Re-add SECRET_SESSION_SECRET_VERSION..

..which I accidentally removed while rebasing

.drone.yml

@@ -18,7 +18,6 @@ steps:
       STACK_NAME: hedgedoc
       LETS_ENCRYPT_ENV: production
       SECRET_DB_PASSWORD_VERSION: v1
-      SECRET_SESSION_SECRET_VERSION: v1
       ENTRYPOINT_CONF_VERSION: v1
       PG_BACKUP_VERSION: v1
 trigger:
@@ -36,7 +35,7 @@ steps:
         from_secret: drone_abra-bot_token
       fork: true
       repositories:
-        - toolshed/auto-recipes-catalogue-json
+        - coop-cloud/auto-recipes-catalogue-json
 
 trigger:
   event: tag

.env.sample

@@ -8,10 +8,10 @@ DOMAIN=hedgedoc.example.com
 #EXTRA_DOMAINS=', `www.hedgedoc.example.com`'
 LETS_ENCRYPT_ENV=production
 
-SECRET_SESSION_SECRET_VERSION=v1
-
 COMPOSE_FILE="compose.yml"
 
+SECRET_SESSION_SECRET_VERSION=v1
+
 # PostgreSQL
 
 #COMPOSE_FILE="$COMPOSE_FILE:compose.postgresql.yml"

abra.sh

@@ -1,2 +1,2 @@
-export ENTRYPOINT_CONF_VERSION=v13
+export ENTRYPOINT_CONF_VERSION=v10
 export PG_BACKUP_VERSION=v1

compose.postgresql.yml

@@ -2,7 +2,7 @@ version: "3.8"
 services:
   app:
     environment:
-      - CMD_DB_TYPE=postgres
+      - CMD_DB_URL=
       - CMD_DB_NAME=codimd
       - CMD_DB_USER=codimd
       - CMD_DB_HOST=db
@@ -14,7 +14,7 @@ services:
     secrets:
       - db_password
   db:
-    image: pgautoupgrade/pgautoupgrade:16-alpine
+    image: postgres:16.4-alpine
     environment:
       - POSTGRES_USER=codimd
       - POSTGRES_PASSWORD_FILE=/run/secrets/db_password

compose.yml

@@ -1,7 +1,7 @@
 version: "3.8"
 services:
   app:
-    image: quay.io/hedgedoc/hedgedoc:1.10.3
+    image: quay.io/hedgedoc/hedgedoc:1.10.0
     environment:
       - CMD_USECDN=false
       - CMD_URL_ADDPORT=false
@@ -54,7 +54,7 @@ services:
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
-        - "coop-cloud.${STACK_NAME}.version=3.0.2+1.10.3"
+        - "coop-cloud.${STACK_NAME}.version=1.2.1+1.10.0"
         - "backupbot.backup=${ENABLE_BACKUPS:-true}"
     healthcheck:
       test: "nodejs -e \"http.get('http://localhost:3000', (res) => { console.log('status: ', res.statusCode); if (res.statusCode == 200) { process.exit(0); } else { process.exit(1); } });\""
@@ -65,6 +65,7 @@ services:
 volumes:
   codimd_uploads:
   codimd_database:
+  
 secrets:
   session_secret:
     external: true

entrypoint.sh.tmpl

@@ -22,9 +22,7 @@ file_env() {
 }
 
 load_vars() {
-  if [ -n "${CMD_DB_PASSWORD_FILE:-""}" ] ; then
+  file_env "CMD_DB_PASSWORD"
-    file_env "CMD_DB_PASSWORD"
-  fi
   file_env "CMD_OAUTH2_CLIENT_SECRET"
   file_env "CMD_SESSION_SECRET"
 }
@@ -42,9 +40,7 @@ main() {
 
 main
 
-if [ -n "${CMD_DB_PASSWORD:-""}" ] ; then
+export CMD_DB_URL="${CMD_DB_URL:-postgres://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME}"
-  export CMD_DB_URL="${CMD_DB_TYPE}://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME"
-fi
 
 # 3wc: `source /docker-entrypoint.sh -e` to load CMD_DB_URL for CLI scripts
 if [ ! "${1-}" == "-e" ]; then

release/1.2.2+1.10.1

@@ -1,5 +0,0 @@
-Upgrade to fix GHSA-6w39-x2c6-6mpf
-
-BREAKING CHANGE!! new secret "session_secret" added, run:
-
-abra app secret generate <app_domain> session_secret v1

release/1.3.0+1.10.1

@@ -1 +0,0 @@
-This release adds SQLite support by default, if you were using PostgreSQL make sure to update the env file!

release/3.0.0+1.10.1

@@ -1 +0,0 @@
-This release switches to `pgaautoupgrade` for easier Postgresql upgrades. If you are using Postgres, please take extra care to take a backup before upgrading.

release/3.0.1+1.10.3

@@ -1 +0,0 @@
-Security upgrade for GHSA-3983-rrqh-mvx5

release/3.0.2+1.10.3

@@ -1 +0,0 @@
-CRITICAL FIX: since version 3 this recipe uses always sqlite as database. This patch fixes instances running postgres