chore: publish 1.2.1+1.10.0 release

fix drone runner
update backupbot label
2024-10-25 21:04:02 +02:00 · 2024-10-24 13:31:31 +02:00 · 2024-10-24 13:22:27 +02:00 · 2024-10-01 13:12:13 +02:00 · 2024-07-16 17:32:26 +02:00 · 2024-07-16 17:31:57 +02:00
9 changed files with 107 additions and 53 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -19,6 +19,7 @@ steps:
      LETS_ENCRYPT_ENV: production
      SECRET_DB_PASSWORD_VERSION: v1
      ENTRYPOINT_CONF_VERSION: v1
      PG_BACKUP_VERSION: v1
 trigger:
  branch:
    - main
--- a/.env.sample
+++ b/.env.sample
@ -1,6 +1,7 @@
 TYPE=hedgedoc
 TIMEOUT=300
 ENABLE_AUTO_UPDATE=true
 ENABLE_BACKUPS=true
 DOMAIN=hedgedoc.example.com
 ## Domain aliases
--- a/README.md
+++ b/README.md
@ -25,8 +25,8 @@
 5. `abra app deploy YOURAPPDOMAIN`
 6. Create initial user:
 	```
-	abra app YOURAPPDOMAIN run app bash
+	abra app run YOURAPPDOMAIN app bash
-	. /docker-entrypoint2.sh -e
+	. /docker-entrypoint.sh -e
 	bin/manage_users
 [hedegedoc]: https://github.com/hedgedoc/hedgedoc
--- a/abra.sh
+++ b/abra.sh
@ -1,13 +1,2 @@
-export ENTRYPOINT_CONF_VERSION=v8
+export ENTRYPOINT_CONF_VERSION=v9
-
+export PG_BACKUP_VERSION=v1
 abra_backup_app() {
  _abra_backup_dir "app:/home/hackmd/app/public/uploads/"
 }
 abra_backup_db() {
  _abra_backup_postgres "db" "codimd" "codimd" "db_password"
 }
 abra_backup() {
  abra_backup_app && abra_backup_db
 }
--- a/alaconnect.yml
+++ b/alaconnect.yml
@ -0,0 +1,15 @@
 authentik:
    env:
        CMD_OAUTH2_USER_PROFILE_URL: https://authentik.example.com/application/o/userinfo/
        CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: preferred_username
        CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: name
        CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: email
        CMD_OAUTH2_TOKEN_URL: https://authentik.example.com/application/o/token/
        CMD_OAUTH2_AUTHORIZATION_URL: https://authentik.example.com/application/o/authorize/
        CMD_OAUTH2_CLIENT_ID: hedgedoc
        CMD_OAUTH2_PROVIDERNAME: Authentik
    uncomment: 
        - compose.oauth.yml
        - SECRET_OAUTH_KEY_VERSION
    shared_secrets:
        hedgedoc_secret: oauth_key
--- a/compose.yml
+++ b/compose.yml
@ -1,7 +1,7 @@
 version: "3.8"
 services:
  app:
-    image: quay.io/hedgedoc/hedgedoc:1.9.9
+    image: quay.io/hedgedoc/hedgedoc:1.10.0
    environment:
      - CMD_USECDN=false
      - CMD_URL_ADDPORT=false
@ -43,7 +43,6 @@ services:
        mode: 0555
      - source: config_json
        target: /files/config.json
        mode: 0555
    deploy:
      restart_policy:
        condition: on-failure
@ -58,7 +57,7 @@ services:
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
-        - "coop-cloud.${STACK_NAME}.version=1.0.1+1.9.9"
+        - "coop-cloud.${STACK_NAME}.version=1.2.1+1.10.0"
    healthcheck:
      test: "nodejs -e \"http.get('http://localhost:3000', (res) => { console.log('status: ', res.statusCode); if (res.statusCode == 200) { process.exit(0); } else { process.exit(1); } });\""
      interval: 30s
@ -66,7 +65,7 @@ services:
      retries: 10
      start_period: 1m
  db:
-    image: postgres:16.1-alpine
+    image: postgres:16.4-alpine
    environment:
      - POSTGRES_USER=codimd
      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
@ -79,12 +78,21 @@ services:
      - internal
    deploy:
      labels:
-          backupbot.backup: "true"
+        backupbot.backup: "${ENABLE_BACKUPS:-true}"
-          backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
+        backupbot.backup.pre-hook: "/pg_backup.sh backup"
-          backupbot.backup.post-hook: "rm -f /var/lib/postgresql/data/backup.sql"
+        backupbot.backup.volumes.postgres.path: "backup.sql"
-          backupbot.backup.path: "/var/lib/postgresql/data/backup.sql"
+        backupbot.restore.post-hook: '/pg_backup.sh restore'
-          backupbot.restore: "true"
+    healthcheck:
-          backupbot.restore.post-hook: "sh -c 'psql -U $${POSTGRES_USER} -d $${POSTGRES_DB} < /var/lib/postgresql/data/backup.sql && rm -f /var/lib/postgresql/data/backup.sql'"
+      test: "pg_isready"
      interval: 30s
      timeout: 10s
      retries: 5
      start_period: 1m
    configs:
        - source: pg_backup
          target: /pg_backup.sh
          mode: 0555
 volumes:
  postgres:
