Merge branch 'master' into srht

oauth2-proxy · Apr 10, 2024 · 71b25ed · 71b25ed
2 parents bb0a911 + fc701bf
commit 71b25ed
Show file tree

Hide file tree

Showing 81 changed files with 5,144 additions and 2,626 deletions.
diff --git a/.github/labeler.yml b/.github/labeler.yml
@@ -9,7 +9,7 @@ docs:
       - '**/*.md'
 
 changelog:
-  - cNhanged-files:
+  - changed-files:
     - any-glob-to-any-file:
       - 'CHAGELOG.md'
 

diff --git a/.github/renovate.json5 b/.github/renovate.json5
@@ -1,24 +1,58 @@
 {
   $schema: "https://docs.renovatebot.com/renovate-schema.json",
-  semanticCommits: "auto",
+  semanticCommits: "enabled",
+  schedule: [
+    "after 8am on sunday"
+  ],
+  prConcurrentLimit: 0,
+  prHourlyLimit: 0,
   enabledManagers: [
     "dockerfile",
+    "docker-compose",
     "gomod",
     "github-actions",
+    "helmv3",
     "npm",
     "regex",
   ],
+  packageRules: [
+    {
+      matchManagers: [
+        "dockerfile",
+        "docker-compose",
+        "gomod",
+        "helmv3",
+        "npm",
+      ],
+      groupName: "{{{manager}}}",
+    },
+    {
+      matchDepNames: [
+        "docker.io/library/golang",
+        "mcr.microsoft.com/vscode/devcontainers/go",
+      ],
+      groupName: "golang",
+    },
+  ],
   customManagers: [
     {
       customType: "regex",
       fileMatch: [
-        "^Makefile"
+        "^Makefile",
       ],
       matchStrings: [
         "DOCKER_BUILD_RUNTIME_IMAGE_ALPINE\\s+?\\?= alpine:(?<currentValue>.*)\\s"
       ],
       depNameTemplate: "alpine",
       datasourceTemplate: "docker",
     },
+    {
+      customType: "regex",
+      fileMatch: ["(^|/)\\.github/workflows/[^/]+\\.ya?ml$"],
+      matchStrings: [
+        "# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s+?[\\w\\s-]*?version: (?<currentValue>.*)\\s",
+        "# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s+?[\\w\\s]*?_VERSION: (?<currentValue>.*)\\s",
+      ],
+    },
   ],
 }
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -14,22 +14,28 @@ jobs:
   build:
     env:
       COVER: true
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
 
     - name: Check out code
       uses: actions/checkout@v4
 
-    - name: Set up Go 1.21
+    - name: Set up Go
       uses: actions/setup-go@v5
       with:
-        go-version: 1.21
+        # renovate: datasource=golang-version depName=golang
+        go-version: 1.21.6
       id: go
 
     - name: Get dependencies
+      env:
+        # renovate: datasource=github-tags depName=golangci/golangci-lint
+        GOLANGCI_LINT_VERSION: v1.55.2
+        # renovate: datasource=github-tags depName=codeclimate/test-reporter
+        CODECLIMATE_VERSION: v0.11.1
       run: |
-        curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.55.2
-        curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
+        curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION}
+        curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-${CODECLIMATE_VERSION}-linux-amd64 > ./cc-test-reporter
         chmod +x ./cc-test-reporter
 
     - name: Verify Code Generation
@@ -51,7 +57,7 @@ jobs:
         ./.github/workflows/test.sh
 
   docker:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
 
     - name: Check out code

diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml
@@ -56,7 +56,7 @@ jobs:
     - name: Setup node
       uses: actions/setup-node@v4
       with:
-        node-version: latest
+        node-version-file: docs/package.json
 
     - name: Update documentation
       run: |

diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml
@@ -22,6 +22,7 @@ jobs:
 
       - uses: actions/setup-node@v4
         with:
+          # renovate: datasource=node-version depName=node
           node-version: 20
           cache: npm
           cache-dependency-path: "./docs/package-lock.json"
@@ -40,6 +41,7 @@ jobs:
 
       - uses: actions/setup-node@v4
         with:
+          # renovate: datasource=node-version depName=node
           node-version: 20
 
       - name: Build docusaurus

diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
@@ -45,15 +45,17 @@ jobs:
     - name: Set up go
       uses: actions/setup-go@v5
       with:
-        go-version: 1.21
+        go-version-file: go.mod
 
