commit 7f8dc5b59a817cb65c622668389efcb0542f1a18
author Nico Huber <nico.h@gmx.de> Tue Jul 25 16:48:01 2023 +0000
committer Nico Huber <nico.h@gmx.de> Tue Jul 25 17:33:20 2023 +0000
tree 24a414981abfd999ce4c4e4cf67365cc1419c950
parent 472cfc7ff58cbd52f7ce2831fd11288b2e7630e8

Add script to add `sourcearcade` realm to Keycloak

gerrit/Dockerfile.entrypoint

diff --git a/gerrit/Dockerfile.entrypoint b/gerrit/Dockerfile.entrypoint
index 7079792..fefd704 100644
--- a/gerrit/Dockerfile.entrypoint
+++ b/gerrit/Dockerfile.entrypoint
@@ -8,6 +8,7 @@
 }
 
 export GERRIT_MAIL_PASSWORD=$(secret mail:gerrit)
+export GERRIT_KC_PASSWORD=$(secret kc:gerrit)
 
 # Allows us to bind mount arbitrary owned files
 chown -R gerrit:gerrit /var/gerrit/{logs,etc,db,git,index,cache}/

gerrit/Dockerfile.entrypoint-unprivileged

diff --git a/gerrit/Dockerfile.entrypoint-unprivileged b/gerrit/Dockerfile.entrypoint-unprivileged
index 1771d81..b768dbc 100644
--- a/gerrit/Dockerfile.entrypoint-unprivileged
+++ b/gerrit/Dockerfile.entrypoint-unprivileged
@@ -30,4 +30,15 @@
     git config -f ${config} sendemail.html false
 fi
 
+if [ "${GERRIT_KC_PASSWORD}" ]; then
+    kc_oauth=plugin.gerrit-oauth-provider-keycloak-oauth
+
+    git config -f ${config} ${kc_oauth}.root-url https://id.${SA_PUBLIC_DOMAIN_NAME}/
+    git config -f ${config} ${kc_oauth}.realm sourcearcade
+    git config -f ${config} ${kc_oauth}.client-id gerrit
+    git config -f ${config} ${kc_oauth}.client-secret ${GERRIT_KC_PASSWORD}
+    git config -f ${config} ${kc_oauth}.use-preferred-username true
+    git config -f ${config} --add auth.trustedOpenID keycloak-oauth:
+fi
+
 exec /entrypoint.sh "$@"