fix quote #114

Workflow file for this run

.github/workflows/build-images.yml at 2dae69a

	---
	# desc: build container images, perform static tests then publish
	name: build-images

	on:
	push:
	branches:
	- "**"
	tags:
	- "---"
	pull_request_target:
	schedule:
	- cron: '0 3 * * *'

	jobs:
	lint:
	name: pre-commit
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- uses: actions/setup-python@v3
	- uses: pre-commit/[email protected]

	# TODO: document dedicated tagging system: git commit <== tags: keycloak-22-2024-03-04-001

	list-keycloak-versions:
	runs-on: ubuntu-latest
	outputs:
	matrix_keycloak_versions: ${{ steps.set-matrix.outputs.matrix_keycloak_versions }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: List Keycloak Versions from repository's folders
	id: set-matrix
	run: \|
	: # List folders matching the pattern keycloak-*
	: # Export the list as an output in JSON format
	matrix_json=$(printf "%s\n" keycloak-*/ \| grep -v 'keycloak-latest/' \| sed 's/\/$//' \| jq -R -s -c 'split("\n")[:-1]')
	echo "matrix_keycloak_versions=${matrix_json}" >> "$GITHUB_OUTPUT"
	echo "matrix_keycloak_versions=${matrix_json}"

	build-image:
	runs-on: ubuntu-latest
	if: ${{ github.event_name == 'push' }}
	outputs:
	full_image_name: ${{ steps.compute-image-name-step.outputs.full_image_name }}
	needs:
	- list-keycloak-versions
	strategy:
	fail-fast: false # don't propate failing jobs
	matrix:
	keycloak_version: ${{ fromJson(needs.list-keycloak-versions.outputs.matrix_keycloak_versions) }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Install if required common software tooling
	uses: camunda/infra-global-github-actions/common-tooling@main
	with:
	java-enabled: false
	yarn-enabled: false
	python-version: "3.12"

	- name: Import secrets
	uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
	id: secrets
	with:
	url: ${{ secrets.VAULT_ADDR }}
	method: approle
	roleId: ${{ secrets.VAULT_ROLE_ID }}
	secretId: ${{ secrets.VAULT_SECRET_ID }}
	secrets: \|
	secret/data/products/infrastructure-experience/ci/common MACHINE_PWD;
	secret/data/products/infrastructure-experience/ci/common MACHINE_USR;

	- name: Compute keycloak version
	id: compute-keycloak-version
	run: \|
	keycloak_version_number=$(echo "${{ matrix.keycloak_version }}" \| sed 's/keycloak-//')
	echo "keycloak_version_number=${keycloak_version_number}" >> "$GITHUB_OUTPUT"
	echo "keycloak_version_number=${keycloak_version_number}"

	- name: Build image using Camunda docker build
	id: build-image-step
	uses: camunda/infra-global-github-actions/build-docker-image@main
	with:
	registry_host: ${{ vars.CONTAINER_REGISTRY_CI }}
	registry_username: ${{ steps.secrets.outputs.MACHINE_USR }}
	registry_password: ${{ steps.secrets.outputs.MACHINE_PWD }}
	force_push: true
	image_name: ${{ vars.CONTAINER_IMAGE_NAME_CI }}
	build_context: "./${{ matrix.keycloak_version }}/"
	build_platforms: linux/amd64,linux/arm64
	extra_tags: \| # the ci- prefix ensures a build context, this image is treated as "temporary"
	type=sha,enable=true,priority=1000,prefix=ci-${{ steps.compute-keycloak-version.outputs.keycloak_version_number }}-sha-,suffix=,format=short

	- name: Compute target built image fully qualified name from metadata
	id: compute-image-name-step
	run: \|
	image_metadata='${{ steps.build-image-step.outputs.image_metadata }}'
	image_name=$(echo "${image_metadata}" \| tr -d '\n' \| jq -r '."image.name"' \| tr ',' '\n' \| head -n 1 \| tr -d ' ')
	digest=$(echo "${image_metadata}" \| tr -d '\n' \| jq -r '."containerimage.digest"')
	full_image_name="${image_name}@${digest}"
	echo "full_image_name=${full_image_name}" >> "$GITHUB_OUTPUT"
	echo "$full_image_name"

