diff --git a/.drone.yml b/.drone.yml index 597b8bc..74aee17 100644 --- a/.drone.yml +++ b/.drone.yml @@ -22,6 +22,7 @@ steps: SECRET_SECRET_COOKIE_TOKEN_VERSION: v1 SECRET_DB_PASSWORD_VERSION: v1 SECRET_SMTP_PASSWORD_VERSION: v1 + SECRET_OAUTH_APP_SECRET_VERSION: v1 trigger: branch: - main diff --git a/.env.sample b/.env.sample index 7766498..2f036fb 100644 --- a/.env.sample +++ b/.env.sample @@ -92,16 +92,14 @@ SECRET_DB_PASSWORD_VERSION=v1 # THEME_TEXT_ON_ACCENT_COLOR=rgb(255,255,255) # env variables needed to enable OAuth2 authentication +# COMPOSE_FILE="$COMPOSE_FILE:compose.oauth.yml" # OAUTH_AUTH_URL= # OAUTH_TOKEN_URL= # OAUTH_PROFILE_URL= # OAUTH_SCOPE= # OAUTH_APP_KEY= - -# This is not a good practice, app secret should passed in via docker secret once support is added (https://github.com/loomio/loomio/issues/11671) -# Remove this variable before publishing code to any shared repo! -# OAUTH_APP_SECRET= # OAUTH_ATTR_UID= # OAUTH_ATTR_NAME= # OAUTH_ATTR_EMAIL= # OAUTH_LOGIN_PROVIDER_NAME= +# SECRET_OAUTH_APP_SECRET_VERSION=v1 diff --git a/compose.oauth.yml b/compose.oauth.yml new file mode 100644 index 0000000..7206c25 --- /dev/null +++ b/compose.oauth.yml @@ -0,0 +1,25 @@ +version: "3.8" + +x-oauth-env: &oauth-env + OAUTH_AUTH_URL: + OAUTH_TOKEN_URL: + OAUTH_PROFILE_URL: + OAUTH_SCOPE: + OAUTH_APP_KEY: + OAUTH_APP_SECRET_FILE: /run/secrets/oauth_app_secret + OAUTH_ATTR_UID: + OAUTH_ATTR_NAME: + OAUTH_ATTR_EMAIL: + OAUTH_LOGIN_PROVIDER_NAME: + +services: + app: + environment: + *oauth-env + secrets: + - oauth_app_secret + +secrets: + oauth_app_secret: + name: ${STACK_NAME}_oauth_app_secret_${SECRET_OAUTH_APP_SECRET_VERSION} + external: true diff --git a/compose.yml b/compose.yml index a91305f..f117563 100644 --- a/compose.yml +++ b/compose.yml @@ -29,16 +29,6 @@ x-environment: &default-env SAML_IDP_METADATA_URL: SAML_ISSUER: FEATURES_DISABLE_EMAIL_LOGIN: - OAUTH_AUTH_URL: - OAUTH_TOKEN_URL: - OAUTH_PROFILE_URL: - OAUTH_SCOPE: - OAUTH_APP_KEY: - OAUTH_APP_SECRET: - OAUTH_ATTR_UID: - OAUTH_ATTR_NAME: - OAUTH_ATTR_EMAIL: - OAUTH_LOGIN_PROVIDER_NAME: services: app: diff --git a/entrypoint.sh b/entrypoint.sh index 12ff72d..659b210 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -25,6 +25,7 @@ file_env "DEVISE_SECRET" file_env "SECRET_COOKIE_TOKEN" file_env "POSTGRES_PASSWORD" file_env "SMTP_PASSWORD" +file_env "OAUTH_APP_SECRET" export DB_HOST="db" export DATABASE_URL="postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db/${POSTGRES_DB}" diff --git a/release/5.1.0+v3.0.0 b/release/5.1.0+v3.0.0 new file mode 100644 index 0000000..d3d9763 --- /dev/null +++ b/release/5.1.0+v3.0.0 @@ -0,0 +1,2 @@ +Add support for OAuth2. To use this feature copy and populate the new oauth2 env variables from the .env.sample to your locale .env config and insert the oauth2_app_secret secret into your recipe: +abra app secret insert oauth_app_secret v1