Merge branch 'develop' of github.com:rmtsrc/semaphore into prefers-color-scheme

Author: rmtsrc

.dredd/hooks/helpers.go

@@ -107,7 +107,7 @@ func addUserProjectRelation(pid int, user int) {
 	_, err := store.CreateProjectUser(db.ProjectUser{
 		ProjectID: pid,
 		UserID:    user,
-		Admin:     true,
+		Role:      db.ProjectOwner,
 	})
 	if err != nil {
 		panic(err)

.dredd/hooks/main.go

@@ -74,7 +74,7 @@ func main() {
 		dbConnect()
 		defer store.Close("")
 		deleteUserProjectRelation(userProject.ID, userPathTestUser.ID)
-		transaction.Request.Body = "{ \"user_id\": " + strconv.Itoa(userPathTestUser.ID) + ",\"admin\": true}"
+		transaction.Request.Body = "{ \"user_id\": " + strconv.Itoa(userPathTestUser.ID) + ",\"role\": \"owner\"}"
 	})
 
 	h.Before("project > /api/project/{project_id}/keys/{key_id} > Updates access key > 204 > application/json", capabilityWrapper("access_key"))

.github/FUNDING.yml

@@ -2,7 +2,7 @@
 
 github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
 patreon: # Replace with a single Patreon username
-open_collective: semaphore
+open_collective: # semaphore
 ko_fi: fiftin
 tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
 community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry

.github/workflows/dev.yml

@@ -3,13 +3,14 @@ on:
   push:
     branches:
       - develop
+      - roles
 
 jobs:
   build-local:
     runs-on: [ubuntu-latest]
     steps:
       - uses: actions/setup-go@v3
-        with: { go-version: 1.18 }
+        with: { go-version: 1.19 }
 
       - uses: actions/setup-node@v3
         with: { node-version: '16' }
@@ -41,7 +42,7 @@ jobs:
 #    needs: build-local
 #    steps:
 #      - uses: actions/setup-go@v3
-#        with: { go-version: 1.18 }
+#        with: { go-version: 1.19 }
 #
 #      - run: go install github.com/go-task/task/v3/cmd/task@latest
 #
@@ -97,7 +98,7 @@ jobs:
     needs: [test-db-migration]
     steps:
       - uses: actions/setup-go@v3
-        with: { go-version: 1.18 }
+        with: { go-version: 1.19 }
 
       - run: go install github.com/go-task/task/v3/cmd/task@latest
 
@@ -112,7 +113,7 @@ jobs:
     needs: [test-integration]
     steps:
       - uses: actions/setup-go@v3
-        with: { go-version: 1.18 }
+        with: { go-version: 1.19 }
 
       - run: go install github.com/go-task/task/v3/cmd/task@latest
 
@@ -146,7 +147,7 @@ jobs:
   #   runs-on: [ubuntu-latest]
   #   steps:
   #     - uses: actions/setup-go@v3
-  #       with: { go-version: 1.18 }
+  #       with: { go-version: 1.19 }
 
   #     - run: go install github.com/go-task/task/v3/cmd/task@latest
 

.github/workflows/release.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: [ubuntu-latest]
     steps:
       - uses: actions/setup-go@v3
-        with: { go-version: 1.18 }
+        with: { go-version: 1.19 }
 
       - uses: actions/setup-node@v3
         with: { node-version: '16' }
@@ -36,7 +36,7 @@ jobs:
     runs-on: [ubuntu-latest]
     steps:
       - uses: actions/setup-go@v3
-        with: { go-version: 1.18 }
+        with: { go-version: 1.19 }
 
       - run: go install github.com/go-task/task/v3/cmd/task@latest
 

.github/workflows/test.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: [ubuntu-latest]
     steps:
     - uses: actions/setup-go@v3
-      with: { go-version: 1.18 }
+      with: { go-version: 1.19 }
 
     - run: go install github.com/go-task/task/v3/cmd/task@latest
 

CONTRIBUTING.md

@@ -1,4 +1,4 @@
-# Pull Requests
+## Pull Requests
 
 When creating a pull-request you should:
 
@@ -8,7 +8,7 @@ When creating a pull-request you should:
 - __Update api documentation:__ If your pull-request adding/modifying an API request, make sure you update the swagger documentation (`api-docs.yml`)
 - __Run Api Tests:__ If your pull request modifies the API make sure you run the integration tests using dredd.
 
-# Installation in a development environment
+## Installation in a development environment
 
 - Check out the `develop` branch
 - [Install Go](https://golang.org/doc/install). Go must be >= v1.10 for all the tools we use to work
@@ -59,14 +59,32 @@ Dredd is used for API integration tests, if you alter the API in any way you mus
 matches the responses.
 
