Commit Graph

46 Commits

Author SHA1 Message Date
dependabot-preview[bot]
620f51d610
[MISC] (deps): Bump arm64v8/alpine from 3.12.2 to 3.12.3 (#1571)
Bumps arm64v8/alpine from 3.12.2 to 3.12.3.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-31 08:07:29 +11:00
dependabot-preview[bot]
b5e23f3392
[MISC] (deps): Bump arm64v8/alpine from 3.12.1 to 3.12.2 (#1539)
Bumps arm64v8/alpine from 3.12.1 to 3.12.2.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-15 22:29:24 +01:00
dependabot-preview[bot]
c2708c40ab
[MISC] (deps): Bump golang from 1.15.5-alpine to 1.15.6-alpine (#1519)
Bumps golang from 1.15.5-alpine to 1.15.6-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-12 10:52:08 +11:00
dependabot-preview[bot]
7c5dd9af2c
[MISC] (deps): Bump golang from 1.15.4-alpine to 1.15.5-alpine (#1462)
Bumps golang from 1.15.4-alpine to 1.15.5-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-16 10:27:51 +11:00
Amir Zarrinkafsh
423cd09f26
[BUGFIX] Dynamically determine healthcheck URL (#1444) 2020-11-11 15:22:09 +11:00
dependabot-preview[bot]
e67c52524d
[MISC] (deps): Bump golang from 1.15.3-alpine to 1.15.4-alpine (#1437)
Bumps golang from 1.15.3-alpine to 1.15.4-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-10 09:57:58 +11:00
Amir Zarrinkafsh
43af825f47
[FEATURE] Add health checks to containers (#1425) 2020-11-05 11:59:06 +11:00
dependabot-preview[bot]
9891f99752
[MISC] (deps): Bump arm64v8/alpine from 3.12.0 to 3.12.1 (#1408)
Bumps arm64v8/alpine from 3.12.0 to 3.12.1.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-10-26 22:04:11 +11:00
dependabot-preview[bot]
563d1416f8
[MISC] (deps): Bump node from 14-alpine to 15-alpine (#1409)
Bumps node from 14-alpine to 15-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-10-26 11:33:24 +11:00
dependabot-preview[bot]
5b67c38e57
[MISC] (deps): Bump golang from 1.15.2-alpine to 1.15.3-alpine (#1389)
Bumps golang from 1.15.2-alpine to 1.15.3-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-10-20 21:44:39 +11:00
Amir Zarrinkafsh
15b165f503
[BUGFIX] Fix Dockerfile WORKDIR (#1392)
The WORKDIR needs to be set early to ensure that the files are copied into the appropriate directory.
This is a minor regression that was introduced in af2ae328e7.
2020-10-19 11:24:24 +11:00
akusei
af2ae328e7
[FEATURE] Container privilege de-escalation (#1370)
* support for running as non-root

