chore: automate setup

acceptance/Dockerfile

@@ -0,0 +1,6 @@
+FROM golang:1.19-alpine
+RUN apk add curl jq
+RUN go install github.com/zitadel/zitadel-tools@v0.4.0
+COPY setup.sh /setup.sh
+RUN chmod +x /setup.sh
+ENTRYPOINT [ "/setup.sh" ]

acceptance/docker-compose.yaml

@@ -0,0 +1,46 @@
+version: '3.8'
+
+services:
+  zitadel:
+    user: '$UID'
+    image: '${ZITADEL_IMAGE:-ghcr.io/zitadel/zitadel:latest}'
+    command: 'start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled --config /zitadel.yaml --steps /zitadel.yaml'
+    ports:
+    - "8080:8080"
+    volumes:
+      - ./machinekey:/machinekey
+      - ./zitadel.yaml:/zitadel.yaml
+    depends_on:
+      db:
+        condition: 'service_healthy'
+
+  db:
+    image: 'cockroachdb/cockroach:v22.2.2'
+    command: 'start-single-node --insecure --http-addr :9090'
+    healthcheck:
+      test: ['CMD', 'curl', '-f', 'http://localhost:9090/health?ready=1']
+      interval: '10s'
+      timeout: '30s'
+      retries: 5
+      start_period: '20s'
+    ports:
+      - "26257:26257"
+      - "9090:9090"
+
+  wait_for_zitadel:
+    image: curlimages/curl:8.00.1
+    command: [ "/bin/sh", "-c", "i=0; while ! curl http://zitadel:8080/debug/ready && [ $$i -lt 30 ]; do sleep 1; i=$$((i+1)); done; [ $$i -eq 30 ] && exit 1 || exit 0" ]
+    depends_on:
+      - zitadel
+
+  setup:
+    container_name: setup
+    build: .
+    environment:
+      KEY: /key/zitadel-admin-sa.json
+      SERVICE: http://zitadel:8080
+    volumes:
+    - "./machinekey:/key"
+    depends_on:
+      wait_for_zitadel:
+        condition: 'service_completed_successfully'

acceptance/machinekey/.gitignore

@@ -0,0 +1 @@
+zitadel-admin-sa.json

acceptance/setup.sh

@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -ex
+
+# The path to the instance admin service account
+KEY=${KEY:-./machinekey/zitadel-admin-sa.json}
+# The audience for which the key is used
+AUDIENCE=${AUDIENCE:-http://localhost:8080}
+# The Service can differ from the audience, for example in docker compose (http://zitadel:8080)
+SERVICE=${SERVICE:-$AUDIENCE}
+
+# Defer the Host header sent in requests that ZITADEL maps to an instance from the JWT audience
+AUDIENCE_HOST="$(echo $AUDIENCE | cut -d/ -f3)"
+
+# Create JWT from Admin SA KEY
+JWT=$(zitadel-tools key2jwt --key ${KEY} --audience ${AUDIENCE})
+
+# Get Token
+TOKEN_RESPONSE=$(curl --request POST \
+  --url ${SERVICE}/oauth/v2/token \
+  --header 'Content-Type: application/x-www-form-urlencoded' \
+  --header "Host: ${AUDIENCE_HOST}" \
+  --data grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer \
+  --data scope='openid profile email' \
+  --data assertion="${JWT}")
+
+# Extract Token
+TOKEN=$(echo -n ${TOKEN_RESPONSE} | jq -r '.access_token')
+
+# Verify authentication
+curl --request POST \
+  --url ${SERVICE}/oidc/v1/userinfo \
+  --header 'Content-Type: application/x-www-form-urlencoded' \
+  --header "Authorization: Bearer ${TOKEN}" \
+  --header "Host: ${AUDIENCE_HOST}"
+
+# Get default org
+curl --request GET \
+  --url ${SERVICE}/admin/v1/orgs/default \
+  --header 'Accept: application/json' \
+  --header "Authorization: Bearer ${TOKEN}" \
+  --header "Host: ${AUDIENCE_HOST}"

acceptance/zitadel.yaml

@@ -0,0 +1,18 @@
+FirstInstance:
+  MachineKeyPath: /machinekey/zitadel-admin-sa.json
+  Org:
+    Machine:
+      Machine:
+        Username: zitadel-admin-sa
+        Name: Admin
+      MachineKey:
+        Type: 1
+
+Database:
+  Cockroach:
+    Host: db
+
+Logstore:
+  Access:
+    Stdout:
+      Enabled: true