# Latest Version as of Feb 2026
FROM quay.io/keycloak/keycloak:26.5.3 as builder

# DB Settings
ENV KC_DB=postgres
ENV KC_DB_URL="jdbc:postgresql://ep-holy-bar-aiwkdjnt.c-4.us-east-1.aws.neon.tech/neondb?sslmode=require"
ENV KC_DB_USERNAME="neondb_owner"
ENV KC_DB_PASSWORD="npg_VmhlzjeSaP80"

# Build optimized Keycloak
# We include proxy-headers here so the build is aware of the environment
RUN /opt/keycloak/bin/kc.sh build --proxy-headers=xforwarded

# -------- Final runtime stage --------
FROM quay.io/keycloak/keycloak:26.5.3
COPY --from=builder /opt/keycloak/ /opt/keycloak/

# Copy your fixed themes
COPY themes/ /opt/keycloak/themes/

# Modern Proxy Config (Removes the Hostname v1 warning)
ENV KC_PROXY_HEADERS=xforwarded
ENV KC_HOSTNAME_STRICT=false
ENV KC_HTTP_ENABLED=true
ENV KC_HTTP_PORT=7860

# Theme cache
ENV KC_THEME_CACHE_ENABLED=false
ENV KC_THEME_CACHE_TEMPLATES=false
ENV KC_THEME_STATIC_MAX_AGE=-1

# Admin user
ENV KEYCLOAK_ADMIN=admin
ENV KEYCLOAK_ADMIN_PASSWORD=admin123

# DB credentials again for runtime
ENV KC_DB_URL="jdbc:postgresql://ep-holy-bar-aiwkdjnt.c-4.us-east-1.aws.neon.tech/neondb?sslmode=require"
ENV KC_DB_USERNAME="neondb_owner"
ENV KC_DB_PASSWORD="npg_VmhlzjeSaP80"

EXPOSE 7860

# Start Keycloak with the --optimized flag because we ran 'build' earlier
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", "--optimized", "--cache=local"]