ory
diff --git a/‎.docker/Dockerfile-alpine‎
Lines changed: 2 additions & 1 deletion b/‎.docker/Dockerfile-alpine‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎.docker/Dockerfile-hsm‎
Lines changed: 0 additions & 88 deletions b/‎.docker/Dockerfile-hsm‎
Lines changed: 0 additions & 88 deletions
diff --git a/‎.docker/Dockerfile-scratch‎
Lines changed: 0 additions & 41 deletions b/‎.docker/Dockerfile-scratch‎
Lines changed: 0 additions & 41 deletions
diff --git a/‎.docker/Dockerfile-sqlite‎
Lines changed: 0 additions & 36 deletions b/‎.docker/Dockerfile-sqlite‎
Lines changed: 0 additions & 36 deletions
diff --git a/‎.docker/Dockerfile-test-hsm‎
Lines changed: 36 additions & 0 deletions b/‎.docker/Dockerfile-test-hsm‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎Makefile‎
Lines changed: 3 additions & 3 deletions b/‎Makefile‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎README.md‎
Lines changed: 8 additions & 4 deletions b/‎README.md‎
Lines changed: 8 additions & 4 deletions
diff --git a/‎quickstart.yml‎
Lines changed: 10 additions & 0 deletions b/‎quickstart.yml‎
Lines changed: 10 additions & 0 deletions
@@ -24,6 +24,7 @@ HEREDOC
 
 COPY hydra /usr/bin/hydra
 
+USER ory
+
 ENTRYPOINT ["hydra"]
 CMD ["serve", "all"]
-USER ory
 
@@ -0,0 +1,36 @@
+# This file is only used for testing the HSM feature of Hydra. It is not used in production nor is it being
+# distributed.
+FROM golang:1.22-alpine3.21 AS builder
+
+RUN apk -U --no-cache --upgrade --latest add build-base git gcc bash
+
+WORKDIR /go/src/github.com/ory/hydra
+RUN mkdir -p ./internal/httpclient
+
+COPY go.mod go.sum ./
+COPY internal/httpclient/go.* ./internal/httpclient
+
+ENV CGO_ENABLED 1
+
+RUN go mod download
+
+COPY . .
+
+FROM builder as build-hydra
+
+ENV HSM_ENABLED=true
+ENV HSM_LIBRARY=/usr/lib/softhsm/libsofthsm2.so
+ENV HSM_TOKEN_LABEL=hydra
+ENV HSM_PIN=1234
+ENV UPDATE_SNAPSHOTS=true
+
+RUN apt-get -y install softhsm opensc
+RUN pkcs11-tool --module "$HSM_LIBRARY" --slot 0 --init-token --so-pin 0000 --init-pin --pin "$HSM_PIN" --label "$HSM_TOKEN_LABEL"
+
+FROM builder as test-hsm
+
+RUN go test -p 1 -failfast -short -tags=sqlite,hsm ./...
+
+FROM builder AS test-refresh-hsm
+
+RUN go test -p 1 -failfast -short -tags=sqlite,hsm,refresh ./...
@@ -71,7 +71,7 @@ test-resetdb: node_modules
 # Build local docker images
 .PHONY: docker
 docker:
-	DOCKER_BUILDKIT=1 DOCKER_CONTENT_TRUST=1 docker build --progress=plain -f .docker/Dockerfile-build -t oryd/hydra:${IMAGE_TAG}-sqlite .
+	DOCKER_BUILDKIT=1 DOCKER_CONTENT_TRUST=1 docker build --progress=plain -f .docker/Dockerfile-build -t oryd/hydra:${IMAGE_TAG} .
 
 .PHONY: e2e
 e2e: node_modules test-resetdb
@@ -88,12 +88,12 @@ quicktest:
 
 .PHONY: quicktest-hsm
 quicktest-hsm:
-	DOCKER_BUILDKIT=1 DOCKER_CONTENT_TRUST=1 docker build --progress=plain -f .docker/Dockerfile-hsm --target test-hsm -t oryd/hydra:${IMAGE_TAG} --target test-hsm .
+	DOCKER_BUILDKIT=1 DOCKER_CONTENT_TRUST=1 docker build --progress=plain -f .docker/Dockerfile-test-hsm  --target test-hsm -t oryd/hydra:${IMAGE_TAG} --target test-hsm .
 
 .PHONY: test-refresh
 test-refresh:
 	UPDATE_SNAPSHOTS=true go test -failfast -short -tags sqlite,sqlite_omit_load_extension ./...
-	DOCKER_BUILDKIT=1 DOCKER_CONTENT_TRUST=1 docker build --progress=plain -f .docker/Dockerfile-hsm --target test-refresh-hsm -t oryd/hydra:${IMAGE_TAG} --target test-refresh-hsm .
+	DOCKER_BUILDKIT=1 DOCKER_CONTENT_TRUST=1 docker build --progress=plain -f .docker/Dockerfile-test-hsm  --target test-refresh-hsm -t oryd/hydra:${IMAGE_TAG} --target test-refresh-hsm .
 
 authors:  # updates the AUTHORS file
 	curl https://raw.githubusercontent.com/ory/ci/master/authors/authors.sh | env PRODUCT="Ory Hydra" bash
 
@@ -609,7 +609,7 @@ that your company deserves a spot here, reach out to
                 </picture>
             </td>
             <td><a href="https://pinniped.dev/">pinniped.dev</a></td>
-        </tr>         
+        </tr>
         <tr>
             <td>Adopter *</td>
             <td>Pvotal</td>
@@ -835,7 +835,9 @@ make quicktest
 
 # regular tests
 make test
-test-resetdb
+
+# updates all snapshots
+make test-refresh
 
 # end-to-end tests
 make e2e
@@ -977,10 +979,12 @@ If you wish to check your code changes against any of the docker-compose
 quickstart files, run:
 
 ```shell script
-make docker
-docker compose -f quickstart.yml up # ....
+docker compose -f quickstart.yml up --build # ....
 ```
 
+Warning, this will override your local image tag with the latest build and can
+lead to unexpected or confusing behavior.
+
 #### Add a new migration
 
 1. `mkdir persistence/sql/src/YYYYMMDD000001_migration_name/`
 
@@ -12,6 +12,9 @@
 services:
   hydra:
     image: oryd/hydra:v2.2.0
+    build:
+      context: .
+      dockerfile: .docker/Dockerfile-build
     ports:
       - "4444:4444" # Public port
       - "4445:4445" # Admin port
@@ -25,18 +28,25 @@ services:
       - type: bind
         source: ./contrib/quickstart/5-min
         target: /etc/config/hydra
+    pull_policy: missing
     environment:
       - DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true
     restart: unless-stopped
+    user: 500:500
     depends_on:
       - hydra-migrate
     networks:
       - intranet
   hydra-migrate:
     image: oryd/hydra:v2.2.0
+    build:
+      context: .
+      dockerfile: .docker/Dockerfile-build
     environment:
       - DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true
     command: migrate -c /etc/config/hydra/hydra.yml sql -e --yes
+    user: 500:500
+    pull_policy: missing
     volumes:
       - type: volume
         source: hydra-sqlite