upgrade to 17.2.1

ustclug · Jul 26, 2024 · 34449af · 34449af
1 parent 43d58d5
commit 34449af
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 3 deletions.
diff --git a/.gitlab-version b/.gitlab-version
@@ -1 +1 @@
-17.1.1
+17.2.1
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM sameersbn/gitlab:17.1.1
+FROM ghcr.io/rtxux/gitlab:17.2.1
 
 # Override files
 COPY assets/runtime/config/gitlabhq/gitlab.yml ${GITLAB_RUNTIME_DIR}/config/gitlabhq/gitlab.yml

diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml
@@ -1026,6 +1026,23 @@ production: &base
           user_response_structure: {
               attributes: {},
               id_path: '{{OAUTH2_GENERIC_USTC_ID_PATH}}' } } }
+      - { name: 'openid_connect',
+          label: '{{OAUTH_OIDC_LABEL}}',
+          icon: '{{OAUTH_OIDC_ICON}}',
+          args: {
+            name: 'openid_connect',
+            scope: {{OAUTH_OIDC_SCOPE}},
+            response_type: '{{OAUTH_OIDC_RESPONSE_TYPE}}',
+            issuer: '{{OAUTH_OIDC_ISSUER}}',
+            discovery: {{OAUTH_OIDC_DISCOVERY}},
+            client_auth_method: '{{OAUTH_OIDC_CLIENT_AUTH_METHOD}}',
+            uid_field: '{{OAUTH_OIDC_UID_FIELD}}',
+            send_scope_to_token_endpoint: {{OAUTH_OIDC_SEND_SCOPE_TO_TOKEN_EP}},
+            pkce: {{OAUTH_OIDC_PKCE}},
+            client_options: {
+              identifier: '{{OAUTH_OIDC_CLIENT_ID}}',
+              secret: '{{OAUTH_OIDC_CLIENT_SECRET}}',
+              redirect_uri: '{{OAUTH_OIDC_REDIRECT_URI}}' } } }
 
     # SSO maximum session duration in seconds. Defaults to CAS default of 8 hours.
     # cas3:

diff --git a/assets/runtime/functions b/assets/runtime/functions
@@ -794,6 +794,30 @@ gitlab_configure_oauth2_generic_ustc() {
   fi
 }
 
+gitlab_configure_oauth_oidc() {
+  if [[ -n ${OAUTH_OIDC_ISSUER} && \
+        -n ${OAUTH_OIDC_CLIENT_ID} ]]; then
+    echo "Configuring gitlab::oauth::oidc..."
+    OAUTH_ENABLED=${OAUTH_ENABLED:-true}
+    update_template ${GITLAB_CONFIG} \
+      OAUTH_OIDC_LABEL \
+      OAUTH_OIDC_ICON \
+      OAUTH_OIDC_SCOPE \
+      OAUTH_OIDC_RESPONSE_TYPE \
+      OAUTH_OIDC_ISSUER \
+      OAUTH_OIDC_DISCOVERY \
+      OAUTH_OIDC_CLIENT_AUTH_METHOD \
+      OAUTH_OIDC_UID_FIELD \
+      OAUTH_OIDC_SEND_SCOPE_TO_TOKEN_EP \
+      OAUTH_OIDC_PKCE \
+      OAUTH_OIDC_CLIENT_ID \
+      OAUTH_OIDC_CLIENT_SECRET \
+      OAUTH_OIDC_REDIRECT_URI
+  else
+    exec_as_git sed -i "/name: 'openid_connect'/,/{{OAUTH_OIDC_REDIRECT_URI}}/d" ${GITLAB_CONFIG}
+  fi
+}
+
 gitlab_configure_oauth() {
   echo "Configuring gitlab::oauth..."
 
@@ -811,6 +835,7 @@ gitlab_configure_oauth() {
   gitlab_configure_oauth_auth0
   gitlab_configure_oauth_azure
   gitlab_configure_oauth2_generic_ustc
+  gitlab_configure_oauth_oidc
 
   OAUTH_ENABLED=${OAUTH_ENABLED:-false}
   update_template ${GITLAB_CONFIG} \
@@ -823,7 +848,7 @@ gitlab_configure_oauth() {
     OAUTH_EXTERNAL_PROVIDERS
 
   case ${OAUTH_AUTO_SIGN_IN_WITH_PROVIDER} in
-    cas3|google_oauth2|facebook|twitter|github|gitlab|bitbucket|saml|crowd|azure_oauth2|azure_activedirectory_v2|oauth2_generic|$OAUTH2_GENERIC_NAME)
+    cas3|google_oauth2|facebook|twitter|github|gitlab|bitbucket|saml|crowd|azure_oauth2|azure_activedirectory_v2|oauth2_generic|$OAUTH2_GENERIC_NAME|oidc)
       update_template ${GITLAB_CONFIG} OAUTH_AUTO_SIGN_IN_WITH_PROVIDER
       ;;
     *)