feat: Add gomplate to the docker image

Dockerfile

@@ -20,6 +20,19 @@ COPY . .
 
 RUN make release-binary
 
+FROM alpine:3.13.1 AS gomplate
+
+ARG TARGETOS
+ARG TARGETARCH
+ARG TARGETVARIANT
+
+ENV GOMPLATE_VERSION=v3.9.0
+
+RUN wget -O /usr/local/bin/gomplate \
+  "https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_${TARGETOS:-linux}-${TARGETARCH:-amd64}${TARGETVARIANT}-slim" \
+  && chmod +x /usr/local/bin/gomplate
+
+
 FROM alpine:3.13.1
 
 # Dex connectors, such as GitHub and Google logins require root certificates.
@@ -32,11 +45,16 @@ RUN apk add --no-cache --update ca-certificates openssl
 RUN mkdir -p /var/dex
 RUN chown -R 1001:1001 /var/dex
 
+RUN mkdir -p /etc/dex
+COPY config.docker.yaml /etc/dex/
+RUN chown -R 1001:1001 /etc/dex
+
 # Copy module files for CVE scanning / dependency analysis.
 COPY --from=builder /usr/local/src/dex/go.mod /usr/local/src/dex/go.sum /usr/local/src/dex/
 COPY --from=builder /usr/local/src/dex/api/v2/go.mod /usr/local/src/dex/api/v2/go.sum /usr/local/src/dex/api/v2/
 
 COPY --from=builder /go/bin/dex /usr/local/bin/dex
+COPY --from=gomplate /usr/local/bin/gomplate /usr/local/bin/gomplate
 
 USER 1001:1001
 
@@ -46,6 +64,7 @@ COPY --from=builder /usr/local/src/dex/web /web
 
 USER 1001:1001
 
-ENTRYPOINT ["dex"]
+COPY docker-entrypoint.sh /entrypoint.sh
 
-CMD ["version"]
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["dex", "serve", "/etc/dex/config.docker.yaml"]

config.docker.yaml

@@ -0,0 +1,48 @@
+{{- /* NOTE: This configuration file is an example and exists only for development purposes. */ -}}
+{{- /* To find more about gomplate formatting, please visit its documentation site - https://docs.gomplate.ca/ */ -}}
+issuer: {{ getenv "DEX_ISSUER" "http://127.0.0.1:5556/dex" }}
+
+storage:
+  type: sqlite3
+  config:
+    file: {{ getenv "DEX_STORAGE_SQLITE3_CONFIG_FILE" "/var/dex/dex.db" }}
+
+web:
+{{- if getenv "DEX_WEB_HTTPS" "" }}
+  https: {{ .Env.DEX_WEB_HTTPS }}
+  tlsKey: {{ getenv "DEX_WEB_TLS_KEY" | required "$DEX_WEB_TLS_KEY in case of web.https is enabled" }}
+  tlsCert: {{ getenv "DEX_WEB_TLS_CERT" | required "$DEX_WEB_TLS_CERT in case of web.https is enabled" }}
+{{- end }}
+  http: {{ getenv "DEX_WEB_HTTP" "0.0.0.0:5556" }}
+
+{{- if getenv "DEX_TELEMETRY_HTTP" }}
+telemetry:
+  http: {{ .Env.DEX_TELEMETRY_HTTP }}
+{{- end }}
+
+expiry:
+  deviceRequests: {{ getenv "DEX_EXPIRY_DEVICE_REQUESTS" "5m" }}
+  signingKeys: {{ getenv "DEX_EXPIRY_SIGNING_KEYS" "6h" }}
+  idTokens: {{ getenv "DEX_EXPIRY_ID_TOKENS" "24h" }}
+  authRequests: {{ getenv "DEX_EXPIRY_AUTH_REQUESTS" "24h" }}
+
+logger:
+  level: {{ getenv "DEX_LOG_LEVEL" "info" }}
+  format: {{ getenv "DEX_LOG_FORMAT" "text" }}
+
+oauth2:
+  responseTypes: {{ getenv "DEX_OAUTH2_RESPONSE_TYPES" "[code]" }}
+  skipApprovalScreen: {{ getenv "DEX_OAUTH2_SKIP_APPROVAL_SCREEN" "false" }}
+  alwaysShowLoginScreen: {{ getenv "DEX_OAUTH2_ALWAYS_SHOW_LOGIN_SCREEN" "false" }}
+{{- if getenv "DEX_OAUTH2_PASSWORD_CONNECTOR" "" }}
+  passwordConnector: {{ .Env.DEX_OAUTH2_PASSWORD_CONNECTOR }}
+{{- end }}
+
+enablePasswordDB: {{ getenv "DEX_ENABLE_PASSWORD_DB" "true" }}
+
+connectors:
+{{- if getenv "DEX_CONNECTORS_ENABLE_MOCK" }}
+- type: mockCallback
+  id: mock
+  name: Example
+{{- end }}

docker-entrypoint.sh

@@ -0,0 +1,32 @@
+#!/bin/sh -e
+
+### Usage: /docker-entrypoint.sh <command> <args>
+function main() {
+  executable=$1
+  command=$2
+
+  if [[ "$executable" != "dex" ]] && [[ "$executable" != "$(which dex)" ]]; then
+    exec $@
+  fi
+
+  if [[ "$command" != "serve" ]]; then
+    exec $@
+  fi
+
+  for tpl_candidate in $@ ; do
+    case "$tpl_candidate" in
+      *.tpl|*.tmpl|*.yaml)
+        tmp_file=$(mktemp /tmp/dex.config.yaml-XXXXXX)
+        gomplate -f "$tpl_candidate" -o "$tmp_file"
+
+        args="${args} ${tmp_file}"
+        ;;
+      *)
+        args="${args} ${tpl_candidate}"
+        ;;
+    esac
+  done
+  exec $args
+}
+
+main $@