@continuoussecuritytooling/keycloak-reporter 0.8.14 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.bin/start-server.mjs +8 -6
- package/.github/workflows/pipeline.yml +22 -1
- package/.github/workflows/release.yml +82 -12
- package/CHANGELOG.md +24 -0
- package/Dockerfile +1 -1
- package/charts/keycloak-reporter/Chart.yaml +2 -2
- package/charts/keycloak-reporter/README.md +1 -1
- package/keycloak-reporter-1.3.5.tgz +0 -0
- package/package.json +4 -4
- package/keycloak-reporter-0.8.14.tgz +0 -0
package/.bin/start-server.mjs
CHANGED
|
@@ -11,6 +11,8 @@ import { fileURLToPath } from 'node:url'
|
|
|
11
11
|
import { promisify } from 'node:util'
|
|
12
12
|
import tar from 'tar-fs'
|
|
13
13
|
|
|
14
|
+
// renovate: datasource=docker depName=quay.io/keycloak/keycloak
|
|
15
|
+
const KEYCLOAK_VERSION = '25.0.6';
|
|
14
16
|
const DIR_NAME = path.dirname(fileURLToPath(import.meta.url))
|
|
15
17
|
const SERVER_DIR = path.resolve(DIR_NAME, '../tmp/server')
|
|
16
18
|
const SCRIPT_EXTENSION = process.platform === 'win32' ? '.bat' : '.sh'
|
|
@@ -53,22 +55,22 @@ async function downloadServer () {
|
|
|
53
55
|
|
|
54
56
|
console.info('Downloading and extracting server…')
|
|
55
57
|
|
|
56
|
-
const
|
|
57
|
-
const assetStream = await getAssetAsStream(
|
|
58
|
+
const asset = await getAsset()
|
|
59
|
+
const assetStream = await getAssetAsStream(asset)
|
|
58
60
|
|
|
59
61
|
await extractTarball(assetStream, SERVER_DIR, { strip: 1 })
|
|
60
62
|
}
|
|
61
63
|
|
|
62
|
-
async function
|
|
64
|
+
async function getAsset () {
|
|
63
65
|
const api = new Octokit()
|
|
64
66
|
const release = await api.repos.getReleaseByTag({
|
|
65
67
|
owner: 'keycloak',
|
|
66
68
|
repo: 'keycloak',
|
|
67
|
-
tag:
|
|
69
|
+
tag: KEYCLOAK_VERSION
|
|
68
70
|
})
|
|
69
71
|
|
|
70
72
|
return release.data.assets.find(
|
|
71
|
-
({ name }) => name ===
|
|
73
|
+
({ name }) => name === `keycloak-${KEYCLOAK_VERSION}.tar.gz`
|
|
72
74
|
)
|
|
73
75
|
}
|
|
74
76
|
|
|
@@ -84,4 +86,4 @@ async function getAssetAsStream (asset) {
|
|
|
84
86
|
|
|
85
87
|
function extractTarball (stream, path, options) {
|
|
86
88
|
return pipelineAsync(stream, gunzip(), tar.extract(path, options))
|
|
87
|
-
}
|
|
89
|
+
}
|
|
@@ -80,7 +80,11 @@ jobs:
|
|
|
80
80
|
|
|
81
81
|
- name: Run chart-testing (install - with args)
|
|
82
82
|
if: steps.list-changed.outputs.changed == 'true'
|
|
83
|
-
run:
|
|
83
|
+
run: |
|
|
84
|
+
kubectl create ns kc-reporter
|
|
85
|
+
kubectl -n kc-reporter create secret generic kc-reporter \
|
|
86
|
+
--from-literal=clientSecret=test
|
|
87
|
+
ct install --target-branch ${{ github.event.repository.default_branch }} --namespace kc-reporter --helm-extra-set-args "-f charts/keycloak-reporter/ci.values.yaml"
|
|
84
88
|
|
|
85
89
|
- uses: actions/upload-artifact@v4
|
|
86
90
|
with:
|
|
@@ -138,6 +142,23 @@ jobs:
|
|
|
138
142
|
WEBHOOK_TESTING_SLACK: ${{ secrets.WEBHOOK_TESTING_SLACK }}
|
|
139
143
|
WEBHOOK_ADDITIONAL_MESSAGE: ${{ github.head_ref || github.ref_name }}
|
|
140
144
|
|
|
145
|
+
build-results:
|
|
146
|
+
name: Build results
|
|
147
|
+
if: ${{ always() }}
|
|
148
|
+
runs-on: ubuntu-latest
|
|
149
|
+
needs:
|
|
150
|
+
- build
|
|
151
|
+
- chart
|
|
152
|
+
- end2end
|
|
153
|
+
steps:
|
|
