chore: publish 10.3.0+26.2.1 release

.drone.yml

@@ -35,7 +35,7 @@ steps:
         from_secret: drone_abra-bot_token
       fork: true
       repositories:
-        - coop-cloud/auto-recipes-catalogue-json
+        - toolshed/auto-recipes-catalogue-json
 
 trigger:
   event: tag

.env.sample

@@ -8,6 +8,11 @@ LETS_ENCRYPT_ENV=production
 ADMIN_USERNAME=admin
 WELCOME_THEME=keycloak
 
+COMPOSE_FILE="compose.yml"
+
 SECRET_DB_ROOT_PASSWORD_VERSION=v1
 SECRET_DB_PASSWORD_VERSION=v1
 SECRET_ADMIN_PASSWORD_VERSION=v1
+
+# Enable persistent theme volume, if you want to apply a custom theme
+#COMPOSE_FILE="$COMPOSE_FILE:compose.theme.yml"

compose.theme.yml

@@ -0,0 +1,10 @@
+---
+version: "3.8"
+
+services:
+  app:
+    volumes:
+      - "themes:/opt/keycloak/themes"
+
+volumes:
+  themes:

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: "keycloak/keycloak:22.0.4"
+    image: "keycloak/keycloak:26.2.1"
     entrypoint: >
       bash -c "KEYCLOAK_ADMIN_PASSWORD=\"$$(cat /run/secrets/admin_password)\" KC_DB_PASSWORD=\"$$(cat /run/secrets/db_password)\" /opt/keycloak/bin/kc.sh start"
     networks:
@@ -16,11 +16,13 @@ services:
       - KC_DB=mariadb
       - KC_DB_URL_DATABASE=keycloak
       - KC_DB_URL_HOST=db
-      - KC_HOSTNAME=${DOMAIN}
+      - KC_HOSTNAME=https://${DOMAIN}
       - KC_PROXY=edge
       - KC_SPI_CONNECTIONS_JPA_LEGACY_MIGRATION_STRATEGY=update
       - KEYCLOAK_ADMIN=${ADMIN_USERNAME}
       - KEYCLOAK_WELCOME_THEME=${WELCOME_THEME}
+      - KC_PROXY_HEADERS=xforwarded
+      - KC_HTTP_ENABLED=true
     # NOTE(3wc): disabled due to missing curl binary, see
     #   https://git.coopcloud.tech/coop-cloud/keycloak/issues/15
     # healthcheck:
@@ -30,7 +32,7 @@ services:
     #   retries: 10
     #   start_period: 1m
     volumes:
-      - "themes:/opt/keycloak/themes"
+      - "providers:/opt/keycloak/providers"
     depends_on:
       - mariadb
     deploy:
@@ -46,10 +48,13 @@ services:
         - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-        - "coop-cloud.${STACK_NAME}.version=7.0.1+22.0.4"
+        - "caddy=${DOMAIN}"
+        - "caddy.reverse_proxy={{upstreams 8080}}"
+        - "caddy.tls.on_demand="
+        - "coop-cloud.${STACK_NAME}.version=10.3.0+26.2.1"
 
   db:
-    image: "mariadb:10.11"
+    image: "mariadb:11.7"
     environment:
       - MYSQL_DATABASE=keycloak
       - MYSQL_USER=keycloak
@@ -67,10 +72,10 @@ services:
         backupbot.backup: "true"
         backupbot.backup.path: "/tmp/dump.sql.gz"
         backupbot.backup.post-hook: "rm -f /tmp/dump.sql.gz"
-        backupbot.backup.pre-hook: "sh -c 'mysqldump -u root -p\"$$(cat /run/secrets/db_root_password)\" keycloak | gzip > /tmp/dump.sql.gz'"
+        backupbot.backup.pre-hook: "sh -c 'mariadb-dump -u root -p\"$$(cat /run/secrets/db_root_password)\" keycloak | gzip > /tmp/dump.sql.gz'"
         backupbot.restore.pre-hook: "sh -c 'cd /tmp && gzip -d dump.sql.gz'" 
         backupbot.restore: "true"
-        backupbot.restore.post-hook: "sh -c 'mysql -u root -p\"$$(cat /run/secrets/db_root_password)\" keycloak < /tmp/dump.sql && rm -f /tmp/dump.sql'"
+        backupbot.restore.post-hook: "sh -c 'mariadb -u root -p\"$$(cat /run/secrets/db_root_password)\" keycloak < /tmp/dump.sql && rm -f /tmp/dump.sql'"
 
 networks:
   internal:
@@ -90,4 +95,4 @@ secrets:
 
 volumes:
   mariadb:
-  themes:
+  providers:

release/7.2.0+22.0.5

@@ -0,0 +1,5 @@
+A persistent volume for themes is now optional, and not enabled by default.
+
+If you are using a custom theme, consult the recipe `.env.sample` to see the new
+variables you need to add. You can use `abra app check ...` to verify that
+they've been added correctly.