Create SECURITY.md #2887
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI | |
env: | |
# https://github.com/actions/virtual-environments/issues/1499 | |
MAVEN_CLI_OPTS: '-ntp --batch-mode --errors --fail-at-end --show-version -Dmaven.wagon.httpconnectionManager.ttlSeconds=60 -Dmaven.wagon.http.retryHandler.count=3 -Dstyle.color=always' | |
TESTCONTAINERS_RYUK_DISABLED: 'true' | |
CT_CHART_DIRS: 'contrib/charts/' | |
CT_BUILD_ID: '${{ github.run_id }}' | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- 'README.md' | |
- 'CHANGELOG.md' | |
tags: | |
- 'v*' | |
permissions: | |
contents: write | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
timeout-minutes: 20 | |
strategy: | |
fail-fast: false | |
matrix: | |
env: | |
# we keep 18.0.2 for backwards compatibility with RH-SSO 7.6 | |
- KEYCLOAK_VERSION: 18.0.2 | |
- KEYCLOAK_VERSION: 21.1.2 | |
- KEYCLOAK_VERSION: 22.0.4 | |
- KEYCLOAK_VERSION: 23.0.7 | |
- KEYCLOAK_VERSION: 24.0.5 | |
- KEYCLOAK_VERSION: 25.0.1 | |
steps: | |
- uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
- name: Setup java | |
uses: actions/[email protected] | |
with: | |
distribution: 'temurin' | |
java-version: 21 | |
- uses: actions/[email protected] | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ matrix.env.KEYCLOAK_VERSION }}-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-maven-${{ matrix.env.KEYCLOAK_VERSION }} | |
- name: Adapt sources for Keycloak versions < 23.0.0 | |
if: ${{ matrix.env.KEYCLOAK_VERSION < '23.0.0' }} | |
run: | | |
echo "COMPATIBILITY_PROFILE=-Ppre-keycloak23" >> $GITHUB_ENV | |
- name: Adapt sources for Keycloak versions < 22.0.0 (jakarta -> javax) | |
if: ${{ matrix.env.KEYCLOAK_VERSION < '22.0.0' }} | |
run: | | |
echo "COMPATIBILITY_PROFILE=-Ppre-keycloak22" >> $GITHUB_ENV | |
echo "ADJUSTED_RESTEASY_VERSION=-Dresteasy.version=4.7.7.Final" >> $GITHUB_ENV | |
- name: Adapt sources for Keycloak versions < 19.0.0 | |
if: ${{ matrix.env.KEYCLOAK_VERSION < '19.0.0' }} | |
run: | | |
echo "COMPATIBILITY_PROFILE=-Ppre-keycloak19" >> $GITHUB_ENV | |
- name: Build & Test | |
run: ./mvnw ${MAVEN_CLI_OPTS} -Dkeycloak.version=${{ matrix.env.KEYCLOAK_VERSION }} ${ADJUSTED_RESTEASY_VERSION} clean verify -Pcoverage ${COMPATIBILITY_PROFILE} | |
- name: Upload coverage to Codecov | |
uses: codecov/[email protected] | |
if: github.ref == 'refs/heads/main' | |
with: | |
file: "${{ github.workspace }}/target/site/jacoco/jacoco.xml" | |
token: ${{ secrets.CODECOV_TOKEN }} | |
fail_ci_if_error: ${{ !startsWith(github.event.ref, 'refs/tags/v') }} | |
- name: Get latest keycloak version | |
id: latest | |
run: echo "::set-output name=VERSION::$(tail -n1 .env | cut -d= -f2)" | |
- name: Login to Docker Hub | |
uses: docker/[email protected] | |
if: startsWith(github.event.ref, 'refs/tags/v') | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Login to Quay.io | |
uses: docker/[email protected] | |
if: startsWith(github.event.ref, 'refs/tags/v') | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAYIO_USERNAME }} | |
password: ${{ secrets.QUAYIO_PASSWORD }} | |
- name: Expose GitHub Runtime | |
uses: crazy-max/[email protected] | |
- name: Compute SemVer parts of Keycloak version | |
id: keycloak_semver | |
uses: madhead/semver-utils@v4 | |
with: | |
