Commit Graph

63 Commits

Author SHA1 Message Date
Amir Zarrinkafsh
74a7e96409
ci: add integration containers for duo and haproxy (#3479)
* ci: add integration containers for duo and haproxy

This change utilises specific integration containers for the DuoPush and HAProxy suites.
In the case of DuoPush suite specifically in dev mode the container will be built on suite startup.

* ci: factorize pre-command hook and unset async on trigger steps
2022-06-04 19:38:13 +10:00
Amir Zarrinkafsh
9b812b0b8f
ci(buildkite): exclude additional file from pre-exit clean up (#3337) 2022-05-10 17:57:04 +10:00
Amir Zarrinkafsh
4d3efb0da3
ci(buildkite): clean /tmp at the conclusion of each job (#3268)
* ci(buildkite): clean /tmp at the conclusion of each job

* fix: cleanup with sudo to remove 000 perm files
2022-04-29 12:23:51 +10:00
Amir Zarrinkafsh
75db513bfc
ci(buildkite): add qemu registration for specific nodes (#3262) 2022-04-28 21:21:41 +10:00
Amir Zarrinkafsh
2e679169dc
ci(buildkite): remove go module index update hook (#3216) 2022-04-19 12:00:57 +10:00
Amir Zarrinkafsh
8ba586e955
ci(buildkite): prevent pre-exit hook on setup steps (#3076)
* ci(buildkite): prevent pre-exit hook on setup steps

Occasionally due to node issues the pre-exit hook for docker image cleanups can fail, causing the otherwise successful job to bail out. This change ignores the cleanup on setup steps.
2022-03-30 11:24:50 +11:00
Amir Zarrinkafsh
a3e84769b5
feat(web): replace cra with vite (#2457)
* feat(web): replace cra with vite

* fix: add istanbul
* fix: add jest
* fix: inject env vars
* fix: replicate cra output directories
* fix: post-frontend build for go templating
* fix: dynamic publicpath

* fix(web): import resolution with aliases for .module.css files

* refactor(server): baseurl var

* refactor(web): drop babel-jest for esbuild-jest

* refactor(web): add inline sourcemap for coverage bundle

* build(deps): update web deps

* build(deps): downgrade vite-plugin-istanbul to 2.2.0

98bf77dbaa is a breaking change that means production mode builds can no longer be instrumented.

* refactor(web): match frontend name and version

* refactor(web): drop cra readme
2021-10-08 15:00:06 +11:00
Amir Zarrinkafsh
b606ec6752
ci(buildkite): add agent control to standalone job (#2469) 2021-10-08 12:08:43 +11:00
Amir Zarrinkafsh
4161fbd818
ci(codecov): utilise new codecov uploader for coverage (#2467)
* ci(codecov): utilise new codecov uploader for coverage

The codecov bash uploader is being [deprecated](https://docs.codecov.com/docs/about-the-codecov-bash-uploader).

This utilises the new uploader which is recommended.

* ci(codecov): adjust file search path and name uploads

* fix(suites): coverage paths for codecov
2021-10-08 11:17:08 +11:00
Amir Zarrinkafsh
26de57a297
ci(buildkite): skip front/backend builds for renovate deps (#2462)
* ci(buildkite): skip front/backend builds for renovate deps

* ci(buildkite): make unit-test artifact compression conditional
2021-10-07 09:45:37 +11:00
Amir Zarrinkafsh
3d312cf3b9
refactor: replace yarn with pnpm (#2424)
* Check for pnpm in authelia-scripts
* Improve husky hooks to check for required apps
* Use pnpm in coverage dockerfile
* Use pnpm in dev workflow
* Stop buildx log truncation
* Ignore pnpm lockfile in yamllint
* Update versions required for docker and docker-compose in contributing docs
2021-09-29 17:24:21 +10:00
Amir Zarrinkafsh
c9f5b3de88
feat(web): replace babel-loader and terser with esbuild (#2422) 2021-09-28 16:27:06 +10:00
Amir Zarrinkafsh
bd6a8e3ea2
feat: hardened authelia binaries (#2410)
* feat: hardened authelia binaries

This change ensures that all Authelia binaries which are compiled and distributed are hardened with the following standards:

* RELRO
* Stack canary
* NX
* PIE/ASLR
* Stripped RPATH AND RUNPATH
* Stripped Symbols
* Fortify

The musl variants currently [do not support Fortify](https://wiki.musl-libc.org/future-ideas.html#Fortify).

* refactor: docker pull for authelia/crossbuild in background
2021-09-26 12:08:47 +10:00
Amir Zarrinkafsh
7ab6175cf4
ci(buildkite): fix post-manifest tag cleanup (#2395) 2021-09-18 18:09:19 +10:00
Amir Zarrinkafsh
cb0b9a09ab
ci(buildkite): improve logging for post-manifest tag cleanup (#2394) 2021-09-18 15:48:23 +10:00
Amir Zarrinkafsh
7bb878ffff
ci(buildkite): fix ghcr tag cleanup (#2390)
* ci(buildkite): fix ghcr tag cleanup

* ci(buildkite): do not remove empty tags
2021-09-18 00:15:43 +10:00
Amir Zarrinkafsh
57a35abd3b
ci(buildkite): fix index update post release (#2388) 2021-09-17 20:59:41 +10:00
Amir Zarrinkafsh
92ec00d7c5
feat: builds with gox and buildx (#2381)
* feat: builds with gox and buildx

This change builds all of Authelia respective binaries in parallel within a single step and distributes as necessary to subsequent steps, we now also build and distribute for the following OS/Architecture: freebsd/amd64.

Our CI/CD pipeline now also utilises docker buildx as a default for builds and pushes.

* refactor: clean up docker helper

* Remove `authelia-scripts docker push-image` command as all pushes will be performed with buildx and manifests
* Rename the --arch flag to --container
* Add Dockerfile.dev for users that want to build an Authelia container from source without utilising suites
* Set Dockerfile.dev as default for `authelia-scripts docker build` command

* refactor: variant -> container
2021-09-16 22:39:18 +10:00
Amir Zarrinkafsh
4e94d264dd
ci(buildkite): force module index update on tagged release (#2376) 2021-09-14 20:29:23 +10:00
Amir Zarrinkafsh
711b5ff0db
feat: publish and deploy to apt.authelia.com (#2148)
This automates the process of publishing our `*.deb` files for stable Authelia releases to apt.authelia.com.
2021-07-05 12:49:48 +10:00
Amir Zarrinkafsh
93e20a44e9
feat: build and distribute .deb packages (#2114)
* feat: build and distribute .deb packages

Creates .deb packages for distribution via GitHub releases and Buildkite builds for the following architectures:

* amd64
* armhf
* arm64

* fix: pkgver reference in debpackages.sh

* refactor: split deb packaging jobs and quote variables

* fix: pipeline upload for debpackages

* fix: depends_on key for debpackages

* fix: add depends_on: ~ for debpackages step

* fix: pre-artifact hook for debpackages

* fix: add .deb suffix in pre-artifact hook

* fix: variable reference in debhelper.sh

* refactor: silence wget output in debhelper.sh

* refactor: make build concurrency gate only depend_on docker builds

* refactor: make build concurrency gate also depend_on coverage build

* refactor: remove dependencies for build concurrency gate
2021-06-26 11:45:21 +10:00
Amir Zarrinkafsh
3d08e03592
ci(buildkite): log ghcr id on branch tag removal (#1929) 2021-04-18 14:20:45 +10:00
Amir Zarrinkafsh
0cf54214a0
ci(buildkite): log ghcr id on tag removal (#1889) 2021-04-06 11:49:13 +10:00
Amir Zarrinkafsh
e816a2e563
ci: publish docker images to ghcr (#1860)
* ci: publish docker images to ghcr

* ci: remove ghcr images with no tags

* ci: remove unnecessary ghcr jq args for empty tags

* ci: move ghcr empty tag clean up

Publishes Docker container images on both DockerHub and GitHub Container Registry.
2021-03-30 09:17:19 +11:00
Amir Zarrinkafsh
8bab8d47ef
[MISC] Add CLI suite (#1597)
This change adds a new integration testing suite "CLI".

The intent of this suite is to test, validate and capture coverage for Authelia's commands via the CLI.
2021-01-16 21:25:02 +11:00
Amir Zarrinkafsh
3487fd392e
[FEATURE] Add API docs and swagger-ui (#1544)
* [FEATURE] Add API docs and swagger-ui

This change will serve out swagger-ui at the `/api/` root path.

* Update descriptions and summaries in API spec

* Utilise frontend assets from unit testing for Docker build steps

* Fix tag for /api/user/* endpoints

* Fix response schema for /api/user/info/2fa_method

* Template and inject the session name during runtime into swagger-ui

This change also factorises and renames index.go into template.go, this can now be generically utilised to template any file.

* Fix integration tests

* Add U2F endpoints

* Change swagger directory to api

This change is to more closely conform to the golang-standards project layout.

* Add authentication for u2f endpoints

* Modify u2f endpoint descriptions

* Rename and fix u2f 2fa sign endpoints

* Fix request body for /api/secondfactor/u2f/sign endpoint

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-01-03 15:28:46 +11:00
Amir Zarrinkafsh
689fd7cb95
[CI] Add linting option for frontend and enforce styling (#1565)
We now extend the default Eslint configuration and enforce styling with prettier for all of our frontend code.
2021-01-02 21:58:24 +11:00
Amir Zarrinkafsh
b0fbf2c4cc
[CI] Exclude non-coverage files from codecov upload (#1495)
* [CI] Exclude non-coverage files from codecov upload

* Ignore React serviceWorker.ts for coverage

As we do not utilise service workers in React gives more accurate coverage percentages when ignored.
2020-11-30 21:12:46 +11:00
Amir Zarrinkafsh
d890e7d751
[CI] Add metadata switch for codecov verbose output (#1494) 2020-11-30 12:04:09 +11:00
Amir Zarrinkafsh
6db5455762
[CI] Collect coverage from frontend during integration tests (#1472)
This change will allow us to collect frontend code coverage from our Selenium based integration tests.

Given that the frontend is embedded into the Go binary and the integration tests run with a compiled binary in Docker this poses some issues with the instrumented code and the ability for it to run in this manner. To fix this we need to relax Authelia's CSP for the integration tests. This is achieved by setting the env variable `ENVIRONMENT` to `dev`.
2020-11-19 12:50:34 +11:00
Amir Zarrinkafsh
cca8480c0b
[CI] Run codecov in verbose mode (#1439)
This is to support the codecov team in identifying and resolving an issue.
2020-11-10 10:58:09 +11:00
Amir Zarrinkafsh
0df8f6bfe3
[CI] Collect and upload coverage on master branch (#1174) 2020-07-02 08:56:45 +02:00
vdot0x23
6ccc92e47e
do not hardcode /bin/bash (#1122)
Co-authored-by: Victor Büttner <victor@0x23.dk>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-06-18 09:49:13 +02:00
Amir Zarrinkafsh
ff7f9a50ab
[FEATURE] Docker simplification and configuration generation (#1113)
* [FEATURE] Docker simplification and configuration generation
The Authelia binary now will attempt to generate configuration based on the latest template assuming that the config location specified on startup does not exist. If a file based backend is selected and the backend cannot be found similarly it will generate a `user_database.yml` based a template.

This will allow more seamless bootstrapping of an environment no matter the deployment method.

We have also squashed the Docker volume requirement down to just `/config` thus removing the requirement for `/var/lib/authelia` this is primarily in attempts to simplify the Docker deployment.

Users with the old volume mappings have two options:
1. Change their mappings to conform to `/config`
2. Change the container entrypoint from `authelia --config /config/configuration.yml` to their old mapping

* Adjust paths relative to `/etc/authelia` and simplify to single volume for compose
* Add generation for file backend based user database
* Refactor Docker volumes and paths to /config
* Refactor Docker WORKDIR to /app
* Fix integration tests
* Update BREAKING.md for v4.20.0
* Run go mod tidy
* Fix log_file_path in miscellaneous.md docs
* Generate config and userdb with 0600 permissions
* Fix log_file_path in config.template.yml
2020-06-17 16:25:35 +10:00
Amir Zarrinkafsh
5cc6dfc463
[MISC] Update QEMU to v5.0.0-2 (#1090)
* [MISC] Update QEMU to v5.0.0-2

* [CI] Add retries and exit with non-zero status if codecov upload fails
2020-06-06 15:08:51 +02:00
Amir Zarrinkafsh
d123fe4785
[CI] Add Codecov support (#1065)
* [CI] Add Codecov support

* [CI] Capture backend coverage from integration tests

* [CI] Remove unnecessary artifacts for coverage build

* [CI] Only run coverage elements where necessary

* [CI] Simplify post-command hook

* Fix yarn dependencies and collect coverage

* [CI] Include cmd/authelia/ path in coverage

* [CI] Exclude internal/suites/ in coverage

Closes #1061.
2020-06-05 10:43:19 +10:00
Amir Zarrinkafsh
c3fc560242
[CI] Fix race condition on Docker tag clean up (#984)
Prior to this change if there was a branch/PR build which had not yet published manifests and a master build running simultaneously, assuming the master build finished publishing manifests before former it would clean up the architecture tagged containers (-{amd64,arm32v7,arm64v8}) which would result in the manifest step failing for the branch or PR build.
These should not be considered in either of the clean up steps because they're removed as part of a successful manifest being published.
2020-05-06 13:28:44 +10:00
Amir Zarrinkafsh
9e2a9f5ee6
[DEPRECATE] Remove OSX (darwin) based binaries (#967) 2020-05-03 22:03:53 +10:00
Amir Zarrinkafsh
1ed1318870
[CI] Fix artifact download for publishing step (#954) 2020-05-02 12:12:18 +10:00
Amir Zarrinkafsh
f8bd506326
[FEATURE] Embed static assets in Go binary (#916)
* [FEATURE] Embed static assets in Go binary

* Refactor/consolidate code and specify public_html via configuration

* Update docs and config template for assets

* Update AUR package pre-requisites and systemd unit

* Include static assets as Buildkite and GitHub artifacts

* Remove references to PUBLIC_DIR

* Only serve assets via embedded filesystem and remove configuration references

* Update authelia-scripts helper to build the embedded filesystem

* Mock the embedded filesystem for unit tests
Add to gitignore to ensure this isn't overwritten.

* Move go:generate to satisfy linter
2020-04-29 00:07:20 +10:00
Amir Zarrinkafsh
0ec3f18b44
[CI] Introduce GitHub checks based linting with reviewdog (#900)
* [CI] Introduce linting for branch commits with reviewdog
This utilises the GitHub checks API and could be a potential candidate instead of in-line PR reviews.

* [CI] Change reporter to `github-check`

* [CI] Adjust linting in-line PR commentary to execute with linting step
2020-04-22 23:10:22 +10:00
Amir Zarrinkafsh
3de1827b21
[Buildkite] Control clean builds with agent metadata (#840)
This is to optimise build times at the sacrifice of disk space/clean up tasks.
2020-04-09 14:46:04 +10:00
Amir Zarrinkafsh
de2c5836fd
[Buildkite] Introduce CI linting with golangci-lint and reviewdog (#832)
* [Buildkite] Introduce CI linting with golangci-lint and reviewdog

* Initial pass of golangci-lint

* Add gosimple (megacheck) recommendations

* Add golint recommendations

* [BUGFIX] Migrate authentication traces from v3 mongodb

* Add deadcode recommendations

* [BUGFIX] Fix ShortTimeouts suite when run in dev workflow

* Add unused recommendations

* Add unparam recommendations

* Disable linting on unfixable errors instead of skipping files

* Adjust nolint notation for unparam

* Fix ineffectual assignment to err raised by linter.

* Export environment variable in agent hook

* Add ineffassign recommendations

* Add staticcheck recommendations

* Add gocyclo recommendations

* Adjust ineffassign recommendations

Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-04-09 11:05:17 +10:00
Amir Zarrinkafsh
580152b40b
[FEATURE] Include darwin based binaries for OSX (#814)
Build and publish binary artifacts for Authelia which can be run directly from OSX.
2020-04-03 16:13:24 +11:00
Amir Zarrinkafsh
7eddf07155
[Buildkite] Clean Docker environment on exit (#734) 2020-03-19 16:15:54 +11:00
Amir Zarrinkafsh
8b80be4061
[Buildkite] Utilise annotations for build notifications (#700)
* [Buildkite] Utilise annotations for artifact and doc bypass notifications

* [Buildkite] Add context to annotations

* [Buildkite] Adjust docs annotation to display for PRs
2020-03-11 10:25:47 +11:00
Amir Zarrinkafsh
7a0d217b67
[Buildkite] Reorder git fetch in pipeline (#697)
This will ensure that we always will have up-to-date refs for the repo post-checkout.
2020-03-09 16:53:13 +11:00
Amir Zarrinkafsh
6530780817
[MISC] Utilise Probot for PR commentary (#633)
Remove Buildkite trigger for commentary.
2020-02-14 18:50:38 +11:00
Amir Zarrinkafsh
27b8a1b0fe
[Buildkite] Fix issues with releases in CD pipeline (#617)
* [Buildkite] Fix changelog output for github releases

Fetch is required to grab the latest tag, this will ensure the correct data is generated

* [Buildkite] Only clean tags on pushes to master

Also ensure that master tag is not removed on github API failures.

* [Buildkite] Fix tag publishing for releases

* [Buildkite] Minor tweaks to github changelog output
2020-02-05 23:24:19 +11:00
Amir Zarrinkafsh
9c9d8518eb
[Buildkite] Perform PR commentary in pipeline and remove github action (#614)
* [Buildkite] Perform PR commentary in pipeline and remove github action

* [Buildkite] Optimise deployment post-command hook
2020-02-03 20:07:01 +11:00