keycloak/26.1.0 package update

[octo-sts]

[octo-sts]

⚠️ EXPERIMENTAL

Please use 👍 or 👎 on this comment to indicate if you agree or disagree with the recommendation.

To provide more detailed feedback please comment on the recommendation prefixed with /ai-verify:

e.g. /ai-verify partially helpful but I also added bash to the build environment

Gen AI suggestions to solve the build error:

Based on the build error, here's my analysis and suggested fix:

• Detected Error:

[ERROR] /home/build/services/src/main/java/org/keycloak/utils/SecureContextResolver.java:[7,21] package io.netty.util does not exist

• Error Category: Dependency

• Failure Point: Maven compilation step during the build process

• Root Cause Analysis: The build is failing because it cannot find the Netty utilities package, despite the pombump step attempting to add Netty dependencies. This suggests there's a missing or incorrect Netty dependency in the build configuration.

• Suggested Fix:
Add explicit Netty dependencies to the pombump configuration:

- uses: maven/pombump
  with:
    patch-version:
      - "io.netty:netty-util:4.1.115.Final"
      - "io.netty:netty-codec-http:4.1.108.Final"
      - "io.netty:netty-common:4.1.115.Final"
      - "io.quarkus.http:quarkus-http-core:5.3.4"

• Explanation:
The error indicates that while some Netty components are being patched, the specific netty-util package required by SecureContextResolver is missing. The fix explicitly includes all required Netty dependencies, ensuring the build has access to the necessary classes.

• Additional Notes:

• Netty version alignment is important - using 4.1.115.Final to match the netty-common version
• This matches the dependency structure seen in Keycloak's upstream pom.xml
• The versions specified align with security-patched versions in Wolfi

• References:

• https://github.com/keycloak/keycloak/blob/main/pom.xml
• https://netty.io/wiki/user-guide-for-4.x.html#wiki-h2-3
• https://github.com/wolfi-dev/os/tree/main/netty