version: ${{ matrix.env.KEYCLOAK_VERSION }} | |
- name: Set up Docker Build Metadata | |
id: docker_meta | |
uses: docker/[email protected] | |
with: | |
images: adorsys/keycloak-config-cli,quay.io/adorsys/keycloak-config-cli | |
flavor: | | |
latest=${{ !contains(github.ref_name, 'rc') && matrix.env.KEYCLOAK_VERSION == steps.latest.outputs.VERSION }} | |
suffix=-${{ matrix.env.KEYCLOAK_VERSION }} | |
tags: | | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,event=tag,pattern={{version}} | |
type=raw,event=tag,value=latest,enable=${{ !contains(github.ref_name, 'rc') }} | |
# alias tags without Keycloak minor/patch version | |
type=semver,event=tag,pattern={{version}},suffix=-${{ steps.keycloak_semver.outputs.major }} | |
type=raw,event=tag,value=latest,enable=${{ !contains(github.ref_name, 'rc') }},suffix=-${{ steps.keycloak_semver.outputs.major }} | |
labels: | | |
maintainer=adorsys GmbH & Co. KG | |
- name: Set up QEMU | |
uses: docker/[email protected] | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
- name: Build and push | |
uses: docker/[email protected] | |
with: | |
build-args: |- | |
KEYCLOAK_VERSION=${{ matrix.env.KEYCLOAK_VERSION }} | |
MAVEN_CLI_OPTS=${{ env.MAVEN_CLI_OPTS }} ${{ env.ADJUSTED_RESTEASY_VERSION }} ${{ env.COMPATIBILITY_PROFILE }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
context: . | |
pull: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
push: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
platforms: linux/amd64${{ startsWith(github.ref, 'refs/tags/v') && ',linux/arm64' || '' }} | |
labels: ${{ steps.docker_meta.outputs.labels }} | |
tags: ${{ steps.docker_meta.outputs.tags }} | |
- name: Create Checksum | |
run: | | |
cp target/keycloak-config-cli.jar keycloak-config-cli-${{ matrix.env.KEYCLOAK_VERSION }}.jar | |
sha256sum keycloak-config-cli-${{ matrix.env.KEYCLOAK_VERSION }}.jar > keycloak-config-cli-${{ matrix.env.KEYCLOAK_VERSION }}.jar.sha256 | |
- uses: actions/[email protected] | |
with: | |
name: keycloak-config-cli-${{ matrix.env.KEYCLOAK_VERSION }} | |
if-no-files-found: error | |
path: | | |
keycloak-config-cli-${{ matrix.env.KEYCLOAK_VERSION }}.jar | |
keycloak-config-cli-${{ matrix.env.KEYCLOAK_VERSION }}.jar.sha256 | |
build-pom-version: | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
strategy: | |
fail-fast: false | |
matrix: | |
java: [17, 21] | |
steps: | |
- uses: actions/[email protected] | |
- name: Setup java ${{ matrix.java }} | |
uses: actions/[email protected] | |
with: | |
distribution: 'temurin' | |
java-version: ${{ matrix.java }} | |
- uses: actions/[email protected] | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-${{ matrix.java }}-maven-build-pom-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-${{ matrix.java }}-maven-build-pom | |
- name: Adapt sources for Keycloak versions < 23.0.0 | |
if: ${{ matrix.env.KEYCLOAK_VERSION < '23.0.0' }} | |
run: | | |
echo "COMPATIBILITY_PROFILE=-Ppre-keycloak23" >> $GITHUB_ENV | |
- name: Adapt sources for Keycloak versions < 22.0.0 (jakarta -> javax) | |
if: ${{ matrix.env.KEYCLOAK_VERSION < '22.0.0' }} | |
run: | | |
echo "COMPATIBILITY_PROFILE=-Ppre-keycloak22" >> $GITHUB_ENV | |
echo "ADJUSTED_RESTEASY_VERSION=-Dresteasy.version=4.7.7.Final" >> $GITHUB_ENV | |
- name: Build & Test | |
run: ./mvnw ${MAVEN_CLI_OPTS} ${ADJUSTED_RESTEASY_VERSION} clean verify ${COMPATIBILITY_PROFILE} -Djava.version=${{ matrix.java }} | |
build-legacy: | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
strategy: | |
fail-fast: false | |
matrix: | |
env: | |
- KEYCLOAK_VERSION: 19.0.3 | |
steps: | |
- uses: actions/[email protected] | |
- name: Setup java | |
uses: actions/[email protected] | |
with: | |
distribution: 'temurin' | |
java-version: '21' | |
- uses: actions/[email protected] | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-keycloak-legacy-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-maven-keycloak-legacy | |
- name: Adapt sources for Keycloak versions < 23.0.0 | |
if: ${{ matrix.env.KEYCLOAK_VERSION < '23.0.0' }} | |
run: | | |
echo "COMPATIBILITY_PROFILE=-Ppre-keycloak23" >> $GITHUB_ENV | |
- name: Adapt sources for Keycloak versions < 22.0.0 (jakarta -> javax) | |
if: ${{ matrix.env.KEYCLOAK_VERSION < '22.0.0' }} | |
run: | | |
echo "COMPATIBILITY_PROFILE=-Ppre-keycloak22" >> $GITHUB_ENV | |
echo "ADJUSTED_RESTEASY_VERSION=-Dresteasy.version=4.7.7.Final" >> $GITHUB_ENV | |
- name: Build & Test | |
run: ./mvnw ${MAVEN_CLI_OPTS} -Dkeycloak.version=${{ matrix.env.KEYCLOAK_VERSION }} -Dkeycloak.dockerTagSuffix="-legacy" ${ADJUSTED_RESTEASY_VERSION} clean verify ${COMPATIBILITY_PROFILE} | |
lint-other-files: | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- uses: actions/[email protected] | |
- name: Lint .github/workflows/*.yaml files | |
uses: ibiqlik/[email protected] | |
with: | |
strict: true | |
file_or_dir: .github/workflows/ | |
config_data: | | |
extends: default | |
rules: | |
line-length: disable | |
truthy: | |
check-keys: false | |
- name: Fetch history | |
run: git fetch --prune --unshallow | |
- name: Set up Helm | |
uses: azure/[email protected] | |
with: | |
version: v3.4.0 | |
- uses: actions/[email protected] | |
with: | |
python-version: 3.7 | |
- uses: actions/[email protected] | |
with: | |
path: ~/.cache/pip | |
key: ${{ runner.os }}-pip-chart-testing-action | |
restore-keys: | | |
${{ runner.os }}-pip-chart-testing-action | |
- name: Set up chart-testing | |
uses: helm/[email protected] | |
- name: Run chart-testing (lint) | |
run: ct lint --config contrib/charts/ct.yaml | |
create_release: | |
name: Create Release | |
runs-on: ubuntu-latest | |
needs: [build] | |
if: startsWith(github.ref, 'refs/tags/v') | |
steps: | |
- uses: actions/[email protected] | |
with: | |
path: assets | |
- name: Write release tag without v | |
id: strip-v-tag | |
run: | | |
TAG=${GITHUB_REF_NAME#v} | |
echo Tag: $Tag | |
echo "::set-output name=tag::$TAG" | |
- name: Create Release | |
uses: softprops/[email protected] | |
with: | |
name: Release ${{ github.ref_name }} | |
draft: false | |
prerelease: ${{ contains(github.ref_name, 'rc') }} | |
files: | | |
assets/keycloak-config-cli-*/keycloak-config-cli-*.jar | |
assets/keycloak-config-cli-*/keycloak-config-cli-*.jar.sha256 | |
body: |- | |
# CHANGELOG | |
* https://github.com/adorsys/keycloak-config-cli/blob/${{ github.ref_name }}/CHANGELOG.md | |
## DockerHub | |
* https://hub.docker.com/r/adorsys/keycloak-config-cli/tags?name=${{ steps.strip-v-tag.outputs.tag }} | |
## Quay.io | |
* https://quay.io/repository/adorsys/keycloak-config-cli?tab=tags |