	## Write for matrix outputs workaround
	- uses: cloudposse/github-action-matrix-outputs-write@v1
	id: out
	with:
	matrix-step-name: ${{ github.job }}
	matrix-key: ${{ matrix.keycloak_version }}
	outputs: \|-
	full_image_name: ${{ steps.compute-image-name-step.outputs.full_image_name }}

	## Read matrix outputs
	read-build-image-output:
	runs-on: ubuntu-latest
	needs: [build-image]
	steps:
	- uses: cloudposse/github-action-matrix-outputs-read@v1
	id: read
	with:
	matrix-step-name: build-image
	outputs:
	result: "${{ steps.read.outputs.result }}"

	test-base-image:
	runs-on: ubuntu-latest
	needs:
	- list-keycloak-versions
	- build-image
	- read-build-image-output
	strategy:
	fail-fast: false # don't propate failing jobs
	matrix:
	keycloak_version: ${{ fromJson(needs.list-keycloak-versions.outputs.matrix_keycloak_versions) }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Install if required common software tooling
	uses: camunda/infra-global-github-actions/common-tooling@main
	with:
	java-enabled: false
	yarn-enabled: false
	python-version: "3"

	- name: Set Keycloak Version
	id: set-keycloak-version
	run: \|
	keycloak_image_version="${{ fromJson(needs.read-build-image-output.outputs.result).full_image_name[matrix.keycloak_version] }}"
	echo "keycloak_image_version=${keycloak_image_version}" >> "$GITHUB_ENV"
	echo "keycloak_image_version=${keycloak_image_version}"

	- name: Import secrets
	uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
	id: secrets
	with:
	url: ${{ secrets.VAULT_ADDR }}
	method: approle
	roleId: ${{ secrets.VAULT_ROLE_ID }}
	secretId: ${{ secrets.VAULT_SECRET_ID }}
	secrets: \|
	secret/data/products/infrastructure-experience/ci/common MACHINE_PWD;
	secret/data/products/infrastructure-experience/ci/common MACHINE_USR;

	- name: Login to the registry
	uses: docker/login-action@v3
	with:
	registry: ${{ vars.CONTAINER_REGISTRY_CI }}
	username: ${{ steps.secrets.outputs.MACHINE_USR }}
	password: ${{ steps.secrets.outputs.MACHINE_PWD }}

	- name: KeyCloak Show-Config
	run: \|
	docker run "${{ env.keycloak_image_version }}" show-config >> docker.log
	echo "config=$(< docker.log tr '\n' ' ')" >> "$GITHUB_ENV"

	- name: Assert Config
	env:
	CONFIG: ${{ env.config }}
	run: python3 ./.github/scripts/build-check/main.py

	test-postgres-integ:
	strategy:
	fail-fast: false # don't propate failing jobs
	matrix:
	runner_desc:
	- {runner: ubuntu-22.04, postgres_replicas: 1, keycloak_jdbc_protocol: "postgresql", keycloak_db_driver: org.postgresql.Driver, keycloak_db_host_template: "postgres", keycloak_db_jdbc_query: "", keycloak_db_port: "5432" }
	- {runner: aws-core-2-default, postgres_replicas: 0, keycloak_jdbc_protocol: "aws-wrapper:postgresql", keycloak_db_driver: software.amazon.jdbc.Driver, keycloak_db_host_template: "camunda-ci-eks-aurora-postgresql-{{ postgres_version }}.cluster-clnwzia8ptad.eu-central-1.rds.amazonaws.com", keycloak_db_jdbc_query: "?wrapperPlugins=iam&ssl=true&sslmode=require&sslrootcert=/certs/rds-ca-2019-root.pem", keycloak_db_port: "5432" }
	- {runner: aws-arm-core-2-default, postgres_replicas: 0, keycloak_jdbc_protocol: "aws-wrapper:postgresql", keycloak_db_driver: software.amazon.jdbc.Driver, keycloak_db_host_template: "camunda-ci-eks-aurora-postgresql-{{ postgres_version }}.cluster-clnwzia8ptad.eu-central-1.rds.amazonaws.com", keycloak_db_jdbc_query: "?wrapperPlugins=iam&ssl=true&sslmode=require&sslrootcert=/certs/rds-ca-2019-root.pem", keycloak_db_port: "5432" }
	# GCloud SQL is not tested yet as we don't have a dedicated db, fallback on integrated db
	- {runner: gcp-core-2-default, postgres_replicas: 1, keycloak_jdbc_protocol: "postgresql", keycloak_db_driver: org.postgresql.Driver, keycloak_db_host_template: "postgres", keycloak_db_jdbc_query: "", keycloak_db_port: "5432" }
	keycloak_version: ${{ fromJson(needs.list-keycloak-versions.outputs.matrix_keycloak_versions) }}
	runs-on: ${{ matrix.runner_desc.runner }}
	needs:
	- list-keycloak-versions
	- build-image
	- read-build-image-output
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Install if required common software tooling
	uses: camunda/infra-global-github-actions/common-tooling@main
	with:
	java-enabled: false
	yarn-enabled: false
	python-version: "3.11"
	python-cache: "pip"

	- name: Set Keycloak Version
	id: set-keycloak-version
	run: \|
	keycloak_image_version="${{ fromJson(needs.read-build-image-output.outputs.result).full_image_name[matrix.keycloak_version] }}"
	echo "keycloak_image_version=${keycloak_image_version}" >> "$GITHUB_ENV"
	echo "keycloak_image_version=${keycloak_image_version}"

	- name: Import secrets
	uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
	id: secrets
	with:
	url: ${{ secrets.VAULT_ADDR }}
	method: approle
	roleId: ${{ secrets.VAULT_ROLE_ID }}
	secretId: ${{ secrets.VAULT_SECRET_ID }}
	# for the moment, we share the secrets of the web-modeler for aurora
	secrets: \|
	secret/data/products/infrastructure-experience/ci/common MACHINE_PWD;
	secret/data/products/infrastructure-experience/ci/common MACHINE_USR;

	secret/data/products/web-modeler/ci/common AURORA_POSTGRESQL_PASSWORD;
	secret/data/products/web-modeler/ci/common AURORA_POSTGRESQL_USERNAME;

	- name: Compute AWS variables
	if: startsWith(matrix.runner_desc.runner, 'aws')
	run: \|
	: # aws aurora superuser is only used for bootstrapping a standard user that will auth using irsa
	echo "postgres_superuser=${{ steps.secrets.outputs.AURORA_POSTGRESQL_USERNAME }}" >> "$GITHUB_ENV"
	echo "postgres_superuser_password=${{ steps.secrets.outputs.AURORA_POSTGRESQL_PASSWORD }}" >> "$GITHUB_ENV"
	echo "postgres_superuser=${postgres_superuser}"

	echo "postgres_user=keycloak-irsa" >> "$GITHUB_ENV"
	echo "postgres_user=${postgres_user}"
	echo "postgres_password=" >> "$GITHUB_ENV"

	: # download rds ca certs
	curl https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem -o "rds-ca-2019-root.pem"

	echo "compose_keycloak_volume_1=./rds-ca-2019-root.pem:/certs/rds-ca-2019-root.pem" >> "$GITHUB_ENV"
	echo "compose_keycloak_volume_2=$AWS_WEB_IDENTITY_TOKEN_FILE:$AWS_WEB_IDENTITY_TOKEN_FILE" >> "$GITHUB_ENV"

	: # export AWS variables
	echo "AWS_STS_REGIONAL_ENDPOINTS=$AWS_STS_REGIONAL_ENDPOINTS" >> "$GITHUB_ENV"
	echo "AWS_STS_REGIONAL_ENDPOINTS=${AWS_STS_REGIONAL_ENDPOINTS}"
	echo "AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION" >> "$GITHUB_ENV"
	echo "AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION}"
	echo "AWS_REGION=$AWS_REGION" >> "$GITHUB_ENV"
	echo "AWS_REGION=${AWS_REGION}"
	echo "AWS_ROLE_ARN=$AWS_ROLE_ARN" >> "$GITHUB_ENV"
	echo "AWS_ROLE_ARN=${AWS_ROLE_ARN}"
	echo "AWS_WEB_IDENTITY_TOKEN_FILE=$AWS_WEB_IDENTITY_TOKEN_FILE" >> "$GITHUB_ENV"
	echo "AWS_WEB_IDENTITY_TOKEN_FILE=${AWS_WEB_IDENTITY_TOKEN_FILE}"

	- name: Compute Ubuntu variables
	if: startsWith(matrix.runner_desc.runner, 'ubuntu')
	run: \|
	: # we use plain values that will be used by the postgres container
	echo "postgres_user=keycloak" >> "$GITHUB_ENV"
	echo "postgres_password=password" >> "$GITHUB_ENV"
	echo "postgres_user=${postgres_user}"

	- name: Declare test recipe variables
	shell: bash
	run: \|

	if (( "${{ matrix.runner_desc.postgres_replicas }}" < 1 )); then
	echo "compose_keycloak_depends_on=" >> "$GITHUB_ENV"
	else
	echo "compose_keycloak_depends_on=postgres" >> "$GITHUB_ENV"
	fi

	: # ensure uniqueness of the db name
	postgres_database="infex-keycloak-db-$(uuidgen)-${{ github.sha }}"
	echo "postgres_database=${postgres_database}" >> "$GITHUB_ENV"
	echo "postgres_database=$postgres_database"

	: # get the postgres version to test
	keycloak_version_number="$(echo '${{ matrix.keycloak_version }}' \| sed 's/keycloak-//')"
	postgres_version="$(curl -s https://raw.githubusercontent.com/keycloak/keycloak/release/${keycloak_version_number}.0/pom.xml \| \
	awk -F'[><]' '/<postgresql.version>/{print $3}')"
	echo "postgres_version=${postgres_version}" >> "$GITHUB_ENV"
	echo "postgres_version=${postgres_version}"

	: # apply template on the address
	postgres_host=$(echo "${{ matrix.runner_desc.keycloak_db_host_template }}" \| sed "s/{{ postgres_version }}/${postgres_version}/g")
	echo "postgres_host=${postgres_host}" >> "$GITHUB_ENV"
	echo "postgres_host=${postgres_host}"

	: # compute the keycloak db url
	test_db_url="jdbc:${{ matrix.runner_desc.keycloak_jdbc_protocol }}://${postgres_host}:${{ matrix.runner_desc.keycloak_db_port }}/${postgres_database}${{ matrix.runner_desc.keycloak_db_jdbc_query }}"
	echo "test_db_url=${test_db_url}" >> "$GITHUB_ENV"
	echo "test_db_url=${test_db_url}"

	- name: Login to the registry
	uses: docker/login-action@v3
	with:
	registry: ${{ vars.CONTAINER_REGISTRY_CI }}
	username: ${{ steps.secrets.outputs.MACHINE_USR }}
	password: ${{ steps.secrets.outputs.MACHINE_PWD }}

	# TODO: cleanup all old databases on a regular basis

	# The self-hosted runner doesn't provide a postgres client and the prerequisites for make,
	# so we need to install them manually
	- name: Install required packages
	run: sudo apt-get update && sudo apt-get install -y build-essential postgresql-client

	- name: Tear up Aurora PG (aws only)
	if: startsWith(matrix.runner_desc.runner, 'aws')
	run: ./.helpers/actions/create-aurora-pg-db.sh
	env:
	PGDATABASE: "${{ env.postgres_database }}"
	PGHOST: ${{ env.postgres_host }}
	PGPORT: ${{ matrix.runner_desc.keycloak_db_port }}
	PGPASSWORD: ${{ env.postgres_superuser_password }}
	PGUSER: ${{ env.postgres_superuser }}
	PGUSER_IRSA: ${{ env.postgres_user }}

	- name: Test Aurora PG (aws only)
	if: startsWith(matrix.runner_desc.runner, 'aws')
	run: \|
	python3 -m pip install awscli

	PGPASSWORD="$(aws rds generate-db-auth-token --hostname ${{ env.postgres_host }} --port ${{ matrix.runner_desc.keycloak_db_port }} --region ${{ env.AWS_REGION }} --username ${{ env.postgres_user }})"
	export PGPASSWORD
	psql -h "${{ env.postgres_host }}" -p "${{ matrix.runner_desc.keycloak_db_port }}" "dbname=${{ env.postgres_database }} user=${{ env.postgres_user }}" -c 'SELECT version();'


	- name: Start Test Environment
	uses: ./.github/actions/compose
	with:
	compose_file: ${{ github.workspace }}/docker-compose.yml
	project_name: keycloak
	env:

