id: out | |
with: | |
matrix-step-name: ${{ github.job }} | |
matrix-key: ${{ matrix.keycloak_version }} | |
outputs: |- | |
full_image_name: ${{ steps.compute-image-name-step.outputs.full_image_name }} | |
## Read matrix outputs | |
read-build-image-output: | |
runs-on: ubuntu-latest | |
needs: [build-image] | |
steps: | |
- uses: cloudposse/github-action-matrix-outputs-read@v1 | |
id: read | |
with: | |
matrix-step-name: build-image | |
outputs: | |
result: "${{ steps.read.outputs.result }}" | |
test-base-image: | |
runs-on: ubuntu-latest | |
needs: | |
- list-keycloak-versions | |
- build-image | |
- read-build-image-output | |
strategy: | |
matrix: | |
keycloak_version: ${{ fromJson(needs.list-keycloak-versions.outputs.matrix_keycloak_versions) }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install if required common software tooling | |
uses: camunda/infra-global-github-actions/common-tooling@main | |
with: | |
java-enabled: false | |
yarn-enabled: false | |
python-version: "3" | |
- name: Set Keycloak Version | |
id: set-keycloak-version | |
run: | | |
keycloak_image_version="${{ fromJson(needs.read-build-image-output.outputs.result).full_image_name[matrix.keycloak_version] }}" | |
echo "keycloak_image_version=${keycloak_image_version}" >> "$GITHUB_ENV" | |
echo "keycloak_image_version=${keycloak_image_version}" | |
- name: Import secrets | |
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0 | |
id: secrets | |
with: | |
url: ${{ secrets.VAULT_ADDR }} | |
method: approle | |
roleId: ${{ secrets.VAULT_ROLE_ID }} | |
secretId: ${{ secrets.VAULT_SECRET_ID }} | |
secrets: | | |
secret/data/products/infrastructure-experience/ci/common MACHINE_PWD; | |
secret/data/products/infrastructure-experience/ci/common MACHINE_USR; | |
- name: Login to the registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ vars.CONTAINER_REGISTRY_CI }} | |
username: ${{ steps.secrets.outputs.MACHINE_USR }} | |
password: ${{ steps.secrets.outputs.MACHINE_PWD }} | |
- name: KeyCloak Show-Config | |
run: | | |
docker run "${{ env.keycloak_image_version }}" show-config >> docker.log | |
echo "config=$(< docker.log tr '\n' ' ')" >> "$GITHUB_ENV" | |
- name: Assert Config | |
env: | |
CONFIG: ${{ env.config }} | |
run: python3 ./.github/scripts/build-check/main.py | |
test-postgres-integ: | |
strategy: | |
fail-fast: false # don't propate failing jobs | |
matrix: | |
runner_desc: | |
- {runner: ubuntu-22.04, postgres_replicas: 1, keycloak_jdbc_protocol: "postgresql", keycloak_db_driver: org.postgresql.Driver, keycloak_db_host_template: "postgres", keycloak_db_jdbc_query: "", keycloak_db_port: "5432" } | |
- {runner: aws-core-2-default, postgres_replicas: 0, keycloak_jdbc_protocol: "aws-wrapper:postgresql", keycloak_db_driver: software.amazon.jdbc.Driver, keycloak_db_host_template: "camunda-ci-eks-aurora-postgresql-{{ postgres_version }}.cluster-clnwzia8ptad.eu-central-1.rds.amazonaws.com", keycloak_db_jdbc_query: "?wrapperPlugins=iam&ssl=true&sslmode=require&sslrootcert=/certs/rds-ca-2019-root.pem", keycloak_db_port: "5432" } | |
- {runner: aws-arm-core-2-default, postgres_replicas: 0, keycloak_jdbc_protocol: "aws-wrapper:postgresql", keycloak_db_driver: software.amazon.jdbc.Driver, keycloak_db_host_template: "camunda-ci-eks-aurora-postgresql-{{ postgres_version }}.cluster-clnwzia8ptad.eu-central-1.rds.amazonaws.com", keycloak_db_jdbc_query: "?wrapperPlugins=iam&ssl=true&sslmode=require&sslrootcert=/certs/rds-ca-2019-root.pem", keycloak_db_port: "5432" } | |
# GCloud SQL is not tested yet as we don't have a dedicated db, fallback on integrated db | |
- {runner: gcp-core-2-default, postgres_replicas: 1, keycloak_jdbc_protocol: "postgresql", keycloak_db_driver: org.postgresql.Driver, keycloak_db_host_template: "postgres", keycloak_db_jdbc_query: "", keycloak_db_port: "5432" } | |
postgres_version: [15] # reference: https://www.keycloak.org/server/db | |
# TODO: re-enable keycloak-22 if needed | |
keycloak_version: ${{ fromJson(needs.list-keycloak-versions.outputs.matrix_keycloak_versions) }} | |
runs-on: ${{ matrix.runner_desc.runner }} | |
needs: | |
- list-keycloak-versions | |
- build-image | |
- read-build-image-output | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install if required common software tooling | |
uses: camunda/infra-global-github-actions/common-tooling@main | |
with: | |
java-enabled: false | |
yarn-enabled: false | |
python-version: "3.11" | |
python-cache: "pip" | |
- name: Set Keycloak Version | |
id: set-keycloak-version | |
run: | | |
keycloak_image_version="${{ fromJson(needs.read-build-image-output.outputs.result).full_image_name[matrix.keycloak_version] }}" | |
echo "keycloak_image_version=${keycloak_image_version}" >> "$GITHUB_ENV" | |
echo "keycloak_image_version=${keycloak_image_version}" | |
- name: Import secrets | |
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0 | |
id: secrets | |
with: | |
url: ${{ secrets.VAULT_ADDR }} | |
method: approle | |
roleId: ${{ secrets.VAULT_ROLE_ID }} | |
secretId: ${{ secrets.VAULT_SECRET_ID }} | |
# for the moment, we share the secrets of the web-modeler for aurora | |
secrets: | | |
secret/data/products/infrastructure-experience/ci/common MACHINE_PWD; | |
secret/data/products/infrastructure-experience/ci/common MACHINE_USR; | |
secret/data/products/web-modeler/ci/common AURORA_POSTGRESQL_PASSWORD; | |
secret/data/products/web-modeler/ci/common AURORA_POSTGRESQL_USERNAME; | |
- name: Compute AWS variables | |
if: startsWith(matrix.runner_desc.runner, 'aws') | |
run: | | |
: # aws aurora superuser is only used for bootstrapping a standard user that will auth using irsa | |
echo "postgres_superuser=${{ steps.secrets.outputs.AURORA_POSTGRESQL_USERNAME }}" >> "$GITHUB_ENV" | |
echo "postgres_superuser_password=${{ steps.secrets.outputs.AURORA_POSTGRESQL_PASSWORD }}" >> "$GITHUB_ENV" | |
echo "postgres_superuser=${postgres_superuser}" | |
echo "postgres_user=keycloak-irsa" >> "$GITHUB_ENV" | |
echo "postgres_user=${postgres_user}" | |
echo "postgres_password=" >> "$GITHUB_ENV" | |
: # download rds ca certs | |
curl https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem -o "rds-ca-2019-root.pem" | |
echo "compose_keycloak_volume_1=./rds-ca-2019-root.pem:/certs/rds-ca-2019-root.pem" >> "$GITHUB_ENV" | |
echo "compose_keycloak_volume_2=$AWS_WEB_IDENTITY_TOKEN_FILE:$AWS_WEB_IDENTITY_TOKEN_FILE" >> "$GITHUB_ENV" | |
: # export AWS variables | |
echo "AWS_STS_REGIONAL_ENDPOINTS=$AWS_STS_REGIONAL_ENDPOINTS" >> "$GITHUB_ENV" | |
echo "AWS_STS_REGIONAL_ENDPOINTS=${AWS_STS_REGIONAL_ENDPOINTS}" | |
echo "AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION" >> "$GITHUB_ENV" | |
echo "AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION}" | |
echo "AWS_REGION=$AWS_REGION" >> "$GITHUB_ENV" | |
echo "AWS_REGION=${AWS_REGION}" | |
