Improve maintenance import-data script

Reviewed-on: #22

.drone.yml

@@ -22,6 +22,7 @@ steps:
       SECRET_SECRET_COOKIE_TOKEN_VERSION: v1
       SECRET_DB_PASSWORD_VERSION: v1
       SECRET_SMTP_PASSWORD_VERSION: v1
+      SECRET_OAUTH_APP_SECRET_VERSION: v1
 trigger:
   branch:
     - main

.env.sample

@@ -90,3 +90,17 @@ SECRET_DB_PASSWORD_VERSION=v1
 # THEME_ACCENT_COLOR=rgb(0,188,212)
 # THEME_TEXT_ON_PRIMARY_COLOR=rgb(255,255,255)
 # THEME_TEXT_ON_ACCENT_COLOR=rgb(255,255,255)
+
+# env variables needed to enable OAuth2 authentication  
+# COMPOSE_FILE="$COMPOSE_FILE:compose.oauth.yml"
+# OAUTH_ENABLED=1
+# OAUTH_AUTH_URL=
+# OAUTH_TOKEN_URL=
+# OAUTH_PROFILE_URL=
+# OAUTH_SCOPE=
+# OAUTH_APP_KEY=
+# OAUTH_ATTR_UID=
+# OAUTH_ATTR_NAME=
+# OAUTH_ATTR_EMAIL=
+# OAUTH_LOGIN_PROVIDER_NAME=
+# SECRET_OAUTH_APP_SECRET_VERSION=v1

.gitea/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,16 @@
+---
+name: "Loomio pull request template"
+about: "Loomio pull request template"
+---
+
+<!-- 
+Thank you for doing recipe maintenance work!
+Please mark all checklist items which are relevant for your changes.
+Please remove the checklist items which are not relevant for your changes.
+Feel free to remove this comment.
+-->
+
+* [ ] I have deployed and tested my changes
+* [ ] I have [updated relevant versions in `abra.sh`](https://docs.coopcloud.tech/maintainers/upgrade/#updating-versions-in-the-abrash)
+* [ ] I have made my environment variable changes [backwards compatible](https://docs.coopcloud.tech/maintainers/upgrade/#backwards-compatible-environment-variable-changes)
+* [ ] I have added a [release note entry](https://docs.coopcloud.tech/maintainers/upgrade/#creating-new-release-notes)

MAINTENANCE.md

@@ -0,0 +1,97 @@
+# Loomio Recipe Maintenance
+
+All contributions should be made via a pull request. This is to ensure a
+certain quality and consistency, that others can rely on.
+
+## Maintainer Responsibilities
+
+A recipe maintainer has the following responsibilities:
+
+- Respond to pull requests / issues within a week
+- Make image security updates within a day
+- Make image patch / minor updates within a week
+- Make image major updates within a month
+
+In order to fullfill these responsibilities a recipe maintainer:
+
+- Has to watch the repository (to get notifications)
+- Needs to make sure renovate is configured properly
+
+## Pull Requests
+
+A pull request can be merged if it is approved by at least one maintainer. For
+pull requests opened by a maintainer they need to be approved by another
+maintainer. Even though it is okay to merge a pull request with one approval, it
+is always better if all maintainers looked at the pull request and approved it.
+
+## Become a maintainer
+
+Everyone can apply to be a recipe maintainer:
+1. Watch the repository to always get updates
+2. Simply add your self to the list in the [README.md](./README.md) and open a new pull request with the change.
+3. Once the pull request gets merged you will be added to the [loomio maintainers team](https://git.coopcloud.tech/org/coop-cloud/teams/loomio-maintainers).
+
+# Testing Loomio Changes
+
+As a maintainer, it is helpful to have a dev environment to test changes. One can easily be created in the usual way with `abra app new loomio`, but to test changes and upgrades it's good to have a database with a bunch of test data.
+
+## Populating with test data
+
+You can either make some artificial test data, or import test data from an existing Loomio instance. https://help.loomio.com/en/user_manual/groups/data_export/index.html is super helpful here. Here's a summary:
+
+1. Export existing data from a running instance by having an admin go to a group and click [the "Export group data" settings option](https://help.loomio.com/en/user_manual/groups/data_export/index.html#export-data)
+
+2. Fully deploy a clean test instance of Loomio. Note: importing might not work well on a database that has data in it, so you might want to wipe your test instance when doing an import, if it already has data in it
+
+3. Copy the json into the Loomio `app` container by doing
+
+```shell
+[local] $ scp loomio-testdata.json username@your-domain.org:loomio-deploy/import/
+[local] $ ssh username@your-domain.org
+[your-domain.org] $ docker ps | grep loomio | grep app  # note down the loomio app container id
+[your-domain.org] $ sudo docker cp ~/loomio-deploy/import/loomio-testdata.json <loomio-app-container-id>:/import/loomio-testdata.json
+```
+
+4. Set up your rails tools
+
+```shell
+[your-domain.org] $ docker exec -it <loomio-app-container-id> bash
+[loomio] $ DB_PASS="$(cat /run/secrets/db_password)"
+[loomio] $ echo "production:
+  adapter: postgresql
+  host: db
+  database: loomio_production
+  username: postgres
+  password: ${DB_PASS}
+  port: 5432" > config/database.yml
+
+[loomio] $ cd /loomio && RAILS_ENV=production EDITOR=vi bundle exec rails credentials:edit
+```
+
+5. Process the Loomio test data export, to get it into your dev instance's database:
+
+```shell
+[loomio] $ rails console
+
+[loomio][rails] > GroupExportService.import('/import/loomio-testdata.json')
+```
+
+## Manipulating the loomio db
+
+If you want to drop your loomio db(!!), you can do so by logging in to the `db` container:
+
+```shell
+[your-domain.org] $ docker ps | grep loomio | grep _db  # find your loomio _db_ container id
+[your-domain.org] $ docker exec -it <loomio-db-container-id> bash
+[loomio-db] # su postgres
+[loomio-db] $ dropdb loomio_production
+[loomio-db] $ createdb loomio_production
+```
+
+From here, you can do something like recreate it, from the app container:
+
+```shell
+[your-domain.org] $ docker ps | grep loomio | grep app  # find your loomio app container id
+[your-domain.org] $ docker exec -it <loomio-app-container-id> bash
+[loomio-app] $ rake db:setup  # you may have to run through step 4 from earlier
+```

