* Use a valid SemVer format for the SNAPSHOT version
* Update pom.xml
* Update pom.xml
---------
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
This PR switches the Quarkus Dockerfile to use `ubi9` parent images instead of `ubi8` ones.
ubi-null.sh has some minor changes to handle differences in RHEL 9. It's also been renamed.
Closes#17057
Even though we use `ubi8-minimal` as the parent of our container, it
still has many RPMs installed that aren't necessary to run the Keycloak
server. Also, since the JDK RPM (that we install on top of
`ubi8-minimal`) is designed for general use, it pulls in more dependency
RPMs than it strictly needs to, like cups and avahi. Keycloak will never
need to access a printer itself!
Trimming down these excess RPMs will improve our CVE statistics with
automated scanners, and therefore let us perform fewer CVE rebuilds.
`ubi8-null.sh` uses the low-level `rpm` command to identify and forcibly
remove dependencies and operating system files that are not required to
boot our Quarkus-based server. This includes `microdnf` and `rpm`
itself! I have preserved bash however, so it's still possible to debug
the container from a shell.
I've created an initial set of allow/disallow lists, that seems to pass
a smoke test (server boots, admin console works). This leaves 37
packages installed, with 96 removed relative to `ubi8-minimal`. We could
go more minimal than this, or less minimal if required. Trial and error
is required.
Closes#16902
* Remove Red Hat Single Sign-On product profile from upstream
Closes#14916
* review suggestions: Remove Red Hat Single Sign-On product profile from upstream
Closes#14916
Co-authored-by: Peter Skopek <pskopek@redhat.com>
Inline profile checks for enabled admin-console to avoid issues during
static initialization with quarkus.
Potentially Re-enable admin-api feature if admin-console is enabled
via the admin/admin2 feature flag.
Add legacy admin console as deprecated feature flag
Throw exception if admin-api feature is disabled but admin-console is enabled
Adapt ProfileTest
Consider adminConsoleEnabled flag in QuarkusWelcomeResource
Fix check for Admin-Console / Admin-API feature dependency.
Add new features to approved help output files
Co-authored-by: Stian Thorgersen <stian@redhat.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>