feat(ci): fix build on upstream and update readme (#5)

dirathea · Oct 16, 2024 · 9d28c2c · 9d28c2c
1 parent 749c92a
commit 9d28c2c
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 20 deletions.
diff --git a/.github/workflows/next.yaml b/.github/workflows/next.yaml
@@ -50,7 +50,7 @@ jobs:
           distribution: goreleaser
           # 'latest', 'nightly', or a semver
           version: "~> v2"
-          args: release --clean --draft
+          args: release --snapshot --draft
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           # Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution

diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
@@ -53,17 +53,20 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version: stable
-      # More assembly might be required: Docker logins, GPG, etc.
-      # It all depends on your needs.
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v6
         with:
           # either 'goreleaser' (default) or 'goreleaser-pro'
           distribution: goreleaser
           # 'latest', 'nightly', or a semver
           version: "~> v2"
-          args: build --snapshot
+          args: release --snapshot --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           # Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution
-          # GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
+          # GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
+      - name: Upload assets
+        uses: actions/upload-artifact@v3
+        with:
+          name: binary
+          path: dist/*
diff --git a/README.md b/README.md
@@ -1,7 +1,29 @@
-# Pasolo
+# Introduction
 
 Pasolo is an authentication server for single users with passkeys. Pasolo runs alongside with other reverse proxy system such as Caddy, Traefik,  Nginx, using `forward_auth` or `external_auth` functionality.
 
 ## Why?
 
-Inspired by a post in [r/selfhosted](https://www.reddit.com/r/selfhosted/comments/1f7fith/passkeys/) and other similar project like [Vouch Proxy](https://github.com/vouch/vouch-proxy), [oauth2-proxy](https://oauth2-proxy.github.io/oauth2-proxy/) and [Ory oathkeeper](https://www.ory.sh/docs/oathkeeper), Pasolo developed for self-hosted / home lab use cases, where the user is very limited -- in this case 1 person -- but want some degree of authentication on their setup.
+Inspired by a post in [r/selfhosted](https://www.reddit.com/r/selfhosted/comments/1f7fith/passkeys/) and other similar project like [Vouch Proxy](https://github.com/vouch/vouch-proxy), [oauth2-proxy](https://oauth2-proxy.github.io/oauth2-proxy/) and [Ory oathkeeper](https://www.ory.sh/docs/oathkeeper), Pasolo developed for self-hosted / home lab use cases, where the user is very limited -- in this case 1 person -- but want some degree of authentication on their setup.
+
+## How It Works
+
+![Pasolo Network Illustration](/docs/static/img/pasolo-network-illustration.png)
+
+Pasolo runs alongside with your load balancer, works the best when it runs as one of your subdomain.
+
+1. Client tries to access `app.your.domain`, the request received by Load Balancer.
+2. Instead of forwarded directly to `app.your.domain`, the request forwarded to `pasolo.your.domain`.
+3. Pasolo validate the request via request cookies. When pasolo find the request doesn't contains cookies or contains invalid cookies, it return 401 (Not Authorized)
+4. The Load Balancer receive the 401 and act accordingly. It is recommended to configure the Load Balancer to forward the user to pasolo login page -- in this example `pasolo.your.domain/login`
+5. Client login using passkeys that has been registered on the setup process, then redirected to `app.your.domain`.
+6. Same as step 2, load balancer forward it to pasolo
+7. Pasolo validate the request and return success 200
+8. Then Load Balancer forward the request to `app.your.domain`
+9. `app.your.domain` now reply the request as usual.
+
+Please note that the redirection to Pasolo `/login` page only happen when no session found on the request, or the existing session is invalid.
+
+## Getting Started
+
+To get started, choose your desired reverse proxy to use, then configure it to use pasolo for authentication
diff --git a/docs/docs/deployment.md b/docs/docs/deployment.md
@@ -3,15 +3,7 @@ sidebar_position: 2
 ---
 # Deployment
 
-Pasolo is available as a Container Image and utilize environment variable as the main configuration.
-
-```mermaid
-graph LR;
-    A-->B;
-    A-->C;
-    B-->D;
-    C-->D;
-```
+Pasolo is available at [GitHub Release](https://github.com/dirathea/pasolo/releases) as a single binary, or as Container Image. To customize deployment, use environment variable.
 
 # Required Environment Variable
 
@@ -38,10 +30,7 @@ Pasolo also required persistent volume to store login session, as well as regist
 # example docker-compose.yml
 services:
   auth:
-    build:
-      context: ../../.
-      dockerfile: Dockerfile
-    image: pasolo:latest
+    image: ghcr.io/dirathea/pasolo:latest
     env_file:
       - .env
     environment: