Try to build

.github/workflows/custom-build-oursky.yaml

@@ -0,0 +1,48 @@
+name: Custom Build at Oursky
+
+on:
+  push:
+    branches:
+    - '*'
+    - '!gh-pages'
+    tags:
+    - '*'
+  pull_request:
+    branches:
+    - '*'
+    - '!gh-pages'
+
+jobs:
+  authgear-image-custom:
+    runs-on: [self-hosted, linux, x64, v1]
+    if: ${{ github.repository == 'oursky/authgear-server' }}
+    steps:
+    - uses: actions/checkout@v3
+    # https://aran.dev/posts/github-actions-go-private-modules/
+    - name: Set up SSH key
+      env:
+        SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+        AUTHGEAR_PRIVATE_DEPLOY_KEY: ${{ secrets.AUTHGEAR_PRIVATE_DEPLOY_KEY }}
+      run: |
+        mkdir -p ~/.ssh
+        ssh-agent -a $SSH_AUTH_SOCK
+        printf "$AUTHGEAR_PRIVATE_DEPLOY_KEY" | base64 --decode | ssh-add -
+        echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >> "$GITHUB_ENV"
+    - run: make -C custombuild build-image TARGET=authgearx IMAGE_NAME=authgear-server-custom
+
+  portal-image-custom:
+    runs-on: [self-hosted, linux, x64, v1]
+    if: ${{ github.repository == 'oursky/authgear-server' }}
+    steps:
+    - uses: actions/checkout@v3
+    # https://aran.dev/posts/github-actions-go-private-modules/
+    - name: Set up SSH key
+      env:
+        SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+        AUTHGEAR_PRIVATE_DEPLOY_KEY: ${{ secrets.AUTHGEAR_PRIVATE_DEPLOY_KEY }}
+      run: |
+        mkdir -p ~/.ssh
+        ssh-agent -a $SSH_AUTH_SOCK
+        printf "$AUTHGEAR_PRIVATE_DEPLOY_KEY" | base64 --decode | ssh-add -
+        echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >> "$GITHUB_ENV"
+    - run: make -C custombuild build-image TARGET=portalx IMAGE_NAME=authgear-portal-custom

.github/workflows/mirror-to-oursky.yaml

@@ -0,0 +1,31 @@
+name: mirror
+
+on: [push, delete]
+
+jobs:
+  mirror:
+    if: ${{ github.repository == 'authgear/authgear-server' }}
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        # Set fetch-depth: 0 to fetch all history for all branches and tags.
+        # https://github.com/actions/checkout#:~:text=Set%20fetch%2Ddepth%3A%200%20to%20fetch%20all%20history%20for%20all%20branches%20and%20tags.
+        fetch-depth: 0
+    - name: Import GitHub Deploy Key of the mirror repository
+      env:
+        MIRROR_GITHUB_DEPLOY_KEY_BASE64: ${{ secrets.MIRROR_OURSKY_DEPLOY_KEY_BASE64 }}
+      run: |
+        mkdir -p ~/.ssh
+        echo -n "$MIRROR_GITHUB_DEPLOY_KEY_BASE64" | base64 --decode >~/.ssh/id_ed25519
+        chmod 600 ~/.ssh/id_ed25519
+    - name: Mirror
+      env:
+        MIRROR_MIRROR_REPO_URL: ${{ vars.MIRROR_OURSKY_REPO_URL }}
+      run: |
+        export GIT_SSH_COMMAND="ssh -v -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no"
+        git remote add mirror "$MIRROR_MIRROR_REPO_URL"
+        git push --tags --force --prune mirror "refs/remotes/origin/*:refs/heads/*"
+    - name: Clean up
+      run: |
+        git remote remove mirror

custombuild/Makefile

@@ -0,0 +1,23 @@
+# GIT_NAME could be empty.
+GIT_NAME ?= $(shell git describe --exact-match 2>/dev/null)
+GIT_HASH ?= git-$(shell git rev-parse --short=12 HEAD)
+
+LDFLAGS ?= "-X github.com/authgear/authgear-server/pkg/version.Version=${GIT_HASH}"
+
+.PHONY: start
+start:
+	go run -ldflags ${LDFLAGS} ./cmd/authgearx start
+
+.PHONY: start-portal
+start-portal:
+	go run -ldflags ${LDFLAGS} ./cmd/portalx start
+
+.PHONY: build
+build:
+	go build -o $(BIN_NAME) -tags "osusergo netgo static_build timetzdata $(GO_BUILD_TAGS)" -ldflags ${LDFLAGS} ./cmd/$(TARGET)
+
+.PHONY: build-image
+build-image:
+	# Add --pull so that we are using the latest base image.
+	# The build context is the parent directory
+	docker build --pull --ssh=default --file ./cmd/$(TARGET)/Dockerfile --tag $(IMAGE_NAME) --build-arg GIT_HASH=$(GIT_HASH) ../

custombuild/cmd/authgearx/Dockerfile

@@ -0,0 +1,79 @@
+# syntax=docker/dockerfile:1
+
+# Stage 1: Build the Go binary
+FROM golang:1.22.3-bookworm as stage1
+
+# Install build time C dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    pkg-config \
+    libicu-dev \
+    libvips-dev \
+    libmagic-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+# In order to build a Go program that uses private modules in Docker,
+# we need the following
+#
+# 1. Set GOPRIVATE
+# 2. Set up ~/.gitconfig to make Go to use SSH instead HTTPS to fetch the private modules.
+# 3. Set up ~/.ssh/known_hosts
+# 4. use --mount=type=ssh to use the SSH agent from the host machine.
+ENV GOPRIVATE github.com/authgear/iamsmart
+RUN git config --global url."ssh://[email protected]/authgear/iamsmart".insteadOf https://github.com/authgear/iamsmart
+RUN mkdir -p ~/.ssh \
+  && ssh-keyscan github.com >> ~/.ssh/known_hosts
+
+WORKDIR /src
+COPY go.mod go.sum ./
+RUN go mod download
+WORKDIR /src/custombuild
+COPY ./custombuild/go.mod ./custombuild/go.sum ./
+RUN --mount=type=ssh go mod download
+WORKDIR /src
+COPY . .
+ARG GIT_HASH
+RUN make -C custombuild build BIN_NAME=authgear TARGET=authgearx GIT_HASH=$GIT_HASH
+
+# We used to build static binary.
+# But we have a transitive dependency on icu4c so this is no longer the case.
+# RUN readelf -d ./authgear | grep 'There is no dynamic section in this file'
+
+# Stage 2: Build the static files
+FROM node:20.9.0-bookworm as stage2
+ARG GIT_HASH
+WORKDIR /usr/src/app
+COPY ./scripts/npm/package.json ./scripts/npm/package-lock.json ./scripts/npm/
+RUN cd ./scripts/npm && npm ci
+COPY ./authui/package.json ./authui/package-lock.json ./authui/
+RUN cd ./authui && npm ci
+COPY . .
+RUN make authui GIT_HASH=$GIT_HASH
+
+# Stage 3: Prepare the actual fs we use to run the program
+FROM debian:bookworm-slim
+ARG GIT_HASH
+WORKDIR /app
+# /etc/mime.types (mime-support)
+# /usr/share/ca-certificates/*/* (ca-certificates)
+# /usr/share/zoneinfo/ (tzdata)
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    libicu-dev \
+    libvips-dev \
+    libmagic-dev \
+    libmagic-mgc \
+    ca-certificates \
+    mime-support \
+    tzdata \
+    && rm -rf /var/lib/apt/lists/*
+RUN update-ca-certificates
+COPY ./GeoLite2-Country.mmdb ./GeoLite2-Country.mmdb
+COPY ./migrations ./migrations
+COPY --from=stage1 /src/custombuild/authgear /usr/local/bin/
+COPY ./resources/ ./resources/
+COPY --from=stage2 /usr/src/app/resources/authgear/ ./resources/authgear/
+COPY ./docker-entrypoint.sh /usr/local/bin/
+ENTRYPOINT ["docker-entrypoint.sh"]
+# update-ca-certificates requires root to run.
+#USER nobody
+EXPOSE 3000
+CMD ["authgear", "start"]

