root: make postgres connection in makefile customizable

[kensternberg-authentik]

This commit allows the dev-reset command in the Makefile to pick up and use credentials from the .env file if they are present, or fallback to the defaults provided if they are not. This is the only place in the Makefile where the database credentials are used directly against postgresql binaries. The syntax was tested with bash, zsh, and csh, and did not fail under those.

The $${:-} syntax is a combination of a Makefile idiom for "Pass a single $ to the environment where this command will be executed," and the shell expresion ${VARIABLE:-default} means "dereference the environment variable; if it is undefined, used the default value provided."

I've added help to the Makefile:

$ make help
Specify a command. The choices are:

  all                      Lint, build, and test everything
  help                     Show this help
  test                     Run the server tests and produce a coverage report
  lint-fix                 Lint and automatically fix errors in the python source code. Reports spelling errors.
  lint                     Lint the python and golang sources
  migrate                  Run the Authentik Django server's migrations
  i18n-extract             Extract strings that require translation into files to send to a translation service
  gen-build                Extract the schema from the database
  gen-client-ts            Build and install the Authentik API for Typescript into the Authentik UI Application
  web-build                Build the Authentik UI
  web-install              Install the necessary libraries to build the Authentik UI
  web-watch                Build and watch the Authentik UI for changes, updating automatically
  web-storybook-watch      Build and run the storybook documentation server
  web-lint-fix             Automatically fix formatting issues in the Authentik UI source code
  website                  Build the documentation website
  website-watch            Build and watch the documentation website, updating automatically
  dev-reset                Drop and restore the Authentik PostgreSQL instance to a "fresh install" state.

The help feature uses BSD awk, which is available on MacOS and Linux. The syntax is simply ## your help message here as a comment on a Makefile target line.

Checklist

• Local tests pass (ak test authentik/)
• The code has been formatted (make lint-fix)

If an API change has been made

• The API schema has been updated (make gen-build)

If changes to the frontend have been made

• The code has been formatted (make web)
• The translation files have been updated (make i18n-extract)

If applicable

• The documentation has been updated
• The documentation has been formatted (make website)

[netlify]

✅ Deploy Preview for authentik-storybook ready!

Name	Link
🔨 Latest commit	5a263d1
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-storybook/deploys/6511f9c0a80b810007b16b8f
😎 Deploy Preview	https://deploy-preview-6977--authentik-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[netlify]

✅ Deploy Preview for authentik ready!

Name	Link
🔨 Latest commit	5a263d1
🔍 Latest deploy log	https://app.netlify.com/sites/authentik/deploys/6511f9c02551d500082de67b
😎 Deploy Preview	https://deploy-preview-6977--authentik.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 96 (no change from production) Accessibility: 90 (no change from production) Best Practices: 100 (no change from production) SEO: 80 (no change from production) PWA: - View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[codecov]

Codecov Report

All modified lines are covered by tests ✅

Comparison is base (0d6c4c4) 90.51% compared to head (5a263d1) 90.97%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6977      +/-   ##
==========================================
+ Coverage   90.51%   90.97%   +0.47%     
==========================================
  Files         567      567              
  Lines       27939    27939              
==========================================
+ Hits        25286    25416     +130     
+ Misses       2653     2523     -130     

Flag	Coverage Δ
e2e	49.79% <ø> (+2.94%)	⬆️
unit	89.59% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

see 18 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-core-alt-pg-credentials-1695677726-5a263d1
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

For arm64, use these values:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-core-alt-pg-credentials-1695677726-5a263d1-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-core-alt-pg-credentials-1695677726-5a263d1

For arm64, use these values:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-core-alt-pg-credentials-1695677726-5a263d1-arm64

Afterwards, run the upgrade commands from the latest release notes.