README.md

@@ -3,6 +3,7 @@
 "Loomio is a collaborative decision-making tool that makes it easy for anyone to participate in decisions which affect them. To find out more, visit Loomio.org."
 
 <!-- metadata -->
+* **Maintainer**: [@jmakdah2](https://git.coopcloud.tech/jmakdah2) and [@moosemower](https://git.coopcloud.tech/moosemower)
 * **Category**: Apps
 * **Status**: 3, work-in-progress
 * **Image**: [`loomio/*`](https://hub.docker.com/r/loomio), 4, upstream
@@ -21,6 +22,7 @@
 * `abra app deploy <app-name>`
 * Open the configured domain in your browser to create your user account (only works in case mail is configured correctly)
 * Give yourself admin rights by running `abra app cmd <app-name> app make_last_user_admin`
+* Deploy [swarm-cronjob](https://recipes.coopcloud.tech/swarm-cronjob) on your server if it is not running yet. This is needed for loomios cron container to be started to do hourly chores.
 
 ## Migration guide
 

abra.sh

@@ -1,4 +1,4 @@
-export LOOMIO_ENTRYPOINT_VERSION=v6
+export LOOMIO_ENTRYPOINT_VERSION=v8
 
 # cannot be integrated into entrypoint.sh as it requires the operator to create a user first
 function make_last_user_admin()
@@ -13,4 +13,4 @@ function set_new_db_password()
     echo "setting new password for db user..."
 	psql -U $POSTGRES_USER -c "ALTER USER $POSTGRES_USER PASSWORD '$(cat /run/secrets/db_password)';"
     echo "done"
-}
+}

compose.oauth.yml

@@ -0,0 +1,31 @@
+version: "3.8"
+
+x-oauth-env: &oauth-env
+  OAUTH_AUTH_URL:
+  OAUTH_TOKEN_URL:
+  OAUTH_PROFILE_URL:
+  OAUTH_SCOPE:
+  OAUTH_APP_KEY:
+  OAUTH_APP_SECRET_FILE: /run/secrets/oauth_app_secret
+  OAUTH_ATTR_UID:
+  OAUTH_ATTR_NAME:
+  OAUTH_ATTR_EMAIL:
+  OAUTH_LOGIN_PROVIDER_NAME:
+  OAUTH_ENABLED: 
+
+services:
+  app:
+    environment: 
+      *oauth-env
+    secrets:
+      - oauth_app_secret
+  worker:
+    environment: 
+      *oauth-env
+    secrets:
+      - oauth_app_secret
+
+secrets:
+  oauth_app_secret:
+    name: ${STACK_NAME}_oauth_app_secret_${SECRET_OAUTH_APP_SECRET_VERSION}
+    external: true

