[#390] Add OIDC

.github/workflows/ci.yml

@@ -15,6 +15,7 @@ env:
   IMAGE_NAME: maykinmedia/open-archiefbeheer
   DJANGO_SETTINGS_MODULE: openarchiefbeheer.conf.ci
   DOCKER_BUILDKIT: '1'
+  KEYCLOAK_BASE_URL: http://localhost:28080
 
 jobs:
   frontend-build:
@@ -191,6 +192,24 @@ jobs:
           npm-ci-flags: '--legacy-peer-deps'
           working-directory: backend
           nvmrc-custom-dir: backend
+
+      - name: Start CI docker services
+        run: |
+          docker compose up -d
+        working-directory: backend/docker-services/keycloak
+
+      - name: Wait for Keycloak to be up
+        run: |
+          endpoint="${KEYCLOAK_BASE_URL}/realms/openarchiefbeheer-dev/"
+          realm=""
+
+          until [ $realm ]; do
+            echo "Checking if Keycloak at ${KEYCLOAK_BASE_URL} is up..."
+            realm=$(curl "$endpoint" -s | jq -r ".realm")
+            sleep 2
+          done
+
+          echo "Running Keycloak with realm $realm"
 
       # See https://playwright.dev/python/docs/ci#caching-browsers
       - name: Cache Playwright browser

backend/docker-services/keycloak/Readme.md

@@ -0,0 +1,5 @@
+To export the realm settings, run this command in the keycloak container:
+
+```bash
+/opt/keycloak/bin/kc.sh export --file /tmp/realm_export.json --realm openarchiefbeheer-dev
+```

backend/docker-services/keycloak/docker-compose.yaml

@@ -0,0 +1,42 @@
+#
+# DISCLAIMER: THIS IS FOR DEVELOPMENT PURPOSES ONLY AND NOT SUITABLE FOR PRODUCTION.
+#
+# You can use this docker-compose to spin up a local stack for demo/try-out
+# purposes, or to get some insight in the various components involved (e.g. to build
+# your Helm charts from). Note that various environment variables are UNSAFE and merely
+# specified so that you can get up and running with the least amount of friction.
+services:
+  keycloak-db:
+    image: postgres:14
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: keycloak
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: keycloak
+    networks:
+      - keycloak-dev
+
+  keycloak:
+    depends_on:
+      - keycloak-db
+    container_name: keycloak_dev
+    command: start-dev --import-realm
+    environment:
+      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_ADMIN_PASSWORD: admin
+      KC_DB: postgres
+      KC_DB_URL: jdbc:postgresql://keycloak-db/keycloak
+      KC_DB_USERNAME: keycloak
+      KC_DB_PASSWORD: keycloak
+      KC_HOSTNAME: localhost
+    image: quay.io/keycloak/keycloak:25.0.6
+    ports:
+      - "28080:8080"
+    restart: unless-stopped
+    volumes:
+      - ./fixtures:/opt/keycloak/data/import
+    networks:
+      - keycloak-dev
+
+networks:
+  keycloak-dev: