From c730251f9a9049486a0c8297f0528ba1981951f4 Mon Sep 17 00:00:00 2001
From: Tyrone Faulhaber <20131658+spectrapulse@users.noreply.github.com>
Date: Sun, 17 Mar 2024 18:21:03 +0100
Subject: [PATCH]

---
 .dockerignore               |  2 ++
 .github/workflows/build.yml | 28 ++++++++++++++++++++
 Dockerfile                  | 38 ++++++++++++++++++++++++++
 README.md                   |  1 +
 docker-compose.yaml         | 53 +++++++++++++++++++++++++++++++++++++
 5 files changed, 122 insertions(+)
 create mode 100644 .dockerignore
 create mode 100644 .github/workflows/build.yml
 create mode 100644 Dockerfile
 create mode 100644 README.md
 create mode 100644 docker-compose.yaml

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..493bdb1
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,2 @@
+docker-compose.yaml
+README.md
\ No newline at end of file
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000..d3ccf04
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,28 @@
+on:
+    push: { branches: master }
+    workflow_dispatch: 
+
+jobs:
+  build: 
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-qemu-action@v3
+        with: { platforms: arm64 }
+      - uses: docker/setup-buildx-action@v3
+        with: 
+          config-inline: |
+            [worker.oci]
+              max-parallelism = 2
+          driver-opts: 
+            network=host
+      - uses: docker/login-action@v3
+        with: 
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: docker/build-push-action@v5
+        with: 
+          context: . 
+          platforms: linux/amd64,linux/arm64
+          tags: ghcr.io/${{ github.repository }}:latest
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..b9cd4cd
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,38 @@
+# Should be compatible with redhat/ubi9 | https://almalinux.org/blog/almalinux-container-images-update-full-rhel-ubi-compatibility/
+FROM almalinux/9-base AS ubi-micro-build
+
+# Preparing curl for final image so we can do internal healthchecks
+RUN mkdir -p /mnt/rootfs
+RUN dnf install --installroot /mnt/rootfs curl --releasever 9 --setopt instal_weak_deps=false --nodocs -y \
+    && dnf --installroot /mnt/roofs clean all \
+    && rpm --root /mnt/rootfs -e --nodeps setup
+
+
+FROM quay.io/keycloak/keycloak:24.0 as builder
+
+WORKDIR /opt/keycloak
+
+# Enable health and metrics
+ENV KC_HEALTH_ENABLED=true
+ENV KC_METRICS_ENABLED=true 
+
+# Configure DB vendor
+ENV KC_DB=mariadb
+
+RUN /opt/keycloak/bin/kc.sh build
+
+
+FROM quay.io/keycloak/keycloak:24.0 
+
+COPY --from=ubi-micro-build /mnt/rootfs /
+COPY --from=builder /opt/keycloak /opt/keycloak
+
+# To prevent the "Local access required" view
+ENV KEYCLOAK_ADMIN=admin 
+ENV KEYCLOAK_ADMIN_PASSWORD=admin
+
+HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \
+    CMD curl --head -fsS http://localhost:8080/health/ready
+
+ENTRYPOINT [ "/opt/keycloak/bin/kc.sh" ]
+CMD [ "start", "--optimized", "--proxy-headers=xforwarded", "--http-enabled=true", "--hostname-strict=false" ]
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..f87f5c1
--- /dev/null
+++ b/README.md
@@ -0,0 +1 @@
+# TODO
\ No newline at end of file
diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 0000000..44d8176
--- /dev/null
+++ b/docker-compose.yaml
@@ -0,0 +1,53 @@
+# A docker compose file for testing purposes
+version: "3.9"
+
+services: 
+  app:
+    build: .
+    depends_on: [ db ]
+    ports: 
+      - 127.0.0.1:8080:8080/tcp
+    environment:
+      - KC_DB_URL=jdbc:mariadb://db/keycloak
+      - KC_DB_USERNAME=keycloak 
+      - KC_DB_PASSWORD=keycloak
+    labels: 
+      - traefik.enable=true 
+      - traefik.http.routers.keycloak.tls=true
+      - traefik.http.routers.keycloak.entrypoints=web,websecure 
+      - traefik.http.routers.keycloak.rule=Host(`keycloak.localhost`)
+
+  db:
+    image: mariadb:11
+    healthcheck:
+      interval: 30s
+      retries: 3
+      test: [ "CMD", "healthcheck.sh", "--su-mysql", "--connect", "--innodb_initialized" ]
+      timeout: 30s
+    environment:
+      - MARIADB_ALLOW_EMPTY_ROOT_PASSWORD=true
+      - MARIADB_DATABASE=keycloak
+      - MARIADB_USER=keycloak
+      - MARIADB_PASSWORD=keycloak
+
+  proxy: 
+    image: traefik:v2.11
+    command: |
+      --api.insecure=true 
+      --providers.docker=true 
+      --providers.docker.exposedbydefault=false
+      --log.level=WARNING
+      --accesslog=true
+      --entrypoints.web.address=:80
+      --entrypoints.websecure.address=:443
+    ports: 
+      - 127.0.0.1:80:80/tcp
+      - 127.0.0.1:443:443/tcp
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    labels:
+      - traefik.enable=true 
+      - traefik.http.routers.traefik-dashboard.tls=true
+      - traefik.http.routers.traefik-dashboard.entrypoints=web,websecure
+      - traefik.http.routers.traefik-dashboard.service=api@internal
+      - traefik.http.routers.traefik-dashboard.rule=Host(`traefik.localhost`)
\ No newline at end of file