moritzschmitz-oviva/Dockerfile Secret

## before-some-realm.json
{
  "id": "some-realm",
  "realm": "some-realm",
  "attributes": {
    "cibaBackchannelTokenDeliveryMode": "poll",
    "cibaExpiresIn": "120",
    "cibaAuthRequestedUserHint": "login_hint",
    "parRequestUriLifespan": "60",
    "cibaInterval": "5",
    "realmReusableOtpCode": "false"
  }
}

## changes-some-realm.json
{
  "id": "some-realm",
  "realm": "some-realm",
  "displayName": "displayName"
}

## compose.yml
version: '3.8'
services:
  mysql:
    image: mysql:8
    environment:
      MYSQL_ROOT_PASSWORD: root
      MYSQL_DATABASE: keycloak
      MYSQL_USER: keycloak
      MYSQL_PASSWORD: keycloak
    healthcheck:
      test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"]
      interval: 5s
      timeout: 5s
      retries: 30
  idp:
    build:
      dockerfile: ./Dockerfile
    env_file: ./env.properties
    ports:
      - "127.0.0.1:8080:8080"
    entrypoint:
      - /opt/keycloak/bin/kc.sh
    command:
      - start-dev
    healthcheck:
      test: ["CMD-SHELL", "exec 3<>/dev/tcp/localhost/8080 && echo -e 'GET /auth/health/ready HTTP/1.1\\r\\nHost: localhost\\r\\nConnection: close\\r\\n\\r\\n' >&3 && cat <&3 | grep -q '200 OK'"]
      interval: 5s
      timeout: 5s
      retries: 30
    depends_on:
      mysql:
        condition: service_healthy
  import:
    build:
      dockerfile: ./Dockerfile
    env_file: ./env.properties
    volumes:
      - ./before:/before:ro
    entrypoint:
      - /opt/keycloak/bin/kc.sh
    command:
      - --verbose
      - import
      - --optimized
      - --dir=/before
    depends_on:
      mysql:
        condition: service_healthy
      idp:
        condition: service_healthy
  kcc:
    image: quay.io/adorsys/keycloak-config-cli:5.12.0-23.0.7
    environment:
      KEYCLOAK_URL: http://idp:8080/auth
      KEYCLOAK_USER: admin
      KEYCLOAK_PASSWORD: admin
      IMPORT_FILES_LOCATIONS: /changes/*-realm.json
    volumes:
      - ./changes:/changes:ro
    depends_on:
      import:
        condition: service_completed_successfully
  export:
    build:
      dockerfile: ./Dockerfile
    env_file: ./env.properties
    volumes:
      - ./after:/after:rw
    entrypoint:
      - /opt/keycloak/bin/kc.sh
    command:
      - --verbose
      - export
      - --optimized
      - --dir=/after
      - --users=skip
    depends_on:
      kcc:
        condition: service_completed_successfully

## Dockerfile
FROM quay.io/keycloak/keycloak:23.0.7

ENV KC_CACHE=local
ENV KC_DB=mysql

RUN /opt/keycloak/bin/kc.sh build

## env.properties
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=admin
KC_HOSTNAME=localhost
KC_HOSTNAME_STRICT_HTTPS=false
KC_DB_URL=jdbc:mysql://mysql:3306/keycloak
KC_DB_USERNAME=keycloak
KC_DB_PASSWORD=keycloak
KC_CACHE=local
KC_HTTP_RELATIVE_PATH=/auth
KC_HEALTH_ENABLED=true
	{
	"id": "some-realm",
	"realm": "some-realm",
	"attributes": {
	"cibaBackchannelTokenDeliveryMode": "poll",
	"cibaExpiresIn": "120",
	"cibaAuthRequestedUserHint": "login_hint",
	"parRequestUriLifespan": "60",
	"cibaInterval": "5",
	"realmReusableOtpCode": "false"
	}
	}
	{
	"id": "some-realm",
	"realm": "some-realm",
	"displayName": "displayName"
	}
	version: '3.8'
	services:
	mysql:
	image: mysql:8
	environment:
	MYSQL_ROOT_PASSWORD: root
	MYSQL_DATABASE: keycloak
	MYSQL_USER: keycloak
	MYSQL_PASSWORD: keycloak
	healthcheck:
	test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"]
	interval: 5s
	timeout: 5s
	retries: 30
	idp:
	build:
	dockerfile: ./Dockerfile
	env_file: ./env.properties
	ports:
	- "127.0.0.1:8080:8080"
	entrypoint:
	- /opt/keycloak/bin/kc.sh
	command:
	- start-dev
	healthcheck:
	test: ["CMD-SHELL", "exec 3<>/dev/tcp/localhost/8080 && echo -e 'GET /auth/health/ready HTTP/1.1\\r\\nHost: localhost\\r\\nConnection: close\\r\\n\\r\\n' >&3 && cat <&3 \| grep -q '200 OK'"]
	interval: 5s
	timeout: 5s
	retries: 30
	depends_on:
	mysql:
	condition: service_healthy
	import:
	build:
	dockerfile: ./Dockerfile
	env_file: ./env.properties
	volumes:
	- ./before:/before:ro
	entrypoint:
	- /opt/keycloak/bin/kc.sh
	command:
	- --verbose
	- import
	- --optimized
	- --dir=/before
	depends_on:
	mysql:
	condition: service_healthy
	idp:
	condition: service_healthy
	kcc:
	image: quay.io/adorsys/keycloak-config-cli:5.12.0-23.0.7
	environment:
	KEYCLOAK_URL: http://idp:8080/auth
	KEYCLOAK_USER: admin
	KEYCLOAK_PASSWORD: admin
	IMPORT_FILES_LOCATIONS: /changes/*-realm.json
	volumes:
	- ./changes:/changes:ro
	depends_on:
	import:
	condition: service_completed_successfully
	export:
	build:
	dockerfile: ./Dockerfile
	env_file: ./env.properties
	volumes:
	- ./after:/after:rw
	entrypoint:
	- /opt/keycloak/bin/kc.sh
	command:
	- --verbose
	- export
	- --optimized
	- --dir=/after
	- --users=skip
	depends_on:
	kcc:
	condition: service_completed_successfully
	FROM quay.io/keycloak/keycloak:23.0.7

	ENV KC_CACHE=local
	ENV KC_DB=mysql

	RUN /opt/keycloak/bin/kc.sh build
	KEYCLOAK_ADMIN=admin
	KEYCLOAK_ADMIN_PASSWORD=admin
	KC_HOSTNAME=localhost
	KC_HOSTNAME_STRICT_HTTPS=false
	KC_DB_URL=jdbc:mysql://mysql:3306/keycloak
	KC_DB_USERNAME=keycloak
	KC_DB_PASSWORD=keycloak
	KC_CACHE=local
	KC_HTTP_RELATIVE_PATH=/auth
	KC_HEALTH_ENABLED=true