Updates for Keycloak 24&25

.github/workflows/build-test-image.yml

@@ -7,37 +7,62 @@ on:
       - ".github/workflows/build-test-image.yml"
       - "test/Dockerfile"
 
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
 jobs:
   build:
     runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+
     strategy:
       matrix:
         keycloak-version:
-          - '21.0.1'
-          - '20.0.5'
-          - '19.0.2'
+          - '25.0.2'
+          - '24.0.5'
       fail-fast: false
+
     concurrency:
       group: docker-build-${{ matrix.keycloak-version }}
       cancel-in-progress: true
+
     steps:
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
 
-      - name: Build and push
-        uses: docker/build-push-action@v4
+      - name: Build and push Docker image
+        id: push
+        uses: docker/build-push-action@v6
         with:
-          push: true
-          tags: mrparkers/keycloak-dev:${{ matrix.keycloak-version }}
           file: test/Dockerfile
+          push: true
+          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:${{ matrix.keycloak-version }}
           build-args: |
             KEYCLOAK_VERSION=${{ matrix.keycloak-version }}
+
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
+

.github/workflows/codeql-analysis.yml

@@ -38,17 +38,17 @@ jobs:
 
     steps:
     - name: Checkout Code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Set up Go
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v5
       with:
         go-version-file: 'go.mod'
         cache: true
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -59,7 +59,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -73,4 +73,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v3

.github/workflows/dependency-submission.yml

@@ -12,15 +12,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
           go-version-file: 'go.mod'
           cache: true
 
       - name: Run snapshot action
-        uses: actions/go-dependency-submission@v1
+        uses: actions/go-dependency-submission@v2
         with:
           go-mod-path: go.mod

.github/workflows/release.yml

@@ -27,10 +27,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
           go-version-file: 'go.mod'
           cache: true

.github/workflows/test.yml

@@ -7,17 +7,21 @@ on:
     branches:
       - master
 
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
 jobs:
   verify:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 2 # we want the HEAD commit and the previous commit to compare changed files
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
           go-version-file: 'go.mod'
           cache: true
@@ -31,7 +35,7 @@ jobs:
       # we only want to run tests if any code changes (not for README or docs changes)
       - name: Check Changed Files
         id: files
-        uses: tj-actions/changed-files@v1.1.3
+        uses: tj-actions/changed-files@v44
         with:
           files: |
             .github
@@ -43,7 +47,7 @@ jobs:
             scripts
 
     outputs:
-      code-files-changed: steps.files.outputs.any_changed
+      code-files-changed: ${{ steps.files.outputs.any_changed }}
 
   acceptance:
     # this conditional is more verbose than I'd like it to be
@@ -60,9 +64,8 @@ jobs:
     strategy:
       matrix:
         keycloak-version:
-          - '21.0.1'
-          - '20.0.5'
-          - '19.0.2'
+          - '25.0.2'
+          - '24.0.5'
       fail-fast: false
     concurrency:
       group: ${{ github.head_ref || github.run_id }}-${{ matrix.keycloak-version }}
@@ -71,26 +74,27 @@ jobs:
       keycloak:
         # we have to use a custom docker image for these tests, since it's not possible to provide command-line args
         # to a service container.  see https://github.com/actions/runner/issues/2139
-        image: mrparkers/keycloak-dev:${{ matrix.keycloak-version }}
+        image: ghcr.io/${{ github.repository }}:${{ matrix.keycloak-version }}
         ports:
           - 8080:8080
         env:
           KC_DB: dev-mem
           KC_LOG_LEVEL: INFO
           KEYCLOAK_ADMIN: keycloak
           KEYCLOAK_ADMIN_PASSWORD: password
+          KC_FEATURES: preview
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
           go-version-file: 'go.mod'
           cache: true
 
       - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v1
+        uses: hashicorp/setup-terraform@v3
         with:
           terraform_wrapper: false
           terraform_version: 1.4.1
@@ -99,7 +103,7 @@ jobs:
         run: ./scripts/wait-for-local-keycloak.sh && ./scripts/create-terraform-client.sh
 
       - name: Get Keycloak Version
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         id: keycloak-version
         env:
           KEYCLOAK_VERSION: ${{ matrix.keycloak-version }}

.gitignore

@@ -22,6 +22,7 @@ terraform.tfstate*
 .gradle/
 
 # custom user federation example
+custom-user-federation-example/bin
 custom-user-federation-example/build
 !custom-user-federation-example/build/libs
 

custom-user-federation-example/build.gradle

@@ -1,50 +1,37 @@
-buildscript {
-	ext.kotlinVersion = '1.3.31'
-	ext.keycloakVersion = '19.0.2'
-	ext.shadowJarVersion = '4.0.2'
-
-    repositories {
-        mavenCentral()
-        jcenter()
-    }
 
-    dependencies {
-        classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:${kotlinVersion}"
-        classpath "com.github.jengelman.gradle.plugins:shadow:${shadowJarVersion}"
-    }
+buildscript {
+	ext.kotlinVersion = '2.0.0'
+	ext.keycloakVersion = '25.0.2'
+	ext.shadowJarVersion = '8.1.1'
+
+	repositories {
+		mavenCentral()
+        gradlePluginPortal()
+	}
+
+	dependencies {
+		classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:${kotlinVersion}"
+		classpath "com.github.johnrengelman:shadow:${shadowJarVersion}"
+	}
 }
 
 apply {
-    plugin 'java'
-    plugin 'kotlin'
+    plugin "java"
+    plugin "org.jetbrains.kotlin.jvm"
     plugin 'com.github.johnrengelman.shadow'
 }
 
-shadowJar {
-    classifier = null
-}
-
-dependencies {
-    compile "org.jetbrains.kotlin:kotlin-stdlib-jdk8:${kotlinVersion}"
-    compile "org.keycloak:keycloak-core:${keycloakVersion}"
-    compile "org.keycloak:keycloak-services:${keycloakVersion}"
-    compile "org.keycloak:keycloak-server-spi:${keycloakVersion}"
-    compile "org.keycloak:keycloak-server-spi-private:${keycloakVersion}"
-    compile "org.keycloak:keycloak-model-legacy:${keycloakVersion}"
-}
-
 repositories {
-    mavenCentral()
+	mavenCentral()
 }
 
-compileKotlin {
-    kotlinOptions {
-        jvmTarget = "1.8"
-    }
+dependencies {
+	implementation "org.jetbrains.kotlin:kotlin-stdlib:${kotlinVersion}"
+	compileOnly "org.keycloak:keycloak-core:${keycloakVersion}"
+	compileOnly "org.keycloak:keycloak-services:${keycloakVersion}"
+	compileOnly "org.keycloak:keycloak-server-spi:${keycloakVersion}"
 }
 
-compileTestKotlin {
-    kotlinOptions {
-        jvmTarget = "1.8"
-    }
-}
+shadowJar {
+   archiveClassifier.set('')
+}

custom-user-federation-example/gradle/wrapper/gradle-wrapper.properties

@@ -2,4 +2,4 @@ distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-4.8-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-all.zip