diff --git a/.forgejo/workflows/build.yaml b/.forgejo/workflows/build.yaml
index 5a0bcc2..53c75fe 100644
--- a/.forgejo/workflows/build.yaml
+++ b/.forgejo/workflows/build.yaml
@@ -3,7 +3,7 @@ on:
workflow_dispatch:
inputs:
build:
- description: "Build package"
+ description: "Build package and container"
required: true
default: false
type: boolean
@@ -70,3 +70,40 @@ jobs:
- name: Publish
if: fromJSON(steps.builder.outputs.run)
run: pnpm publish --no-git-checks
+ continue-on-error: true
+
+ - name: Build container
+ if: fromJSON(steps.builder.outputs.run)
+ uses: actions/buildah-build@v1
+ with:
+ image: oidc-vue-test
+ oci: true
+ labels: oidc-vue-test
+ tags: latest ${{ steps.version.outputs.version }}
+ containerfiles: |
+ ./Containerfile
+ build-args: |
+ APP_VERSION=${{ steps.version.outputs.version }}
+
+ - name: Workaround for bug of podman-login
+ if: fromJSON(steps.builder.outputs.run)
+ run: |
+ mkdir -p $HOME/.docker
+ echo "{ \"auths\": {} }" > $HOME/.docker/config.json
+
+ - name: Log in to container registry (with another workaround)
+ if: fromJSON(steps.builder.outputs.run)
+ uses: actions/podman-login@v1
+ with:
+ registry: ${{ vars.REGISTRY }}
+ username: ${{ secrets.REGISTRY_USER }}
+ password: ${{ secrets.REGISTRY_PASSWORD }}
+ auth_file_path: /tmp/auth.json
+
+ - name: Push the image to the registry
+ if: fromJSON(steps.builder.outputs.run)
+ uses: actions/push-to-registry@v2
+ with:
+ registry: "docker://${{ vars.REGISTRY }}/${{ vars.ORGANISATION }}"
+ image: oidc-vue-test
+ tags: latest ${{ steps.version.outputs.version }}
diff --git a/Containerfile b/Containerfile
index e9815a2..f5612bd 100644
--- a/Containerfile
+++ b/Containerfile
@@ -1,3 +1,5 @@
FROM docker.io/nginx:alpine
-COPY ./dist /usr/share/nginx/html
+COPY ./dist /usr/share/nginx/html/oidc-test-web
+
+CMD ["nginx", "-g", "daemon off;"]
diff --git a/README.md b/README.md
index 77693ed..271f522 100644
--- a/README.md
+++ b/README.md
@@ -2,24 +2,123 @@
Small web app for experimenting a web app with a Keycloak auth server.
-It is a sibbling of the server version (oidc-test)[philorg/oidc-fastapi-test],
+It is a sibling of the server version [oidc-test](philorg/oidc-fastapi-test),
which acts also as a resource server.
-Live demo: https://philo.ydns.eu/oidc-test-web:
+Live demo: <https://philo.ydns.eu/oidc-test-web>:
+
- configured with a test realm on a private Keycloak instance
- 2 users are defined: foo (foofoo) and bar (barbar).
-## Deployment
+**Note**: decoding tokens requires the use of cryto extension,
+that web browsers allow only with a secured connection (https).
-In a container:
+## Configuration
+
+The app expects that a `settings.json` file is available on the server
+at the app's base url.
+
+For example:
+
+```json
+{
+ "keycloakUri": "https://keycloak.your.domain",
+ "realm": "test",
+ "authProvider": "keycloak",
+ "sso": false,
+ "clientId": "oidc-test-web",
+ "tokenSandbox": true,
+ "resourceServerUrl": "https://someserver.your.domain/resourceBaseUrl",
+ "resourceScopes": [
+ "get:time",
+ "get:bs"
+ ],
+ "resourceProviders": {
+ "resourceProvider1": {
+ "name": "Third party 1",
+ "baseUrl": "https://otherserver.your.domain/resources/",
+ "verifySSL": true,
+ "resources": {
+ "public": {
+ "name": "A public resource",
+ "url": "resource/public"
+ },
+ "bs": {
+ "name": "A secured resource, eg by scope",
+ "url": "resource/secured1"
+ },
+ "time": {
+ "name": "Another secured resource, eg by role",
+ "url": "resource/secured2"
+ }
+ }
+ }
+ }
+}
+```
+
+## Build
+
+For generating a `dist` directory ready to be copied to a web server
+static data tree, it's a straightforward:
+
+```sh
+pnpm run build
+```
+
+Eventually specify a `base url` (eg. accessible from `https://for.example.com/oidc-test-web`):
```sh
pnpm run build --base oidc-test-web
-podman run -it --rm -p 8874:80 -v ./dist:/usr/share/nginx/html/oidc-test-web docker.io/nginx:alpine
+```
+
+## Deployment
+
+Examples of deployment are presented below.
+
+- Using the nginx default container, from the development source tree:
+
+```sh
+podman run -it --rm -p 8874:80 -v ./dist:/usr/share/nginx/html/oidc-test-web -v ./settings.json:/usr/share/nginx/html/oidc-test-web/settings.json docker.io/nginx:alpine
+```
+
+- The build is packaged in a provided container (see *pakcages*), serving with the `/oidc-test-web` base url:
+
+```sh
+podman run -it --rm -p 8874:80 -v ./settings.json:/usr/share/nginx/html/oidc-test-web/settings.json code.philo.ydns.eu/philorg/oidc-vue-test:latest
+```
+
+- A *quadlet* *systemd* service, in `~/.config/containers/systemd/oidc-vue-test.container`:
+
+```systemd
+[Container]
+ContainerName=oidc-vue-test
+Image=code.philo.ydns.eu/philorg/oidc-vue-test:latest
+Mount=type=bind,source=/path/to/settings.json,destination=/usr/share/nginx/html/oidc-test-web/settings.json
+PublishPort=8874:80
+
+[Service]
+Restart=always
+RestartSec=5
+
+[Unit]
+After=podman-user-wait-network-online.service
+
+[Install]
+WantedBy=default.target
+```
+
+Run with:
+
+```sh
+systemctl --user daemon-reload
+systemcrl --user start oidc-vue-test
```
## Frontend
+YMMV, easy with *Caddy*:
+
```Caddyfile
handle /oidc-test-web {
reverse-proxy hostname.domainame:8874
diff --git a/package.json b/package.json
index ee57e60..360dd30 100644
--- a/package.json
+++ b/package.json
@@ -1,5 +1,5 @@
{
- "name": "oidc-text-web",
+ "name": "oidc-test-web",
"version": "0.0.0",
"type": "module",
"scripts": {