Tag v2.23.0 (#25)

* correctly handle path escaping for connector IDs Signed-off-by: Bob Callaway <bob.callaway@gmail.com> * ensure template does not double-escape URL Signed-off-by: Bob Callaway <bob.callaway@gmail.com> * Add support for refresh tokens for openshift connector. Signed-off-by: Daniel Haus <dhaus@redhat.com> * Fix linting issues. Signed-off-by: Daniel Haus <dhaus@redhat.com> * [authproxy] Allow configuration of returned groups Via HTTP Header if present and with manually configured staticGroups in authproxy connector Signed-off-by: seuf <seuf76@gmail.com> * build(deps): bump golang from 1.17.6-alpine3.14 to 1.17.7-alpine3.14 Bumps golang from 1.17.6-alpine3.14 to 1.17.7-alpine3.14. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump google.golang.org/api from 0.68.0 to 0.69.0 Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.68.0 to 0.69.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.68.0...v0.69.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.1 to 3.4.2 Bumps [github.com/go-ldap/ldap/v3](https://github.com/go-ldap/ldap) from 3.4.1 to 3.4.2. - [Release notes](https://github.com/go-ldap/ldap/releases) - [Commits](go-ldap/ldap@v3.4.1...v3.4.2) --- updated-dependencies: - dependency-name: github.com/go-ldap/ldap/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump google.golang.org/api from 0.69.0 to 0.70.0 Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.69.0 to 0.70.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.69.0...v0.70.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump actions/checkout from 2 to 3 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump github.com/russellhaering/goxmldsig Bumps [github.com/russellhaering/goxmldsig](https://github.com/russellhaering/goxmldsig) from 1.1.1 to 1.2.0. - [Release notes](https://github.com/russellhaering/goxmldsig/releases) - [Commits](russellhaering/goxmldsig@v1.1.1...v1.2.0) --- updated-dependencies: - dependency-name: github.com/russellhaering/goxmldsig dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * feat: Add acr_values support for OIDC Signed-off-by: Engin Diri <engin.diri@mail.schwarz> * build(deps): bump golang from 1.17.7-alpine3.14 to 1.17.8-alpine3.14 Bumps golang from 1.17.7-alpine3.14 to 1.17.8-alpine3.14. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix: Implicit Grant discovery Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> * build(deps): bump github.com/spf13/cobra from 1.3.0 to 1.4.0 Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.3.0 to 1.4.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md) - [Commits](spf13/cobra@v1.3.0...v1.4.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.0 to 1.7.1. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.7.0...v1.7.1) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump alpine from 3.15.0 to 3.15.1 Bumps alpine from 3.15.0 to 3.15.1. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore: update alpine version Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * build(deps): bump alpine from 3.15.1 to 3.15.3 Bumps alpine from 3.15.1 to 3.15.3. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump google.golang.org/api from 0.70.0 to 0.74.0 Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.70.0 to 0.74.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.70.0...v0.74.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump alpine from 3.15.3 to 3.15.4 Bumps alpine from 3.15.3 to 3.15.4. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0 Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.27.1 to 1.28.0. - [Release notes](https://github.com/protocolbuffers/protobuf-go/releases) - [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash) - [Commits](protocolbuffers/protobuf-go@v1.27.1...v1.28.0) --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * feat: update entgo library Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * feat: update generated storage files Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * feat: use the new atlas engine for migrations Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * fix: define milisecond precision for postgres Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * revert: atlas and precision change Looks like Atlas (the new migration library under Ent) cannot handle precision properly. An issue has been reported to Ent: ent/ent#2454 Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * build(deps): bump aquasecurity/trivy-action from 0.2.2 to 0.2.3 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.2.2 to 0.2.3. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.2.2...0.2.3) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump actions/setup-go from 2 to 3 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2 to 3. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v2...v3) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * feat: enable profiling endpoints Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> * Create setting to allow to trust the system root CAs Previously, when rootCA was set, the trusted system root CAs were ignored. Now, allow for both being able to be configured and used Signed-off-by: Daniel Haus <dhaus@redhat.com> * Remove external setting, enable injection of HTTP client to config. Signed-off-by: Daniel Haus <dhaus@redhat.com> * Bump Alpine to latest version Signed-off-by: Mattias Gees <mattias.gees@gmail.com> * ci: new docker image build Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * ci: wait for container images with container scan Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * ci: update trivy scan job Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * build: help dependabot detect base image versions Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * ci: build distroless images Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * ci: disable Docker job on push Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * fix: log only errors on refreshing Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> * ci: only enable the necessary platforms for emulation Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * build(deps): bump aquasecurity/trivy-action from 0.2.4 to 0.2.5 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.2.4 to 0.2.5. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.2.4...0.2.5) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Feature: groups in Gitea Signed-off-by: techknowlogick <techknowlogick@gitea.io> * revert: docker matrix build Apparently matrix builds don't work with the docker action. Only reference I found about the topic: docker/build-push-action#130 Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * revert: move container scan back to the container build step Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * ci: add docker metadata action Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * Add numeric user ID support for oauth connector Signed-off-by: Shuanglei Tao <tsl0922@gmail.com> * ci: use docker metadata for build input Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * build(deps): bump github/codeql-action from 1 to 2 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Fix unparam lint error in oauth_test Signed-off-by: Shuanglei Tao <tsl0922@gmail.com> * Remove google specific hd / hosted domain claim config Signed-off-by: Anthony Brandelli <abrandel@cisco.com> * chore: do not use caching for docker build Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> * Add support for IDPs that do not send ID tokens in the reply when using a refresh grant. Add tests for the aforementioned functionality. Signed-off-by: Anthony Brandelli <abrandel@cisco.com> * Fix issues to make the linter happy Signed-off-by: Anthony Brandelli <abrandel@cisco.com> * feat: add enhancement template Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> * Apply suggestions from code review Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> * fix: Move enhancements to the docs folder Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> * build(deps): bump docker/build-push-action from 2 to 3 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2 to 3. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v2...v3) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump docker/metadata-action from 3 to 4 Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 3 to 4. - [Release notes](https://github.com/docker/metadata-action/releases) - [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md) - [Commits](docker/metadata-action@v3...v4) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump docker/setup-qemu-action from 1 to 2 Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 1 to 2. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@v1...v2) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump docker/login-action from 1 to 2 Bumps [docker/login-action](https://github.com/docker/login-action) from 1 to 2. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v1...v2) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump docker/setup-buildx-action from 1 to 2 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 1 to 2. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v1...v2) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump lint timeout to reduce the number of failed executions Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> * build(deps): bump aquasecurity/trivy-action from 0.2.5 to 0.3.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.2.5 to 0.3.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.2.5...0.3.0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump alpine from 3.15.4 to 3.16.0 Bumps alpine from 3.15.4 to 3.16.0. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore: Go mod update 1.17 Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> * build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.2 to 3.5.4 Bumps [go.etcd.io/etcd/client/v3](https://github.com/etcd-io/etcd) from 3.5.2 to 3.5.4. - [Release notes](https://github.com/etcd-io/etcd/releases) - [Changelog](https://github.com/etcd-io/etcd/blob/main/Dockerfile-release.amd64) - [Commits](etcd-io/etcd@v3.5.2...v3.5.4) --- updated-dependencies: - dependency-name: go.etcd.io/etcd/client/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump google.golang.org/grpc from 1.45.0 to 1.46.2 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.45.0 to 1.46.2. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.45.0...v1.46.2) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump github.com/coreos/go-oidc/v3 from 3.1.0 to 3.2.0 Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/coreos/go-oidc/releases) - [Commits](coreos/go-oidc@v3.1.0...v3.2.0) --- updated-dependencies: - dependency-name: github.com/coreos/go-oidc/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump github.com/prometheus/client_golang Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.12.1 to 1.12.2. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.12.1...v1.12.2) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump github.com/felixge/httpsnoop from 1.0.2 to 1.0.3 Bumps [github.com/felixge/httpsnoop](https://github.com/felixge/httpsnoop) from 1.0.2 to 1.0.3. - [Release notes](https://github.com/felixge/httpsnoop/releases) - [Commits](felixge/httpsnoop@v1.0.2...v1.0.3) --- updated-dependencies: - dependency-name: github.com/felixge/httpsnoop dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump google.golang.org/api from 0.74.0 to 0.81.0 Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.74.0 to 0.81.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.74.0...v0.81.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump google.golang.org/grpc in /api/v2 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.44.0 to 1.46.2. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.44.0...v1.46.2) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * feat: upgrade Go to 1.18 Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * chore: upgrade linter Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * build(deps): bump google.golang.org/protobuf in /api/v2 Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.27.1 to 1.28.0. - [Release notes](https://github.com/protocolbuffers/protobuf-go/releases) - [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash) - [Commits](protocolbuffers/protobuf-go@v1.27.1...v1.28.0) --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore: fix lint violations Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * build(deps): bump golang from 1.18.0-alpine3.15 to 1.18.2-alpine3.15 Bumps golang from 1.18.0-alpine3.15 to 1.18.2-alpine3.15. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore: release note configuration Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * Add the comment about groups request notification Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> * Fixes dexidp#2537 Signed-off-by: Shivansh Vij <shivanshvij@outlook.com> * Updating test cases Fixes dexidp#2537 Signed-off-by: Shivansh Vij <shivanshvij@outlook.com> * build(deps): bump golang from 1.18.2-alpine3.15 to 1.18.3-alpine3.15 Bumps golang from 1.18.2-alpine3.15 to 1.18.3-alpine3.15. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump google.golang.org/api from 0.81.0 to 0.82.0 Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.81.0 to 0.82.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.81.0...v0.82.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump google.golang.org/grpc from 1.46.2 to 1.47.0 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.46.2 to 1.47.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.46.2...v1.47.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.1 to 1.7.2. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.7.1...v1.7.2) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): update grpc Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * chore: update gitignore Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> Co-authored-by: Bob Callaway <bob.callaway@gmail.com> Co-authored-by: Daniel Haus <dhaus@redhat.com> Co-authored-by: seuf <seuf76@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Engin Diri <engin.diri@mail.schwarz> Co-authored-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> Co-authored-by: Mattias Gees <mattias.gees@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Shuanglei Tao <tsl0922@gmail.com> Co-authored-by: Anthony Brandelli <abrandel@cisco.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Shivansh Vij <shivanshvij@loopholelabs.io> Co-authored-by: Bob Callaway <bcallaway@google.com>
DIMO-Network · Jun 27, 2022 · b6d0b93 · b6d0b93
1 parent 88d0de2
commit b6d0b93
Show file tree

Hide file tree

Showing 89 changed files with 1,847 additions and 892 deletions.
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -11,3 +11,7 @@ contact_links:
   - name: 💬 Slack channel
     url: https://cloud-native.slack.com/messages/dexidp
     about: Please ask and answer questions here
+
+  - name: 💡 Dex Enhancement Proposal
+    url: https://github.com/dexidp/dex/tree/master/enhancements/README.md
+    about: Open a proposal for significant architectural change
diff --git a/.github/ISSUE_TEMPLATE/feature_request.yaml b/.github/ISSUE_TEMPLATE/feature_request.yaml
@@ -1,4 +1,4 @@
-name: 🚀 Feature request
+name: 🎉 Feature request
 description: Suggest an idea for Dex
 body:
 - type: markdown

diff --git a/.github/release.yml b/.github/release.yml
@@ -0,0 +1,30 @@
+changelog:
+  exclude:
+    labels:
+      - release-note/ignore
+  categories:
+    - title: Exciting New Features 🎉
+      labels:
+        - kind/feature
+        - release-note/new-feature
+    - title: Enhancements 🚀
+      labels:
+        - kind/enhancement
+        - release-note/enhancement
+    - title: Bug Fixes 🐛
+      labels:
+        - kind/bug
+        - release-note/bug-fix
+    - title: Breaking Changes 🛠
+      labels:
+        - release-note/breaking-change
+    - title: Deprecations ❌
+      labels:
+        - release-note/deprecation
+    - title: Dependency Updates ⬆️
+      labels:
+        - area/dependencies
+        - release-note/dependency-update
+    - title: Other Changes
+      labels:
+        - "*"
diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml
@@ -0,0 +1,97 @@
+name: Artifacts
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - v[0-9]+.[0-9]+.[0-9]+
+  pull_request:
+
+jobs:
+  container-images:
+    name: Container images
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        variant:
+          - alpine
+          - distroless
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Gather metadata
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ghcr.io/dexidp/dex
+            dexidp/dex
+          flavor: |
+            latest = false
+          tags: |
+            type=ref,event=branch,enable=${{ matrix.variant == 'alpine' }}
+            type=ref,event=pr,enable=${{ matrix.variant == 'alpine' }}
+            type=semver,pattern={{raw}},enable=${{ matrix.variant == 'alpine' }}
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && matrix.variant == 'alpine' }}
+            type=ref,event=branch,suffix=-${{ matrix.variant }}
+            type=ref,event=pr,suffix=-${{ matrix.variant }}
+            type=semver,pattern={{raw}},suffix=-${{ matrix.variant }}
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }},suffix=-${{ matrix.variant }}
+          labels: |
+            org.opencontainers.image.documentation=https://dexidp.io/docs/
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: all
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ github.token }}
+        if: github.event_name == 'push'
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+        if: github.event_name == 'push'
+
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm/v7,linux/arm64
+          # cache-from: type=gha
+          # cache-to: type=gha,mode=max
+          push: ${{ github.event_name == 'push' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          build-args: |
+            BASE_IMAGE=${{ matrix.variant }}
+            VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
+            COMMIT_HASH=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
+            BUILD_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.3.0
+        with:
+          image-ref: "ghcr.io/dexidp/dex:${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}"
+          format: "sarif"
+          output: "trivy-results.sarif"
+        if: github.event_name == 'push'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: "trivy-results.sarif"
+        if: github.event_name == 'push'
diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml
@@ -0,0 +1,18 @@
+name: PR Checks
+
+on:
+  pull_request:
+    types: [opened, labeled, unlabeled, synchronize]
+
+jobs:
+  release-label:
+    name: Release note label
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check minimum labels
+        uses: mheap/github-action-required-labels@v1
+        with:
+          mode: minimum
+          count: 1
+          labels: "release-note/ignore, kind/feature, release-note/new-feature, kind/enhancement, release-note/enhancement, kind/bug, release-note/bug-fix, release-note/breaking-change, release-note/deprecation, area/dependencies, release-note/dependency-update"
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -62,12 +62,12 @@ jobs:
 
     steps:
       - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
         with:
-          go-version: 1.17
+          go-version: 1.18
 
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Start services
         run: docker-compose -f docker-compose.test.yaml up -d

diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml
@@ -35,11 +35,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -50,7 +50,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -64,4 +64,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,7 @@
 /.direnv/
 /.idea/
 /bin/
+/config.yaml
 /docker-compose.override.yaml
+/var/
 /vendor/
diff --git a/.golangci.yml b/.golangci.yml
@@ -1,5 +1,5 @@
 run:
-    timeout: 2m
+    timeout: 4m
 
 linters-settings:
     depguard:
@@ -45,13 +45,15 @@ linters:
         - structcheck
         - stylecheck
         - tparallel
-        - typecheck
         - unconvert
         - unparam
         - unused
         - varcheck
         - whitespace
 
+        # Disable temporarily until everything works with Go 1.18
+        # - typecheck
+
         # TODO: fix linter errors before enabling
         # - exhaustivestruct
         # - gochecknoglobals

diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
-ARG BASEIMAGE=alpine:3.15.0
+ARG BASE_IMAGE=alpine
 
-FROM golang:1.17.6-alpine3.14 AS builder
+FROM golang:1.18.3-alpine3.15 AS builder
 
 WORKDIR /usr/local/src/dex
 
@@ -22,13 +22,13 @@ COPY . .
 