  codimd_uploads:
@ -105,3 +113,6 @@ configs:
    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_CONF_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang
  pg_backup:
    name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
    file: pg_backup.sh
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -30,14 +30,16 @@ main() {
  set -eu
  load_vars
-  mkdir "/hedgedoc/.npm" && chown -R 10000:65534 "/hedgedoc/.npm" && chmod "u+rwx" "/hedgedoc/.npm"
+  mkdir -p "/hedgedoc/.npm" && \
    chown -R 10000:65534 "/hedgedoc/.npm" && \
    chmod "u+rwx" "/hedgedoc/.npm"
 }
 main
 export CMD_DB_URL=postgres://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME
-# 3wc: `source /docker-entrypoint2.sh -e` to load CMD_DB_URL for CLI scripts
+# 3wc: `source /docker-entrypoint.sh -e` to load CMD_DB_URL for CLI scripts
 if [ ! "${1-}" == "-e" ]; then
  # 3wc: upstream ENTRYPOINT
  # https://github.com/hedgedoc/container/blob/master/alpine/Dockerfile
--- a/pg_backup.sh
+++ b/pg_backup.sh
@ -0,0 +1,34 @@
 #!/bin/bash
 set -e
 BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
 function backup {
  export PGPASSWORD=$(cat /run/secrets/db_password)
  pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE
 }
 function restore {
    cd /var/lib/postgresql/data/
    restore_config(){
        # Restore allowed connections
        cat pg_hba.conf.bak > pg_hba.conf
        su postgres -c 'pg_ctl reload'
    }
    # Don't allow any other connections than local
    cp pg_hba.conf pg_hba.conf.bak
    echo "local all all trust" > pg_hba.conf
    su postgres -c 'pg_ctl reload'
    trap restore_config EXIT INT TERM
    # Recreate Database
    psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);" 
    createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
    psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
    trap - EXIT INT TERM
    restore_config
 }
 $@
--- a/release/1.2.0+1.10.0
+++ b/release/1.2.0+1.10.0
@ -0,0 +1 @@
 Fixes security issue: https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-pjf2-269h-cx7p
Author	SHA1	Message	Date
Moritz	635eee710b	chore: publish 1.2.1+1.10.0 release All checks were successful continuous-integration/drone/tag Build is passing Details continuous-integration/drone/push Build is passing Details	2024-10-25 21:04:02 +02:00
Moritz	49f06173e9	fix drone runner All checks were successful continuous-integration/drone/push Build is passing Details	2024-10-24 13:31:31 +02:00
Moritz	9194256835	update backupbot label Some checks failed continuous-integration/drone/push Build is failing Details	2024-10-24 13:22:27 +02:00
Moritz	081f2139fa	chore: publish 1.2.0+1.10.0 release All checks were successful continuous-integration/drone/push Build is passing Details	2024-10-01 13:12:13 +02:00
Moritz	6f15d5f2c7	chore: publish 1.1.0+1.9.9 release All checks were successful continuous-integration/drone/push Build is passing Details	2024-07-16 17:32:26 +02:00
Moritz	8bc03406a1	Remove legacy backup configuration by @wolcen	2024-07-16 17:31:57 +02:00
Moritz	bc8996f558	Correct README re: configuring users by @wolcen	2024-07-16 17:31:20 +02:00
Moritz	fcf5bade21	Add basic health check for db container by @wolcen	2024-07-16 17:29:45 +02:00
Moritz	3fc480b82b	Remove unnecessary mode assignment for config.json @wolcen	2024-07-16 17:29:45 +02:00
Moritz	f71534e396	fix indentation for backupbot labels	2024-07-16 17:29:45 +02:00
moritz	5e815e63a5	Merge pull request 'fix: use new uploads path' (#12 ) from fix-uploads-volume into main All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #12	2024-07-16 14:52:03 +00:00
moritz	ec98bab9d5	Merge pull request 'Pass `-p` also in entrypoint' (#14 ) from entrypoint-fix into main All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #14	2024-07-16 14:49:28 +00:00
Moritz	65ec56ac08	add alakazam integration file alaconnect.yml All checks were successful continuous-integration/drone/push Build is passing Details	2024-05-13 17:41:59 +02:00
decentral1se	1ed15423c3	fix: pass "-p" and use new lines Some checks failed continuous-integration/drone/pr Build is failing Details Closes #13	2024-04-28 17:57:38 +02:00
decentral1se	0443ffc984	chore: remove tabs	2024-04-28 17:55:55 +02:00
		`@ -0,0 +1 @@`
							`Fixes security issue: https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-pjf2-269h-cx7p`