primesign · mschallar · Mar 4, 2024 · Mar 5, 2024 · Mar 4, 2024 · Mar 5, 2024
diff --git a/.github/actions/archive-surefire-reports/action.yml b/.github/actions/archive-surefire-reports/action.yml
@@ -7,7 +7,7 @@ inputs:
   release-branches:
     description: 'List of all related release branches (in JSON format)'
     required: false
-    default: '["refs/heads/release/22.0"]'
+    default: '["refs/heads/release/22.0","refs/heads/release/24.0"]'
   keep-days:
     description: 'For how many days to store the particular artifact.'
     required: false

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
diff --git a/.github/workflows/ci-docker.yml b/.github/workflows/ci-docker.yml
@@ -0,0 +1,67 @@
+name: Docker CI
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+env:
+  DEFAULT_JDK_VERSION: 17
+
+concurrency:
+  # Only run once for latest commit per ref and cancel other (previous) runs.
+  group: docker-ci-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    name: Build and push docker image
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin'
+          java-version: ${{ env.DEFAULT_JDK_VERSION }}
+          cache: 'maven'
+
+      - name: Build Keycloak
+        run: |
+          mvn clean install -DskipTestsuite -DskipExamples -DskipTests
+          mvn -f quarkus/pom.xml clean install -DskipTests
+
+      - name: Set up environment
+        run: cat release-details >> $GITHUB_ENV
+
+      - name: Copy keycloak artifact
+        run: cp quarkus/dist/target/keycloak-${{env.VERSION}}.tar.gz quarkus/container/
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Login to GitHub container registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: primesign-services
+          password: ${{ secrets.CR_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: quarkus/container
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          build-args: KEYCLOAK_DIST=keycloak-${{env.VERSION}}.tar.gz
+          tags: |
+            ghcr.io/primesign/keycloak:latest
+            ghcr.io/primesign/keycloak:${{env.VERSION}}
+            ghcr.io/primesign/keycloak:${{env.SHORT_VERSION}}
+
+      - name: Remove keycloak artifacts before caching
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: rm -rf ~/.m2/repository/org/keycloak
diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml
@@ -6,6 +6,7 @@ on:
       - main
       - dependabot/**
       - quarkus-next
+      - fb-*
   pull_request:
   workflow_dispatch:
 

diff --git a/.github/workflows/js-ci.yml b/.github/workflows/js-ci.yml
@@ -54,13 +54,13 @@ jobs:
       - name: Build Keycloak
         run: |
           ./mvnw clean install --errors -DskipTests -DskipTestsuite -DskipExamples -Pdistribution
-          mv ./quarkus/dist/target/keycloak-999.0.0-SNAPSHOT.tar.gz ./keycloak-999.0.0-SNAPSHOT.tar.gz
+          mv ./quarkus/dist/target/keycloak-24.0.5-PS-2.tar.gz ./keycloak-24.0.5-PS-2.tar.gz
 
       - name: Upload Keycloak dist
         uses: actions/upload-artifact@v3
         with:
           name: keycloak
-          path: keycloak-999.0.0-SNAPSHOT.tar.gz
+          path: keycloak-24.0.5-PS-2.tar.gz
 
   admin-client:
     name: Admin Client
@@ -214,8 +214,8 @@ jobs:
 
       - name: Start Keycloak server
         run: |
-          tar xfvz keycloak-999.0.0-SNAPSHOT.tar.gz
-          keycloak-999.0.0-SNAPSHOT/bin/kc.sh start-dev --features=transient-users &> ~/server.log &
+          tar xfvz keycloak-24.0.5-PS-2.tar.gz
+          keycloak-24.0.5-PS-2/bin/kc.sh start-dev --features=transient-users &> ~/server.log &
         env:
           KEYCLOAK_ADMIN: admin
           KEYCLOAK_ADMIN_PASSWORD: admin
@@ -297,8 +297,8 @@ jobs:
 