compose.yml

@@ -10,8 +10,7 @@ x-redis-env: &redis-env
   REDIS_URL: redis://redis:6379
 
 x-environment: &default-env
-  <<: *db-env
-  <<: *redis-env
+  <<: [*db-env, *redis-env]
   CANONICAL_HOST: ${DOMAIN}
   VIRTUAL_HOST: ${DOMAIN}
   CHANNELS_URI: wss://channels.${DOMAIN}
@@ -33,7 +32,7 @@ x-environment: &default-env
 
 services:
   app:
-    image: loomio/loomio:v2.25.3
+    image: loomio/loomio:v3.0.20
     configs:
       - source: entrypoint
         target: /entrypoint.sh
@@ -71,10 +70,16 @@ services:
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "coop-cloud.${STACK_NAME}.version=4.0.0+v2.25.3"
+        - "coop-cloud.${STACK_NAME}.version=5.2.0+v3.0.20"
         - "backupbot.backup:=${ENABLE_BACKUPS:-true}"
+        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}"
+        - "traefik.http.middlewares.${STACK_NAME}.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
+        - "traefik.http.middlewares.${STACK_NAME}.headers.accesscontrolallowheaders=*"
+        - "traefik.http.middlewares.${STACK_NAME}.headers.accessControlAllowOriginList=https://*.${DOMAIN}"
+        - "traefik.http.middlewares.${STACK_NAME}.headers.accesscontrolmaxage=100"
+        - "traefik.http.middlewares.${STACK_NAME}.headers.addvaryheader=true"
   worker:
-    image: loomio/loomio:v2.25.3
+    image: loomio/loomio:v3.0.0
     configs:
       - source: entrypoint
         target: /entrypoint.sh
@@ -117,7 +122,7 @@ services:
         backupbot.restore: "true"
         backupbot.restore.post-hook: sh -c 'gzip -d /postgres.dump.gz && pg_restore --clean -U "$$POSTGRES_USER" --dbname="$$POSTGRES_DB" < /postgres.dump && rm -f /postgres.dump'
   redis:
-    image: redis:5.0
+    image: redis:8.0
     networks:
       - backend
     healthcheck:
@@ -134,12 +139,25 @@ services:
     image: loomio/loomio_channel_server
     networks:
       - backend
+      - proxy
     depends_on:
       - redis
     environment:
       <<: *redis-env
+      VIRTUAL_HOST: channels.${DOMAIN}
+      APP_URL: ${DOMAIN}
+    deploy:
+      labels:
+        - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
+        - "traefik.http.routers.channels${STACK_NAME}.rule=Host(`channels.${DOMAIN}`)"
+        - "traefik.http.routers.channels${STACK_NAME}.tls=true"
+        - "traefik.http.routers.channels${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.services.channels${STACK_NAME}.loadbalancer.server.port=5000"
+        - "traefik.http.routers.channels${STACK_NAME}.entrypoints=web-secure"
+
   cron:
-    image: loomio/loomio:v2.25.3
+    image: loomio/loomio:v3.0.0
     configs:
       - source: entrypoint
         target: /entrypoint.sh

entrypoint.sh

@@ -25,6 +25,11 @@ file_env "DEVISE_SECRET"
 file_env "SECRET_COOKIE_TOKEN"
 file_env "POSTGRES_PASSWORD"
 file_env "SMTP_PASSWORD"
+
+if [ "$OAUTH_ENABLED" = "1" ]; then
+	file_env "OAUTH_APP_SECRET"
+fi  
+
 export DB_HOST="db"
 export DATABASE_URL="postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db/${POSTGRES_DB}"
 

release/5.1.0+v3.0.0

@@ -0,0 +1 @@
+Add support for OAuth2. To use this feature copy and populate the new oauth2 env variables from the .env.sample to your locale .env config and insert the oauth2_app_secret secret into your recipe:

release/5.2.0+v3.0.20

@@ -0,0 +1 @@
+upgrade loomio from version 3.0.0 to 3.0.20

renovate.json

@@ -0,0 +1,6 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended"
+  ]
+}