dex.yaml

package:
  name: dex
  # When bumping the version check if the GHSA mitigations below can be removed.
  version: "2.42.0"
  epoch: 4
  description: OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors
  copyright:
    - license: Apache-2.0
  checks:
    disabled:
      - srv

environment:
  contents:
    packages:
      - build-base
      - busybox
      - ca-certificates-bundle
      - git
      - go
      - wolfi-baselayout

pipeline:
  # We can't use go/install because this requires a specific go version
  - uses: git-checkout
    with:
      repository: https://github.com/dexidp/dex
      tag: v${{package.version}}
      expected-commit: 7d1a7473c8a07e22ee97925cc10236c70e5ecf34
      destination: dex

  - uses: go/bump
    with:
      deps: |-
        github.com/go-jose/go-jose/v4@v4.0.5
        golang.org/x/crypto@v0.35.0
        golang.org/x/oauth2@v0.27.0
        golang.org/x/net@v0.36.0
      modroot: dex

  - runs: |
      cd dex

      # These build commands are adapted from the upstream `make release-binary` target.
      export GOBIN="$GOPATH/bin"
      LD_FLAGS="-w -X main.version=v${{package.version}} -extldflags \"-static\""

      go build -o "$GOBIN/dex" -v -ldflags "$LD_FLAGS" ./cmd/dex
      go build -o "$GOBIN/docker-entrypoint" -v -ldflags "$LD_FLAGS" ./cmd/docker-entrypoint

      mkdir -p ${{targets.destdir}}/usr/bin
      mkdir -p ${{targets.destdir}}/srv/dex
      mkdir -p ${{targets.destdir}}/etc/dex
      mkdir -p ${{targets.destdir}}/var/dex

      mv "$GOBIN/dex" ${{targets.destdir}}/usr/bin/
      mv "$GOBIN/docker-entrypoint" ${{targets.destdir}}/usr/bin/
      mv web ${{targets.destdir}}/srv/dex/
      mv config.docker.yaml ${{targets.destdir}}/etc/dex/

  - uses: strip

update:
  enabled: true
  github:
    identifier: dexidp/dex
    strip-prefix: v
    tag-filter: v

test:
  pipeline:
    # AUTOGENERATED
    - runs: |
        dex --help
        dex version