coop-cloud/hedgedoc
1
1
Fork 3
Code Issues 3 Pull Requests 3 Releases Wiki Activity

Compare commits

base: coop-cloud:3.0.0+1.10.1
Branches Tags
coop-cloud:main coop-cloud:anubis coop-cloud:forceSsl coop-cloud:upgrade coop-cloud:main-2 coop-cloud:fauno-sqlite coop-cloud:entrypoint-fix coop-cloud:fix-uploads-volume coop-cloud:mayel-patch-1
coop-cloud:3.0.5+1.10.5 coop-cloud:3.0.4+1.10.4 coop-cloud:3.0.2+1.10.3 coop-cloud:3.0.1+1.10.3 coop-cloud:3.0.0+1.10.1 coop-cloud:2.0.0+1.10.1 coop-cloud:1.2.2+1.10.1 coop-cloud:1.2.1+1.10.0 coop-cloud:1.2.0+1.10.0 coop-cloud:1.1.0+1.9.9 coop-cloud:1.0.1+1.9.9 coop-cloud:1.0.0+1.9.9 coop-cloud:0.6.0+1.9.9 coop-cloud:0.5.1+1.9.8 coop-cloud:0.5.0+1.9.6 coop-cloud:0.4.0+1.9.3 coop-cloud:0.3.0+1.9.3 coop-cloud:0.2.0+1.9.3 coop-cloud:0.1.0+1.8.2
..
compare: coop-cloud:anubis
Branches Tags
coop-cloud:anubis coop-cloud:main coop-cloud:forceSsl coop-cloud:upgrade coop-cloud:main-2 coop-cloud:fauno-sqlite coop-cloud:entrypoint-fix coop-cloud:fix-uploads-volume coop-cloud:mayel-patch-1
coop-cloud:3.0.5+1.10.5 coop-cloud:3.0.4+1.10.4 coop-cloud:3.0.2+1.10.3 coop-cloud:3.0.1+1.10.3 coop-cloud:3.0.0+1.10.1 coop-cloud:2.0.0+1.10.1 coop-cloud:1.2.2+1.10.1 coop-cloud:1.2.1+1.10.0 coop-cloud:1.2.0+1.10.0 coop-cloud:1.1.0+1.9.9 coop-cloud:1.0.1+1.9.9 coop-cloud:1.0.0+1.9.9 coop-cloud:0.6.0+1.9.9 coop-cloud:0.5.1+1.9.8 coop-cloud:0.5.0+1.9.6 coop-cloud:0.4.0+1.9.3 coop-cloud:0.3.0+1.9.3 coop-cloud:0.2.0+1.9.3 coop-cloud:0.1.0+1.8.2

