Skip to content

Commit 85e128a

Browse files
Hyperkid123claude
Hyperkid123
and
claude
committed
fix(infra): build dev proxy from source, add Cypress CDN to proxy
Konflux Enterprise Contract rejects quay.io/redhat-user-workloads as a base image registry, so we can't use the pre-built frontend-development-proxy image. Build Caddy with xcaddy from source instead (caddy:2.11.2-builder). Also allow download.cypress.io and cdn.cypress.io through the Squid proxy so Playwright/Cypress binaries can be fetched at runtime. RHCLOUD-47012 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent f5dd886 commit 85e128a

7 files changed

Lines changed: 890 additions & 4 deletions

File tree

Dockerfile

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,10 @@
1-
# Dev proxy — pre-built Caddy with HCC plugins (rh_identity_transform, cache, transform-encoder)
2-
FROM quay.io/redhat-user-workloads/hcc-platex-services-tenant/frontend-development-proxy:latest AS dev-proxy
1+
# Dev proxy — build Caddy with HCC plugins from source
2+
FROM caddy:2.11.2-builder AS dev-proxy-builder
3+
COPY dev-proxy/rh_identity_transform /src/rh_identity_transform
4+
RUN xcaddy build \
5+
--with github.com/caddyserver/cache-handler \
6+
--with github.com/caddyserver/transform-encoder \
7+
--with rh_identity_transform=/src/rh_identity_transform
38

49
FROM registry.access.redhat.com/ubi9/ubi:latest
510

@@ -106,8 +111,8 @@ RUN ARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/') \
106111
| tar -xz -C /usr/local/bin grype
107112

108113
# Dev proxy (custom Caddy for local UI verification against stage)
109-
COPY --from=dev-proxy /usr/bin/caddy /usr/local/bin/caddy
110-
COPY --from=dev-proxy /etc/caddy/Caddyfile /etc/caddy/Caddyfile
114+
COPY --from=dev-proxy-builder /usr/bin/caddy /usr/local/bin/caddy
115+
COPY dev-proxy/Caddyfile /etc/caddy/Caddyfile
111116
COPY dev-proxy/start-proxy.sh /usr/local/bin/start-dev-proxy.sh
112117
RUN chmod +x /usr/local/bin/start-dev-proxy.sh
113118

dev-proxy/Caddyfile

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
{
2+
order rewrite before reverse_proxy
3+
order rh_identity_transform before respond
4+
cache
5+
admin off
6+
}
7+
8+
{$HCC_ENV}.foo.redhat.com:{$PROXY_PORT} {
9+
log default {
10+
output stdout
11+
format transform "{common_log}"
12+
}
13+
14+
@html_fallback {
15+
header Accept *text/html*
16+
not path_regexp .*\/(silent-check-sso\.html)$
17+
}
18+
19+
{$LOCAL_ROUTES}
20+
21+
handle {
22+
cache
23+
reverse_proxy {$HCC_ENV_URL} {
24+
header_up Host {http.reverse_proxy.upstream.hostport}
25+
header_up Accept-Encoding "gzip;q=0,deflate,sdch"
26+
header_up -Origin
27+
}
28+
}
29+
30+
tls internal {
31+
on_demand
32+
}
33+
}

