From 486b199548b4647f3a753ac8b216301220adb4f3 Mon Sep 17 00:00:00 2001
From: Alexander Schwartz <aschwart@redhat.com>
Date: Tue, 6 Feb 2024 12:12:11 +0100
Subject: [PATCH] Make label for Keycloak container images configurable

Closes #26819

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
---
 docs/guides/attributes.adoc        |  1 +
 docs/guides/server/containers.adoc | 22 +++++++++++-----------
 docs/guides/server/db.adoc         |  8 ++++----
 docs/guides/server/fips.adoc       |  6 +++---
 4 files changed, 19 insertions(+), 18 deletions(-)

diff --git a/docs/guides/attributes.adoc b/docs/guides/attributes.adoc
index fe6005fdaa..b3291dbbf5 100644
--- a/docs/guides/attributes.adoc
+++ b/docs/guides/attributes.adoc
@@ -6,3 +6,4 @@
 :jdgserver_name: Infinispan
 :infinispan-operator-docs: https://infinispan.org/docs/infinispan-operator/main/operator.html
 :infinispan-xsite-docs: https://infinispan.org/docs/stable/titles/xsite/xsite.html
+:containerlabel: latest
diff --git a/docs/guides/server/containers.adoc b/docs/guides/server/containers.adoc
index 28b3994429..3c4da91cfa 100644
--- a/docs/guides/server/containers.adoc
+++ b/docs/guides/server/containers.adoc
@@ -27,9 +27,9 @@ This step will save time in every subsequent start phase of the container image.
 The following `Dockerfile` creates a pre-configured {project_name} image that enables the health and metrics endpoints, enables the token exchange feature, and uses a PostgreSQL database.
 
 .Dockerfile:
-[source, dockerfile]
+[source,dockerfile,subs="attributes+"]
 ----
-FROM quay.io/keycloak/keycloak:latest as builder
+FROM quay.io/keycloak/keycloak:{containerlabel} as builder
 
 # Enable health and metrics support
 ENV KC_HEALTH_ENABLED=true
@@ -43,7 +43,7 @@ WORKDIR /opt/keycloak
 RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
 RUN /opt/keycloak/bin/kc.sh build
 
-FROM quay.io/keycloak/keycloak:latest
+FROM quay.io/keycloak/keycloak:{containerlabel}
 COPY --from=builder /opt/keycloak/ /opt/keycloak/
 
 # change these values to point to a running postgres instance
@@ -64,10 +64,10 @@ The build process includes multiple stages:
 To install custom providers, you just need to define a step to include the JAR file(s) into the `/opt/keycloak/providers` directory.
 This step must be placed before the line that `RUNs` the `build` command, as below: 
 
-[source, dockerfile]
+[source,dockerfile,subs="attributes+"]
 ----
 # A example build step that downloads a JAR file from a URL and adds it to the providers directory
-FROM quay.io/keycloak/keycloak:latest as builder
+FROM quay.io/keycloak/keycloak:{containerlabel} as builder
 
 ...
 
@@ -166,11 +166,11 @@ By setting the `hostname-port` option you can now access the server at `https://
 The easiest way to try {project_name} from a container for development or testing purposes is to use the Development mode.
 You use the `start-dev` command:
 
-[source,bash]
+[source,bash,subs="attributes+"]
 ----
 podman|docker run --name mykeycloak -p 8080:8080 \
         -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=change_me \
-        quay.io/keycloak/keycloak:latest \
+        quay.io/keycloak/keycloak:{containerlabel} \
         start-dev
 ----
 
@@ -185,11 +185,11 @@ In these environments, you need containers that start fast, therefore you need t
 However, if your environment has different requirements, you can run a standard {project_name} image by just running the `start` command.
 For example:
 
-[source, bash]
+[source,bash,subs="attributes+"]
 ----
 podman|docker run --name mykeycloak -p 8080:8080 \
         -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=change_me \
-        quay.io/keycloak/keycloak:latest \
+        quay.io/keycloak/keycloak:{containerlabel} \
         start \
         --db=postgres --features=token-exchange \
         --db-url=<JDBC-URL> --db-username=<DB-USER> --db-password=<DB-PASSWORD> \
@@ -218,12 +218,12 @@ This approach significantly increases startup time and creates an image that is
 
 The {project_name} containers have a directory `/opt/keycloak/data/import`. If you put one or more import files in that directory via a volume mount or other means and add the startup argument `--import-realm`, the Keycloak container will import that data on startup! This may only make sense to do in Dev mode.
 
