Commit Graph

53 Commits (e2511b20a39472d7962f8e38df23ab5479068736)

Author SHA1 Message Date
James Elliott a689ffe372
ci: publish authelia-git aur only on releases (#2666) 2021-12-03 15:56:31 +11:00
Amir Zarrinkafsh dbbb506fa5
ci(buildkite): fix missing commit in build-info for authelia aur package (#2609) 2021-11-18 11:57:11 +11:00
Amir Zarrinkafsh b606ec6752
ci(buildkite): add agent control to standalone job (#2469) 2021-10-08 12:08:43 +11:00
Amir Zarrinkafsh bd6a8e3ea2
feat: hardened authelia binaries (#2410)
* feat: hardened authelia binaries

This change ensures that all Authelia binaries which are compiled and distributed are hardened with the following standards:

* RELRO
* Stack canary
* NX
* PIE/ASLR
* Stripped RPATH AND RUNPATH
* Stripped Symbols
* Fortify

The musl variants currently [do not support Fortify](https://wiki.musl-libc.org/future-ideas.html#Fortify).

* refactor: docker pull for authelia/crossbuild in background
2021-09-26 12:08:47 +10:00
Amir Zarrinkafsh 57705be468
refactor: use authelia/debpackager:latest manifest (#2383) 2021-09-17 10:08:57 +10:00
Amir Zarrinkafsh 92ec00d7c5
feat: builds with gox and buildx (#2381)
* feat: builds with gox and buildx

This change builds all of Authelia respective binaries in parallel within a single step and distributes as necessary to subsequent steps, we now also build and distribute for the following OS/Architecture: freebsd/amd64.

Our CI/CD pipeline now also utilises docker buildx as a default for builds and pushes.

* refactor: clean up docker helper

* Remove `authelia-scripts docker push-image` command as all pushes will be performed with buildx and manifests
* Rename the --arch flag to --container
* Add Dockerfile.dev for users that want to build an Authelia container from source without utilising suites
* Set Dockerfile.dev as default for `authelia-scripts docker build` command

* refactor: variant -> container
2021-09-16 22:39:18 +10:00
Amir Zarrinkafsh e4d1efacaa
ci(buildkite): update to authelia/debpackager (#2362) 2021-09-13 18:46:53 +10:00
Amir Zarrinkafsh 327765f132
ci(buildkite): allow manual retry on successful steps (#2267)
This permits manual retry on specific steps which can cause problematic issues for example when a node runs out of disk space.

By allowing this we should be able to recover problematic builds instead of forcing a complete rebuild which may be undesirable on the `master` or other production branches.
2021-08-07 11:04:21 +10:00
Amir Zarrinkafsh 87550d1957
ci(buildkite): add [skip-test] and [test-skip] conditionals (#2265)
If a commit message includes either `[skip-test]` or `[test-skip]` a some CI steps will be ignored.

This is to allow rapid deployments and prototyping when attempting fixes, under no circumstances should any PR to master be accepted with said tags/conditionals.
2021-08-07 10:06:42 +10:00
Amir Zarrinkafsh e930b76464
ci(buildkite): allow retry on successful docker deploy steps (#2246)
Occasionally during a manifest deployment tags can be removed and the step may fail. To ensure the manifest step can be completed successfully it would require re-pushing the tags that had been removed.

Turning on the `permit_on_passed` option allows us to control this all through the Buildkite interface as opposed to manual intervention.
2021-08-05 18:52:30 +10:00
Amir Zarrinkafsh b415770548
ci(buildkite): fix apt repo readme (#2245)
Image links in the apt repo README.md were broken as the file uploaded without the necessary modifications.
2021-08-05 16:58:08 +10:00
Amir Zarrinkafsh 711b5ff0db
feat: publish and deploy to apt.authelia.com (#2148)
This automates the process of publishing our `*.deb` files for stable Authelia releases to apt.authelia.com.
2021-07-05 12:49:48 +10:00
Amir Zarrinkafsh 93e20a44e9
feat: build and distribute .deb packages (#2114)
* feat: build and distribute .deb packages

