-
Notifications
You must be signed in to change notification settings - Fork 37
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
f3426b1
commit bf7839a
Showing
8 changed files
with
1,576 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
name: Custom Build | ||
|
||
on: | ||
push: | ||
branches: | ||
- '*' | ||
- '!gh-pages' | ||
tags: | ||
- '*' | ||
pull_request: | ||
branches: | ||
- '*' | ||
- '!gh-pages' | ||
|
||
jobs: | ||
authgear-image-custom: | ||
runs-on: ubuntu-22.04 | ||
if: ${{ github.repository == 'authgear/authgear-server' }} | ||
steps: | ||
- uses: actions/checkout@v3 | ||
# https://aran.dev/posts/github-actions-go-private-modules/ | ||
- name: Set up SSH key | ||
env: | ||
SSH_AUTH_SOCK: /tmp/ssh_agent.sock | ||
AUTHGEAR_PRIVATE_DEPLOY_KEY: ${{ secrets.AUTHGEAR_PRIVATE_DEPLOY_KEY }} | ||
run: | | ||
mkdir -p ~/.ssh | ||
eval $(ssh-agent -a $SSH_AUTH_SOCK) | ||
printf "$AUTHGEAR_PRIVATE_DEPLOY_KEY" | base64 --decode | ssh-add - | ||
echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >> "$GITHUB_ENV" | ||
echo "SSH_AGENT_PID=$SSH_AGENT_PID" >> "$GITHUB_ENV" | ||
- run: make -C custombuild build-image TARGET=authgearx IMAGE_NAME=authgear-server-custom | ||
- name: Clean up SSH key | ||
if: ${{ always() }} | ||
run: | | ||
ssh-add -D | ||
ssh-agent -k | ||
echo "SSH_AUTH_SOCK=" >> "$GITHUB_ENV" | ||
echo "SSH_AGENT_PID=" >> "$GITHUB_ENV" | ||
- name: Push to HK | ||
env: | ||
DOCKER_PASSWORD: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_SERVICE_ACCOUNT_KEY_HK }} | ||
REPO: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_HK }} | ||
REPO_PREFIX: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_PREFIX_HK }} | ||
run: | | ||
make -C custombuild tag-image IMAGE_NAME=authgear-server-custom REMOTE_IMAGE_NAME="$REPO_PREFIX/authgear-server" | ||
printf "$DOCKER_PASSWORD" | docker login --username _json_key_base64 --password-stdin "$REPO" | ||
make -C custombuild push-image REMOTE_IMAGE_NAME="$REPO_PREFIX/authgear-server" || docker logout "$REPO" | ||
- name: Push to US | ||
env: | ||
DOCKER_PASSWORD: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_SERVICE_ACCOUNT_KEY_US }} | ||
REPO: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_US }} | ||
REPO_PREFIX: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_PREFIX_US }} | ||
run: | | ||
make -C custombuild tag-image IMAGE_NAME=authgear-server-custom REMOTE_IMAGE_NAME="$REPO_PREFIX/authgear-server" | ||
printf "$DOCKER_PASSWORD" | docker login --username _json_key_base64 --password-stdin "$REPO" | ||
make -C custombuild push-image REMOTE_IMAGE_NAME="$REPO_PREFIX/authgear-server" || docker logout "$REPO" | ||
portal-image-custom: | ||
runs-on: ubuntu-22.04 | ||
if: ${{ github.repository == 'authgear/authgear-server' }} | ||
steps: | ||
- uses: actions/checkout@v3 | ||
# https://aran.dev/posts/github-actions-go-private-modules/ | ||
- name: Set up SSH key | ||
env: | ||
SSH_AUTH_SOCK: /tmp/ssh_agent.sock | ||
AUTHGEAR_PRIVATE_DEPLOY_KEY: ${{ secrets.AUTHGEAR_PRIVATE_DEPLOY_KEY }} | ||
run: | | ||
mkdir -p ~/.ssh | ||
eval $(ssh-agent -a $SSH_AUTH_SOCK) | ||
printf "$AUTHGEAR_PRIVATE_DEPLOY_KEY" | base64 --decode | ssh-add - | ||
echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >> "$GITHUB_ENV" | ||
echo "SSH_AGENT_PID=$SSH_AGENT_PID" >> "$GITHUB_ENV" | ||
- run: make -C custombuild build-image TARGET=portalx IMAGE_NAME=authgear-portal-custom | ||
- name: Clean up SSH key | ||
if: ${{ always() }} | ||
run: | | ||
ssh-add -D | ||
ssh-agent -k | ||
echo "SSH_AUTH_SOCK=" >> "$GITHUB_ENV" | ||
echo "SSH_AGENT_PID=" >> "$GITHUB_ENV" | ||
- name: Push to HK | ||
env: | ||