echo "AWS_ROLE_ARN=$AWS_ROLE_ARN" >> "$GITHUB_ENV" | |
echo "AWS_ROLE_ARN=${AWS_ROLE_ARN}" | |
echo "AWS_WEB_IDENTITY_TOKEN_FILE=$AWS_WEB_IDENTITY_TOKEN_FILE" >> "$GITHUB_ENV" | |
echo "AWS_WEB_IDENTITY_TOKEN_FILE=${AWS_WEB_IDENTITY_TOKEN_FILE}" | |
- name: Compute Ubuntu variables | |
if: startsWith(matrix.runner_desc.runner, 'ubuntu') | |
run: | | |
: # we use plain values that will be used by the postgres container | |
echo "postgres_user=keycloak" >> "$GITHUB_ENV" | |
echo "postgres_password=password" >> "$GITHUB_ENV" | |
echo "postgres_user=${postgres_user}" | |
- name: Declare test recipe variables | |
shell: bash | |
run: | | |
if (( "${{ matrix.runner_desc.postgres_replicas }}" < 1 )); then | |
echo "compose_keycloak_depends_on=" >> "$GITHUB_ENV" | |
else | |
echo "compose_keycloak_depends_on=postgres" >> "$GITHUB_ENV" | |
fi | |
: # ensure uniqueness of the db name | |
postgres_database="db-${{ matrix.runner_desc.runner }}-${{ github.sha }}" | |
echo "postgres_database=${postgres_database}" >> "$GITHUB_ENV" | |
echo "postgres_database=$postgres_database" | |
: # apply template on the address | |
postgres_host=$(echo "${{ matrix.runner_desc.keycloak_db_host_template }}" | sed "s/{{ postgres_version }}/${{ matrix.postgres_version }}/g") | |
echo "postgres_host=${postgres_host}" >> "$GITHUB_ENV" | |
echo "postgres_host=${postgres_host}" | |
: # compute the keycloak db url | |
test_db_url="jdbc:${{ matrix.runner_desc.keycloak_jdbc_protocol }}://${postgres_host}:${{ matrix.runner_desc.keycloak_db_port }}/${postgres_database}${{ matrix.runner_desc.keycloak_db_jdbc_query }}" | |
echo "test_db_url=${test_db_url}" >> "$GITHUB_ENV" | |
echo "test_db_url=${test_db_url}" | |
- name: Login to the registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ vars.CONTAINER_REGISTRY_CI }} | |
username: ${{ steps.secrets.outputs.MACHINE_USR }} | |
password: ${{ steps.secrets.outputs.MACHINE_PWD }} | |
# TODO: cleanup all old databases on a regular basis | |
# The self-hosted runner doesn't provide a postgres client and the prerequisites for make, | |
# so we need to install them manually | |
- name: Install required packages | |
run: sudo apt-get update && sudo apt-get install -y build-essential postgresql-client | |
- name: Tear up Aurora PG (aws only) | |
if: startsWith(matrix.runner_desc.runner, 'aws') | |
run: ./.helpers/actions/create-aurora-pg-db.sh | |
env: | |
PGDATABASE: "${{ env.postgres_database }}" | |
PGHOST: ${{ env.postgres_host }} | |
PGPORT: ${{ matrix.runner_desc.keycloak_db_port }} | |
PGPASSWORD: ${{ env.postgres_superuser_password }} | |
PGUSER: ${{ env.postgres_superuser }} | |
PGUSER_IRSA: ${{ env.postgres_user }} | |
- name: Test Aurora PG (aws only) | |
if: startsWith(matrix.runner_desc.runner, 'aws') | |
run: | | |
python3 -m pip install awscli | |
PGPASSWORD="$(aws rds generate-db-auth-token --hostname ${{ env.postgres_host }} --port ${{ matrix.runner_desc.keycloak_db_port }} --region ${{ env.AWS_REGION }} --username ${{ env.postgres_user }})" | |
export PGPASSWORD | |
psql -h "${{ env.postgres_host }}" -p "${{ matrix.runner_desc.keycloak_db_port }}" "dbname=${{ env.postgres_database }} user=${{ env.postgres_user }}" -c 'SELECT version();' | |
- name: Start Test Environment | |
uses: ./.github/actions/compose | |
with: | |
compose_file: ${{ github.workspace }}/docker-compose.yml | |
project_name: keycloak | |
env: | |
POSTGRES_DB: "${{ env.postgres_database }}" | |
POSTGRES_USER: "${{ env.postgres_user }}" | |
POSTGRES_PASSWORD: "${{ env.postgres_password }}" | |
KC_DB_USERNAME: "${{ env.postgres_user }}" | |
KC_DB_PASSWORD: "${{ env.postgres_password }}" | |
KC_DB_DRIVER: "${{ matrix.runner_desc.keycloak_db_driver }}" | |
KC_DB_URL: "${{ env.test_db_url }}" | |
KEYCLOAK_LOG_LEVEL: "INFO,software.amazon.jdbc:FINEST" | |
COMPOSE_POSTGRES_IMAGE: "postgres:${{ matrix.postgres_version }}" | |
COMPOSE_POSTGRES_DEPLOY_REPLICAS: "${{ matrix.runner_desc.postgres_replicas }}" | |
COMPOSE_KEYCLOAK_DEPENDS_ON: "${{ env.compose_keycloak_depends_on }}" | |
COMPOSE_KEYCLOAK_VOLUME_1: "${{ env.compose_keycloak_volume_1 || '/dev/null:/dummynull1' }}" | |
COMPOSE_KEYCLOAK_VOLUME_2: "${{ env.compose_keycloak_volume_2 || '/dev/null:/dummynull2' }}" | |
COMPOSE_KEYCLOAK_IMAGE: "${{ env.keycloak_image_version }}" | |
# AWS specific variables to forward, see https://confluence.camunda.com/pages/viewpage.action?pageId=178590693#IAMRolesforServiceAccountsTesting(IRSA)-EnvironmentVariables | |
AWS_STS_REGIONAL_ENDPOINTS: "${{ env.AWS_STS_REGIONAL_ENDPOINTS }}" | |
AWS_DEFAULT_REGION: "${{ env.AWS_DEFAULT_REGION }}" | |
AWS_REGION: "${{ env.AWS_REGION }}" | |
AWS_ROLE_ARN: "${{ env.AWS_ROLE_ARN }}" | |
AWS_WEB_IDENTITY_TOKEN_FILE: "${{ env.AWS_WEB_IDENTITY_TOKEN_FILE }}" | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install -r ./.github/scripts/integration/requirements.txt | |
- name: Test Environment | |
run: python3 ./.github/scripts/integration/main.py | |
- name: Tear down Aurora PG (aws only) | |
if: startsWith(matrix.runner_desc.runner, 'aws') | |
run: ./.helpers/actions/delete-aurora-pg-db.sh | |
env: | |
PGDATABASE: "${{ env.postgres_database }}" | |
PGHOST: ${{ env.postgres_host }} | |
PGPORT: ${{ matrix.runner_desc.keycloak_db_port }} | |
PGPASSWORD: ${{ env.postgres_superuser_password }} | |
PGUSER: ${{ env.postgres_superuser }} | |
scan: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
# TODO: renable | |
# keycloak_version: [keycloak-22, keycloak-23] | |
keycloak_version: ${{ fromJson(needs.list-keycloak-versions.outputs.matrix_keycloak_versions) }} | |
needs: | |
- list-keycloak-versions | |
- read-build-image-output | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Import secrets | |
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0 | |
id: secrets | |
with: | |
url: ${{ secrets.VAULT_ADDR }} | |
method: approle | |
roleId: ${{ secrets.VAULT_ROLE_ID }} | |
secretId: ${{ secrets.VAULT_SECRET_ID }} | |
secrets: | | |
secret/data/products/infrastructure-experience/ci/common MACHINE_PWD; | |
secret/data/products/infrastructure-experience/ci/common MACHINE_USR; | |
- name: Login to the registry | |
uses: docker/login-action@v3 | |
with: | |
registry: "${{ vars.CONTAINER_REGISTRY_CI }}" | |
username: "${{ steps.secrets.outputs.MACHINE_USR }}" | |
password: "${{ steps.secrets.outputs.MACHINE_PWD }}" | |
- name: Set Keycloak Version | |
id: set-keycloak-version | |
run: | | |
keycloak_image_version="${{ fromJson(needs.read-build-image-output.outputs.result).full_image_name[matrix.keycloak_version] }}" | |
echo "keycloak_image_version=${keycloak_image_version}" >> "$GITHUB_ENV" | |
echo "keycloak_image_version=${keycloak_image_version}" | |
- name: Pull the image | |
run: | | |
docker pull "${{ env.keycloak_image_version }}" | |
- name: Scan Docker image 🐳 | |
uses: snyk/actions/docker@master | |
continue-on-error: true | |
