serverlessworkflow · cdavernas · Sep 2, 2024 · Sep 2, 2024
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -22,9 +22,7 @@ jobs:
         run: dotnet restore "./Synapse.sln"
       - name: Build
         run: dotnet build "./Synapse.sln" --configuration Release --no-restore 
-      - name: Push1
-        run: dotnet nuget push "./src/*/*/bin/Release/*.nupkg" --api-key ${{ secrets.NUGET_API_KEY }} --source https://api.nuget.org/v3/index.json --skip-duplicate
-      - name: Push2
+      - name: Push
         run: dotnet nuget push "./src/*/*/*/bin/Release/*.nupkg" --api-key ${{ secrets.NUGET_API_KEY }} --source https://api.nuget.org/v3/index.json --skip-duplicate
 
   publish-server-image:
@@ -111,6 +109,34 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
 
+  publish-runner-image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Log in to the Container registry
+        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ github.repository }}/runner
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+      - name: Build and push Docker image
+        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+        with:
+          context: .
+          file: './src/runner/Synapse.Runner/Dockerfile'
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
   publish-server-bin:
     name: Release API Binaries
     strategy:
@@ -133,7 +159,7 @@ jobs:
       - name: Setup
         uses: actions/setup-dotnet@v2
         with:
-          dotnet-version: 6.0.x
+          dotnet-version: 8.0.x
       - name: Restore
         run: dotnet restore
       - name: Build
@@ -182,7 +208,7 @@ jobs:
       - name: Setup
         uses: actions/setup-dotnet@v2
         with:
-          dotnet-version: 6.0.x
+          dotnet-version: 8.0.x
       - name: Restore
         run: dotnet restore
       - name: Build
@@ -231,7 +257,7 @@ jobs:
       - name: Setup
         uses: actions/setup-dotnet@v2
         with:
-          dotnet-version: 6.0.x
+          dotnet-version: 8.0.x
       - name: Restore
         run: dotnet restore
       - name: Build
@@ -280,7 +306,7 @@ jobs:
       - name: Setup
         uses: actions/setup-dotnet@v2
         with:
-          dotnet-version: 6.0.x
+          dotnet-version: 8.0.x
       - name: Restore
         run: dotnet restore
       - name: Build
@@ -329,7 +355,7 @@ jobs:
       - name: Setup
         uses: actions/setup-dotnet@v2
         with:
-          dotnet-version: 6.0.x
+          dotnet-version: 8.0.x
       - name: Restore
         run: dotnet restore
       - name: Build

diff --git a/deployments/docker-compose/docker-compose.yml b/deployments/docker-compose/docker-compose.yml
@@ -11,6 +11,7 @@ services:
       CONNECTIONSTRINGS__REDIS: ${GARNET_URI}
       SYNAPSE_DASHBOARD_SERVE: true
       SYNAPSE_API_AUTH_TOKEN_FILE: /app/tokens.yaml
+      SYNAPSE_API_AUTH_AUTHORITY: http://api:8080
     volumes:
       - ./config/tokens.yaml:/app/tokens.yaml
     ports:

diff --git a/src/api/Synapse.Api.Http/Extensions/IServiceCollectionExtensions.cs b/src/api/Synapse.Api.Http/Extensions/IServiceCollectionExtensions.cs
@@ -11,7 +11,6 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-using IdentityServer4.Models;
 using Microsoft.AspNetCore.Mvc.Controllers;
 using Microsoft.OpenApi.Models;
 using Neuroglia;
@@ -34,8 +33,9 @@ public static class IServiceCollectionExtensions
     /// Adds and configures the Synapse HTTP API and its related services
     /// </summary>
     /// <param name="services">The <see cref="IServiceCollection"/> to configure</param>
+    /// <param name="authority">The API's JWT authority</param>
     /// <returns>The configured <see cref="IServiceCollection"/></returns>
-    public static IServiceCollection AddSynapseHttpApi(this IServiceCollection services)
+    public static IServiceCollection AddSynapseHttpApi(this IServiceCollection services, string? authority = null)
     {
         ServiceAccountSigningKey.Initialize();
         services.AddHttpContextAccessor();
@@ -46,7 +46,10 @@ public static IServiceCollection AddSynapseHttpApi(this IServiceCollection servi
                 options.JsonSerializerOptions.PropertyNamingPolicy = JsonNamingPolicy.CamelCase;
             })
             .AddApplicationPart(typeof(WorkflowsController).Assembly);
-        services.AddIdentityServer()
+        services.AddIdentityServer(options =>
+        {
+            if (!string.IsNullOrWhiteSpace(authority)) options.IssuerUri = authority;
+        })
             .AddSigningCredential(ServiceAccountSigningKey.LoadPrivateKey())
             .AddInMemoryApiResources(SynapseApiDefaults.OpenIDConnect.ApiResources.AsEnumerable())
             .AddInMemoryIdentityResources(SynapseApiDefaults.OpenIDConnect.IdentityResources.AsEnumerable())

diff --git a/src/api/Synapse.Api.Server/Program.cs b/src/api/Synapse.Api.Server/Program.cs
@@ -11,18 +11,20 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+using IdentityServer4.Extensions;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 
 var builder = WebApplication.CreateBuilder(args);
 var applicationOptions = new ApiServerOptions();
 builder.Configuration.Bind(applicationOptions);
 if (applicationOptions.Authentication.Tokens.Count < 1) throw new Exception("The Synapse API server requires that at least one static user token be configured");
+var authority = builder.Environment.RunsInDocker() || builder.Environment.RunsInKubernetes() ? Environment.GetEnvironmentVariable("SYNAPSE_API_AUTH_AUTHORITY") : null;
 
 builder.Services.Configure<ApiServerOptions>(builder.Configuration);
 builder.Services.AddResponseCompression();
 builder.Services.AddSynapse(builder.Configuration);
 builder.Services.AddSynapseApi();
-builder.Services.AddSynapseHttpApi();
+builder.Services.AddSynapseHttpApi(authority);
 
 var authentication = builder.Services.AddAuthentication(FallbackPolicySchemeDefaults.AuthenticationScheme);
 authentication.AddScheme<StaticBearerAuthenticationOptions, StaticBearerAuthenticationHandler>(StaticBearerDefaults.AuthenticationScheme, options =>
@@ -31,9 +33,7 @@
 });
 authentication.AddJwtBearer(ServiceAccountAuthenticationDefaults.AuthenticationScheme, options =>
 {
-    options.Authority = builder.Environment.RunsInDocker() || builder.Environment.RunsInKubernetes()
-        ? "http://localhost:8080"
-        : "http://localhost:5257";
+    options.Authority = authority ?? "http://localhost:5257";
     options.RequireHttpsMetadata = false;
     options.TokenValidationParameters = new()
     {
@@ -109,6 +109,11 @@
 if (options.ServeDashboard) app.UseBlazorFrameworkFiles();
 app.UseStaticFiles();
 app.UseRouting();
+if (!string.IsNullOrWhiteSpace(authority)) app.Use(async (ctx, next) =>
+{
+    ctx.SetIdentityServerOrigin(authority);
+    await next();
+});
 app.UseIdentityServer();
 app.UseAuthentication();
 app.UseAuthorization();