Merge pull request 'Use updated docker images' (#10) from change/use-new-docker-images into main

Reviewed-on: #10
2024-03-25 18:48:20 +00:00 · 2024-03-25 18:48:20 +00:00 · 83e1c78b6a
parent e9b65d460d a707991df9
commit 83e1c78b6a
4 changed files with 54 additions and 42 deletions
--- a/.env.sample
+++ b/.env.sample
@ -2,17 +2,22 @@ TYPE=karrot
 DOMAIN=karrot.example.com
 COMPOSE_FILE="compose.yml"
 SITE_NAME=karrot dev
 SITE_LOGO=https://user-images.githubusercontent.com/31616/36565633-517373a4-1821-11e8-9948-5bf6887c667e.png
 SECRET_DB_PASSWORD_VERSION=v1
 SECRET_SECRET_KEY_VERSION=v1
 SECRET_SMTP_PASSWORD_VERSION=v1
 # account id for maxmind (for GeoIP)
 # uncomment if using maxmind account
 # make sure to add the maxmind_license_key secret too
 #COMPOSE_FILE="$COMPOSE_FILE:compose.geoip.yml"
 #MAXMIND_ACCOUNT_ID=
 SECRET_MAXMIND_LICENSE_KEY_VERSION=v1
 SITE_NAME=karrot dev
 SITE_LOGO=https://user-images.githubusercontent.com/31616/36565633-517373a4-1821-11e8-9948-5bf6887c667e.png
 FILE_UPLOAD_MAX_SIZE=10m
 # postal,smtp,console
@ -48,4 +53,4 @@ EMAIL_BACKEND=console
 SITE_URL=https://${DOMAIN}
 LETS_ENCRYPT_ENV=production
-CSRF_TRUSTED_ORIGINS=${SITE_URL}
+CSRF_TRUSTED_ORIGINS=${SITE_URL}
--- a/compose.geoip.yml
+++ b/compose.geoip.yml
@ -0,0 +1,31 @@
 version: "3.8"
 services:
  app:
    volumes:
      - "geoip_data:/var/lib/GeoIP"
      - "app_data:/app/uploads"
  worker:
    volumes:
      - "geoip_data:/var/lib/GeoIP"
  geoip:
    image: "ghcr.io/maxmind/geoipupdate:v6"
    volumes:
      - "geoip_data:/usr/share/GeoIP"
    secrets:
      - maxmind_license_key
    environment:
      - GEOIPUPDATE_EDITION_IDS=GeoLite2-City GeoLite2-Country
      - GEOIPUPDATE_ACCOUNT_ID=${MAXMIND_ACCOUNT_ID:-}
      - GEOIPUPDATE_LICENSE_KEY_FILE=/run/secrets/maxmind_license_key
      - GEOIPUPDATE_FREQUENCY=72
 secrets:
  maxmind_license_key:
    external: true
    name: ${STACK_NAME}_maxmind_license_key_${SECRET_MAXMIND_LICENSE_KEY_VERSION}
 volumes:
  geoip_data:
--- a/compose.yml
+++ b/compose.yml
@ -2,15 +2,16 @@ version: "3.8"
 services:
  web:
-    image: "ghcr.io/karrot-dev/karrot-docker-images:13.0.0-frontend"
+    image: "codeberg.org/karrot/karrot-frontend:v14.0.1"
    configs:
      - source: nginx_config
        target: /etc/nginx/conf.d/default.conf
    depends_on:
      - app
    environment:
      - DOMAIN
      - FILE_UPLOAD_MAX_SIZE
      - FILE_UPLOAD_DIR=/app/uploads/
      - CSP_CONNECT_SRC=${CSP_CONNECT_SRC:-}
      - LISTEN=80
      - BACKEND=app:8000
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost/"]
      interval: 15s
@ -21,7 +22,7 @@ services:
      - internal
      - proxy
    volumes:
-      - "app_data:/app/uploads"
+      - "app_data:/app/uploads/"
    deploy:
      update_config:
        failure_action: rollback
@ -34,27 +35,21 @@ services:
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
  app:
-    image: "ghcr.io/karrot-dev/karrot-docker-images:13.0.0-backend"
+    image: "codeberg.org/karrot/karrot-backend:v14.0.1"
    networks:
      - internal
    depends_on:
      - db
      - redis
    configs:
      - source: geoip_conf
        target: /etc/GeoIP.conf
        mode: 0555
    secrets:
      - db_password
      - secret_key
