Refactored dockerfiles into one file (#138)

.github/workflows/build.yaml

@@ -19,7 +19,7 @@ jobs:
       - run: echo "timestamp=`date +"%Y%m%d-%H%M%S"`" >> $GITHUB_ENV
       - run: echo "version=`mvn help:evaluate -Dexpression=version.org.keycloak -DforceStdout -q`" >> $GITHUB_ENV
       - run: echo "major=`mvn help:evaluate -Dexpression=version.org.keycloak -DforceStdout -q | cut -d. -f1`" >> $GITHUB_ENV
-      - run: mvn -B -ntp prepare-package -Dimage.tag=${{ env.version }}-${{ env.timestamp }}
+      - run: mvn -B -ntp prepare-package -Dcheck.skip -Dimage.tag=${{ env.version }}-${{ env.timestamp }}
       - uses: docker/setup-qemu-action@v3
       - uses: docker/setup-buildx-action@v3
       - name: docker/login-action docker.io
@@ -102,38 +102,35 @@ jobs:
             ${{ env.version }}-${{ env.timestamp }}-distroless-import
             ${{ env.major }}-distroless-import
             ${{ env.major }}-${{ env.timestamp }}-distroless-import
-      - name: docker/build-push-action base
-        uses: docker/build-push-action@v5
-        with:
-          context: target/docker/base
-          push: true
-          platforms: linux/amd64,linux/arm64
-          tags: docker.io/kokuwaio/keycloak:${{ env.version }}-${{ env.timestamp }}-base
       - name: docker/build-push-action temurin
         uses: docker/build-push-action@v5
         with:
-          context: target/docker/temurin
+          context: target/docker
           push: true
           platforms: linux/amd64,linux/arm64
           tags: ${{ steps.temurin.outputs.tags }}
+          target: temurin
       - name: docker/build-push-action temurin-import
         uses: docker/build-push-action@v5
         with:
-          context: target/docker/temurin-import
+          context: target/docker
           push: true
           platforms: linux/amd64,linux/arm64
           tags: ${{ steps.temurin-import.outputs.tags }}
+          target: temurin-import
       - name: docker/build-push-action distroless
         uses: docker/build-push-action@v5
         with:
-          context: target/docker/distroless
+          context: target/docker
           push: true
           platforms: linux/amd64
           tags: ${{ steps.distroless.outputs.tags }}
+          target: distroless
       - name: docker/build-push-action distroless-import
         uses: docker/build-push-action@v5
         with:
-          context: target/docker/distroless-import
+          context: target/docker
           push: true
           platforms: linux/amd64
           tags: ${{ steps.distroless-import.outputs.tags }}
+          target: distroless-import

.github/workflows/ci.yaml

@@ -34,15 +34,11 @@ jobs:
 
   dockerfile:
     runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        context: [base, temurin, temurin-import, distroless, distroless-import]
     steps:
       - uses: actions/checkout@v4
       - uses: hadolint/[email protected]
         with:
-          dockerfile: src/main/docker/${{ matrix.context }}/Dockerfile
+          dockerfile: src/main/docker/Dockerfile
 
