Skip to content

Create SECURITY.md #2887

Create SECURITY.md

Create SECURITY.md #2887

Workflow file for this run

---
name: CI
env:
# https://github.com/actions/virtual-environments/issues/1499
MAVEN_CLI_OPTS: '-ntp --batch-mode --errors --fail-at-end --show-version -Dmaven.wagon.httpconnectionManager.ttlSeconds=60 -Dmaven.wagon.http.retryHandler.count=3 -Dstyle.color=always'
TESTCONTAINERS_RYUK_DISABLED: 'true'
CT_CHART_DIRS: 'contrib/charts/'
CT_BUILD_ID: '${{ github.run_id }}'
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
on:
pull_request:
push:
branches:
- main
paths-ignore:
- 'README.md'
- 'CHANGELOG.md'
tags:
- 'v*'
permissions:
contents: write
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 20
strategy:
fail-fast: false
matrix:
env:
# we keep 18.0.2 for backwards compatibility with RH-SSO 7.6
- KEYCLOAK_VERSION: 18.0.2
- KEYCLOAK_VERSION: 21.1.2
- KEYCLOAK_VERSION: 22.0.4
- KEYCLOAK_VERSION: 23.0.7
- KEYCLOAK_VERSION: 24.0.5
- KEYCLOAK_VERSION: 25.0.1
steps:
- uses: actions/[email protected]
with:
fetch-depth: 0
- name: Setup java
uses: actions/[email protected]
with:
distribution: 'temurin'
java-version: 21
- uses: actions/[email protected]
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ matrix.env.KEYCLOAK_VERSION }}-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-maven-${{ matrix.env.KEYCLOAK_VERSION }}
- name: Adapt sources for Keycloak versions < 23.0.0
if: ${{ matrix.env.KEYCLOAK_VERSION < '23.0.0' }}
run: |
echo "COMPATIBILITY_PROFILE=-Ppre-keycloak23" >> $GITHUB_ENV
- name: Adapt sources for Keycloak versions < 22.0.0 (jakarta -> javax)
if: ${{ matrix.env.KEYCLOAK_VERSION < '22.0.0' }}
run: |
echo "COMPATIBILITY_PROFILE=-Ppre-keycloak22" >> $GITHUB_ENV
echo "ADJUSTED_RESTEASY_VERSION=-Dresteasy.version=4.7.7.Final" >> $GITHUB_ENV
- name: Adapt sources for Keycloak versions < 19.0.0
if: ${{ matrix.env.KEYCLOAK_VERSION < '19.0.0' }}
run: |
echo "COMPATIBILITY_PROFILE=-Ppre-keycloak19" >> $GITHUB_ENV
- name: Build & Test
run: ./mvnw ${MAVEN_CLI_OPTS} -Dkeycloak.version=${{ matrix.env.KEYCLOAK_VERSION }} ${ADJUSTED_RESTEASY_VERSION} clean verify -Pcoverage ${COMPATIBILITY_PROFILE}
- name: Upload coverage to Codecov
uses: codecov/[email protected]
if: github.ref == 'refs/heads/main'
with:
file: "${{ github.workspace }}/target/site/jacoco/jacoco.xml"
token: ${{ secrets.CODECOV_TOKEN }}
fail_ci_if_error: ${{ !startsWith(github.event.ref, 'refs/tags/v') }}
- name: Get latest keycloak version
id: latest
run: echo "::set-output name=VERSION::$(tail -n1 .env | cut -d= -f2)"
- name: Login to Docker Hub
uses: docker/[email protected]
if: startsWith(github.event.ref, 'refs/tags/v')
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Login to Quay.io
uses: docker/[email protected]
if: startsWith(github.event.ref, 'refs/tags/v')
with:
registry: quay.io
username: ${{ secrets.QUAYIO_USERNAME }}
password: ${{ secrets.QUAYIO_PASSWORD }}
- name: Expose GitHub Runtime
uses: crazy-max/[email protected]
- name: Compute SemVer parts of Keycloak version
id: keycloak_semver
uses: madhead/semver-utils@v4
with:
version: ${{ matrix.env.KEYCLOAK_VERSION }}
- name: Set up Docker Build Metadata
id: docker_meta
uses: docker/[email protected]
with:
images: adorsys/keycloak-config-cli,quay.io/adorsys/keycloak-config-cli
flavor: |
latest=${{ !contains(github.ref_name, 'rc') && matrix.env.KEYCLOAK_VERSION == steps.latest.outputs.VERSION }}
suffix=-${{ matrix.env.KEYCLOAK_VERSION }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,event=tag,pattern={{version}}
type=raw,event=tag,value=latest,enable=${{ !contains(github.ref_name, 'rc') }}
# alias tags without Keycloak minor/patch version
type=semver,event=tag,pattern={{version}},suffix=-${{ steps.keycloak_semver.outputs.major }}
type=raw,event=tag,value=latest,enable=${{ !contains(github.ref_name, 'rc') }},suffix=-${{ steps.keycloak_semver.outputs.major }}
labels: |
maintainer=adorsys GmbH & Co. KG
- name: Set up QEMU
uses: docker/[email protected]
- name: Set up Docker Buildx
uses: docker/[email protected]
- name: Build and push
uses: docker/[email protected]
with:
build-args: |-
KEYCLOAK_VERSION=${{ matrix.env.KEYCLOAK_VERSION }}
MAVEN_CLI_OPTS=${{ env.MAVEN_CLI_OPTS }} ${{ env.ADJUSTED_RESTEASY_VERSION }} ${{ env.COMPATIBILITY_PROFILE }}
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
pull: ${{ startsWith(github.ref, 'refs/tags/v') }}
push: ${{ startsWith(github.ref, 'refs/tags/v') }}
platforms: linux/amd64${{ startsWith(github.ref, 'refs/tags/v') && ',linux/arm64' || '' }}
labels: ${{ steps.docker_meta.outputs.labels }}
tags: ${{ steps.docker_meta.outputs.tags }}
- name: Create Checksum
run: |
cp target/keycloak-config-cli.jar keycloak-config-cli-${{ matrix.env.KEYCLOAK_VERSION }}.jar
sha256sum keycloak-config-cli-${{ matrix.env.KEYCLOAK_VERSION }}.jar > keycloak-config-cli-${{ matrix.env.KEYCLOAK_VERSION }}.jar.sha256
- uses: actions/[email protected]
with:
name: keycloak-config-cli-${{ matrix.env.KEYCLOAK_VERSION }}
if-no-files-found: error
path: |
keycloak-config-cli-${{ matrix.env.KEYCLOAK_VERSION }}.jar
keycloak-config-cli-${{ matrix.env.KEYCLOAK_VERSION }}.jar.sha256
build-pom-version:
runs-on: ubuntu-latest
timeout-minutes: 10
strategy:
fail-fast: false
matrix:
java: [17, 21]
steps:
- uses: actions/[email protected]
- name: Setup java ${{ matrix.java }}
uses: actions/[email protected]
with:
distribution: 'temurin'
java-version: ${{ matrix.java }}
- uses: actions/[email protected]
with:
path: ~/.m2/repository
key: ${{ runner.os }}-${{ matrix.java }}-maven-build-pom-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-${{ matrix.java }}-maven-build-pom
- name: Adapt sources for Keycloak versions < 23.0.0
if: ${{ matrix.env.KEYCLOAK_VERSION < '23.0.0' }}
run: |
echo "COMPATIBILITY_PROFILE=-Ppre-keycloak23" >> $GITHUB_ENV
- name: Adapt sources for Keycloak versions < 22.0.0 (jakarta -> javax)
if: ${{ matrix.env.KEYCLOAK_VERSION < '22.0.0' }}
run: |
echo "COMPATIBILITY_PROFILE=-Ppre-keycloak22" >> $GITHUB_ENV
