Merge pull request #55 from IDEM-GARR-AAI/master

New docker image, dockerfile and cie integration
italia · Jan 31, 2023 · 17c9f6d · 17c9f6d
2 parents 254ab6c + 3e224c0
commit 17c9f6d
Show file tree

Hide file tree

Showing 49 changed files with 4,822 additions and 1,118 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,7 @@
+# By default, ignore everything
+*
+# Add exception for the directories you actually want to include in the context
+!example
+!requirements.txt
+!oids.conf
+!build_spid_certs.sh
diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml
@@ -72,11 +72,10 @@ jobs:
         cd example
         spid_sp_test --idp-metadata > metadata/idp/spid-sp-test.xml
         spid_sp_test --metadata-url https://localhost:10000/spidSaml2/metadata --authn-url "http://localhost:8000/saml2/login/?idp=https://localhost:10000/Saml2IDP/metadata&next=/saml2/echo_attributes&idphint=https%253A%252F%252Flocalhost%253A8080" -ap spid_sp_test.plugins.authn_request.SatosaSaml2Spid --extra --debug ERROR -tr
-    # TODO - PR WiP for CIE id integration
-    # - name: spid-sp-test CIE id metadata
-      # run: |
-        # cd example
-        # spid_sp_test --profile cie-sp-public --metadata-url https://localhost:10000/cieSaml2/metadata
+    - name: spid-sp-test CIE id metadata
+      run: |
+        cd example
+        spid_sp_test --profile cie-sp-public --metadata-url https://localhost:10000/cieSaml2/metadata
     - name: spid-sp-test eIDAS FiCEP metadata
       run: |
         cd example

diff --git a/Dockerfile b/Dockerfile
@@ -1,19 +1,6 @@
-FROM alpine:3.12.3
-MAINTAINER Giuseppe De Marco <demarcog83@gmail.com>
-
-RUN apk update
-RUN apk add xmlsec libffi-dev libressl-dev python3 py3-pip python3-dev procps git openssl build-base gcc wget bash
+FROM alpine:3.13.5
 
 ENV BASEDIR="/satosa_proxy"
-COPY example/ $BASEDIR/
-COPY requirements.txt $BASEDIR/
-
-# demo certificates
-RUN mkdir $BASEDIR/pki/
-COPY oids.conf $BASEDIR/pki/
-COPY build_spid_certs.sh $BASEDIR/pki/
-WORKDIR $BASEDIR/pki/
-RUN chmod 755 $BASEDIR/pki/build_spid_certs.sh
 
 ENV COMMON_NAME="SPID example proxy"
 ENV LOCALITY_NAME="Roma"
@@ -24,24 +11,51 @@ ENV SPID_SECTOR="public"
 ENV URI="https://spid.proxy.example.org"
 ENV DAYS="7300"
 
-RUN $BASEDIR/pki/build_spid_certs.sh
+ENV SATOSA_DISCO_SRV="https://localhost:9999/disco.html"
 
-WORKDIR $BASEDIR/
-RUN pip3 install -r requirements.txt --ignore-installed
+RUN apk add --update --no-cache tzdata \
+ && cp /usr/share/zoneinfo/Europe/Rome /etc/localtime \
+ && echo "Europe/Rome" > /etc/timezone \
+ && apk del tzdata
 
-# Metadata
-RUN mkdir -p metadata/idp
-RUN mkdir -p metadata/sp
+COPY example/ $BASEDIR/
+COPY requirements.txt $BASEDIR/
+COPY oids.conf $BASEDIR/pki/
+COPY build_spid_certs.sh $BASEDIR/pki/
 
-# COPY Metadata
-ARG SP_METADATA_URL
-ARG IDP_METADATA_URL
-RUN wget $SP_METADATA_URL -O metadata/sp/my-sp.xml --no-check-certificate
-RUN wget $IDP_METADATA_URL -O metadata/idp/my-idp.xml --no-check-certificate
-RUN wget https://registry.spid.gov.it/metadata/idp/spid-entities-idps.xml -O metadata/idp/spid-entities-idps.xml
+RUN apk add --update xmlsec libffi-dev libressl-dev python3 py3-pip python3-dev procps git openssl build-base gcc wget bash jq \
+&& cd $BASEDIR/pki/ \
+&& chmod 755 $BASEDIR/pki/build_spid_certs.sh \
+&& $BASEDIR/pki/build_spid_certs.sh \
+&& cd $BASEDIR/ \
+&& pip3 install --upgrade pip \
+&& pip3 install yq \
+&& pip3 install -r requirements.txt --ignore-installed \
+&& wget https://registry.spid.gov.it/metadata/idp/spid-entities-idps.xml -O metadata/idp/spid-entities-idps.xml \
+&& adduser --disabled-password wert \
+&& chown -R  wert . \
+&& chmod +x run.sh
+
+USER wert
 
-RUN adduser --disabled-password wert
-RUN chown -R  wert .
+WORKDIR $BASEDIR/
 
-COPY demo-run.sh .
-CMD bash demo-run.sh
+CMD bash run.sh
+
+# Metadata params
+ARG BUILD_DATE
+ARG VERSION
+ARG VCS_URL="https://github.com/italia/Satosa-Saml2Spid.git"
+ARG VCS_REF
+ARG AUTHORS
+ARG VENDOR
+
+# Metadata : https://github.com/opencontainers/image-spec/blob/main/annotations.md
+LABEL org.opencontainers.image.authors=$AUTHORS \
+      org.opencontainers.image.vendor=$VENDOR \
+      org.opencontainers.image.title="Satosa-Saml2Spid" \
+      org.opencontainers.image.created=$BUILD_DATE \
+      org.opencontainers.image.version=$VERSION \
+      org.opencontainers.image.source=$VCS_URL \
+      org.opencontainers.image.revision=$VCS_REF \
+      org.opencontainers.image.description="Docker Image di Satosa-Saml2Spid."