Skip to content

mbta/keycloak-deploy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits

.github/workflows

.github/workflows

 
 

files

files

 
 

.gitignore

.gitignore

 
 

.gitlab-ci.yml

.gitlab-ci.yml

 
 

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

build.sh

build.sh

 
 

docker-compose.yml

docker-compose.yml

 
 

Repository files navigation

Keycloak Deploy

Assets, customizations and tooling to build and deploy Keycloak containers to ECS.

Testing locally

You can use the container locally for testing with Docker Compose:

$ docker compose up
$ open http://localhost:8080/

Building & Deploying

This repo contains GitHub Actions workflows for:

  • Building a Docker container image whenever a git tag is created
  • Deploying to Keycloak Dev whenever changes are merged to the main branch
  • Deploying pre-existing tags to Keycloak Prod

These workflows are designed to support the following code deployment process:

  1. Propose changes in a pull request and have them reviwed.
  2. When the pull request is approved, merge it into the main branch. This will automatically trigger the Deploy Keycloak Dev workflow.
  3. Confirm that Keycloak Dev is in a good state after the deploy.
  4. Create a new Release in GitHub. In the release creation form:
    • Create a new tag for the release. The tag should start with the letter v and use semantic versioning, e.g. v1.0.3.
    • Set the release title to match the tag
    • In the release description, note the changes that are part of this release When the release is created, the Build Container Image workflow will run automatically to build an image with the corresponding tag and push it to ECR.
  5. Deploy to production by running the Deploy Keycloak Prod workflow, passing the newly created tag.

There may be some configuration updates necessary following deployment to Production. Be sure to coordinate deployment timing with Integsoft so they can update configuration as needed

Required Environment Variables

The GitHub Actions workflows require the following variables to be set in the "Secrets" section of the repo settings:

  • AWS_ACCESS_KEY_ID - AWS access key for ECS API calls
  • AWS_SECRET_ACCESS_KEY - AWS access key for ECS API calls
  • DOCKER_REPO - Elastic Container Registry repo URI
  • DOCKER_USERNAME - Docker Hub credentials for pulling base images
  • DOCKER_PASSWORD - Docker Hub credentials for pulling base images
  • SLACK_WEBHOOK - Slack webhook URL for posting deploy status on completion

Keycloak Infrastructure

Keycloak ECS infrastructure is managed by Terraform, using the Keycloak Terraform module maintained in the terraform-keycloak-sso repo.

Maintainers

About

Scaffolding for deploying Keycloak to AWS

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

2 stars

Watchers

23 watching

Forks

2 forks
Report repository

Releases 17

Upgrade to Keycloak 24.0.2, new health check endpoint Latest
Apr 23, 2024
+ 16 releases

Packages

No packages published

Contributors 6

Languages