Compare commits
28 Commits
fauno-sqli
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 828c7c1300 | |||
f0c6a3c19c
|
|||
|
94f238c4af
|
|||
|
1dfdd90845
|
|||
|
660a5fee21 | ||
| 8d23542076 | |||
|
|
29968706fc | ||
|
|
1db30e2cda | ||
|
|
ec1735a005 | ||
|
|
29a7d585dc | ||
|
|
d0191f1c49 | ||
|
|
58bfa65b8a | ||
| 98c0268b72 | |||
| 73c8b662d4 | |||
| 674cbd0431 | |||
|
|
4972af78e8 | ||
| aa2afc2270 | |||
|
|
6fbaeb7af0 | ||
|
|
aa70a53ef1 | ||
|
|
3efbfec419 | ||
|
|
93e5604fcb | ||
| 917766023b | |||
|
|
24c3349074 | ||
|
|
6429b2720f | ||
|
|
45986d1af4 | ||
|
|
35e78f4834 | ||
|
|
3a98857b5c | ||
|
|
2310cb9378 |
@ -18,6 +18,7 @@ steps:
|
||||
STACK_NAME: hedgedoc
|
||||
LETS_ENCRYPT_ENV: production
|
||||
SECRET_DB_PASSWORD_VERSION: v1
|
||||
SECRET_SESSION_SECRET_VERSION: v1
|
||||
ENTRYPOINT_CONF_VERSION: v1
|
||||
PG_BACKUP_VERSION: v1
|
||||
trigger:
|
||||
@ -35,7 +36,7 @@ steps:
|
||||
from_secret: drone_abra-bot_token
|
||||
fork: true
|
||||
repositories:
|
||||
- coop-cloud/auto-recipes-catalogue-json
|
||||
- toolshed/auto-recipes-catalogue-json
|
||||
|
||||
trigger:
|
||||
event: tag
|
||||
|
||||
@ -8,11 +8,15 @@ DOMAIN=hedgedoc.example.com
|
||||
#EXTRA_DOMAINS=', `www.hedgedoc.example.com`'
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
SECRET_DB_PASSWORD_VERSION=v1
|
||||
SECRET_SESSION_SECRET_VERSION=v1
|
||||
|
||||
COMPOSE_FILE="compose.yml"
|
||||
|
||||
# PostgreSQL
|
||||
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.postgresql.yml"
|
||||
#SECRET_DB_PASSWORD_VERSION=v1
|
||||
|
||||
# OAuth, see https://docs.hedgedoc.org/guides/auth/keycloak/
|
||||
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.oauth.yml"
|
||||
|
||||
2
abra.sh
2
abra.sh
@ -1,2 +1,2 @@
|
||||
export ENTRYPOINT_CONF_VERSION=v9
|
||||
export ENTRYPOINT_CONF_VERSION=v13
|
||||
export PG_BACKUP_VERSION=v1
|
||||
|
||||
55
compose.postgresql.yml
Normal file
55
compose.postgresql.yml
Normal file
@ -0,0 +1,55 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- CMD_DB_TYPE=postgres
|
||||
- CMD_DB_NAME=codimd
|
||||
- CMD_DB_USER=codimd
|
||||
- CMD_DB_HOST=db
|
||||
- CMD_DB_PASSWORD_FILE=/run/secrets/db_password
|
||||
depends_on:
|
||||
- db
|
||||
networks:
|
||||
- internal
|
||||
secrets:
|
||||
- db_password
|
||||
db:
|
||||
image: pgautoupgrade/pgautoupgrade:16-alpine
|
||||
environment:
|
||||
- POSTGRES_USER=codimd
|
||||
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
|
||||
- POSTGRES_DB=codimd
|
||||
volumes:
|
||||
- "postgres:/var/lib/postgresql/data"
|
||||
secrets:
|
||||
- db_password
|
||||
networks:
|
||||
- internal
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "${ENABLE_BACKUPS:-true}"
|
||||
backupbot.backup.pre-hook: "/pg_backup.sh backup"
|
||||
backupbot.backup.volumes.postgres.path: "backup.sql"
|
||||
backupbot.restore.post-hook: '/pg_backup.sh restore'
|
||||
healthcheck:
|
||||
test: "pg_isready"
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 5
|
||||
start_period: 1m
|
||||
configs:
|
||||
- source: pg_backup
|
||||
target: /pg_backup.sh
|
||||
mode: 0555
|
||||
volumes:
|
||||
postgres:
|
||||
secrets:
|
||||
db_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||
networks:
|
||||
internal:
|
||||
configs:
|
||||
pg_backup:
|
||||
name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
|
||||
file: pg_backup.sh
|
||||
53
compose.yml
53
compose.yml
@ -1,17 +1,14 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
app:
|
||||
image: quay.io/hedgedoc/hedgedoc:1.10.0
|
||||
image: quay.io/hedgedoc/hedgedoc:1.10.3
|
||||
environment:
|
||||
- CMD_USECDN=false
|
||||
- CMD_URL_ADDPORT=false
|
||||
- CMD_DOMAIN=$DOMAIN
|
||||
- CMD_PROTOCOL_USESSL=true
|
||||
- CMD_HSTS_ENABLE=false
|
||||
- CMD_DB_NAME=codimd
|
||||
- CMD_DB_USER=codimd
|
||||
- CMD_DB_HOST=db
|
||||
- CMD_DB_PASSWORD_FILE=/run/secrets/db_password
|
||||
- CMD_DB_URL=sqlite:/database/db.sqlite3
|
||||
- CMD_ALLOW_ANONYMOUS
|
||||
- CMD_ALLOW_ANONYMOUS_EDITS
|
||||
- CMD_ALLOW_EMAIL_REGISTER
|
||||
@ -29,15 +26,12 @@ services:
|
||||
- CMD_SESSION_LIFE
|
||||
- CMD_SESSION_SECRET_FILE=/run/secrets/session_secret
|
||||
- DOCUMENT_MAX_LENGTH
|
||||
depends_on:
|
||||
- db
|
||||
networks:
|
||||
- proxy
|
||||
- internal
|
||||
volumes:
