diff --git a/.github/actions/compose/healthy.sh b/.github/actions/compose/healthy.sh index 22a12e24..8b5e09cc 100755 --- a/.github/actions/compose/healthy.sh +++ b/.github/actions/compose/healthy.sh @@ -1,18 +1,19 @@ #!/bin/bash -# docker compose --> v2 (GA) -# docker-compose --> v1 (missing some newer flags) -# Edge case; Self-hosted runners don't support "docker compose" yet even though on v2 -VERSION=$(docker-compose version --short) - -if [[ "$VERSION" =~ ^1\.[0-9]+\.[0-9]+ || -z "${VERSION}" ]]; then - # if docker-compose is v1, we're setting it to docker compose, which should be v2 - echo "Deteceted v1, setting to v2" - DOCKER_COMMAND="docker compose -f ${FILE} ${COMPOSE_FLAGS}" +# docker compose --> v2 (GA, plugin) +# docker-compose --> v1/v2 (standalone binary, may not be installed) +if command -v docker-compose &>/dev/null; then + VERSION=$(docker-compose version --short 2>/dev/null) + if [[ "$VERSION" =~ ^1\.[0-9]+\.[0-9]+ ]]; then + echo "Detected docker-compose v1, using docker compose (v2 plugin)" + DOCKER_COMMAND="docker compose -f ${FILE} ${COMPOSE_FLAGS}" + else + echo "Detected docker-compose v2" + DOCKER_COMMAND="docker-compose -f ${FILE} ${COMPOSE_FLAGS}" + fi else - # e.g. locally or on self-hosted runners docker-compose can be v2 - echo "Detected v2" - DOCKER_COMMAND="docker-compose -f ${FILE} ${COMPOSE_FLAGS}" + echo "docker-compose not found, using docker compose (v2 plugin)" + DOCKER_COMMAND="docker compose -f ${FILE} ${COMPOSE_FLAGS}" fi eval $DOCKER_COMMAND ps diff --git a/.github/scripts/integration/main.py b/.github/scripts/integration/main.py index d7e89c9a..79bb20e3 100644 --- a/.github/scripts/integration/main.py +++ b/.github/scripts/integration/main.py @@ -1,14 +1,34 @@ +import time from keycloak import KeycloakAdmin from keycloak import KeycloakOpenIDConnection +from keycloak.exceptions import KeycloakPostError + +max_retries = 30 +retry_delay = 5 print("Connecting to KeyCloak") -keycloak_connection = KeycloakOpenIDConnection( - server_url="http://localhost:8080/", - username='admin', - password='admin', - realm_name="master") +for attempt in range(1, max_retries + 1): + try: + keycloak_connection = KeycloakOpenIDConnection( + server_url="http://localhost:8080/", + username='admin', + password='admin', + realm_name="master") -keycloak_admin = KeycloakAdmin(connection=keycloak_connection) + keycloak_admin = KeycloakAdmin(connection=keycloak_connection) + break + except KeycloakPostError as e: + if "503" in str(e) and attempt < max_retries: + print(f"Keycloak bootstrap in progress (attempt {attempt}/{max_retries}), retrying in {retry_delay}s...") + time.sleep(retry_delay) + else: + raise + except Exception as e: + if attempt < max_retries: + print(f"Connection failed (attempt {attempt}/{max_retries}): {e}, retrying in {retry_delay}s...") + time.sleep(retry_delay) + else: + raise print("Checking that only 1 user exists") count_users = keycloak_admin.users_count() diff --git a/docker-compose.quay.yml b/docker-compose.quay.yml index 6eda917e..d7d701cc 100644 --- a/docker-compose.quay.yml +++ b/docker-compose.quay.yml @@ -54,10 +54,22 @@ services: AWS_WEB_IDENTITY_TOKEN_FILE: ${AWS_WEB_IDENTITY_TOKEN_FILE:-} healthcheck: - test: timeout 10s bash -c ':> /dev/tcp/127.0.0.1/8080' || exit 1 + test: + - CMD + - bash + - -c + - > + for port in 9000 8080; do + if exec 3<>/dev/tcp/127.0.0.1/$$port 2>/dev/null; then + echo -e "GET /health/ready HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n" >&3; + timeout 5 cat <&3 | grep -q '200 OK' && exit 0; + fi; + done; + exit 1 interval: 15s - timeout: 5s - retries: 5 + timeout: 15s + retries: 15 + start_period: 30s ports: - 8080:8080 - 9000:9000 diff --git a/docker-compose.yml b/docker-compose.yml index 8a4d09fc..24ffa7c6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -57,10 +57,13 @@ services: AWS_WEB_IDENTITY_TOKEN_FILE: ${AWS_WEB_IDENTITY_TOKEN_FILE:-} healthcheck: - test: timeout 10s bash -c ':> /dev/tcp/127.0.0.1/8080' || exit 1 + test: + - CMD-SHELL + - curl -fsS http://127.0.0.1:9000/health/ready > /dev/null 2>&1 || curl -fsS http://127.0.0.1:8080/health/ready > /dev/null 2>&1 interval: 15s - timeout: 5s - retries: 5 + timeout: 15s + retries: 15 + start_period: 30s ports: - 8080:8080 depends_on: diff --git a/keycloak-26/bases.yml b/keycloak-26/bases.yml index abbc47f0..f671e166 100644 --- a/keycloak-26/bases.yml +++ b/keycloak-26/bases.yml @@ -16,7 +16,7 @@ sources: # skopeo --override-os linux inspect docker://registry.camunda.cloud/vendor-ee/keycloak: --raw | jq '.Digest' image: repository: registry.camunda.cloud/vendor-ee/keycloak - tag: 26.5.7-debian-12-r0@sha256:350c7c7ee4ef8cafa5cd0b973d15237f62ed4193ee4ec9c3570265583c5f67fa + tag: 26.6.0-debian-12-r0@sha256:eb5b4fe7b1ae306322c75e4a72229bb8067f8b1cb48454225af27fc2a684fe60 quay: # List of all available images with associated sha: @@ -25,4 +25,4 @@ sources: # skopeo --override-os linux inspect docker://quay.io/keycloak/keycloak: --raw | jq '.Digest' image: repository: quay.io/keycloak/keycloak - tag: 26.5.7@sha256:45ae20191531eb608ddb0b775d012b40d3e4f942697f3214694887dd7c108d13 + tag: 26.6.0@sha256:b0e5dbced1775de4d629f103c0a9cfc057decc62ce8d3cb1c54f8849a6c6eb62