@continuoussecuritytooling/keycloak-reporter 0.8.14 → 1.0.1

package/.bin/start-server.mjs

@@ -24,7 +24,7 @@ await startServer()
 async function startServer () {
   await downloadServer()
 
-  console.info('Starting server…')
+  console.info('Starting server …')
 
   const args = process.argv.slice(2)
   const child = spawn(
@@ -32,8 +32,8 @@ async function startServer () {
     ['start-dev', ...args],
     {
       env: {
-        KEYCLOAK_ADMIN: 'admin',
-        KEYCLOAK_ADMIN_PASSWORD: 'admin',
+        KC_BOOTSTRAP_ADMIN_USERNAME: 'master-admin',
+        KC_BOOTSTRAP_ADMIN_PASSWORD: 'admin',
         ...process.env
       }
     }
@@ -44,7 +44,7 @@ async function startServer () {
 }
 
 async function downloadServer () {
-  const directoryExists = fs.existsSync(SERVER_DIR)
+  const directoryExists = fs.existsSync(path.join(SERVER_DIR, `bin/kc${SCRIPT_EXTENSION}`))
 
   if (directoryExists) {
     console.info('Server installation found, skipping download.')
@@ -54,6 +54,7 @@ async function downloadServer () {
   console.info('Downloading and extracting server…')
 
   const nightlyAsset = await getNightlyAsset()
+  //console.log(nightlyAsset)
   const assetStream = await getAssetAsStream(nightlyAsset)
 
   await extractTarball(assetStream, SERVER_DIR, { strip: 1 })
@@ -61,14 +62,19 @@ async function downloadServer () {
 
 async function getNightlyAsset () {
   const api = new Octokit()
+  const tag = process.env.kcVersion || 'nightly';
   const release = await api.repos.getReleaseByTag({
     owner: 'keycloak',
     repo: 'keycloak',
-    tag: 'nightly'
+    tag: tag
   })
+  let assertName = `keycloak-${tag}.tar.gz`
+  if (tag == 'nightly') {
+    assertName = 'keycloak-999.0.0-SNAPSHOT.tar.gz'
+  }
 
   return release.data.assets.find(
-    ({ name }) => name === 'keycloak-999.0.0-SNAPSHOT.tar.gz'
+    ({ name }) => name === assertName
   )
 }
 

package/.github/workflows/pipeline.yml

@@ -16,9 +16,8 @@ jobs:
     strategy:
       matrix:
         node_version:
-          - 18
           - 20
-          - 21
+          - 22
         os:
           - ubuntu-latest
           - macOS-latest
@@ -80,7 +79,11 @@ jobs:
 
       - name: Run chart-testing (install - with args)
         if: steps.list-changed.outputs.changed == 'true'
-        run: ct install --target-branch ${{ github.event.repository.default_branch }} --helm-extra-set-args "-f charts/keycloak-reporter/ci.values.yaml"
+        run: |
+          kubectl create ns kc-reporter
+          kubectl -n kc-reporter create secret generic kc-reporter \
+            --from-literal=clientSecret=test
+          ct install --target-branch ${{ github.event.repository.default_branch }} --namespace kc-reporter --helm-extra-set-args "-f charts/keycloak-reporter/ci.values.yaml"
 
       - uses: actions/upload-artifact@v4
         with:
@@ -95,9 +98,8 @@ jobs:
       fail-fast: true
       matrix:
         node_version:
-          - 18
           - 20
-          - 21
+          - 22
         os:
           - ubuntu-latest
     steps:
@@ -138,6 +140,23 @@ jobs:
           WEBHOOK_TESTING_SLACK: ${{ secrets.WEBHOOK_TESTING_SLACK }}
           WEBHOOK_ADDITIONAL_MESSAGE: ${{ github.head_ref || github.ref_name }}
 
+  build-results:
+    name: Build results
+    if: ${{ always() }}
+    runs-on: ubuntu-latest
+    needs:
+      - build
+      - chart
+      - end2end
+    steps:
+      - run: exit 1
+        # see https://stackoverflow.com/a/67532120/4907315
+        if: >-
+          ${{
+                contains(needs.*.result, 'failure')
+            || contains(needs.*.result, 'cancelled')
+                || contains(needs.*.result, 'skipped')
+                }}
   package:
     name: Package Application
     runs-on: ubuntu-latest
@@ -150,7 +169,7 @@ jobs:
       - uses: actions/setup-node@v4
         with:
           # renovate: datasource=docker depName=node
-          node-version: '20'
+          node-version: '22'
       - name: 'Build Package'
         run: |
           npm run clean

package/.github/workflows/release.yml

@@ -19,10 +19,6 @@ jobs:
             attestations: write
             id-token: write
         steps:
-            -   name: Checkout
-                uses: actions/checkout@v4
-                with:
-                    fetch-depth: 0
 
