diff --git a/config/Dockerfile b/config/Dockerfile index 206e155..5d06f40 100644 --- a/config/Dockerfile +++ b/config/Dockerfile @@ -1,4 +1,5 @@ -FROM adorsys/keycloak-config-cli:latest +ARG KEYCLOAK_CONFIG_CLI_VERSION +FROM adorsys/keycloak-config-cli:${KEYCLOAK_CONFIG_CLI_VERSION} # Copy the config directory into the image COPY src/ /config/ diff --git a/deploy/app.ts b/deploy/app.ts index fbcd34b..738cf6a 100644 --- a/deploy/app.ts +++ b/deploy/app.ts @@ -17,6 +17,7 @@ const { HOSTNAME, STAGE = "dev", KEYCLOAK_VERSION = "26.0.5", + KEYCLOAK_CONFIG_CLI_VERSION = "6.2.1", CONFIG_DIR = join(__dirname, "..", "config"), } = process.env; @@ -58,6 +59,7 @@ new KeycloakStack(app, `veda-keycloak-${STAGE}`, { sslCertificateArn: SSL_CERTIFICATE_ARN, hostname: HOSTNAME, keycloakVersion: KEYCLOAK_VERSION, + keycloakConfigCliVersion: KEYCLOAK_CONFIG_CLI_VERSION, configDir: CONFIG_DIR, idpOauthClientSecrets, privateOauthClients, diff --git a/deploy/lib/KeycloakConfig.ts b/deploy/lib/KeycloakConfig.ts index 7761c90..7057d58 100644 --- a/deploy/lib/KeycloakConfig.ts +++ b/deploy/lib/KeycloakConfig.ts @@ -14,6 +14,7 @@ interface KeycloakConfigConstructProps { configDir: string; idpOauthClientSecrets: Record; privateOauthClients: Array<{ id: string; realm: string }>; + version: string; } type clientSecretTuple = Array<[string, secretsManager.ISecret]>; @@ -26,15 +27,6 @@ export class KeycloakConfig extends Construct { ) { super(scope, id); - const configTaskDef = new ecs.FargateTaskDefinition(this, "ConfigTaskDef", { - cpu: 256, - memoryLimitMiB: 512, - }); - - const assetImage = ecs.ContainerImage.fromAsset(props.configDir, { - platform: ecrAssets.Platform.LINUX_AMD64, - }); - // Create a client secret for each private client const createdClientSecrets: clientSecretTuple = props.privateOauthClients.map(({ id: clientSlug, realm }) => [ @@ -81,8 +73,17 @@ export class KeycloakConfig extends Construct { ) ); + const configTaskDef = new ecs.FargateTaskDefinition(this, "ConfigTaskDef", { + cpu: 256, + memoryLimitMiB: 512, + }); configTaskDef.addContainer("ConfigContainer", { - image: assetImage, + image: ecs.ContainerImage.fromAsset(props.configDir, { + platform: ecrAssets.Platform.LINUX_AMD64, + buildArgs: { + KEYCLOAK_CONFIG_CLI_VERSION: props.version, + }, + }), environment: { KEYCLOAK_URL: props.hostname, KEYCLOAK_AVAILABILITYCHECK_ENABLED: "true", diff --git a/deploy/lib/KeycloakStack.ts b/deploy/lib/KeycloakStack.ts index 3c5fec4..3a17d79 100644 --- a/deploy/lib/KeycloakStack.ts +++ b/deploy/lib/KeycloakStack.ts @@ -9,6 +9,7 @@ export interface StackInputProps { hostname: string; sslCertificateArn: string; keycloakVersion: string; + keycloakConfigCliVersion: string; configDir: string; idpOauthClientSecrets: Record; privateOauthClients: Array<{ id: string; realm: string }>; @@ -51,6 +52,7 @@ export class KeycloakStack extends cdk.Stack { configDir: props.configDir, idpOauthClientSecrets: props.idpOauthClientSecrets, privateOauthClients: props.privateOauthClients, + version: props.keycloakConfigCliVersion, }); new KeycloakUrl(this, "url", {