154
|
+
- run: exit 1
|
|
155
|
+
# see https://stackoverflow.com/a/67532120/4907315
|
|
156
|
+
if: >-
|
|
157
|
+
${{
|
|
158
|
+
contains(needs.*.result, 'failure')
|
|
159
|
+
|| contains(needs.*.result, 'cancelled')
|
|
160
|
+
|| contains(needs.*.result, 'skipped')
|
|
161
|
+
}}
|
|
141
162
|
package:
|
|
142
163
|
name: Package Application
|
|
143
164
|
runs-on: ubuntu-latest
|
|
@@ -19,10 +19,6 @@ jobs:
|
|
|
19
19
|
attestations: write
|
|
20
20
|
id-token: write
|
|
21
21
|
steps:
|
|
22
|
-
- name: Checkout
|
|
23
|
-
uses: actions/checkout@v4
|
|
24
|
-
with:
|
|
25
|
-
fetch-depth: 0
|
|
26
22
|
|
|
27
23
|
- uses: actions/create-github-app-token@v1
|
|
28
24
|
id: app-token
|
|
@@ -30,6 +26,24 @@ jobs:
|
|
|
30
26
|
app-id: ${{ vars.CI_APP_ID }}
|
|
31
27
|
private-key: ${{ secrets.CI_PRIVATE_KEY }}
|
|
32
28
|
|
|
29
|
+
- name: Checkout
|
|
30
|
+
uses: actions/checkout@v4
|
|
31
|
+
with:
|
|
32
|
+
fetch-depth: 0
|
|
33
|
+
token: ${{ steps.app-token.outputs.token }}
|
|
34
|
+
ref: ${{ github.head_ref }}
|
|
35
|
+
|
|
36
|
+
- name: Get GitHub App User ID
|
|
37
|
+
id: get-user-id
|
|
38
|
+
run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
|
|
39
|
+
env:
|
|
40
|
+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
|
|
41
|
+
|
|
42
|
+
- name: Configure Git author
|
|
43
|
+
run: |
|
|
44
|
+
git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
|
|
45
|
+
git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
|
|
46
|
+
|
|
33
47
|
- name: Setup NodeJS
|
|
34
48
|
uses: actions/setup-node@v4
|
|
35
49
|
with:
|
|
@@ -42,11 +56,7 @@ jobs:
|
|
|
42
56
|
distribution: 'temurin' # As good as any other, see: https://github.com/actions/setup-java#supported-distributions
|
|
43
57
|
java-version: '21'
|
|
44
58
|
|
|
45
|
-
- name:
|
|
46
|
-
run: |
|
|
47
|
-
git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
|
|
48
|
-
git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
|
|
49
|
-
- name: npm build and test
|
|
59
|
+
- name: Package Application
|
|
50
60
|
run: |
|
|
51
61
|
npm run clean
|
|
52
62
|
npm version --no-git-tag-version ${{ github.event.inputs.releaseversion }}
|
|
@@ -54,6 +64,7 @@ jobs:
|
|
|
54
64
|
|
|
55
65
|
- name: Install Helm
|
|
56
66
|
uses: azure/setup-helm@v4
|
|
67
|
+
|
|
57
68
|
- name: Install Python
|
|
58
69
|
uses: actions/setup-python@v5
|
|
59
70
|
with:
|
|
@@ -70,9 +81,67 @@ jobs:
|
|
|
70
81
|
|
|
71
82
|
- name: Helm Package
|
|
72
83
|
run: |
|
|
84
|
+
|
|
85
|
+
# Increment a version string using Semantic Versioning (SemVer) terminology.
|
|
86
|
+
# Parse command line options.
|
|
87
|
+
# Source: https://github.com/fmahnke/shell-semver
|
|
88
|
+
#
|
|
89
|
+
# usage: increment_version.sh [-Mmp] major.minor.patch
|
|
90
|
+
increment_version() {
|
|
91
|
+
while getopts ":Mmp" Option
|
|
92
|
+
do
|
|
93
|
+
case $Option in
|
|
94
|
+
M ) major=true;;
|
|
95
|
+
m ) minor=true;;
|
|
96
|
+
p ) patch=true;;
|
|
97
|
+
* ) patch=true;;
|
|
98
|
+
esac
|
|
99
|
+
done
|
|
100
|
+
|
|
101
|
+
# shellcheck disable=SC2004,SC2206
|
|
102
|
+
shift $(($OPTIND - 1))
|
|
103
|
+
|
|
104
|
+
version=$1
|
|
105
|
+
|
|
106
|
+
# Build array from version string.
|
|
107
|
+
# shellcheck disable=SC2206
|
|
108
|
+
a=( ${version//./ } )
