diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml new file mode 100644 index 00000000..b62ca30c --- /dev/null +++ b/.github/workflows/nightly.yml @@ -0,0 +1,39 @@ +name: Nightly builds + +on: + schedule: # Run every day at 03:00 UTC + - cron: '0 3 * * *' + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v3 + with: + ref: master + fetch-depth: 0 + fetch-tags: true + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to quay.io + uses: docker/login-action@v2 + with: + registry: quay.io/oauth2-proxy + username: ${{ secrets.REGISTRY_USERNAME_NIGHTLY }} + password: ${{ secrets.REGISTRY_PASSWORD_NIGHTLY }} + + - name: Build images + run: | + make docker-nightly-build + + - name: Push images + run: | + make docker-nightly-push diff --git a/CHANGELOG.md b/CHANGELOG.md index 704d79e0..20ed65ec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,8 +15,9 @@ - [#2274](https://github.com/oauth2-proxy/oauth2-proxy/pull/2274) Upgrade golang.org/x/net to v0.17.0 (@pierluigilenoci) - [#2278](https://github.com/oauth2-proxy/oauth2-proxy/pull/2278) Improve the Nginx auth_request example (@akunzai) - [#2282](https://github.com/oauth2-proxy/oauth2-proxy/pull/2282) Fixed checking Google Groups membership using Google Application Credentials (@kvanzuijlen) -- [#2183](https://github.com/oauth2-proxy/oauth2-proxy/pull/2183) Allowing relative redirect url though an option +- [#2183](https://github.com/oauth2-proxy/oauth2-proxy/pull/2183) Allowing relative redirect url though an option (@axel7083) - [#1866](https://github.com/oauth2-proxy/oauth2-proxy/pull/1866) Add support for unix socker as upstream (@babs) +- [#2297](https://github.com/oauth2-proxy/oauth2-proxy/pull/2297) Add nightly build and push (@tuunit) # V7.5.1 diff --git a/Makefile b/Makefile index 619823b7..e96d6c3a 100644 --- a/Makefile +++ b/Makefile @@ -5,6 +5,7 @@ BINARY := oauth2-proxy VERSION ?= $(shell git describe --always --dirty --tags 2>/dev/null || echo "undefined") # Allow to override image registry. REGISTRY ?= quay.io/oauth2-proxy +DATE := $(shell date +"%Y%m%d") .NOTPARALLEL: GO_MAJOR_VERSION = $(shell $(GO) version | cut -c 14- | cut -d' ' -f1 | cut -d'.' -f1) @@ -51,6 +52,10 @@ DOCKER_BUILDX_PUSH_X_PLATFORM := $(DOCKER_BUILDX_PUSH) --platform ${DOCKER_BUILD docker: $(DOCKER_BUILDX_X_PLATFORM) -t $(REGISTRY)/oauth2-proxy:latest -t $(REGISTRY)/oauth2-proxy:${VERSION} . +.PHONY: docker-push +docker-push: + $(DOCKER_BUILDX_PUSH_X_PLATFORM) -t $(REGISTRY)/oauth2-proxy:latest -t $(REGISTRY)/oauth2-proxy:${VERSION} . + .PHONY: docker-all docker-all: docker $(DOCKER_BUILDX) --platform linux/amd64 -t $(REGISTRY)/oauth2-proxy:latest-amd64 -t $(REGISTRY)/oauth2-proxy:${VERSION}-amd64 . @@ -59,10 +64,6 @@ docker-all: docker $(DOCKER_BUILDX) --platform linux/arm/v6 -t $(REGISTRY)/oauth2-proxy:latest-armv6 -t $(REGISTRY)/oauth2-proxy:${VERSION}-armv6 . $(DOCKER_BUILDX) --platform linux/arm/v7 -t $(REGISTRY)/oauth2-proxy:latest-armv7 -t $(REGISTRY)/oauth2-proxy:${VERSION}-armv7 . -.PHONY: docker-push -docker-push: - $(DOCKER_BUILDX_PUSH_X_PLATFORM) -t $(REGISTRY)/oauth2-proxy:latest -t $(REGISTRY)/oauth2-proxy:${VERSION} . - .PHONY: docker-push-all docker-push-all: docker-push $(DOCKER_BUILDX_PUSH) --platform linux/amd64 -t $(REGISTRY)/oauth2-proxy:latest-amd64 -t $(REGISTRY)/oauth2-proxy:${VERSION}-amd64 . @@ -71,6 +72,14 @@ docker-push-all: docker-push $(DOCKER_BUILDX_PUSH) --platform linux/arm/v6 -t $(REGISTRY)/oauth2-proxy:latest-armv6 -t $(REGISTRY)/oauth2-proxy:${VERSION}-armv6 . $(DOCKER_BUILDX_PUSH) --platform linux/arm/v7 -t $(REGISTRY)/oauth2-proxy:latest-armv7 -t $(REGISTRY)/oauth2-proxy:${VERSION}-armv7 . +.PHONY: docker-nightly-build +docker-nightly-build: + $(DOCKER_BUILDX_X_PLATFORM) -t $(REGISTRY)/oauth2-proxy-nightly:latest -t $(REGISTRY)/oauth2-proxy-nightly-${DATE} . + +.PHONY: docker-nightly-push +docker-nightly-push: + $(DOCKER_BUILDX_PUSH_X_PLATFORM) -t $(REGISTRY)/oauth2-proxy-nightly:latest -t $(REGISTRY)/oauth2-proxy-nightly-${DATE} . + .PHONY: generate generate: go generate ./pkg/... @@ -101,10 +110,10 @@ validate-go-version: # local-env can be used to interact with the local development environment # eg: -# make local-env-up # Bring up a basic test environment -# make local-env-down # Tear down the basic test environment -# make local-env-nginx-up # Bring up an nginx based test environment -# make local-env-nginx-down # Tead down the nginx based test environment +# make local-env-up # Bring up a basic test environment +# make local-env-down # Tear down the basic test environment +# make local-env-nginx-up # Bring up an nginx based test environment +# make local-env-nginx-down # Tead down the nginx based test environment .PHONY: local-env-% local-env-%: make -C contrib/local-environment $* diff --git a/README.md b/README.md index 7d857b2e..e4e6be68 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -![OAuth2 Proxy](/docs/static/img/logos/OAuth2_Proxy_horizontal.svg) +![OAuth2 Proxy](docs/static/img/logos/OAuth2_Proxy_horizontal.svg) [![Continuous Integration](https://github.com/oauth2-proxy/oauth2-proxy/actions/workflows/ci.yaml/badge.svg)](https://github.com/oauth2-proxy/oauth2-proxy/actions/workflows/ci.yaml) [![Go Report Card](https://goreportcard.com/badge/github.com/oauth2-proxy/oauth2-proxy)](https://goreportcard.com/report/github.com/oauth2-proxy/oauth2-proxy) @@ -7,7 +7,7 @@ [![Maintainability](https://api.codeclimate.com/v1/badges/a58ff79407212e2beacb/maintainability)](https://codeclimate.com/github/oauth2-proxy/oauth2-proxy/maintainability) [![Test Coverage](https://api.codeclimate.com/v1/badges/a58ff79407212e2beacb/test_coverage)](https://codeclimate.com/github/oauth2-proxy/oauth2-proxy/test_coverage) -A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) +A reverse proxy and static file server that provides authentication using Providers (Google, Keycloak, GitHub and others) to validate accounts by email, domain or group. **Note:** This repository was forked from [bitly/OAuth2_Proxy](https://github.com/bitly/oauth2_proxy) on 27/11/2018. @@ -17,17 +17,24 @@ A list of changes can be seen in the [CHANGELOG](CHANGELOG.md). **Note:** This project was formerly hosted as `pusher/oauth2_proxy` but has been renamed as of 29/03/2020 to `oauth2-proxy/oauth2-proxy`. Going forward, all images shall be available at `quay.io/oauth2-proxy/oauth2-proxy` and binaries will be named `oauth2-proxy`. -![Sign In Page](https://cloud.githubusercontent.com/assets/45028/4970624/7feb7dd8-6886-11e4-93e0-c9904af44ea8.png) +![Sign In Page](docs/static/img/sign-in-page.png) ## Installation 1. Choose how to deploy: - a. Download [Prebuilt Binary](https://github.com/oauth2-proxy/oauth2-proxy/releases) (current release is `v7.5.0`) + a. Using a [Prebuilt Binary](https://github.com/oauth2-proxy/oauth2-proxy/releases) (current release is `v7.5.1`) - b. Build with `$ go install github.com/oauth2-proxy/oauth2-proxy/v7@latest` which will put the binary in `$GOROOT/bin` + b. Using Go to install the latest release + ```bash + $ go install github.com/oauth2-proxy/oauth2-proxy/v7@latest + # which will put the binary in `$GOROOT/bin` + ``` + c. Using a [Prebuilt Docker Image](https://quay.io/oauth2-proxy/oauth2-proxy) (AMD64, PPC64LE, ARMv6, ARMv7, and ARM64 available) - c. Using the prebuilt docker image [quay.io/oauth2-proxy/oauth2-proxy](https://quay.io/oauth2-proxy/oauth2-proxy) (AMD64, PPC64LE, ARMv6, ARMv7, and ARM64 available) + d. Using a [Pre-Release Nightly Docker Image](https://quay.io/oauth2-proxy/oauth2-proxy-nightly) (AMD64, PPC64LE, ARMv6, ARMv7, and ARM64 available) + + e. Using the official [Kubernetes manifest](https://github.com/oauth2-proxy/manifests) (Helm) Prebuilt binaries can be validated by extracting the file and verifying it against the `sha256sum.txt` checksum file provided for each release starting with version `v3.0.0`. @@ -50,7 +57,7 @@ See [open redirect vulnerability](https://github.com/oauth2-proxy/oauth2-proxy/s Read the docs on our [Docs site](https://oauth2-proxy.github.io/oauth2-proxy/docs/). -![OAuth2 Proxy Architecture](https://cloud.githubusercontent.com/assets/45028/8027702/bd040b7a-0d6a-11e5-85b9-f8d953d04f39.png) +![OAuth2 Proxy Architecture](docs/static/img/architecture.svg) ## Getting Involved diff --git a/docs/docs/installation.md b/docs/docs/installation.md index 154508dd..185b2c44 100644 --- a/docs/docs/installation.md +++ b/docs/docs/installation.md @@ -6,13 +6,18 @@ slug: / 1. Choose how to deploy: - a. Download [Prebuilt Binary](https://github.com/oauth2-proxy/oauth2-proxy/releases) (current release is `v7.5.0`) + a. Using a [Prebuilt Binary](https://github.com/oauth2-proxy/oauth2-proxy/releases) (current release is `v7.5.1`) - b. Build with `$ go install github.com/oauth2-proxy/oauth2-proxy/v7@latest` which will put the binary in `$GOPATH/bin` + b. Using Go to install the latest release + ```bash + $ go install github.com/oauth2-proxy/oauth2-proxy/v7@latest + # which will put the binary in `$GOROOT/bin` + ``` + c. Using a [Prebuilt Docker Image](https://quay.io/oauth2-proxy/oauth2-proxy) (AMD64, PPC64LE, ARMv6, ARMv7, and ARM64 available) - c. Using the prebuilt docker image [quay.io/oauth2-proxy/oauth2-proxy](https://quay.io/oauth2-proxy/oauth2-proxy) (AMD64, PPC64LE, ARMv6, ARMv7, and ARM64 tags available) + d. Using a [Pre-Release Nightly Docker Image](https://quay.io/oauth2-proxy/oauth2-proxy-nightly) (AMD64, PPC64LE, ARMv6, ARMv7, and ARM64 available) - d. Using a [Kubernetes manifest](https://github.com/oauth2-proxy/manifests) (Helm) + e. Using the official [Kubernetes manifest](https://github.com/oauth2-proxy/manifests) (Helm) Prebuilt binaries can be validated by extracting the file and verifying it against the `sha256sum.txt` checksum file provided for each release starting with version `v3.0.0`. diff --git a/docs/src/pages/index.md b/docs/src/pages/index.md index e08e3450..799b77a5 100644 --- a/docs/src/pages/index.md +++ b/docs/src/pages/index.md @@ -3,7 +3,7 @@ title: Welcome to OAuth2 Proxy hide_table_of_contents: true --- -![OAuth2 Proxy](../../static/img/logos/OAuth2_Proxy_horizontal.svg) +![OAuth2 Proxy](/img/logos/OAuth2_Proxy_horizontal.svg) A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. @@ -18,4 +18,4 @@ A list of changes can be seen in the [CHANGELOG](https://github.com/oauth2-proxy ## Architecture -![OAuth2 Proxy Architecture](/img/architecture.png) +![OAuth2 Proxy Architecture](/img/architecture.svg) diff --git a/docs/static/img/architecture.png b/docs/static/img/architecture.png deleted file mode 100644 index 0e2bbbf5..00000000 Binary files a/docs/static/img/architecture.png and /dev/null differ diff --git a/docs/static/img/architecture.svg b/docs/static/img/architecture.svg new file mode 100644 index 00000000..739f4fbe --- /dev/null +++ b/docs/static/img/architecture.svg @@ -0,0 +1,4 @@ + + + +
nginx :443
(SSL Termination)
nginx :443...
oauth2-proxy
:4180
oauth2-proxy...
secured upstream
http service
secured upstream...
Auth Provider
(Google, Keycloak, ...)
Auth Provider...
oauth2-proxy
:443 (SSL)
oauth2-proxy...
secured upstream
http service
secured upstream...
Auth Provider
(Google, Keycloak, ...)
Auth Provider...
Text is not SVG - cannot display
\ No newline at end of file diff --git a/docs/static/img/sign-in-page.png b/docs/static/img/sign-in-page.png index 06e09561..6656a2fd 100644 Binary files a/docs/static/img/sign-in-page.png and b/docs/static/img/sign-in-page.png differ diff --git a/docs/versioned_docs/version-7.5.x/installation.md b/docs/versioned_docs/version-7.5.x/installation.md index 2be4c6a0..3720853b 100644 --- a/docs/versioned_docs/version-7.5.x/installation.md +++ b/docs/versioned_docs/version-7.5.x/installation.md @@ -6,20 +6,25 @@ slug: / 1. Choose how to deploy: - a. Download [Prebuilt Binary](https://github.com/oauth2-proxy/oauth2-proxy/releases) (current release is `v7.5.0`) + a. Using a [Prebuilt Binary](https://github.com/oauth2-proxy/oauth2-proxy/releases) (current release is `v7.5.1`) - b. Build with `$ go install github.com/oauth2-proxy/oauth2-proxy/v7@latest` which will put the binary in `$GOPATH/bin` + b. Using Go to install the latest release + ```bash + $ go install github.com/oauth2-proxy/oauth2-proxy/v7@latest + # which will put the binary in `$GOROOT/bin` + ``` + c. Using a [Prebuilt Docker Image](https://quay.io/oauth2-proxy/oauth2-proxy) (AMD64, PPC64LE, ARMv6, ARMv7, and ARM64 available) - c. Using the prebuilt docker image [quay.io/oauth2-proxy/oauth2-proxy](https://quay.io/oauth2-proxy/oauth2-proxy) (AMD64, PPC64LE, ARMv6, ARMv7, and ARM64 tags available) + d. Using a [Pre-Release Nightly Docker Image](https://quay.io/oauth2-proxy/oauth2-proxy-nightly) (AMD64, PPC64LE, ARMv6, ARMv7, and ARM64 available) - d. Using a [Kubernetes manifest](https://github.com/oauth2-proxy/manifests) (Helm) + e. Using the official [Kubernetes manifest](https://github.com/oauth2-proxy/manifests) (Helm) -Prebuilt binaries can be validated by extracting the file and verifying it against the `sha256sum.txt` checksum file provided for each release starting with version `v3.0.0`. + Prebuilt binaries can be validated by extracting the file and verifying it against the `sha256sum.txt` checksum file provided for each release starting with version `v3.0.0`. -``` -$ sha256sum -c sha256sum.txt -oauth2-proxy-x.y.z.linux-amd64: OK -``` + ``` + sha256sum -c sha256sum.txt 2>&1 | grep OK + oauth2-proxy-x.y.z.linux-amd64: OK + ``` 2. [Select a Provider and Register an OAuth Application with a Provider](configuration/auth.md) 3. [Configure OAuth2 Proxy using config file, command line options, or environment variables](configuration/overview.md)