DOCKER_PASSWORD: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_SERVICE_ACCOUNT_KEY_HK }} | ||
REPO: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_HK }} | ||
REPO_PREFIX: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_PREFIX_HK }} | ||
run: | | ||
make -C custombuild tag-image IMAGE_NAME=authgear-portal-custom REMOTE_IMAGE_NAME="$REPO_PREFIX/authgear-portal" | ||
printf "$DOCKER_PASSWORD" | docker login --username _json_key_base64 --password-stdin "$REPO" | ||
make -C custombuild push-image REMOTE_IMAGE_NAME="$REPO_PREFIX/authgear-portal" || docker logout "$REPO" | ||
- name: Push to US | ||
env: | ||
DOCKER_PASSWORD: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_SERVICE_ACCOUNT_KEY_US }} | ||
REPO: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_US }} | ||
REPO_PREFIX: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_PREFIX_US }} | ||
run: | | ||
make -C custombuild tag-image IMAGE_NAME=authgear-portal-custom REMOTE_IMAGE_NAME="$REPO_PREFIX/authgear-portal" | ||
printf "$DOCKER_PASSWORD" | docker login --username _json_key_base64 --password-stdin "$REPO" | ||
make -C custombuild push-image REMOTE_IMAGE_NAME="$REPO_PREFIX/authgear-portal" || docker logout "$REPO" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
# GIT_NAME could be empty. | ||
GIT_NAME ?= $(shell git describe --exact-match 2>/dev/null) | ||
GIT_HASH ?= git-$(shell git rev-parse --short=12 HEAD) | ||
|
||
LDFLAGS ?= "-X github.com/authgear/authgear-server/pkg/version.Version=${GIT_HASH}" | ||
|
||
.PHONY: start | ||
start: | ||
go run -ldflags ${LDFLAGS} ./cmd/authgearx start | ||
|
||
.PHONY: start-portal | ||
start-portal: | ||
go run -ldflags ${LDFLAGS} ./cmd/portalx start | ||
|
||
.PHONY: build | ||
build: | ||
go build -o $(BIN_NAME) -tags "osusergo netgo static_build timetzdata $(GO_BUILD_TAGS)" -ldflags ${LDFLAGS} ./cmd/$(TARGET) | ||
|
||
.PHONY: build-image | ||
build-image: | ||
# Add --pull so that we are using the latest base image. | ||
# The build context is the parent directory | ||
docker build --pull --ssh=default --file ./cmd/$(TARGET)/Dockerfile --tag $(IMAGE_NAME) --build-arg GIT_HASH=$(GIT_HASH) ../ | ||
|
||
.PHONY: tag-image | ||
tag-image: | ||
docker tag $(IMAGE_NAME) $(REMOTE_IMAGE_NAME):$(GIT_HASH) | ||
|
||
.PHONY: push-image | ||
push-image: | ||
docker push $(REMOTE_IMAGE_NAME):$(GIT_HASH) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
# syntax=docker/dockerfile:1 | ||
|
||
# Stage 1: Build the Go binary | ||
FROM golang:1.22.4-bookworm as stage1 | ||
|
||
# Install build time C dependencies | ||
RUN apt-get update && apt-get install -y --no-install-recommends \ | ||
pkg-config \ | ||
libicu-dev \ | ||
libvips-dev \ | ||
libmagic-dev \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
|
||
# In order to build a Go program that uses private modules in Docker, | ||
# we need the following | ||
# | ||
# 1. Set GOPRIVATE | ||
# 2. Set up ~/.gitconfig to make Go to use SSH instead HTTPS to fetch the private modules. | ||
# 3. Set up ~/.ssh/known_hosts | ||
# 4. use --mount=type=ssh to use the SSH agent from the host machine. | ||
ENV GOPRIVATE github.com/authgear/iamsmart | ||
RUN git config --global url."ssh://[email protected]/authgear/iamsmart".insteadOf https://github.com/authgear/iamsmart | ||
RUN mkdir -p ~/.ssh \ | ||
&& ssh-keyscan github.com >> ~/.ssh/known_hosts | ||
|
||
WORKDIR /src | ||
COPY go.mod go.sum ./ | ||
RUN go mod download | ||
WORKDIR /src/custombuild | ||
COPY ./custombuild/go.mod ./custombuild/go.sum ./ | ||
RUN --mount=type=ssh go mod download | ||
WORKDIR /src | ||
COPY . . | ||
ARG GIT_HASH | ||
RUN make -C custombuild build BIN_NAME=authgear TARGET=authgearx GIT_HASH=$GIT_HASH | ||
|
||
# We used to build static binary. | ||
# But we have a transitive dependency on icu4c so this is no longer the case. | ||
# RUN readelf -d ./authgear | grep 'There is no dynamic section in this file' | ||
|
||
# Stage 2: Build the static files | ||
FROM node:20.9.0-bookworm as stage2 | ||
ARG GIT_HASH | ||
WORKDIR /usr/src/app | ||
COPY ./scripts/npm/package.json ./scripts/npm/package-lock.json ./scripts/npm/ | ||
RUN cd ./scripts/npm && npm ci | ||
COPY ./authui/package.json ./authui/package-lock.json ./authui/ | ||
RUN cd ./authui && npm ci | ||
COPY . . | ||
RUN make authui GIT_HASH=$GIT_HASH | ||
|
||
# Stage 3: Prepare the actual fs we use to run the program | ||
FROM debian:bookworm-slim | ||
ARG GIT_HASH | ||
WORKDIR /app | ||
# /etc/mime.types (mime-support) | ||
# /usr/share/ca-certificates/*/* (ca-certificates) | ||
# /usr/share/zoneinfo/ (tzdata) | ||
RUN apt-get update && apt-get install -y --no-install-recommends \ | ||
libicu-dev \ | ||
libvips-dev \ | ||
libmagic-dev \ | ||
libmagic-mgc \ | ||
ca-certificates \ | ||
mime-support \ | ||
tzdata \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
RUN update-ca-certificates | ||
COPY ./GeoLite2-Country.mmdb ./GeoLite2-Country.mmdb | ||
COPY ./migrations ./migrations | ||
COPY --from=stage1 /src/custombuild/authgear /usr/local/bin/ | ||
COPY ./resources/ ./resources/ | ||
COPY --from=stage2 /usr/src/app/resources/authgear/ ./resources/authgear/ | ||
COPY ./docker-entrypoint.sh /usr/local/bin/ | ||
ENTRYPOINT ["docker-entrypoint.sh"] | ||
# update-ca-certificates requires root to run. | ||
#USER nobody | ||
EXPOSE 3000 | ||
CMD ["authgear", "start"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
package main | ||
|
||
import ( | ||
"errors" | ||
"log" | ||
"os" | ||
|
||
"github.com/joho/godotenv" | ||
_ "go.uber.org/automaxprocs" | ||
|
||
"github.com/authgear/authgear-server/cmd/authgear/cmd" | ||
_ "github.com/authgear/authgear-server/cmd/authgear/cmd/cmdaudit" | ||
_ "github.com/authgear/authgear-server/cmd/authgear/cmd/cmdbackground" | ||
_ "github.com/authgear/authgear-server/cmd/authgear/cmd/cmddatabase" | ||
_ "github.com/authgear/authgear-server/cmd/authgear/cmd/cmdimages" | ||
_ "github.com/authgear/authgear-server/cmd/authgear/cmd/cmdimages/cmddatabase" | ||
_ "github.com/authgear/authgear-server/cmd/authgear/cmd/cmdimages/cmdstart" | ||
_ "github.com/authgear/authgear-server/cmd/authgear/cmd/cmdimport" | ||
_ "github.com/authgear/authgear-server/cmd/authgear/cmd/cmdinit" | ||
_ "github.com/authgear/authgear-server/cmd/authgear/cmd/cmdinternal" | ||
_ "github.com/authgear/authgear-server/cmd/authgear/cmd/cmdstart" | ||
_ "github.com/authgear/authgear-server/pkg/latte" | ||
_ "github.com/authgear/authgear-server/pkg/lib/authenticationflow/declarative" | ||
_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/adfs" | ||
_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/apple" | ||
_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/azureadb2c" | ||
_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/azureadv2" | ||
_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/facebook" | ||
_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/github" | ||
_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/google" | ||
_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/linkedin" | ||
_ "github.com/authgear/authgear-server/pkg/lib/oauthrelyingparty/wechat" | ||
"github.com/authgear/authgear-server/pkg/util/debug" | ||
_ "github.com/authgear/iamsmart/pkg/iamsmartoauthrelyingparty" | ||
) | ||
|
||
func main() { | ||
debug.TrapSIGQUIT() | ||
|
||
err := godotenv.Load() | ||
if err != nil && !errors.Is(err, os.ErrNotExist) { | ||
log.Printf("failed to load .env file: %s", err) | ||
} | ||
|
||
err = cmd.Root.Execute() | ||
if err != nil { | ||
os.Exit(1) | ||
} else { | ||
os.Exit(0) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
# syntax=docker/dockerfile:1 | ||
|
||
# Stage 1: Build the Go binary | ||
FROM golang:1.22.4-bookworm as stage1 | ||
|
||
# Install build time C dependencies | ||
RUN apt-get update && apt-get install -y --no-install-recommends \ | ||
pkg-config \ | ||
libicu-dev \ | ||
libvips-dev \ | ||
libmagic-dev \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
|
||
# In order to build a Go program that uses private modules in Docker, | ||
# we need the following | ||
# | ||
# 1. Set GOPRIVATE | ||
# 2. Set up ~/.gitconfig to make Go to use SSH instead HTTPS to fetch the private modules. | ||
# 3. Set up ~/.ssh/known_hosts | ||
# 4. use --mount=type=ssh to use the SSH agent from the host machine. | ||
ENV GOPRIVATE github.com/authgear/iamsmart | ||
RUN git config --global url."ssh://[email protected]/authgear/iamsmart".insteadOf https://github.com/authgear/iamsmart | ||
RUN mkdir -p ~/.ssh \ | ||
&& ssh-keyscan github.com >> ~/.ssh/known_hosts | ||
|
||
WORKDIR /src | ||
COPY go.mod go.sum ./ | ||
RUN go mod download | ||
WORKDIR /src/custombuild | ||
COPY ./custombuild/go.mod ./custombuild/go.sum ./ | ||
RUN --mount=type=ssh go mod download | ||
WORKDIR /src | ||
COPY . . | ||
ARG GIT_HASH | ||
RUN make -C custombuild build BIN_NAME=authgear-portal TARGET=portalx GIT_HASH=$GIT_HASH | ||
|
||
# We used to build static binary. | ||
# But we have a transitive dependency on icu4c so this is no longer the case. | ||
# RUN readelf -d ./authgear | grep 'There is no dynamic section in this file' | ||
|
||
# Stage 2: Build the static files | ||
FROM node:20.9.0-bookworm as stage2 | ||
ARG GIT_HASH | ||
WORKDIR /usr/src/app | ||
COPY ./scripts/npm/package.json ./scripts/npm/package-lock.json ./scripts/npm/ | ||
RUN cd ./scripts/npm && npm ci | ||
COPY ./authui/package.json ./authui/package-lock.json ./authui/ | ||
RUN cd ./authui && npm ci | ||
COPY . . | ||
RUN make authui GIT_HASH=$GIT_HASH | ||
|
||
# Stage 3: Build the portal static files | ||
FROM node:20.9.0-bookworm as stage3 | ||
ARG GIT_HASH | ||
# If the working directory is /src, Parcel will have some problem with it. | ||
WORKDIR /usr/src/app | ||
COPY ./portal/package.json ./portal/package-lock.json ./ | ||
RUN npm ci | ||
COPY ./portal . | ||
RUN npm run build | ||
|
||
# Stage 4: Prepare the actual fs we use to run the program | ||
FROM debian:bookworm-slim | ||
ARG GIT_HASH | ||
WORKDIR /app | ||
# /etc/mime.types (mime-support) | ||
# /usr/share/ca-certificates/*/* (ca-certificates) | ||
# /usr/share/zoneinfo/ (tzdata) | ||
RUN apt-get update && apt-get install -y --no-install-recommends \ | ||
libicu-dev \ | ||
libvips-dev \ | ||
libmagic-dev \ | ||
libmagic-mgc \ | ||
ca-certificates \ | ||
mime-support \ | ||
tzdata \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
RUN update-ca-certificates | ||
COPY ./GeoLite2-Country.mmdb ./GeoLite2-Country.mmdb | ||
COPY ./migrations ./migrations | ||
COPY --from=stage1 /src/custombuild/authgear-portal /usr/local/bin/ | ||
COPY ./resources/ ./resources/ | ||
COPY --from=stage2 /usr/src/app/resources/authgear/ ./resources/authgear/ | ||
COPY --from=stage3 /usr/src/app/dist/ ./resources/portal/static/ | ||
COPY ./docker-entrypoint.sh /usr/local/bin/ | ||
ENTRYPOINT ["docker-entrypoint.sh"] | ||
# update-ca-certificates requires root to run. | ||
#USER nobody | ||
EXPOSE 3003 | ||
CMD ["authgear-portal", "start"] |
Oops, something went wrong.