Skip to content

closes mosip/commons#1860 Merge changes from release-1.3.x to develop #213#206

Closed
ckm007 wants to merge 25 commits into
developfrom
release-1.3.x
Closed

closes mosip/commons#1860 Merge changes from release-1.3.x to develop #213#206
ckm007 wants to merge 25 commits into
developfrom
release-1.3.x

Conversation

@ckm007

@ckm007 ckm007 commented Jun 4, 2026

Copy link
Copy Markdown
Member

Summary by CodeRabbit

  • New Features

    • Added automated Keycloak deployment scripts for installation, deletion, data export/import, and configuration management
    • Added new Keycloak initialization Helm chart with built-in configuration support
  • Documentation

    • Enhanced deployment documentation with comprehensive Keycloak setup and management instructions
    • Updated README with contribution guidelines and community support information
  • Chores

    • Added GitHub Actions workflows for automated chart linting, publishing, and verification
    • Updated container base image

Prafulrakhade and others added 25 commits December 4, 2024 19:31
Signed-off-by: techno-467 <prafulrakhade02@gmail.com>
[MOSIP-35490] moved required helm and deploy scripts to modular repo
Signed-off-by: Rakshith B <79500257+Rakshithb1@users.noreply.github.com>
Signed-off-by: Rakshith B <79500257+Rakshithb1@users.noreply.github.com>
[DSD-7140] added verify-keycloak-init.yml
Signed-off-by: Rakshitha650 <76676196+Rakshitha650@users.noreply.github.com>
Signed-off-by: Rakshitha650 <76676196+Rakshitha650@users.noreply.github.com>
Signed-off-by: Chandra Keshav Mishra <chandrakeshavmishra@gmail.com>
[MOSIP-41025] added role ONLINE_REGISTRATION_CLIENT addition
Signed-off-by: Prafulrakhade <prafulrakhade02@gmail.com>
Signed-off-by: Prafulrakhade <prafulrakhade02@gmail.com>
Signed-off-by: Prafulrakhade <prafulrakhade02@gmail.com>
… branch

Signed-off-by: bhumi46 <thisisbn46@gmail.com>
… branch

Signed-off-by: bhumi46 <thisisbn46@gmail.com>
… branch

Signed-off-by: bhumi46 <thisisbn46@gmail.com>
[DSD-9381]Updated helm charts, pustrigger,and dockerfile from develop…
* [MOSIP-43640] Update keycloak init

Signed-off-by: Praful Rakhade <prafulrakhade02@gmail.com>

* Update PostgreSQL image settings in install.sh

Signed-off-by: Praful Rakhade <prafulrakhade02@gmail.com>

* Update Keycloak chart version to 1.3.0-develop

Signed-off-by: Praful Rakhade <prafulrakhade02@gmail.com>

---------

Signed-off-by: Praful Rakhade <prafulrakhade02@gmail.com>
Signed-off-by: Mohanraj209 <mohan1715@gmail.com>
Signed-off-by: Mohan E <mohanraj1715@gmail.com>
[MOSIP-44060] Updated keycloak install and initialization scripts.
Signed-off-by: Prafulrakhade <prafulrakhade02@gmail.com>
* Updated chart versions, image and tag for release changes

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* [DSD-9524] Platform 1.2.1.0 GA release

Signed-off-by: Prafulrakhade <prafulrakhade02@gmail.com>

---------

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Prafulrakhade <prafulrakhade02@gmail.com>
Co-authored-by: Prafulrakhade <99539100+Prafulrakhade@users.noreply.github.com>
Co-authored-by: Prafulrakhade <prafulrakhade02@gmail.com>
Comment on lines +47 to +62
uses: mosip/kattu/.github/workflows/chart-lint-publish.yml@master
with:
CHARTS_DIR: ./helm
CHARTS_URL: https://mosip.github.io/mosip-helm
REPOSITORY: mosip-helm
BRANCH: gh-pages
INCLUDE_ALL_CHARTS: "${{ inputs.INCLUDE_ALL_CHARTS || 'NO' }}"
IGNORE_CHARTS: "${{ inputs.IGNORE_CHARTS || '\"\"' }}"
CHART_PUBLISH: "${{ inputs.CHART_PUBLISH || 'YES' }}"
LINTING_CHART_SCHEMA_YAML_URL: "https://raw.githubusercontent.com/mosip/kattu/master/.github/helm-lint-configs/chart-schema.yaml"
LINTING_LINTCONF_YAML_URL: "https://raw.githubusercontent.com/mosip/kattu/master/.github/helm-lint-configs/lintconf.yaml"
LINTING_CHART_TESTING_CONFIG_YAML_URL: "https://raw.githubusercontent.com/mosip/kattu/master/.github/helm-lint-configs/chart-testing-config.yaml"
LINTING_HEALTH_CHECK_SCHEMA_YAML_URL: "https://raw.githubusercontent.com/mosip/kattu/master/.github/helm-lint-configs/health-check-schema.yaml"
secrets:
TOKEN: ${{ secrets.ACTION_PAT }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
Comment on lines +30 to +32
uses: mosip/kattu/.github/workflows/verify-keycloak-init.yml@master
with:
kc_values_file_path: helm/keycloak-init/values.yaml
@coderabbitai

coderabbitai Bot commented Jun 4, 2026

Copy link
Copy Markdown

Review Change Stack

Caution

Review failed

Pull request was closed or merged during review

Walkthrough

This PR adds comprehensive Keycloak deployment infrastructure for MOSIP Kubernetes clusters. It introduces a complete keycloak-init Helm chart with templated initialization jobs, multiple deployment scripts with interactive configuration, GitHub Actions workflows for automation, realm/client configuration files, and updates the base Docker image for keycloak-artemis.

Changes

Keycloak Deployment Infrastructure

Layer / File(s) Summary
CI/CD Workflows and Automation
.github/workflows/chart-lint-publish.yml, .github/workflows/verify-keycloak-init.yml, .github/workflows/push-trigger.yml
New chart-lint-publish workflow triggers on releases/PRs/pushes to validate and publish Helm charts to gh-pages. New verify-keycloak-init workflow validates keycloak-init chart changes. Platform configuration (PLATFORMS: linux/amd64) added to docker service matrix in push-trigger.
Documentation and Project Metadata
README.md, deploy/README.md
README updated with documentation links and contribution/community sections. Comprehensive deployment documentation added covering installation options, prerequisites, Keycloak configuration, PostgreSQL persistence, realm/user export/import procedures, and reference to deployment scripts.
Keycloak Init Helm Chart Structure and Templates
helm/keycloak-init/Chart.yaml, helm/keycloak-init/README.md, helm/keycloak-init/templates/_helpers.tpl, helm/keycloak-init/templates/*.yaml, helm/keycloak-init/.gitignore, helm/keycloak-init/.helmignore
Complete keycloak-init Helm chart with metadata, template helpers for naming/labels/service accounts, and Kubernetes resource templates: ServiceAccount, two ConfigMaps (keycloak-host and configuration), Client Secrets, Initialization Job with environment/volume injection, and test connection hook.
Deployment Configuration and Values Files
helm/keycloak-init/values.yaml, deploy/values.yaml, deploy/import-init-values.yaml, deploy/upgrade-init-values.yaml, deploy/istio-addons-values.yaml
Helm chart values defining realms, clients, roles, client scopes with OIDC protocol and token mappers. Keycloak service values with ingress/security context/resource config. Import/upgrade values specifying realm configuration, client role assignments, and token claim mappers. Istio addon values for gateway/virtual service configuration.
Installation and Operational Management Scripts
deploy/install.sh, deploy/delete.sh, deploy/keycloak_init.sh, deploy/import-init.sh, deploy/upgrade-init.sh, deploy/export.sh, deploy/update_secret.sh
install.sh performs full Keycloak and Istio addon deployment with namespace creation and interactive host validation. keycloak_init.sh collects SMTP/service configuration and runs keycloak-init Helm chart. import-init.sh and upgrade-init.sh initialize realm/client data. export.sh exports realm/user data from running Keycloak pod. delete.sh uninstalls Keycloak releases. update_secret.sh manages admin password credentials.
Base Docker Image Update
keycloak-artemis/Dockerfile
Base image switched from bitnami/keycloak:16.1.1 to mosipid/keycloak:16.1.1. Debian APT sources patching added to use archive/Debian mirrors.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐰 A Keycloak realm takes shape with helm,
Charts and scripts join at the helm,
MOSIP's IAM now unified,
Kubernetes workflows certified,
Deploy, export, and realms align! 🔐

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 12.50% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the PR's primary objective: merging changes from the release-1.3.x branch into develop, addressing the referenced issue.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch release-1.3.x
⚔️ Resolve merge conflicts
  • Resolve merge conflict in branch release-1.3.x

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@ckm007 ckm007 closed this Jun 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants