Skip to content

Build native image#29

Merged
LowBudgetMan merged 12 commits into
mainfrom
graalvm
Jun 2, 2026
Merged

Build native image#29
LowBudgetMan merged 12 commits into
mainfrom
graalvm

Conversation

@LowBudgetMan

@LowBudgetMan LowBudgetMan commented May 17, 2026
edited
Loading

Copy link
Copy Markdown
Owner

#13

LowBudgetMan added 12 commits May 14, 2026 23:58
@LowBudgetMan
Upgrade Keycloak to 26.6 and Postgres to 16
8ffa357 
Keycloak 22 is EOL; 26.6 brings hostname v2 with backchannel-dynamic
support. Postgres 13 is EOL and unsupported by Keycloak 26.

docker-compose.full.yml also gets hostname v2 config and parameterized
ports so the browser-facing issuer URL stays in sync.
@LowBudgetMan
Add JWT issuer URL rewrite for Docker networking
5df0e78 
UniversalJwtDecoder extracts the issuer from tokens and fetches JWKS
from that URL. In Docker, the browser-facing issuer (localhost:8010)
is unreachable from the API container. The new issuer-overrides config
maps external base URLs to internal Docker hostnames for JWKS fetching
while preserving the original issuer for token validation.
@LowBudgetMan
Add native image support to bootBuildImage
d01e864 
Pass -PbuildNative to produce a GraalVM native image via buildpacks.
Add build and launch cache volumes for faster repeat builds.
@LowBudgetMan
Add native image build job to CI
8555bc3 
Builds both JVM and native Docker images on every push and PR.
Native images get -native suffix tags (e.g. beta-abc1234-native).
@LowBudgetMan
Add resources for GraalVM
cd2aa56
@LowBudgetMan
Fix JWT issuer resolution and native image configuration
aca76c6 
- Use withJwkSetUri when issuer override is active to avoid issuer
  mismatch between Docker hostnames (token says localhost, API resolves
  via internal hostname)
- Change JwtIssuerOverridesConfig from Map to List<IssuerOverride> to
  fix Spring Boot property binding with URL keys
- Replace manual resource-config.json with RuntimeHintsRegistrar for
  Liquibase native hints (avoids conflict with AOT-generated file)
- Make GraalVM plugin conditional (apply false + hasProperty check) so
  JVM builds use JRE instead of NIK
@LowBudgetMan
Automatically provide Jackson native hints
613503a
@LowBudgetMan
Add KeycloakDockerfile for publishing pre-configured Keycloak image
19ac8bc
@LowBudgetMan
Publish infra images to GHCR and expose build-image tag as output
7fdc581
@LowBudgetMan
Add E2E test job to CI pipeline
7161802
@LowBudgetMan
Gate infra image builds behind application build and fix checkout ver…
4ba8409 
…sion
@LowBudgetMan
Remove build-infra-images CI job, images pushed manually
b128f41
@LowBudgetMan LowBudgetMan merged commit 2b8f434 into main Jun 2, 2026
13 of 16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtruebl1 mtruebl1 mtruebl1 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@LowBudgetMan @mtruebl1