0.10.0

.gitignore

@@ -6,11 +6,12 @@
 tags
 client.config
 config/config.yaml
+config/notifier-config.yaml
 config/docker-config.yaml
 IP2LOCATION-LITE-DB1.IPV6.BIN
 /cmd/test
 generateDDL.sh
-dist/
+/dist/
 /mytoken-migratedb
 /docker/docker-compose.yaml
 /docker/db.env

.gitlab-ci-scripts/goreleaser.sh

@@ -1,3 +1,5 @@
+#!/bin/bash
+
 mkdir ../shared
 first=$(grep '^## ' -nm1 CHANGELOG.md | cut -d':' -f1); \
   second=$(grep '^## ' -nm2 CHANGELOG.md | tail -n1 | cut -d':' -f1); \
@@ -6,5 +8,13 @@ GORELEASER_CONFIG=".goreleaser.yml"
 if [ -n "$CI_COMMIT_TAG" ] && echo "$CI_COMMIT_TAG" | grep -qv '~'; then
 GORELEASER_CONFIG=".goreleaser-release.yml"
 fi
-goreleaser release -f $GORELEASER_CONFIG --release-notes ../shared/release.md
+GORELEASER_OPTIONS=""
+[[ "${CI_COMMIT_BRANCH}" != "${CI_DEFAULT_BRANCH}" ]] && {
+    [[ "${CI_COMMIT_BRANCH}" != "${PREREL_BRANCH_NAME}" ]] && {
+        # we're on devel
+        GORELEASER_OPTIONS="--skip docker"
+    }
+}
+
+goreleaser release -f $GORELEASER_CONFIG --release-notes ../shared/release.md --verbose ${GORELEASER_OPTIONS}
 ls -l results

.gitlab-ci-scripts/set-prerel-version.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 DEVSTRING="pr"
 VERSION_FILE=internal/model/version/VERSION
@@ -38,9 +38,17 @@ for R in $REMOTES; do
     MASTER_BRANCH="refs/remotes/${R}/${MASTER}"
     #echo "Master-branch: ${MASTER_BRANCH}"
     [ "x${R}" = "xorigin" ] && break
+    [ "x${R}" = "xcodebase" ] && break
 done
 
-PREREL=$(git rev-list --count HEAD ^"$MASTER_BRANCH")
+[[ "${DEVSTRING}" == "dev" ]] && {
+    [[ -z ${CI_JOB_ID} ]] || {
+        PREREL=${CI_JOB_ID}
+    }
+}
+[[ -z ${PREREL} ]] && {
+    PREREL=$(git rev-list --count HEAD ^"$MASTER_BRANCH")
+}
 
 # use version file:
 VERSION=$(cat "$VERSION_FILE")

.gitlab-ci-scripts/upload.sh

@@ -1,3 +1,4 @@
+#!/bin/bash
 
 REPO_TARGET="/prerel"
 if [ -n "$CI_COMMIT_TAG" ] && echo "$CI_COMMIT_TAG" | grep -qv '~'; then

.gitlab-ci.yml

@@ -1,15 +1,19 @@
 include:
   - 'https://codebase.helmholtz.cloud/m-team/tools/ci-voodoo/-/raw/master/ci-include/github-status-sync.yml'
+  - "https://codebase.helmholtz.cloud/m-team/tools/ci-voodoo/raw/master/ci-include/pipeline-jobs-publish-to-repo.yml"
+
 
 variables:
+  USE_GORELEASER: "true"
   UPSTREAM_PROJECT: oidc-mytoken/server
 
-image: golang:1.19
+image: golang:1.22
 stages:
   - build
   - test
   - lint
-  - release
+  - package
+  - publish
   - deploy
 
 default:
@@ -44,7 +48,7 @@ staticcheck:
 vet:
   stage: lint
   script:
-    - go vet ./...
+    - go vet -structtag=false ./...
 
 build_server:
   stage: build
@@ -61,19 +65,17 @@ build_migratedb:
   script:
     - go build github.com/oidc-mytoken/server/cmd/mytoken-server/mytoken-migratedb
 
