Merge pull request #384 from wizarrrr/fix/ldap-configuration

Fixed error with LDAP configuration, ci/cd updates
wizarrrr · Apr 26, 2024 · b8066b0 · b8066b0
2 parents 724755e + 43b4c9d
commit b8066b0
Show file tree

Hide file tree

Showing 6 changed files with 212 additions and 16 deletions.
diff --git a/.github/workflows/beta-ci.yml → .github/workflows/master-beta-ci.yml b/.github/workflows/beta-ci.yml → .github/workflows/master-beta-ci.yml
@@ -1,4 +1,4 @@
-name: CI/CD Build Docker [Beta]
+name: CI/CD Build Image [Master/Beta]
 
 on:
     push:

diff --git a/.github/workflows/nightly-ci.yml b/.github/workflows/nightly-ci.yml
@@ -0,0 +1,180 @@
+name: CI/CD Build Image [Nightly]
+
+on:
+  push:
+    branches:
+      - develop
+  workflow_dispatch: {}
+
+permissions:
+  packages: write
+  contents: write
+
+env:
+  GHCR_REGISTRY: ghcr.io
+  DH_REGISTRY: docker.io
+  IMAGE_NAME: wizarrrr/wizarr
+
+jobs:
+  before_build:
+    name: Prepare for Build
+    runs-on: ubuntu-latest
+    steps:
+      # Clear the digests from the artifacts
+      - name: Clear digests
+        uses: geekyeggo/delete-artifact@v2
+        with:
+          name: |
+            digests_dh
+            digests_ghcr
+
+  build:
+    name: Build Digest for Registry
+    runs-on: ubuntu-latest
+    needs:
+      - before_build
+    strategy:
+      fail-fast: false
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/arm64
+
+    steps:
+      # Checkout the repository
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      # Use NPM and Node.js to install dependencies
+      - name: Use Node.js 18.18.2
+        uses: actions/setup-node@v4
+        with:
+          node-version: 18.18.2
+
+      # Use Python and Poetry to install dependencies
+      - uses: actions/setup-python@v4
+        with:
+          python-version: "3.10"
+
+      # Install Poetry and configure it to not create a virtual environment
+      - name: Install Poetry
+        run: |
+          pip install poetry==1.6.1
+          poetry config virtualenvs.create false
+
+      # Install the dependencies for the repository
+      - name: Install dependencies
+        run: npm install
+
+      # Build the repository
+      - name: Build the Repository
+        run: |
+          npx nx build wizarr-backend
+          npx nx build wizarr-frontend
+
+      # Set up Docker Buildx
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # Login to GHCR
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.GHCR_REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Build and push by digest
+      - name: Build and push by digest
+        id: build
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./dockerfiles/wizarr-ci/Dockerfile
+          push: true
+          platforms: ${{ matrix.platform }}
+          provenance: false
+          outputs: type=image,name=${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true
+
+      # Export the digest to a file
+      - name: Export digest
+        run: |
+          mkdir -p /tmp/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "/tmp/digests/${digest#sha256:}"
+
+      # Upload the digest to the artifacts
+      - name: Upload digest
+        uses: actions/upload-artifact@v3
+        with:
+          name: digests_ghcr
+          path: /tmp/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  merge:
+    name: Merge Digest to Registry
+    runs-on: ubuntu-latest
+    needs:
+      - build
+    steps:
+      # Checkout the repository
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      # Check if the tag is a beta or latest release
+      - name: Get Release Branch
+        id: release-branch
+        run: |
+          if [[ ${{ github.ref }} == 'refs/heads/develop ]]; then
+              echo "::set-output name=release_branch::nightly"
+          else
+              echo "Unknown tag, not setting environment variable."
+              exit 1
+          fi
+
+      # Download the digests from the artifacts
+      - name: Download digests
+        uses: actions/download-artifact@v3
+        with:
+          name: digests_ghcr
+          path: /tmp/digests
+
+      # Set up Docker Buildx
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # Login to GHCR
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Create manifest list and push to Registry
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.DH_REGISTRY }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      # Create manifest list and push to Registry
+      - name: Create manifest list and push to Registry
+        working-directory: /tmp/digests
+        run: |
+          docker buildx imagetools create \
+            --tag ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.release-branch.outputs.release_branch }} \
+            --tag ${{ env.DH_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.release-branch.outputs.release_branch }} \
+            $(printf '${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)
+
+      # Inspect the image
+      - name: Inspect image
+        run: docker buildx imagetools inspect ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.release-branch.outputs.release_branch }}
diff --git a/.github/workflows/beta-release.yml → .github/workflows/semantic-release.yml b/.github/workflows/beta-release.yml → .github/workflows/semantic-release.yml
@@ -1,4 +1,4 @@
-name: CI/CD Release [Beta]
+name: CI/CD Semantic Release [Master/Beta]
 