|
|
109
|
+
# If version string is missing or has the wrong number of members, show usage message.
|
|
110
|
+
if [ ${#a[@]} -ne 3 ]
|
|
111
|
+
then
|
|
112
|
+
echo "usage: $(basename $0) [-Mmp] major.minor.patch"
|
|
113
|
+
exit 1
|
|
114
|
+
fi
|
|
115
|
+
|
|
116
|
+
# Increment version numbers as requested.
|
|
117
|
+
|
|
118
|
+
if [ -n "$major" ]
|
|
119
|
+
then
|
|
120
|
+
((a[0]++))
|
|
121
|
+
a[1]=0
|
|
122
|
+
a[2]=0
|
|
123
|
+
fi
|
|
124
|
+
|
|
125
|
+
if [ -n "$minor" ]
|
|
126
|
+
then
|
|
127
|
+
((a[1]++))
|
|
128
|
+
a[2]=0
|
|
129
|
+
fi
|
|
130
|
+
|
|
131
|
+
if [ -n "$patch" ]
|
|
132
|
+
then
|
|
133
|
+
((a[2]++))
|
|
134
|
+
fi
|
|
135
|
+
|
|
136
|
+
echo "${a[0]}.${a[1]}.${a[2]}"
|
|
137
|
+
}
|
|
138
|
+
|
|
73
139
|
export HELM_CHART_DIR=charts/keycloak-reporter
|
|
74
140
|
chartVersion=$(cat $HELM_CHART_DIR/Chart.yaml | grep "version: " | sed -E -n "s/^version: \s*(.*)$/\1/p")
|
|
75
|
-
|
|
141
|
+
appVersion=$(cat $HELM_CHART_DIR/Chart.yaml | grep "appVersion: " | sed -E -n "s/^appVersion: \s*(.*)$/\1/p")
|
|
142
|
+
newVersion=$(increment_version -p $chartVersion)
|
|
143
|
+
sed -i 's/version: '"$chartVersion"'/version: '"$newVersion"'/g' $HELM_CHART_DIR/Chart.yaml
|
|
144
|
+
sed -i 's/appVersion: '"$appVersion"'/appVersion: '"${{ github.event.inputs.releaseversion }}"'/g' $HELM_CHART_DIR/Chart.yaml
|
|
76
145
|
helm-docs
|
|
77
146
|
helm package $HELM_CHART_DIR
|
|
78
147
|
git add .
|
|
@@ -85,11 +154,12 @@ jobs:
|
|
|
85
154
|
uses: TriPSs/conventional-changelog-action@v5
|
|
86
155
|
with:
|
|
87
156
|
input-file: CHANGELOG.md
|
|
88
|
-
github-token: ${{
|
|
157
|
+
github-token: ${{ steps.app-token.outputs.token }}
|
|
89
158
|
version-file: package.json
|
|
90
159
|
pre-release: true
|
|
91
160
|
skip-bump: true
|
|
92
|
-
skip-
|
|
161
|
+
skip-tag: true
|
|
162
|
+
skip-on-empty: true
|
|
93
163
|
tag-prefix: 'v'
|
|
94
164
|
|
|
95
165
|
- name: Create Release on GH
|
package/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,27 @@
|
|
|
1
|
+
# [1.0.0](https://github.com/ContinuousSecurityTooling/keycloak-reporter/compare/v0.8.12...v1.0.0) (2024-10-17)
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
### Bug Fixes
|
|
5
|
+
|
|
6
|
+
* **Chart:** Correcting chart version ([bd7eb36](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/bd7eb36b0e0c77cfedef23005c25190f2d9aa156))
|
|
7
|
+
* **deps:** update dependency @continuoussecuritytooling/keycloak-auditor to v1.1.10 ([ac7118b](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/ac7118bbcdd08dc4df3e33aca1d207ff946abbe6))
|
|
8
|
+
* **deps:** update dependency @continuoussecuritytooling/keycloak-auditor to v1.1.16 ([2c4a9b7](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/2c4a9b7e10d481fcfb663ce257abdfd0facc7ae1))
|
|
9
|
+
* **deps:** update dependency @continuoussecuritytooling/keycloak-auditor to v2 ([ecee366](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/ecee366ba32cba49e14f116d0e0dffb836182d81))
|
|
10
|
+
* **deps:** update dependency @keycloak/keycloak-admin-client to v25.0.4 ([e79d129](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/e79d129308de45c661374303990aad06a3264a48))
|
|
11
|
+
* **deps:** update dependency @keycloak/keycloak-admin-client to v25.0.5 ([179de86](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/179de86d06f61eadf6975bee86784fab0fc510a2))
|
|
12
|
+
* **deps:** update dependency @keycloak/keycloak-admin-client to v25.0.6 ([291594b](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/291594b23d396d53de98ed458ce133f1b541f779))
|
|
13
|
+
* **deps:** update dependency @keycloak/keycloak-admin-client to v26 ([813c5b1](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/813c5b1c80bd657e97f7d7e1dd323d3f1a1d47a4))
|
|
14
|
+
