feat(lab-04): Zammad SSO Integration -- Keycloak OIDC, zammad client, OIDC channel API

Author: RedjiJB

.github/workflows/ci.yml

@@ -176,4 +176,33 @@ jobs:
         run: docker compose -f docker/docker-compose.advanced.yml logs
       - name: Cleanup
         if: always()
-        run: docker compose -f docker/docker-compose.advanced.yml down -v
+        run: docker compose -f docker/docker-compose.advanced.yml down -v
+  lab-04-smoke:
+    name: Lab 04 — Zammad SSO Integration (Keycloak OIDC)
+    runs-on: ubuntu-latest
+    needs: validate
+    continue-on-error: true
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install tools
+        run: sudo apt-get install -y curl
+      - name: Validate SSO compose
+        run: docker compose -f docker/docker-compose.sso.yml config -q && echo "SSO compose valid"
+      - name: Start SSO stack
+        run: docker compose -f docker/docker-compose.sso.yml up -d
+      - name: Wait for Keycloak
+        run: timeout 120 bash -c 'until curl -sf http://localhost:8088/health/ready | grep -q UP; do sleep 5; done'
+      - name: Wait for PostgreSQL
+        run: timeout 60 bash -c 'until docker compose -f docker/docker-compose.sso.yml exec -T postgresql pg_isready -U zammad -d zammad_production; do sleep 3; done'
+      - name: Wait for Elasticsearch
+        run: timeout 120 bash -c 'until curl -sf http://localhost:9200/_cluster/health | grep -qE "\"status\":\"(green|yellow)\""; do sleep 5; done'
+      - name: Wait for Zammad web
+        run: timeout 360 bash -c 'until curl -sf http://localhost:3000/ | grep -qi zammad; do sleep 10; done'
+      - name: Run Lab 11-04 test script
+        run: bash tests/labs/test-lab-11-04.sh
+      - name: Collect logs on failure
+        if: failure()
+        run: docker compose -f docker/docker-compose.sso.yml logs
+      - name: Cleanup
+        if: always()
+        run: docker compose -f docker/docker-compose.sso.yml down -v

docker/docker-compose.sso.yml

@@ -1,34 +1,234 @@
-# Lab 04 — SSO Integration: zammad with Keycloak OIDC authentication
----
+# docker-compose.sso.yml — Lab 11-04: SSO Integration
+# Zammad with Keycloak OIDC authentication
+name: zammad-sso
+
+x-zammad-env: &zammad-env
+  POSTGRESQL_HOST: postgresql
+  POSTGRESQL_PORT: "5432"
+  POSTGRESQL_DB: zammad_production
+  POSTGRESQL_USER: zammad
+  POSTGRESQL_PASS: Lab04Password!
+  ELASTICSEARCH_HOST: elasticsearch
+  ELASTICSEARCH_PORT: "9200"
+  ELASTICSEARCH_ENABLED: "true"
+  REDIS_URL: "redis://redis:6379"
+  RAILS_MAX_THREADS: "5"
+  WEB_CONCURRENCY: "2"
+  ZAMMAD_RAILSSERVER_HOST: railsserver
+  ZAMMAD_WEBSOCKET_HOST: websocket
+
 services:
-  zammad:
-    image: zammad/zammad-docker-compose:latest
-    container_name: it-stack-zammad
+  postgresql:
+    image: postgres:15-alpine
+    container_name: zammad-sso-postgresql
+    environment:
+      POSTGRES_DB: zammad_production
+      POSTGRES_USER: zammad
+      POSTGRES_PASSWORD: Lab04Password!
+    volumes:
+      - zammad_sso_postgresql:/var/lib/postgresql/data
+    networks:
+      - zammad-data-net
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U zammad -d zammad_production"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 20s
+    deploy:
+      resources:
+        limits:
+          cpus: "0.5"
+          memory: 512M
     restart: unless-stopped
-    ports:
-      - "3000:$firstPort"
+
+  elasticsearch:
+    image: bitnami/elasticsearch:8
+    container_name: zammad-sso-elasticsearch
     environment:
-      - IT_STACK_ENV=lab-04-sso
-      - KEYCLOAK_URL=
-      - KEYCLOAK_REALM=
-      - KEYCLOAK_CLIENT_ID=zammad
-      - KEYCLOAK_CLIENT_SECRET=
+      ELASTICSEARCH_HEAP_SIZE: 512m
+      discovery.type: single-node
+      xpack.security.enabled: "false"
+    volumes:
+      - zammad_sso_elasticsearch:/bitnami/elasticsearch/data
+    networks:
+      - zammad-data-net
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sf http://localhost:9200/_cluster/health | grep -qE '\"status\":\"(green|yellow)\"'"]
+      interval: 15s
+      timeout: 10s
+      retries: 8
+      start_period: 60s
+    deploy:
+      resources:
+        limits:
+          cpus: "1.0"
+          memory: 1G
+    restart: unless-stopped
+
+  redis:
+    image: redis:7-alpine
+    container_name: zammad-sso-redis
+    command: redis-server --save "" --maxmemory 256mb --maxmemory-policy allkeys-lru
     networks:
-      - it-stack-net
+      - zammad-data-net
+    deploy:
+      resources:
+        limits:
+          cpus: "0.25"
+          memory: 320M
+    restart: unless-stopped
 