 on:
     push:
@@ -85,3 +85,12 @@ jobs:
                   SENTRY_PROJECT: wizarr-frontend wizarr-backend
                   DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
                   CURRENT_BRANCH: ${{ steps.branch-name.outputs.current_branch }}
+
+            # Sync master/beta back into develop so 'latest' file is always up to date
+            - name: Merge working branch -> develop
+              uses: devmasx/merge-branch@master
+              with:
+                  type: now
+                  github_token: ${{ steps.gh_app.outputs.token }}
+                  from_branch: ${{ github.ref_name }}
+                  target_branch: develop
diff --git a/apps/wizarr-backend/wizarr_backend/helpers/emby.py b/apps/wizarr-backend/wizarr_backend/helpers/emby.py
@@ -265,7 +265,10 @@ def invite_emby_user(username: str, password: str, code: str, server_api_key: Op
     post_emby(api_path=f"/Users/{user_response['Id']}/Password", json={"NewPw": str(password)}, server_api_key=server_api_key, server_url=server_url)
 
     # Create policy object
-    new_policy = { "EnableAllFolders": True }
+    new_policy = {
+        "EnableAllFolders": True,
+        "AuthenticationProviderId": "Emby.Server.Implementations.Library.DefaultAuthenticationProvider",
+    }
 
     # Set library options
     if sections:

diff --git a/apps/wizarr-backend/wizarr_backend/helpers/jellyfin.py b/apps/wizarr-backend/wizarr_backend/helpers/jellyfin.py
@@ -260,7 +260,10 @@ def invite_jellyfin_user(username: str, password: str, code: str, server_api_key
     user_response = post_jellyfin(api_path="/Users/New", json=new_user, server_api_key=server_api_key, server_url=server_url)
 
     # Create policy object
-    new_policy = {"EnableAllFolders": True}
+    new_policy = {
+        "EnableAllFolders": True,
+        "AuthenticationProviderId": "Jellyfin.Server.Implementations.Users.DefaultAuthenticationProvider",
+    }
 
     # Set library options
     if sections:

diff --git a/docs/getting-started/reverse-proxy.md b/docs/getting-started/reverse-proxy.md
@@ -56,29 +56,30 @@ Add the following configuration to a new file `/etc/nginx/sites-available/wizarr
 server {
     listen 80;
     server_name wizarr.example.com;
+    # Do not modify the line below as it is built from the directive above
     return 301 https://$server_name$request_uri;
 }
 
 server {
-    listen 443 ssl http2;
+    listen 443 ssl;
+    http2 on;
     server_name wizarr.example.com;
 
     ssl_certificate /etc/letsencrypt/live/wizarr.example.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/wizarr.example.com/privkey.pem;
 
-    proxy_set_header Referer $http_referer;
-    proxy_set_header Host $host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Real-Port $remote_port;
-    proxy_set_header X-Forwarded-Host $host:$remote_port;
-    proxy_set_header X-Forwarded-Server $host;
-    proxy_set_header X-Forwarded-Port $remote_port;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_set_header X-Forwarded-Ssl on;
-
     location / {
         proxy_pass http://127.0.0.1:5690;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_redirect off;
+        proxy_buffering off;
     }
 }
 ```