	POSTGRES_DB: "${{ env.postgres_database }}"
	POSTGRES_USER: "${{ env.postgres_user }}"
	POSTGRES_PASSWORD: "${{ env.postgres_password }}"

	KC_DB_USERNAME: "${{ env.postgres_user }}"
	KC_DB_PASSWORD: "${{ env.postgres_password }}"
	KC_DB_DRIVER: "${{ matrix.runner_desc.keycloak_db_driver }}"
	KC_DB_URL: "${{ env.test_db_url }}"

	KEYCLOAK_LOG_LEVEL: "INFO,software.amazon.jdbc:FINEST"

	COMPOSE_POSTGRES_IMAGE: "postgres:${{ env.postgres_version }}"
	COMPOSE_POSTGRES_DEPLOY_REPLICAS: "${{ matrix.runner_desc.postgres_replicas }}"
	COMPOSE_KEYCLOAK_DEPENDS_ON: "${{ env.compose_keycloak_depends_on }}"
	COMPOSE_KEYCLOAK_VOLUME_1: "${{ env.compose_keycloak_volume_1 \|\| '/dev/null:/dummynull1' }}"
	COMPOSE_KEYCLOAK_VOLUME_2: "${{ env.compose_keycloak_volume_2 \|\| '/dev/null:/dummynull2' }}"
	COMPOSE_KEYCLOAK_IMAGE: "${{ env.keycloak_image_version }}"

	# AWS specific variables to forward, see https://confluence.camunda.com/pages/viewpage.action?pageId=178590693#IAMRolesforServiceAccountsTesting(IRSA)-EnvironmentVariables
	AWS_STS_REGIONAL_ENDPOINTS: "${{ env.AWS_STS_REGIONAL_ENDPOINTS }}"
	AWS_DEFAULT_REGION: "${{ env.AWS_DEFAULT_REGION }}"
	AWS_REGION: "${{ env.AWS_REGION }}"
	AWS_ROLE_ARN: "${{ env.AWS_ROLE_ARN }}"
	AWS_WEB_IDENTITY_TOKEN_FILE: "${{ env.AWS_WEB_IDENTITY_TOKEN_FILE }}"

	- name: Install dependencies
	run: \|
	python -m pip install --upgrade pip
	pip install -r ./.github/scripts/integration/requirements.txt

	- name: Test Environment
	run: python3 ./.github/scripts/integration/main.py

	- name: Tear down Aurora PG (aws only)
	if: startsWith(matrix.runner_desc.runner, 'aws')
	run: ./.helpers/actions/delete-aurora-pg-db.sh
	env:
	PGDATABASE: "${{ env.postgres_database }}"
	PGHOST: ${{ env.postgres_host }}
	PGPORT: ${{ matrix.runner_desc.keycloak_db_port }}
	PGPASSWORD: ${{ env.postgres_superuser_password }}
	PGUSER: ${{ env.postgres_superuser }}

	scan:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false # don't propate failing jobs
	matrix:
	keycloak_version: ${{ fromJson(needs.list-keycloak-versions.outputs.matrix_keycloak_versions) }}
	needs:
	- list-keycloak-versions
	- read-build-image-output
	steps:
	- uses: actions/checkout@v4

	- name: Import secrets
	uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
	id: secrets
	with:
	url: ${{ secrets.VAULT_ADDR }}
	method: approle
	roleId: ${{ secrets.VAULT_ROLE_ID }}
	secretId: ${{ secrets.VAULT_SECRET_ID }}
	secrets: \|
	secret/data/products/infrastructure-experience/ci/common MACHINE_PWD;
	secret/data/products/infrastructure-experience/ci/common MACHINE_USR;

	- name: Login to the registry
	uses: docker/login-action@v3
	with:
	registry: "${{ vars.CONTAINER_REGISTRY_CI }}"
	username: "${{ steps.secrets.outputs.MACHINE_USR }}"
	password: "${{ steps.secrets.outputs.MACHINE_PWD }}"

	- name: Set Keycloak Version
	id: set-keycloak-version
	run: \|
	keycloak_image_version="${{ fromJson(needs.read-build-image-output.outputs.result).full_image_name[matrix.keycloak_version] }}"
	echo "keycloak_image_version=${keycloak_image_version}" >> "$GITHUB_ENV"
	echo "keycloak_image_version=${keycloak_image_version}"

