Merge pull request #306 from OpenConext/feature/docker_configs

Feature/docker configs
OpenConext · Nov 16, 2023 · d747775 · d747775
2 parents 6a93a99 + 66298e0
commit d747775
Show file tree

Hide file tree

Showing 8 changed files with 225 additions and 95 deletions.
diff --git a/.github/workflows/build-push-docker-image.yml b/.github/workflows/build-push-docker-image.yml
@@ -0,0 +1,58 @@
+name: build-push-docker-image
+
+#on: workflow_dispatch
+on:
+  push:
+    branches: feature/docker_configs
+  workflow_dispatch:
+
+jobs:
+  build-push-docker-image:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Get the latest release
+        id: release
+        uses: robinraju/[email protected]
+        with:
+          latest: true
+          fileName: "*.tar.bz2"
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push the Production image
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: docker/Dockerfile.prod
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            ghcr.io/openconext/stepup-ra/stepup-ra:prod
+            ghcr.io/openconext/stepup-ra/stepup-ra:${{ github.sha }}
+            ghcr.io/openconext/stepup-ra/stepup-ra:${{ steps.release.outputs.tag_name }}
+
+      - name: Build and push the Development image
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: docker/Dockerfile.dev
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            ghcr.io/openconext/stepup-ra/stepup-ra:dev
diff --git a/.github/workflows/tag-release.yml b/.github/workflows/tag-release.yml
@@ -62,3 +62,11 @@ jobs:
         with:
           release_id: ${{ steps.create_release.outputs.id }}
 
+  after_build:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Trigger Docker container build
+        uses: benc-uk/workflow-dispatch@v1
+        with:
+          workflow: build-push-docker-image.yml
diff --git a/config/legacy/parameters.yaml.dist b/config/legacy/parameters.yaml.dist
@@ -2,7 +2,7 @@ parameters:
     trusted_proxies:   ~
 
     mailer_transport:  smtp
-    mailer_host:       127.0.0.1
+    mailer_host:       mailcatcher
     mailer_user:       ~
     mailer_password:   ~
 
@@ -15,49 +15,58 @@ parameters:
     debug_redirects:        false
     use_assetic_controller: true
 
-    gateway_api_url: https://gateway.tld/
+    gateway_api_url: https://gateway.dev.openconext.local/
     gateway_api_username: ra
-    gateway_api_password: ra
+    gateway_api_password: ra_secret
 
     middleware_credentials_username: ra
-    middleware_credentials_password: ra
-    middleware_url_command_api: https://middleware.tld/command
-    middleware_url_api: https://middleware.tld/
+    middleware_credentials_password: ra_secret
+    middleware_url_command_api: https://middleware.dev.openconext.local/command
+    middleware_url_api: https://middleware.dev.openconext.local/
 
     sms_originator: SURFStepup
     sms_otp_expiry_interval: 900 # 15 minutes
     sms_maximum_otp_requests: 10
 
-    saml_sp_publickey:
-    saml_sp_privatekey:
-    saml_metadata_publickey:
-    saml_metadata_privatekey:
-    saml_remote_idp_entity_id:
-    saml_remote_idp_sso_url:
-    saml_remote_idp_certificate: 'FOR CI ONLY, REPLACE WITH ACTUAL VALUE'
-    loa_required_for_login: 'https://gateway.tld/authentication/loa3'
+    saml_sp_publickey: /config/ra/ra_saml_sp.crt
+    saml_sp_privatekey: /config/ra/ra_saml_sp.key
+    saml_metadata_publickey: /config/ra/ra_saml_sp.crt
+    saml_metadata_privatekey: /config/ra/ra_saml_sp.key
+    saml_remote_idp_entity_id: https://gateway.dev.openconext.local/authentication/metadata
+    saml_remote_idp_sso_url: https://gateway.dev.openconext.local/authentication/single-sign-on
+    saml_remote_idp_certificate: 'MIIDwTCCAqmgAwIBAgIUYuSUugwc4J4NyW9WGqYJ/liwM4owDQYJKoZIhvcNAQELBQAwcDELMAkGA1UEBhMCTkwxEDAOBgNVBAgMB1V0cmVjaHQxEDAOBgNVBAcMB1V0cmVjaHQxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDEUMBIGA1UEAwwLR2F0ZXdheSBJRFAwHhcNMjMwNTE3MTIxNTEyWhcNMzMwNTE0MTIxNTEyWjBwMQswCQYDVQQGEwJOTDEQMA4GA1UECAwHVXRyZWNodDEQMA4GA1UEBwwHVXRyZWNodDEnMCUGA1UECgweRGV2ZWxvcG1lbnQgRG9ja2VyIGVudmlyb25tZW50MRQwEgYDVQQDDAtHYXRld2F5IElEUDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM2ulQVs5WpbJOAf7Cv/VPDTJqbWHVdUxAmdwZJlcNTRKNFVp4aJzQ3dpiyiGghI5odnzU0/BWBoHZFNYPU/OFr/gzn6iJGxL63L9+mFgE8PR9HpkV5TaRnr21+nZ0EXWjDZk9Px0enERicCItTeQzAUJeA0A9miIcK5IKIz/zSBSR3c802SGD/VelUqY7Z2/UJM97cT92L+4Fz+4zhxxoThbPbrR0CweiROIt82grdwg7zf0+b62MOuVtqFh0yPLRAFfLc4LjHuxFUdUvOHVta7x74dwdmHikqfujM10XN+sNns3LDJde2yPWchU6ktq7cjgbYfIW/vzVzafP1Jk40CAwEAAaNTMFEwHQYDVR0OBBYEFGYn6LWRDZa7+YryUncIlwJB2VorMB8GA1UdIwQYMBaAFGYn6LWRDZa7+YryUncIlwJB2VorMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJ57lcOF6PWWW56mS2s5gKFImtfRFzlfiyHsF14L7+nQ5NjfOhpU0wRpnTjK91KP0wCwlxzGFXR8yfqfBFJryIV7aDdYPH/RIkwVaNBI0fsD/ozlYb18seieDEGLvQtTlrmc0UNHtWz6FW3L2geM3ENaqpOATl1Ywp4EPML7Dh0CbhhyM8PnPCEsdclouIeP5/B9Swfk3omXehof6bkFbntqA03msFBiW50twkfKeKULcJGXo667hto27KNxZUauqtPbnAGpUQmge8nxSQlN8RPwlvygVM4LVMF9qP9YxloTH0xVNwN4noZUhfMNsKoJ7Hg5Xulaok8oCqmzEiSroEg='
+    loa_required_for_login: 'http://dev.openconext.local/assurance/loa3'
     enabled_second_factors:
         - sms
         - yubikey
+        - tiqr
+        - demo_gssp
+        - webauthn
+        - azuremfa
     enabled_generic_second_factors:
-            biometric:
-                loa: 3
-            tiqr:
-                loa: 3
+        azuremfa:
+            loa: 2
+        tiqr:
+            loa: 2
+        webauthn:
+            loa: 3
+        demo_gssp:
+            loa: 3
+
     asset_version: 1
 
-    stepup_loa_loa1: https://gateway.tld/authentication/loa1
-    stepup_loa_loa2: https://gateway.tld/authentication/loa2
-    stepup_loa_loa3: https://gateway.tld/authentication/loa3
-    stepup_loa_self_asserted: 'http://stepup.example.com/assurance/loa-self-asserted'
+    stepup_loa_loa1: http://dev.openconext.local/assurance/loa1
+    stepup_loa_loa2: http://dev.openconext.local/assurance/loa2
+    stepup_loa_loa3: http://dev.openconext.local/assurance/loa3
+    stepup_loa_self_asserted: 'http://dev.openconext.local/assurance/loa1.5'
 
     logout_redirect_url:
             nl_NL: https://www.surf.nl/over-surf/werkmaatschappijen/surfnet
             en_GB: https://www.surf.nl/en/about-surf/subsidiaries/surfnet
 
     session_max_absolute_lifetime: 28800 # 8 hours * 60 minutes * 60 seconds
     session_max_relative_lifetime: 1800  # 30 minutes * 60 seconds
-    self_service_url: 'https://selfservice.tld/'
+    self_service_url: 'https://selfservice.dev.openconext.local/'
 
     # Date format defaults for Twig date functions
     date_format: 'Y-m-d H:i P'