Initial release

Signed-off-by: Nicolas Bigler <[email protected]>

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,16 @@
+## Summary
+
+
+
+## Checklist
+
+- [ ] Categorize the PR by setting a good title and adding one of the labels:
+      `bug`, `enhancement`, `documentation`, `change`, `breaking`, `dependency`
+      as they show up in the changelog
+
+<!--
+Remove items that do not apply. For completed items, change [ ] to [x].
+
+NOTE: these things are not required to open a PR and can be done afterwards,
+while the PR is open.
+-->

.github/changelog-configuration.json

@@ -0,0 +1,30 @@
+{
+    "pr_template": "- ${{TITLE}} (#${{NUMBER}})",
+    "categories": [
+        {
+            "title": "## 🚀 Features",
+            "labels": ["enhancement", "feature"]
+        },
+        {
+            "title": "## 🛠️ Minor Changes",
+            "labels": ["change"]
+        },
+        {
+            "title": "## 🔎 Breaking Changes",
+            "labels": ["breaking"]
+        },
+        {
+            "title": "## 🐛 Fixes",
+            "labels": ["bug", "fix"]
+        },
+        {
+            "title": "## 📄 Documentation",
+            "labels": ["documentation"]
+        },
+        {
+            "title": "## 🔗 Dependency Updates",
+            "labels": ["dependency"]
+        }
+    ],
+    "template": "${{CATEGORIZED_COUNT}} changes since ${{FROM_TAG}}\n\n${{CHANGELOG}}"
+}

.github/workflows/release.yaml

@@ -0,0 +1,63 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "*"
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: "ghcr.io/${{ github.repository }}"
+
+      - name: Login to ghcr.io
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build changelog from PRs with labels
+        id: build_changelog
+        uses: mikepenz/release-changelog-builder-action@v4
+        with:
+          configuration: ".github/changelog-configuration.json"
+          # PreReleases still get a changelog, but the next full release gets a diff since the last full release,
+          # combining possible changelogs of all previous PreReleases in between.
+          # PreReleases show a partial changelog since last PreRelease.
+          ignorePreReleases: "${{ !contains(github.ref, '-rc') }}"
+          outputFile: .github/release-notes.md
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+
+      - name: Create Release
+        uses: ncipollo/release-action@v1
+        with:
+          body: ${{steps.build_changelog.outputs.changelog}}
+          prerelease: "${{ contains(github.ref, '-rc') }}"
+          # Ensure target branch for release is "main"
+          commit: main
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test.yaml

@@ -0,0 +1,17 @@
+name: Build
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  image:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build image
+        uses: docker/build-push-action@v5

Dockerfile

@@ -0,0 +1,19 @@
+FROM docker.io/library/alpine:latest
+
+# renovate: datasource=github-releases depName=sventorben/keycloak-restrict-client-auth
+ARG KEYCLOAK_RESTRICT_CLIENT_AUTH_VERSION=v23.0.0
+
+RUN \
+  mkdir /providers &&\
+  wget -O /providers/keycloak-restrict-client-auth.jar https://github.com/sventorben/keycloak-restrict-client-auth/releases/download/${KEYCLOAK_RESTRICT_CLIENT_AUTH_VERSION}/keycloak-restrict-client-auth.jar
+
+RUN \
+  chmod -R ugo+r /providers
+
+COPY themes /themes
+
+RUN \
+  chmod -R ugo+r /themes
+
+
+USER 1001:0

LICENSE

@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2021, VSHN AG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Makefile

@@ -0,0 +1,30 @@
+# Set Shell to bash, otherwise some targets fail with dash/zsh etc.
+SHELL := /bin/bash
+
+# Disable built-in rules
+MAKEFLAGS += --no-builtin-rules
+MAKEFLAGS += --no-builtin-variables
+.SUFFIXES:
+.SECONDARY:
+.DEFAULT_TARGET: help
+
+
+IMG_TAG ?= latest
+IMG_NAME ?= ghcr.io/vshn/keycloak-theme-provider:$(IMG_TAG)
+
+
+.PHONY: help
+help: ## Show this help
+	@grep -E -h '\s##\s' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = "(: ).*?## "}; {gsub(/\\:/,":", $$1)}; {printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}'
+
+.PHONY: lint
+lint: ## Checks for uncommitted changes
+	@echo 'Check for uncommitted changes ...'
+	git diff --exit-code
+
+.PHONY: build
+build: build.docker ## All-in-one build target
+
+.PHONY: build.docker
+build.docker: ## Build the docker image
+	docker build -t $(IMG_NAME) .

README.md

@@ -0,0 +1,77 @@
+# VSHN Keycloak Theme and Auth Provider
+
+
+## VSHN Keycloak IDP Theme
+
+### Local Development
+
+Run `docker compose up` to start a local Keycloak with the VSHN theme.
+
+The VSHN theme is not automatically selected for the account application.
+This can be changed in the Admin Console by clicking on Realm Settings and then Theme.
+
+### Deploy to Your Instance
+
+1. Merge your Pull Request to master branch
+1. Tag it with
+    ```bash
+    git tag -am v1.x.y v1.x.y
+    git push --tags
+    ```
+1. This will trigger the GitHub Action and pushes the image to https://quay.io/repository/vshn/keycloak-theme?tab=tags
+1. Add the tag of the version to your extraInitContainers ([see codecentric helm chart documentation](https://github.com/codecentric/helm-charts/blob/master/charts/keycloak/README.md#providing-a-custom-theme))
+    ```yaml
+    extraInitContainers: |
+      - name: theme-provider
+        image: ghcr.io/vshn/keyloak-theme-provider:v1.x.x
+    ```
+1. If you plan to use a redirect for the welcome page, then ensure you set `REDIRECT_URL` as environment variable
+
+### Use as InitContainer:
+```
+spec:
+  containers:
+    initContainers:
+      theme:
+        image: ghcr.io/vshn/keycloak-theme-provider:latest
+        imagePullPolicy: IfNotPresent
+        command:
+          - sh
+        args:
+          - -c
+          - |
+            echo "Copying theme..."
+            cp -R /themes/* /themes/
+        volumeMounts:
+        - mountPath: /themes
+          name: themes
+  volumes:
+    - emptyDir: {}
+      name: themes
+```
+
+## Keycloak Auth Provider
+
+Use as InitContainer:
+```
+spec:
+  containers:
+    initContainers:
+      auth-provider:
+        image: ghcr.io/vshn/keycloak-theme-provider:latest
+        imagePullPolicy: IfNotPresent
+        command:
+          - sh
+        args:
+          - -c
+          - |
+            echo "Copying auth-providers..."
+            cp -R /providers/* /providers/
+        volumeMounts:
+        - mountPath: /providers
+          name: providers
+  volumes:
+    - emptyDir: {}
+      name: providers
+```
+

docker-compose.yml

@@ -0,0 +1,17 @@
+version: '3.8'
+services:
+  keycloak:
+    image: quay.io/keycloak/keycloak:22.0.5
+    ports:
+      - "8080:8080"
+    environment:
+      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_ADMIN_PASSWORD: admin
+    command:
+      - start-dev
+      - --debug
+      - --spi-theme-static-max-age=-1
+      - --spi-theme-cache-themes=false
+      - --spi-theme-cache-templates=false
+    volumes:
+      - ./themes:/opt/keycloak/themes/:ro

renovate.json

@@ -0,0 +1,20 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended",
+    "config:base"
+  ],
+  "labels": [
+    "dependency"
+  ],
+  "regexManagers": [
+    {
+      "fileMatch": ["(^|/)Dockerfile$", "(^|/)Dockerfile\\.[^/]*$"],
+      "matchStrings": [
+        "renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s(?:ENV|ARG) .*?_VERSION=(?<currentValue>.*)\\s",
+      ],
+      "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}",
+      "extractVersionTemplate": '^v(?<version>\\d+\\.\\d+\\.\\d+)',
+    },
+  ],
+}

themes/vshn/README.md

@@ -0,0 +1 @@
+PLACE YOUR THEME HERE (and maybe delete this file)

themes/vshn/account/messages/messages_en.properties

@@ -0,0 +1,4 @@
+accountManagementTitle=VSHN Account Management
+accountManagementWelcomeMessage=Welcome to VSHN Account Management
+signingIn=Security Settings
+signingInSubMessage=Two-Factor Authentication

themes/vshn/account/resources/content.json

@@ -0,0 +1,31 @@
+[
+  {
+    "id": "personal-info",
+    "path": "personal-info",
+    "label": "personalInfoHtmlTitle",
+    "descriptionLabel": "personalInfoIntroMessage",
+    "modulePath": "/content/account-page/AccountPage.js",
+    "componentName": "AccountPage"
+  },
+  {
+    "id": "signingin",
+    "path": "security/signingin",
+    "label": "signingIn",
+    "modulePath": "/content/signingin-page/SigningInPage.js",
+    "componentName": "SigningInPage"
+  },
+  {
+    "id": "device-activity",
+    "path": "security/device-activity",
+    "label": "deviceActivitySidebarTitle",
+    "modulePath": "/content/device-activity-page/DeviceActivityPage.js",
+    "componentName": "DeviceActivityPage"
+  },
+  {
+    "id": "linked-accounts",
+    "path": "security/linked-accounts",
+    "label": "linkedAccountsSidebarTitle",
+    "modulePath": "/content/linked-accounts-page/LinkedAccountsPage.js",
+    "componentName": "LinkedAccountsPage"
+  }
+]