	- name: Pull the image
	run: \|
	docker pull "${{ env.keycloak_image_version }}"

	- name: Scan Docker image 🐳
	uses: snyk/actions/docker@master
	continue-on-error: true
	with:
	image: "${{ env.keycloak_image_version }}"
	args: --file="./${{ matrix.keycloak_version }}/Dockerfile" --severity-threshold=high --sarif-file-output=snyk.sarif
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

	- name: Upload Snyk report as sarif 📦
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: snyk.sarif

	publish-image:
	runs-on: ubuntu-latest
	if: startsWith(github.ref, 'refs/tags')
	strategy:
	fail-fast: false # don't propate failing jobs
	matrix:
	keycloak_version: ${{ fromJson(needs.list-keycloak-versions.outputs.matrix_keycloak_versions) }}
	needs:
	- lint
	- read-build-image-output
	- list-keycloak-versions
	- test-postgres-integ
	- scan
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Install if required common software tooling
	uses: camunda/infra-global-github-actions/common-tooling@main
	with:
	java-enabled: false
	yarn-enabled: false
	buildx-install: true

	- name: Import secrets
	uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
	id: secrets
	with:
	url: ${{ secrets.VAULT_ADDR }}
	method: approle
	roleId: ${{ secrets.VAULT_ROLE_ID }}
	secretId: ${{ secrets.VAULT_SECRET_ID }}
	secrets: \|
	secret/data/products/infrastructure-experience/ci/common MACHINE_PWD;
	secret/data/products/infrastructure-experience/ci/common MACHINE_USR;

	- name: Login to the registry
	uses: docker/login-action@v3
	with:
	registry: "${{ vars.CONTAINER_REGISTRY_CI }}"
	username: "${{ steps.secrets.outputs.MACHINE_USR }}"
	password: "${{ steps.secrets.outputs.MACHINE_PWD }}"

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	registry: "${{ vars.CONTAINER_REGISTRY }}"
	username: "${{ vars.DOCKERHUB_USERNAME }}"
	password: "${{ secrets.DOCKERHUB_TOKEN }}"

	- name: Set Keycloak Version
	id: set-keycloak-version
	run: \|
	keycloak_image_version="${{ fromJson(needs.read-build-image-output.outputs.result).full_image_name[matrix.keycloak_version] }}"
	echo "keycloak_image_version=${keycloak_image_version}" >> "$GITHUB_ENV"
	echo "keycloak_image_version=${keycloak_image_version}"

	dockerhub_target_name="${{ vars.CONTAINER_REGISTRY }}/${{ vars.CONTAINER_IMAGE_NAME }}"
	echo "dockerhub_target_name=${dockerhub_target_name}" >> "$GITHUB_ENV"
	echo "dockerhub_target_name=${dockerhub_target_name}"

	- name: Pull built image
	run: \|
	docker pull "${{ env.keycloak_image_version }}"

	- name: Retag and push the image
	run: \|
	docker tag "${{ env.keycloak_image_version }}" "${{ env.dockerhub_target_name }}:${{ matrix.keycloak_version }}"
	docker tag "${{ env.keycloak_image_version }}" "${{ env.dockerhub_target_name }}:${{ matrix.keycloak_version }}-latest"
	docker tag "${{ env.keycloak_image_version }}" "${{ env.dockerhub_target_name }}:${{ matrix.keycloak_version }}-${{github.ref_name}}"

	if [ "$(readlink keycloak-latest)" = "${{ matrix.keycloak_version }}" ]; then
	docker tag "${{ env.keycloak_image_version }}" "${{ env.dockerhub_target_name }}:latest"
	fi

	- name: Push the image
	run: \|
	docker push "${{ env.dockerhub_target_name }}" --all-tags

	release:
	runs-on: ubuntu-latest
	if: startsWith(github.ref, 'refs/tags')
	needs:
	- publish-image
	- list-keycloak-versions
	steps:
	- name: Build Changelog
	id: github_release
	uses: mikepenz/release-changelog-builder-action@v4
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Create Release
	uses: mikepenz/[email protected] #softprops/action-gh-release
	with:
	body: ${{steps.github_release.outputs.changelog}}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix quote #114

Workflow file

fix quote #114

Jobs

Run details

Workflow file for this run