echo "ADJUSTED_RESTEASY_VERSION=-Dresteasy.version=4.7.7.Final" >> $GITHUB_ENV
- name: Build & Test
run: ./mvnw ${MAVEN_CLI_OPTS} ${ADJUSTED_RESTEASY_VERSION} clean verify ${COMPATIBILITY_PROFILE} -Djava.version=${{ matrix.java }}
build-legacy:
runs-on: ubuntu-latest
timeout-minutes: 10
strategy:
fail-fast: false
matrix:
env:
- KEYCLOAK_VERSION: 19.0.3
steps:
- uses: actions/[email protected]
- name: Setup java
uses: actions/[email protected]
with:
distribution: 'temurin'
java-version: '21'
- uses: actions/[email protected]
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-keycloak-legacy-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-keycloak-legacy
- name: Adapt sources for Keycloak versions < 23.0.0
if: ${{ matrix.env.KEYCLOAK_VERSION < '23.0.0' }}
run: |
echo "COMPATIBILITY_PROFILE=-Ppre-keycloak23" >> $GITHUB_ENV
- name: Adapt sources for Keycloak versions < 22.0.0 (jakarta -> javax)
if: ${{ matrix.env.KEYCLOAK_VERSION < '22.0.0' }}
run: |
echo "COMPATIBILITY_PROFILE=-Ppre-keycloak22" >> $GITHUB_ENV
echo "ADJUSTED_RESTEASY_VERSION=-Dresteasy.version=4.7.7.Final" >> $GITHUB_ENV
- name: Build & Test
run: ./mvnw ${MAVEN_CLI_OPTS} -Dkeycloak.version=${{ matrix.env.KEYCLOAK_VERSION }} -Dkeycloak.dockerTagSuffix="-legacy" ${ADJUSTED_RESTEASY_VERSION} clean verify ${COMPATIBILITY_PROFILE}
lint-other-files:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/[email protected]
- name: Lint .github/workflows/*.yaml files
uses: ibiqlik/[email protected]
with:
strict: true
file_or_dir: .github/workflows/
config_data: |
extends: default
rules:
line-length: disable
truthy:
check-keys: false
- name: Fetch history
run: git fetch --prune --unshallow
- name: Set up Helm
uses: azure/[email protected]
with:
version: v3.4.0
- uses: actions/[email protected]
with:
python-version: 3.7
- uses: actions/[email protected]
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-chart-testing-action
restore-keys: |
${{ runner.os }}-pip-chart-testing-action
- name: Set up chart-testing
uses: helm/[email protected]
- name: Run chart-testing (lint)
run: ct lint --config contrib/charts/ct.yaml
create_release:
name: Create Release
runs-on: ubuntu-latest
needs: [build]
if: startsWith(github.ref, 'refs/tags/v')
steps:
- uses: actions/[email protected]
with:
path: assets
- name: Write release tag without v
id: strip-v-tag
run: |
TAG=${GITHUB_REF_NAME#v}
echo Tag: $Tag
echo "::set-output name=tag::$TAG"
- name: Create Release
uses: softprops/[email protected]
with:
name: Release ${{ github.ref_name }}
draft: false
prerelease: ${{ contains(github.ref_name, 'rc') }}
files: |
assets/keycloak-config-cli-*/keycloak-config-cli-*.jar
assets/keycloak-config-cli-*/keycloak-config-cli-*.jar.sha256
body: |-
# CHANGELOG
* https://github.com/adorsys/keycloak-config-cli/blob/${{ github.ref_name }}/CHANGELOG.md
## DockerHub
* https://hub.docker.com/r/adorsys/keycloak-config-cli/tags?name=${{ steps.strip-v-tag.outputs.tag }}
## Quay.io
* https://quay.io/repository/adorsys/keycloak-config-cli?tab=tags