* Add new `VERSION` to `docker_migrate.sh` script
* Add missing `SAML_KEYFILE_PATH` and `SAML_CERTFILE_PATH` env vars to
migrate script
* Add missing `PHOENIX_PORT` var
* Bump Elixir to 1.14.3
* Bump Erlang to 25.2.1
* Update docs to document new VERSION var in docker-compose.yml upgrade
mechanism
Fixes#1395
Regression was introduced in #1350: the path order did not allow auth
callback to be ever called.
Additionally, acceptance tests for SAML are added and we added a
blacklist of SAML config ids to prevent further route collisions.
Fixes#1362
Ref: #1316
This additionally adds static-analysis and type-check steps to `test`
workflow. Even though they run in a separate workflow I feel like we
might want to remove dialyzer from pre-commit hook as it sometimes takes
a lot of time, especially if you do checkout between branches that
change deps often and slows down when you commit rapidly.
1. `auto_create_users` default value is removed. We want to avoid
situations when admins integrate OIDC/SAML providers and don't expect
anyone that has access to it to automatically gain access to VPN, which
is especially critical for providers like Google Workspace, where all
employees typically have access.
2. OpenID library was completely rewritten and a new version is
integrated. It will allow async tests and better scales for the cloud
version of the panel.
3. `Mox` was removed, we don't test modules by overriding them to
prevent breaking changes that tests can't capture.
4. Deps are reordered and unused ones are removed.
5. Browser/e2e tests are added to ensure we won't break UI features in
the future, allowing for front-end refactoring.
6. Users context was overhauled for better code clarity.
1. The test data is taken from tests, you can override attributes by
adding keyword params to `doc` macro;
2. Additionally, you can add a section title using a `@moduledoc` in a
controller and a controller action title using `@doc` on a controller
function. (It will be added to all instances of its usage).
3. To make parameters nice a helper was added to build it using
`DocHelper`, you can find an example in UserController.
Overall, the code is messy, I'll need to revisit it, but was doing it in
a rush so hope it's good enough for v0.
Results you can see at https://firezone.docs.apiary.io/.
To generate it locally run `DOC=1 mix test
test/fz_http_web/controllers/json`.
Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
This PR also moves to `yarn` for docs package management for improved
speed, security, and developer experience. Docusaurus prefers yarn.
Refs firezone/marketing#126
Still [having
issues](https://github.com/firezone/firezone/actions/runs/3759257641)
with the Elixir cache.
Things tried that didn't work:
- Namespacing by branch name. Github does this already.
- Removing the `restore-keys` in order to only restore the cache if it's
a direct hit.
The `static_analysis` workflow runs `mix compile --force
--warnings-as-errors` which doesn't use the build cache, so it's
removed, which fixes the problem.
* Remove _build folders for umbrella apps
For umbrella apps everything goes into /_build directory so there no need to ignore directories that should never be created
* Change mix aliases to be more aligned with what OS community would expect
1. We want ecto.create and ecto.migrate to be run on each tests, this will simplify setup steps (no need to run migrations manually)
2. ecto.remigrate is not needed because now you can just run ecto.drop and on tests migrations would be executed anyways.
* Rename docker-compose step name in CONTRIBUTING.md
The step was renamed here: dd67baf629 (diff-67a4805fdcc6145d7b3ada2a6099a9b2e91c9d0fd108c22f95d2f01d219793d1R10)
* Remove .devcontainer
This an is opinionated change. Right now devcontainer doesn't work but should be easy to fix (with renaming step name), but at the same time it forces developers that use VS code to have unified development environment (including plugins for the editor itself).
I feel like it's not a good path to go for OS and for small team - everyone should be allowed to use setup they like. Especially for people like me that tend to recompile ls-elixir for Elixir plugin from master branch.
Plus it's yet another thing to maintain while nobody on the team is using it, which means it will be always causing issues.
* Make fz_http mix.exs aliases aligned with umbrella app ones
* Redirect stderr to stdout in a command called from dev.exs
Otherwise I'm getting this on my MacOS (that has a `route` implementation that doesn't show interfaces) when `mix phx.server` is executed:
```
usage: route [-dnqtv] command [[modifiers] args]
```
* Fix race condition due to static device field values
Both public_key and name are unique and we should not use static values for field covered by unique index, otherwise deadlocks and slow tests are expected.
* Remove unwanted transaction block
The changeset code doesn't have any code that accesses the database and individual Ecto.SQL commands are already wrapped in transactions by default, so there is no need to start it manually and hold for longer than expected (while irrelevant Elixir code is running).
* Use netstat to identify egress interface on MacOS
* Rename uninstall.sh to omnibus-uninstall.sh
* Fix uninstall path in omnibus_build.yml
* fix: disallow netmasks in devices' ip to prevent overlaps in firewall
/32 is still allowed for ipv4 and /128 is still allowed for ipv6.
No migration is needed since netmasks for devices ips were broken
before-hand.
* chore: rename `validate_single_ip` function and reword its error message
* Update pre-commit to allow slash
* fix restore cache
* Refactor a bit
* Fix clobbered restore-keys
* Break cache
Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
* 0.6.0
* Make OIDC and SAML user provisioning configurable per-provider (#1015)
* Got ugly migration to work
* Move auto_create_users to per-provider config
* Update deps to bust cache
* Update Process sleep
* Update docs with Auto create users
* working migration script (#1013)
* Add telem for Docker and SAML (#1020)
* Add telem for Docker and SAML
* Omit unneeded format
* Test docker prod build in CI
* Need uses
* Set build-args
* Split builds
* Fix build-args format
* wtf
* hmmm
* Jeebus
* build version based on drafted release
* Build multi-platform images
* Only build for supported platforms
* Use newer OTP fingers crossed
* Use OTP 24 for arm64
* Finalize test build of Docker image
* Update comment
* Bump to OTP 25.1
* Use proper ver
* D'oh proper sha
* Use OTP 24 and install python for node build
* Use new Docker base
* Use python3
* Use newly-built base images with other platform support
* Don't build for ppc64le and s390x
* Build only for amd64/arm64
* Don't rebuild on publish; simply copy
* See where the image is being pushed
* Remove echo
* Add docker updates
* Match platforms from base image
* Use docker-compose over docker compose
* Use our own base
* we need python3
* use consistent service name
* trim trailing slash from external_url
* Build for latest tag in staging
* Minor typo fixes
* cache node deps
* Remove unneeded script
* Remove unneeded script
* Remove redundant lint-docs step...
* Cache nodejs for static anal
* npm ci before use
* limit markdownlint to docs for now
* Move markdownlint config to root
* rename dockerfile
* use renamed dockerfile
* add Dockerfile.prod
* digest
* add publish image workflow
* add helper scripts
* start example docker compose
* fix workflow
* stage
* chmod
* stage
* nft
* must be root
* create path
* list address
* try alpine again
* remove nobody
* fix shared lib
* set wireguard endpoint
* config interface and route before starting server
* fix env var name
* move env var defaults into dockerfile
* persist private key
* migrate on start
* add create-or-reset-admin
* link env values
* clean up
* fix permission
* rename service
* add deploy
* persist pg data
* build version
* set version on build
* add gen_secrets
* fix typo
* move version to the end
* move up a little
* use map_join
* remove gen_secrets
* add gen-env
* cat
* gen more
* add telemetry
* Don't install erlang/elixir to embedded path; only used for build
* bump deps
* Use custom path
* More efforts to shrink final package size
* Change prefix
* fix path
