update: 2024.2.3 -> 2024.4.1

Release notes: https://docs.goauthentik.io/docs/releases/2024.4 Notable dependency updates: python 3.11 -> python 3.12 golang 1.21 -> golang 1.22 nixpkgs-23.11 -> nixpkgs-unstable (for golang 1.22 until 24.05) Introduces patch to `web/package-lock.json`, see `components/frontend.nix`, this will cause IFD until the issue is resolved. https://nixos.org/manual/nix/stable/language/import-from-derivation Flake lock file updates: • Updated input 'authentik-src': 'github:goauthentik/authentik/6bb180f94ec124092c4f87ae5f5d892a70b32ff3' (2024-04-17) → 'github:goauthentik/authentik/ca70c963e55daf73b479a4513da06ac5cea77718' (2024-04-26) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/53a2c32bc66f5ae41a28d7a9a49d321172af621e' (2024-04-15) → 'github:NixOS/nixpkgs/6143fc5eeb9c4f00163267708e26191d1e918932' (2024-04-21) • Updated input 'poetry2nix': 'github:nix-community/poetry2nix/3c92540611f42d3fb2d0d084a6c694cd6544b609' (2024-02-22) → 'github:nix-community/poetry2nix/9245811b58905453033f1ef551f516cbee71c42c' (2024-04-26)
2024-04-24 18:44:40 +02:00 · 2024-04-24 18:44:40 +02:00 · 608c5dd4f5
commit 608c5dd4f5
parent 5011f30262
9 changed files with 129 additions and 71 deletions
--- a/components/docs.nix
+++ b/components/docs.nix
@ -11,8 +11,9 @@ buildNapalmPackage "${authentik-src}/website" {
  npmCommands = [
    "cp -v ${authentik-src}/SECURITY.md ../SECURITY.md"
    "cp -vr ${authentik-src}/blueprints ../blueprints"
+    "cp -v ${authentik-src}/schema.yml ../schema.yml"
    "npm install --include=dev"
-    "npm run build-docs-only"
+    "npm run build-bundled"
  ];
  installPhase = ''
    rm -r ../website/node_modules/.cache
--- a/components/frontend-package-lock-json-missing-integrity-infos.patch
+++ b/components/frontend-package-lock-json-missing-integrity-infos.patch
@ -0,0 +1,25 @@
+diff --git a/web/package-lock.json b/web/package-lock.json
+--- a/web/package-lock.json
+++ b/web/package-lock.json
+@@ -6663,7 +6663,9 @@
+             "license": "MIT",
+             "dependencies": {
+                 "type-fest": "^2.19.0"
+-            }
+            },
+            "resolved": "https://registry.npmjs.org/@storybook/csf/-/csf-0.1.2.tgz",
+            "integrity": "sha512-ePrvE/pS1vsKR9Xr+o+YwdqNgHUyXvg+1Xjx0h9LrVx7Zq4zNe06pd63F5EvzTbCbJsHj7GHr9tkiaqm7U8WRA=="
+         },
+         "node_modules/@storybook/csf-plugin": {
+             "version": "8.0.8",
+@@ -8654,7 +8656,9 @@
+         "node_modules/@types/find-cache-dir": {
+             "version": "3.2.1",
+             "dev": true,
+-            "license": "MIT"
+            "license": "MIT",
+            "resolved": "https://registry.npmjs.org/@types/find-cache-dir/-/find-cache-dir-3.2.1.tgz",
+            "integrity": "sha512-frsJrz2t/CeGifcu/6uRo4b+SzAwT4NYCVPu1GN8IB9XTzrpPkGuV0tmh9mN+/L0PklAlsC3u5Fxt0ju00LXIw=="
+         },
+         "node_modules/@types/grecaptcha": {
+             "version": "3.0.9",
--- a/components/frontend.nix
+++ b/components/frontend.nix
@ -3,9 +3,24 @@
 , authentikComponents
 , buildNapalmPackage
 , nodejs_21
+, applyPatches
 }:
-
-buildNapalmPackage "${authentik-src}/web" rec {
+let
+  patched-src = applyPatches {
+    src = authentik-src;
+    name = "patched-authentik-source";
+    patches = [
+      # Should be obsolete with the next release (i.e. 2024.4.2).
+      #
+      # The underlying issue was partially fixed by backporting https://github.com/goauthentik/authentik/pull/9419
+      # to 2024.4, but two deps are still missing the resolved/integrity fields in 2024.4.1
+      #
+      # (this introduces IFD)
+      ./frontend-package-lock-json-missing-integrity-infos.patch
+    ];
+  };
+in
+buildNapalmPackage "${patched-src}/web" rec {
  version = authentik-version; # 0.0.0 specified upstream in package.json
  NODE_ENV = "production";
  nodejs = nodejs_21;
--- a/components/gopkgs.nix
+++ b/components/gopkgs.nix
@ -1,12 +1,12 @@
 { authentik-src
 , authentik-version
 , authentikComponents
-, buildGo121Module
+, buildGo122Module
 , lib
 , makeWrapper
 }:

-buildGo121Module {
+buildGo122Module {
  pname = "authentik-gopkgs";
  version = authentik-version;
  prePatch = ''
@ -41,7 +41,7 @@ buildGo121Module {
    "cmd/proxy"
    "cmd/radius"
  ];
-  vendorHash = "sha256-UIJBCTq7AJGUDIlZtJaWCovyxlMPzj2BCJQqthybEz4=";
+  vendorHash = "sha256-YpOG5pNw5CNSubm1OkPVpSi7l+l5UdJFido2SQLtK3g=";
  nativeBuildInputs = [ makeWrapper ];
  postInstall = ''
    wrapProgram $out/bin/server --prefix PATH : ${authentikComponents.pythonEnv}/bin
--- a/components/pythonEnv.nix
+++ b/components/pythonEnv.nix
@ -3,12 +3,12 @@
 , defaultPoetryOverrides
 , lib
 , mkPoetryEnv
-, python311
+, python312
 }:

 mkPoetryEnv {
  projectDir = authentik-src;
-  python = python311;
+  python = python312;
  overrides = [
    defaultPoetryOverrides
  ] ++ authentikPoetryOverrides;