authentik/Dockerfile

FROM python:3.9-slim-buster as locker

COPY ./Pipfile /app/
COPY ./Pipfile.lock /app/

WORKDIR /app/

RUN pip install pipenv && \
    pipenv lock -r > requirements.txt && \
    pipenv lock -rd > requirements-dev.txt

FROM python:3.9-slim-buster

WORKDIR /
COPY --from=locker /app/requirements.txt /
COPY --from=locker /app/requirements-dev.txt /

RUN apt-get update && \
    apt-get install -y --no-install-recommends curl ca-certificates gnupg && \
    curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - && \
    echo "deb http://apt.postgresql.org/pub/repos/apt buster-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \
    apt-get update && \
    apt-get install -y --no-install-recommends postgresql-client-12 postgresql-client-11 build-essential libxmlsec1-dev pkg-config && \
    apt-get clean && \
    pip install -r /requirements.txt --no-cache-dir && \
    apt-get remove --purge -y build-essential && \
    apt-get autoremove --purge -y && \
    # This is quite hacky, but docker has no guaranteed Group ID
    # we could instead check for the GID of the socket and add the user dynamically,
    # but then we have to drop permmissions later
    groupadd -g 998 docker_998 && \
    groupadd -g 999 docker_999 && \
    adduser --system --no-create-home --uid 1000 --group --home /authentik authentik && \
    usermod -a -G docker_998 authentik && \
    usermod -a -G docker_999 authentik && \
    mkdir /backups && \
    chown authentik:authentik /backups

COPY ./authentik/ /authentik
COPY ./pytest.ini /
COPY ./xml /
COPY ./manage.py /
COPY ./lifecycle/ /lifecycle

USER authentik
STOPSIGNAL SIGINT
ENV TMPDIR /dev/shm/
ENTRYPOINT [ "/lifecycle/bootstrap.sh" ]
root: upgrade to python3.9 2020-11-15 06:49:02 -08:00			`FROM python:3.9-slim-buster as locker`
docker: fix old dockerfiles being used, remove all gitlab references 2019-12-30 01:34:31 -08:00
			`COPY ./Pipfile /app/`
			`COPY ./Pipfile.lock /app/`

			`WORKDIR /app/`

			`RUN pip install pipenv && \`
			`pipenv lock -r > requirements.txt && \`
			`pipenv lock -rd > requirements-dev.txt`

root: upgrade to python3.9 2020-11-15 06:49:02 -08:00			`FROM python:3.9-slim-buster`
docker: fix old dockerfiles being used, remove all gitlab references 2019-12-30 01:34:31 -08:00
root: automate system migrations, move docker to lifecycle folder 2020-09-09 15:14:59 -07:00			`WORKDIR /`
			`COPY --from=locker /app/requirements.txt /`
			`COPY --from=locker /app/requirements-dev.txt /`
docker: fix old dockerfiles being used, remove all gitlab references 2019-12-30 01:34:31 -08:00
			`RUN apt-get update && \`
Backup/Restore (#256) * lifecycle: move s3 backup settings to s3 name * providers/oauth2: fix for alerting for missing certificatekeypair * lifecycle: add backup commands see #252 * lifecycle: install postgres-client for 11 and 12 * root: migrate to DBBACKUP_STORAGE_OPTIONS, add region setting * lifecycle: auto-clean last backups * helm: add s3 region parameter, add cronjob for backups * docs: add backup docs * root: remove backup scheduled task for now 2020-10-03 11:36:36 -07:00			`apt-get install -y --no-install-recommends curl ca-certificates gnupg && \`
			`curl https://www.postgresql.org/media/keys/ACCC4CF8.asc \| apt-key add - && \`
			`echo "deb http://apt.postgresql.org/pub/repos/apt buster-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \`
			`apt-get update && \`
root: fix missing libxmlsec1-dev pkg-config packages 2020-11-12 10:38:54 -08:00			`apt-get install -y --no-install-recommends postgresql-client-12 postgresql-client-11 build-essential libxmlsec1-dev pkg-config && \`
root: fix apt autoremove call 2020-09-27 12:07:29 -07:00			`apt-get clean && \`
			`pip install -r /requirements.txt --no-cache-dir && \`
Proxy v2 (#189) 2020-09-02 15:04:12 -07:00			`apt-get remove --purge -y build-essential && \`
root: fix apt autoremove call 2020-09-27 12:07:29 -07:00			`apt-get autoremove --purge -y && \`
root: fix docker permission error 2020-10-22 02:54:23 -07:00			`# This is quite hacky, but docker has no guaranteed Group ID`
			`# we could instead check for the GID of the socket and add the user dynamically,`
			`# but then we have to drop permmissions later`
			`groupadd -g 998 docker_998 && \`
			`groupadd -g 999 docker_999 && \`
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * : new sentry dsn tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject 2020-12-05 13:08:42 -08:00			`adduser --system --no-create-home --uid 1000 --group --home /authentik authentik && \`
			`usermod -a -G docker_998 authentik && \`
			`usermod -a -G docker_999 authentik && \`
root: fix permission denied error for backups 2020-10-26 11:07:08 -07:00			`mkdir /backups && \`
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * : new sentry dsn tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject 2020-12-05 13:08:42 -08:00			`chown authentik:authentik /backups`
use build image in docker to generate static files 2019-02-11 09:01:29 -08:00
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * : new sentry dsn tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject 2020-12-05 13:08:42 -08:00			`COPY ./authentik/ /authentik`
root: include pytest config in dockerfile for github tests 2020-11-15 15:41:40 -08:00			`COPY ./pytest.ini /`
*/saml: test against SAML Schema 2020-12-13 10:37:47 -08:00			`COPY ./xml /`
root: automate system migrations, move docker to lifecycle folder 2020-09-09 15:14:59 -07:00			`COPY ./manage.py /`
			`COPY ./lifecycle/ /lifecycle`
docker(minor): ensure passbook user can write 2019-10-07 12:23:38 -07:00
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * : new sentry dsn tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject 2020-12-05 13:08:42 -08:00			`USER authentik`
root: upgrade to python3.9 2020-11-15 06:49:02 -08:00			`STOPSIGNAL SIGINT`
outposts: add docker TLS authentication and verification 2020-11-18 15:53:33 -08:00			`ENV TMPDIR /dev/shm/`
root: automate system migrations, move docker to lifecycle folder 2020-09-09 15:14:59 -07:00			`ENTRYPOINT [ "/lifecycle/bootstrap.sh" ]`