   verify:
     runs-on: ubuntu-latest

pom.xml

@@ -169,13 +169,13 @@
 									<artifactId>keycloak-quarkus-dist</artifactId>
 									<version>${version.org.keycloak}</version>
 									<type>tar.gz</type>
-									<outputDirectory>${project.build.directory}/docker/base</outputDirectory>
+									<outputDirectory>${project.build.directory}/docker</outputDirectory>
 								</artifactItem>
 								<artifactItem>
 									<groupId>io.kokuwa.keycloak</groupId>
 									<artifactId>keycloak-event-metrics</artifactId>
 									<version>${version.io.kokuwa.keycloak.metrics}</version>
-									<outputDirectory>${project.build.directory}/docker/temurin</outputDirectory>
+									<outputDirectory>${project.build.directory}/docker</outputDirectory>
 								</artifactItem>
 							</artifactItems>
 						</configuration>
@@ -246,21 +246,6 @@
 				<groupId>org.codehaus.mojo</groupId>
 				<artifactId>exec-maven-plugin</artifactId>
 				<executions>
-					<execution>
-						<id>docker-base</id>
-						<phase>package</phase>
-						<goals>
-							<goal>exec</goal>
-						</goals>
-						<configuration>
-							<arguments>
-								<argument>build</argument>
-								<argument>--tag</argument>
-								<argument>${image.name}:${image.tag}-base</argument>
-								<argument>base</argument>
-							</arguments>
-						</configuration>
-					</execution>
 					<execution>
 						<id>docker-temurin</id>
 						<phase>package</phase>
@@ -270,9 +255,9 @@
 						<configuration>
 							<arguments>
 								<argument>build</argument>
-								<argument>--tag</argument>
-								<argument>${image.name}:${image.tag}-temurin</argument>
-								<argument>temurin</argument>
+								<argument>${project.build.directory}/docker</argument>
+								<argument>--tag=${image.name}:${image.tag}-temurin</argument>
+								<argument>--target=temurin</argument>
 							</arguments>
 						</configuration>
 					</execution>
@@ -285,9 +270,9 @@
 						<configuration>
 							<arguments>
 								<argument>build</argument>
-								<argument>--tag</argument>
-								<argument>${image.name}:${image.tag}-temurin-import</argument>
-								<argument>temurin-import</argument>
+								<argument>${project.build.directory}/docker</argument>
+								<argument>--tag=${image.name}:${image.tag}-temurin-import</argument>
+								<argument>--target=temurin-import</argument>
 							</arguments>
 						</configuration>
 					</execution>
@@ -300,9 +285,9 @@
 						<configuration>
 							<arguments>
 								<argument>build</argument>
-								<argument>--tag</argument>
-								<argument>${image.name}:${image.tag}-distroless</argument>
-								<argument>distroless</argument>
+								<argument>${project.build.directory}/docker</argument>
+								<argument>--tag=${image.name}:${image.tag}-distroless</argument>
+								<argument>--target=distroless</argument>
 							</arguments>
 						</configuration>
 					</execution>
@@ -315,16 +300,15 @@
 						<configuration>
 							<arguments>
 								<argument>build</argument>
-								<argument>--tag</argument>
-								<argument>${image.name}:${image.tag}-distroless-import</argument>
-								<argument>distroless-import</argument>
+								<argument>${project.build.directory}/docker</argument>
+								<argument>--tag=${image.name}:${image.tag}-distroless-import</argument>
+								<argument>--target=distroless-import</argument>
 							</arguments>
 						</configuration>
 					</execution>
 				</executions>
 				<configuration>
 					<executable>docker</executable>
-					<workingDirectory>${project.build.directory}/docker</workingDirectory>
 				</configuration>
 			</plugin>
 

