add shared secret to alaconnect

add alakazam integration file alaconnect.yml
chore: publish 0.5.3+3.5.1 release
2024-05-15 11:00:08 +02:00 · 2024-05-13 17:37:57 +02:00 · 2024-03-28 12:26:03 +01:00 · 2024-02-05 13:12:05 -03:00 · 2024-02-05 13:08:05 -03:00 · 2024-02-05 13:05:09 -03:00
8 changed files with 56 additions and 7 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -6,7 +6,7 @@ steps:
    image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
    settings:
      host: swarm-test.autonomic.zone
-      stack: {{ .Name }}
+      stack: rallly
      generate_secrets: true
      purge: true
      deploy_key:
@ -14,9 +14,13 @@ steps:
      networks:
        - proxy
    environment:
-      DOMAIN: {{ .Name }}.swarm-test.autonomic.zone
-      STACK_NAME: {{ .Name }}
+      DOMAIN: rallly.swarm-test.autonomic.zone
+      STACK_NAME: rallly
      LETS_ENCRYPT_ENV: production
+      SECRET_SECRET_KEY_VERSION: v1
+      SECRET_DB_PASSWORD_VERSION: v1
+      SECRET_SMTP_PWD_VERSION: v1
+      APP_ENTRYPOINT_VERSION: v1
 trigger:
  branch:
    - main
--- a/.env.sample
+++ b/.env.sample
@ -7,6 +7,8 @@ DOMAIN=rallly.example.com
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.rallly.example.com`'

+COMPOSE_FILE="compose.yml"
+
 LETS_ENCRYPT_ENV=production

 SECRET_SECRET_KEY_VERSION=v1
@ -18,3 +20,10 @@ SMTP_HOST=mail.example.com
 SMTP_PORT=465
 SMTP_SECURE=true
 SMTP_USER=noreply@example.com
+
+#COMPOSE_FILE="$COMPOSE_FILE:compose.oidc.yml"
+#OIDC_ENABLED=1
+#OIDC_NAME= #The user-facing name of your provider as it will be shown on the login page
+#OIDC_DISCOVERY_URL= #URL of the .well-known/openid-configuration endpoint for your OIDC provider
+#OIDC_CLIENT_ID=
+#SECRET_OIDC_CLIENT_SECRET_VERSION=v1
--- a/abra.sh
+++ b/abra.sh
@ -1 +1 @@
-export APP_ENTRYPOINT_VERSION=v2
+export APP_ENTRYPOINT_VERSION=v3
--- a/alaconnect.yml
+++ b/alaconnect.yml
@ -0,0 +1,11 @@
+authentik:
+    env:
+        OIDC_NAME: "Authentik"
+        OIDC_DISCOVERY_URL: "https://authentik.example.com/application/o/rallly/.well-known/openid-configuration"
+        OIDC_CLIENT_ID: rallly
+    uncomment: 
+        - compose.oidc.yml
+        - SECRET_OIDC_CLIENT_SECRET_VERSION
+        - OIDC_ENABLED
+    shared_secrets:
+        rallly_secret: oidc_client_secret
--- a/compose.oidc.yml
+++ b/compose.oidc.yml
@ -0,0 +1,16 @@
+---
+version: "3.8"
+
+services:
+  app:
+    secrets:
+      - oidc_client_secret
+    environment:
+      - OIDC_ENABLED
+      - OIDC_NAME
+      - OIDC_DISCOVERY_URL
+      - OIDC_CLIENT_ID
+secrets:
+  oidc_client_secret:
+    name: ${STACK_NAME}_oidc_client_secret_${SECRET_OIDC_CLIENT_SECRET_VERSION}
+    external: true
--- a/compose.yml
+++ b/compose.yml
@ -3,7 +3,8 @@ version: "3.8"

 services:
  app:
-    image: lukevella/rallly:2.11.1
+    image: lukevella/rallly:3.5.1
+    hostname: 0.0.0.0
    networks:
      - proxy
      - internal
@ -16,7 +17,9 @@ services:
    environment:
      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
      - DATABASE=rallly_db:5432/db
-      - NEXT_PUBLIC_BASE_URL=${DOMAIN}
+      - NEXT_PUBLIC_BASE_URL=https://${DOMAIN}
+      - NEXT_PUBLIC_APP_BASE_URL=https://${DOMAIN}
+      - NEXTAUTH_URL=$NEXT_PUBLIC_BASE_URL
      - SECRET_PASSWORD_FILE=/run/secrets/secret_key
      - SUPPORT_EMAIL
      - SMTP_HOST
@ -42,7 +45,7 @@ services:
        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-        - "coop-cloud.${STACK_NAME}.version=0.4.1+2.11.1"
+        - "coop-cloud.${STACK_NAME}.version=0.5.3+3.5.1"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000"]
      interval: 30s
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -1,5 +1,9 @@
 #!/bin/bash

+{{ if eq (env "OIDC_ENABLED") "1" }}
+export OIDC_CLIENT_SECRET=$(cat /run/secrets/oidc_client_secret)
+{{ end }}
+
 set -eu

 file_env() {
@ -26,6 +30,7 @@ file_env() {
 file_env "SECRET_PASSWORD"
 file_env "SMTP_PWD"
 file_env "POSTGRES_PASSWORD"
+file_env "OIDC_CLIENT_SECRET"

 export DATABASE_URL=postgres://postgres:$POSTGRES_PASSWORD@$DATABASE

--- a/release/0.5.0+3.5.1
+++ b/release/0.5.0+3.5.1
@ -0,0 +1 @@
+Rallly and recipe now support oidc. But you need to be registered to create polls now.
Author	SHA1	Message	Date
Simon	db812fd1d3	add shared secret to alaconnect continuous-integration/drone/push Build is passing Details	2024-05-15 11:00:08 +02:00
Moritz	4ba224875f	add alakazam integration file alaconnect.yml continuous-integration/drone/push Build is passing Details	2024-05-13 17:37:57 +02:00
Simon	e794bc21fd	chore: publish 0.5.3+3.5.1 release continuous-integration/drone/push Build is passing Details	2024-03-28 12:26:03 +01:00
3wc	e85b902262	chore: publish 0.5.1+3.5.1 release continuous-integration/drone/push Build is passing Details	2024-02-05 13:12:05 -03:00
3wc	d134057749	More drone fixing 🤖🔧 continuous-integration/drone/push Build is passing Details	2024-02-05 13:08:05 -03:00
3wc	b2319ae650	Fix Drone continuous-integration/drone/push Build is failing Details	2024-02-05 13:05:09 -03:00
Simon	466126e7d1	chore: publish 0.5.0+3.5.1 release	2024-02-01 14:16:59 +01:00
Simon	b95df148f8	upgrade to v3.5 and add OIDC	2024-01-15 16:52:40 +01:00
				`@ -0,0 +1 @@`
				`Rallly and recipe now support oidc. But you need to be registered to create polls now.`