-prerelease:
-  stage: release
+package:
+  stage: package
   image:
     name: goreleaser/goreleaser
     entrypoint: [ "" ]
   services:
     - docker:dind
-  only:
-    refs:
-      - tags
-      - prerel
-  tags:
-    - linux
+#  only:
+#    refs:
+#      - tags
+#      - prerel
   variables:
     GIT_STRATEGY: clone
     GIT_DEPTH: 0
@@ -83,13 +85,27 @@ prerelease:
   before_script:
     - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin "$DOCKER_REGISTRY"
   script:
-    - if [ -z "$CI_COMMIT_TAG" ]; then .gitlab-ci-scripts/set-prerel-version.sh; fi;
-    - .gitlab-ci-scripts/goreleaser.sh
-    - .gitlab-ci-scripts/upload.sh
+    - |
+      [[ "$CI_COMMIT_BRANCH" == "${PREREL_BRANCH_NAME}" ]] && {
+          echo "Running set-prerel-version"
+          .gitlab-ci-scripts/set-prerel-version.sh
+      }
+      [[ "$CI_COMMIT_BRANCH" != "${PREREL_BRANCH_NAME}" ]] && {
+          [[ "$CI_COMMIT_BRANCH" != "${CI_DEFAULT_BRANCH}" ]] && {
+              # we're on a devel branch
+              echo "Running set-devel-version"
+              .gitlab-ci-scripts/set-prerel-version.sh --devstring dev
+          }
+      }
+      .gitlab-ci-scripts/goreleaser.sh
+
+  artifacts:
+    paths:
+      - "results/*"
   after_script:
     - curl -d "repo=github.com/oidc-mytoken/server" https://goreportcard.com/checks
 
-deploy-dev:
+deploy-prerel:
   stage: deploy
   only:
     refs:
@@ -99,4 +115,4 @@ deploy-dev:
     - cp $KNOWN_HOSTS /root/.ssh/known_hosts
     - cp $DEPLOYMENT_SSH_KEY /root/.ssh/id_ed25519 && chmod 0600 /root/.ssh/id_ed25519
   script:
-    - ssh mytoken-dev.vm.fedcloud.eu
+    - ssh -4 mytoken.data.kit.edu

.goreleaser-release.yml

@@ -34,6 +34,16 @@ builds:
     flags:
       - -trimpath
     mod_timestamp: '{{ .CommitTimestamp }}'
+  - id: notifier-server
+    main: ./cmd/mytoken-server/mytoken-notifier-server
+    binary: mytoken-notifier-server
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+    flags:
+      - -trimpath
+    mod_timestamp: '{{ .CommitTimestamp }}'
 archives:
   - name_template: >-
       {{ .ProjectName }}_{{ .Version }}_
@@ -121,6 +131,28 @@ nfpms:
         file_name_template: >-
           {{ .PackageName }}-{{ .Version }}.
           {{- if eq .Arch "386" }}i386{{- else if eq .Arch "amd64" }}x86_64{{- else }}{{ .Arch }}{{ end }}
+  - id: notifier-pkg
+    package_name: mytoken-notifier-server
+    file_name_template: >-
+      {{ .PackageName }}_{{ .Version }}_
+      {{- if eq .Arch "386" }}i386{{- else }}{{ .Arch }}{{ end }}
+    builds:
+      - notifier-server
+    homepage: https://mytoken-docs.data.kit.edu/server
+    maintainer: Gabriel Zachmann <gabriel.zachmann@kit.edu>
+    description: A standalone notifier server for mytoken notifications
+    license: MIT
+    formats:
+      - deb
+      - rpm
+    release: "1"
+    section: misc
+    bindir: /usr/bin
+    overrides:
+      rpm:
+        file_name_template: >-
+          {{ .PackageName }}-{{ .Version }}.
+          {{- if eq .Arch "386" }}i386{{- else if eq .Arch "amd64" }}x86_64{{- else }}{{ .Arch }}{{ end }}
 dockers:
   - goos: linux
     goarch: amd64
@@ -170,6 +202,22 @@ dockers:
       - "--label=org.opencontainers.image.title=mytoken-migratedb"
       - "--label=org.opencontainers.image.revision={{.FullCommit}}"
       - "--label=org.opencontainers.image.version={{.Version}}"
+  - goos: linux
+    goarch: amd64
+    ids:
+      - notifier-server
+    image_templates:
+      - "oidcmytoken/mytoken-notifier-server:latest"
+      - "oidcmytoken/mytoken-notifier-server:{{ .Tag }}"
+      - "oidcmytoken/mytoken-notifier-server:v{{ .Major }}"
+      - "oidcmytoken/mytoken-notifier-server:v{{ .Major }}.{{ .Minor }}"
+    dockerfile: cmd/mytoken-server/mytoken-notifier-server/Dockerfile
+    build_flag_templates:
+      - "--pull"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.title=mytoken-notifier-server"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
 checksum:
   name_template: 'checksums.txt'
 snapshot:

.goreleaser.yml

@@ -34,6 +34,16 @@ builds:
     flags:
       - -trimpath
     mod_timestamp: '{{ .CommitTimestamp }}'
+  - id: notifier-server
+    main: ./cmd/mytoken-server/mytoken-notifier-server
+    binary: mytoken-notifier-server
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+    flags:
+      - -trimpath
+    mod_timestamp: '{{ .CommitTimestamp }}'
 archives:
   - name_template: >-
       {{ .ProjectName }}_{{ .Version }}_
@@ -121,13 +131,36 @@ nfpms:
         file_name_template: >-
           {{ .PackageName }}-{{ .Version }}.
           {{- if eq .Arch "386" }}i386{{- else if eq .Arch "amd64" }}x86_64{{- else }}{{ .Arch }}{{ end }}
+  - id: notifier-pkg
+    package_name: mytoken-notifier-server
+    file_name_template: >-
+      {{ .PackageName }}_{{ .Version }}_
+      {{- if eq .Arch "386" }}i386{{- else }}{{ .Arch }}{{ end }}
+    builds:
+      - notifier-server
+    homepage: https://mytoken-docs.data.kit.edu/server
+    maintainer: Gabriel Zachmann <gabriel.zachmann@kit.edu>
+    description: A standalone notifier server for mytoken notifications
+    license: MIT
+    formats:
+      - deb
+      - rpm
+    release: "1"
+    section: misc
+    bindir: /usr/bin
+    overrides:
+      rpm:
+        file_name_template: >-
+          {{ .PackageName }}-{{ .Version }}.
+          {{- if eq .Arch "386" }}i386{{- else if eq .Arch "amd64" }}x86_64{{- else }}{{ .Arch }}{{ end }}
 dockers:
   - goos: linux
     goarch: amd64
     ids:
       - server
     image_templates:
       - "oidcmytoken/mytoken-server:unstable"
+      - "oidcmytoken/mytoken-server:prerel"
       - "oidcmytoken/mytoken-server:{{ .Tag }}"
     dockerfile: cmd/mytoken-server/Dockerfile
     build_flag_templates:
@@ -142,6 +175,7 @@ dockers:
       - setup
     image_templates:
       - "oidcmytoken/mytoken-setup:unstable"
+      - "oidcmytoken/mytoken-setup:prerel"
       - "oidcmytoken/mytoken-setup:{{ .Tag }}"
     dockerfile: cmd/mytoken-server/mytoken-setup/Dockerfile
     build_flag_templates:
@@ -156,6 +190,7 @@ dockers:
       - migratedb
     image_templates:
       - "oidcmytoken/mytoken-migratedb:unstable"
+      - "oidcmytoken/mytoken-migratedb:prerel"
       - "oidcmytoken/mytoken-migratedb:{{ .Tag }}"
     dockerfile: cmd/mytoken-server/mytoken-migratedb/Dockerfile
     build_flag_templates:
@@ -164,6 +199,21 @@ dockers:
       - "--label=org.opencontainers.image.title=mytoken-migratedb"
       - "--label=org.opencontainers.image.revision={{.FullCommit}}"
       - "--label=org.opencontainers.image.version={{.Version}}"
+  - goos: linux
+    goarch: amd64
+    ids:
+      - notifier-server
+    image_templates:
+      - "oidcmytoken/mytoken-notifier-server:unstable"
+      - "oidcmytoken/mytoken-notifier-server:prerel"
+      - "oidcmytoken/mytoken-notifier-server:{{ .Tag }}"
+    dockerfile: cmd/mytoken-server/mytoken-notifier-server/Dockerfile
+    build_flag_templates:
+      - "--pull"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.title=mytoken-notifier-server"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
 checksum:
   name_template: 'checksums.txt'
 snapshot:

CHANGELOG.md

@@ -12,6 +12,59 @@
 <!-- ### Dependencies -->
 <!--  -->
 
+
+## mytoken 0.10.0
+
+### Features
+
+- Add support for notifications:
+  - Allows to create email notifications for various things
+  - Allows to calendar invites for token expirations
+  - Allows to create calendars and add token expirations to it; the ics feed can be subscribed to
+  - Allows to manage notifications on the web-interface
+- Add "Enforceable Restrictions"
+  - Depending on a user attribute different restriction templates can be
+    enforced
+- Add possibility to have an healthcheck endpoint
+
+### Enhancements
+
+- In the tokeninfo pane in the webinterface expired JWTs now get a more precise badge.
+- Improved on returning json errors instead of html on api paths
+- When not being logged in and no OP was selected now the 'Create new Mytoken' button in the webinterface is disabled.
+
+### Bugfixes
+
+- Fixed an issue with parallel access to refresh tokens if token rotation is used; this problem could for example
+  occur with EGI-checkin.
+- Fixed unwanted behavior: If a profile was used and changes to the mytoken
+  spec would be made in the consent screen that would narrow it down, the
+  profile would still be applied.
+- Fixed problems with the caching implementation.
+
+### Other
+
+- Changed CORP settings for `/api` and `/static` as this lead to problems with oidc-agent.
+
+### Dependencies
+
+- Bump go version from 1.19 to 1.22
+- Bump github.com/coreos/go-oidc/v3 from 3.9.0 to 3.11.0
+- Bump github.com/gliderlabs/ssh from 0.3.6 to 0.3.7
+- Bump github.com/go-resty/resty/v2 from 2.11.0 to 2.16.2
+- Bump github.com/go-sql-driver/mysql from 1.8.0 to 1.8.1
+- Bump github.com/gofiber/fiber/v2 from 2.52.2 to 2.52.5
+- Bump github.com/gofiber/template/mustache/v2 from 2.0.9 to 2.0.12
+- Bump github.com/jmoiron/sqlx from 1.3.5 to 1.4.0
+- Bump github.com/lestrrat-go/jwx from 1.2.29 to 1.2.30
+- Bump github.com/pires/go-proxyproto from 0.7.0 to 0.8.0
+- Bump github.com/redis/go-redis/v9 from 9.5.1 to 9.7.0
+- Bump github.com/valyala/fasthttp from 1.52.0 to 1.57.0
+- Bump golang.org/x/crypto from 0.21.0 to 0.30.0
+- Bump golang.org/x/mod from 0.16.0 to 0.22.0
+- Bump golang.org/x/oauth2 from 0.18.0 to 0.24.0
+- Bump golang.org/x/term from 0.18.0 to 0.27.0
+
 ## mytoken 0.9.2
 
 ### Packaging
@@ -28,12 +81,12 @@
 - Bump golang.org/x/mod from 0.15.0 to 0.16.0
 - Bump golang.org/x/oauth2 from 0.17.0 to 0.18.0
 - Bump golang.org/x/term from 0.17.0 to 0.18.0
-
+- 
 ## mytoken 0.9.1
 
 ### Enhancements
 
-- Improfile includes handling in the webitnerface restrictions editor.
+- Improve includes handling in the webinterface restrictions editor.
 
 ### Dependencies