     - name: Get dependencies
+      env:
+        GOLANGCI_LINT_VERSION: v1.55.2
       run: |
-        curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.50.0
+        curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION}
         curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
         chmod +x ./cc-test-reporter
 
-        # Install go depedencies
+        # Install go dependencies
         go mod download
 
     - name: Build Artifacts

diff --git a/.golangci.yml b/.golangci.yml
@@ -33,6 +33,7 @@ issues:
         - gocritic
         - gosec
         - goconst
+        - revive
     - path: _test\.go
       linters:
         - revive

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,18 @@
 
 ## Breaking Changes
 
+## Changes since v7.6.0
+
+- [#2539](https://github.com/oauth2-proxy/oauth2-proxy/pull/2539) pkg/http: Fix leaky test (@isodude)
+
+# V7.6.0
+
+## Release Highlights
+
+## Important Notes
+
+## Breaking Changes
+
 ## Changes since v7.5.1
 
 - [#2381](https://github.com/oauth2-proxy/oauth2-proxy/pull/2381) Allow username authentication to Redis cluster (@rossigee)

diff --git a/Dockerfile b/Dockerfile
@@ -5,7 +5,7 @@ ARG RUNTIME_IMAGE=gcr.io/distroless/static:nonroot
 #  cache sharing of the go mod download step.
 # Go cross compilation is also faster than emulation the go compilation across
 #  multiple platforms.
-FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.21-bookworm AS builder
+FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.22-bookworm AS builder
 
 # Copy sources
 WORKDIR $GOPATH/src/github.com/oauth2-proxy/oauth2-proxy

diff --git a/Makefile b/Makefile
@@ -51,7 +51,7 @@ DOCKER_BUILDX_PUSH            := $(DOCKER_BUILDX) --push
 DOCKER_BUILDX_PUSH_X_PLATFORM := $(DOCKER_BUILDX_PUSH) --platform ${DOCKER_BUILD_PLATFORM}
 
 DOCKER_BUILD_PLATFORM_ALPINE         ?= linux/amd64,linux/arm64,linux/ppc64le,linux/arm/v6,linux/arm/v7
-DOCKER_BUILD_RUNTIME_IMAGE_ALPINE    ?= alpine:3.19.0
+DOCKER_BUILD_RUNTIME_IMAGE_ALPINE    ?= alpine:3.19.1
 DOCKER_BUILDX_ARGS_ALPINE            ?= --build-arg RUNTIME_IMAGE=${DOCKER_BUILD_RUNTIME_IMAGE_ALPINE} --build-arg VERSION=${VERSION}
 DOCKER_BUILDX_X_PLATFORM_ALPINE      := docker buildx build ${DOCKER_BUILDX_ARGS_ALPINE} --platform ${DOCKER_BUILD_PLATFORM_ALPINE}
 DOCKER_BUILDX_PUSH_X_PLATFORM_ALPINE := $(DOCKER_BUILDX_X_PLATFORM_ALPINE) --push

diff --git a/README.md b/README.md
@@ -23,13 +23,14 @@ Going forward, all images shall be available at `quay.io/oauth2-proxy/oauth2-pro
 
 1.  Choose how to deploy:
 
-    a. Using a [Prebuilt Binary](https://github.com/oauth2-proxy/oauth2-proxy/releases) (current release is `v7.5.1`)
+    a. Using a [Prebuilt Binary](https://github.com/oauth2-proxy/oauth2-proxy/releases) (current release is `v7.6.0`)
 
     b. Using Go to install the latest release
     ```bash
     $ go install github.com/oauth2-proxy/oauth2-proxy/v7@latest
-    # which will put the binary in `$GOROOT/bin`
     ```
+    This will install the binary into `$GOPATH/bin`. Make sure you include `$GOPATH` in your `$PATH`. Otherwise your system won't find binaries installed via `go install`
+
     c. Using a [Prebuilt Docker Image](https://quay.io/oauth2-proxy/oauth2-proxy) (AMD64, PPC64LE, ARMv6, ARMv7, and ARM64 available)
 
     d. Using a [Pre-Release Nightly Docker Image](https://quay.io/oauth2-proxy/oauth2-proxy-nightly) (AMD64, PPC64LE, ARMv6, ARMv7, and ARM64 available)
@@ -43,9 +44,9 @@ Going forward, all images shall be available at `quay.io/oauth2-proxy/oauth2-pro
     oauth2-proxy-x.y.z.linux-amd64: OK
     ```
 