 RUN make release-binary
 
-FROM alpine:3.15.0 AS stager
+FROM alpine:3.16.0 AS stager
 
 RUN mkdir -p /var/dex
 RUN mkdir -p /etc/dex
 COPY config.docker.yaml /etc/dex/
 
-FROM alpine:3.15.0 AS gomplate
+FROM alpine:3.16.0 AS gomplate
 
 ARG TARGETOS
 ARG TARGETARCH
@@ -40,8 +40,11 @@ RUN wget -O /usr/local/bin/gomplate \
     "https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_${TARGETOS:-linux}-${TARGETARCH:-amd64}${TARGETVARIANT}" \
     && chmod +x /usr/local/bin/gomplate
 
+# For Dependabot to detect base image versions
+FROM alpine:3.16.0 AS alpine
+FROM gcr.io/distroless/static:latest AS distroless
 
-FROM $BASEIMAGE
+FROM $BASE_IMAGE
 
 # Dex connectors, such as GitHub and Google logins require root certificates.
 # Proper installations should manage those certificates, but it's a bad user

diff --git a/Makefile b/Makefile
@@ -117,7 +117,7 @@ proto-internal:
 	@protoc --go_out=paths=source_relative:. server/internal/*.proto
 
 # Dependency versions
-GOLANGCI_VERSION = 1.42.0
+GOLANGCI_VERSION = 1.46.0
 GOTESTSUM_VERSION ?= 1.7.0
 PROTOC_VERSION = 3.15.6
 PROTOC_GEN_GO_VERSION = 1.26.0

diff --git a/README.md b/README.md
@@ -75,11 +75,11 @@ Dex implements the following connectors:
 | [Google](https://dexidp.io/docs/connectors/google/) | yes | yes | yes | alpha | |
 | [LinkedIn](https://dexidp.io/docs/connectors/linkedin/) | yes | no | no | beta | |
 | [Microsoft](https://dexidp.io/docs/connectors/microsoft/) | yes | yes | no | beta | |
-| [AuthProxy](https://dexidp.io/docs/connectors/authproxy/) | no | no | no | alpha | Authentication proxies such as Apache2 mod_auth, etc. |
+| [AuthProxy](https://dexidp.io/docs/connectors/authproxy/) | no | yes | no | alpha | Authentication proxies such as Apache2 mod_auth, etc. |
 | [Bitbucket Cloud](https://dexidp.io/docs/connectors/bitbucketcloud/) | yes | yes | no | alpha | |
 | [OpenShift](https://dexidp.io/docs/connectors/openshift/) | no | yes | no | alpha | |
 | [Atlassian Crowd](https://dexidp.io/docs/connectors/atlassiancrowd/) | yes | yes | yes * | beta | preferred_username claim must be configured through config |
-| [Gitea](https://dexidp.io/docs/connectors/gitea/) | yes | no | yes | alpha | |
+| [Gitea](https://dexidp.io/docs/connectors/gitea/) | yes | no | yes | beta | |
 | [OpenStack Keystone](https://dexidp.io/docs/connectors/keystone/) | yes | yes | no | alpha | |
 
 Stable, beta, and alpha are defined as:

diff --git a/api/v2/go.mod b/api/v2/go.mod
@@ -3,14 +3,14 @@ module github.com/dexidp/dex/api/v2
 go 1.17
 
 require (
-	google.golang.org/grpc v1.44.0
-	google.golang.org/protobuf v1.27.1
+	google.golang.org/grpc v1.47.0
+	google.golang.org/protobuf v1.28.0
 )
 
 require (
 	github.com/golang/protobuf v1.5.2 // indirect
-	golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect
-	golang.org/x/sys v0.0.0-20220207234003-57398862261d // indirect
+	golang.org/x/net v0.0.0-20220607020251-c690dde0001d // indirect
+	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
 	golang.org/x/text v0.3.7 // indirect
-	google.golang.org/genproto v0.0.0-20220207185906-7721543eae58 // indirect
+	google.golang.org/genproto v0.0.0-20220602131408-e326c6e8e9c8 // indirect
 )