Setup SATOSA

.dockerignore

@@ -11,7 +11,7 @@ venv
 **/.DS_Store
 
 # Docker
-docker compose.*
+docker-compose.*
 env.d
 
 # Docs
@@ -20,7 +20,6 @@ docs
 *.log
 
 # Development/test cache & configurations
-data
 .cache
 .circleci
 .git

.github/workflows/oidc2fer.yml

@@ -62,16 +62,19 @@ jobs:
     runs-on: ubuntu-latest
     defaults:
       run:
-        working-directory: src/backend
+        working-directory: src/satosa
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
       - name: Install Python
         uses: actions/setup-python@v3
         with:
-          python-version: '3.10'
+          python-version: '3.11'
       - name: Install development dependencies
-        run: pip install --user .[dev]
+        run: |
+          # Python's xmlsec requirement
+          sudo apt-get update -y -q && sudo apt-get install -y -q xmlsec1 libxmlsec1-dev
+          pip install --user .[dev]
       - name: Check code formatting with ruff
         run: ~/.local/bin/ruff format . --diff
       - name: Lint code with ruff
@@ -83,89 +86,19 @@ jobs:
     runs-on: ubuntu-latest
     defaults:
       run:
-        working-directory: src/backend
-
-    services:
-      postgres:
-        image: postgres:16
-        env:
-          POSTGRES_DB: oidc2fer
-          POSTGRES_USER: dinum
-          POSTGRES_PASSWORD: pass
-        ports:
-          - 5432:5432
-        # needed because the postgres container does not provide a healthcheck
-        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
-
-    env:
-      DJANGO_CONFIGURATION: Test
-      DJANGO_SETTINGS_MODULE: oidc2fer.settings
-      DJANGO_SECRET_KEY: ThisIsAnExampleKeyForTestPurposeOnly
-      OIDC_OP_JWKS_ENDPOINT: /endpoint-for-test-purpose-only
-      DB_HOST: localhost
-      DB_NAME: oidc2fer
-      DB_USER: dinum
-      DB_PASSWORD: pass
-      DB_PORT: 5432
+        working-directory: src/satosa
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
-      - name: Create writable /data
-        run: |
-          sudo mkdir -p /data/media && \
-          sudo mkdir -p /data/static
       - name: Install Python
         uses: actions/setup-python@v3
         with:
-          python-version: '3.10'
+          python-version: '3.11'
       - name: Install development dependencies
-        run: pip install --user .[dev]
-      - name: Install gettext (required to compile messages)
         run: |
-          sudo apt-get update
-          sudo apt-get install -y gettext
-      - name: Generate a MO file from strings extracted from the project
-        run: python manage.py compilemessages
+          # Python's xmlsec requirement
+          sudo apt-get update -y -q && sudo apt-get install -y -q xmlsec1 libxmlsec1-dev
+          pip install --user .[dev]
       - name: Run tests
-        run: ~/.local/bin/pytest -n 2
-
-  i18n-crowdin:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v2
-
-      - name: Install gettext (required to make messages)
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y gettext
-
-      - name: Install Python
-        uses: actions/setup-python@v3
-        with:
-          python-version: '3.10'
-
-      - name: Install development dependencies
-        working-directory: src/backend
-        run: pip install --user .[dev]
-
-      - name: Generate the translation base file
-        run: ~/.local/bin/django-admin makemessages --keep-pot --all
-
-      - name: Load sops secrets
-        uses: rouja/actions-sops@main
-        with:
-          secret-file: .github/workflows/secrets.enc.env
-          age-key: ${{ secrets.SOPS_PRIVATE }}
-
-      - name: Upload files to Crowdin
-        run: |
-          docker run \
-          --rm \
-          -e CROWDIN_API_TOKEN=$CROWDIN_API_TOKEN \
-          -e CROWDIN_PROJECT_ID=$CROWDIN_PROJECT_ID \
-          -e CROWDIN_BASE_PATH=$CROWDIN_BASE_PATH \
-          -v "${{ github.workspace }}:/app" \
-          crowdin/cli:3.16.0 \
-          crowdin upload sources -c /app/crowdin/config.yml
+        run: ~/.local/bin/pytest

.gitignore

@@ -47,12 +47,6 @@ env.d/terraform
 # npm
 node_modules
 
-# Mails
-src/backend/core/templates/mail/
-
-# Typescript client
-src/frontend/tsclient
-
 # Swagger
 **/swagger.json
 
@@ -71,9 +65,6 @@ src/frontend/tsclient
 db.sqlite3
 .mypy_cache
 
-# Site media
-/data/
-
 # IDEs
 .idea/
 .vscode/

CHANGELOG.md

@@ -7,3 +7,4 @@ and this project adheres to
 [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+- install SATOSA

Dockerfile

@@ -1,5 +1,3 @@
-# Django OIDC2FER
-
 # ---- base image to inherit from ----
 FROM python:3.11-slim-bookworm as base
 
@@ -10,6 +8,7 @@ RUN apt-get update && \
     apt-get install -y \
         pkg-config \
         gcc \
+        xmlsec1 \
         libxml2-dev \
         libxmlsec1-dev \
         libxmlsec1-openssl && \
@@ -24,37 +23,11 @@ FROM base as back-builder
 WORKDIR /builder
 
 # Copy required python dependencies
-COPY ./src/backend /builder
+COPY ./src/satosa /builder
 
 RUN mkdir /install && \
   pip install --prefix=/install .
 
-# ---- static link collector ----
-FROM base as link-collector
-ARG OIDC2FER_STATIC_ROOT=/data/static
-
-# Install rdfind
-RUN apt-get update && \
-    apt-get install -y \
-      rdfind && \
-    rm -rf /var/lib/apt/lists/*
-
-# Copy installed python dependencies
-COPY --from=back-builder /install /usr/local
-
-# Copy oidc2fer application (see .dockerignore)
-COPY ./src/backend /app/
-
-WORKDIR /app
-
-# collectstatic
-RUN DJANGO_CONFIGURATION=Build DJANGO_JWT_PRIVATE_SIGNING_KEY=Dummy \
-    python manage.py collectstatic --noinput
-
-# Replace duplicated file by a symlink to decrease the overall size of the
-# final image
-RUN rdfind -makesymlinks true -followsymlinks true -makeresultsfile false ${OIDC2FER_STATIC_ROOT}
-
 # ---- Core application image ----
 FROM base as core
 
@@ -78,7 +51,7 @@ RUN chmod g=u /etc/passwd
 COPY --from=back-builder /install /usr/local
 
 # Copy oidc2fer application (see .dockerignore)
-COPY ./src/backend /app/
+COPY ./src/satosa /app/
 
 WORKDIR /app
 
@@ -87,17 +60,26 @@ WORKDIR /app
 # ID.
 ENTRYPOINT [ "/usr/local/bin/entrypoint" ]
 
+# ---- Production image ----
+FROM core as production
+
+# Gunicorn
+RUN mkdir -p /usr/local/etc/gunicorn
+COPY docker/files/usr/local/etc/gunicorn/satosa.py /usr/local/etc/gunicorn/satosa.py
+
+# Un-privileged user running the application
+ARG DOCKER_USER
+USER ${DOCKER_USER}
+
+# The default command runs gunicorn WSGI server in satosa's main module
+CMD ["gunicorn", "-c", "/usr/local/etc/gunicorn/satosa.py", "satosa.wsgi:app"]
+
 # ---- Development image ----
-FROM core as development
+FROM production as development
 
 # Switch back to the root user to install development dependencies
 USER root:root
 
-# Install psql
-RUN apt-get update && \
-    apt-get install -y postgresql-client && \
-    rm -rf /var/lib/apt/lists/*
-
 # Uninstall oidc2fer and re-install it in editable mode along with development
 # dependencies
 RUN pip uninstall -y oidc2fer
@@ -106,30 +88,3 @@ RUN pip install -e .[dev]
 # Restore the un-privileged user running the application
 ARG DOCKER_USER
 USER ${DOCKER_USER}
-
-# Target database host (e.g. database engine following docker compose services
-# name) & port
-ENV DB_HOST=postgresql \
-    DB_PORT=5432
-
-# Run django development server
-CMD python manage.py runserver 0.0.0.0:8000
-
-# ---- Production image ----
-FROM core as production
-
-ARG OIDC2FER_STATIC_ROOT=/data/static
-
-# Gunicorn
-RUN mkdir -p /usr/local/etc/gunicorn
-COPY docker/files/usr/local/etc/gunicorn/oidc2fer.py /usr/local/etc/gunicorn/oidc2fer.py
-
-# Un-privileged user running the application
-ARG DOCKER_USER
-USER ${DOCKER_USER}
-
-# Copy statics
-COPY --from=link-collector ${OIDC2FER_STATIC_ROOT} ${OIDC2FER_STATIC_ROOT}
-
-# The default command runs gunicorn WSGI server in oidc2fer's main module
-CMD gunicorn -c /usr/local/etc/gunicorn/oidc2fer.py oidc2fer.wsgi:application