Merge branch '59-provide-a-docker-image' into 'main'

Provide a docker image

Closes #59

See merge request yaal/canaille!236

Author: azmeuk

CHANGES.rst

@@ -3,7 +3,8 @@
 
 Added
 ^^^^^
-
+- Instructions in CONTRIBUTING.rst to update the docker image :issue:`59`
+- Instructions in README.md to discover Canaille interface with a docker image :issue:`59`
 - The :ref:`cli dump <cli_dump>` command can dump only some given models.
 
 Fixed

CONTRIBUTING.rst

@@ -222,6 +222,47 @@ Documentation translation
 
 .. include:: ../locales/readme.rst
 
+Production Docker image
+-----------------------
+
+Build
+~~~~~
+
+The ``nix-build`` command is needed to create the Canaille Docker image.
+Follow the `NixOS documentation instructions <https://nix.dev/manual/nix/stable/installation/installing-binary>`__ to install it on your system.
+
+The Docker image can be built with the following command:
+
+.. code-block:: bash
+
+   docker load < $(nix-build --no-out-link canaille.nix)
+
+Check the Docker image with the following command:
+
+.. code-block:: bash
+
+   docker run -it -p 5000:5000 canaille:latest
+
+Publish
+~~~~~~~
+
+.. code-block:: bash
+
+    export CANAILLE_VERSION=$(python -c "from importlib.metadata import version; print(version('canaille'))")
+    docker tag canaille:latest "yaalcoop/canaille:latest"
+    docker tag canaille:latest "yaalcoop/canaille:${CANAILLE_VERSION}"
+
+    docker login --username <hub docker login>
+    docker push yaalcoop/canaille:latest
+    docker push yaalcoop/canaille:${CANAILLE_VERSION}
+
+Use
+~~~
+
+.. code-block:: bash
+
+    docker pull yaalcoop/canaille:latest
+
 Build a release
 ---------------
 
@@ -262,3 +303,4 @@ Publish a new release
 13. Publish the Python package on production PyPI ``uv publish``;
 14. Tag the commit with ``git tag XX.YY.ZZ``;
 15. Push the release commit and the new tag on the repository with ``git push --tags``.
+16. Try to :ref:`pull and run the docker image of Canaille <development/contributing:Production Docker image>` and update the ``canaille.nix`` file if necessary.

README.md

@@ -8,7 +8,7 @@ as in *Can I access your data?* Canaille is a lightweight identity and authoriza
 It aims to be very light, simple to install and simple to maintain. Its main features are :
 - User profile and groups management;
 - Authentication, registration, email confirmation, "I forgot my password" emails;
-- Authorization management with [OpenID Connect identity](https://openid.net/developers/how-connect-works);
+- Authorization management with [OpenID Connect](https://openid.net/developers/how-connect-works) identity;
 - Provisioning with [SCIM](https://scim.libre.sh);
 - postgresql, mariadb and OpenLDAP first-class citizenship;
 - Customizable, themable;
@@ -20,10 +20,12 @@ It aims to be very light, simple to install and simple to maintain. Its main fea
 
 ```bash
 git clone https://gitlab.com/yaal/canaille.git && cd canaille
-# Either run the demo locally
+
+# Either run the development server
 uv sync --all-extras --group demo && uv run devserver
-# or run the demo in docker
-docker compose --file demo/docker-compose-sql.yml up
+
+# or run the Docker image
+docker run -it -p 5000:5000 yaalcoop/canaille:latest
 ```
 
 ## Online!

canaille.nix

@@ -0,0 +1,92 @@
+{ pkgs ? import <nixpkgs> {} }:
+
+pkgs.dockerTools.buildImage {
+  name = "canaille";
+  tag = "latest";
+
+  copyToRoot = pkgs.buildEnv {
+    name = "canaille-env";
+    paths = [
+      pkgs.bashInteractive
+      pkgs.python3
+      pkgs.python3Packages.setuptools
+      pkgs.python3Packages.pip
+      pkgs.coreutils-full
+    ];
+  };
+
+  config = {
+    Cmd = [
+      "/bin/sh"
+      "-c"
+      "
+        python3 -m venv /opt/canaille/venv && \
+        . /opt/canaille/venv/bin/activate && \
+        pip install canaille[front,oidc,postgresql,server,otp,sms,scim] && \
+        mkdir -p /opt/canaille && \
+        echo 'bind = [\"0.0.0.0:5000\"]' > /opt/canaille/hypercorn.toml && \
+        echo '
+        SERVER_NAME = \"canaille.localhost:5000\"\n
+        PREFERRED_URL_SCHEME = \"https\"\n
+        [CANAILLE]\n
+        LOGO = \"/static/img/canaille-head.webp\"\n
+        FAVICON = \"/static/img/canaille-c.webp\"\n
+        ENABLE_REGISTRATION = 1\n
+        ADMIN_EMAIL = \"[email protected]\"\n
+        TIMEZONE = \"UTC\"\n
+        [CANAILLE_SQL]\n
+        DATABASE_URI = \"sqlite:///demo.sqlite\"\n
+        [CANAILLE.ACL.DEFAULT]\n
+        PERMISSIONS = [\"edit_self\", \"use_oidc\"]\n
+        READ = [
+            \"user_name\",
+            \"groups\",
+            \"lock_date\",
+        ]\n
+        WRITE = [
+            \"photo\",
+            \"given_name\",
+            \"family_name\",
+            \"display_name\",
+            \"password\",
+            \"phone_numbers\",
+            \"emails\",
+            \"profile_url\",
+            \"formatted_address\",
+            \"street\",
+            \"postal_code\",
+            \"locality\",
+            \"region\",
+            \"preferred_language\",
+            \"employee_number\",
+            \"department\",
+            \"title\",
+            \"organization\",
+        ]\n
+        [CANAILLE.ACL.ADMIN]\n
+        FILTER = {groups = \"admins\"}\n
+        PERMISSIONS = [
+            \"manage_users\",
+            \"manage_groups\",
+            \"manage_oidc\",
+            \"delete_account\",
+            \"impersonate_users\",
+        ]\n
+        WRITE = [
+            \"groups\",
+            \"lock_date\",
+        ]\n
+        [CANAILLE.ACL.HALF_ADMIN]\n
+        FILTER = {groups = \"moderators\"}\n
+        PERMISSIONS = [\"manage_users\", \"manage_groups\", \"delete_account\"]\n
+        WRITE = [\"groups\"]\n
+        ' > /opt/canaille/config.toml && \
+        export CONFIG=/opt/canaille/config.toml && \
+        canaille db upgrade && \
+        canaille create user --user-name admin --password admin --emails [email protected] --given-name George --family-name Abitbol && \
+        canaille create group --display-name admins --members admin && \
+        canaille run --config /opt/canaille/hypercorn.toml
+      "
+    ];
+  };
+}

doc/tutorial/install.rst

@@ -19,6 +19,14 @@ This page describes how to get and set-up Canaille.
 Get the code
 ============
 
+Docker image
+------------
+
+A Docker image is available:
+
+    docker pull yaalcoop/canaille:latest
+    docker run -it -p 5000:5000 yaalcoop/canaille:latest
+
 Binaries
 --------