Update source code to origin v7.6.0

.devcontainer/.devcontainer.json

@@ -0,0 +1,45 @@
+{
+  "name": "oauth2-proxy Dev",
+  "context": "..",
+  "dockerFile": "./Dockerfile",
+  "postCreateCommand": "pre-commit install && go mod download",
+  "containerEnv": { "DEVCONTAINER": "1" },
+  "appPort": ["4180:4180"],
+  "runArgs": ["-e", "GIT_EDITOR=code --wait"],
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "golang.go",
+        "ms-vscode.makefile-tools",
+        "visualstudioexptteam.vscodeintellicode",
+        "redhat.vscode-yaml",
+        "esbenp.prettier-vscode",
+        "GitHub.vscode-pull-request-github"
+      ],
+      "settings": {
+        "editor.formatOnPaste": false,
+        "editor.formatOnSave": true,
+        "editor.formatOnType": true,
+        "files.trimTrailingWhitespace": true,
+        "yaml.customTags": [
+          "!input scalar",
+          "!secret scalar",
+          "!include_dir_named scalar",
+          "!include_dir_list scalar",
+          "!include_dir_merge_list scalar",
+          "!include_dir_merge_named scalar"
+        ]
+      }
+    }
+  },
+  "features": {
+    "ghcr.io/devcontainers/features/docker-in-docker": {},
+    "ghcr.io/devcontainers/features/common-utils": {
+      "configureZshAsDefaultShell": true,
+      "username": "vscode",
+      "userUid": 1000,
+      "userGid": 1000
+    },
+    "ghcr.io/devcontainers/features/kubectl-helm-minikube": {}
+  }
+}

.devcontainer/Dockerfile

@@ -0,0 +1,14 @@
+FROM mcr.microsoft.com/vscode/devcontainers/go:1-1.21
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+    pre-commit \
+    vim \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* \
+    && mkdir -p /go/pkg \
+    && chmod -R a+w /go/pkg
+
+WORKDIR /workspace

.github/workflows/ci.yaml

@@ -31,8 +31,8 @@ jobs:
     name: Lint - golangci-lint
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
         with:
           go-version: "1.21"
           cache: false
@@ -46,16 +46,16 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Extract branch name
         uses: vazco/github-actions-branch-name@v1
         id: branch
 
-      - name: Set up Go 1.19
-        uses: actions/setup-go@v4
+      - name: Set up Go 1.21
+        uses: actions/setup-go@v5
         with:
-          go-version: 1.19.x
+          go-version: 1.21.x
         id: go
 
       - name: Downloads golang mods
@@ -83,7 +83,7 @@ jobs:
       oauth2proxyCITag: ${{ steps.setVariables.outputs.betaTag }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Build Docker image
         uses: docker/build-push-action@v4

.github/workflows/codeql.yml

@@ -8,7 +8,7 @@ on:
     branches: [master]
   schedule:
     - cron: '0 15 * * 2'
-      
+
 jobs:
   CodeQL-Build:
 
@@ -20,7 +20,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.
@@ -33,14 +33,14 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: go
 
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -54,4 +54,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

.github/workflows/docs.yaml

@@ -9,63 +9,64 @@ on:
     paths: ['docs/**']
 
