chore: publish 1.0.0+v4.7.0 release

Reviewed-on: #3

.env.sample

@@ -2,50 +2,36 @@ TYPE=liberaforms
 DOMAIN=liberaforms.example.com
 LETS_ENCRYPT_ENV=production
 
-#==============================================================================
-# SECRETS
-#==============================================================================
+# Secrets
 SECRET_SECRET_KEY_VERSION=v1
 SECRET_DB_PASSWORD_VERSION=v1
 CRYPTO_KEY_VERSION=v1 # This secret is managed in the entrypoint, not as a docker secret
 
-#==============================================================================
-# ADMINISTRATION
-#==============================================================================
+# Administration
 ADMIN_USER='you@example.com'
 DEFAULT_LANGUAGE='en'
 DEFAULT_TIMEZONE="America/New_York"
 ENABLE_RSS_FEED=True
 
-#==============================================================================
-# SECURITY
-#==============================================================================
+# Security
 E2EE_MODE=ENABLED_BY_DEFAULT
 TOKEN_EXPIRATION=604800  # 7 days in seconds
 
-#==============================================================================
-# FILE UPLOADS
-#==============================================================================
+# File Uploads
 ENABLE_UPLOADS=True
 TOTAL_UPLOADS_LIMIT="1 GB"
 DEFAULT_USER_UPLOADS_LIMIT="50 MB"
 MAX_MEDIA_SIZE=512000      # 500 KB
 MAX_ATTACHMENT_SIZE=1572864  # 1.5 MB
 
-#==============================================================================
-# PERFORMANCE & MONITORING
-#==============================================================================
+# Performance and Monitoring
 ENABLE_PROMETHEUS_METRICS=False
 #GUNICORN_WORKERS=        # Default: 3 
 
-#==============================================================================
-# NOTIFICATIONS
-#==============================================================================
+# Email notifications
 #ALERT_MAILS=["your_email_address", "another_email_address"]
 
-#==============================================================================
 # LDAP
-#==============================================================================
 #LDAP_SERVER=ldap://localhost
 #LDAP_BIND_ACCOUNT="cn=nobody,dc=example,dc=com"
 #LDAP_USER_DN_LIST=["uid=%uid,ou=users,o=company,dc=example,dc=com"]

README.md

@@ -5,7 +5,7 @@
 <!-- metadata -->
 
 - **Category**: Apps
-- **Status**: wip
+- **Status**: 2
 - **Image**: [`liberaforms`](https://fung.uy/mycosystems/-/packages/container/liberaforms/), 1
 - **Healthcheck**: Yes
 - **Backups**: Yes
@@ -19,14 +19,14 @@
 
 - `abra app new liberaforms`
 - Generate secrets 
-    - `abra app secret g <domain-name> secret_key v1`
-    - `abra app secret g <domain-name> db_password v1`
-- Set an admin email address `abra app config <domain-name>`
-- `abra app deploy <domain-name>`
-- Create tables `abra app cmd <domain-name> forms setup_db` more info in [liberaforms docs](https://codeberg.org/LiberaForms/server/src/branch/main/docs/docker.md#create-the-database)
-- Generate keypair used to sign form entries/uploads `abra app cmd <domain-name> forms gen_key`
-- Insert the key `abra app secret i forms.fung.uy crypto_key v1 <key>`
-- Re-deploy
+    - `abra app secret g <domain-name> --all`
+- Set an admin email address 
+    - `abra app config <domain-name>`
+- Deploy
+    - `abra app deploy <domain-name>`
+- Create tables 
+    - `abra app cmd <domain-name> app setup_db` 
+> more info in [liberaforms docs](https://codeberg.org/LiberaForms/server/src/branch/main/docs/docker.md#create-the-database)
 
 ## Admin account setup
 

compose.yml

@@ -4,36 +4,7 @@ version: "3.8"
 services:
 
   app:
-    image: nginx:stable
-    networks:
-      - internal
-      - proxy
-    volumes:
-      - uploads:/liberaforms/uploads:ro
-      - static:/liberaforms/static:ro
-    configs:
-      - source: nginx_conf
-        mode: 555
-        target: /etc/nginx/conf.d/default.conf
-    deploy:
-      restart_policy:
-        condition: on-failure
-      labels:
-        - "traefik.enable=true"
-        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
-        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
-        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
-        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "coop-cloud.${STACK_NAME}.version=wip"
-    healthcheck:
-      test: [ "CMD", "curl", "-f", "http://localhost" ]
-      interval: 30s
-      timeout: 10s
-      retries: 10
-      start_period: 1m
-
-  forms:
-    image: fung.uy/mycosystems/liberaforms:v4.6.1
+    image: fung.uy/mycosystems/liberaforms:v4.7.0
     configs:
       - source: entrypoint
         mode: 555
@@ -88,10 +59,11 @@ services:
       - CRYPTO_KEY_VERSION
     deploy:
       labels:
-        backupbot.backup: "true"
-        backupbot.backup.volumes.uploads: "true"
-        backupbot.backup.volumes.log: "false"
-        backupbot.backup.volumes.static: "false"
+        - "coop-cloud.${STACK_NAME}.version=1.0.0+v4.7.0"
+        - "backupbot.backup=true"
+        - "backupbot.backup.volumes.uploads=true"
+        - "backupbot.backup.volumes.log=false"
+        - "backupbot.backup.volumes.static=false"
     volumes:
       - uploads:/app/uploads
       - log:/app/logs
@@ -103,6 +75,34 @@ services:
     networks:
       - internal
 
+  proxy:
+    image: nginx:stable
+    networks:
+      - internal
+      - proxy
+    volumes:
+      - uploads:/liberaforms/uploads:ro
+      - static:/liberaforms/static:ro
+    configs:
+      - source: nginx_conf
+        mode: 555
+        target: /etc/nginx/conf.d/default.conf
+    deploy:
+      restart_policy:
+        condition: on-failure
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+    healthcheck:
+      test: [ "CMD", "curl", "-f", "http://localhost" ]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 1m
+
   db:
     image: postgres:17
     configs:
@@ -122,7 +122,7 @@ services:
       labels:
         backupbot.backup.pre-hook: "/pg_backup.sh backup"
         backupbot.backup.volumes.db.path: "backup.sql"
-        backupbot.restore.post-hook: '/pg_backup.sh restore'
+        backupbot.restore.post-hook: "/pg_backup.sh restore"
     volumes:
       - db:/var/lib/postgresql/data
     secrets:
@@ -161,4 +161,4 @@ configs:
     file: nginx.conf
   pg_backup:
     name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
-    file: pg_backup.sh
+    file: pg_backup.sh

nginx.conf

@@ -2,12 +2,16 @@ server {
     listen         80;
     server_name    localhost;
     
+    resolver 127.0.0.11 valid=10s;
+
     client_max_body_size 2m;
     
     add_header Referrer-Policy "origin-when-cross-origin";
     add_header X-Content-Type-Options nosniff;
 
     location / {
+        set $upstream_app http://app:5000;
+        
         location /static/ {
             alias  /liberaforms/static/;
         }
@@ -23,7 +27,7 @@ server {
         location /metrics {
             return 404;
         }
-        proxy_pass          http://forms:5000;
+        proxy_pass          $upstream_app;
         proxy_set_header    Host    $host;
         proxy_set_header    X-Forwarded-For $remote_addr;
         proxy_set_header    X-Real-IP   $remote_addr;

release/1.0.0+v4.7.0

@@ -0,0 +1 @@
+Some release testing has been conducted but this latest version changes the compose layout, please take a backup before proceeding.

renovate.json

@@ -0,0 +1,6 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended"
+  ]
+}