3rd-party-integrations
diff --git a/‎.env.example.googleworkspace
Lines changed: 82 additions & 0 deletions b/‎.env.example.googleworkspace
Lines changed: 82 additions & 0 deletions
diff --git a/‎.env.example.keycloak
Lines changed: 93 additions & 0 deletions b/‎.env.example.keycloak
Lines changed: 93 additions & 0 deletions
diff --git a/‎Dockerfile
Lines changed: 7 additions & 17 deletions b/‎Dockerfile
Lines changed: 7 additions & 17 deletions
diff --git a/‎Pipfile
Lines changed: 1 addition & 0 deletions b/‎Pipfile
Lines changed: 1 addition & 0 deletions
@@ -0,0 +1,82 @@
+#########################
+## GitHub App Settings ##
+#########################
+## Webhook Secret
+WEBHOOK_SECRET=development
+## GitHub App ID
+APP_ID=12345
+## Private Key Path
+PRIVATE_KEY_PATH=.ssh/team-sync.pem
+## Uncomment the following line and use your own GitHub Enterprise
+## instance if this will not be used on https://github.com
+#GHE_HOST=github.example.com
+## Uncomment if you are using a self-signed certificate on GitHub Enterprise.
+## Defaults to False.
+#VERIFY_SSL=False
+
+## User directory to sync GitHub teams from
+## Azure AD = AAD
+## Active Directory = LDAP
+## OpenLDAP = LDAP
+## Okta = OKTA
+## OneLogin = ONELOGIN
+## Google Workspace = GOOGLE_WORKSPACE
+USER_DIRECTORY=GOOGLE_WORKSPACE
+## Attribute to compare users with, username or email
+## For Google Workspace, the username option will use the specefied custom schema attribute
+USER_SYNC_ATTRIBUTE=username
+
+
+###############################
+## Google Workspace Settings ##
+###############################
+## Location of the Google Workspace service account credentials file
+GOOGLE_WORKSPACE_SA_CREDS_FILE=googleAuth.json
+## Email of a Google Workspace Admin account the service account will impersonate
+[email protected]
+## Email attribute to use for syncing users, not required if syncing by username
+## Default: primaryEmail
+# GOOGLE_WORKSPACE_USER_MAIL_ATTRIBUTE=
+## Custom schema name
+## Not required if syncing by email 
+GOOGLE_WORKSPACE_USERNAME_CUSTOM_SCHEMA_NAME=schema-name
+## Custom schema attribute field name
+## Not required if syncing by email
+GOOGLE_WORKSPACE_USERNAME_FIELD=field-name
+
+#########################
+## Additional settings ##
+#########################
+## Stop if number of changes exceeds this number
+## Default: 25
+#CHANGE_THRESHOLD=25
+## Create an issue if the sync fails for any reason
+## Default: false
+#OPEN_ISSUE_ON_FAILURE=true
+## Where to open the issue upon sync failure
+#REPO_FOR_ISSUES=github-demo/demo-repo
+## Who to assign the issues to
+#ISSUE_ASSIGNEE=githubber
+## Sync schedule, cron style schedule
+
+## Default (hourly): 0 * * * *
+SYNC_SCHEDULE=0 * * * *
+## Show the changes, but do not make any changes
+## Default: false
+#TEST_MODE=false
+## Automatically add users missing from the organization
+ADD_MEMBER=false
+## Automatically remove users from the organisation that are not part of a team
+REMOVE_ORG_MEMBERS_WITHOUT_TEAM=false
+
+####################
+## Flask Settings ##
+####################
+## Default: app
+FLASK_APP=app
+## Default: production
+FLASK_ENV=development
+## Default: 5000
+FLASK_RUN_PORT=5000
+## Default: 127.0.0.1
+FLASK_RUN_HOST=0.0.0.0
@@ -0,0 +1,93 @@
+#########################
+## GitHub App Settings ##
+#########################
+## Webhook Secret
+WEBHOOK_SECRET=development
+## GitHub App ID
+APP_ID=12345
+## Private Key Path
+PRIVATE_KEY_PATH=.ssh/team-sync.pem
+## Uncomment the following line and use your own GitHub Enterprise
+## instance if this will not be used on https://github.com
+#GHE_HOST=github.example.com
+## Uncomment if you are using a self-signed certificate on GitHub Enterprise.
+## Defaults to False.
+#VERIFY_SSL=False
+
+## User directory to sync GitHub teams from
+## Azure AD = AAD
+## Active Directory = LDAP
+## OpenLDAP = LDAP
+## Okta = OKTA
+## Keycloak = KEYCLOAK
+USER_DIRECTORY=KEYCLOAK
+## Attribute to compare users with
+## username or email
+USER_SYNC_ATTRIBUTE=username
+
+
+###################
+## Keycloak Settings ##
+###################
+## Your organizations Okta URL
+KEYCLOAK_SERVER_URL=https://example.okta.com
+
+###############################
+## Keycloak authentication ##
+###############################
+## Keycloak account credentials
+## This account needs to have access to the master (or equivalent) realm
+## as it will be using the Admin API
+KEYCLOAK_USERNAME=api-account
+KEYCLOAK_PASSWORD=ExamplePassword
+## Realm where users are stored
+## Default: master
+#KEYCLOAK_REALM=master
+## Realm where the API account is stored
+## Only required if the account is stored in a different realm than your
+## users are in
+## Default: same as KEYCLOAK_REALM
+#KEYCLOAK_ADMIN_REALM=master
+## Use the Github Identity Provider within Keycloak?
+## This requires you to set up the provider as an Identity provider with
+## the user realm
+#KEYCLOAK_USE_GITHUB_IDP=true
+
+#########################
+## Additional settings ##
+#########################
+## Stop if number of changes exceeds this number
+## Default: 25
+#CHANGE_THRESHOLD=25
+## Create an issue if the sync fails for any reason
+## Default: false
+#OPEN_ISSUE_ON_FAILURE=true
+## Where to open the issue upon sync failure
+#REPO_FOR_ISSUES=github-demo/demo-repo
+## Who to assign the issues to
+#ISSUE_ASSIGNEE=githubber
+## Sync schedule, cron style schedule
+## Shortcode for emu accounts
+#EMU_SHORTCODE=volcano
+
+## Default (hourly): 0 * * * *
+SYNC_SCHEDULE=0 * * * *
+## Show the changes, but do not make any changes
+## Default: false
+#TEST_MODE=false
+## Automatically add users missing from the organization
+ADD_MEMBER=false
+## Automatically remove users from the organisation that are not part of a team
+REMOVE_ORG_MEMBERS_WITHOUT_TEAM=false
+
+####################
+## Flask Settings ##
+####################
+## Default: app
+FLASK_APP=app
+## Default: production
+FLASK_ENV=development
+## Default: 5000
+FLASK_RUN_PORT=5000
+## Default: 127.0.0.1
+FLASK_RUN_HOST=0.0.0.0
@@ -6,28 +6,18 @@ LABEL maintainer="GitHub Services <[email protected]>"
 
 ARG TZ='UTC'
 
-ENV DEFAULT_TZ ${TZ}
-
-COPY . /opt/github-team-sync
-WORKDIR /opt/github-team-sync
-
-RUN apk add --no-cache \
-        libxml2-dev \
-        libxslt-dev \
-        python3-dev \
-        make \
-        gcc \
-        libffi-dev \
-        build-base \
-        openssl-dev \
-        cargo \
-        tzdata
+ENV DEFAULT_TZ=${TZ}
 
 # Fix the warning where no timezone is specified
 RUN cp /usr/share/zoneinfo/${DEFAULT_TZ} /etc/localtime
 
 RUN pip install --no-cache-dir --upgrade pipenv
 
+WORKDIR /opt/github-team-sync
+COPY Pipfile Pipfile.lock .
+
 RUN pipenv install
 
-CMD pipenv run flask run
+COPY . /opt/github-team-sync
+
+CMD ["pipenv", "run", "flask", "run"]
@@ -33,6 +33,7 @@ setuptools = "*"
 cryptography = "*"
 werkzeug = "*"
 importlib-metadata = "*"
+python-keycloak = "*"
 
 [pipenv]
 allow_prereleases = false