* ci(buildkite): prevent pre-exit hook on setup steps
Occasionally due to node issues the pre-exit hook for docker image cleanups can fail, causing the otherwise successful job to bail out. This change ignores the cleanup on setup steps.
* feat(web): replace cra with vite
* fix: add istanbul
* fix: add jest
* fix: inject env vars
* fix: replicate cra output directories
* fix: post-frontend build for go templating
* fix: dynamic publicpath
* fix(web): import resolution with aliases for .module.css files
* refactor(server): baseurl var
* refactor(web): drop babel-jest for esbuild-jest
* refactor(web): add inline sourcemap for coverage bundle
* build(deps): update web deps
* build(deps): downgrade vite-plugin-istanbul to 2.2.0
98bf77dbaa is a breaking change that means production mode builds can no longer be instrumented.
* refactor(web): match frontend name and version
* refactor(web): drop cra readme
* ci(codecov): utilise new codecov uploader for coverage
The codecov bash uploader is being [deprecated](https://docs.codecov.com/docs/about-the-codecov-bash-uploader).
This utilises the new uploader which is recommended.
* ci(codecov): adjust file search path and name uploads
* fix(suites): coverage paths for codecov
* Check for pnpm in authelia-scripts
* Improve husky hooks to check for required apps
* Use pnpm in coverage dockerfile
* Use pnpm in dev workflow
* Stop buildx log truncation
* Ignore pnpm lockfile in yamllint
* Update versions required for docker and docker-compose in contributing docs
* feat: hardened authelia binaries
This change ensures that all Authelia binaries which are compiled and distributed are hardened with the following standards:
* RELRO
* Stack canary
* NX
* PIE/ASLR
* Stripped RPATH AND RUNPATH
* Stripped Symbols
* Fortify
The musl variants currently [do not support Fortify](https://wiki.musl-libc.org/future-ideas.html#Fortify).
* refactor: docker pull for authelia/crossbuild in background
* feat: builds with gox and buildx
This change builds all of Authelia respective binaries in parallel within a single step and distributes as necessary to subsequent steps, we now also build and distribute for the following OS/Architecture: freebsd/amd64.
Our CI/CD pipeline now also utilises docker buildx as a default for builds and pushes.
* refactor: clean up docker helper
* Remove `authelia-scripts docker push-image` command as all pushes will be performed with buildx and manifests
* Rename the --arch flag to --container
* Add Dockerfile.dev for users that want to build an Authelia container from source without utilising suites
* Set Dockerfile.dev as default for `authelia-scripts docker build` command
* refactor: variant -> container
This permits manual retry on specific steps which can cause problematic issues for example when a node runs out of disk space.
By allowing this we should be able to recover problematic builds instead of forcing a complete rebuild which may be undesirable on the `master` or other production branches.
If a commit message includes either `[skip-test]` or `[test-skip]` a some CI steps will be ignored.
This is to allow rapid deployments and prototyping when attempting fixes, under no circumstances should any PR to master be accepted with said tags/conditionals.
Occasionally during a manifest deployment tags can be removed and the step may fail. To ensure the manifest step can be completed successfully it would require re-pushing the tags that had been removed.
Turning on the `permit_on_passed` option allows us to control this all through the Buildkite interface as opposed to manual intervention.
* feat: build and distribute .deb packages
Creates .deb packages for distribution via GitHub releases and Buildkite builds for the following architectures:
* amd64
* armhf
* arm64
* fix: pkgver reference in debpackages.sh
* refactor: split deb packaging jobs and quote variables
* fix: pipeline upload for debpackages
* fix: depends_on key for debpackages
* fix: add depends_on: ~ for debpackages step
* fix: pre-artifact hook for debpackages
* fix: add .deb suffix in pre-artifact hook
* fix: variable reference in debhelper.sh
* refactor: silence wget output in debhelper.sh
* refactor: make build concurrency gate only depend_on docker builds
* refactor: make build concurrency gate also depend_on coverage build
* refactor: remove dependencies for build concurrency gate
* refactor: cra build path
The `authelia-scripts` helper currently performs steps to move files around in different stages of development and CI/CD.
We now utilise the `BUILD_PATH` environment variable to adjust the output directory for the web frontend from the default of `./web/build/` simplifying the helper somewhat.
Additionally we no longer build the Go binary in the unit test stage of our CI/CD as this is not necessary.
* fix: build output directory in coverage dockerfile