      - maxmind_license_key
      - smtp_password
      - vapid_private_key
      - livekit_api_secret
    volumes:
      - "shiv_data:/root/.shiv"
      - "geoip_data:/var/lib/GeoIP"
-      - "app_data:/app/uploads"
+      - "app_data:/app/uploads/"
    environment:
      - CSRF_TRUSTED_ORIGINS
      - DATABASE_CONN_MAX_AGE
@ -66,13 +61,13 @@ services:
      - EMAIL_BACKEND
      - EMAIL_FROM
      - EMAIL_REPLY_DOMAIN
-      - FILE_UPLOAD_DIR=/app/uploads
+      - FILE_UPLOAD_DIR=/app/uploads/
      - FILE_UPLOAD_USE_ACCEL_REDIRECT=true
      - FILE_UPLOAD_MAX_SIZE
      - FORUM_BANNER_TOPIC_ID
      - FORUM_DISCUSSIONS_FEED
      - LISTEN_HOST=0.0.0.0
      - LISTEN_SERVER=uvicorn
      - MAXMIND_ACCOUNT_ID
      - MODE=prod
      - POSTAL_API_KEY
      - POSTAL_API_URL
@ -97,6 +92,8 @@ services:
      - MEET_LIVEKIT_ENDPOINT
      - MEET_LIVEKIT_API_KEY
      - MEET_LIVEKIT_API_SECRET_FILE=/run/secrets/livekit_api_secret
      - MIGRATE=yes
    command: server
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8000/api/config/"]
      interval: 10s
@ -110,13 +107,10 @@ services:
        - "backupbot.backup.path=/app/uploads"
  worker:
-    image: "ghcr.io/karrot-dev/karrot-docker-images:13.0.0-backend"
+    image: "codeberg.org/karrot/karrot-backend:v14.0.1"
    depends_on:
      # shiv + geoip data gets loaded on the first run of the app
      # so to ensure it's available in the worker too, we need to wait
      - app
    volumes:
      - "shiv_data:/root/.shiv"
      - "geoip_data:/var/lib/GeoIP"
    networks:
      - internal
@ -136,7 +130,6 @@ services:
      - EMAIL_BACKEND
      - EMAIL_FROM
      - EMAIL_REPLY_DOMAIN
      - IS_WORKER=1
      - LISTEN_HOST=0.0.0.0
      - LISTEN_SERVER=uvicorn
      - MODE=prod
@ -162,6 +155,7 @@ services:
      - MEET_LIVEKIT_ENDPOINT
      - MEET_LIVEKIT_API_KEY
      - MEET_LIVEKIT_API_SECRET_FILE=/run/secrets/livekit_api_secret
    command: worker
  redis:
    image: "redis:6-alpine"
@ -199,17 +193,6 @@ services:
        backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/postgres-backup.sql"
        backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/postgres-backup.sql"
        backupbot.backup.path: "/var/lib/postgresql/data/"
 configs:
  nginx_config:
    name: ${STACK_NAME}_nginx_config_${NGINX_CONFIG_VERSION}
    file: nginx.conf.tmpl
    template_driver: golang
  geoip_conf:
    name: ${STACK_NAME}_geoip_conf_${GEOIP_CONFIG_VERSION}
    file: geoip.conf.tmpl
    template_driver: golang
 secrets:
  db_password:
@ -218,9 +201,6 @@ secrets:
  secret_key:
    external: true
    name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
  maxmind_license_key:
    external: true
    name: ${STACK_NAME}_maxmind_license_key_${SECRET_MAXMIND_LICENSE_KEY_VERSION}
  smtp_password:
    external: true
    name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
@ -232,7 +212,6 @@ secrets:
    name: ${STACK_NAME}_livekit_api_secret_${SECRET_LIVEKIT_API_SECRET_VERSION}
 volumes:
  shiv_data:
  geoip_data:
  app_data:
  postgres_data:
--- a/geoip.conf.tmpl
+++ b/geoip.conf.tmpl
@ -1,3 +0,0 @@
 EditionIDs GeoLite2-City GeoLite2-Country
 AccountID {{ env "MAXMIND_ACCOUNT_ID" }}
 LicenseKey {{ secret "maxmind_license_key" }}