System-End/identity-vault
1
0
Fork 0
mirror of https://github.com/System-End/identity-vault.git synced 2026-04-19 23:22:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
identity-vault/Dockerfile.worker
nora f02fceb531
VERSION. TWO. (#42) 
* INITIAL SAML SUPPORT WOO YEA BABEY

it works?

* wawa

* mwaow

* b

* WOAG

* mph

* bunch more stuff

* new OAuth screen

* add trust level to oauth apps

* [community oauth] new scopes, validate only some community ones

* bleh

* my info first pass

* sessions and 2fa

* oauth authorizations/revoke

* nuke sms

* fix drift

* remove hcid on ident#edit

* attack our rack?

* session fixation't

* first pass at stepup auth

* eye eighteen en

* fix brand

* think that does it for dev mode!

* add promote to full user button

* first crack at landing page

* better sessions

* better id edit

* better verf

* less css pass 1

* add phone no

* better cssed?

* securité

* switch from slocks

* HCA

* touch last seen at

* session fingerprinting

* improved?

* localize scopes

* add proper oauth welcome

* eepier tutorial

* how long was that like that?!

* common blankslate

* better addresses?

* [backend] fix reprovisioning and promotion

* improve addresses

* ICONS, BEAUTIFUL ICONS

* primary sidebar

* saml welcome?

* new totp flow?

* marginally better login sec

* better print for backup codes!

* MASSIVE LINT PASS

* autocompletes

* woops

* new staging

* actual login code txnl

* no more legacy slack account linking

* fake slack in staging

* no account yet?

* add samls for staging

* fix slack_staging

* lint

* frickin' xmlsec

* no validate keys ?

* AUGH

* ASGJHFGSDJFG

* shoot me

* aieeeee

* SCHEIßE

* no more attempt association on code

* believe in prefers-color-scheme

* fix verf icon

* nuke vestigial aadhaar functionality

thanks deployor!

* fix xmlsec on gh ci

* remove identity (#27)

* move idcon flashes to locale

* remove dead code impersonation logic

h/t ian!

* fix hx-confirm on delete address?

* add missing dev app locale key

* fix #28

* wait, i'm an idiot (#28)

* THERE WE GO

* add paper_trail to more stuff

* red delete btn

* more red delete btns

* THE AUDIT LOGS UPDATE

* yuge lint pass

* Fix icons (#33)

Some icons didn't have a fill nor a viewbox

* weh

* first pass at docs

* memoize docs, fix 404

* [docs] add crappy erb support

* support non-e+ flow

* fix no devmode locale

* DOCS DOCS DOCS

* tldr dev doc

* anti-clickjacking countdown (h/t @J-Meow)

* weh

* get rid of those, they do nothing for us

* dependent destroy

* find user via scim if ent

* save nav channel ids

* fix base onboarding scenario

* only unique among the living

* add SAML debug

* simplify legacy_email

* add UAT env

* we ARE

* add slack to uat

* no entity id?

* fix saml if logged out

* fix scim assignment?

* bring channels into config

* darn it

* try backoff on assign_to_workspace?? this feels problematic

* do the scim docs lie?

* that was dumb

* Revert "do the scim docs lie?"

This reverts commit 69310dbef9476f2103d7a8280966a7fdf732129b.

* Revert "try backoff on assign_to_workspace?? this feels problematic"

This reverts commit 7a5edd67aa3836df1f31d628566e9ea69589c269.

* this some bull shit

* internal tutorial by default

* 18 point something

* fixes: componentize login, no more viewcontext, parse sp-initiated saml better

* one return to.

* just send it

* fix replay bug

* fix URL in welcome docs page (#38)

* simplify login/signup flow, s/faq/terms + privacy

* no more H... we hardly knew you

* first pass at reddening

* red pt. 2

* she's red for an AMAZING reason

* lint pass

* fix tooled tips

* another docs pass

* initial pass at factorybotting docs

* scope diffing for api docs!

* wait we don't need a legend lol

* add verf status to community apps

* fricken lint

* make current_user not nomethod

* move are_we_enterprise_yet to a flipper flag

* improve slack racing

* allow not creating slack

* factorybot in prod for api docs!

* LOL, LMAO

* properly set owner on oauthorizations

* lint pass

* bypass age on existing users

* fix that...

---------

Co-authored-by: Leo <leo@wilkin.xyz>
Co-authored-by: Tom (Deployor) <129990841+deployor@users.noreply.github.com>
Co-authored-by: DaInfLoop <github@dainfloop.is-a.dev>
2025-11-24 10:52:27 -05:00

61 lines
No EOL
2.1 KiB
Text
Raw Blame History

# syntax=docker/dockerfile:1
# check=error=true
# This Dockerfile is designed for production, not development. Use with Kamal or build'n'run by hand:
# docker build -t identity_vault .
# docker run -d -p 80:80 -e RAILS_MASTER_KEY=<value from config/master.key> --name identity_vault identity_vault
# For a containerized dev environment, see Dev Containers: https://guides.rubyonrails.org/getting_started_with_devcontainer.html
# Make sure RUBY_VERSION matches the Ruby version in .ruby-version
ARG RUBY_VERSION=3.4.4
FROM docker.io/library/ruby:$RUBY_VERSION-slim AS base
# Rails app lives here
WORKDIR /rails
# Install base packages
RUN apt-get update -qq && \
apt-get install --no-install-recommends -y curl libjemalloc2 libvips imagemagick libheif-dev postgresql-client libffi-dev libxmlsec1-dev libxmlsec1 libxmlsec1-openssl && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
ENV BUNDLE_DEPLOYMENT="1" \
BUNDLE_PATH="/usr/local/bundle" \
BUNDLE_WITHOUT="development"
# Throw-away build stage to reduce size of final image
FROM base AS build
# Install packages needed to build gems
RUN apt-get update -qq && \
apt-get install --no-install-recommends -y curl libjemalloc2 libvips imagemagick libheif-dev postgresql-client libffi-dev build-essential git libpq-dev libyaml-dev pkg-config && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
# Install application gems
COPY Gemfile Gemfile.lock ./
RUN bundle install && \
rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git && \
bundle exec bootsnap precompile --gemfile
# Copy application code
COPY . .
# Precompile bootsnap code for faster boot times
RUN bundle exec bootsnap precompile app/ lib/
# Final stage for app image
FROM base
# Copy built artifacts: gems, application
COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
COPY --from=build /rails /rails
# Run and own only the runtime files as a non-root users for security
RUN groupadd --system --gid 1000 rails && \
useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
chown -R rails:rails db log storage tmp
USER 1000:1000
CMD ["bundle", "exec", "good_job", "start"]
Reference in a new issue View git blame Copy permalink