Creates .deb packages for distribution via GitHub releases and Buildkite builds for the following architectures:

* amd64
* armhf
* arm64

* fix: pkgver reference in debpackages.sh

* refactor: split deb packaging jobs and quote variables

* fix: pipeline upload for debpackages

* fix: depends_on key for debpackages

* fix: add depends_on: ~ for debpackages step

* fix: pre-artifact hook for debpackages

* fix: add .deb suffix in pre-artifact hook

* fix: variable reference in debhelper.sh

* refactor: silence wget output in debhelper.sh

* refactor: make build concurrency gate only depend_on docker builds

* refactor: make build concurrency gate also depend_on coverage build

* refactor: remove dependencies for build concurrency gate
2021-06-26 11:45:21 +10:00
Amir Zarrinkafsh 2b95acb82a
ci(buildkite): add tag for highavailability suite (#2038)
Allows granular control for node assignment on the high availability testing suite.
2021-05-27 14:23:56 +10:00
Clément Michaud 7c18081f57
ci: include version in the name of tar.gz artifacts (#1919)
This makes sure the version is included in GitHub artifacts.

Fix #1918

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-04-15 17:56:32 +10:00
Amir Zarrinkafsh e816a2e563
ci: publish docker images to ghcr (#1860)
* ci: publish docker images to ghcr

* ci: remove ghcr images with no tags

* ci: remove unnecessary ghcr jq args for empty tags

* ci: move ghcr empty tag clean up

Publishes Docker container images on both DockerHub and GitHub Container Registry.
2021-03-30 09:17:19 +11:00
James Elliott 1e46ec6c44
ci: restore dependabot rules (#1797)
Restores the dependabot rules in buildkite for the purpose of security fixes which are handled by dependabot still.
2021-03-10 15:53:33 +11:00
Amir Zarrinkafsh 49aa5e0eb8
ci(buildkite): change to concurrency gates (#1752)
* ci(buildkite): change to concurrency gates

Continuation of #1751.

* ci(buildkite): optimise concurrency gates
2021-02-22 12:48:20 +11:00
Amir Zarrinkafsh 8c79e6beca
ci(buildkite): utilise conventional-changelog for release notes (#1714)
Instead of generating our changelog based on crude modifications utilising git log we now utilise conventional-changelog.

conventional-changelog utilises the angular commit structure to categorise and display the changelog for 3 types (fix,feat,perf) and each of the change scopes are identified in the changelog too.

An example of the output for v4.26.0 can be found below:

# [4.26.0](https://github.com/authelia/authelia/compare/v4.25.2...v4.26.0) (2021-02-02)

### Bug Fixes

* **handlers:** refresh user details on all domains ([#1642](https://github.com/authelia/authelia/issues/1642)) ([60ff16b](60ff16b518))

### Docker Container
* `docker pull authelia/authelia:4.26.0`
2021-02-12 14:00:36 +11:00
Amir Zarrinkafsh aac5170ddc
ci: remove dependabot (#1696)
da5892faad introduced renovate to Authelia.
Now that it has been evaluated dependabot is no longer necessary and can be removed.
2021-02-04 13:06:23 +11:00
Amir Zarrinkafsh d71dbd4858
ci(buildkite): update buildkite deployment steps (#1678)
This PR modifies the Buildkite CI pipeline with the following changes:

* Add `SECURITY.md` to CI_BYPASS
* Skip Docker {amd64,arm32v7,arm64v8} builds for renovate PRs
* Ensure Deploy Manifest step only is assigned to deployment nodes
2021-01-31 11:49:36 +11:00
Amir Zarrinkafsh 3487fd392e
[FEATURE] Add API docs and swagger-ui (#1544)
* [FEATURE] Add API docs and swagger-ui

This change will serve out swagger-ui at the `/api/` root path.

* Update descriptions and summaries in API spec

* Utilise frontend assets from unit testing for Docker build steps

* Fix tag for /api/user/* endpoints

* Fix response schema for /api/user/info/2fa_method

* Template and inject the session name during runtime into swagger-ui

This change also factorises and renames index.go into template.go, this can now be generically utilised to template any file.

* Fix integration tests

* Add U2F endpoints

* Change swagger directory to api

This change is to more closely conform to the golang-standards project layout.

* Add authentication for u2f endpoints

* Modify u2f endpoint descriptions

* Rename and fix u2f 2fa sign endpoints

* Fix request body for /api/secondfactor/u2f/sign endpoint

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-01-03 15:28:46 +11:00
Amir Zarrinkafsh aa64d0c4e5
[FEATURE] Support MSAD password reset via unicodePwd attribute (#1460)
* Added `ActiveDirectory` suite for integration tests with Samba AD
* Updated documentation
* Minor styling refactor to suites
* Clean up LDAP user provisioning
* Fix Authelia home splash to reference correct link for webmail
* Add notification message for password complexity errors
* Add password complexity integration test
* Rename implementation default from rfc to custom
* add specific defaults for LDAP (activedirectory implementation)
* add docs to show the new defaults
* add docs explaining the importance of users filter
* add tests
* update instances of LDAP implementation names to use the new consts where applicable
* made the 'custom' case in the UpdatePassword method for the implementation switch the default case instead
* update config examples due to the new defaults
* apply changes from code review
* replace schema default name from MSAD to ActiveDirectory for consistency
* fix missing default for username_attribute
* replace test raising on empty username attribute with not raising on empty

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-11-27 20:59:22 +11:00
Amir Zarrinkafsh 0df8f6bfe3
[CI] Collect and upload coverage on master branch (#1174) 2020-07-02 08:56:45 +02:00
vdot0x23 6ccc92e47e
do not hardcode /bin/bash (#1122)
Co-authored-by: Victor Büttner <victor@0x23.dk>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-06-18 09:49:13 +02:00
Amir Zarrinkafsh d123fe4785
[CI] Add Codecov support (#1065)
* [CI] Add Codecov support

* [CI] Capture backend coverage from integration tests

* [CI] Remove unnecessary artifacts for coverage build

* [CI] Only run coverage elements where necessary

* [CI] Simplify post-command hook

* Fix yarn dependencies and collect coverage

* [CI] Include cmd/authelia/ path in coverage

* [CI] Exclude internal/suites/ in coverage

Closes #1061.
2020-06-05 10:43:19 +10:00
Amir Zarrinkafsh 9e2a9f5ee6
[DEPRECATE] Remove OSX (darwin) based binaries (#967) 2020-05-03 22:03:53 +10:00
Amir Zarrinkafsh d301ebe47c
[CI] Fix pipeline dependencies (#964)
* [CI] Fix pipeline dependencies
This change ensures that CI_BYPASS works as intended and ensures that the hardcoded pipeline does not conflict with the repo provided dynamic pipeline.
The hardcoded pipeline has been changed to reflect the following:
```yaml
steps:
  # Blocking pipeline for master branch deployments (concurrency_group).
  - label: ":pipeline: Setup Pipeline"
    command: ".buildkite/pipeline.sh | buildkite-agent pipeline upload"
    concurrency: 1
    concurrency_group: "deployments"
    if: build.branch == "master"

  # Non-blocking pipeline for all others (tagged commits/local branches/PRs).
  - label: ":pipeline: Setup Pipeline"
    command: ".buildkite/pipeline.sh | buildkite-agent pipeline upload"
    if: build.branch != "master"

  - wait:
    if: build.pull_request.repository.fork != true && build.branch !~ /^dependabot\/.*/

  # Manual intervention by team required to deploy for forked PRs (prevent secret leakage).
  - block: "Public fork needs approval"
    if: build.pull_request.repository.fork == true

  # Blocking deployment for master branch deployments (concurrency_group).
  - label: "🚀 Setup Deployment"
    command: ".buildkite/deployment.sh | buildkite-agent pipeline upload"
    concurrency: 1
    concurrency_group: "deployments"
    depends_on: ~
    if: build.branch == "master"

  # Non-blocking deployment for all others (tagged commits/local branches).
  - label: "🚀 Setup Deployment"
    command: ".buildkite/deployment.sh | buildkite-agent pipeline upload"
    depends_on: ~
    if: build.branch != "master" && build.branch !~ /^dependabot\/.*/ && build.pull_request.repository.fork != true

  # Removed dependency optimisation for forked PRs to enforce block step.
  - label: "🚀 Setup Deployment"
    command: ".buildkite/deployment.sh | buildkite-agent pipeline upload"
    if: build.pull_request.repository.fork == true
```

