1
0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Commit Graph

59 Commits

Author SHA1 Message Date
James Elliott
b2c60ef898
feat: major documentation refresh ()
This marks the launch of the new documentation website.
2022-06-15 17:51:47 +10:00
Amir Zarrinkafsh
9861467831
ci: add integration container for samba and refactor duo ()
This change utilises a specific integration container for the ActiveDirectory suite and simplifies the DuoPush suite.
2022-06-05 03:51:33 +10:00
Amir Zarrinkafsh
91c0c81818
refactor(suites): stop integration tests on first failure ()
* refactor(suites): stop integration tests on first failure

* refactor(suites): remove additional nginx instance

* refactor(suites): log relevant containers

* refactor(suites): add traefik2 logs to stdout

* refactor(suites): explicitly enable traefik for tests

* refactor(suites): remove redis restart and duplicate pathprefix tests

* ci(buildkite): allow manual retry on integration tests
2022-05-02 14:50:37 +10:00
Amir Zarrinkafsh
43550b2d92
ci(buildkite): adjust debhelper step for new makedeb spec ()
makedeb v14.0.0 has [changes](https://github.com/makedeb/makedeb/releases/tag/v14.0.0-stable) which have resulted in the PKGBUILD specification changing.

This PR adjusts the PKGBUILD per the required makedeb specification.
2022-04-22 18:10:49 +10:00
James Elliott
5d0b68ebea
build: utilize new makedeb spec ()
This adds the adjustments needed for the new makedeb version to package conffiles.

Fixes 
2022-03-09 11:18:21 +11:00
Amir Zarrinkafsh
dfa2a0d1b0
ci(buildkite): use armv7l architecture and ignore check ()
* ci(buildkite): use armv7l architecture and ignore check

* fix: only ignore architecture check for armhf
2022-01-12 22:08:05 +11:00
James Elliott
a689ffe372
ci: publish authelia-git aur only on releases () 2021-12-03 15:56:31 +11:00
Amir Zarrinkafsh
dbbb506fa5
ci(buildkite): fix missing commit in build-info for authelia aur package () 2021-11-18 11:57:11 +11:00
Amir Zarrinkafsh
b606ec6752
ci(buildkite): add agent control to standalone job () 2021-10-08 12:08:43 +11:00
Amir Zarrinkafsh
bd6a8e3ea2
feat: hardened authelia binaries ()
* feat: hardened authelia binaries

This change ensures that all Authelia binaries which are compiled and distributed are hardened with the following standards:

* RELRO
* Stack canary
* NX
* PIE/ASLR
* Stripped RPATH AND RUNPATH
* Stripped Symbols
* Fortify

The musl variants currently [do not support Fortify](https://wiki.musl-libc.org/future-ideas.html#Fortify).

* refactor: docker pull for authelia/crossbuild in background
2021-09-26 12:08:47 +10:00
Amir Zarrinkafsh
57705be468
refactor: use authelia/debpackager:latest manifest () 2021-09-17 10:08:57 +10:00
Amir Zarrinkafsh
92ec00d7c5
feat: builds with gox and buildx ()
* feat: builds with gox and buildx

This change builds all of Authelia respective binaries in parallel within a single step and distributes as necessary to subsequent steps, we now also build and distribute for the following OS/Architecture: freebsd/amd64.

Our CI/CD pipeline now also utilises docker buildx as a default for builds and pushes.

* refactor: clean up docker helper

* Remove `authelia-scripts docker push-image` command as all pushes will be performed with buildx and manifests
* Rename the --arch flag to --container
* Add Dockerfile.dev for users that want to build an Authelia container from source without utilising suites
* Set Dockerfile.dev as default for `authelia-scripts docker build` command

* refactor: variant -> container
2021-09-16 22:39:18 +10:00
Amir Zarrinkafsh
e4d1efacaa
ci(buildkite): update to authelia/debpackager () 2021-09-13 18:46:53 +10:00
Amir Zarrinkafsh
327765f132
ci(buildkite): allow manual retry on successful steps ()
This permits manual retry on specific steps which can cause problematic issues for example when a node runs out of disk space.

By allowing this we should be able to recover problematic builds instead of forcing a complete rebuild which may be undesirable on the `master` or other production branches.
2021-08-07 11:04:21 +10:00
Amir Zarrinkafsh
87550d1957
ci(buildkite): add [skip-test] and [test-skip] conditionals ()
If a commit message includes either `[skip-test]` or `[test-skip]` a some CI steps will be ignored.

This is to allow rapid deployments and prototyping when attempting fixes, under no circumstances should any PR to master be accepted with said tags/conditionals.
2021-08-07 10:06:42 +10:00
Amir Zarrinkafsh
e930b76464
ci(buildkite): allow retry on successful docker deploy steps ()
Occasionally during a manifest deployment tags can be removed and the step may fail. To ensure the manifest step can be completed successfully it would require re-pushing the tags that had been removed.