src/main/docker/Dockerfile

@@ -0,0 +1,164 @@
+FROM docker.io/library/debian:stable-slim AS keycloak
+ARG VERSION=${version.org.keycloak}
+ADD keycloak-quarkus-dist-$VERSION.tar.gz /tmp
+RUN mv "/tmp/keycloak-$VERSION" /app && rm -rf /app/bin/client /app/bin/*.bat
+
+FROM docker.io/eclipse-temurin:${maven.compiler.target}-jre AS keycloak-runtime
+# https://www.keycloak.org/server/all-config
+ENV \
+  KC_DB=postgres \
+  KC_CACHE=ispn \
+  KC_CACHE_STACK=kubernetes \
+  KC_CACHE_DNS=keycloak-headless \
+  KC_CACHE_OWNERS=2 \
+  KC_HEALTH_ENABLED=true \
+  KC_METRICS_ENABLED=true \
+  KC_METRICS_EVENT_REPLACE_IDS=true \
+  KC_METRICS_STATS_ENABLED=true \
+  URI_METRICS_ENABLED=false \
+  URI_METRICS_DETAILED=false \
+  KC_PROXY=edge \
+  KC_LOG_CONSOLE_OUTPUT=json
+COPY --from=keycloak /app /app
+COPY cache-ispn.xml /app/conf/cache-ispn.xml
+COPY keycloak-event-metrics-${version.io.kokuwa.keycloak.metrics}.jar /app/providers/metrics-spi.jar
+RUN java -Dkc.home.dir=/app -jar /app/lib/quarkus-run.jar build
+
+FROM docker.io/eclipse-temurin:${maven.compiler.target}-jre AS keycloak-import
+ENV KC_DB=postgres KC_CACHE=local KC_LOG_CONSOLE_OUTPUT=json
+COPY --from=keycloak /app /app
+RUN java -Dkc.home.dir=/app -jar /app/lib/quarkus-run.jar build
+
+###
+### Temurin
+###
+
+FROM docker.io/eclipse-temurin:${maven.compiler.target}-jre AS temurin
+
+# https://github.com/opencontainers/image-spec/blob/main/annotations.md
+LABEL org.opencontainers.image.title       ${project.name}
+LABEL org.opencontainers.image.description ${project.description}
+LABEL org.opencontainers.image.url         ${project.url}
+LABEL org.opencontainers.image.source      ${project.url}/src/main/docker/Dockerfile
+LABEL org.opencontainers.image.vendor      ${project.organization.name}
+LABEL org.opencontainers.image.authors     https://github.com/orgs/kokuwaio/people
+LABEL org.opencontainers.image.licenses    Apache-2.0
+LABEL org.opencontainers.image.version     ${version.org.keycloak}
+LABEL org.opencontainers.image.created     ${git.build.time}
+LABEL org.opencontainers.image.revision    ${git.commit.id}
+LABEL org.opencontainers.image.ref.name    ${image.tag}-temurin
+LABEL org.opencontainers.image.base.name   docker.io/eclipse-temurin:${maven.compiler.target}-jre
+
+# https://www.keycloak.org/server/all-config
+ENV \
+  KC_DB=postgres \
+  KC_CACHE=ispn \
+  KC_CACHE_STACK=kubernetes \
+  KC_CACHE_DNS=keycloak-headless \
+  KC_CACHE_OWNERS=2 \
+  KC_HEALTH_ENABLED=true \
+  KC_METRICS_ENABLED=true \
+  KC_METRICS_EVENT_REPLACE_IDS=true \
+  KC_METRICS_STATS_ENABLED=true \
+  URI_METRICS_ENABLED=false \
+  URI_METRICS_DETAILED=false \
+  KC_PROXY=edge \
+  KC_LOG_CONSOLE_OUTPUT=json
+
+COPY --from=keycloak-runtime /app /app
+ENTRYPOINT ["java", "-XX:+ExitOnOutOfMemoryError", "-Dkc.home.dir=/app", "-Djgroups.dns.query=${KC_CACHE_DNS}", "-jar", "/app/lib/quarkus-run.jar"]
+CMD ["start", "--optimized"]
+
+###
+### Temurin Import
+###
+
+FROM docker.io/eclipse-temurin:${maven.compiler.target}-jre AS temurin-import
+
+# https://github.com/opencontainers/image-spec/blob/main/annotations.md
+LABEL org.opencontainers.image.title       ${project.name}
+LABEL org.opencontainers.image.description ${project.description}
+LABEL org.opencontainers.image.url         ${project.url}
+LABEL org.opencontainers.image.source      ${project.url}/src/main/docker/Dockerfile
+LABEL org.opencontainers.image.vendor      ${project.organization.name}
+LABEL org.opencontainers.image.authors     https://github.com/orgs/kokuwaio/people
+LABEL org.opencontainers.image.licenses    Apache-2.0
+LABEL org.opencontainers.image.version     ${version.org.keycloak}
