Installing a Development version
This guide shows you how to run a Minder server locally. It is intended for users who would like to contribute to the Minder project. It is not intended for production use. This guide will walk you through how to:
- Retrieve the latest source code
- Set up your development environment
- Run the dependent applications
- Create a Provider
- Set up authentication
Once you complete this guide, you will have a Minder server built from source and ready to contribute to.
Prerequisites
Steps
Clone the repository
Begin by cloning the Minder repository to get the latest source code.
git clone git@github.com:mindersec/minder.git
cd minder
Set up Development Environment
To set up your development environment, run:
make bootstrap
This will install the required tools for running different make targets, initialize required configuration files, as well as generate a token key passphrase.
Build the application
Run the following to build minder and minder-server (binaries will be present at ./bin/)
make build
You may copy these into a location on your path, or run them directly from the bin
directory.
Configure the Repository Provider
You now need to create a Provider to enable Minder to inspect and manage your repository configuration. Currently only GitHub is supported as a Provider, so we'll do this using a GitHub App. This app will also provide Keycloak with an authentication source. Follow the steps in Configuring a Provider then return here to complete configuring the server. Be sure to save the Client ID and Client secret values, because you will need them again below.
Start the Minder server
At this point, you should have a GitHub provider configured and your server-config.yaml
file updated.
Start minder-server
along with its dependent services (keycloak
and postgres
) by running:
make run-docker
As this command runs, you will see it build the Minder server container and then start the dependent containers. If you run
docker ps
you should see 4 new services running:
- keycloak
- minder
- openfga
- postgres
At this point, you might also want to ensure that created folders are owned by the current user - e.g.:
sudo chown "$(id -un):$(id -gn)" {flags-config.yaml,.secrets,.ssh}
Configure Keycloak
Now that the Keycloak application is running, you need to configure it using the GitHub App you previously configured.
To enable GitHub login on Keycloak run the following command, using the client_id
and client_secret
you generated setting up the GitHub app:
make KC_GITHUB_CLIENT_ID=<client_id> KC_GITHUB_CLIENT_SECRET=<client_secret> github-login
You should see it create a new instance and new mappers. You may see a resource not found message. This is safe to ignore.
Authenticate minder
At this point, you should have the following:
- A PostgreSQL database and Keycloak and OpenFGA instances running in containers
- A minder-server built from source running in a container
- A GitHub application configured to provide access to a set of repositories
The final step is to authenticate the minder
application using Keycloak and the GitHub application that was previous configured.
To do this run:
minder auth login
This will open Keycloak login window in your browser.
Click GitHub to sign in. This should display a GitHub authorization window asking if you'd like to give permission to your Minder server.
Click Authorize. The browser window should say Authentication Successful and the command line should say you've been successfully registered.
Congratulations! You've set up a Minder server! Now you're all ready to contribute to Minder.
For more information about the development process, please see the Developer Guide.
For more information on contributing, please see our Contributing Guide.
A list of good first issues can be found in the Minder GitHub project.
Optional Steps
Setting up a Webhook
With the basic setup, GitHub is unable to notify Minder when certain events occur in your repositories. MORE DETAILS WOULD BE NICE. Configuring a Webhook will allow GitHub to communicate back to the Minder instance. Details on how to set this up can be found in the Configuring a Webhook guide.
Running Minder server directly
There are certain situations where you might want to run the Minder server directly, instead of as a container. These steps will allow you to do that. They assume you have completed the basic setup.
Stop the Minder server container
Stop the Minder server, while leaving the dependant containers to continue running.
docker stop minder_server
Configuration Changes
Find the authz section in your server-config.yaml
file located in your root Minder directory. Update the api_url
to point to http://localhost:8082
.
authz:
api_url: http://localhost:8082
store_name: minder
auth:
# Set to token for production
method: none
Run the server
Start the server from the command line using the following command:
go run cmd/server/main.go serve
You should see the server start up and then a series of log messages. You are now running the Minder server directly.