 As Dredd and the application database config may differ it expects it's own config.json in the .dredd folder.
-The most basic configuration for this using a local docker container to run the database would be
-```json
-{
-	"mysql": {
-		"host": "0.0.0.0:3306",
-		"user": "semaphore",
-		"pass": "semaphore",
-		"name": "semaphore"
-	}
-}
-```
+
+### How to run Dredd tests locally
+
+1) Build Dredd hooks:
+    ````bash
+    task compile:api:hooks
+    ```
+2) Install Dredd globally
+    ```bash
+    npm install -g dredd
+    ```
+3) Create `./dredd/config.json` for Dredd. It must contain database connection same as used in Semaphore server.
+   You can use any supported database dialect for tests. For example BoltDB.
+    ```json
+   {
+        "bolt": {
+            "host": "/tmp/database.boltdb"
+        },
+        "dialect": "bolt"
+    }
+    ```
+4) Start Semaphore server (add `--config` option if required):
+    ````bash
+    ./bin/semaphore server
+    ```
+5) Start Dredd tests
+    ```
+    dredd --config ./.dredd/dredd.local.yml
+    ```

README.md

@@ -1,38 +1,18 @@
 # Ansible Semaphore
 
-[![Twitter](https://img.shields.io/twitter/follow/semaphoreui?style=social&logo=twitter)](https://twitter.com/semaphoreui)
 [![semaphore](https://snapcraft.io/semaphore/badge.svg)](https://snapcraft.io/semaphore)
-[![StackShare](https://img.shields.io/badge/tech-stack-008ff9)](https://stackshare.io/ansible-semaphore)
 [![Join the chat at https://gitter.im/AnsibleSemaphore/semaphore](https://img.shields.io/gitter/room/AnsibleSemaphore/semaphore?logo=gitter)](https://gitter.im/AnsibleSemaphore/semaphore?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 
-<!-- [![Release](https://img.shields.io/github/v/release/ansible-semaphore/semaphore.svg)](https://stackshare.io/ansible-semaphore) -->
-<!-- [![Godoc Reference](https://pkg.go.dev/badge/github.com/ansible-semaphore/semaphore?utm_source=godoc)](https://godoc.org/github.com/ansible-semaphore/semaphore) -->
-<!-- [![Codacy Badge](https://api.codacy.com/project/badge/Grade/89e0129c6ba64fe2b1ebe983f72a4eff)](https://www.codacy.com/app/ansible-semaphore/semaphore?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=ansible-semaphore/semaphore&amp;utm_campaign=Badge_Grade)
-[![Codacy Badge](https://api.codacy.com/project/badge/Coverage/89e0129c6ba64fe2b1ebe983f72a4eff)](https://www.codacy.com/app/ansible-semaphore/semaphore?utm_source=github.com&utm_medium=referral&utm_content=ansible-semaphore/semaphore&utm_campaign=Badge_Coverage) -->
+[![Twitter](https://img.shields.io/twitter/follow/semaphoreui?style=social&logo=twitter)](https://twitter.com/semaphoreui)
+
+[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/fiftin)
 
 Ansible Semaphore is a modern UI for Ansible. It lets you easily run Ansible playbooks, get notifications about fails, control access to deployment system.
 
 If your project has grown and deploying from the terminal is no longer for you then Ansible Semaphore is what you need.
 
 ![responsive-ui-phone1](https://user-images.githubusercontent.com/914224/134777345-8789d9e4-ff0d-439c-b80e-ddc56b74fcee.png)
 
-<!--
-![image](https://user-images.githubusercontent.com/914224/134411082-48235676-06d2-4d4b-b674-4ffe1e8d0d0d.png)
-
-![semaphore](https://user-images.githubusercontent.com/914224/125253358-c214ed80-e312-11eb-952e-d96a1eba93f6.png)
--->
-
-
-<!--
-- [Releases](https://github.com/ansible-semaphore/semaphore/releases)
-- [Installation](https://docs.ansible-semaphore.com/administration-guide/installation)
-- [Docker Hub](https://hub.docker.com/r/semaphoreui/semaphore/)
-- [Contribution](https://github.com/ansible-semaphore/semaphore/blob/develop/CONTRIBUTING.md)
-- [Troubleshooting](https://github.com/ansible-semaphore/semaphore/wiki/Troubleshooting)
-- [Roadmap](https://github.com/ansible-semaphore/semaphore/projects)
-- [UI Walkthrough](https://blog.strangeman.info/ansible/2017/08/05/semaphore-ui-guide.html) (external blog)
--->
-
 ## Installation
 
 ### Full documentation
@@ -48,6 +28,8 @@ sudo semaphore user add --admin --name "Your Name" --login your_login --email yo
 
