Multiarch builds (#1147)

* extract email from id_token for azure provider (#914)

* extract email from id_token for azure provider

this change fixes a bug when --resource is specified with non-Graph
api and the access token destined to --resource is used to call Graph
api

* fixed typo

* refactor GetEmailAddress to EnrichSessionState

* make getting email from idtoken best effort and fall back to previous behavior when it's absent

* refactor to use jwt package to extract claims

* fix lint

* refactor unit tests to use test table
refactor the get email logic from profile api

* addressing feedback

* added oidc verifier to azure provider and extract email from id_token if present

* fix lint and codeclimate

* refactor to use oidc verifier to verify id_token if oidc is configured

* fixed UT

* addressed comments

* minor refactor

* addressed feedback

* extract email from id_token first and fallback to access token

* fallback to access token as well when id_token doesn't have email claim

* address feedbacks

* updated change log!

* switch to docker buildx for multiarch builds

* add setup docker buildx action

* update docker push to push the multiarch image

* make multiarch image have parity with currently produced images by adding linux/armv6

* triaging issue with arm v6

* incorporating feedback

* fixing rebase disaster

* reset Makefile to blessed state

Co-authored-by: Weinong Wang <weinong@outlook.com>

.github/workflows/ci.yaml

@@ -57,6 +57,13 @@ jobs:
     - name: Check out code
       uses: actions/checkout@v2
 
+    - name: Set up Docker Buildx
+      id: buildx
+      uses: crazy-max/ghaction-docker-buildx@v3
+      with:
+        buildx-version: latest
+        qemu-version: latest
+
     - name: Docker Build
       run: |
         make docker

CHANGELOG.md

@@ -8,7 +8,7 @@
   deserialization from v6.0.0 (only) has been removed to improve performance. If you are on v6.0.0, either upgrade
   to a version before this first and allow legacy sessions to expire gracefully or change your `cookie-secret`
   value and force all sessions to reauthenticate.
-  
+
 - [#1210](https://github.com/oauth2-proxy/oauth2-proxy/pull/1210) A new `keycloak-oidc` provider has been added with support for role based authentication. The existing keycloak auth provider will eventually be deprecated and removed. Please switch to the new provider `keycloak-oidc`.
 
 ## Breaking Changes
@@ -36,6 +36,7 @@
 - [#1330](https://github.com/oauth2-proxy/oauth2-proxy/pull/1330) Allow specifying URL as input for custom sign in logo (@MaikuMori)
 - [#1357](https://github.com/oauth2-proxy/oauth2-proxy/pull/1357) Fix unsafe access to session variable (@harzallah)
 - [#997](https://github.com/oauth2-proxy/oauth2-proxy/pull/997) Allow passing the raw url path when proxying upstream requests - e.g. /%2F/ (@FStelzer)
+- [#1147](https://github.com/oauth2-proxy/oauth2-proxy/pull/1147) Multiarch support for docker image (@goshlanguage)
 
 # V7.1.3
 

Makefile

@@ -13,8 +13,6 @@ MINIMUM_SUPPORTED_GO_MAJOR_VERSION = 1
 MINIMUM_SUPPORTED_GO_MINOR_VERSION = 15
 GO_VERSION_VALIDATION_ERR_MSG = Golang version is not supported, please update to at least $(MINIMUM_SUPPORTED_GO_MAJOR_VERSION).$(MINIMUM_SUPPORTED_GO_MINOR_VERSION)
 
-DOCKER_BUILD := docker build --build-arg VERSION=${VERSION}
-
 ifeq ($(COVER),true)
 TESTCOVER ?= -coverprofile c.out
 endif
@@ -41,9 +39,12 @@ build: validate-go-version clean $(BINARY)
 $(BINARY):
 	GO111MODULE=on CGO_ENABLED=0 $(GO) build -a -installsuffix cgo -ldflags="-X main.VERSION=${VERSION}" -o $@ github.com/oauth2-proxy/oauth2-proxy/v7
 
+DOCKER_BUILD := docker build --build-arg VERSION=${VERSION}
+DOCKER_BUILDX := docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v6 --build-arg VERSION=${VERSION}
+
 .PHONY: docker
 docker:
-	$(DOCKER_BUILD) -f Dockerfile -t $(REGISTRY)/oauth2-proxy:latest .
+	$(DOCKER_BUILDX) -f Dockerfile -t $(REGISTRY)/oauth2-proxy:latest .
 
 .PHONY: docker-all
 docker-all: docker
@@ -57,7 +58,7 @@ docker-all: docker
 
 .PHONY: docker-push
 docker-push:
-	docker push $(REGISTRY)/oauth2-proxy:latest
+	docker buildx build --push --platform linux/amd64,linux/arm64,linux/arm/v6 -t $(REGISTRY)/oauth2-proxy:latest .
 
 .PHONY: docker-push-all
 docker-push-all: docker-push