-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
previously, the rock's workload would not start, instead crashing on: > level=fatal msg="open web/templates/default: no such file or directory" because the web files were not copied to the working directory. This commit refactors the rock and the working directory to be identical to the upstream docker image
- Loading branch information
1 parent
80093b8
commit d892921
Showing
1 changed file
with
38 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,21 +1,37 @@ | ||
# Dockerfile: https://github.com/arrikto/oidc-authservice/blob/master/Dockerfile | ||
name: oidc-authservice | ||
summary: Arrikto's oidc-authservice in a ROCK. | ||
description: "An AuthService is an HTTP Server that an API Gateway, asks if an incoming request is authorized." | ||
version: "ckf-1.7" | ||
license: Apache-2.0 | ||
base: [email protected] | ||
run-user: _daemon_ | ||
services: | ||
oidc-authservice: | ||
override: replace | ||
summary: "oidc-auth service" | ||
startup: enabled | ||
user: authservice | ||
command: "/bin/oidc-authservice" | ||
command: "/home/authservice/oidc-authservice" | ||
working-dir: "/home/authservice" | ||
platforms: | ||
amd64: | ||
|
||
parts: | ||
oidc-authservice: | ||
create-workingdir: | ||
# Using this until I know how to properly predict what the user's $HOME will be, create | ||
# a working directory we know the user will have write access in | ||
plugin: nil | ||
override-build: | | ||
mkdir -p $CRAFT_PART_INSTALL/home/authservice | ||
permissions: | ||
- path: home/authservice | ||
# 584792 is the _daemon_ user | ||
owner: 584792 | ||
group: 584792 | ||
mode: "755" | ||
|
||
builder: | ||
after: [create-workingdir] | ||
plugin: go | ||
source: https://github.com/arrikto/oidc-authservice | ||
source-type: git | ||
|
@@ -25,26 +41,25 @@ parts: | |
build-environment: | ||
- BUILD_IN_CONTAINER: "false" | ||
override-build: | | ||
CGO_ENABLED=0 GOOS=linux go build -a -ldflags '-extldflags "-static"' -o bin/oidc-authservice | ||
install -D -m755 bin/oidc-authservice ${CRAFT_PART_INSTALL}/opt/oidc-authservice/bin/oidc-authservice | ||
cp -R web ${CRAFT_PART_INSTALL}/opt/oidc-authservice/web | ||
# security requirement | ||
mkdir -p ${CRAFT_PART_INSTALL}/usr/share/rocks | ||
(echo "# os-release" && cat /etc/os-release && echo "# dpkg-query" && \ | ||
dpkg-query -f '${db:Status-Abbrev},${binary:Package},${Version},${source:Package},${Source:Version}\n' -W) \ | ||
> ${CRAFT_PART_INSTALL}/usr/share/rocks/dpkg.query | ||
CGO_ENABLED=0 GOOS=linux go build -a -ldflags '-extldflags "-static"' -o oidc-authservice | ||
mkdir -p $CRAFT_PART_INSTALL/home/authservice | ||
cp oidc-authservice $CRAFT_PART_INSTALL/home/authservice/oidc-authservice | ||
organize: | ||
opt/oidc-authservice/bin/oidc-authservice: usr/bin/oidc-authservice | ||
add-ca-certificates: | ||
# This installs ca-certificates in the build env to populate our /etc/ssl/certs, | ||
# then copies just the ca-certificates.crt to the final image | ||
plugin: nil | ||
build-packages: | ||
- ca-certificates | ||
override-build: |- | ||
mkdir -p $CRAFT_PART_INSTALL/etc/ssl/certs/ | ||
cp /etc/ssl/certs/ca-certificates.crt $CRAFT_PART_INSTALL/etc/ssl/certs/ca-certificates.crt | ||
# not-root user for this ROCK should be 'authservice' | ||
non-root-user: | ||
stager: | ||
plugin: nil | ||
after: [oidc-authservice] | ||
overlay-script: | | ||
# Create a user in the $CRAFT_OVERLAY chroot | ||
groupadd -R $CRAFT_OVERLAY -g 1001 authservice | ||
useradd -R $CRAFT_OVERLAY -M -r -u 1001 -g authservice authservice | ||
override-prime: | | ||
craftctl default | ||
source: https://github.com/arrikto/oidc-authservice | ||
source-type: git | ||
source-commit: e2364397aaf1a8119aa649989f0de87276f58cbc | ||
override-build: | | ||
mkdir -p $CRAFT_PART_INSTALL/home/authservice | ||
cp -r web $CRAFT_PART_INSTALL/home/authservice/web |