Turning on the `permit_on_passed` option allows us to control this all through the Buildkite interface as opposed to manual intervention.
2021-08-05 18:52:30 +10:00
Amir Zarrinkafsh
b415770548
ci(buildkite): fix apt repo readme ()
Image links in the apt repo README.md were broken as the file uploaded without the necessary modifications.
2021-08-05 16:58:08 +10:00
Amir Zarrinkafsh
711b5ff0db
feat: publish and deploy to apt.authelia.com ()
This automates the process of publishing our `*.deb` files for stable Authelia releases to apt.authelia.com.
2021-07-05 12:49:48 +10:00
Amir Zarrinkafsh
93e20a44e9
feat: build and distribute .deb packages ()
* feat: build and distribute .deb packages

Creates .deb packages for distribution via GitHub releases and Buildkite builds for the following architectures:

* amd64
* armhf
* arm64

* fix: pkgver reference in debpackages.sh

* refactor: split deb packaging jobs and quote variables

* fix: pipeline upload for debpackages

* fix: depends_on key for debpackages

* fix: add depends_on: ~ for debpackages step

* fix: pre-artifact hook for debpackages

* fix: add .deb suffix in pre-artifact hook

* fix: variable reference in debhelper.sh

* refactor: silence wget output in debhelper.sh

* refactor: make build concurrency gate only depend_on docker builds

* refactor: make build concurrency gate also depend_on coverage build

* refactor: remove dependencies for build concurrency gate
2021-06-26 11:45:21 +10:00
Amir Zarrinkafsh
2b95acb82a
ci(buildkite): add tag for highavailability suite ()
Allows granular control for node assignment on the high availability testing suite.
2021-05-27 14:23:56 +10:00
Clément Michaud
7c18081f57
ci: include version in the name of tar.gz artifacts ()
This makes sure the version is included in GitHub artifacts.

Fix 

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-04-15 17:56:32 +10:00
Amir Zarrinkafsh
e816a2e563
ci: publish docker images to ghcr ()
* ci: publish docker images to ghcr

* ci: remove ghcr images with no tags

* ci: remove unnecessary ghcr jq args for empty tags

* ci: move ghcr empty tag clean up

Publishes Docker container images on both DockerHub and GitHub Container Registry.
2021-03-30 09:17:19 +11:00
James Elliott
1e46ec6c44
ci: restore dependabot rules ()
Restores the dependabot rules in buildkite for the purpose of security fixes which are handled by dependabot still.
2021-03-10 15:53:33 +11:00
Amir Zarrinkafsh
49aa5e0eb8
ci(buildkite): change to concurrency gates ()
* ci(buildkite): change to concurrency gates

Continuation of .

* ci(buildkite): optimise concurrency gates
2021-02-22 12:48:20 +11:00
Amir Zarrinkafsh
8c79e6beca
ci(buildkite): utilise conventional-changelog for release notes ()
Instead of generating our changelog based on crude modifications utilising git log we now utilise conventional-changelog.

conventional-changelog utilises the angular commit structure to categorise and display the changelog for 3 types (fix,feat,perf) and each of the change scopes are identified in the changelog too.

An example of the output for v4.26.0 can be found below:

# [4.26.0](https://github.com/authelia/authelia/compare/v4.25.2...v4.26.0) (2021-02-02)

### Bug Fixes

* **handlers:** refresh user details on all domains ([](https://github.com/authelia/authelia/issues/1642)) ([60ff16b](60ff16b518))

### Docker Container
* `docker pull authelia/authelia:4.26.0`
2021-02-12 14:00:36 +11:00
Amir Zarrinkafsh
aac5170ddc
ci: remove dependabot ()
da5892faad introduced renovate to Authelia.
Now that it has been evaluated dependabot is no longer necessary and can be removed.
2021-02-04 13:06:23 +11:00
Amir Zarrinkafsh
d71dbd4858
ci(buildkite): update buildkite deployment steps ()
This PR modifies the Buildkite CI pipeline with the following changes:

* Add `SECURITY.md` to CI_BYPASS
* Skip Docker {amd64,arm32v7,arm64v8} builds for renovate PRs
* Ensure Deploy Manifest step only is assigned to deployment nodes
2021-01-31 11:49:36 +11:00
Amir Zarrinkafsh
3487fd392e
[FEATURE] Add API docs and swagger-ui ()
* [FEATURE] Add API docs and swagger-ui

This change will serve out swagger-ui at the `/api/` root path.

* Update descriptions and summaries in API spec

* Utilise frontend assets from unit testing for Docker build steps

* Fix tag for /api/user/* endpoints

* Fix response schema for /api/user/info/2fa_method

* Template and inject the session name during runtime into swagger-ui

This change also factorises and renames index.go into template.go, this can now be generically utilised to template any file.

* Fix integration tests

* Add U2F endpoints

* Change swagger directory to api

This change is to more closely conform to the golang-standards project layout.

* Add authentication for u2f endpoints

* Modify u2f endpoint descriptions

* Rename and fix u2f 2fa sign endpoints

* Fix request body for /api/secondfactor/u2f/sign endpoint

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-01-03 15:28:46 +11:00
Amir Zarrinkafsh
aa64d0c4e5
[FEATURE] Support MSAD password reset via unicodePwd attribute ()
* Added `ActiveDirectory` suite for integration tests with Samba AD
* Updated documentation
* Minor styling refactor to suites
* Clean up LDAP user provisioning
* Fix Authelia home splash to reference correct link for webmail
* Add notification message for password complexity errors
* Add password complexity integration test
* Rename implementation default from rfc to custom
* add specific defaults for LDAP (activedirectory implementation)
* add docs to show the new defaults
* add docs explaining the importance of users filter
* add tests
* update instances of LDAP implementation names to use the new consts where applicable
* made the 'custom' case in the UpdatePassword method for the implementation switch the default case instead
* update config examples due to the new defaults
* apply changes from code review
* replace schema default name from MSAD to ActiveDirectory for consistency
* fix missing default for username_attribute
* replace test raising on empty username attribute with not raising on empty

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-11-27 20:59:22 +11:00
Amir Zarrinkafsh
0df8f6bfe3
[CI] Collect and upload coverage on master branch () 2020-07-02 08:56:45 +02:00
vdot0x23
6ccc92e47e
do not hardcode /bin/bash ()
Co-authored-by: Victor Büttner <victor@0x23.dk>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-06-18 09:49:13 +02:00
Amir Zarrinkafsh
d123fe4785
[CI] Add Codecov support ()
* [CI] Add Codecov support

* [CI] Capture backend coverage from integration tests

* [CI] Remove unnecessary artifacts for coverage build

* [CI] Only run coverage elements where necessary

* [CI] Simplify post-command hook

* Fix yarn dependencies and collect coverage

* [CI] Include cmd/authelia/ path in coverage

* [CI] Exclude internal/suites/ in coverage

Closes .
2020-06-05 10:43:19 +10:00
Amir Zarrinkafsh
9e2a9f5ee6
[DEPRECATE] Remove OSX (darwin) based binaries () 2020-05-03 22:03:53 +10:00
Amir Zarrinkafsh
d301ebe47c
[CI] Fix pipeline dependencies ()
* [CI] Fix pipeline dependencies
This change ensures that CI_BYPASS works as intended and ensures that the hardcoded pipeline does not conflict with the repo provided dynamic pipeline.
The hardcoded pipeline has been changed to reflect the following:
```yaml
steps:
  # Blocking pipeline for master branch deployments (concurrency_group).
  - label: ":pipeline: Setup Pipeline"
    command: ".buildkite/pipeline.sh | buildkite-agent pipeline upload"
    concurrency: 1
    concurrency_group: "deployments"
    if: build.branch == "master"

  # Non-blocking pipeline for all others (tagged commits/local branches/PRs).
  - label: ":pipeline: Setup Pipeline"
    command: ".buildkite/pipeline.sh | buildkite-agent pipeline upload"
    if: build.branch != "master"

  - wait:
    if: build.pull_request.repository.fork != true && build.branch !~ /^dependabot\/.*/

  # Manual intervention by team required to deploy for forked PRs (prevent secret leakage).
  - block: "Public fork needs approval"
    if: build.pull_request.repository.fork == true

  # Blocking deployment for master branch deployments (concurrency_group).
  - label: "🚀 Setup Deployment"
    command: ".buildkite/deployment.sh | buildkite-agent pipeline upload"
    concurrency: 1
    concurrency_group: "deployments"
    depends_on: ~
    if: build.branch == "master"

  # Non-blocking deployment for all others (tagged commits/local branches).
  - label: "🚀 Setup Deployment"
    command: ".buildkite/deployment.sh | buildkite-agent pipeline upload"
    depends_on: ~
    if: build.branch != "master" && build.branch !~ /^dependabot\/.*/ && build.pull_request.repository.fork != true

  # Removed dependency optimisation for forked PRs to enforce block step.
  - label: "🚀 Setup Deployment"
    command: ".buildkite/deployment.sh | buildkite-agent pipeline upload"
    if: build.pull_request.repository.fork == true
```

* [CI] Include upstream hardcoded pipeline in repo
2020-05-02 17:05:11 +02:00
Amir Zarrinkafsh
f8bd506326
[FEATURE] Embed static assets in Go binary ()
* [FEATURE] Embed static assets in Go binary

* Refactor/consolidate code and specify public_html via configuration

* Update docs and config template for assets

* Update AUR package pre-requisites and systemd unit

* Include static assets as Buildkite and GitHub artifacts

* Remove references to PUBLIC_DIR

* Only serve assets via embedded filesystem and remove configuration references

* Update authelia-scripts helper to build the embedded filesystem

* Mock the embedded filesystem for unit tests
Add to gitignore to ensure this isn't overwritten.