 jobs:
-  checks:
-    if: github.event_name != 'push'
+  pull-request-check:
+    if: github.event_name == 'pull_request'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
-      - uses: actions/setup-node@v1
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v3
         with:
-          node-version: '17.x'
+          node-version: 18
+
       - name: Test Build
         working-directory: ./docs
-        env:
-          NODE_OPTIONS: --openssl-legacy-provider
         run: |
-          if [ -e yarn.lock ]; then
-          yarn install --frozen-lockfile
-          elif [ -e package-lock.json ]; then
           npm ci
-          else
-          npm i
-          fi
           npm run build
-  gh-release:
-    if: github.event_name != 'pull_request'
+
+  gh-pages-release:
+    if: github.event_name == 'push'
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     steps:
-      - uses: actions/checkout@v1
-      - uses: actions/setup-node@v1
+      - uses: actions/checkout@v4
         with:
-          node-version: '17.x'
-      - name: Add key to allow access to repository
-        env:
-          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
-          NODE_OPTIONS: --openssl-legacy-provider
+          path: master
+
+      - uses: actions/checkout@v4
+        with:
+          ref: gh-pages
+          path: gh-pages
+
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 18
+
+      - name: Build docusaurus
+        working-directory: master/docs
+        id: build
         run: |
-          mkdir -p ~/.ssh
-          ssh-keyscan github.com >> ~/.ssh/known_hosts
-          echo "${{ secrets.GH_PAGES_DEPLOY }}" > ~/.ssh/id_rsa
-          chmod 600 ~/.ssh/id_rsa
-          cat <<EOT >> ~/.ssh/config
-          Host github.com
-          HostName github.com
-          IdentityFile ~/.ssh/id_rsa
-          EOT
-      - name: Release to GitHub Pages
-        working-directory: ./docs
+          echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
+          npm ci
+          npm run build
+
+      - name: Release to github pages
         env:
-          USE_SSH: true
-          GIT_USER: git
-          NODE_OPTIONS: --openssl-legacy-provider
+          GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        working-directory: gh-pages
         run: |
-          git config --global user.email "[email protected]"
-          git config --global user.name "gh-actions"
-          if [ -e yarn.lock ]; then
-          yarn install --frozen-lockfile
-          elif [ -e package-lock.json ]; then
-          npm ci
-          else
-          npm i
-          fi
-          npx docusaurus deploy
+          git config --local user.name "github-actions[bot]"
+          git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
+
+          # Remove all files except .git
+          git rm -r *
+
+          # Copy the build files from master/docs/build to gh-pages
+          cp -r ../master/docs/build/* .
+
+          # Commit and push
+          git add .
+          git commit -m "Update documentation based on ${{ steps.build.outputs.sha }}"
+          git push origin gh-pages

.github/workflows/nightly.yml

@@ -0,0 +1,40 @@
+name: Nightly builds
+
+on:
+  schedule: # Run every day at 03:00 UTC
+    - cron: '0 3 * * *'
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    # only run this build in the main repository, not in forks
+    if: github.repository == 'oauth2-proxy/oauth2-proxy'
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v3
+      with:
+        ref: master
+        fetch-depth: 0
+        fetch-tags: true
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v2
+
+    - name: Set up Docker Buildx
+      id: buildx
+      uses: docker/setup-buildx-action@v2
+
+    - name: Login to quay.io
+      uses: docker/login-action@v2
+      with:
+        registry: quay.io/oauth2-proxy
+        username: ${{ secrets.REGISTRY_USERNAME_NIGHTLY }}
+        password: ${{ secrets.REGISTRY_PASSWORD_NIGHTLY }}
+
+    - name: Build images
+      run: |
+        make docker-nightly-build
+    - name: Push images
+      run: |
+        make docker-nightly-push

.github/workflows/publish.yaml

@@ -10,7 +10,7 @@ jobs:
     name: Publish to docker repository
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Docker registry login
         uses: docker/[email protected]

.github/workflows/stale.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/stale@v1
+    - uses: actions/stale@v8
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         stale-issue-message: 'This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.'

.gitignore

@@ -18,7 +18,8 @@ c.out
 _obj
 _test
 .idea/
-.vscode/
+.vscode/*
+!/.vscode/tasks.json
 
 # Architecture specific extensions/prefixes
 *.[568vq]
@@ -42,4 +43,4 @@ _testmain.go
 # docker build -f Dockerfile.dev .
 Dockerfile.dev
 
-obj
+obj

.golangci.yml

@@ -3,28 +3,25 @@ run:
 linters:
   enable:
     - govet
-    - golint
     - ineffassign
     - goconst
-    - deadcode
     - gofmt
     - goimports
     - gosec
     - gosimple
     - staticcheck
-    - structcheck
     - typecheck
     - unused
-    - varcheck
     - bodyclose
     - dogsled
     - goprintffuncname
     - misspell
     - prealloc
-    - scopelint
+    - exportloopref
     - stylecheck
     - unconvert
     - gocritic
+    - revive
   disable-all: true
 issues:
   exclude-rules:
@@ -35,9 +32,15 @@ issues:
         - unconvert
         - gocritic
         - gosec
+        - goconst
+    - path: _test\.go
+      linters:
+        - revive
+      text: "dot-imports:"
     # If we have tests in shared test folders, these can be less strictly linted
     - path: tests/.*_tests\.go
       linters:
+        - revive
         - golint
         - bodyclose
         - stylecheck

.pre-commit-config.yaml

@@ -0,0 +1,13 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.3.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-added-large-files
+  - repo: https://github.com/dnephin/pre-commit-golang
+    rev: v0.5.0
+    hooks:
+    - id: golangci-lint
+    - id: go-build