groundsgg · lusu007 · Feb 23, 2026 · Feb 23, 2026 · Feb 23, 2026 · Feb 23, 2026
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -23,6 +23,14 @@ updates:
     commit-message:
       prefix: "fix"
 
+  - package-ecosystem: "docker"
+    directory: "/keycloak"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 5
+    commit-message:
+      prefix: "fix"
+
   # Monitor GitHub Actions
   - package-ecosystem: "github-actions"
     directory: "/"

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -22,6 +22,7 @@ jobs:
           - dev-container-node
           - velocity
           - paper
+          - keycloak
     steps:
       - name: 📥 Checkout code
         uses: actions/checkout@v6

diff --git a/.github/workflows/docker-build-push.yml b/.github/workflows/docker-build-push.yml
@@ -21,6 +21,7 @@ jobs:
           - dev-container-node
           - velocity
           - paper
+          - keycloak
     env:
       TAG_TYPE: ${{ startsWith(github.ref, format('refs/tags/{0}@', matrix.container)) && 'release' || 'edge' }}
       MATCHES_REF: ${{ github.ref_type != 'tag' || startsWith(github.ref, format('refs/tags/{0}@', matrix.container)) }}

diff --git a/.release-please-manifest.json b/.release-please-manifest.json
@@ -2,5 +2,6 @@
   ".": "0.0.1",
   "dev-container-node": "0.1.7",
   "velocity": "0.6.0",
-  "paper": "0.4.0"
+  "paper": "0.4.0",
+  "keycloak": "0.1.0"
 }
diff --git a/README.md b/README.md
@@ -2,18 +2,6 @@
 
 A collection of Docker containers for development and deployment, published to GitHub Container Registry (ghcr.io).
 
-## Available Containers
-
-### dev-container-node
-- **Description**: A Node.js container used for development in our DevSpace environment
-- **Registry**: `ghcr.io/groundsgg/containers/dev-container-node`
-- **Documentation**: [dev-container-node/README.md](./dev-container-node/README.md)
-- **Features**:
-  - Node.js 24.11.0 on Alpine Linux
-  - PNPM package manager pre-installed
-  - Development tools (wget, curl, nano, bash)
-  - DevSpace integration with startup script
-
 ## Adding a New Container
 
 Follow these steps to add a new container to this repository:

diff --git a/keycloak/Dockerfile b/keycloak/Dockerfile
@@ -0,0 +1,34 @@
+FROM quay.io/keycloak/keycloak:26.5.4 AS builder
+
+ARG KEYCLOAK_MINECRAFT_VERSION=1.0.0
+
+WORKDIR /opt/keycloak
+
+ADD --chmod=644 "https://github.com/groundsgg/keycloak-minecraft/releases/download/v${KEYCLOAK_MINECRAFT_VERSION}/keycloak-minecraft.jar" /opt/keycloak/providers/keycloak-minecraft.jar
+
+RUN /opt/keycloak/bin/kc.sh build --health-enabled=true
+
+FROM quay.io/keycloak/keycloak:26.5.4
+
+ARG VCS_REVISION
+ARG BUILD_DATE
+ARG IMAGE_VERSION
+
+LABEL org.opencontainers.image.title="keycloak" \
+      org.opencontainers.image.description="Custom Keycloak image with keycloak-minecraft extension." \
+      org.opencontainers.image.vendor="grounds.gg" \
+      org.opencontainers.image.authors="grounds.gg <hi@grounds.gg>" \
+      org.opencontainers.image.source="https://github.com/groundsgg/containers" \
+      org.opencontainers.image.revision="$VCS_REVISION" \
+      org.opencontainers.image.created="$BUILD_DATE" \
+      org.opencontainers.image.version="$IMAGE_VERSION"
+
+COPY --from=builder /opt/keycloak/ /opt/keycloak/
+
+EXPOSE 8080 8443
+
+HEALTHCHECK --interval=30s --timeout=3s --start-period=60s --retries=3 \
+  CMD bash -c 'exec 3<>/dev/tcp/localhost/8080 && echo -e "GET /health/ready HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n" >&3 && grep -q "UP" <&3' || exit 1
+
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
+CMD ["start", "--optimized"]
diff --git a/keycloak/README.md b/keycloak/README.md
@@ -0,0 +1,39 @@
+# keycloak
+
+Custom Keycloak image with the [keycloak-minecraft](https://github.com/groundsgg/keycloak-minecraft) extension pre-installed and optimized.
+
+## Pull
+
+```bash
+docker pull ghcr.io/groundsgg/keycloak:latest
+```
+
+## Build
+
+```bash
+docker build -f keycloak/Dockerfile -t keycloak-custom .
+```
+
+To use a specific extension version:
+
+```bash
+docker build -f keycloak/Dockerfile --build-arg KEYCLOAK_MINECRAFT_VERSION=1.0.0 -t keycloak-custom .
+```
+
+## Configuration
+
+This image runs Keycloak in optimized mode (`start --optimized`). All Keycloak configuration should be provided via environment variables at runtime. See the [Keycloak Server Configuration](https://www.keycloak.org/server/all-config) documentation for available options.
+
+Required configuration:
+
+| Variable | Description |
+|---|---|
+| `KC_DB` | Database vendor (e.g. `postgres`) |
+| `KC_DB_URL` | JDBC database URL |
+| `KC_DB_USERNAME` | Database username |
+| `KC_DB_PASSWORD` | Database password |
+| `KC_HOSTNAME` | Hostname for the Keycloak server |
+
+## Dependency Updates
+
+The base Keycloak image (`quay.io/keycloak/keycloak`) is tracked by Dependabot. The `KEYCLOAK_MINECRAFT_VERSION` build argument is **not** automatically tracked by Dependabot and must be updated manually when a new release of [keycloak-minecraft](https://github.com/groundsgg/keycloak-minecraft) is available.
diff --git a/release-please-config.json b/release-please-config.json
@@ -13,6 +13,10 @@
       "paper": {
         "release-type": "simple",
         "package-name": "paper"
+      },
+      "keycloak": {
+        "release-type": "simple",
+        "package-name": "keycloak"
       }
   }
 }