* Move go:generate to satisfy linter
2020-04-29 00:07:20 +10:00
Amir Zarrinkafsh
13712d0f36
[Buildkite] Fine-grained control of build steps for agent allocation () 2020-04-08 11:31:33 +10:00
Amir Zarrinkafsh
580152b40b
[FEATURE] Include darwin based binaries for OSX ()
Build and publish binary artifacts for Authelia which can be run directly from OSX.
2020-04-03 16:13:24 +11:00
Amir Zarrinkafsh
95f6c1a893
[Buildkite] Add contents of BREAKING.md for tag to releases ()
This will ensure that notes pertaining to a version in the BREAKING.md will be published in each of the respective github releases.

All information from:
'## Breaking in $TAG' until the next '## Breaking in $TAG' is included.
2020-03-31 08:46:23 +11:00
Amir Zarrinkafsh
7a0d217b67
[Buildkite] Reorder git fetch in pipeline ()
This will ensure that we always will have up-to-date refs for the repo post-checkout.
2020-03-09 16:53:13 +11:00
Amir Zarrinkafsh
b70c4a744f
[Buildkite] Ignore unnecessary CI steps for docs/* only based commits ()
* [Buildkite] Ignore build and deploy steps for [DOCS] only based commits

* [Buildkite] Convert static pipelines into dynamic pipelines

* [Buildkite] Convert dynamic pipeline steps into heredocs

* [Buildkite] Fix indentation for aurpackages.sh

* [Buildkite] Rename docs bypass env variable

* [Buildkite] Fix automatic retries in integration tests
2020-03-09 12:32:07 +11:00
Amir Zarrinkafsh
ae5533d41b
[Buildkite] Fix always reporting as failure for github artifact step () 2020-03-01 15:56:04 +11:00
Clément Michaud
9c0e722bd7
[DOCS] Do not let think OAuth won't be supported. ()
* [DOCS] Do not let think OAuth won't be supported.

* [Buildkite] Prevent docs commit if there are no changes
2020-02-29 23:07:23 +11:00
Clément Michaud
f821793afb
[Buildkite] Change commit author of commits in gh-pages to autheliabot. () 2020-02-29 22:29:55 +11:00
Clément Michaud
a9f8958187
[BUGFIX] Add jekyll dependency in Gemfile. ()
* [BUGFIX] Add jekyll dependency in Gemfile.

* [Buildkite] Optimise documentation sync step

* [DOC] Fix merge conflict for index.md

* [DOC] Fix formatting issues
2020-02-29 16:15:03 +11:00
Clément Michaud
adf7bbaf5b
[DOCS] Bootstrap new documentation website based on just-the-docs () 2020-02-29 01:43:59 +01:00
Amir Zarrinkafsh
150a2e177a
[Buildkite] Enable automatic retries for failed github artifact step ()
* [Buildkite] Enable automatic retries for failed github artifact step

This is to handle failures which may occur when attempting to upload assets, per: https://buildkite.com/authelia/authelia/builds/465#537f931f-efc3-4f7b-9527-c927c1425a52.

* [Buildkite] Ensure GitHub artifact step is reported as a failure

When the initial command fails and we remove the release, we need to ensure that the exit status is reported as non-zero to trigger the automatic retry.
2020-02-28 22:58:44 +01:00
Amir Zarrinkafsh
4c09df9868
[Buildkite] Fix AUR version tagging ()
Need to fetch all tags prior to extracting the correct version.
2020-02-20 11:04:07 +11:00
Amir Zarrinkafsh
447b2461e4
[Buildkite] Automate CD for AUR packages ()
* [Buildkite] Automate continuous deployment for AUR packages

* [Buildkite] Make AUR deploy step conditional
2020-02-20 10:25:28 +11:00
Amir Zarrinkafsh
d80becc343
[FIX] Changelog generation for github releases () 2020-02-19 12:25:41 +11:00
Amir Zarrinkafsh
5588014ea7 [Buildkite] Fix agent key allocation for build step () 2020-02-06 09:18:56 +01:00