feat: Added Docker image release

Author: embesozzi

.github/workflows/release.yml

@@ -5,6 +5,9 @@ on:
     tags:
        - 'v[0-9]+.[0-9]+.[0-9]+'
 
+env:
+  CONTAINER_IMAGE: ghcr.io/embesozzi/${{github.event.repository.name}}
+
 jobs:
   build-upload-release:
     runs-on: ubuntu-latest
@@ -13,11 +16,23 @@ jobs:
       contents: write
     steps:
     - uses: actions/checkout@v2
+    - uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Get version from tag
       id: version
       run: echo ::set-output name=number::$(echo $GITHUB_REF | cut -d / -f 3 | cut -d / -f 3 | sed -e 's/^v//') 
 
+    - name: docker build & push
+      run: |
+            docker build --build-arg API_GATEWAY_VERSION=3.7.0-debian  --build-arg PLUGIN_OPENFGA_VERSION=${{ steps.version.outputs.number }}  -t ${{env.CONTAINER_IMAGE}} .
+            docker build . -t ${{env.CONTAINER_IMAGE}}:${{ steps.version.outputs.number }} -t ${{env.CONTAINER_IMAGE}}:latest
+            docker push ${{env.CONTAINER_IMAGE}}:${{ steps.version.outputs.number }}
+            docker push ${{env.CONTAINER_IMAGE}}:latest
+
     - name: Create changelog text
       id: changelog
       uses: loopwerk/tag-changelog@v1

Dockerfile

@@ -0,0 +1,13 @@
+ARG API_GATEWAY_VERSION=3.7.0-debian
+ARG PLUGIN_OPENFGA_VERSION=1.0.0
+FROM apache/apisix:${API_GATEWAY_VERSION}
+
+LABEL maintainer="[email protected]"
+LABEL version=${PLUGIN_OPENFGA_VERSION}
+LABEL org.opencontainers.image.authors="[email protected]"
+LABEL org.opencontainers.image.version=${PLUGIN_OPENFGA_VERSION}
+LABEL org.opencontainers.image.revision=${PLUGIN_OPENFGA_VERSION}-${API_GATEWAY_VERSION}
+LABEL org.opencontainers.image.title="API Gateway integrated with OpenFGA"
+LABEL org.opencontainers.image.description="integrated with OpenFGA for FGA"
+
+COPY apisix/plugins/authz-openfga.lua /usr/local/apisix/apisix/plugins/authz-openfga.lua

apisix/plugins/authz-openfga.lua

@@ -94,7 +94,7 @@ local function authz_model_cache_set(type, key, value, exp)
         if err then
             log.error("authz_model_cache_set error=", err)
         else
-            log.error("authz_model_cache_set success=", success)
+            log.debug("authz_model_cache_set success=", success)
         end
     else
         log.error("dict not found=", type)    
@@ -181,7 +181,7 @@ local function authorization_model_get(conf)
         end
 
         local authz_model = json_authz_models.authorization_models[1]
-        core.log.error("first authz model id: ", authz_model.id)
+        core.log.debug("first authz model id: ", authz_model.id)
         authorization_model_json = {
             store_id = store.id,
             authorization_model_id = authz_model.id
@@ -269,11 +269,11 @@ function _M.access(conf, ctx)
     end
 
     if not data.allowed then
-        log.error("user " .. user_jwt_claim_value .. " not authorized")
+        log.info("user " .. user_jwt_claim_value .. " not authorized")
         return 403, {message = "not authorized"} 
     end
 
-    core.log.debug("user " .. user_jwt_claim_value .. " is allowed")
+    core.log.info("user " .. user_jwt_claim_value .. " is allowed")
 end
 
 return _M