custombuild/cmd/authgearx/main.go

@@ -0,0 +1,51 @@
+package main
+
+import (
+	"errors"
+	"log"
+	"os"
+
+	"github.com/joho/godotenv"
+	_ "go.uber.org/automaxprocs"
+
+	"github.com/authgear/authgear-server/cmd/authgear/cmd"
+	_ "github.com/authgear/authgear-server/cmd/authgear/cmd/cmdaudit"
+	_ "github.com/authgear/authgear-server/cmd/authgear/cmd/cmdbackground"
+	_ "github.com/authgear/authgear-server/cmd/authgear/cmd/cmddatabase"
+	_ "github.com/authgear/authgear-server/cmd/authgear/cmd/cmdimages"
+	_ "github.com/authgear/authgear-server/cmd/authgear/cmd/cmdimages/cmddatabase"
+	_ "github.com/authgear/authgear-server/cmd/authgear/cmd/cmdimages/cmdstart"
+	_ "github.com/authgear/authgear-server/cmd/authgear/cmd/cmdimport"
+	_ "github.com/authgear/authgear-server/cmd/authgear/cmd/cmdinit"
+	_ "github.com/authgear/authgear-server/cmd/authgear/cmd/cmdinternal"
+	_ "github.com/authgear/authgear-server/cmd/authgear/cmd/cmdstart"
+	_ "github.com/authgear/authgear-server/pkg/latte"
+	_ "github.com/authgear/authgear-server/pkg/lib/authenticationflow/declarative"
+	_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/adfs"
+	_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/apple"
+	_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/azureadb2c"
+	_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/azureadv2"
+	_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/facebook"
+	_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/github"
+	_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/google"
+	_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/linkedin"
+	_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/wechat"
+	"github.com/authgear/authgear-server/pkg/util/debug"
+	_ "github.com/authgear/iamsmart/pkg/iamsmartoauthrelyingparty"
+)
+
+func main() {
+	debug.TrapSIGQUIT()
+
+	err := godotenv.Load()
+	if err != nil && !errors.Is(err, os.ErrNotExist) {
+		log.Printf("failed to load .env file: %s", err)
+	}
+
+	err = cmd.Root.Execute()
+	if err != nil {
+		os.Exit(1)
+	} else {
+		os.Exit(0)
+	}
+}

custombuild/cmd/portalx/Dockerfile

@@ -0,0 +1,90 @@
+# syntax=docker/dockerfile:1
+
+# Stage 1: Build the Go binary
+FROM golang:1.22.3-bookworm as stage1
+
+# Install build time C dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    pkg-config \
+    libicu-dev \
+    libvips-dev \
+    libmagic-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+# In order to build a Go program that uses private modules in Docker,
+# we need the following
+#
+# 1. Set GOPRIVATE
+# 2. Set up ~/.gitconfig to make Go to use SSH instead HTTPS to fetch the private modules.
+# 3. Set up ~/.ssh/known_hosts
+# 4. use --mount=type=ssh to use the SSH agent from the host machine.
+ENV GOPRIVATE github.com/authgear/iamsmart
+RUN git config --global url."ssh://[email protected]/authgear/iamsmart".insteadOf https://github.com/authgear/iamsmart
+RUN mkdir -p ~/.ssh \
+  && ssh-keyscan github.com >> ~/.ssh/known_hosts
+
+WORKDIR /src
+COPY go.mod go.sum ./
+RUN go mod download
+WORKDIR /src/custombuild
+COPY ./custombuild/go.mod ./custombuild/go.sum ./
+RUN --mount=type=ssh go mod download
+WORKDIR /src
+COPY . .
+ARG GIT_HASH
+RUN make -C custombuild build BIN_NAME=authgear-portal TARGET=portalx GIT_HASH=$GIT_HASH
+
+# We used to build static binary.
+# But we have a transitive dependency on icu4c so this is no longer the case.
+# RUN readelf -d ./authgear | grep 'There is no dynamic section in this file'
+
+# Stage 2: Build the static files
+FROM node:20.9.0-bookworm as stage2
+ARG GIT_HASH
+WORKDIR /usr/src/app
+COPY ./scripts/npm/package.json ./scripts/npm/package-lock.json ./scripts/npm/
+RUN cd ./scripts/npm && npm ci
+COPY ./authui/package.json ./authui/package-lock.json ./authui/
+RUN cd ./authui && npm ci
+COPY . .
+RUN make authui GIT_HASH=$GIT_HASH
+
+# Stage 3: Build the portal static files
+FROM node:20.9.0-bookworm as stage3
+ARG GIT_HASH
+# If the working directory is /src, Parcel will have some problem with it.
+WORKDIR /usr/src/app
+COPY ./portal/package.json ./portal/package-lock.json ./
+RUN npm ci
+COPY ./portal .
+RUN npm run build
+
+# Stage 4: Prepare the actual fs we use to run the program
+FROM debian:bookworm-slim
+ARG GIT_HASH
+WORKDIR /app
+# /etc/mime.types (mime-support)
+# /usr/share/ca-certificates/*/* (ca-certificates)
+# /usr/share/zoneinfo/ (tzdata)
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    libicu-dev \
+    libvips-dev \
+    libmagic-dev \
+    libmagic-mgc \
+    ca-certificates \
+    mime-support \
+    tzdata \
+    && rm -rf /var/lib/apt/lists/*
+RUN update-ca-certificates
+COPY ./GeoLite2-Country.mmdb ./GeoLite2-Country.mmdb
+COPY ./migrations ./migrations
+COPY --from=stage1 /src/custombuild/authgear-portal /usr/local/bin/
+COPY ./resources/ ./resources/
+COPY --from=stage2 /usr/src/app/resources/authgear/ ./resources/authgear/
+COPY --from=stage3 /usr/src/app/dist/ ./resources/portal/static/
+COPY ./docker-entrypoint.sh /usr/local/bin/
+ENTRYPOINT ["docker-entrypoint.sh"]
+# update-ca-certificates requires root to run.
+#USER nobody
+EXPOSE 3003
+CMD ["authgear-portal", "start"]

custombuild/cmd/portalx/main.go

@@ -0,0 +1,46 @@
+package main
+
+import (
+	"errors"
+	"log"
+	"os"
+
+	"github.com/joho/godotenv"
+	_ "go.uber.org/automaxprocs"
+	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
+
+	"github.com/authgear/authgear-server/cmd/portal/cmd"
+	_ "github.com/authgear/authgear-server/cmd/portal/cmd/cmdanalytic"
+	_ "github.com/authgear/authgear-server/cmd/portal/cmd/cmddatabase"
+	_ "github.com/authgear/authgear-server/cmd/portal/cmd/cmdinternal"
+	_ "github.com/authgear/authgear-server/cmd/portal/cmd/cmdpricing"
+	_ "github.com/authgear/authgear-server/cmd/portal/cmd/cmdstart"
+	_ "github.com/authgear/authgear-server/cmd/portal/cmd/cmdusage"
+	_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/adfs"
+	_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/apple"
+	_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/azureadb2c"
+	_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/azureadv2"
+	_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/facebook"
+	_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/github"
+	_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/google"
+	_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/linkedin"
+	_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/wechat"
+	"github.com/authgear/authgear-server/pkg/util/debug"
+	_ "github.com/authgear/iamsmart/pkg/iamsmartoauthrelyingparty"
+)
+
+func main() {
+	debug.TrapSIGQUIT()
+
+	err := godotenv.Load()
+	if err != nil && !errors.Is(err, os.ErrNotExist) {
+		log.Printf("failed to load .env file: %s", err)
+	}
+
+	err = cmd.Root.Execute()
+	if err != nil {
+		os.Exit(1)
+	} else {
+		os.Exit(0)
+	}
+}