feat: Add gomplate to the docker image

Dockerfile

@@ -20,6 +20,18 @@ COPY . .
 
 RUN make release-binary
 
+FROM alpine:3.13.1 AS gomplate
+
+ARG TARGETOS
+ARG TARGETARCH
+ARG TARGETVARIANT
+ARG GOMPLATE_VERSION=v3.9.0
+
+RUN wget -O /usr/local/bin/gomplate \
+  "https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_${TARGETOS:-linux}-${TARGETARCH:-amd64}${TARGETVARIANT}" \
+  && chmod +x /usr/local/bin/gomplate
+
+
 FROM alpine:3.13.1
 
 # Dex connectors, such as GitHub and Google logins require root certificates.
@@ -32,11 +44,16 @@ RUN apk add --no-cache --update ca-certificates openssl
 RUN mkdir -p /var/dex
 RUN chown -R 1001:1001 /var/dex
 
+RUN mkdir -p /etc/dex
+COPY config.docker.yaml /etc/dex/config.docker.yaml
+RUN chown -R 1001:1001 /etc/dex
+
 # Copy module files for CVE scanning / dependency analysis.
 COPY --from=builder /usr/local/src/dex/go.mod /usr/local/src/dex/go.sum /usr/local/src/dex/
 COPY --from=builder /usr/local/src/dex/api/v2/go.mod /usr/local/src/dex/api/v2/go.sum /usr/local/src/dex/api/v2/
 
 COPY --from=builder /go/bin/dex /usr/local/bin/dex
+COPY --from=gomplate /usr/local/bin/gomplate /usr/local/bin/gomplate
 
 USER 1001:1001
 
@@ -46,6 +63,7 @@ COPY --from=builder /usr/local/src/dex/web /web
 
 USER 1001:1001
 
-ENTRYPOINT ["dex"]
+COPY docker-entrypoint.sh /
 
-CMD ["version"]
+ENTRYPOINT ["/docker-entrypoint.sh"]
+CMD ["serve", "/etc/dex/config.docker.yaml"]

config.docker.yaml

@@ -0,0 +1,46 @@
+issuer: {{ getenv "DEX_ISSUER" "http://127.0.0.1:5556/dex" }}
+
+storage:
+  type: sqlite3
+  config:
+    file: {{ getenv "DEX_STORAGE_SQLITE3_CONFIG_FILE" "/var/dex/dex.db" }}
+
+web:
+{{- if getenv "DEX_WEB_HTTPS" "" }}
+  https: {{ .Env.DEX_WEB_HTTPS }}
+  tlsKey: {{ getenv "DEX_WEB_TLS_KEY" | required "$DEX_WEB_TLS_KEY in case of web.https is enabled" }}
+  tlsCert: {{ getenv "DEX_WEB_TLS_CERT" | required "$DEX_WEB_TLS_CERT in case of web.https is enabled" }}
+{{- end }}
+  http: {{ getenv "DEX_WEB_HTTP" "0.0.0.0:5556" }}
+
+{{- if getenv "DEX_TELEMETRY_HTTP" }}
+telemetry:
+  http: {{ .Env.DEX_TELEMETRY_HTTP }}
+{{- end }}
+
+expiry:
+  deviceRequests: {{ getenv "DEX_EXPIRY_DEVICE_REQUESTS" "5m" }}
+  signingKeys: {{ getenv "DEX_EXPIRY_SIGNING_KEYS" "6h" }}
+  idTokens: {{ getenv "DEX_EXPIRY_ID_TOKENS" "24h" }}
+  authRequests: {{ getenv "DEX_EXPIRY_AUTH_REQUESTS" "24h" }}
+
+logger:
+  level: {{ getenv "DEX_LOG_LEVEL" "info" }}
+  format: {{ getenv "DEX_LOG_FORMAT" "text" }}
+
+oauth2:
+  responseTypes: {{ getenv "DEX_OAUTH2_RESPONSE_TYPES" "[code]" }}
+  skipApprovalScreen: {{ getenv "DEX_OAUTH2_SKIP_APPROVAL_SCREEN" "false" }}
+  alwaysShowLoginScreen: {{ getenv "DEX_OAUTH2_ALWAYS_SHOW_LOGIN_SCREEN" "false" }}
+{{- if getenv "DEX_OAUTH2_PASSWORD_CONNECTOR" "" }}
+  passwordConnector: {{ .Env.DEX_OAUTH2_PASSWORD_CONNECTOR }}
+{{- end }}
+
+enablePasswordDB: {{ getenv "DEX_ENABLE_PASSWORD_DB" "true" }}
+
+connectors:
+{{- if getenv "DEX_CONNECTORS_ENABLE_MOCK" }}
+- type: mockCallback
+  id: mock
+  name: Example
+{{- end }}

docker-entrypoint.sh

@@ -0,0 +1,31 @@
+#!/bin/sh -e
+
+### Usage: /docker-entrypoint.sh <command> <args>
+### * If command equals to "serve", config file for serving will be preprocessed using gomplate and saved to tmp dir.
+###   Example: docker-entrypoint.sh serve config.yaml = dex serve /tmp/dex-config.yaml-ABCDEFG
+### * If command is not in the list of known dex commands, it will be executed bypassing entrypoint.
+###   Example: docker-entrypoint.sh echo "Hello!" = echo "Hello!"
+
+command=$1
+
+case "$command" in
+  serve)
+    for file_candidate in $@ ; do
+      if test -f "$file_candidate"; then
+        tmpfile=$(mktemp /tmp/dex.config.yaml-XXXXXX)
+        gomplate -f "$file_candidate" -o "$tmpfile"
+
+        args="${args} ${tmpfile}"
+      else
+        args="${args} ${file_candidate}"
+      fi
+    done
+    exec dex $args
+    ;;
+  --help|-h|version)
+    exec dex $@
+    ;;
+  *)
+    exec $@
+    ;;
+esac