From 75ff2780c63ed002609b5b7928fdbbb3a6b80b2f Mon Sep 17 00:00:00 2001
From: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Date: Fri, 13 Feb 2026 15:55:38 +0100
Subject: [PATCH] refactor: update Docker workflow for ARM64 optimization and
 Keycloak integration

Revised `.gitea/workflows/docker-publish.yaml` to enhance ARM64 compatibility, removing QEMU setup for native builds on Zora. Added automated Keycloak builds and updated configurations (e.g., JDK 25, Gradle 9.3.1). Streamlined build arguments and JVM optimizations for Cortex-A720 architecture.
---
 .gitea/workflows/docker-publish.yaml | 47 ++++++++++++++++------------
 1 file changed, 27 insertions(+), 20 deletions(-)

diff --git a/.gitea/workflows/docker-publish.yaml b/.gitea/workflows/docker-publish.yaml
index 69031662..4f16fa54 100644
--- a/.gitea/workflows/docker-publish.yaml
+++ b/.gitea/workflows/docker-publish.yaml
@@ -18,10 +18,13 @@ on:
 
 env:
   REGISTRY: git.mo-code.at
-  IMAGE_PREFIX: mo-code/meldestelle
-  # Build Arguments
-  GRADLE_VERSION: "8.5"
-  JAVA_VERSION: "21"
+  # WICHTIG: Kleingeschrieben für Docker-Konformität
+  IMAGE_PREFIX: mocode-software/meldestelle
+  # Build Arguments für Zora (ARM64 Power)
+  JAVA_VERSION: "25"
+  GRADLE_VERSION: "9.3.1"
+  # Deine neuen JVM Power-Flags für ARM64 (Cortex-A720)
+  JVM_OPTS_ARM64: "-XX:ActiveProcessorCount=12 -XX:+UseG1GC -XX:+UseTransparentHugePages -XX:+UseSVE=1"
 
 jobs:
   build-and-push:
@@ -42,19 +45,24 @@ jobs:
             context: .
             dockerfile: config/docker/caddy/web-app/Dockerfile
             image: web-app
+          # NEU: Keycloak wird jetzt auch automatisch gebaut und gepusht
+          - service: keycloak
+            context: .
+            dockerfile: config/docker/keycloak/Dockerfile
+            image: keycloak
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
 
-      # Java Setup für den Frontend Build (Gradle braucht Java)
-      - name: Set up JDK 21
+      # Java Setup (Wichtig für Gradle-Builds im Runner)
+      - name: Set up JDK 25
         uses: actions/setup-java@v4
         with:
-          java-version: '21'
+          java-version: '25'
           distribution: 'temurin'
 
-      # Cache für Gradle
+      # Cache für Gradle (Beschleunigt Folgebauvorgänge massiv)
       - name: Setup Gradle Cache
         uses: actions/cache@v3
         with:
@@ -65,23 +73,19 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-gradle-
 
-      # Frontend Build (nur für web-app)
-      # Baut die statischen Dateien, die das Dockerfile dann per COPY reinzieht
+      # Frontend Build (Nur für web-app notwendig)
       - name: Build Frontend (Kotlin JS)
         if: matrix.service == 'web-app'
         run: |
           chmod +x gradlew
           ./gradlew :frontend:shells:meldestelle-portal:jsBrowserDistribution -Pproduction=true --no-daemon
 
-      # QEMU für Multi-Arch Support (ARM64 + AMD64)
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      # Docker Buildx für erweiterten Build-Support
+      # OPTIMIERUNG: QEMU entfernt, da der Runner nativ auf ARM64 (Zora) läuft.
+      # Docker Buildx für effizienten Build-Support
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      # Login bei der Gitea Registry
+      # Login bei deiner Gitea Registry
       - name: Log in to the Container registry
         uses: docker/login-action@v3
         with:
@@ -90,23 +94,24 @@ jobs:
           password: ${{ secrets.REGISTRY_TOKEN }}
 
       # Metadaten extrahieren (Tags, Labels)
-      - name: Extract metadata (tags, labels) for Docker
+      - name: Extract metadata
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-${{ matrix.image }}
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/${{ matrix.image }}
           tags: |
             type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
             type=sha,format=long
 
-      # Build und Push
+      # Build und Push (Nativ ARM64 für maximale Geschwindigkeit)
       - name: Build and push Docker image
         uses: docker/build-push-action@v5
         with:
           context: ${{ matrix.context }}
           file: ${{ matrix.dockerfile }}
           push: true
-          platforms: linux/amd64,linux/arm64
+          # Fokus auf ARM64 für Zora, AMD64 bleibt für Kompatibilität (optional)
+          platforms: linux/arm64
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |
@@ -114,5 +119,7 @@ jobs:
             VERSION=${{ github.sha }}
             GRADLE_VERSION=${{ env.GRADLE_VERSION }}
             JAVA_VERSION=${{ env.JAVA_VERSION }}
+            KEYCLOAK_IMAGE_TAG=26.4
+            JVM_OPTS_APPEND=${{ env.JVM_OPTS_ARM64 }}
           cache-from: type=gha
           cache-to: type=gha,mode=max