From c5cc8842ec44f0aa4c59870b090a20b976ce0ef3 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 9 Jun 2021 14:22:32 +0200 Subject: [PATCH 01/13] root: fix missing test files in docker file Signed-off-by: Jens Langhammer --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index c96023674..328bb5270 100644 --- a/Dockerfile +++ b/Dockerfile @@ -76,6 +76,7 @@ RUN apt-get update && \ COPY ./authentik/ /authentik COPY ./pyproject.toml / COPY ./xml /xml +COPY ./tests /tests COPY ./manage.py / COPY ./lifecycle/ /lifecycle COPY --from=builder /work/authentik /authentik-proxy From 560c979d267907f15188b09d2aa2ff184f6d1df6 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 9 Jun 2021 14:22:45 +0200 Subject: [PATCH 02/13] root: fix requirements-dev including all dependencies Signed-off-by: Jens Langhammer --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 328bb5270..95e261797 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ WORKDIR /app/ RUN pip install pipenv && \ pipenv lock -r > requirements.txt && \ - pipenv lock -rd > requirements-dev.txt + pipenv lock -r --dev-only > requirements-dev.txt # Stage 2: Build web API FROM openapitools/openapi-generator-cli as api-builder From 3f69dd34ba6534745de3ae0d4ae68f2e4d1e8589 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 9 Jun 2021 15:05:03 +0200 Subject: [PATCH 03/13] ci: run tests as authentik Signed-off-by: Jens Langhammer --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c283f3f91..d29e94782 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -122,7 +122,7 @@ jobs: docker-compose pull -q docker-compose up --no-start docker-compose start postgresql redis - docker-compose run -u root --entrypoint /bin/bash server -c "apt-get update && apt-get install -y --no-install-recommends git && pip install --no-cache -r requirements-dev.txt && ./manage.py test authentik" + docker-compose run -u authentik --entrypoint /bin/bash server -c "pip install --no-cache -r requirements-dev.txt && ./manage.py test authentik" sentry-release: if: ${{ github.event_name == 'release' }} needs: From 7c1fe1243f24ddc9f7a1f42d8e97f9224ad0747d Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 9 Jun 2021 15:26:42 +0200 Subject: [PATCH 04/13] web: don't build api client as separate bundle Signed-off-by: Jens Langhammer --- web/package-lock.json | 25 +------------------------ web/package.json | 4 +--- web/rollup.config.js | 30 ++++-------------------------- 3 files changed, 6 insertions(+), 53 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index f52dc0a01..eb29df8c6 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -23,7 +23,6 @@ "@polymer/paper-input": "^3.2.1", "@rollup/plugin-babel": "^5.3.0", "@rollup/plugin-replace": "^2.4.2", - "@rollup/plugin-typescript": "^8.2.1", "@sentry/browser": "^6.5.1", "@sentry/tracing": "^6.5.1", "@types/chart.js": "^2.9.32", @@ -61,8 +60,7 @@ "typescript": "^4.3.2", "webcomponent-qr-code": "^1.0.5", "yaml": "^1.10.2" - }, - "devDependencies": {} + } }, "api": { "name": "authentik-api", @@ -1992,18 +1990,6 @@ "magic-string": "^0.25.7" } }, - "node_modules/@rollup/plugin-typescript": { - "version": "8.2.1", - "resolved": "https://registry.npmjs.org/@rollup/plugin-typescript/-/plugin-typescript-8.2.1.tgz", - "integrity": "sha512-Qd2E1pleDR4bwyFxqbjt4eJf+wB0UKVMLc7/BAFDGVdAXQMCsD4DUv5/7/ww47BZCYxWtJqe1Lo0KVNswBJlRw==", - "dependencies": { - "@rollup/pluginutils": "^3.1.0", - "resolve": "^1.17.0" - }, - "engines": { - "node": ">=8.0.0" - } - }, "node_modules/@rollup/pluginutils": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/@rollup/pluginutils/-/pluginutils-3.1.0.tgz", @@ -9431,15 +9417,6 @@ "magic-string": "^0.25.7" } }, - "@rollup/plugin-typescript": { - "version": "8.2.1", - "resolved": "https://registry.npmjs.org/@rollup/plugin-typescript/-/plugin-typescript-8.2.1.tgz", - "integrity": "sha512-Qd2E1pleDR4bwyFxqbjt4eJf+wB0UKVMLc7/BAFDGVdAXQMCsD4DUv5/7/ww47BZCYxWtJqe1Lo0KVNswBJlRw==", - "requires": { - "@rollup/pluginutils": "^3.1.0", - "resolve": "^1.17.0" - } - }, "@rollup/pluginutils": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/@rollup/pluginutils/-/pluginutils-3.1.0.tgz", diff --git a/web/package.json b/web/package.json index de9f6a3d1..b7a5476cc 100644 --- a/web/package.json +++ b/web/package.json @@ -52,7 +52,6 @@ "@polymer/paper-input": "^3.2.1", "@rollup/plugin-babel": "^5.3.0", "@rollup/plugin-replace": "^2.4.2", - "@rollup/plugin-typescript": "^8.2.1", "@sentry/browser": "^6.5.1", "@sentry/tracing": "^6.5.1", "@types/chart.js": "^2.9.32", @@ -90,6 +89,5 @@ "typescript": "^4.3.2", "webcomponent-qr-code": "^1.0.5", "yaml": "^1.10.2" - }, - "devDependencies": {} + } } diff --git a/web/rollup.config.js b/web/rollup.config.js index 7e9a7650e..5c4616c80 100644 --- a/web/rollup.config.js +++ b/web/rollup.config.js @@ -2,7 +2,6 @@ import resolve from "rollup-plugin-node-resolve"; import commonjs from "rollup-plugin-commonjs"; import { terser } from "rollup-plugin-terser"; import sourcemaps from "rollup-plugin-sourcemaps"; -import typescript from "@rollup/plugin-typescript"; import cssimport from "rollup-plugin-cssimport"; import copy from "rollup-plugin-copy"; import babel from "@rollup/plugin-babel"; @@ -48,31 +47,6 @@ function manualChunks(id) { } export default [ - // Autogenerated API Client - { - input: "./api/src/index.ts", - output: [ - { - format: "es", - dir: "./api/dist/", - sourcemap: true, - }, - ], - plugins: [ - typescript({ - "declaration": true, - "outDir": "./api/dist/", - }), - isProdBuild && terser(), - copy({ - targets: [...resources], - copyOnce: false, - }), - ].filter(p => p), - watch: { - clearScreen: false, - }, - }, // Polyfills (imported first) { input: "./poly.ts", @@ -84,6 +58,10 @@ export default [ } ], plugins: [ + copy({ + targets: [...resources], + copyOnce: false, + }), cssimport(), resolve({ browser: true }), commonjs(), From 57f8b108c4f528cf3d8a666e8572850cf36d46e5 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 9 Jun 2021 15:27:06 +0200 Subject: [PATCH 05/13] root: remove production=false Signed-off-by: Jens Langhammer --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 95e261797..b07ffc8a5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -28,7 +28,7 @@ COPY ./web /static/ COPY --from=api-builder /local/web/api /static/api ENV NODE_ENV=production -RUN cd /static && npm i --production=false && npm run build +RUN cd /static && npm i && npm run build # Stage 4: Build go proxy FROM golang:1.16.5 AS builder From a6c214e8fa4577371e86b763ace04109ce25dd83 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 9 Jun 2021 15:35:35 +0200 Subject: [PATCH 06/13] web: build API during npm build Signed-off-by: Jens Langhammer --- web/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/package.json b/web/package.json index b7a5476cc..ceb308ce6 100644 --- a/web/package.json +++ b/web/package.json @@ -5,7 +5,7 @@ "license": "GNU GPLv3", "scripts": { "extract": "lingui extract", - "build": "lingui compile && rollup -c ./rollup.config.js", + "build": "cd api && npx tsc && cd .. && lingui compile && rollup -c", "watch": "lingui compile && rollup -c -w", "lint": "eslint . --max-warnings 0", "lit-analyse": "lit-analyzer src" From 2f4f951818c4034894199c0636663303bdf87844 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 9 Jun 2021 15:37:50 +0200 Subject: [PATCH 07/13] Revert "web: build API during npm build" This reverts commit a6c214e8fa4577371e86b763ace04109ce25dd83. --- web/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/package.json b/web/package.json index ceb308ce6..b7a5476cc 100644 --- a/web/package.json +++ b/web/package.json @@ -5,7 +5,7 @@ "license": "GNU GPLv3", "scripts": { "extract": "lingui extract", - "build": "cd api && npx tsc && cd .. && lingui compile && rollup -c", + "build": "lingui compile && rollup -c ./rollup.config.js", "watch": "lingui compile && rollup -c -w", "lint": "eslint . --max-warnings 0", "lit-analyse": "lit-analyzer src" From 0ce4f9fe125106d70ab5aaec28b5fb2ef3343271 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 9 Jun 2021 15:37:57 +0200 Subject: [PATCH 08/13] Revert "web: don't build api client as separate bundle" This reverts commit 7c1fe1243f24ddc9f7a1f42d8e97f9224ad0747d. --- web/package-lock.json | 25 ++++++++++++++++++++++++- web/package.json | 4 +++- web/rollup.config.js | 30 ++++++++++++++++++++++++++---- 3 files changed, 53 insertions(+), 6 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index eb29df8c6..f52dc0a01 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -23,6 +23,7 @@ "@polymer/paper-input": "^3.2.1", "@rollup/plugin-babel": "^5.3.0", "@rollup/plugin-replace": "^2.4.2", + "@rollup/plugin-typescript": "^8.2.1", "@sentry/browser": "^6.5.1", "@sentry/tracing": "^6.5.1", "@types/chart.js": "^2.9.32", @@ -60,7 +61,8 @@ "typescript": "^4.3.2", "webcomponent-qr-code": "^1.0.5", "yaml": "^1.10.2" - } + }, + "devDependencies": {} }, "api": { "name": "authentik-api", @@ -1990,6 +1992,18 @@ "magic-string": "^0.25.7" } }, + "node_modules/@rollup/plugin-typescript": { + "version": "8.2.1", + "resolved": "https://registry.npmjs.org/@rollup/plugin-typescript/-/plugin-typescript-8.2.1.tgz", + "integrity": "sha512-Qd2E1pleDR4bwyFxqbjt4eJf+wB0UKVMLc7/BAFDGVdAXQMCsD4DUv5/7/ww47BZCYxWtJqe1Lo0KVNswBJlRw==", + "dependencies": { + "@rollup/pluginutils": "^3.1.0", + "resolve": "^1.17.0" + }, + "engines": { + "node": ">=8.0.0" + } + }, "node_modules/@rollup/pluginutils": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/@rollup/pluginutils/-/pluginutils-3.1.0.tgz", @@ -9417,6 +9431,15 @@ "magic-string": "^0.25.7" } }, + "@rollup/plugin-typescript": { + "version": "8.2.1", + "resolved": "https://registry.npmjs.org/@rollup/plugin-typescript/-/plugin-typescript-8.2.1.tgz", + "integrity": "sha512-Qd2E1pleDR4bwyFxqbjt4eJf+wB0UKVMLc7/BAFDGVdAXQMCsD4DUv5/7/ww47BZCYxWtJqe1Lo0KVNswBJlRw==", + "requires": { + "@rollup/pluginutils": "^3.1.0", + "resolve": "^1.17.0" + } + }, "@rollup/pluginutils": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/@rollup/pluginutils/-/pluginutils-3.1.0.tgz", diff --git a/web/package.json b/web/package.json index b7a5476cc..de9f6a3d1 100644 --- a/web/package.json +++ b/web/package.json @@ -52,6 +52,7 @@ "@polymer/paper-input": "^3.2.1", "@rollup/plugin-babel": "^5.3.0", "@rollup/plugin-replace": "^2.4.2", + "@rollup/plugin-typescript": "^8.2.1", "@sentry/browser": "^6.5.1", "@sentry/tracing": "^6.5.1", "@types/chart.js": "^2.9.32", @@ -89,5 +90,6 @@ "typescript": "^4.3.2", "webcomponent-qr-code": "^1.0.5", "yaml": "^1.10.2" - } + }, + "devDependencies": {} } diff --git a/web/rollup.config.js b/web/rollup.config.js index 5c4616c80..7e9a7650e 100644 --- a/web/rollup.config.js +++ b/web/rollup.config.js @@ -2,6 +2,7 @@ import resolve from "rollup-plugin-node-resolve"; import commonjs from "rollup-plugin-commonjs"; import { terser } from "rollup-plugin-terser"; import sourcemaps from "rollup-plugin-sourcemaps"; +import typescript from "@rollup/plugin-typescript"; import cssimport from "rollup-plugin-cssimport"; import copy from "rollup-plugin-copy"; import babel from "@rollup/plugin-babel"; @@ -47,6 +48,31 @@ function manualChunks(id) { } export default [ + // Autogenerated API Client + { + input: "./api/src/index.ts", + output: [ + { + format: "es", + dir: "./api/dist/", + sourcemap: true, + }, + ], + plugins: [ + typescript({ + "declaration": true, + "outDir": "./api/dist/", + }), + isProdBuild && terser(), + copy({ + targets: [...resources], + copyOnce: false, + }), + ].filter(p => p), + watch: { + clearScreen: false, + }, + }, // Polyfills (imported first) { input: "./poly.ts", @@ -58,10 +84,6 @@ export default [ } ], plugins: [ - copy({ - targets: [...resources], - copyOnce: false, - }), cssimport(), resolve({ browser: true }), commonjs(), From 01c5235e82c1240802bbad54cb65faa7ee554096 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 9 Jun 2021 15:50:32 +0200 Subject: [PATCH 09/13] ci: use bootstrap for testing Signed-off-by: Jens Langhammer --- .github/workflows/release.yml | 2 +- lifecycle/bootstrap.sh | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d29e94782..c4dd6bcbf 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -122,7 +122,7 @@ jobs: docker-compose pull -q docker-compose up --no-start docker-compose start postgresql redis - docker-compose run -u authentik --entrypoint /bin/bash server -c "pip install --no-cache -r requirements-dev.txt && ./manage.py test authentik" + docker-compose run -u root server test sentry-release: if: ${{ github.event_name == 'release' }} needs: diff --git a/lifecycle/bootstrap.sh b/lifecycle/bootstrap.sh index a8641a7e5..b002dbe55 100755 --- a/lifecycle/bootstrap.sh +++ b/lifecycle/bootstrap.sh @@ -32,6 +32,9 @@ elif [[ "$1" == "restore" ]]; then python -m manage dbrestore ${@:2} elif [[ "$1" == "bash" ]]; then /bin/bash +elif [[ "$1" == "test" ]]; then + pip install --no-cache -r requirements-dev.txt + check_if_root "python -m manage test authentik" else python -m manage "$@" fi From 4ee2f951daa3ac6eea49e73de8c88e9e359739c2 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 9 Jun 2021 15:56:12 +0200 Subject: [PATCH 10/13] lifecycle: fix check_if_root not working without docker Signed-off-by: Jens Langhammer --- lifecycle/bootstrap.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lifecycle/bootstrap.sh b/lifecycle/bootstrap.sh index b002dbe55..23a9e4c97 100755 --- a/lifecycle/bootstrap.sh +++ b/lifecycle/bootstrap.sh @@ -9,16 +9,18 @@ function check_if_root { return fi SOCKET="/var/run/docker.sock" + GROUP="authentik" if [[ -e "$SOCKET" ]]; then # Get group ID of the docker socket, so we can create a matching group and # add ourselves to it DOCKER_GID=$(stat -c '%g' $SOCKET) getent group $DOCKER_GID || groupadd -f -g $DOCKER_GID docker usermod -a -G $DOCKER_GID authentik + GROUP="authentik:docker" fi # Fix permissions of backups and media chown -R authentik:authentik /media /backups - chpst -u authentik:authentik:docker env HOME=/authentik $1 + chpst -u authentik:$GROUP env HOME=/authentik $1 } if [[ "$1" == "server" ]]; then From a7adeb917efb8d72e0213d7b3f3817a7f36d45cf Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 9 Jun 2021 16:00:29 +0200 Subject: [PATCH 11/13] root: fix permissions for docker files Signed-off-by: Jens Langhammer --- Dockerfile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index b07ffc8a5..1e0fc5bc8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -73,12 +73,12 @@ RUN apt-get update && \ mkdir /backups && \ chown authentik:authentik /backups -COPY ./authentik/ /authentik -COPY ./pyproject.toml / -COPY ./xml /xml -COPY ./tests /tests -COPY ./manage.py / -COPY ./lifecycle/ /lifecycle +COPY --chown=authentik:authentik ./authentik/ /authentik +COPY --chown=authentik:authentik ./pyproject.toml / +COPY --chown=authentik:authentik ./xml /xml +COPY --chown=authentik:authentik ./tests /tests +COPY --chown=authentik:authentik ./manage.py / +COPY --chown=authentik:authentik ./lifecycle/ /lifecycle COPY --from=builder /work/authentik /authentik-proxy USER authentik From b73de96aa656de9cd131f9a82b8cf971a11b0918 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 9 Jun 2021 16:03:51 +0200 Subject: [PATCH 12/13] lifecycle: fix permissions for unittest xml Signed-off-by: Jens Langhammer --- lifecycle/bootstrap.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lifecycle/bootstrap.sh b/lifecycle/bootstrap.sh index 23a9e4c97..8ba483b88 100755 --- a/lifecycle/bootstrap.sh +++ b/lifecycle/bootstrap.sh @@ -36,6 +36,8 @@ elif [[ "$1" == "bash" ]]; then /bin/bash elif [[ "$1" == "test" ]]; then pip install --no-cache -r requirements-dev.txt + touch /unittest.xml + chown authentik:authentik /unittest.xml check_if_root "python -m manage test authentik" else python -m manage "$@" From 7eef501446f9c8ed4b34c34699710975c0aa147e Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 9 Jun 2021 16:04:17 +0200 Subject: [PATCH 13/13] Revert "root: fix permissions for docker files" This reverts commit a7adeb917efb8d72e0213d7b3f3817a7f36d45cf. --- Dockerfile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1e0fc5bc8..b07ffc8a5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -73,12 +73,12 @@ RUN apt-get update && \ mkdir /backups && \ chown authentik:authentik /backups -COPY --chown=authentik:authentik ./authentik/ /authentik -COPY --chown=authentik:authentik ./pyproject.toml / -COPY --chown=authentik:authentik ./xml /xml -COPY --chown=authentik:authentik ./tests /tests -COPY --chown=authentik:authentik ./manage.py / -COPY --chown=authentik:authentik ./lifecycle/ /lifecycle +COPY ./authentik/ /authentik +COPY ./pyproject.toml / +COPY ./xml /xml +COPY ./tests /tests +COPY ./manage.py / +COPY ./lifecycle/ /lifecycle COPY --from=builder /work/authentik /authentik-proxy USER authentik