* forgot to save file

* removed write perms for user on entrypoint script

* preserve existing user behavior

* fix entrypoint permissions to account for non-root user

* typo in chmod on line 63

* better entrypoint script; moved to root

* execute bit

* support for running as non-root

* forgot to save file

* removed write perms for user on entrypoint script

* preserve existing user behavior

* fix entrypoint permissions to account for non-root user

* typo in chmod on line 63

* better entrypoint script; moved to root

* execute bit

* very rough draft documentation

* added missing header

* typo changes -> changed

* Update entrypoint.sh

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>

* Apply suggestions from code review

looks good

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-10-19 10:12:21 +11:00
dependabot-preview[bot]
7e4744d308
[MISC] (deps): Bump golang from 1.15.1-alpine to 1.15.2-alpine (#1314)
Bumps golang from 1.15.1-alpine to 1.15.2-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-09-11 11:36:45 +10:00
dependabot-preview[bot]
8f0865bd63
[MISC] (deps): Bump golang from 1.15.0-alpine to 1.15.1-alpine (#1304)
Bumps golang from 1.15.0-alpine to 1.15.1-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-09-04 10:57:24 +10:00
dependabot-preview[bot]
bdb752ed48
[MISC] (deps): Bump golang from 1.14.6-alpine to 1.15.0-alpine (#1269)
Bumps golang from 1.14.6-alpine to 1.15.0-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-08-13 11:28:03 +10:00
dependabot-preview[bot]
bf9695beef
[MISC] (deps): Bump golang from 1.14.5-alpine to 1.14.6-alpine (#1236)
Bumps golang from 1.14.5-alpine to 1.14.6-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-07-28 11:39:08 +10:00
dependabot-preview[bot]
0a1697bf60
[MISC] (deps): Bump golang from 1.14.4-alpine to 1.14.5-alpine (#1208)
Bumps golang from 1.14.4-alpine to 1.14.5-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-07-17 10:24:20 +10:00
Amir Zarrinkafsh
ddfce52939
[MISC] Strip debugging information from compiled binaries (#1141) 2020-06-21 21:52:35 +10:00
Amir Zarrinkafsh
ff7f9a50ab
[FEATURE] Docker simplification and configuration generation (#1113)
* [FEATURE] Docker simplification and configuration generation
The Authelia binary now will attempt to generate configuration based on the latest template assuming that the config location specified on startup does not exist. If a file based backend is selected and the backend cannot be found similarly it will generate a `user_database.yml` based a template.

This will allow more seamless bootstrapping of an environment no matter the deployment method.

We have also squashed the Docker volume requirement down to just `/config` thus removing the requirement for `/var/lib/authelia` this is primarily in attempts to simplify the Docker deployment.

Users with the old volume mappings have two options:
1. Change their mappings to conform to `/config`
2. Change the container entrypoint from `authelia --config /config/configuration.yml` to their old mapping

* Adjust paths relative to `/etc/authelia` and simplify to single volume for compose
* Add generation for file backend based user database
* Refactor Docker volumes and paths to /config
* Refactor Docker WORKDIR to /app
* Fix integration tests
* Update BREAKING.md for v4.20.0
* Run go mod tidy
* Fix log_file_path in miscellaneous.md docs
* Generate config and userdb with 0600 permissions
* Fix log_file_path in config.template.yml
2020-06-17 16:25:35 +10:00
dependabot-preview[bot]
7c6cb402f5
[MISC] (deps): Bump golang from 1.14.3-alpine to 1.14.4-alpine (#1086)
Bumps golang from 1.14.3-alpine to 1.14.4-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-06-04 22:02:52 +02:00
dependabot-preview[bot]
7dc79b2ac4
[MISC] (deps): Bump arm64v8/alpine from 3.11.6 to 3.12.0 (#1071)
Bumps arm64v8/alpine from 3.11.6 to 3.12.0.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-06-01 13:32:31 +10:00
dependabot-preview[bot]
13e2050d91
[MISC] (deps): Bump golang from 1.14.2-alpine to 1.14.3-alpine (#1029)
Bumps golang from 1.14.2-alpine to 1.14.3-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-05-19 08:22:02 +10:00
Amir Zarrinkafsh
f8bd506326
[FEATURE] Embed static assets in Go binary (#916)
* [FEATURE] Embed static assets in Go binary

* Refactor/consolidate code and specify public_html via configuration

* Update docs and config template for assets

* Update AUR package pre-requisites and systemd unit

* Include static assets as Buildkite and GitHub artifacts

* Remove references to PUBLIC_DIR

* Only serve assets via embedded filesystem and remove configuration references

* Update authelia-scripts helper to build the embedded filesystem

* Mock the embedded filesystem for unit tests
Add to gitignore to ensure this isn't overwritten.

* Move go:generate to satisfy linter
2020-04-29 00:07:20 +10:00
dependabot-preview[bot]
3ba06c2e9d
[MISC] (deps): Bump node from 12-alpine to 14-alpine (#932)
Bumps node from 12-alpine to 14-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-28 09:38:20 +10:00
Daniel Sutton
ca4a890fb2
[MISC] Update to alpine 3.11.6 (#917)
* update to alpine 3.11.6

Signed-off-by: Daniel Sutton <daniel@ducksecops.uk>
2020-04-25 22:56:32 +02:00
Clément Michaud
b12d9d405f
[FEATURE] Add Content-Security-Policy meta to login portal. (#822)
CSP is used to avoid some attacks where the hacker tries to execute
untrusted code in the browser.

The policy is to use assets hosted on the the original website and in order to make CSP work with material UI, a nonce is generated at each request of index.html and injected in the template as well as provided in the Content-Security-Policy header (https://material-ui.com/styles/advanced/#how-does-one-implement-csp)

Fix #815
2020-04-21 10:23:28 +10:00
Amir Zarrinkafsh
94fb28c6c0
[MISC] Update Go to 1.14.2 (#863) 2020-04-13 20:14:49 +10:00
Amir Zarrinkafsh
0d9a5812c7
[Buildkite] Update musl-cross-make toolchain to gcc 9.2.0 (#703)
Built using `musl-1.1.24`, `linux-headers-headers-4.19.88`
2020-03-14 12:45:55 +01:00
Amir Zarrinkafsh
cc25b565c7
[MISC] Update Golang and QEMU to v1.14.0 and v4.2.0-6 respectively (#685)
* [MISC] Update Golang and QEMU to v1.14.0 and v4.2.0-6 respectively

* Argon2id memory in MB for Config Template

* Doc Fix

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-03-06 19:40:56 +11:00
Clément Michaud
c1aecf0afc
Add authelia directory in the PATH of docker images. (#621) 2020-02-06 10:02:18 +11:00
Amir Zarrinkafsh
9a685fefad Update alpine to 3.11.3 2020-01-22 11:53:15 +11:00
Clement Michaud
2acf8bf21c Add hash-password and migrate commands to authelia binary.
This reduce the size of the docker image and avoid confusing users.

We keep the commands in authelia-scripts too in order to keep the
current workflow of developers.
2020-01-22 11:53:15 +11:00
Clément Michaud
ce7b6b8167
Build docker image upfront in CI and use it in integration tests. (#555)
* Build docker image upfront in CI and use it in integration tests.

Previously, the development workflow was broken because the container
generated from Dockerfile.CI was used in dev environments but the binary
was not pre-built as it is on buildkite. I propose to just remove that
image and use the "to be published" image instead in integration tests.

This will have several advantages:
- Fix the dev workflow.
- Remove CI arch from authelia-scripts build command
- Optimize CI time in buildkite since we'll cache a way small artifact
- We don't build authelia more than once for earch arch.

* Fix suites and only build ARM images on master or tagged commits

* Optimise pipeline dependencies and Kubernetes suite to utilise cache

* Run unit tests and docker image build in parallel.

* Fix suite trying to write on read only fs.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-01-17 20:46:51 +01:00
Clément Michaud
da22227563
Add trimpath build flag and fix go version to guarantee reproducible build. (#553) 2020-01-16 22:17:03 +01:00
Amir Zarrinkafsh
5914f96de4
Add git tag back to binary artifact. 2020-01-13 11:30:05 +11:00
Clement Michaud
a823b6368a Remove build time and git tag from binary artifact.
That way it's easy to build a given commit and check whether
it's the same binary than the one published on Github.
2020-01-12 20:17:11 +01:00
Amir Zarrinkafsh
072a8c468c Reduce number of Docker layers 2020-01-11 14:25:50 +11:00
Amir Zarrinkafsh
4ca603883a Clean up Dockerfiles 2020-01-06 02:20:14 +11:00
Amir Zarrinkafsh
8dbd3c54fc Cross compile natively from amd64
Reduce reliance on QEMU in order to speed up the pipeline.
2020-01-05 23:37:46 +11:00
Amir Zarrinkafsh
30ddfeab38 Build static Go binary 2020-01-05 16:28:28 +11:00
Amir Zarrinkafsh
e8ea1d814c Update to Alpine linux 3.11.2 2020-01-02 17:54:47 +11:00
Amir Zarrinkafsh
2fb20882d9
Utilise Buildkite for Authelia CI/CD (#507)
Publish steps are currently disabled.
2019-12-27 22:07:53 +11:00
Mike Kusold
511b0b3c62 Distribute authelia-scripts in docker image
Building and copying the authelia-scripts binary so that migrations can
easily be ran.
2019-12-24 14:23:02 +11:00
Clement Michaud
b4a8c4f0ec Introduce version command to Authelia to check the version
The version command displays the tag and the commit hash of the
built commit along with the time when the build was done.
2019-12-09 13:03:12 +01:00
Clement Michaud
b89f63e9c1 Fix and parallelize integration tests. 2019-12-05 11:05:24 +01:00
Amir Zarrinkafsh
6380bd32d7 Enable Multiarch docker builds 2019-11-07 07:51:14 +01:00