Update .drone.yml

Re: coop-cloud/recipes-catalogue-json#4

.drone.yml

@@ -3,10 +3,12 @@ kind: pipeline
 name: deploy to swarm-test.autonomic.zone
 steps:
   - name: deployment
-    image: decentral1se/stack-ssh-deploy:latest
+    image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
     settings:
       host: swarm-test.autonomic.zone
       stack: traefik-forward-auth
+      networks:
+       - proxy
       generate_secrets: true
       purge: true
       deploy_key:
@@ -20,18 +22,24 @@ steps:
       OIDC_ISSUER_URL: https://id-test.autonomic.zone/auth/realms/test
       OIDC_CLIENT_ID: traefik-forward-auth
       FORWARD_INI_VERSION: v1
-      SERCRET_NONCE_VERSION: v1
-      OIDC_CLIENT_SECRET_VERSION: v1
+      SECRET_SECRET_NONCE_VERSION: v1
+      SECRET_OIDC_CLIENT_SECRET_VERSION: v1
 trigger:
   branch:
     - master
 ---
 kind: pipeline
-name: recipe release
+name: generate recipe catalogue
 steps:
   - name: release a new version
-    image: thecoopcloud/drone-abra:latest
+    image: plugins/downstream
     settings:
-      command: recipe traefik-forward-auth release
-      deploy_key:
-        from_secret: abra_bot_deploy_key
+      server: https://build.coopcloud.tech
+      token:
+        from_secret: drone_abra-bot_token
+      fork: true
+      repositories:
+        - toolshed/auto-recipes-catalogue-json
+
+trigger:
+  event: tag

.env.sample

@@ -6,8 +6,22 @@ LETS_ENCRYPT_ENV=production
 COOKIE_DOMAIN=example.com
 AUTH_HOST=auth.example.com
 
-OIDC_ISSUER_URL=https://id.example.com/auth/realms/yourrealm
-OIDC_CLIENT_ID=traefik-forward-auth
+SECRET_SECRET_NONCE_VERSION=v1
 
-SERCRET_NONCE_VERSION=v1
-OIDC_CLIENT_SECRET_VERSION=v1
+COMPOSE_FILE=compose.yml
+
+#COMPOSE_FILE=$COMPOSE_FILE:compose.oidc.yml
+#OIDC_ENABLED=1
+#OIDC_CLIENT_SECRET_VERSION=v1
+#OIDC_ISSUER_URL=https://id.example.com/auth/realms/yourrealm
+#OIDC_CLIENT_ID=traefik-forward-auth
+#SECRET_OIDC_CLIENT_SECRET_VERSION=v1
+
+#COMPOSE_FILE=$COMPOSE_FILE:compose.oauth.yml
+#OAUTH_ENABLED=1
+#OAUTH_CLIENT_SECRET_VERSION=v1
+#OAUTH_CLIENT_ID=traefik-forward-auth
+#OAUTH_USER_URL
+#OAUTH_TOKEN_URL
+#OAUTH_AUTH_URL
+#SECRET_OAUTH_CLIENT_SECRET_VERSION=v1

README.md

@@ -5,7 +5,7 @@
 <!-- metadata -->
 * **Category**: Utilities
 * **Status**: ?
-* **Image**: [`crazymax/swarm-cronjob`](https://hub.docker.com/r/crazymax/swarm-cronjob/), ❶💚, upstream
+* **Image**: [`crazymax/swarm-cronjob`](https://hub.docker.com/r/crazymax/swarm-cronjob/), 4, upstream
 * **Healthcheck**: ?
 * **Backups**: ?
 * **Email**: ?

abra.sh

@@ -1 +1 @@
-export FORWARD_INI_VERSION=v1
+export FORWARD_INI_VERSION=v2

compose.oauth.yml

@@ -0,0 +1,18 @@
+---
+version: "3.8"
+
+services:
+  app:
+    environment:
+      - OAUTH_CLIENT_ID
+      - OAUTH_AUTH_URL
+      - OAUTH_TOKEN_URL
+      - OAUTH_USER_URL
+      - OAUTH_ENABLED
+    secrets:
+      - oauth_client_secret
+
+secrets:
+  oauth_client_secret:
+    name: ${STACK_NAME}_oauth_client_secret_${SECRET_OAUTH_CLIENT_SECRET_VERSION}
+    external: true

compose.oidc.yml

@@ -0,0 +1,16 @@
+---
+version: "3.8"
+
+services:
+  app:
+    environment:
+      - OIDC_CLIENT_ID
+      - OIDC_ISSUER_URL
+      - OIDC_ENABLED
+    secrets:
+      - oidc_client_secret
+
+secrets:
+  oidc_client_secret:
+    name: ${STACK_NAME}_oidc_client_secret_${SECRET_OIDC_CLIENT_SECRET_VERSION}
+    external: true

compose.yml

@@ -11,12 +11,9 @@ services:
       - proxy
     environment:
       - CONFIG=/etc/forward.ini
-      - OIDC_CLIENT_ID=${OIDC_CLIENT_ID}
-      - OIDC_ISSUER_URL=${OIDC_ISSUER_URL}
       - COOKIE_DOMAIN=${COOKIE_DOMAIN}
       - AUTH_HOST=${AUTH_HOST}
     secrets:
-      - oidc_client_secret
       - secret_nonce
     deploy:
       labels:
@@ -26,7 +23,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.middlewares=keycloak@file"
-        - "coop-cloud.${STACK_NAME}.version=1.0.0+2"
+        - "coop-cloud.${STACK_NAME}.version=1.1.0+2"
 
 networks:
   proxy:
@@ -40,8 +37,5 @@ configs:
 
 secrets:
   secret_nonce:
-    name: ${STACK_NAME}_secret_nonce_${SERCRET_NONCE_VERSION}
-    external: true
-  oidc_client_secret:
-    name: ${STACK_NAME}_oidc_client_secret_${OIDC_CLIENT_SECRET_VERSION}
+    name: ${STACK_NAME}_secret_nonce_${SECRET_SECRET_NONCE_VERSION}
     external: true

forward.ini.tmpl

@@ -3,7 +3,18 @@ log-level = info
 cookie-domain = {{ env "COOKIE_DOMAIN" }}
 auth-host = {{ env "AUTH_HOST" }}
 
+{{ if eq (env "OIDC_ENABLED") "1" }}
 default-provider = oidc
 providers.oidc.issuer-url = {{ env "OIDC_ISSUER_URL" }}
 providers.oidc.client-id = {{ env "OIDC_CLIENT_ID" }}
 providers.oidc.client-secret = {{ secret "oidc_client_secret" }}
+{{ end }}
+
+{{ if eq (env "OAUTH_ENABLED") "1" }}
+default-provider = generic-oauth
+providers.generic-oauth.client-id = {{ env "OAUTH_CLIENT_ID" }}
+providers.generic-oauth.auth-url = {{ env "OAUTH_AUTH_URL" }}
+providers.generic-oauth.token-url = {{ env "OAUTH_TOKEN_URL" }}
+providers.generic-oauth.user-url = {{ env "OAUTH_USER_URL" }}
+providers.generic-oauth.client-secret = {{ secret "oauth_client_secret" }}
+{{ end }}

renovate.json

@@ -1,6 +0,0 @@
-{
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": [
-    "config:base"
-  ]
-}