             -   uses: actions/create-github-app-token@v1
                 id: app-token
@@ -30,6 +26,24 @@ jobs:
                     app-id: ${{ vars.CI_APP_ID }}
                     private-key: ${{ secrets.CI_PRIVATE_KEY }}
 
+            -   name: Checkout
+                uses: actions/checkout@v4
+                with:
+                    fetch-depth: 0
+                    token: ${{ steps.app-token.outputs.token }}
+                    ref: ${{ github.head_ref }}
+
+            -   name: Get GitHub App User ID
+                id: get-user-id
+                run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
+                env:
+                    GH_TOKEN: ${{ steps.app-token.outputs.token }}
+
+            -   name: Configure Git author
+                run: |
+                    git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
+                    git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
+
             -   name: Setup NodeJS
                 uses: actions/setup-node@v4
                 with:
@@ -42,18 +56,25 @@ jobs:
                     distribution: 'temurin' # As good as any other, see: https://github.com/actions/setup-java#supported-distributions
                     java-version: '21'
 
-            -   name: Configure git
-                run: |
-                    git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
-                    git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
-            -   name: npm build and test
+            -   name: Package Application
                 run: |
                     npm run clean
                     npm version --no-git-tag-version ${{ github.event.inputs.releaseversion }}
                     npm run build
 
+            -   name: Write version vars
+                run: |
+                    BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"`
+                    BRANCH=${GITHUB_REF_NAME#v}
+                    APP_VERSION=$(cat package.json | grep version| head -1 | awk -F: '{ print $2 }' | sed 's/[",]//g')
+                    echo Version: $APP_VERSION
+                    echo "VERSION=$APP_VERSION" >> $GITHUB_ENV
+                    echo "APP_VERSION=$APP_VERSION" >> $GITHUB_ENV
+                    echo "BUILD_DATE=$BUILD_DATE" >> $GITHUB_ENV
+
             -   name: Install Helm
                 uses: azure/setup-helm@v4
+
             -   name: Install Python
                 uses: actions/setup-python@v5
                 with:
@@ -70,9 +91,67 @@ jobs:
 
             -   name: Helm Package
                 run: |
+
+                    # Increment a version string using Semantic Versioning (SemVer) terminology.
+                    # Parse command line options.
+                    # Source: https://github.com/fmahnke/shell-semver
+                    #
+                    # usage: increment_version.sh [-Mmp] major.minor.patch
+                    increment_version() {
+                      while getopts ":Mmp" Option
+                      do
+                        case $Option in
+                          M ) major=true;;
+                          m ) minor=true;;
+                          p ) patch=true;;
+                          * ) patch=true;;
+                        esac
+                      done
+
+                      # shellcheck disable=SC2004,SC2206
+                      shift $(($OPTIND - 1))
+
+                      version=$1
+
+                      # Build array from version string.
+                      # shellcheck disable=SC2206
+                      a=( ${version//./ } )
+                      # If version string is missing or has the wrong number of members, show usage message.
+                      if [ ${#a[@]} -ne 3 ]
+                      then
+                        echo "usage: $(basename $0) [-Mmp] major.minor.patch"
+                        exit 1
+                      fi
+
+                      # Increment version numbers as requested.
+
+                      if [ -n "$major" ]
+                      then
+                        ((a[0]++))
+                        a[1]=0
+                        a[2]=0
+                      fi
+
+                      if [ -n "$minor" ]
+                      then
+                        ((a[1]++))
+                        a[2]=0
+                      fi
+
+                      if [ -n "$patch" ]
+                      then
+                        ((a[2]++))
+                      fi
+
+                      echo "${a[0]}.${a[1]}.${a[2]}"
+                    }
+
                     export HELM_CHART_DIR=charts/keycloak-reporter
                     chartVersion=$(cat $HELM_CHART_DIR/Chart.yaml | grep "version: " | sed -E -n "s/^version: \s*(.*)$/\1/p")
-                    sed -i 's/version: '"$chartVersion"'/version: '"${{ github.event.inputs.releaseversion }}"'/g' $HELM_CHART_DIR/Chart.yaml
+                    appVersion=$(cat $HELM_CHART_DIR/Chart.yaml | grep "appVersion: " | sed -E -n "s/^appVersion: \s*(.*)$/\1/p")
+                    newVersion=$(increment_version -p $chartVersion)
+                    sed -i 's/version: '"$chartVersion"'/version: '"$newVersion"'/g' $HELM_CHART_DIR/Chart.yaml
+                    sed -i 's/appVersion: '"$appVersion"'/appVersion: '"${{ github.event.inputs.releaseversion }}"'/g' $HELM_CHART_DIR/Chart.yaml
                     helm-docs
                     helm package $HELM_CHART_DIR
                     git add .
@@ -85,11 +164,12 @@ jobs:
                 uses: TriPSs/conventional-changelog-action@v5
                 with:
                     input-file: CHANGELOG.md
-                    github-token: ${{ secrets.GITHUB_TOKEN }}
+                    github-token: ${{ steps.app-token.outputs.token }}
                     version-file: package.json
                     pre-release: true
                     skip-bump: true
-                    skip-on-empty: false
+                    skip-tag: true
+                    skip-on-empty: true
                     tag-prefix: 'v'
 
