feat: Cache docker builds

feat: Default access policy one factor if no rules
chore: Remove ./ from kustomization for consistency
2025-12-23 03:38:36 +01:00 · 2025-12-23 03:38:36 +01:00 · 2025-12-23 01:38:44 +01:00 · 2025-12-23 01:38:44 +01:00
3 changed files with 28 additions and 3 deletions
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@@ -6,9 +6,23 @@ group "default" {
 }

 target "docker-metadata-action" {}
+target "cache" {
+  cache-from = [
+    {
+      type = "gha",
+    }
+  ]
+
+  cache-to = [
+    {
+      type = "gha",
+      mode = "max"
+    }
+  ]
+}

 target "authelia-controller" {
-  inherits = ["docker-metadata-action"]
+  inherits = ["docker-metadata-action", "cache"]
  context = "./"
  dockerfile = "Dockerfile"
  tags = [for tag in target.docker-metadata-action.tags : "${TAG_BASE}:${tag}"]
@@ -16,6 +30,7 @@ target "authelia-controller" {
 }

 target "manifests" {
+  inherits = ["cache"]
  context = "./"
  dockerfile = "Dockerfile"
  target = "manifests"
--- a/manifests/cluster-role-binding.yaml
+++ b/manifests/cluster-role-binding.yaml
@@ -6,6 +6,7 @@ metadata:
 subjects:
  - kind: ServiceAccount
    name: authelia-controller
+    namespace: authelia
 roleRef:
  kind: ClusterRole
  name: authelia-controller
--- a/src/resources/access_control_rule.rs
+++ b/src/resources/access_control_rule.rs
@@ -45,6 +45,7 @@ pub struct AccessControlRuleSpec {
 #[derive(Serialize, Deserialize, Clone, Debug, Hash)]
 struct AccessControl {
    rules: Vec<AccessControlRuleSpec>,
+    default_policy: AccessPolicy,
 }

 #[derive(Serialize, Deserialize, Clone, Debug, Hash)]
@@ -60,14 +61,22 @@ impl AccessControlRule {
        debug!("Updating acl");
        rules.sort_by_cached_key(|rule| rule.name_any());

-        let rules = rules
+        let rules: Vec<_> = rules
            .iter()
            .inspect(|rule| trace!(name = rule.name_any(), "Rule found"))
            .map(|rule| rule.spec.clone())
            .collect();

        let top = TopLevel {
-            access_control: AccessControl { rules },
+            access_control: AccessControl {
+                // TODO: Make sure configurable?
+                default_policy: if rules.is_empty() {
+                    AccessPolicy::OneFactor
+                } else {
+                    AccessPolicy::Deny
+                },
+                rules,
+            },
        };

        let contents = BTreeMap::from([(
Author	SHA1	Message	Date
Dreaded_X	83cf48b2a9	feat: Cache docker builds All checks were successful Build and deploy / build (push) Successful in 7m51s Details	2025-12-23 03:38:36 +01:00
Dreaded_X	fc9f34939b	feat: Default access policy one factor if no rules	2025-12-23 03:38:36 +01:00
Dreaded_X	c80024972c	chore: Remove ./ from kustomization for consistency All checks were successful Build and deploy / build (push) Successful in 10m13s Details	2025-12-23 01:38:44 +01:00
Dreaded_X	eed5b44916	feat: Create namespace and set it explicitly	2025-12-23 01:38:44 +01:00