* [CI] Include upstream hardcoded pipeline in repo
2020-05-02 17:05:11 +02:00
Amir Zarrinkafsh f8bd506326
[FEATURE] Embed static assets in Go binary (#916)
* [FEATURE] Embed static assets in Go binary

* Refactor/consolidate code and specify public_html via configuration

* Update docs and config template for assets

* Update AUR package pre-requisites and systemd unit

* Include static assets as Buildkite and GitHub artifacts

* Remove references to PUBLIC_DIR

* Only serve assets via embedded filesystem and remove configuration references

* Update authelia-scripts helper to build the embedded filesystem

* Mock the embedded filesystem for unit tests
Add to gitignore to ensure this isn't overwritten.

* Move go:generate to satisfy linter
2020-04-29 00:07:20 +10:00
Amir Zarrinkafsh 13712d0f36
[Buildkite] Fine-grained control of build steps for agent allocation (#835) 2020-04-08 11:31:33 +10:00
Amir Zarrinkafsh 580152b40b
[FEATURE] Include darwin based binaries for OSX (#814)
Build and publish binary artifacts for Authelia which can be run directly from OSX.
2020-04-03 16:13:24 +11:00
Amir Zarrinkafsh 95f6c1a893
[Buildkite] Add contents of BREAKING.md for tag to releases (#797)
This will ensure that notes pertaining to a version in the BREAKING.md will be published in each of the respective github releases.

All information from:
'## Breaking in $TAG' until the next '## Breaking in $TAG' is included.
2020-03-31 08:46:23 +11:00
Amir Zarrinkafsh 7a0d217b67
[Buildkite] Reorder git fetch in pipeline (#697)
This will ensure that we always will have up-to-date refs for the repo post-checkout.
2020-03-09 16:53:13 +11:00
Amir Zarrinkafsh b70c4a744f
[Buildkite] Ignore unnecessary CI steps for docs/* only based commits (#690)
* [Buildkite] Ignore build and deploy steps for [DOCS] only based commits

* [Buildkite] Convert static pipelines into dynamic pipelines

* [Buildkite] Convert dynamic pipeline steps into heredocs

* [Buildkite] Fix indentation for aurpackages.sh

* [Buildkite] Rename docs bypass env variable

* [Buildkite] Fix automatic retries in integration tests
2020-03-09 12:32:07 +11:00
Amir Zarrinkafsh ae5533d41b
[Buildkite] Fix always reporting as failure for github artifact step (#673) 2020-03-01 15:56:04 +11:00
Clément Michaud 9c0e722bd7
[DOCS] Do not let think OAuth won't be supported. (#665)
* [DOCS] Do not let think OAuth won't be supported.

* [Buildkite] Prevent docs commit if there are no changes
2020-02-29 23:07:23 +11:00
Clément Michaud f821793afb
[Buildkite] Change commit author of commits in gh-pages to autheliabot. (#662) 2020-02-29 22:29:55 +11:00
Clément Michaud a9f8958187
[BUGFIX] Add jekyll dependency in Gemfile. (#660)
* [BUGFIX] Add jekyll dependency in Gemfile.