-  # Local Keycloak for SSO lab (replace with lab-id1 in real env)
   keycloak:
-    image: quay.io/keycloak/keycloak:24
-    container_name: it-stack-zammad-keycloak
+    image: quay.io/keycloak/keycloak:24.0
+    container_name: zammad-sso-keycloak
     command: start-dev
     environment:
       KEYCLOAK_ADMIN: admin
-      KEYCLOAK_ADMIN_PASSWORD: admin
+      KEYCLOAK_ADMIN_PASSWORD: Lab04Admin!
+      KC_HTTP_PORT: "8080"
+      KC_HOSTNAME_STRICT: "false"
+      KC_HOSTNAME_STRICT_HTTPS: "false"
+      KC_HTTP_ENABLED: "true"
+      KC_HEALTH_ENABLED: "true"
+      KC_PROXY: edge
+    ports:
+      - "8088:8080"
+    networks:
+      - zammad-app-net
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sf http://localhost:8080/health/ready | grep -q UP"]
+      interval: 20s
+      timeout: 10s
+      retries: 10
+      start_period: 60s
+    deploy:
+      resources:
+        limits:
+          cpus: "1.0"
+          memory: 768M
+    restart: unless-stopped
+
+  smtp:
+    image: mailhog/mailhog:v1.0.1
+    container_name: zammad-sso-smtp
+    ports:
+      - "8025:8025"
+    networks:
+      - zammad-mail-net
+    restart: unless-stopped
+
+  init:
+    image: ghcr.io/zammad/zammad:6.3.0
+    container_name: zammad-sso-init
+    command: ["zammad-init"]
+    environment:
+      <<: *zammad-env
+    volumes:
+      - zammad_sso_data:/opt/zammad/storage
+    networks:
+      - zammad-data-net
+    depends_on:
+      postgresql:
+        condition: service_healthy
+      elasticsearch:
+        condition: service_healthy
+    restart: on-failure
+
+  railsserver:
+    image: ghcr.io/zammad/zammad:6.3.0
+    container_name: zammad-sso-railsserver
+    command: ["zammad-railsserver"]
+    environment:
+      <<: *zammad-env
+    volumes:
+      - zammad_sso_data:/opt/zammad/storage
+    networks:
+      - zammad-app-net
+      - zammad-data-net
+      - zammad-mail-net
+    depends_on:
+      - init
+    deploy:
+      resources:
+        limits:
+          cpus: "2.0"
+          memory: 2G
+    restart: unless-stopped
+
+  scheduler:
+    image: ghcr.io/zammad/zammad:6.3.0
+    container_name: zammad-sso-scheduler
+    command: ["zammad-scheduler"]
+    environment:
+      <<: *zammad-env
+    volumes:
+      - zammad_sso_data:/opt/zammad/storage
+    networks:
+      - zammad-data-net
+    depends_on:
+      - init
+    deploy:
+      resources:
+        limits:
+          cpus: "0.5"
+          memory: 512M
+    restart: unless-stopped
+
+  websocket:
+    image: ghcr.io/zammad/zammad:6.3.0
+    container_name: zammad-sso-websocket
+    command: ["zammad-websocket"]
+    environment:
+      <<: *zammad-env
+    volumes:
+      - zammad_sso_data:/opt/zammad/storage
+    networks:
+      - zammad-app-net
+      - zammad-data-net
+    depends_on:
+      - init
+    deploy:
+      resources:
+        limits:
+          cpus: "0.25"
+          memory: 256M
+    restart: unless-stopped
+
+  nginx:
+    image: ghcr.io/zammad/zammad:6.3.0
+    container_name: zammad-sso-nginx
+    command: ["zammad-nginx"]
     ports:
-      - "8080:8080"
+      - "3000:8080"
+    environment:
+      <<: *zammad-env
+    volumes:
+      - zammad_sso_data:/opt/zammad/storage
     networks:
-      - it-stack-net
+      - zammad-app-net
+    depends_on:
+      - railsserver
+      - websocket
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sf http://localhost:8080/ | grep -qi zammad"]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 120s
+    deploy:
+      resources:
+        limits:
+          cpus: "0.25"
+          memory: 128M
+    restart: unless-stopped
+
+volumes:
+  zammad_sso_postgresql:
+  zammad_sso_elasticsearch:
+  zammad_sso_data:
 
 networks:
-  it-stack-net:
-    driver: bridge
+  zammad-app-net:
+  zammad-data-net:
+  zammad-mail-net: