Compare commits
24 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 690b833f89 | |||
afddeceed3
|
|||
| 828c7c1300 | |||
f0c6a3c19c
|
|||
|
94f238c4af
|
|||
|
1dfdd90845
|
|||
| 660a5fee21 | |||
| 8d23542076 | |||
| 29968706fc | |||
| 1db30e2cda | |||
| ec1735a005 | |||
| 29a7d585dc | |||
| d0191f1c49 | |||
| 58bfa65b8a | |||
| 98c0268b72 | |||
| 73c8b662d4 | |||
| 674cbd0431 | |||
| 4972af78e8 | |||
| aa2afc2270 | |||
| 6fbaeb7af0 | |||
| aa70a53ef1 | |||
| 3efbfec419 | |||
| 93e5604fcb | |||
| 917766023b |
@ -18,6 +18,7 @@ steps:
|
||||
STACK_NAME: hedgedoc
|
||||
LETS_ENCRYPT_ENV: production
|
||||
SECRET_DB_PASSWORD_VERSION: v1
|
||||
SECRET_SESSION_SECRET_VERSION: v1
|
||||
ENTRYPOINT_CONF_VERSION: v1
|
||||
PG_BACKUP_VERSION: v1
|
||||
trigger:
|
||||
@ -35,7 +36,7 @@ steps:
|
||||
from_secret: drone_abra-bot_token
|
||||
fork: true
|
||||
repositories:
|
||||
- coop-cloud/auto-recipes-catalogue-json
|
||||
- toolshed/auto-recipes-catalogue-json
|
||||
|
||||
trigger:
|
||||
event: tag
|
||||
|
||||
@ -26,6 +26,7 @@ COMPOSE_FILE="compose.yml"
|
||||
#CMD_OAUTH2_TOKEN_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/token"
|
||||
#CMD_OAUTH2_USER_PROFILE_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/userinfo"
|
||||
#CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=ocs.data.id
|
||||
#CMD_OAUTH2_USER_PROFILE_ID_ATTR=
|
||||
#CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=ocs.data.display-name
|
||||
#CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=ocs.data.email
|
||||
#CMD_OAUTH2_PROVIDERNAME=Keycloak
|
||||
|
||||
2
abra.sh
2
abra.sh
@ -1,2 +1,2 @@
|
||||
export ENTRYPOINT_CONF_VERSION=v11
|
||||
export ENTRYPOINT_CONF_VERSION=v13
|
||||
export PG_BACKUP_VERSION=v1
|
||||
|
||||
@ -13,6 +13,7 @@ services:
|
||||
- CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR
|
||||
- CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR
|
||||
- CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR
|
||||
- CMD_OAUTH2_USER_PROFILE_ID_ATTR
|
||||
- CMD_OAUTH2_SCOPE
|
||||
secrets:
|
||||
- oauth_key
|
||||
|
||||
@ -2,7 +2,7 @@ version: "3.8"
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- CMD_DB_URL=
|
||||
- CMD_DB_TYPE=postgres
|
||||
- CMD_DB_NAME=codimd
|
||||
- CMD_DB_USER=codimd
|
||||
- CMD_DB_HOST=db
|
||||
@ -14,7 +14,7 @@ services:
|
||||
secrets:
|
||||
- db_password
|
||||
db:
|
||||
image: postgres:16.4-alpine
|
||||
image: pgautoupgrade/pgautoupgrade:16-alpine
|
||||
environment:
|
||||
- POSTGRES_USER=codimd
|
||||
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
app:
|
||||
image: quay.io/hedgedoc/hedgedoc:1.10.0
|
||||
image: quay.io/hedgedoc/hedgedoc:1.10.3
|
||||
environment:
|
||||
- CMD_USECDN=false
|
||||
- CMD_URL_ADDPORT=false
|
||||
@ -51,10 +51,10 @@ services:
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.3.1+1.10.0"
|
||||
- "coop-cloud.${STACK_NAME}.version=3.0.2+1.10.3"
|
||||
- "backupbot.backup=${ENABLE_BACKUPS:-true}"
|
||||
healthcheck:
|
||||
test: "nodejs -e \"http.get('http://localhost:3000', (res) => { console.log('status: ', res.statusCode); if (res.statusCode == 200) { process.exit(0); } else { process.exit(1); } });\""
|
||||
|
||||
@ -22,7 +22,9 @@ file_env() {
|
||||
}
|
||||
|
||||
load_vars() {
|
||||
file_env "CMD_DB_PASSWORD"
|
||||
if [ -n "${CMD_DB_PASSWORD_FILE:-""}" ] ; then
|
||||
file_env "CMD_DB_PASSWORD"
|
||||
fi
|
||||
file_env "CMD_OAUTH2_CLIENT_SECRET"
|
||||
file_env "CMD_SESSION_SECRET"
|
||||
}
|
||||
@ -40,7 +42,9 @@ main() {
|
||||
|
||||
main
|
||||
|
||||
export CMD_DB_URL="${CMD_DB_URL:-postgres://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME}"
|
||||
if [ -n "${CMD_DB_PASSWORD:-""}" ] ; then
|
||||
export CMD_DB_URL="${CMD_DB_TYPE}://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME"
|
||||
fi
|
||||
|
||||
# 3wc: `source /docker-entrypoint.sh -e` to load CMD_DB_URL for CLI scripts
|
||||
if [ ! "${1-}" == "-e" ]; then
|
||||
|
||||
5
release/1.2.2+1.10.1
Normal file
5
release/1.2.2+1.10.1
Normal file
@ -0,0 +1,5 @@
|
||||
Upgrade to fix GHSA-6w39-x2c6-6mpf
|
||||
|
||||
BREAKING CHANGE!! new secret "session_secret" added, run:
|
||||
|
||||
abra app secret generate <app_domain> session_secret v1
|
||||
1
release/1.3.0+1.10.1
Normal file
1
release/1.3.0+1.10.1
Normal file
@ -0,0 +1 @@
|
||||
This release adds SQLite support by default, if you were using PostgreSQL make sure to update the env file!
|
||||
@ -1 +0,0 @@
|
||||
holu
|
||||
1
release/3.0.0+1.10.1
Normal file
1
release/3.0.0+1.10.1
Normal file
@ -0,0 +1 @@
|
||||
This release switches to `pgaautoupgrade` for easier Postgresql upgrades. If you are using Postgres, please take extra care to take a backup before upgrading.
|
||||
1
release/3.0.1+1.10.3
Normal file
1
release/3.0.1+1.10.3
Normal file
@ -0,0 +1 @@
|
||||
Security upgrade for GHSA-3983-rrqh-mvx5
|
||||
1
release/3.0.2+1.10.3
Normal file
1
release/3.0.2+1.10.3
Normal file
@ -0,0 +1 @@
|
||||
CRITICAL FIX: since version 3 this recipe uses always sqlite as database. This patch fixes instances running postgres
|
||||
Reference in New Issue
Block a user