From 08b9570ac79562f100d5511d2f07fefac00fd046 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Mon, 2 Mar 2026 07:27:36 -0800 Subject: [PATCH] Review build-authentik-from-source Mikado chain docs Fix go-server-derivation: wrong path target (webui not authentik-django) and missing internal/web/static.go patch. Remove stale DRF fork content from mirror-build-deps (no longer needed as of 2026.2.0). Add last-reviewed to all 5 cards without it. Co-Authored-By: Claude Opus 4.6 --- .../authentik/authentik-go-server-derivation.md | 6 ++++-- .../authentik-python-backend-derivation.md | 1 + .../authentik/authentik-web-ui-derivation.md | 1 + .../authentik/build-authentik-from-source.md | 1 + .../authentik/mirror-authentik-build-deps.md | 17 ++++++----------- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/how-to/authentik/authentik-go-server-derivation.md b/docs/how-to/authentik/authentik-go-server-derivation.md index 65224c3..afa30dc 100644 --- a/docs/how-to/authentik/authentik-go-server-derivation.md +++ b/docs/how-to/authentik/authentik-go-server-derivation.md @@ -1,6 +1,7 @@ --- title: Build Authentik Go Server -modified: 2026-03-01 +modified: 2026-03-02 +last-reviewed: 2026-03-02 requires: - authentik-api-client-generation - authentik-python-backend-derivation @@ -31,7 +32,8 @@ The nixpkgs derivation patches store paths into two Go source files so the compi 2. Inject the generated Go API client into the vendor directory (via `apiGoVendorHook`) 3. Apply `substituteInPlace` patches to hardcode Nix store paths: - `internal/gounicorn/gounicorn.go`: `./lifecycle` → `${authentik-django}/lifecycle` - - `web/static.go`: `./web` → `${authentik-django}/web` + - `web/static.go`: `./web` → `${webAssetsPath}` (the webui derivation) + - `internal/web/static.go`: `./web` → `${webAssetsPath}` (the webui derivation) 4. Compute the `vendorHash` — note that the hook replaces vendored API code *after* hash verification, so the hash reflects `go.sum` only 5. Rename the output binary from `server` to `authentik` 6. Verify: `./authentik --help` runs successfully diff --git a/docs/how-to/authentik/authentik-python-backend-derivation.md b/docs/how-to/authentik/authentik-python-backend-derivation.md index 44ec65c..d372a30 100644 --- a/docs/how-to/authentik/authentik-python-backend-derivation.md +++ b/docs/how-to/authentik/authentik-python-backend-derivation.md @@ -1,6 +1,7 @@ --- title: Build Authentik Python Backend modified: 2026-03-01 +last-reviewed: 2026-03-02 requires: - mirror-authentik-build-deps tags: diff --git a/docs/how-to/authentik/authentik-web-ui-derivation.md b/docs/how-to/authentik/authentik-web-ui-derivation.md index cc71254..a8ddf4a 100644 --- a/docs/how-to/authentik/authentik-web-ui-derivation.md +++ b/docs/how-to/authentik/authentik-web-ui-derivation.md @@ -1,6 +1,7 @@ --- title: Build Authentik Web UI modified: 2026-03-01 +last-reviewed: 2026-03-02 requires: - authentik-api-client-generation tags: diff --git a/docs/how-to/authentik/build-authentik-from-source.md b/docs/how-to/authentik/build-authentik-from-source.md index fdf1f8c..169a0ed 100644 --- a/docs/how-to/authentik/build-authentik-from-source.md +++ b/docs/how-to/authentik/build-authentik-from-source.md @@ -1,6 +1,7 @@ --- title: Build Authentik from Source modified: 2026-03-01 +last-reviewed: 2026-03-02 requires: - authentik-go-server-derivation - authentik-web-ui-derivation diff --git a/docs/how-to/authentik/mirror-authentik-build-deps.md b/docs/how-to/authentik/mirror-authentik-build-deps.md index e4cf806..c916983 100644 --- a/docs/how-to/authentik/mirror-authentik-build-deps.md +++ b/docs/how-to/authentik/mirror-authentik-build-deps.md @@ -1,6 +1,7 @@ --- title: Mirror Authentik Build Dependencies -modified: 2026-02-28 +modified: 2026-03-02 +last-reviewed: 2026-03-02 tags: - how-to - authentik @@ -12,10 +13,11 @@ Mirror the external repositories needed to build authentik from source onto the ## Context -Building authentik from source requires fetching code from three GitHub repositories. The main `goauthentik/authentik` repo is already mirrored, but two companion repos are not: +Building authentik from source requires fetching code from two GitHub repositories. The main `goauthentik/authentik` repo is already mirrored, but one companion repo needed mirroring: - **`goauthentik/client-go`** — Go API client bindings, versioned in lockstep with authentik (e.g. `v3.2026.2.0` matches `version/2026.2.0`). Used by the Go server build. -- **`authentik-community/django-rest-framework`** — Fork of DRF pinned to a specific commit. Authentik's Python backend requires this custom version. The upstream org name (`authentik-community`) differs from the main repo org (`goauthentik`), so the mirror name must be explicit. + +Previously, `authentik-community/django-rest-framework` (a DRF fork) was also needed. As of authentik 2026.2.0, standard `djangorestframework` from PyPI is used instead — the fork mirror (`authentik-django-rest-framework`) can be archived. ## What to Do @@ -25,16 +27,9 @@ Building authentik from source requires fetching code from three GitHub reposito --name authentik-client-go \ --description "Go API client for authentik (lockstep versioned)" ``` -2. Mirror `authentik-community/django-rest-framework`: - ```fish - mise run mirror-create https://github.com/authentik-community/django-rest-framework.git \ - --name authentik-django-rest-framework \ - --description "Authentik fork of Django REST Framework" - ``` -3. Verify both mirrors sync: check tags appear on forge +2. Verify mirror syncs: check tags appear on forge ## Related - [[build-authentik-from-source]] — Parent goal - [[authentik-api-client-generation]] — Consumes client-go mirror -- [[authentik-python-backend-derivation]] — Consumes django-rest-framework mirror