             -   name: Create Release on GH
@@ -102,6 +182,28 @@ jobs:
                 env:
                     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+            -   name: Build Container Image
+                id: build-image
+                uses: redhat-actions/buildah-build@v2
+                with:
+                    image: continuoussecuritytooling/keycloak-reporting-cli
+                    tags: 'latest ${{ env.APP_VERSION }}'
+                    containerfiles: |
+                        ./Dockerfile
+                    build-args: |
+                        BUILD_DATE=${{ env.BUILD_DATE }}
+                        APP_VERSION=${{ env.APP_VERSION }}
+
+            -   name: Push To Docker Hub
+                id: push-to-dockerhub-preview
+                uses: redhat-actions/push-to-registry@v2
+                with:
+                    image: ${{ steps.build-image.outputs.image }}
+                    tags: 'latest ${{ env.APP_VERSION }}'
+                    registry: registry.hub.docker.com
+                    username: continuoussecuritytooling
+                    password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
             -   name: Publish npm package
                 run: |
                     npm publish

package/CHANGELOG.md

@@ -1,3 +1,45 @@
+## [1.0.1](https://github.com/ContinuousSecurityTooling/keycloak-reporter/compare/v1.0.0...v1.0.1) (2024-10-31)
+
+
+### Bug Fixes
+
+* Correcting docker publish on release ([8930206](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/89302069cd56c8ec324cf5a028dd52e07ba3212a))
+* **deps:** update dependency @keycloak/keycloak-admin-client to v26.0.1 ([4b640f2](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/4b640f2b9899bbc4055c08c9c6d807639495f3fd))
+* **deps:** update dependency @keycloak/keycloak-admin-client to v26.0.2 ([7b2b427](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/7b2b42793de329365109e85d0f8f9dcc24ef66b1))
+* **deps:** update dependency @keycloak/keycloak-admin-client to v26.0.4 ([12f2a15](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/12f2a154ee328505691cc8b635f3c916b08e2f0d))
+* **deps:** update dependency openid-client to v6.1.0 ([1238436](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/1238436517af761c1cb27e28a1ecd27a0f501b95))
+* **deps:** update dependency openid-client to v6.1.1 ([46c92db](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/46c92db73ed39b4c0f4a07f12369270460affaef))
+* **deps:** update dependency openid-client to v6.1.3 ([530087b](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/530087b716f8fbe6a7cbe304edfc03107c25189b))
+* **Tests:** Adjust end2end config for keycloak v26 ([79c6d9c](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/79c6d9c61b27157cb915f5532e2eb29674e2b763))
+* **Tests:** Adjust test spec ([431c1c6](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/431c1c6d6fa951d5c4d987b89d66a644cef5e250))
+* **Tests:** Adjust test to changed config ([8163c80](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/8163c80f7a46659d52ab88e9af0b3caf5d412218))
+
+
+
+# [1.0.0](https://github.com/ContinuousSecurityTooling/keycloak-reporter/compare/v0.8.12...v1.0.0) (2024-10-17)
+
+
+### Bug Fixes
+
+* **Chart:** Correcting chart version ([bd7eb36](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/bd7eb36b0e0c77cfedef23005c25190f2d9aa156))
+* **deps:** update dependency @continuoussecuritytooling/keycloak-auditor to v1.1.10 ([ac7118b](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/ac7118bbcdd08dc4df3e33aca1d207ff946abbe6))