20 Commits
3.0.0+1.10 ... anubis

Author SHA1 Message Date
f
5eada4ae65 feat: anubis
Some checks failed
continuous-integration/drone/pr Build is failing
Details
2025-12-24 16:50:44 -03:00
f
6872e4fcb5 chore: publish 3.0.5+1.10.5 release
Some checks failed
continuous-integration/drone/tag Build is passing
Details
continuous-integration/drone/push Build is failing
Details
2025-12-08 11:01:04 -03:00
f
63dc460d9a fix: healthcheck 2025-12-08 11:00:16 -03:00
f
5814894b58 chore: publish 3.0.4+1.10.4 release
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/tag Build is passing
Details
2025-12-06 11:56:26 -03:00
f
d32033825a fix: upgrade and uploads restrictions
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-12-06 11:44:39 -03:00
3wc
b83888ca14 chore: publish 3.0.3+1.10.3 release 2025-11-23 21:23:42 -05:00
3wc
c9fc0f6a77 Working canonical domain redirect, fix up config 2025-11-23 21:23:19 -05:00
decentral1se
afddeceed3 feat: support CMD_OAUTH2_USER_PROFILE_ID_ATTR
All checks were successful
continuous-integration/drone/push Build is passing
Details 
See #18
 2025-07-31 22:50:02 +02:00
Moritz
828c7c1300 chore: publish 3.0.2+1.10.3 release
All checks were successful
continuous-integration/drone/tag Build is passing
Details
continuous-integration/drone/push Build is passing
Details
2025-06-10 17:29:07 +02:00
Moritz
f0c6a3c19c critical fix to run postgres database 2025-06-10 17:26:40 +02:00
Moritz
94f238c4af add breaking change release note to version 1.2.2+1.10.1
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-05-27 19:56:55 +02:00
Moritz
1dfdd90845 fix CI
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-05-27 19:40:49 +02:00
f
660a5fee21 chore: publish 3.0.1+1.10.3 release
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/tag Build is passing
Details
2025-04-23 16:48:57 -03:00
fauno
8d23542076 Merge pull request 'security upgrade' (#17) from upgrade into main
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Reviewed-on: #17
Reviewed-by: decentral1se <decentral1se@noreply.git.coopcloud.tech>
 2025-04-23 19:46:19 +00:00
f
29968706fc fix: check for password file presence to build db url
Some checks failed
continuous-integration/drone/pr Build is failing
Details
2025-04-11 17:02:46 -03:00
f
1db30e2cda fix: typo 2025-04-11 17:01:25 -03:00
f
ec1735a005 feat: set db type 2025-04-11 17:00:56 -03:00
f
29a7d585dc fix: provide default values for variables
Some checks failed
continuous-integration/drone/pr Build is failing
Details
2025-04-10 15:42:21 -03:00
f
d0191f1c49 fix: prevent unbound variable error
Some checks failed
continuous-integration/drone/pr Build is failing
Details
2025-04-10 09:50:06 -03:00
f
58bfa65b8a fix: security upgrade 
https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-3983-rrqh-mvx5
 2025-04-10 09:26:42 -03:00
11 changed files with 38 additions and 12 deletions
Expand all files Collapse all files

1
.drone.yml
View File

@ -18,6 +18,7 @@ steps:
STACK_NAME: hedgedoc
LETS_ENCRYPT_ENV: production
SECRET_DB_PASSWORD_VERSION: v1
SECRET_SESSION_SECRET_VERSION: v1
ENTRYPOINT_CONF_VERSION: v1
PG_BACKUP_VERSION: v1
trigger:

5
.env.sample
View File

@ -12,6 +12,9 @@ SECRET_SESSION_SECRET_VERSION=v1
COMPOSE_FILE="compose.yml"
# Anubis
#COMPOSE_FILE="$COMPOSE_FILE:compose.anubis.yml"
# PostgreSQL
#COMPOSE_FILE="$COMPOSE_FILE:compose.postgresql.yml"
@ -26,6 +29,7 @@ COMPOSE_FILE="compose.yml"
#CMD_OAUTH2_TOKEN_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/token"
#CMD_OAUTH2_USER_PROFILE_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/userinfo"
#CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=ocs.data.id
#CMD_OAUTH2_USER_PROFILE_ID_ATTR=
#CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=ocs.data.display-name
#CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=ocs.data.email
#CMD_OAUTH2_PROVIDERNAME=Keycloak
@ -52,3 +56,4 @@ COMPOSE_FILE="compose.yml"
# CMD_SESSION_LIFE=1209600000
# Only present in config.json (no equivalent env var):
# DOCUMENT_MAX_LENGTH=100000
# CMD_ENABLE_UPLOADS=registered

3
abra.sh
View File

@ -1,2 +1,3 @@
export ENTRYPOINT_CONF_VERSION=v11
export ENTRYPOINT_CONF_VERSION=v13
export CONFIG_JSON_VERSION=v1
export PG_BACKUP_VERSION=v1

6
compose.anubis.yml Normal file
View File

@ -0,0 +1,6 @@
---
version: "3.8"
services:
app:
labels:
- "traefik.http.routers.${STACK_NAME}.middlewares=anubis@swarm,${STACK_NAME}-redirectscheme,${STACK_NAME}-redirecthostname"

1
compose.oauth.yml
View File

@ -13,6 +13,7 @@ services:
- CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR
- CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR
- CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR
- CMD_OAUTH2_USER_PROFILE_ID_ATTR
- CMD_OAUTH2_SCOPE
secrets:
- oauth_key

2
compose.postgresql.yml
View File

@ -2,7 +2,7 @@ version: "3.8"
services:
app:
environment:
- POSTGRES_ENABLED=1
- CMD_DB_TYPE=postgres
- CMD_DB_NAME=codimd
- CMD_DB_USER=codimd
- CMD_DB_HOST=db

16
compose.yml
View File

@ -1,7 +1,7 @@
version: "3.8"
services:
app:
image: quay.io/hedgedoc/hedgedoc:1.10.1
image: quay.io/hedgedoc/hedgedoc:1.10.5
environment:
- CMD_USECDN=false
- CMD_URL_ADDPORT=false
@ -26,6 +26,7 @@ services:
- CMD_SESSION_LIFE
- CMD_SESSION_SECRET_FILE=/run/secrets/session_secret
- DOCUMENT_MAX_LENGTH
- CMD_ENABLE_UPLOADS
networks:
- proxy
volumes:
@ -50,11 +51,14 @@ services:
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirectscheme,${STACK_NAME}-redirecthostname"
- "traefik.http.middlewares.${STACK_NAME}-redirectscheme.redirectscheme.scheme=https"
- "traefik.http.middlewares.${STACK_NAME}-redirectscheme.redirectscheme.permanent=true"
- "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.regex=^http[s]?://([^/]*)/(.*)"
- "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.replacement=https://${DOMAIN}/$${2}"
- "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.permanent=true"
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
- "coop-cloud.${STACK_NAME}.version=3.0.0+1.10.1"
- "coop-cloud.${STACK_NAME}.version=3.0.5+1.10.5"
- "backupbot.backup=${ENABLE_BACKUPS:-true}"
healthcheck:
test: "nodejs -e \"http.get('http://localhost:3000', (res) => { console.log('status: ', res.statusCode); if (res.statusCode == 200) { process.exit(0); } else { process.exit(1); } });\""
@ -74,7 +78,7 @@ networks:
external: true
configs:
config_json:
name: ${STACK_NAME}_config_${ENTRYPOINT_CONF_VERSION}
name: ${STACK_NAME}_config_json_${CONFIG_JSON_VERSION}
file: config.json.tmpl
template_driver: golang
entrypoint_conf:

8
entrypoint.sh.tmpl
View File

@ -22,7 +22,9 @@ file_env() {
}
load_vars() {
file_env "CMD_DB_PASSWORD"
if [ -n "${CMD_DB_PASSWORD_FILE:-""}" ] ; then
file_env "CMD_DB_PASSWORD"
fi
file_env "CMD_OAUTH2_CLIENT_SECRET"
file_env "CMD_SESSION_SECRET"
}
@ -40,8 +42,8 @@ main() {
main
if [ -n "$POSTGRES_ENABLED" ]; then
export CMD_DB_URL="postgres://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME"
if [ -n "${CMD_DB_PASSWORD:-""}" ] ; then
export CMD_DB_URL="${CMD_DB_TYPE}://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME"
fi
# 3wc: `source /docker-entrypoint.sh -e` to load CMD_DB_URL for CLI scripts

6
release/1.2.2+1.10.1
View File

@ -1 +1,5 @@
Upgrade to fix GHSA-6w39-x2c6-6mpf
Upgrade to fix GHSA-6w39-x2c6-6mpf
BREAKING CHANGE!! new secret "session_secret" added, run:
abra app secret generate <app_domain> session_secret v1

1
release/3.0.1+1.10.3 Normal file
View File

@ -0,0 +1 @@
Security upgrade for GHSA-3983-rrqh-mvx5

1
release/3.0.2+1.10.3 Normal file
View File

@ -0,0 +1 @@
CRITICAL FIX: since version 3 this recipe uses always sqlite as database. This patch fixes instances running postgres