Specify Keycloak Config CLI version via env

NASA-IMPACT · Jan 23, 2025 · d9c06c1 · d9c06c1
1 parent dce71ba
commit d9c06c1
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 11 deletions.
diff --git a/config/Dockerfile b/config/Dockerfile
@@ -1,4 +1,5 @@
-FROM adorsys/keycloak-config-cli:latest
+ARG KEYCLOAK_CONFIG_CLI_VERSION
+FROM adorsys/keycloak-config-cli:${KEYCLOAK_CONFIG_CLI_VERSION}
 
 # Copy the config directory into the image
 COPY src/ /config/
diff --git a/deploy/app.ts b/deploy/app.ts
@@ -17,6 +17,7 @@ const {
   HOSTNAME,
   STAGE = "dev",
   KEYCLOAK_VERSION = "26.0.5",
+  KEYCLOAK_CONFIG_CLI_VERSION = "6.2.1",
   CONFIG_DIR = join(__dirname, "..", "config"),
 } = process.env;
 
@@ -58,6 +59,7 @@ new KeycloakStack(app, `veda-keycloak-${STAGE}`, {
   sslCertificateArn: SSL_CERTIFICATE_ARN,
   hostname: HOSTNAME,
   keycloakVersion: KEYCLOAK_VERSION,
+  keycloakConfigCliVersion: KEYCLOAK_CONFIG_CLI_VERSION,
   configDir: CONFIG_DIR,
   idpOauthClientSecrets,
   privateOauthClients,

diff --git a/deploy/lib/KeycloakConfig.ts b/deploy/lib/KeycloakConfig.ts
@@ -14,6 +14,7 @@ interface KeycloakConfigConstructProps {
   configDir: string;
   idpOauthClientSecrets: Record<string, string>;
   privateOauthClients: Array<{ id: string; realm: string }>;
+  version: string;
 }
 
 type clientSecretTuple = Array<[string, secretsManager.ISecret]>;
@@ -26,15 +27,6 @@ export class KeycloakConfig extends Construct {
   ) {
     super(scope, id);
 
-    const configTaskDef = new ecs.FargateTaskDefinition(this, "ConfigTaskDef", {
-      cpu: 256,
-      memoryLimitMiB: 512,
-    });
-
-    const assetImage = ecs.ContainerImage.fromAsset(props.configDir, {
-      platform: ecrAssets.Platform.LINUX_AMD64,
-    });
-
     // Create a client secret for each private client
     const createdClientSecrets: clientSecretTuple =
       props.privateOauthClients.map(({ id: clientSlug, realm }) => [
@@ -81,8 +73,17 @@ export class KeycloakConfig extends Construct {
       )
     );
 
+    const configTaskDef = new ecs.FargateTaskDefinition(this, "ConfigTaskDef", {
+      cpu: 256,
+      memoryLimitMiB: 512,
+    });
     configTaskDef.addContainer("ConfigContainer", {
-      image: assetImage,
+      image: ecs.ContainerImage.fromAsset(props.configDir, {
+        platform: ecrAssets.Platform.LINUX_AMD64,
+        buildArgs: {
+          KEYCLOAK_CONFIG_CLI_VERSION: props.version,
+        },
+      }),
       environment: {
         KEYCLOAK_URL: props.hostname,
         KEYCLOAK_AVAILABILITYCHECK_ENABLED: "true",

diff --git a/deploy/lib/KeycloakStack.ts b/deploy/lib/KeycloakStack.ts
@@ -9,6 +9,7 @@ export interface StackInputProps {
   hostname: string;
   sslCertificateArn: string;
   keycloakVersion: string;
+  keycloakConfigCliVersion: string;
   configDir: string;
   idpOauthClientSecrets: Record<string, string>;
   privateOauthClients: Array<{ id: string; realm: string }>;
@@ -51,6 +52,7 @@ export class KeycloakStack extends cdk.Stack {
       configDir: props.configDir,
       idpOauthClientSecrets: props.idpOauthClientSecrets,
       privateOauthClients: props.privateOauthClients,
+      version: props.keycloakConfigCliVersion,
     });
 
     new KeycloakUrl(this, "url", {