Dreaded_X/authelia-controller
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Setup build
All checks were successful
Build and deploy / Build container and manifests (push) Successful in 5m19s
Details

Browse Source
This commit is contained in:
Dreaded_X 2025-04-18 02:29:41 +02:00
parent 1468f56473
commit 15f7f016a8
Signed by: Dreaded_X
GPG Key ID: 5A0CBFE3C3377FAA
8 changed files with 204 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.dockerignore Normal file
View File

@ -0,0 +1,3 @@
*
!src
!Cargo.*

95
.gitea/workflows/build.yaml Normal file
View File

@ -0,0 +1,95 @@
name: Build and deploy
on:
push:
branches:
- master
- feature/**
tags:
- v*.*.*
env:
OCI_REPO: git.huizinga.dev/dreaded_x/${{ gitea.event.repository.name}}
jobs:
build:
name: Build container and manifests
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
fetch-tags: true
# TODO: Actually set an env variable and use it in the application
- name: Set version string
run: |
git describe --always --dirty="-modified"
- name: Get Git commit timestamps
run: echo "TIMESTAMP=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
- name: Login to registry
uses: docker/login-action@v3
with:
registry: git.huizinga.dev
username: ${{ gitea.actor }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Install kustomize
run: |
curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash
- name: Setup Flux CLI
uses: https://github.com/fluxcd/flux2/action@main
with:
version: v2.5.0
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.OCI_REPO }}
tags: |
type=edge
type=ref,event=branch
type=semver,pattern=v{{version}}
type=semver,pattern=v{{major}}.{{minor}}
type=semver,pattern=v{{major}}
- name: Build container
id: build
uses: docker/build-push-action@v6
with:
context: .
push: true
sbom: true
provenance: mode=max
tags: ${{ steps.meta.outputs.tags }}
annotations: ${{ steps.meta.outputs.annotations }}
cache-from: type=gha
cache-to: type=gha,mode=max
env:
SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }}
- name: Generate CRDs
run: |
docker run --rm ${{ env.OCI_REPO }}@${{ steps.build.outputs.imageid }} /crdgen > ./manifests/crds.yaml
- name: Kustomize manifests
run: |
./kustomize build ./manifests | sed "s/\${DIGEST}/${{ steps.build.outputs.digest }}/" > ./manifests.yaml
- name: Push manifests
run: |
flux push artifact oci://${{ env.OCI_REPO }}/manifests:${{ gitea.head_ref || gitea.ref_name }} \
--path="./manifests.yaml" \
--source="$(git config --get remote.origin.url)" \
--revision="$(git rev-parse HEAD)" \
$(echo "${{ steps.meta.outputs.labels }}" | sed -e 's/^/-a /')
flux tag artifact oci://${{ env.OCI_REPO }}/manifests:${{ gitea.head_ref || gitea.ref_name }} \
$(echo "${{ steps.meta.outputs.tags }}" | sed -e 's/^.*:/--tag /')

22
Dockerfile Normal file
View File

@ -0,0 +1,22 @@
FROM rust:1.85 AS base
ENV CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse
RUN cargo install cargo-chef --locked --version 0.1.71 && \
cargo install cargo-auditable --locked --version 0.6.6
WORKDIR /app
FROM base AS planner
COPY . .
RUN cargo chef prepare --recipe-path recipe.json
FROM base AS builder
COPY --from=planner /app/recipe.json recipe.json
RUN cargo chef cook --release --recipe-path recipe.json
COPY . .
ENV RUSTC_BOOTSTRAP=1
RUN cargo auditable build --release
FROM gcr.io/distroless/cc-debian12:nonroot AS runtime
COPY --from=builder /app/target/release/authelia-controller /authelia-controller
COPY --from=builder /app/target/release/crdgen /crdgen
CMD ["/authelia-controller"]

11
manifests/cluster-role-binding.yaml Normal file
View File

@ -0,0 +1,11 @@
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: authelia-controller
subjects:
- kind: ServiceAccount
name: authelia-controller
roleRef:
kind: ClusterRole
name: authelia-controller
apiGroup: rbac.authorization.k8s.io

20
manifests/cluster-role.yaml Normal file
View File

@ -0,0 +1,20 @@
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: authelia-controller
rules:
- apiGroups:
- authelia.huizinga.dev
resources:
- accesscontrolrules
- accesscontrolrules/status
- accesscontrolrules/finalizers
verbs:
- "*"
- apiGroups:
- ""
resources:
- secrets
- deployments
verbs:
- "*"

36
manifests/deployment.yaml Normal file
View File

@ -0,0 +1,36 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: authelia-controller
labels:
app: authelia-controller
app.kubernetes.io/name: authelia-controller
spec:
replicas: 1
selector:
matchLabels:
app: authelia-controller
template:
metadata:
labels:
app: authelia-controller
annotations:
kubectl.kubernetes.io/default-container: authelia-controller
spec:
serviceAccountName: authelia-controller
securityContext: {}
containers:
- name: authelia-controller
image: git.huizinga.dev/dreaded_x/authelia-controller@${DIGEST}
imagePullPolicy: IfNotPresent
securityContext: {}
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 50m
memory: 100Mi
env:
- name: RUST_LOG
value: info,authelia_controller=debug

9
manifests/kustomization.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: lldap
resources:
- ./crds.yaml
- ./service-account.yaml
- ./cluster-role.yaml
- ./cluster-role-binding.yaml
- ./deployment.yaml

8
manifests/service-account.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: authelia-controller
labels:
app: authelia-controller
app.kubernetes.io/name: authelia-controller
automountServiceAccountToken: true