* **deps:** update dependency @slack/webhook to v7.0.3 ([483dce5](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/483dce5975e0722e531f673035703ef78983afa0))
|
|
15
|
+
* **deps:** update dependency ms-teams-webhook to v2.2.0 ([38e4184](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/38e41849a6a5eb41edafe813f8d9dcd7bfc37f7e))
|
|
16
|
+
* **deps:** update dependency ms-teams-webhook to v2.2.1 ([eb91bcf](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/eb91bcff5142099cada7ed1cb9cceac71ebfd9bd))
|
|
17
|
+
* **deps:** update dependency ms-teams-webhook to v2.2.2 ([1ccd777](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/1ccd7771918077cadbe74e88e78554e7307871b1))
|
|
18
|
+
* **deps:** update dependency npm to v10.8.3 ([b14ebf4](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/b14ebf4f2fa6295aad533f610949425313cb92ce))
|
|
19
|
+
* **deps:** update dependency npm to v10.9.0 ([f2d65c4](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/f2d65c43374fc5a32262269d479355ede46ae7f8))
|
|
20
|
+
* **deps:** update dependency openid-client to v5.7.0 ([8688200](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/8688200de26bd62077aeec9f01ce8f503e92e296))
|
|
21
|
+
* **deps:** update dependency openid-client to v6 ([cd3edc3](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/cd3edc35ca2193a53bd5912d2dd6a074524e647b))
|
|
22
|
+
|
|
23
|
+
|
|
24
|
+
|
|
1
25
|
## [0.8.14](https://github.com/ContinuousSecurityTooling/keycloak-reporter/compare/v0.8.12...v0.8.14) (2024-09-17)
|
|
2
26
|
|
|
3
27
|
|
package/Dockerfile
CHANGED
|
@@ -15,14 +15,14 @@ type: application
|
|
|
15
15
|
# This is the chart version. This version number should be incremented each time you make changes
|
|
16
16
|
# to the chart and its templates, including the app version.
|
|
17
17
|
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
|
18
|
-
version:
|
|
18
|
+
version: 1.3.5
|
|
19
19
|
|
|
20
20
|
# This is the version number of the application being deployed. This version number should be
|
|
21
21
|
# incremented each time you make changes to the application. Versions are not expected to
|
|
22
22
|
# follow Semantic Versioning. They should reflect the version the application is using.
|
|
23
23
|
# It is recommended to use it with quotes.
|
|
24
24
|
# renovate: datasource=docker depName=ContinuousSecurityTooling/keycloak-reporter
|
|
25
|
-
appVersion:
|
|
25
|
+
appVersion: 1.0.0
|
|
26
26
|
maintainers:
|
|
27
27
|
# Martin Reinhardt
|
|
28
28
|
- name: hypery2k
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# keycloak-reporter
|
|
2
2
|
|
|
3
|
-
  
|
|
4
4
|
|
|
5
5
|
Keycloak user and client reporting tool for automated regular access checks.
|
|
6
6
|
|
|
Binary file
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@continuoussecuritytooling/keycloak-reporter",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "1.0.0",
|
|
4
4
|
"description": "Reporting Tools for Keycloak",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"bin": {
|
|
@@ -32,15 +32,15 @@
|
|
|
32
32
|
},
|
|
33
33
|
"homepage": "https://github.com/ContinuousSecurityTooling/keycloak-reporter#readme",
|
|
34
34
|
"dependencies": {
|
|
35
|
-
"@continuoussecuritytooling/keycloak-auditor": "^
|
|
35
|
+
"@continuoussecuritytooling/keycloak-auditor": "^2.0.0",
|
|
36
36
|
"@json2csv/node": "^7.0.0",
|
|
37
|
-
"@keycloak/keycloak-admin-client": "^
|
|
37
|
+
"@keycloak/keycloak-admin-client": "^26.0.0",
|
|
38
38
|
"@slack/webhook": "^7.0.0",
|
|
39
39
|
"ajv": "^8.12.0",
|
|
40
40
|
"install": "^0.13.0",
|
|
41
41
|
"ms-teams-webhook": "^2.0.2",
|
|
42
42
|
"npm": "^10.0.0",
|
|
43
|
-
"openid-client": "^
|
|
43
|
+
"openid-client": "^6.0.0",
|
|
44
44
|
"ramda": "^0.30.0",
|
|
45
45
|
"yargs": "^17.7.2"
|
|
46
46
|
},
|
|
Binary file
|