* [Buildkite] Optimise documentation sync step

* [DOC] Fix merge conflict for index.md

* [DOC] Fix formatting issues
2020-02-29 16:15:03 +11:00
Clément Michaud adf7bbaf5b
[DOCS] Bootstrap new documentation website based on just-the-docs (#659) 2020-02-29 01:43:59 +01:00
Amir Zarrinkafsh 150a2e177a
[Buildkite] Enable automatic retries for failed github artifact step (#658)
* [Buildkite] Enable automatic retries for failed github artifact step

This is to handle failures which may occur when attempting to upload assets, per: https://buildkite.com/authelia/authelia/builds/465#537f931f-efc3-4f7b-9527-c927c1425a52.

* [Buildkite] Ensure GitHub artifact step is reported as a failure

When the initial command fails and we remove the release, we need to ensure that the exit status is reported as non-zero to trigger the automatic retry.
2020-02-28 22:58:44 +01:00
Amir Zarrinkafsh 4c09df9868
[Buildkite] Fix AUR version tagging (#645)
Need to fetch all tags prior to extracting the correct version.
2020-02-20 11:04:07 +11:00
Amir Zarrinkafsh 447b2461e4
[Buildkite] Automate CD for AUR packages (#644)
* [Buildkite] Automate continuous deployment for AUR packages

* [Buildkite] Make AUR deploy step conditional
2020-02-20 10:25:28 +11:00
Amir Zarrinkafsh d80becc343
[FIX] Changelog generation for github releases (#641) 2020-02-19 12:25:41 +11:00
Amir Zarrinkafsh 5588014ea7 [Buildkite] Fix agent key allocation for build step (#624) 2020-02-06 09:18:56 +01:00
Amir Zarrinkafsh 27b8a1b0fe
[Buildkite] Fix issues with releases in CD pipeline (#617)
* [Buildkite] Fix changelog output for github releases

Fetch is required to grab the latest tag, this will ensure the correct data is generated

* [Buildkite] Only clean tags on pushes to master

Also ensure that master tag is not removed on github API failures.

* [Buildkite] Fix tag publishing for releases

* [Buildkite] Minor tweaks to github changelog output
2020-02-05 23:24:19 +11:00
Amir Zarrinkafsh 49e739d009
[Buildkite] Add automatic deployment and removal of Docker images for Branches and PRs (#592) 2020-01-30 08:37:11 +01:00
Amir Zarrinkafsh 107126929b Update README.md with AUR references and remove CHANGELOG.md (#576)
* Update README.md
Provide badges and references to the AUR for Arch Linux Authelia packages.
Closes #571 #572.

* Add systemd unit file
Include the unit in future release artifacts.

* Remove CHANGELOG.md
As of future releases Changelog details will dynamically be generated.

* Update README.md
Add badge for authelia-git package.

* Update Changelog to only publish explicit Docker tag
Do not include Major and Minor versions, as these will change over time.
2020-01-24 10:21:17 +01:00
Amir Zarrinkafsh 1059551133
Optimise deploy artifacts step (#564)
* Optimise deploy artifacts step
authelia-scripts is not required to publish GitHub artifacts as we utilise [Hub](https://hub.github.com/), this should save ~10 seconds in this step.

* Specify release number in pipeline

* Change buildkite and github published artifacts back to gzip

* Update README.md
2020-01-20 10:53:55 +11:00
Clément Michaud ce7b6b8167
Build docker image upfront in CI and use it in integration tests. (#555)
* Build docker image upfront in CI and use it in integration tests.

Previously, the development workflow was broken because the container
generated from Dockerfile.CI was used in dev environments but the binary
was not pre-built as it is on buildkite. I propose to just remove that
image and use the "to be published" image instead in integration tests.

This will have several advantages:
- Fix the dev workflow.
- Remove CI arch from authelia-scripts build command
- Optimize CI time in buildkite since we'll cache a way small artifact
- We don't build authelia more than once for earch arch.

* Fix suites and only build ARM images on master or tagged commits

* Optimise pipeline dependencies and Kubernetes suite to utilise cache

* Run unit tests and docker image build in parallel.

* Fix suite trying to write on read only fs.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-01-17 20:46:51 +01:00
Amir Zarrinkafsh e97a11a9c1 Utilise zstd for compression 2020-01-07 13:13:41 +11:00