+* **deps:** update dependency @continuoussecuritytooling/keycloak-auditor to v1.1.16 ([2c4a9b7](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/2c4a9b7e10d481fcfb663ce257abdfd0facc7ae1))
+* **deps:** update dependency @continuoussecuritytooling/keycloak-auditor to v2 ([ecee366](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/ecee366ba32cba49e14f116d0e0dffb836182d81))
+* **deps:** update dependency @keycloak/keycloak-admin-client to v25.0.4 ([e79d129](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/e79d129308de45c661374303990aad06a3264a48))
+* **deps:** update dependency @keycloak/keycloak-admin-client to v25.0.5 ([179de86](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/179de86d06f61eadf6975bee86784fab0fc510a2))
+* **deps:** update dependency @keycloak/keycloak-admin-client to v25.0.6 ([291594b](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/291594b23d396d53de98ed458ce133f1b541f779))
+* **deps:** update dependency @keycloak/keycloak-admin-client to v26 ([813c5b1](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/813c5b1c80bd657e97f7d7e1dd323d3f1a1d47a4))
+* **deps:** update dependency @slack/webhook to v7.0.3 ([483dce5](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/483dce5975e0722e531f673035703ef78983afa0))
+* **deps:** update dependency ms-teams-webhook to v2.2.0 ([38e4184](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/38e41849a6a5eb41edafe813f8d9dcd7bfc37f7e))
+* **deps:** update dependency ms-teams-webhook to v2.2.1 ([eb91bcf](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/eb91bcff5142099cada7ed1cb9cceac71ebfd9bd))
+* **deps:** update dependency ms-teams-webhook to v2.2.2 ([1ccd777](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/1ccd7771918077cadbe74e88e78554e7307871b1))
+* **deps:** update dependency npm to v10.8.3 ([b14ebf4](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/b14ebf4f2fa6295aad533f610949425313cb92ce))
+* **deps:** update dependency npm to v10.9.0 ([f2d65c4](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/f2d65c43374fc5a32262269d479355ede46ae7f8))
+* **deps:** update dependency openid-client to v5.7.0 ([8688200](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/8688200de26bd62077aeec9f01ce8f503e92e296))
+* **deps:** update dependency openid-client to v6 ([cd3edc3](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/cd3edc35ca2193a53bd5912d2dd6a074524e647b))
+
+
+
 ## [0.8.14](https://github.com/ContinuousSecurityTooling/keycloak-reporter/compare/v0.8.12...v0.8.14) (2024-09-17)
 
 

package/Dockerfile

@@ -1,4 +1,4 @@
-FROM node:20.17.0-slim
+FROM node:22.11.0-slim
 
 ARG BUILD_DATE
 ARG APP_VERSION

package/charts/keycloak-reporter/Chart.yaml

@@ -15,14 +15,14 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.8.14
+version: 1.3.6
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 # renovate: datasource=docker depName=ContinuousSecurityTooling/keycloak-reporter
-appVersion: '0.8.10'
+appVersion: 1.0.1
 maintainers:
   # Martin Reinhardt
   - name: hypery2k

package/charts/keycloak-reporter/README.md

@@ -1,6 +1,6 @@
 # keycloak-reporter
 
-![Version: 0.8.14](https://img.shields.io/badge/Version-0.8.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.8.10](https://img.shields.io/badge/AppVersion-0.8.10-informational?style=flat-square)
+![Version: 1.3.6](https://img.shields.io/badge/Version-1.3.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.1](https://img.shields.io/badge/AppVersion-1.0.1-informational?style=flat-square)
 
 Keycloak user and client reporting tool for automated regular access checks.
 

package/continuoussecuritytooling-keycloak-reporting-cli-latest_digest.txt

@@ -0,0 +1 @@
+sha256:b707ebf14cb1176d648babdfb527909e36ccaaf0c6c4029533d956a4125e6a09