+LABEL org.opencontainers.image.created     ${git.build.time}
+LABEL org.opencontainers.image.revision    ${git.commit.id}
+LABEL org.opencontainers.image.ref.name    ${image.tag}-temurin-import
+LABEL org.opencontainers.image.base.name   docker.io/eclipse-temurin:${maven.compiler.target}-jre
+
+# https://www.keycloak.org/server/all-config
+ENV KC_DB=postgres KC_CACHE=local KC_LOG_CONSOLE_OUTPUT=json
+
+COPY --from=keycloak-import /app /app
+ENTRYPOINT ["java", "-XX:+ExitOnOutOfMemoryError", "-Dkc.home.dir=/app", "-jar", "/app/lib/quarkus-run.jar"]
+CMD ["import", "--dir=/realms"]
+
+###
+### Distroless
+###
+
+FROM gcr.io/distroless/java${maven.compiler.target}:nonroot AS distroless
+
+# https://github.com/opencontainers/image-spec/blob/main/annotations.md
+LABEL org.opencontainers.image.title       ${project.name}
+LABEL org.opencontainers.image.description ${project.description}
+LABEL org.opencontainers.image.url         ${project.url}
+LABEL org.opencontainers.image.source      ${project.url}/src/main/docker/Dockerfile
+LABEL org.opencontainers.image.vendor      ${project.organization.name}
+LABEL org.opencontainers.image.authors     https://github.com/orgs/kokuwaio/people
+LABEL org.opencontainers.image.licenses    Apache-2.0
+LABEL org.opencontainers.image.version     ${version.org.keycloak}
+LABEL org.opencontainers.image.created     ${git.build.time}
+LABEL org.opencontainers.image.revision    ${git.commit.id}
+LABEL org.opencontainers.image.ref.name    ${image.tag}-distroless
+LABEL org.opencontainers.image.base.name   gcr.io/distroless/java${maven.compiler.target}:nonroot
+
+# https://www.keycloak.org/server/all-config
+ENV \
+  KC_DB=postgres \
+  KC_CACHE=ispn \
+  KC_CACHE_STACK=kubernetes \
+  KC_CACHE_DNS=keycloak-headless \
+  KC_CACHE_OWNERS=2 \
+  KC_HEALTH_ENABLED=true \
+  KC_METRICS_ENABLED=true \
+  KC_METRICS_EVENT_REPLACE_IDS=true \
+  KC_METRICS_STATS_ENABLED=true \
+  URI_METRICS_ENABLED=false \
+  URI_METRICS_DETAILED=false \
+  KC_PROXY=edge \
+  KC_LOG_CONSOLE_OUTPUT=json
+
+COPY --from=keycloak-runtime /app /app
+ENTRYPOINT ["java", "-XX:+ExitOnOutOfMemoryError", "-Dkc.home.dir=/app", "-Djgroups.dns.query=${KC_CACHE_DNS}", "-jar", "/app/lib/quarkus-run.jar"]
+CMD ["start", "--optimized"]
+
+###
+### Distroless Import
+###
+
+FROM gcr.io/distroless/java${maven.compiler.target}:nonroot AS distroless-import
+
+# https://github.com/opencontainers/image-spec/blob/main/annotations.md
+LABEL org.opencontainers.image.title       ${project.name}
+LABEL org.opencontainers.image.description ${project.description}
+LABEL org.opencontainers.image.url         ${project.url}
+LABEL org.opencontainers.image.source      ${project.url}/src/main/docker/Dockerfile
+LABEL org.opencontainers.image.vendor      ${project.organization.name}
+LABEL org.opencontainers.image.authors     https://github.com/orgs/kokuwaio/people
+LABEL org.opencontainers.image.licenses    Apache-2.0
+LABEL org.opencontainers.image.version     ${version.org.keycloak}
+LABEL org.opencontainers.image.created     ${git.build.time}
+LABEL org.opencontainers.image.revision    ${git.commit.id}
+LABEL org.opencontainers.image.ref.name    ${image.tag}-distroless-import
+LABEL org.opencontainers.image.base.name   gcr.io/distroless/java${maven.compiler.target}:nonroot
+
+# https://www.keycloak.org/server/all-config
+ENV KC_DB=postgres KC_CACHE=local KC_LOG_CONSOLE_OUTPUT=json
+
+COPY --from=keycloak-import /app /app
+ENTRYPOINT ["java", "-XX:+ExitOnOutOfMemoryError", "-Dkc.home.dir=/app", "-jar", "/app/lib/quarkus-run.jar"]
+CMD ["import", "--dir=/realms"]