From bba8bfec21d26bc06fe25a3b2ecb827b80fc0fb1 Mon Sep 17 00:00:00 2001
From: Jacek Kowalski <Jacek@jacekk.info>
Date: Wed, 28 Jun 2023 10:55:12 +0000
Subject: [PATCH] GitHub Actions: add "contents: write" permission for update-deps job

---
 .github/workflows/release.yml |  111 +++++++++++++++++++++++++------------------------------
 1 files changed, 50 insertions(+), 61 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6a6c638..6bd93ac 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -5,6 +5,8 @@
 
 name: Release
 
+permissions: {}
+
 jobs:
   build:
     name: Build
@@ -12,34 +14,37 @@
     steps:
       - id: checkout
         name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
-      - name: Install Java and Maven
-        uses: actions/setup-java@v1
+      - id: java
+        name: Install Java and Maven
+        uses: actions/setup-java@v3
         with:
-          java-version: 8
+          distribution: zulu
+          java-version: 11
 
       - id: vars
         name: Get project variables
         run: |
-          echo -n "::set-output name=keycloakVersion::"
-          mvn -q help:evaluate -Dexpression=keycloak.version -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z.-]+$'
-          echo -n "::set-output name=artifactId::"
-          mvn -q help:evaluate -Dexpression=project.artifactId -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z.-]+$'
-          echo -n "::set-output name=projectName::"
-          mvn -q help:evaluate -Dexpression=project.name -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z :,.-]+$'
-          echo -n "::set-output name=projectVersion::"
-          mvn -q help:evaluate -Dexpression=project.version -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z.-]+$'
+          echo -n "keycloakVersion=" >> $GITHUB_OUTPUT
+          mvn -q help:evaluate -Dexpression=keycloak.version -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z.-]+$' >> $GITHUB_OUTPUT
+          echo -n "artifactId=" >> $GITHUB_OUTPUT
+          mvn -q help:evaluate -Dexpression=project.artifactId -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z.-]+$' >> $GITHUB_OUTPUT
+          echo -n "projectName=" >> $GITHUB_OUTPUT
+          mvn -q help:evaluate -Dexpression=project.name -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z :,.-]+$' >> $GITHUB_OUTPUT
+          echo -n "projectVersion=" >> $GITHUB_OUTPUT
+          mvn -q help:evaluate -Dexpression=project.version -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z.-]+$' >> $GITHUB_OUTPUT
 
       - name: Build project
         run: |
           mvn -B test package
 
       - name: Upload artifact
-        uses: actions/upload-artifact@v1
+        uses: actions/upload-artifact@v3
         with:
           name: jar
           path: target/${{ steps.vars.outputs.artifactId }}-${{ steps.vars.outputs.projectVersion }}.jar
+          if-no-files-found: error
 
     outputs:
       artifact_id: ${{ steps.vars.outputs.artifactId }}
@@ -51,54 +56,49 @@
     name: Test
     runs-on: ubuntu-latest
     needs: build
-    services:
-      keycloak:
-        image: quay.io/keycloak/keycloak:${{ needs.build.outputs.keycloak_version }}
-        env:
-          KEYCLOAK_USER: admin
-          KEYCLOAK_PASSWORD: admin
-        ports:
-          - 8080:8080
-        volumes:
-          - '${{ github.workspace }}:/workspace'
     steps:
       - id: checkout
         name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - id: download_artifact
         name: Download artifact
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v3
         with:
           name: jar
+
+      - id: create_container
+        name: Create Keycloak container
+        run: |
+          docker run -i -t -d -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin -p 8080:8080 --name keycloak "quay.io/keycloak/keycloak:${{ needs.build.outputs.keycloak_version }}" start-dev
 
       - id: deploy
         name: Deploy artifact
         run: |
-          CONTAINER="${{ job.services.keycloak.id }}"
+          CONTAINER="keycloak"
           NAME="${{ needs.build.outputs.artifact_id }}-${{ needs.build.outputs.project_version }}.jar"
-          FILE="/opt/jboss/keycloak/standalone/deployments/${NAME}"
-          docker cp "jar/${NAME}" "${CONTAINER}:/tmp/"
-          docker exec -i "${CONTAINER}" /bin/bash <<EOF
-            cp "/tmp/${NAME}" "${FILE}"
-            for i in {1..60}; do
-              echo -n .
-              [ -f "${FILE}.deployed" ] && echo && echo "Deployment succeeded!" && exit 0
-              [ -f "${FILE}.failed" ] && echo && echo "Deployment failed!" && exit 1
-              sleep 1
-            done
-            echo && echo "Deployment timeout!" && exit 1
-          EOF
+          FILE="/opt/keycloak/providers/${NAME}"
+          docker cp "${NAME}" "${CONTAINER}:${FILE}"
+          docker restart "${CONTAINER}"
+          for i in {1..60}; do
+            if curl --silent --max-time 1 -o /dev/null http://localhost:8080; then
+                echo && echo "Deployment succeeded!" && exit 0
+            else
+                sleep 1
+                echo -n "."
+            fi
+          done
+          echo && echo "Deployment timeout!" && exit 1
 
       - id: configure_keycloak
         name: Configure Keycloak
         run: |
-          CONTAINER="${{ job.services.keycloak.id }}"
+          CONTAINER="keycloak"
           docker exec -i "${CONTAINER}" /bin/bash <<EOF
-            /opt/jboss/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin --password admin
-            /opt/jboss/keycloak/bin/kcadm.sh create clients -r master -s clientId=test -s protocol=cas -s enabled=true -s publicClient=true \
+            /opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin --password admin
+            /opt/keycloak/bin/kcadm.sh create clients -r master -s clientId=test -s protocol=cas -s enabled=true -s publicClient=true \
               -s 'redirectUris=["http://localhost/*"]' -s baseUrl=http://localhost -s adminUrl=http://localhost
-            /opt/jboss/keycloak/bin/kcadm.sh get serverinfo -r master --fields "providers(login-protocol(providers(cas)))" | grep cas
+            /opt/keycloak/bin/kcadm.sh get serverinfo -r master --fields "providers(login-protocol(providers(cas)))" | grep cas
           EOF
 
       - id: run_tests
@@ -110,31 +110,20 @@
     name: Release
     runs-on: ubuntu-latest
     needs: [build, test]
+    permissions:
+      contents: write
     steps:
       - id: download_artifact
         name: Download artifact
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v3
         with:
           name: jar
 
       - id: create_release
         name: Create release
-        uses: actions/create-release@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        uses: softprops/action-gh-release@v1
         with:
-          tag_name: ${{ github.ref }}
-          release_name: ${{ needs.build.outputs.project_name }} ${{ needs.build.outputs.project_version }}
-          draft: false
-          prerelease: false
-
-      - id: upload_release
-        name: Upload release artifact
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: jar/${{ needs.build.outputs.artifact_id }}-${{ needs.build.outputs.project_version }}.jar
-          asset_name: ${{ needs.build.outputs.artifact_id }}-${{ needs.build.outputs.project_version }}.jar
-          asset_content_type: application/java-archive
+          name: ${{ needs.build.outputs.project_name }} ${{ needs.build.outputs.project_version }}
+          files: ${{ needs.build.outputs.artifact_id }}-${{ needs.build.outputs.project_version }}.jar
+          fail_on_unmatched_files: true
+          generate_release_notes: true

--
Gitblit v1.9.1