-[source, bash]
+[source,bash,subs="attributes+"]
 ----
 podman|docker run --name keycloak_unoptimized -p 8080:8080 \
         -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=change_me \
         -v /path/to/realm/data:/opt/keycloak/data/import \
-        quay.io/keycloak/keycloak:latest \
+        quay.io/keycloak/keycloak:{containerlabel} \
         start-dev --import-realm
 ----
 
diff --git a/docs/guides/server/db.adoc b/docs/guides/server/db.adoc
index caa6ce8ba8..b8494be206 100644
--- a/docs/guides/server/db.adoc
+++ b/docs/guides/server/db.adoc
@@ -55,9 +55,9 @@ To install the Oracle Database driver for {project_name}:
 +
 A minimal Dockerfile to build an image which can be used with the {project_name} Operator and includes Oracle Database JDBC drivers downloaded from Maven Central looks like the following:
 +
-[source,dockerfile]
+[source,dockerfile,subs="attributes+"]
 ----
-FROM quay.io/keycloak/keycloak:latest
+FROM quay.io/keycloak/keycloak:{containerlabel}
 ADD --chown=keycloak:keycloak https://repo1.maven.org/maven2/com/oracle/database/jdbc/ojdbc11/${properties["oracle-jdbc.version"]}/ojdbc11-${properties["oracle-jdbc.version"]}.jar /opt/keycloak/providers/ojdbc11.jar
 ADD --chown=keycloak:keycloak https://repo1.maven.org/maven2/com/oracle/database/nls/orai18n/${properties["oracle-jdbc.version"]}/orai18n-${properties["oracle-jdbc.version"]}.jar /opt/keycloak/providers/orai18n.jar
 # Setting the build parameter for the database:
@@ -91,9 +91,9 @@ To install the Microsoft SQL Server driver for {project_name}:
 +
 A minimal Dockerfile to build an image which can be used with the {project_name} Operator and includes Microsoft SQL Server JDBC drivers downloaded from Maven Central looks like the following:
 +
-[source,dockerfile]
+[source,dockerfile,subs="attributes+"]
 ----
-FROM quay.io/keycloak/keycloak:latest
+FROM quay.io/keycloak/keycloak:{containerlabel}
 ADD --chown=keycloak:keycloak https://repo1.maven.org/maven2/com/microsoft/sqlserver/mssql-jdbc/${properties["mssql-jdbc.version"]}/mssql-jdbc-${properties["mssql-jdbc.version"]}.jar /opt/keycloak/providers/mssql-jdbc.jar
 # Setting the build parameter for the database:
 ENV KC_DB=mssql
diff --git a/docs/guides/server/fips.adoc b/docs/guides/server/fips.adoc
index 0180999a93..f605a5a901 100644
--- a/docs/guides/server/fips.adoc
+++ b/docs/guides/server/fips.adoc
@@ -222,9 +222,9 @@ For example in the current directory, you can create sub-directory `files` and a
 Then create `Dockerfile` in the current directory similar to this:
 
 .Dockerfile:
-[source, dockerfile]
+[source,dockerfile,subs="attributes+"]
 ----
-FROM quay.io/keycloak/keycloak:latest as builder
+FROM quay.io/keycloak/keycloak:{containerlabel} as builder
 
 ADD files /tmp/files/
 
@@ -235,7 +235,7 @@ RUN cp /tmp/files/kc.java.security /opt/keycloak/conf/
 
 RUN /opt/keycloak/bin/kc.sh build --features=fips --fips-mode=strict
 
-FROM quay.io/keycloak/keycloak:latest
+FROM quay.io/keycloak/keycloak:{containerlabel}
 COPY --from=builder /opt/keycloak/ /opt/keycloak/
 
 ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]