Merge branch 'refs/heads/dev'

homarr-labs · Jan 2, 2025 · 3c80c5b · 3c80c5b
2 parents 01d32b8 + c32ece6
commit 3c80c5b
Show file tree

Hide file tree

Showing 7 changed files with 120 additions and 182 deletions.
diff --git a/.github/workflows/sync-docs.yaml b/.github/workflows/sync-docs.yaml
@@ -29,25 +29,40 @@ jobs:
       - name: Sync Documentation
         run: |
           cp charts/homarr/README.md target-repo/docs/getting-started/installation/helm.md
+          sed -i '1s/# Homarr/# Helm/' target-repo/docs/getting-started/installation/helm.md
           cd target-repo
           git config user.name "github-actions[bot]"
           git config user.email "github-actions[bot]@users.noreply.github.com"
           git add .
           git commit -m "docs(helm): Update Helm chart documentation" || echo "No changes to commit"
 
+      - name: Obtain token
+        id: obtainToken
+        uses: tibdex/github-app-token@v2
+        with:
+          private_key: ${{ secrets.HOMARR_DOCS_SYNC_APP_PRIVATE_KEY }}
+          app_id: ${{ vars.HOMARR_DOCS_SYNC_APP_ID }}
+          installation_retrieval_mode: repository
+          installation_retrieval_payload: homarr-labs/documentation
+
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v7
+        id: cpr
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          branch: update-helm-docs
+          token: ${{ steps.obtainToken.outputs.token }}
+          branch: docs/update-helm-docs
           # TODO: Change to the main branch on stable release
           base: docs/version-1.0
           title: Update Helm chart documentation
           delete-branch: true
           path: target-repo
-          team-reviewers: homarr-labs/maintainers
           body: |
             This PR updates the documentation file to match the latest Helm chart changes.
           labels: |
             helm
             docs
+
+      - name: Enable Pull Request Automerge
+        run: gh pr merge --merge --auto "${{ steps.cpr.outputs.pull-request-number }}" --repo https://github.com/homarr-labs/documentation
+        env:
+          GH_TOKEN: ${{ steps.obtainToken.outputs.token }}
diff --git a/charts/homarr/Chart.yaml b/charts/homarr/Chart.yaml
@@ -3,7 +3,7 @@ name: homarr
 description: A Helm chart to deploy homarr for Kubernetes
 home: https://homarr-labs.github.io/charts/charts/homarr/
 type: application
-version: 1.0.0
+version: 1.1.0
 # renovate datasource=docker depName=ghcr.io/homarr-labs/homarr
 appVersion: "v1.0.0-beta.10"
 icon: https://raw.githubusercontent.com/homarr-labs/charts/refs/heads/main/charts/homarr/icon.svg
@@ -24,7 +24,7 @@ annotations:
     url: https://homarr-labs.github.io/charts/pgp_keys.asc
   artifacthub.io/changes: |-
     - kind: changed
-      description: update app version to v1.0.0-beta.10
+      description: update SSO env variables
   artifacthub.io/links: |-
     - name: App Source
       url: https://github.com/homarr-labs/homarr

diff --git a/charts/homarr/README.md b/charts/homarr/README.md
diff --git a/charts/homarr/README_CONFIG.md.gotmpl b/charts/homarr/README_CONFIG.md.gotmpl
@@ -19,32 +19,12 @@ Below is an exhaustive list of all secrets:
 
 | FEATURE   | SECRET NAME             | SECRET KEYS                                                          | Required                                                              |
 |-----------|-------------------------|----------------------------------------------------------------------|-----------------------------------------------------------------------|
-| NEXT AUTH | auth-credentials-secret | auth-secret                                                          | Yes                                                                   |
 | OIDC      | auth-oidc-secret        | oidc-client-id<br>oidc-client-secret                                 | No                                                                    |
 | LDAP      | auth-ldap-secret        | bind-password                                                        | No                                                                    |
 | DATABASE  | db-secret               | db-encryption-key<br>db-url<br>mysql-root-password<br>mysql-password | Depends (see Database section) at least db-encryption-key is required |
 
 </center>
 
-Example: Creating and Applying NEXT AUTH Secret
-
-To generate the NEXT AUTH secret, use the following command:
-
-```bash
-openssl rand -base64 32
-```
-
-You can apply the generated secret with:
-
-```bash
-kubectl create secret generic auth-credentials-secret \
-  --from-literal=auth-secret='<TO_CHANGE>' \
---namespace homarr
-```
-
-For further information see [next-auth-secret](https://next-auth.js.org/configuration/options#secret)
-
-
 ### 🗃️ Database
 
 You have multiple options for configuring the database:
@@ -83,17 +63,6 @@ To persist data, you need to enable the `homarr-database` PVC. This will store t
 
 Associated secret to create :
 
-<details>
-<summary>Next Auth secret</summary>
-
-````yaml
-kubectl create secret generic auth-credentials-secret \
-  --from-literal=auth-secret='<NEXT_AUTH_SECRET_TO_CHANGE>' \
---namespace homarr
-````
-
-</details>
-
 <details>
 <summary>DB Required Secrets</summary>
 

diff --git a/charts/homarr/templates/homarr-dc.yaml b/charts/homarr/templates/homarr-dc.yaml
@@ -108,14 +108,6 @@ spec:
                  key: {{ .Values.envSecrets.dbCredentials.dbUrlKey }}
             {{- end }}
 
-            {{- if has "credentials" (splitList "," .Values.env.AUTH_PROVIDERS) }}
-           - name: AUTH_SECRET
-             valueFrom:
-               secretKeyRef:
-                 name: {{ .Values.envSecrets.authCredentials.existingSecret }}
-                 key: {{ .Values.envSecrets.authCredentials.authSecret }}
-            {{- end }}
-
             {{- if has "ldap" (splitList "," .Values.env.AUTH_PROVIDERS) }}
            - name: AUTH_LDAP_BIND_PASSWORD
              valueFrom:

diff --git a/charts/homarr/values.yaml b/charts/homarr/values.yaml
@@ -15,10 +15,12 @@ image:
 env:
   # -- Your local time zone
   TZ: "Europe/Paris"
-  # -- Colors and preferences, possible values dark / light
-  DEFAULT_COLOR_SCHEME: "dark"
   # -- Enabled authentication methods. Multiple providers can be enabled with by separating them with , (ex. AUTH_PROVIDERS=credentials,oidc, it is highly recommended to just enable one provider).
   AUTH_PROVIDERS: "credentials"
+  # -- URL to redirect to after clicking logging out.
+  AUTH_LOGOUT_REDIRECT_URL:
+  # -- Time for the session to time out. Can be set as pure number, which will automatically be used in seconds, or followed by s, m, h or d for seconds, minutes, hours or days. (ex: "30m")
+  AUTH_SESSION_EXPIRY_TIME: "30d"
   # -- URI of your LDAP server
   AUTH_LDAP_URI:
   # -- Base dn of your LDAP server
@@ -27,28 +29,30 @@ env:
   AUTH_LDAP_BIND_DN:
   # -- Attribute used for username
   AUTH_LDAP_USERNAME_ATTRIBUTE: "uid"
+  # -- Attribute used for mail field
+  AUTH_LDAP_USER_MAIL_ATTRIBUTE: "mail"
   # -- Class used for querying groups
   AUTH_LDAP_GROUP_CLASS: "groupOfUniqueNames"
   # -- Attribute used for querying group member
   AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: "member"
   # -- User attribute used for comparing with group member
   AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE: "dn"
-  # -- Admin group
-  AUTH_LDAP_ADMIN_GROUP: "admin"
-  # -- Owner group
-  AUTH_LDAP_OWNER_GROUP: "admin"
   # -- LDAP search scope between base, one or sub
   AUTH_LDAP_SEARCH_SCOPE: "base"
-  # -- URI of OIDC provider
-  AUTH_OIDC_URI:
+  # -- Extra arguments for user search filter (& based)
+  AUTH_LDAP_USERNAME_FILTER_EXTRA_ARG:
+  # -- Extra arguments for user's groups search filter (& based)
+  AUTH_LDAP_GROUP_FILTER_EXTRA_ARG:
+  # -- Issuer URI of OIDC provider without trailing slash (/)
+  AUTH_OIDC_ISSUER:
   # -- Display name of provider (in login screen)
   AUTH_OIDC_CLIENT_NAME: "OIDC"
-  # -- Admin group
-  AUTH_OIDC_ADMIN_GROUP: "admin"
-  # -- Owner group
-  AUTH_OIDC_OWNER_GROUP: "admin"
+  # -- Automatically redirect to OIDC login
+  AUTH_OIDC_AUTO_LOGIN: "false"
   # -- Override the OIDC scopes
   AUTH_OIDC_SCOPE_OVERWRITE: "openid email profile groups"
+  # -- Attribute used for groups (roles) claim
+  AUTH_OIDC_GROUPS_ATTRIBUTE: "groups"
 
 database:
   # -- Enable external database
@@ -62,12 +66,6 @@ database:
 # to use this, create the secret in your target namespace before applying this helm chart. If you really want to,
 # you CAN just put these in the env block above, but that is not recommended.
 envSecrets:
-  # The name of Next Auth existing secret
-  authCredentials:
-    # -- Name of existing secret containing Next Auth secret
-    existingSecret: "auth-credentials-secret"
-    # -- Next Auth secret key
-    authSecret: "auth-secret"
   # The name of Auth OIDC existing secret
   authOidcCredentials:
     # -- Name of existing secret containing OIDC credentials
@@ -255,7 +253,7 @@ affinity: {}
 
 # -- Enable and configure Mysql database subchart under this key.
 #    For more options see [Mysql chart documentation](https://github.com/bitnami/charts/tree/main/bitnami/mysql)
-# @default -- See [values.yaml](./values.yaml)
+# @default -- See [values.yaml](https://github.com/homarr-labs/charts/blob/dev/charts/homarr/values.yaml)
 mysql:
   internal: false
   auth:

diff --git a/development/README.md b/development/README.md
@@ -46,12 +46,6 @@ kubectl create namespace homarr
 
 ## Create homarr secrets
 
-```bash
-kubectl create secret generic auth-credentials-secret \
---from-literal=auth-secret='mAxnWLFaQE59MauTrCTm5sUq5xf3sdG5m0eKnp2e3OU' \
---namespace homarr
-```
-
 ```bash
 kubectl create secret generic db-secret \
 --from-literal=db-encryption-key='d4d0dd977c9795b988e68f115f444c40334a63a391cfb9b3a0857d2d77deff03'  \