|
||||
- codimd_uploads:/hedgedoc/public/uploads
|
||||
- codimd_database:/database
|
||||
secrets:
|
||||
- db_password
|
||||
- session_secret
|
||||
entrypoint: /docker-entrypoint.sh
|
||||
configs:
|
||||
@ -60,56 +54,24 @@ services:
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.2.1+1.10.0"
|
||||
- "coop-cloud.${STACK_NAME}.version=3.0.2+1.10.3"
|
||||
- "backupbot.backup=${ENABLE_BACKUPS:-true}"
|
||||
healthcheck:
|
||||
test: "nodejs -e \"http.get('http://localhost:3000', (res) => { console.log('status: ', res.statusCode); if (res.statusCode == 200) { process.exit(0); } else { process.exit(1); } });\""
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
start_period: 1m
|
||||
db:
|
||||
image: postgres:16.4-alpine
|
||||
environment:
|
||||
- POSTGRES_USER=codimd
|
||||
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
|
||||
- POSTGRES_DB=codimd
|
||||
volumes:
|
||||
- "postgres:/var/lib/postgresql/data"
|
||||
secrets:
|
||||
- db_password
|
||||
networks:
|
||||
- internal
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "${ENABLE_BACKUPS:-true}"
|
||||
backupbot.backup.pre-hook: "/pg_backup.sh backup"
|
||||
backupbot.backup.volumes.postgres.path: "backup.sql"
|
||||
backupbot.restore.post-hook: '/pg_backup.sh restore'
|
||||
healthcheck:
|
||||
test: "pg_isready"
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 5
|
||||
start_period: 1m
|
||||
configs:
|
||||
- source: pg_backup
|
||||
target: /pg_backup.sh
|
||||
mode: 0555
|
||||
|
||||
volumes:
|
||||
postgres:
|
||||
codimd_uploads:
|
||||
codimd_database:
|
||||
secrets:
|
||||
db_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||
session_secret:
|
||||
external: true
|
||||
name: ${STACK_NAME}_session_secret_${SECRET_SESSION_SECRET_VERSION}
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
internal:
|
||||
configs:
|
||||
config_json:
|
||||
name: ${STACK_NAME}_config_${ENTRYPOINT_CONF_VERSION}
|
||||
@ -119,6 +81,3 @@ configs:
|
||||
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_CONF_VERSION}
|
||||
file: entrypoint.sh.tmpl
|
||||
template_driver: golang
|
||||
pg_backup:
|
||||
name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
|
||||
file: pg_backup.sh
|
||||
|
||||
@ -22,7 +22,9 @@ file_env() {
|
||||
}
|
||||
|
||||
load_vars() {
|
||||
if [ -n "${CMD_DB_PASSWORD_FILE:-""}" ] ; then
|
||||
file_env "CMD_DB_PASSWORD"
|
||||
fi
|
||||
file_env "CMD_OAUTH2_CLIENT_SECRET"
|
||||
file_env "CMD_SESSION_SECRET"
|
||||
}
|
||||
@ -34,11 +36,15 @@ main() {
|
||||
mkdir -p "/hedgedoc/.npm" && \
|
||||
chown -R 10000:65534 "/hedgedoc/.npm" && \
|
||||
chmod "u+rwx" "/hedgedoc/.npm"
|
||||
|
||||
chown -R 10000:65534 /database
|
||||
}
|
||||
|
||||
main
|
||||
|
||||
export CMD_DB_URL=postgres://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME
|
||||
if [ -n "${CMD_DB_PASSWORD:-""}" ] ; then
|
||||
export CMD_DB_URL="${CMD_DB_TYPE}://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME"
|
||||
fi
|
||||
|
||||
# 3wc: `source /docker-entrypoint.sh -e` to load CMD_DB_URL for CLI scripts
|
||||
if [ ! "${1-}" == "-e" ]; then
|
||||
|
||||
5
release/1.2.2+1.10.1
Normal file
5
release/1.2.2+1.10.1
Normal file
@ -0,0 +1,5 @@
|
||||
Upgrade to fix GHSA-6w39-x2c6-6mpf
|
||||
|
||||
BREAKING CHANGE!! new secret "session_secret" added, run:
|
||||
|
||||
abra app secret generate <app_domain> session_secret v1
|
||||
1
release/1.3.0+1.10.1
Normal file
1
release/1.3.0+1.10.1
Normal file
@ -0,0 +1 @@
|
||||
This release adds SQLite support by default, if you were using PostgreSQL make sure to update the env file!
|
||||
1
release/3.0.0+1.10.1
Normal file
1
release/3.0.0+1.10.1
Normal file
@ -0,0 +1 @@
|
||||
This release switches to `pgaautoupgrade` for easier Postgresql upgrades. If you are using Postgres, please take extra care to take a backup before upgrading.
|
||||
1
release/3.0.1+1.10.3
Normal file
1
release/3.0.1+1.10.3
Normal file
@ -0,0 +1 @@
|
||||
Security upgrade for GHSA-3983-rrqh-mvx5
|
||||
1
release/3.0.2+1.10.3
Normal file
1
release/3.0.2+1.10.3
Normal file
@ -0,0 +1 @@
|
||||
CRITICAL FIX: since version 3 this recipe uses always sqlite as database. This patch fixes instances running postgres
|
||||
Loading…
x
Reference in New Issue
Block a user