dev-proxy/rh_identity_transform/go.mod

Lines changed: 133 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,133 @@
1+
module rh_identity_transform
2+
3+
go 1.25.0
4+
5+
toolchain go1.26.1
6+
7+
require (
8+
github.com/caddyserver/caddy/v2 v2.11.2
9+
github.com/golang-jwt/jwt/v5 v5.3.1
10+
)
11+
12+
require (
13+
cel.dev/expr v0.25.1 // indirect
14+
cloud.google.com/go/auth v0.18.2 // indirect
15+
cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
16+
cloud.google.com/go/compute/metadata v0.9.0 // indirect
17+
dario.cat/mergo v1.0.2 // indirect
18+
filippo.io/bigmod v0.1.0 // indirect
19+
filippo.io/edwards25519 v1.2.0 // indirect
20+
github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 // indirect
21+
github.com/KimMachineGun/automemlimit v0.7.5 // indirect
22+
github.com/Masterminds/goutils v1.1.1 // indirect
23+
github.com/Masterminds/semver/v3 v3.4.0 // indirect
24+
github.com/Masterminds/sprig/v3 v3.3.0 // indirect
25+
github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
26+
github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b // indirect
27+
github.com/beorn7/perks v1.0.1 // indirect
28+
github.com/caddyserver/certmagic v0.25.2 // indirect
29+
github.com/caddyserver/zerossl v0.1.5 // indirect
30+
github.com/ccoveille/go-safecast/v2 v2.0.0 // indirect
31+
github.com/cespare/xxhash v1.1.0 // indirect
32+
github.com/cespare/xxhash/v2 v2.3.0 // indirect
33+
github.com/chzyer/readline v1.5.1 // indirect
34+
github.com/cloudflare/circl v1.6.3 // indirect
35+
github.com/coreos/go-oidc/v3 v3.17.0 // indirect
36+
github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect
37+
github.com/dgraph-io/badger v1.6.2 // indirect
38+
github.com/dgraph-io/badger/v2 v2.2007.4 // indirect
39+
github.com/dgraph-io/ristretto/v2 v2.4.0 // indirect
40+
github.com/dgryski/go-farm v0.0.0-20240924180020-3414d57e47da // indirect
41+
github.com/dustin/go-humanize v1.0.1 // indirect
42+
github.com/felixge/httpsnoop v1.0.4 // indirect
43+
github.com/go-jose/go-jose/v3 v3.0.4 // indirect
44+
github.com/go-jose/go-jose/v4 v4.1.3 // indirect
45+
github.com/go-logr/logr v1.4.3 // indirect
46+
github.com/go-logr/stdr v1.2.2 // indirect
47+
github.com/go-sql-driver/mysql v1.9.3 // indirect
48+
github.com/golang/protobuf v1.5.4 // indirect
49+
github.com/golang/snappy v1.0.0 // indirect
50+
github.com/google/cel-go v0.27.0 // indirect
51+
github.com/google/s2a-go v0.1.9 // indirect
52+
github.com/google/uuid v1.6.0 // indirect
53+
github.com/googleapis/enterprise-certificate-proxy v0.3.14 // indirect
54+
github.com/googleapis/gax-go/v2 v2.18.0 // indirect
55+
github.com/huandu/xstrings v1.5.0 // indirect
56+
github.com/inconshreveable/mousetrap v1.1.0 // indirect
57+
github.com/jackc/pgpassfile v1.0.0 // indirect
58+
github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
59+
github.com/jackc/pgx/v5 v5.8.0 // indirect
60+
github.com/jackc/puddle/v2 v2.2.2 // indirect
61+
github.com/klauspost/compress v1.18.4 // indirect
62+
github.com/klauspost/cpuid/v2 v2.3.0 // indirect
63+
github.com/libdns/libdns v1.1.1 // indirect
64+
github.com/manifoldco/promptui v0.9.0 // indirect
65+
github.com/mattn/go-colorable v0.1.14 // indirect
66+
github.com/mattn/go-isatty v0.0.20 // indirect
67+
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
68+
github.com/mholt/acmez/v3 v3.1.6 // indirect
69+
github.com/miekg/dns v1.1.72 // indirect
70+
github.com/mitchellh/copystructure v1.2.0 // indirect
