diff --git a/.github/workflows/docker-push.yml b/.github/workflows/docker-push.yml index 7971c83a6f..103d02aeaf 100644 --- a/.github/workflows/docker-push.yml +++ b/.github/workflows/docker-push.yml @@ -19,6 +19,10 @@ on: description: Enter BranchName required: true type: string + D2E_BRANCH_NAME: + default: develop + description: Enter D2E Branch + type: string concurrency: group: ${{ github.event.inputs.GIT_BRANCH_NAME || github.head_ref || github.ref_name }}-${{ github.event_name }}-docker-build @@ -66,14 +70,16 @@ jobs: id: setup run: | ACR_IMAGE_PUSH=true - if [ $GIT_BRANCH_NAME = 'develop' ]; then - ACR_IMAGE_PUSH=true - fi - if [ $GIT_BRANCH_NAME == "develop" ]; then - DOCKER_IMG_TAG_NAME=develop + DOCKER_IMG_TAG_NAME=develop + elif [ $GITHUB_EVENT_NAME = "workflow_dispatch" ]; then + DOCKER_IMG_TAG_NAME=${{ github.event.inputs.GIT_BRANCH_NAME }} + if [[ $GIT_BRANCH_NAME = */* ]]; then + DOCKER_IMG_TAG_NAME=$(printf "%s" "$GIT_BRANCH_NAME" | awk -F '/' '{print $2}') + fi else - DOCKER_IMG_TAG_NAME=$(echo $(git rev-parse --short HEAD)) + ACR_IMAGE_PUSH=false + DOCKER_IMG_TAG_NAME=$(echo ${{ github.sha }} | cut -c1-8) fi echo GIT_BRANCH_NAME="${GIT_BRANCH_NAME}" | tee -a $GITHUB_OUTPUT | tee -a $GITHUB_STEP_SUMMARY @@ -110,4 +116,6 @@ jobs: file: ${{ matrix.DOCKER_BUILD_FILE_PATH }} platforms: ${{ steps.setup.outputs.DOCKER_BUILD_PLATFORMS }} push: ${{ steps.setup.outputs.ACR_IMAGE_PUSH }} - tags: ghcr.io/data2evidence/${{ matrix.name }}:${{ env.DOCKER_IMG_TAG_NAME }} \ No newline at end of file + tags: ghcr.io/data2evidence/${{ matrix.name }}:${{ env.DOCKER_IMG_TAG_NAME }} + build-args: | + D2E_VERSION=${{ env.D2E_BRANCH_NAME || 'develop' }} \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 8635cac4ec..68f38ff29d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,14 +5,21 @@ ENV CI=true # No need for Docker build ENV PUPPETEER_SKIP_DOWNLOAD=true +ARG D2E_VERSION=develop +ENV D2E_VERSION=${D2E_VERSION} ### Install toolchain ### RUN npm add --location=global pnpm@^9.0.0 # https://github.com/nodejs/docker-node/blob/main/docs/BestPractices.md#node-gyp-alpine -RUN apk add --no-cache python3 make g++ rsync +RUN apk add --no-cache python3 make g++ rsync py3-setuptools git COPY . . +RUN git clone --branch ${D2E_VERSION} https://github.com/OHDSI/d2e.git /etc/d2e +RUN cp /etc/d2e/services/alp-logto/to-replace/SignIn/Main.tsx /etc/logto/packages/experience/src/pages/SignIn/Main.tsx +RUN cp /etc/d2e/services/alp-logto/to-replace/SignIn/Main.tsx /etc/logto/packages/experience-legacy/src/pages/SignIn/Main.tsx +RUN cp /etc/d2e/services/alp-logto/to-replace/core/src/libraries/jwt-customizer.ts /etc/logto/packages/core/src/libraries/jwt-customizer.ts + ### Install dependencies and build ### RUN pnpm i @@ -22,6 +29,7 @@ ENV DEV_FEATURES_ENABLED=${dev_features_enabled} ARG applicationinsights_connection_string ENV APPLICATIONINSIGHTS_CONNECTION_STRING=${applicationinsights_connection_string} + RUN pnpm -r build ### Add official connectors ### @@ -33,11 +41,21 @@ RUN pnpm cli connector link $ADDITIONAL_CONNECTOR_ARGS -p . RUN rm -rf node_modules packages/**/node_modules RUN NODE_ENV=production pnpm i +# Note: D2E connector build and link +RUN cp -r /etc/d2e/services/alp-logto/connector-alp-azuread /etc/logto/packages/connectors/connector-alp-azuread +WORKDIR /etc/logto/packages/connectors/connector-alp-azuread +RUN npm i +RUN npm run build +WORKDIR /etc/logto/ +RUN pnpm cli connector link $ADDITIONAL_CONNECTOR_ARGS -p . + ### Clean up ### RUN rm -rf .scripts pnpm-*.yaml packages/cloud +RUN rm -rf /etc/d2e ###### [STAGE] Seal ###### FROM node:20-alpine as app +RUN apk update && apk add openssl>3 WORKDIR /etc/logto COPY --from=builder /etc/logto . RUN mkdir -p /etc/logto/packages/cli/alteration-scripts && chmod g+w /etc/logto/packages/cli/alteration-scripts diff --git a/packages/core/src/libraries/jwt-customizer.ts b/packages/core/src/libraries/jwt-customizer.ts index b336bc0783..15eba24b1f 100644 --- a/packages/core/src/libraries/jwt-customizer.ts +++ b/packages/core/src/libraries/jwt-customizer.ts @@ -53,31 +53,14 @@ export class JwtCustomizerLibrary { // Convert errors to WithTyped client response error to share the error handling logic. static async runScriptInLocalVm(data: CustomJwtFetcher) { try { - const mapId = (data as any).context["user"].primaryEmail; const payload: CustomJwtScriptPayload = { ...(data.tokenType === LogtoJwtTokenKeyType.AccessToken - ? { - ...pick(data, 'token', 'context', 'environmentVariables'), - extra: { - // @ts-ignore - thirdPartyToken: globalThis.tokenMap - ? // @ts-ignore - globalThis.tokenMap[mapId] - : undefined, - // @ts-ignore - thirdPartyRefreshToken: globalThis.refreshTokenMap - ? // @ts-ignore - globalThis.refreshTokenMap[mapId] - : undefined, - }, - } + ? pick(data, 'token', 'context', 'environmentVariables') : pick(data, 'token', 'environmentVariables')), api: apiContext, }; - const result = await runScriptFunctionInLocalVm(data.script, 'getCustomJwtClaims', payload); - // @ts-ignore - delete globalThis.tokenMap[mapId]; + const result = await runScriptFunctionInLocalVm(data.script, 'getCustomJwtClaims', payload); // If the `result` is not a record, we cannot merge it to the existing token payload. return z.record(z.unknown()).parse(result); @@ -250,4 +233,4 @@ export class JwtCustomizerLibrary { body: deepmerge(customizerScriptsFromDatabase, newCustomizerScripts), }); } -} +} \ No newline at end of file diff --git a/packages/toolkit/core-kit/package.json b/packages/toolkit/core-kit/package.json index 174f2869b5..01ce0d5d8d 100644 --- a/packages/toolkit/core-kit/package.json +++ b/packages/toolkit/core-kit/package.json @@ -17,11 +17,7 @@ "import": "./lib/index.js" }, "./declaration": "./declaration/index.ts", - "./scss/*": "./scss/*.scss", - "./custom-jwt": { - "node": "./lib/custom-jwt/index.js", - "types": "./lib/custom-jwt/index.d.ts" - } + "./scss/*": "./scss/*.scss" }, "types": "./lib/index.d.ts", "files": [