 ### Docker 
 
+https://hub.docker.com/r/semaphoreui/semaphore
+
 `docker-compose.yml` for minimal configuration:
 
 ```yaml
@@ -66,7 +48,6 @@ services:
       - /path/to/data/home:/etc/semaphore # config.json location
       - /path/to/data/lib:/var/lib/semaphore # database.boltdb location (Not required if using mysql or postgres)
 ```
-https://hub.docker.com/r/semaphoreui/semaphore
 
 ## Demo
 
@@ -80,6 +61,8 @@ API description: https://ansible-semaphore.com/api-docs/
 
 ## Contributing
 
+If you want to write an article about Ansible or Semaphore, contact [@fiftin](https://github.com/fiftin) and we will place your article in our [Blog](https://www.ansible-semaphore.com/blog/) with link to your profile.
+
 PR's & UX reviews are welcome!
 
 Please follow the [contribution](https://github.com/ansible-semaphore/semaphore/blob/develop/CONTRIBUTING.md) guide. Any questions, please open an issue.
@@ -93,9 +76,6 @@ All releases after 2.5.1 are signed with the gpg public key
 
 If you like Ansible Semaphore, you can support the project development on [Ko-fi](https://ko-fi.com/fiftin).
 
-[<img src="https://user-images.githubusercontent.com/914224/203517453-4febf7f6-debb-4be9-b6a2-a3b19f5d9f9a.png">](https://ko-fi.com/fiftin)
-
-
 ## License
 
 MIT License

api-docs.yml

@@ -44,6 +44,24 @@ definitions:
         format: password
         description: Password
 
+  LoginMetadata:
+    type: object
+    properties:
+      oidc_providers:
+        type: array
+        description: List of OIDC providers
+        items:
+          type: object
+          properties:
+            id:
+              type: string
+              description: ID of the provider, used in the login URL
+              x-example: mysso
+            name:
+              type: string
+              description: Text to show on the login button
+              x-example: Sign in with MySSO
+
   UserRequest:
     type: object
     properties:
@@ -610,6 +628,17 @@ paths:
 
   # Authentication
   /auth/login:
+    get:
+      tags:
+        - authentication
+      summary: Fetches login metadata
+      description: Fetches metadata for login, such as available OIDC providers
+      security: []
+      responses:
+        200:
+          description: Login metadata
+          schema:
+            $ref: "#/definitions/LoginMetadata"
     post:
       tags:
         - authentication
@@ -637,6 +666,38 @@ paths:
         204:
           description: Your session was successfully nuked
 
+  /auth/oidc/{provider_id}/login:
+    parameters:
+      - name: provider_id
+        in: path
+        type: string
+        required: true
+        x-example: "mysso"
+    get:
+      tags:
+        - authentication
+      summary: Begin OIDC authentication flow and redirect to OIDC provider
+      description: The user agent is redirected to this endpoint when chosing to sign in via OIDC
+      responses:
+        302:
+          description: Redirection to the OIDC provider on success, or to the login page on error
+
+  /auth/oidc/{provider_id}/redirect:
+    parameters:
+      - name: provider_id
+        in: path
+        type: string
+        required: true
+        x-example: "mysso"
+    get:
+      tags:
+        - authentication
+      summary: Finish OIDC authentication flow, upon succes you will be logged in
+      description: The user agent is redirected here by the OIDC provider to complete authentication
+      responses:
+        302:
+          description: Redirection to the Semaphore root URL on success, or to the login page on error
+
   # User Tokens
   /user/:
     get:
@@ -895,7 +956,7 @@ paths:
           in: query
           required: true
           type: string
-          enum: [name, username, email, admin]
+          enum: [name, username, email, role]
           description: sorting name
           x-example: email
         - name: order
@@ -926,8 +987,9 @@ paths:
               user_id:
                 type: integer
                 minimum: 2
-              admin:
-                type: boolean
+              role:
+                type: string
+                example: owner
       responses:
         204:
           description: User added
@@ -942,24 +1004,21 @@ paths:
       responses:
         204:
           description: User removed
-  /project/{project_id}/users/{user_id}/admin:
-    parameters:
-      - $ref: "#/parameters/project_id"
-      - $ref: "#/parameters/user_id"
-    post:
-      tags:
-        - project
-      summary: Makes user admin
-      responses:
-        204:
-          description: User made administrator
-    delete:
-      tags:
-        - project
-      summary: Revoke admin privileges
+    put:
+      parameters:
+        - name: Project User
+          in: body
+          required: true
+          schema:
+            type: object
+            properties:
+              role:
+                type: string
+                example: owner
+      summary: Update user role
       responses:
         204:
-          description: User admin privileges revoked
+          description: User updated
 
   # project access keys
   /project/{project_id}/keys: