Assets, customizations and tooling to build and deploy Keycloak containers to ECS.
You can use the container locally for testing with Docker Compose:
$ docker compose up
$ open http://localhost:8080/This repo contains GitHub Actions workflows for:
- Building a Docker container image whenever a git tag is created
- Deploying to Keycloak Dev whenever changes are merged to the main branch
- Deploying pre-existing tags to Keycloak Prod
These workflows are designed to support the following code deployment process:
- Propose changes in a pull request and have them reviwed.
- When the pull request is approved, merge it into the main branch. This will automatically trigger the Deploy Keycloak Dev workflow.
- Confirm that Keycloak Dev is in a good state after the deploy.
- Create a new Release in GitHub. In the release creation form:
- Create a new tag for the release. The tag should start with the letter
vand use semantic versioning, e.g.v1.0.3. - Set the release title to match the tag
- In the release description, note the changes that are part of this release When the release is created, the Build Container Image workflow will run automatically to build an image with the corresponding tag and push it to ECR.
- Create a new tag for the release. The tag should start with the letter
- Deploy to production by running the Deploy Keycloak Prod workflow, passing the newly created tag.
There may be some configuration updates necessary following deployment to Production. Be sure to coordinate deployment timing with Integsoft so they can update configuration as needed
The GitHub Actions workflows require the following variables to be set in the "Secrets" section of the repo settings:
AWS_ACCESS_KEY_ID- AWS access key for ECS API callsAWS_SECRET_ACCESS_KEY- AWS access key for ECS API callsDOCKER_REPO- Elastic Container Registry repo URIDOCKER_USERNAME- Docker Hub credentials for pulling base imagesDOCKER_PASSWORD- Docker Hub credentials for pulling base imagesSLACK_WEBHOOK- Slack webhook URL for posting deploy status on completion
Keycloak ECS infrastructure is managed by Terraform, using the Keycloak Terraform module maintained in the terraform-keycloak-sso repo.