From 68012c8001c9585b3642d2b8a7bec85b5c4ab20f Mon Sep 17 00:00:00 2001
From: Timshel <timshel@users.noreply.github.com>
Date: Tue, 23 Sep 2025 16:33:17 +0200
Subject: [PATCH] Upgrade Keycloak compose to trixie

---
 playwright/compose/keycloak/Dockerfile | 35 ++++++--------------------
 playwright/compose/keycloak/setup.sh   | 12 +++++++--
 playwright/docker-compose.yml          |  9 +++----
 3 files changed, 21 insertions(+), 35 deletions(-)

diff --git a/playwright/compose/keycloak/Dockerfile b/playwright/compose/keycloak/Dockerfile
index 35888950..0188988f 100644
--- a/playwright/compose/keycloak/Dockerfile
+++ b/playwright/compose/keycloak/Dockerfile
@@ -1,40 +1,19 @@
-FROM docker.io/library/debian:bookworm-slim as build
+FROM docker.io/library/debian:trixie-slim
 
-ENV DEBIAN_FRONTEND=noninteractive
 ARG KEYCLOAK_VERSION
 
-SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-
-RUN apt-get update \
-    && apt-get install -y ca-certificates curl wget \
-    && rm -rf /var/lib/apt/lists/*
-
-WORKDIR /
-
-RUN wget -c https://github.com/keycloak/keycloak/releases/download/${KEYCLOAK_VERSION}/keycloak-${KEYCLOAK_VERSION}.tar.gz -O - | tar -xz
-
-FROM docker.io/library/debian:bookworm-slim
-
 ENV DEBIAN_FRONTEND=noninteractive
-ARG KEYCLOAK_VERSION
-
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-RUN apt-get update \
-    && apt-get install -y ca-certificates curl wget \
-    && rm -rf /var/lib/apt/lists/*
-
-ARG JAVA_URL
-ARG JAVA_VERSION
-
-ENV JAVA_VERSION=${JAVA_VERSION}
-
-RUN mkdir -p /opt/openjdk && cd /opt/openjdk \
-    && wget -c "${JAVA_URL}"  -O - | tar -xz
+RUN apt-get update && apt-get install -y ca-certificates curl jq openjdk-21-jdk-headless wget
 
 WORKDIR /
 
+RUN wget -c https://github.com/keycloak/keycloak/releases/download/${KEYCLOAK_VERSION}/keycloak-${KEYCLOAK_VERSION}.tar.gz -O - | tar -xz \
+    && mkdir -p /opt/keycloak \
+    && mv /keycloak-${KEYCLOAK_VERSION}/bin /opt/keycloak/bin \
+    && rm -rf /keycloak-${KEYCLOAK_VERSION}
+
 COPY setup.sh /setup.sh
-COPY --from=build /keycloak-${KEYCLOAK_VERSION}/bin /opt/keycloak/bin
 
 CMD "/setup.sh"
diff --git a/playwright/compose/keycloak/setup.sh b/playwright/compose/keycloak/setup.sh
index 36597b1d..a27caaff 100755
--- a/playwright/compose/keycloak/setup.sh
+++ b/playwright/compose/keycloak/setup.sh
@@ -1,7 +1,6 @@
 #!/bin/bash
 
-export PATH=/opt/keycloak/bin:/opt/openjdk/jdk-${JAVA_VERSION}/bin:$PATH
-export JAVA_HOME=/opt/openjdk/jdk-${JAVA_VERSION}
+export PATH=/opt/keycloak/bin:$PATH
 
 STATUS_CODE=0
 while [[ "$STATUS_CODE" != "404" ]] ; do
@@ -34,3 +33,12 @@ kcadm.sh update users/$TEST_USER3_ID/reset-password -r "$TEST_REALM" -s type=pas
 
 # Dummy realm to mark end of setup
 kcadm.sh create realms -s realm="$DUMMY_REALM" -s enabled=true -s "accessTokenLifespan=600"
+
+# TO DEBUG uncomment the following line to keep the setup container running
+# sleep 3600
+# THEN in another terminal:
+# docker exec -it keycloakSetup-dev /bin/bash
+# export PATH=$PATH:/opt/keycloak/bin
+# kcadm.sh config credentials --server "http://${KC_HTTP_HOST}:${KC_HTTP_PORT}" --realm master --user "$KEYCLOAK_ADMIN" --password "$KEYCLOAK_ADMIN_PASSWORD" --client admin-cli
+# ENJOY
+# Doc: https://wjw465150.gitbooks.io/keycloak-documentation/content/server_admin/topics/admin-cli.html
diff --git a/playwright/docker-compose.yml b/playwright/docker-compose.yml
index 3e56477c..c6e33e79 100644
--- a/playwright/docker-compose.yml
+++ b/playwright/docker-compose.yml
@@ -30,9 +30,10 @@ services:
       - SMTP_FROM
       - SMTP_DEBUG
       - SSO_DEBUG_TOKENS
-      - SSO_FRONTEND
       - SSO_ENABLED
+      - SSO_FRONTEND
       - SSO_ONLY
+      - SSO_SCOPES
     restart: "no"
     depends_on:
       - VaultwardenPrebuild
@@ -100,7 +101,7 @@ services:
   Keycloak:
     profiles: ["keycloak", "vaultwarden"]
     container_name: keycloak-${ENV:-dev}
-    image: quay.io/keycloak/keycloak:25.0.4
+    image: quay.io/keycloak/keycloak:26.3.4
     network_mode: "host"
     command:
       - start-dev
@@ -114,9 +115,7 @@ services:
       context: compose/keycloak
       dockerfile: Dockerfile
       args:
-        KEYCLOAK_VERSION: 25.0.4
-        JAVA_URL: https://download.java.net/java/GA/jdk21.0.2/f2283984656d49d69e91c558476027ac/13/GPL/openjdk-21.0.2_linux-x64_bin.tar.gz
-        JAVA_VERSION: 21.0.2
+        KEYCLOAK_VERSION: 26.3.4
     network_mode: "host"
     depends_on:
       - Keycloak