       - name: Start Keycloak server
         run: |
-          tar xfvz keycloak-999.0.0-SNAPSHOT.tar.gz
-          keycloak-999.0.0-SNAPSHOT/bin/kc.sh start-dev --features=admin-fine-grained-authz,transient-users &> ~/server.log &
+          tar xfvz keycloak-24.0.5-PS-2.tar.gz
+          keycloak-24.0.5-PS-2/bin/kc.sh start-dev --features=admin-fine-grained-authz,transient-users &> ~/server.log &
         env:
           KEYCLOAK_ADMIN: admin
           KEYCLOAK_ADMIN_PASSWORD: admin

diff --git a/.github/workflows/label.yml b/.github/workflows/label.yml
@@ -31,7 +31,7 @@ jobs:
             BACKPORT_LABEL="backport/main"
           elif [[ "$GITHUB_BASE_REF" = release/* ]]; then
             MAJOR_MINOR="$(echo $GITHUB_BASE_REF | cut -d '/' -f 2)"
-            LAST_MICRO="$(gh api /repos/$GITHUB_REPOSITORY/tags --jq .[].name | sort -n -r | grep $MAJOR_MINOR | head -n 1 | cut -d '.' -f 3)"
+            LAST_MICRO="$(gh api /repos/$GITHUB_REPOSITORY/tags --jq .[].name | sort -V -r | grep $MAJOR_MINOR | head -n 1 | cut -d '.' -f 3)"
             NEXT_MICRO="$(($LAST_MICRO + 1))"
             LABEL="release/$MAJOR_MINOR.$NEXT_MICRO"
             BACKPORT_LABEL="backport/$MAJOR_MINOR"

diff --git a/.github/workflows/operator-ci.yml b/.github/workflows/operator-ci.yml
@@ -10,8 +10,9 @@ on:
 
 env:
   MAVEN_ARGS: "-B -nsu -Daether.connector.http.connectionMaxTtl=25"
-  MINIKUBE_VERSION: v1.31.2
-  KUBERNETES_VERSION: v1.24.17 # OCP 4.11
+  MINIKUBE_VERSION: v1.32.0
+  KUBERNETES_VERSION: v1.27.10 # OCP 4.14
+  MINIKUBE_MEMORY: 4096 # Without explicitly setting memory, minikube uses ~25% of available memory which might be too little on smaller GitHub runners for running the tests
 
 defaults:
   run:
@@ -72,7 +73,7 @@ jobs:
           kubernetes version: ${{ env.KUBERNETES_VERSION }}
           github token: ${{ secrets.GITHUB_TOKEN }}
           driver: docker
-          start args: --addons=ingress
+          start args: --addons=ingress --memory=${{ env.MINIKUBE_MEMORY }}
 
       - name: Download keycloak distribution
         id: download-keycloak-dist
@@ -116,7 +117,7 @@ jobs:
           kubernetes version: ${{ env.KUBERNETES_VERSION }}
           github token: ${{ secrets.GITHUB_TOKEN }}
           driver: docker
-          start args: --addons=ingress
+          start args: --addons=ingress --memory=${{ env.MINIKUBE_MEMORY }}
 
       - name: Download keycloak distribution
         id: download-keycloak-dist
@@ -159,6 +160,7 @@ jobs:
           kubernetes version: ${{ env.KUBERNETES_VERSION }}
           github token: ${{ secrets.GITHUB_TOKEN }}
           driver: docker
+          start args: --memory=${{ env.MINIKUBE_MEMORY }}
 
       - name: Install OPM
         uses: redhat-actions/openshift-tools-installer@v1

diff --git a/.github/workflows/snyk-analysis.yml b/.github/workflows/snyk-analysis.yml
@@ -31,6 +31,7 @@ jobs:
 
       - name: Upload Quarkus scanner results to GitHub
         uses: github/codeql-action/upload-sarif@v3
+        continue-on-error: true
         with:
           sarif_file: quarkus-report.sarif
           category: snyk-quarkus-report

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -0,0 +1,39 @@
+---
+stages:
+  - build
+
+image: maven:3.6.3-openjdk-17
+
+
+variables:
+  MAVEN_OPTS: "-Dmaven.repo.local=${CI_PROJECT_DIR}/.m2/repository -Dhttps.protocols=TLSv1.2 -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true"
+  MAVEN_CLI_OPTS: "-f ${CI_PROJECT_DIR}/pom.xml -s ${CI_PROJECT_DIR}/.m2/settings.xml --batch-mode --errors --show-version -DskipTests -DskipExamples -DskipTestsuite -DinstallAtEnd=false -DdeployAtEnd=false"
+
+cache:
+  paths:
+    - .m2/repository
+
+build:
+  stage: build
+  only:
+    refs:
+      - main
+  except:
+    variables:
+      - $CI_COMMIT_MESSAGE =~ /\[maven-release-plugin\] prepare release/
+  script:
+    - mvn $MAVEN_CLI_OPTS $MAVEN_PROJECT_OPTS deploy
+
+build-fb:
+  stage: build
+  only:
+    refs:
+       # feature branch
+      - /^fb-.*$/
+       # bugfix branch
+      - /^fix-.*$/
+  except:
+    variables:
+      - $CI_COMMIT_MESSAGE =~ /\[maven-release-plugin\] prepare release/
+  script:
+    - mvn $MAVEN_CLI_OPTS $MAVEN_PROJECT_OPTS clean deploy
diff --git a/.m2/settings.xml b/.m2/settings.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<settings xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.1.0 http://maven.apache.org/xsd/settings-1.1.0.xsd" xmlns="http://maven.apache.org/SETTINGS/1.1.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <servers>
+    <server>
+      <id>releases</id>
+      <username>${env.MAVEN_REPO_USER}</username>
+      <password>${env.MAVEN_REPO_PASS}</password>
+    </server>
+    <server>
+      <id>snapshots</id>
+      <username>${env.MAVEN_REPO_USER}</username>
+      <password>${env.MAVEN_REPO_PASS}</password>
+    </server>
+  </servers>
+  <profiles>
+    <profile>
+      <repositories>
+        <repository>
+          <snapshots>
+            <enabled>false</enabled>
+          </snapshots>
+          <id>central</id>
+          <name>libs-releases</name>
+          <url>https://artifactory.intra.prime-sign.com/artifactory/libs-releases</url>
+        </repository>
+        <repository>
+          <snapshots />
+          <id>snapshots</id>
+          <name>libs-snapshots</name>
+          <url>https://artifactory.intra.prime-sign.com/artifactory/libs-snapshots</url>
+        </repository>
+        <repository>
+          <id>Redhat Repo</id>
+          <name>libs-snapshots</name>
+          <url>https://maven.repository.redhat.com/ga/</url>
+        </repository>
+      </repositories>
+      <pluginRepositories>
+        <pluginRepository>
+          <snapshots>
+            <enabled>false</enabled>
+          </snapshots>
+          <id>central</id>
+          <name>plugins-releases</name>
+          <url>https://artifactory.intra.prime-sign.com/artifactory/plugins-releases</url>
+        </pluginRepository>
+        <pluginRepository>
+          <snapshots />
+          <id>snapshots</id>
+          <name>plugins-snapshots</name>
+          <url>https://artifactory.intra.prime-sign.com/artifactory/plugins-snapshots</url>
+        </pluginRepository>
+      </pluginRepositories>
+      <id>artifactory</id>
+    </profile>
+  </profiles>
+  <activeProfiles>
+    <activeProfile>artifactory</activeProfile>
+  </activeProfiles>
+</settings>
diff --git a/adapters/oidc/adapter-core/pom.xml b/adapters/oidc/adapter-core/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>999.0.0-SNAPSHOT</version>
+        <version>24.0.5-PS-2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>

diff --git a/adapters/oidc/installed/pom.xml b/adapters/oidc/installed/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>999.0.0-SNAPSHOT</version>
+        <version>24.0.5-PS-2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>

diff --git a/adapters/oidc/jakarta-servlet-filter/pom.xml b/adapters/oidc/jakarta-servlet-filter/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>999.0.0-SNAPSHOT</version>
+        <version>24.0.5-PS-2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>

diff --git a/adapters/oidc/jaxrs-oauth-client/pom.xml b/adapters/oidc/jaxrs-oauth-client/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>999.0.0-SNAPSHOT</version>
+        <version>24.0.5-PS-2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>

diff --git a/adapters/oidc/jetty/jetty-core/pom.xml b/adapters/oidc/jetty/jetty-core/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>999.0.0-SNAPSHOT</version>
+        <version>24.0.5-PS-2</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>

diff --git a/adapters/oidc/jetty/jetty9.4/pom.xml b/adapters/oidc/jetty/jetty9.4/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>999.0.0-SNAPSHOT</version>
+        <version>24.0.5-PS-2</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>

diff --git a/adapters/oidc/jetty/pom.xml b/adapters/oidc/jetty/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>999.0.0-SNAPSHOT</version>
+        <version>24.0.5-PS-2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <name>Keycloak Jetty Integration</name>

diff --git a/adapters/oidc/js/pom.xml b/adapters/oidc/js/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>999.0.0-SNAPSHOT</version>
+        <version>24.0.5-PS-2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 

diff --git a/adapters/oidc/pom.xml b/adapters/oidc/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>999.0.0-SNAPSHOT</version>
+        <version>24.0.5-PS-2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <name>Keycloak OIDC Client Adapter Modules</name>