with: | |
image: "${{ env.keycloak_image_version }}" | |
args: --file="./${{ matrix.keycloak_version }}/Dockerfile" --severity-threshold=high --sarif-file-output=snyk.sarif | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
- name: Upload Snyk report as sarif 📦 | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: snyk.sarif | |
publish-image: | |
runs-on: ubuntu-latest | |
if: startsWith(github.ref, 'refs/tags') | |
strategy: | |
matrix: | |
# TODO: renable | |
# keycloak_version: [keycloak-22, keycloak-23] | |
keycloak_version: ${{ fromJson(needs.list-keycloak-versions.outputs.matrix_keycloak_versions) }} | |
needs: | |
- lint | |
- read-build-image-output | |
- list-keycloak-versions | |
- test-postgres-integ | |
- scan | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install if required common software tooling | |
uses: camunda/infra-global-github-actions/common-tooling@main | |
with: | |
java-enabled: false | |
yarn-enabled: false | |
buildx-install: true | |
- name: Import secrets | |
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0 | |
id: secrets | |
with: | |
url: ${{ secrets.VAULT_ADDR }} | |
method: approle | |
roleId: ${{ secrets.VAULT_ROLE_ID }} | |
secretId: ${{ secrets.VAULT_SECRET_ID }} | |
secrets: | | |
secret/data/products/infrastructure-experience/ci/common MACHINE_PWD; | |
secret/data/products/infrastructure-experience/ci/common MACHINE_USR; | |
- name: Login to the registry | |
uses: docker/login-action@v3 | |
with: | |
registry: "${{ vars.CONTAINER_REGISTRY_CI }}" | |
username: "${{ steps.secrets.outputs.MACHINE_USR }}" | |
password: "${{ steps.secrets.outputs.MACHINE_PWD }}" | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
registry: "${{ vars.CONTAINER_REGISTRY }}" | |
username: "${{ vars.DOCKERHUB_USERNAME }}" | |
password: "${{ secrets.DOCKERHUB_TOKEN }}" | |
- name: Set Keycloak Version | |
id: set-keycloak-version | |
run: | | |
keycloak_image_version="${{ fromJson(needs.read-build-image-output.outputs.result).full_image_name[matrix.keycloak_version] }}" | |
echo "keycloak_image_version=${keycloak_image_version}" >> "$GITHUB_ENV" | |
echo "keycloak_image_version=${keycloak_image_version}" | |
dockerhub_target_name="${{ vars.CONTAINER_REGISTRY }}/${{ vars.CONTAINER_IMAGE_NAME }}:${{ matrix.keycloak_version }}" | |
echo "dockerhub_target_name=${dockerhub_target_name}" >> "$GITHUB_ENV" | |
echo "dockerhub_target_name=${dockerhub_target_name}" | |
- name: Pull built image | |
run: | | |
docker pull "${{ env.keycloak_image_version }}" | |
- name: Retag and push the image | |
run: | | |
docker tag "${{ env.keycloak_image_version }}" "${{ env.dockerhub_target_name }}" | |
docker tag "${{ env.keycloak_image_version }}" "${{ env.dockerhub_target_name }}-latest" | |
docker tag "${{ env.keycloak_image_version }}" "${{ env.dockerhub_target_name }}-${{github.ref_name}}" | |
- name: Push the image | |
run: | | |
docker push "${{ env.dockerhub_target_name }}" --all-tags | |
release: | |
runs-on: ubuntu-latest | |
if: startsWith(github.ref, 'refs/tags') | |
needs: | |
- publish-image | |
- list-keycloak-versions | |
steps: | |
- name: Build Changelog | |
id: github_release | |
uses: mikepenz/release-changelog-builder-action@v4 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create Release | |
uses: mikepenz/[email protected] #softprops/action-gh-release | |
with: | |
body: ${{steps.github_release.outputs.changelog}} |