-2.  [Select a Provider and Register an OAuth Application with a Provider](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider)
-3.  [Configure OAuth2 Proxy using config file, command line options, or environment variables](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview)
-4.  [Configure SSL or Deploy behind a SSL endpoint](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/tls) (example provided for Nginx)
+2.  [Select a Provider and Register an OAuth Application with a Provider](https://oauth2-proxy.github.io/oauth2-proxy/configuration/providers/)
+3.  [Configure OAuth2 Proxy using config file, command line options, or environment variables](https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview)
+4.  [Configure SSL or Deploy behind a SSL endpoint](https://oauth2-proxy.github.io/oauth2-proxy/configuration/tls) (example provided for Nginx)
 
 
 ## Security
@@ -55,7 +56,7 @@ See [open redirect vulnerability](https://github.com/oauth2-proxy/oauth2-proxy/s
 
 ## Docs
 
-Read the docs on our [Docs site](https://oauth2-proxy.github.io/oauth2-proxy/docs/).
+Read the docs on our [Docs site](https://oauth2-proxy.github.io/oauth2-proxy/).
 
 ![OAuth2 Proxy Architecture](docs/static/img/architecture.svg)
 

diff --git a/contrib/local-environment/docker-compose-gitea.yaml b/contrib/local-environment/docker-compose-gitea.yaml
@@ -14,7 +14,7 @@ version: '3.0'
 services:
   oauth2-proxy:
     container_name: oauth2-proxy
-    image: gitea-oauth #quay.io/oauth2-proxy/oauth2-proxy:v7.5.1
+    image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
     command: --config /oauth2-proxy.cfg
     hostname: oauth2-proxy
     volumes:
@@ -42,7 +42,7 @@ services:
           - httpbin.localtest.me
 
   gitea:
-    image: gitea/gitea:latest
+    image: gitea/gitea:1.21.10
     container_name: gitea
     environment:
       - USER_UID=1000

diff --git a/contrib/local-environment/docker-compose-keycloak.yaml b/contrib/local-environment/docker-compose-keycloak.yaml
@@ -14,7 +14,7 @@ version: '3.0'
 services:
   oauth2-proxy:
     container_name: oauth2-proxy
-    image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1
+    image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
     command: --config /oauth2-proxy.cfg
     hostname: oauth2-proxy
     volumes:
@@ -43,7 +43,7 @@ services:
 
   keycloak:
     container_name: keycloak
-    image: jboss/keycloak:10.0.0
+    image: jboss/keycloak:10.0.2
     hostname: keycloak
     command:
       [

diff --git a/contrib/local-environment/docker-compose-nginx.yaml b/contrib/local-environment/docker-compose-nginx.yaml
@@ -30,7 +30,7 @@ services:
       oauth2-proxy: {}
   nginx:
     container_name: nginx
-    image: nginx:1.18
+    image: nginx:1.25
     restart: unless-stopped
     ports:
       - 80:80/tcp

diff --git a/contrib/local-environment/docker-compose-traefik.yaml b/contrib/local-environment/docker-compose-traefik.yaml
@@ -33,7 +33,7 @@ services:
   # Reverse proxy
   gateway:
     container_name: traefik
-    image: traefik:2.4.2
+    image: traefik:2.11.0
     volumes:
       - "./traefik:/etc/traefik"
     ports:

diff --git a/contrib/local-environment/docker-compose.yaml b/contrib/local-environment/docker-compose.yaml
@@ -13,7 +13,7 @@ version: '3.0'
 services:
   oauth2-proxy:
     container_name: oauth2-proxy
-    image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1
+    image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
     command: --config /oauth2-proxy.cfg
     hostname: oauth2-proxy
     volumes:
@@ -29,7 +29,7 @@ services:
       - httpbin
   dex:
     container_name: dex
-    image: ghcr.io/dexidp/dex:v2.30.3
+    image: ghcr.io/dexidp/dex:v2.39.0
     command: dex serve /dex.yaml
     hostname: dex
     volumes:
@@ -55,7 +55,7 @@ services:
           - httpbin.localtest.me
   etcd:
     container_name: etcd
-    image: gcr.io/etcd-development/etcd:v3.4.7
+    image: gcr.io/etcd-development/etcd:v3.5.13
     entrypoint: /usr/local/bin/etcd
     command:
       - --listen-client-urls=http://0.0.0.0:2379
-Original file line number
+Diff line change
@@ Expand Up / @@ -33,6 +33,7 @@ issues: @@
             - gocritic
             - gosec
             - goconst
+            - revive
         - path: _test\.go
           linters:
             - revive
@@ Expand Down @@