71+
github.com/mitchellh/go-ps v1.0.0 // indirect
72+
github.com/mitchellh/reflectwalk v1.0.2 // indirect
73+
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
74+
github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 // indirect
75+
github.com/pkg/errors v0.9.1 // indirect
76+
github.com/prometheus/client_golang v1.23.2 // indirect
77+
github.com/prometheus/client_model v0.6.2 // indirect
78+
github.com/prometheus/common v0.67.5 // indirect
79+
github.com/prometheus/procfs v0.20.1 // indirect
80+
github.com/quic-go/qpack v0.6.0 // indirect
81+
github.com/quic-go/quic-go v0.59.0 // indirect
82+
github.com/rs/xid v1.6.0 // indirect
83+
github.com/russross/blackfriday/v2 v2.1.0 // indirect
84+
github.com/shopspring/decimal v1.4.0 // indirect
85+
github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
86+
github.com/slackhq/nebula v1.10.3 // indirect
87+
github.com/smallstep/certificates v0.30.0-rc4 // indirect
88+
github.com/smallstep/cli-utils v0.12.2 // indirect
89+
github.com/smallstep/linkedca v0.25.0 // indirect
90+
github.com/smallstep/nosql v0.7.0 // indirect
91+
github.com/smallstep/pkcs7 v0.2.1 // indirect
92+
github.com/smallstep/scep v0.0.0-20260311011040-6d82bb27e647 // indirect
93+
github.com/smallstep/truststore v0.13.0 // indirect
94+
github.com/spf13/cast v1.10.0 // indirect
95+
github.com/spf13/cobra v1.10.2 // indirect
96+
github.com/spf13/pflag v1.0.10 // indirect
97+
github.com/tailscale/go-winio v0.0.0-20231025203758-c4f33415bf55 // indirect
98+
github.com/tailscale/tscert v0.0.0-20251216020129-aea342f6d747 // indirect
99+
github.com/urfave/cli/v3 v3.7.0 // indirect
100+
github.com/zeebo/blake3 v0.2.4 // indirect
101+
go.etcd.io/bbolt v1.4.3 // indirect
102+
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
103+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 // indirect
104+
go.opentelemetry.io/otel v1.42.0 // indirect
105+
go.opentelemetry.io/otel/metric v1.42.0 // indirect
106+
go.opentelemetry.io/otel/trace v1.42.0 // indirect
107+
go.step.sm/crypto v0.76.2 // indirect
108+
go.uber.org/automaxprocs v1.6.0 // indirect
109+
go.uber.org/multierr v1.11.0 // indirect
110+
go.uber.org/zap v1.27.1 // indirect
111+
go.uber.org/zap/exp v0.3.0 // indirect
112+
go.yaml.in/yaml/v2 v2.4.4 // indirect
113+
go.yaml.in/yaml/v3 v3.0.4 // indirect
114+
golang.org/x/crypto v0.49.0 // indirect
115+
golang.org/x/crypto/x509roots/fallback v0.0.0-20260310173709-159944f128e9 // indirect
116+
golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90 // indirect
117+
golang.org/x/mod v0.34.0 // indirect
118+
golang.org/x/net v0.52.0 // indirect
119+
golang.org/x/oauth2 v0.36.0 // indirect
120+
golang.org/x/sync v0.20.0 // indirect
121+
golang.org/x/sys v0.42.0 // indirect
122+
golang.org/x/term v0.41.0 // indirect
123+
golang.org/x/text v0.35.0 // indirect
124+
golang.org/x/time v0.15.0 // indirect
125+
golang.org/x/tools v0.43.0 // indirect
126+
google.golang.org/api v0.272.0 // indirect
127+
google.golang.org/genproto/googleapis/api v0.0.0-20260217215200-42d3e9bedb6d // indirect
128+
google.golang.org/genproto/googleapis/rpc v0.0.0-20260316180232-0b37fe3546d5 // indirect
129+
google.golang.org/grpc v1.79.2 // indirect
130+
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.6.1 // indirect
131+
google.golang.org/protobuf v1.36.11 // indirect
132+
howett.net/plist v1.0.1 // indirect
133+
)

0 commit comments

Comments
 (0)