chore: publish 3.0.2+1.10.3 release

Reviewed-on: #17
Reviewed-by: decentral1se <decentral1se@noreply.git.coopcloud.tech>

.drone.yml

@@ -18,6 +18,7 @@ steps:
       STACK_NAME: hedgedoc
       LETS_ENCRYPT_ENV: production
       SECRET_DB_PASSWORD_VERSION: v1
+      SECRET_SESSION_SECRET_VERSION: v1
       ENTRYPOINT_CONF_VERSION: v1
       PG_BACKUP_VERSION: v1
 trigger:
@@ -35,7 +36,7 @@ steps:
         from_secret: drone_abra-bot_token
       fork: true
       repositories:
-        - coop-cloud/auto-recipes-catalogue-json
+        - toolshed/auto-recipes-catalogue-json
 
 trigger:
   event: tag

.env.sample

@@ -8,10 +8,10 @@ DOMAIN=hedgedoc.example.com
 #EXTRA_DOMAINS=', `www.hedgedoc.example.com`'
 LETS_ENCRYPT_ENV=production
 
-COMPOSE_FILE="compose.yml"
-
 SECRET_SESSION_SECRET_VERSION=v1
 
+COMPOSE_FILE="compose.yml"
+
 # PostgreSQL
 
 #COMPOSE_FILE="$COMPOSE_FILE:compose.postgresql.yml"

abra.sh

@@ -1,2 +1,2 @@
-export ENTRYPOINT_CONF_VERSION=v10
+export ENTRYPOINT_CONF_VERSION=v13
 export PG_BACKUP_VERSION=v1

compose.postgresql.yml

@@ -2,7 +2,7 @@ version: "3.8"
 services:
   app:
     environment:
-      - CMD_DB_URL=
+      - CMD_DB_TYPE=postgres
       - CMD_DB_NAME=codimd
       - CMD_DB_USER=codimd
       - CMD_DB_HOST=db
@@ -14,7 +14,7 @@ services:
     secrets:
       - db_password
   db:
-    image: postgres:16.4-alpine
+    image: pgautoupgrade/pgautoupgrade:16-alpine
     environment:
       - POSTGRES_USER=codimd
       - POSTGRES_PASSWORD_FILE=/run/secrets/db_password

compose.yml

@@ -1,7 +1,7 @@
 version: "3.8"
 services:
   app:
-    image: quay.io/hedgedoc/hedgedoc:1.10.0
+    image: quay.io/hedgedoc/hedgedoc:1.10.3
     environment:
       - CMD_USECDN=false
       - CMD_URL_ADDPORT=false
@@ -54,7 +54,7 @@ services:
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
-        - "coop-cloud.${STACK_NAME}.version=1.2.1+1.10.0"
+        - "coop-cloud.${STACK_NAME}.version=3.0.2+1.10.3"
         - "backupbot.backup=${ENABLE_BACKUPS:-true}"
     healthcheck:
       test: "nodejs -e \"http.get('http://localhost:3000', (res) => { console.log('status: ', res.statusCode); if (res.statusCode == 200) { process.exit(0); } else { process.exit(1); } });\""
@@ -65,7 +65,6 @@ services:
 volumes:
   codimd_uploads:
   codimd_database:
-  
 secrets:
   session_secret:
     external: true

entrypoint.sh.tmpl

@@ -22,7 +22,9 @@ file_env() {
 }
 
 load_vars() {
-  file_env "CMD_DB_PASSWORD"
+  if [ -n "${CMD_DB_PASSWORD_FILE:-""}" ] ; then
+    file_env "CMD_DB_PASSWORD"
+  fi
   file_env "CMD_OAUTH2_CLIENT_SECRET"
   file_env "CMD_SESSION_SECRET"
 }
@@ -40,7 +42,9 @@ main() {
 
 main
 
-export CMD_DB_URL="${CMD_DB_URL:-postgres://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME}"
+if [ -n "${CMD_DB_PASSWORD:-""}" ] ; then
+  export CMD_DB_URL="${CMD_DB_TYPE}://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME"
+fi
 
 # 3wc: `source /docker-entrypoint.sh -e` to load CMD_DB_URL for CLI scripts
 if [ ! "${1-}" == "-e" ]; then

release/1.2.2+1.10.1

@@ -0,0 +1,5 @@
+Upgrade to fix GHSA-6w39-x2c6-6mpf
+
+BREAKING CHANGE!! new secret "session_secret" added, run:
+
+abra app secret generate <app_domain> session_secret v1

release/1.3.0+1.10.1

@@ -0,0 +1 @@
+This release adds SQLite support by default, if you were using PostgreSQL make sure to update the env file!

release/3.0.0+1.10.1

@@ -0,0 +1 @@
+This release switches to `pgaautoupgrade` for easier Postgresql upgrades. If you are using Postgres, please take extra care to take a backup before upgrading.

release/3.0.1+1.10.3

@@ -0,0 +1 @@
+Security upgrade for GHSA-3983-rrqh-mvx5

release/3.0.2+1.10.3

@@ -0,0 +1 @@
+CRITICAL FIX: since version 3 this recipe uses always sqlite as database. This patch fixes instances running postgres