Fix new deployments?

Re: #33

.drone.yml

@@ -3,10 +3,12 @@ kind: pipeline
 name: deploy to swarm-test.autonomic.zone
 steps:
   - name: deployment
-    image: decentral1se/stack-ssh-deploy:latest
+    image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
     settings:
       host: swarm-test.autonomic.zone
       stack: mediawiki
+      networks:
+       - proxy
       purge: true
       generate_secrets: true
       deploy_key:
@@ -31,11 +33,17 @@ trigger:
     - main
 ---
 kind: pipeline
-name: recipe release
+name: generate recipe catalogue
 steps:
   - name: release a new version
-    image: thecoopcloud/drone-abra:latest
+    image: plugins/downstream
     settings:
-      command: recipe mediawiki release
+      server: https://build.coopcloud.tech
-      deploy_key:
+      token:
-        from_secret: abra_bot_deploy_key
+        from_secret: drone_abra-bot_token
+      fork: true
+      repositories:
+        - coop-cloud/auto-recipes-catalogue-json
+
+trigger:
+  event: tag

.env.sample

@@ -13,6 +13,8 @@ MEDIAWIKI_LOGO_FILE='$wgResourceBasePath/resources/assets/wiki.png'
 
 MEDIAWIKI_IS_PRIVATE=1
 
+MEDIAWIKI_DEBUG=0
+
 ## SMTP
 #SMTP_HOST=postfix_relay_app
 #SMTP_HOST=mailu_front
@@ -40,6 +42,31 @@ SECRET_MEDIAWIKI_SECRET_KEY_VERSION=v1 # length=64
 ## OpenID Connect
 # OPENID_ENABLED=1
 # COMPOSE_FILE="compose.yml:compose.openid.yml"
-# OPENID_KEYCLOAK_URL="https://keycloak.local:8080/auth/realms/acme/"
+# OPENID_KEYCLOAK_URL="https://keycloak.local:8080/realms/acme/"
 # OPENID_CLIENT_ID="mediawiki"
 # SECRET_OPENID_CLIENT_SECRET_VERSION=v1
+
+## WikiMarkdown
+#MARKDOWN_ENABLED=1
+
+## MobileFrontend
+#MOBILEFRONTEND_ENABLED=1
+
+## MsUpload
+#MSU_ENABLED=1
+
+## PageForms
+#PAGEFORMS_ENABLED=1
+
+## PageSchemas
+#PAGESCHEMAS_ENABLED=1
+
+## SemanticMediaWiki
+#SEMANTICMW_ENABLED=1
+
+## WikiMarkdown
+#MARKDOWN_ENABLED=1
+
+## Tweeki skin
+#TWEEKI_ENABLED=0
+

LocalSettings.php.tmpl

@@ -5,7 +5,6 @@ if ( !defined( 'MEDIAWIKI' ) ) {
 	exit;
 }
 
-
 ## Uncomment this to disable output compression
 # $wgDisableOutputCompression = true;
 
@@ -116,15 +115,27 @@ $wgGroupPermissions['*']['read'] = false;
 $wgGroupPermissions['*']['read'] = true;
 {{ end }}
 
-## Default skin: you can change the default skin. Use the internal symbolic
-## names, ie 'vector', 'monobook':
-$wgDefaultSkin = "vector";
-
 # Enabled skins.
 # The following skins were automatically enabled:
 wfLoadSkin( 'MonoBook' );
 wfLoadSkin( 'Timeless' );
 wfLoadSkin( 'Vector' );
+wfLoadSkin( 'MinervaNeue' );
+
+## Default skin: you can change the default skin. Use the internal symbolic
+## names, ie 'vector', 'monobook':
+
+{{ if eq (env "TWEEKI_ENABLED") "1" }}
+wfLoadSkin( 'Tweeki' );
+$wgDefaultSkin = "tweeki";
+{{ else }}
+$wgDefaultSkin = "vector";
+{{ end }}
+
+{{ if eq (env "MOBILEFRONTEND_ENABLED") "1" }}
+wfLoadExtension( 'MobileFrontend' );
+$wgDefaultMobileSkin = 'minerva';
+{{ end }}
 
 # Enabled extensions. Most of the extensions are enabled by adding
 # wfLoadExtensions('ExtensionName');
@@ -143,47 +154,44 @@ $wgDefaultUserOptions['visualeditor-enable'] = 1;
 
 $wgVisualEditorAllowLossySwitching = false;
 
-$wgVirtualRestConfig['modules']['parsoid'] = [
-	// URL to the Parsoid instance - use port 8142 if you use the Debian package - the parameter 'URL' was first used but is now deprecated (string)
-	'url' => 'http://parsoid:8000/',
-	// Parsoid "domain" (string, optional) - MediaWiki >= 1.26
-	'domain' => 'localhost',
-	// Parsoid "prefix" (string, optional) - deprecated since MediaWiki 1.26, use 'domain'
-	'prefix' => 'localhost',
-	// Forward cookies in the case of private wikis (string or false, optional)
-	'forwardCookies' => true,
-	// request timeout in seconds (integer or null, optional)
-	'timeout' => null,
-	// Parsoid HTTP proxy (string or null, optional)
-	'HTTPProxy' => null,
-	// whether to parse URL as if they were meant for RESTBase (boolean or null, optional)
-	'restbaseCompat' => null,
-];
-
 {{ if eq (env "SAML_ENABLED") "1" }}
 wfLoadExtension( 'PluggableAuth' );
 
 wfLoadExtension( 'SimpleSAMLphp' );
 
 $wgSimpleSAMLphp_InstallDir = "/var/simplesamlphp/";
-$wgSimpleSAMLphp_AuthSourceId = "{{ env "SAML_AUTH_SOURCE_ID" }}";
+
-$wgSimpleSAMLphp_RealNameAttribute = "{{ env "SAML_REAL_NAME_ATTRIBUTE" }}";
+$wgPluggableAuth_Config['Log in using my SAML'] = [
-$wgSimpleSAMLphp_EmailAttribute = "{{ env "SAML_EMAIL_ATTRIBUTE" }}";
+  'plugin' => 'SimpleSAMLphp',
-$wgSimpleSAMLphp_UsernameAttribute = "{{ env "SAML_USERNAME_ATTRIBUTE" }}";
+  'data' => [
+	'authSourceId' => '{{ env "SAML_AUTH_SOURCE_ID" }}',
+	'usernameAttribute' => '{{ env "SAML_USERNAME_ATTRIBUTE" }}',
+	'realNameAttribute' => '{{ env "SAML_REAL_NAME_ATTRIBUTE" }}',
+	'emailAttribute' => '{{ env "SAML_EMAIL_ATTRIBUTE" }}'
+  ]
+];
 
 $wgGroupPermissions['*']['autocreateaccount'] = true;
 $wgGroupPermissions['*']['createaccount'] = false;
+{{ end }}
 
+{{ if eq (env "MEDIAWIKI_DEBUG") "1" }}
 $wgDebugLogFile = "/var/log/debug-{$wgDBname}.log";
+$wgShowExceptionDetails = true;
+$wgDebugToolbar = true;
 {{ end }}
 
 {{ if eq (env "OPENID_ENABLED") "1" }}
 wfLoadExtension( 'PluggableAuth' );
 wfLoadExtension( 'OpenIDConnect' );
 
-$wgOpenIDConnect_Config['{{ env "OPENID_KEYCLOAK_URL" }}'] = [
+$wgPluggableAuth_Config[] = [
-  'clientID' => '{{ env "OPENID_CLIENT_ID"}}',
+    'plugin' => 'OpenIDConnect',
-  'clientsecret' => '{{ secret "openid_client_secret" }}'
+    'data' => [
+        'providerURL' => '{{ env "OPENID_KEYCLOAK_URL" }}',
+        'clientID' => '{{ env "OPENID_CLIENT_ID"}}',
+        'clientsecret' => '{{ secret "openid_client_secret" }}'
+    ]
 ];
 
 $wgGroupPermissions['*']['autocreateaccount'] = true;
@@ -200,6 +208,30 @@ $wgSMTP = [
 ];
 {{ end }}
 
+{{ if eq (env "MSU_ENABLED") "1" }}
+wfLoadExtension( 'MsUpload' );
+$wgAllowJavaUploads = true; // Solves problem with Office 2007 and newer files (docx, xlsx, etc.)
+{{ end }}
+
+{{ if eq (env "PAGEFORMS_ENABLED") "1" }}
+wfLoadExtension( 'PageForms' );
+{{ end }}
+
+{{ if eq (env "PAGESCHEMAS_ENABLED") "1" }}
+wfLoadExtension( 'PageSchemas' );
+{{ end }}
+
+{{ if eq (env "SEMANTICMW_ENABLED") "1" }}
+wfLoadExtension( 'SemanticMediaWiki' );
+enableSemantics( '{{ env "DOMAIN" }}' );
+{{ end }}
+
+{{ if eq (env "MARKDOWN_ENABLED") "1" }}
+wfLoadExtension( 'WikiMarkdown' );
+$wgAllowMarkdownExtra = true; // allows usage of Parsedown Extra
+$wgAllowMarkdownExtended = true; // allows usage of Parsedown Extended
+{{ end }}
+
 $wgFileExtensions = array(
     'png', 'gif', 'jpg', 'jpeg', 'doc', 'xls', 'mpp', 'pdf', 'ppt', 'tiff',
     'bmp', 'docx', 'xlsx', 'pptx', 'ps', 'odt', 'ods', 'odp', 'odg'

README.md

@@ -1,8 +1,6 @@
 # Mediawiki
 
-[![Build Status](https://drone.autonomic.zone/api/badges/coop-cloud/mediawiki/status.svg)](https://drone.autonomic.zone/coop-cloud/mediawiki)
+[![Build Status](https://build.coopcloud.tech/api/badges/coop-cloud/mediawiki/status.svg)](https://build.coopcloud.tech/coop-cloud/mediawiki)
-
-Mediawiki [version 1.35][mediawiki-1.35]
 
 <!-- metadata -->
 * **Category**: Apps
@@ -21,20 +19,20 @@ Mediawiki [version 1.35][mediawiki-1.35]
 2. Deploy [`coop-cloud/traefik`][traefik]
 3. `abra app new mediawiki --secrets`  (optionally with `--pass` if you'd like
    to save secrets in `pass`)
-4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
+4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
    your Docker swarm box
-5. `abra app YOURAPPDOMAIN deploy`
+5. `abra app deploy YOURAPPDOMAIN`
 6. Create an initial admin user:
-   `abra app YOURAPPDOMAIN run app php /var/www/html/maintenance/createAndPromote.php --sysop YourUsername YourPassword`
+   `abra app run YOURAPPDOMAIN app php /var/www/html/maintenance/createAndPromote.php --sysop YourUsername YourPassword`
 
 ## Email
 
-1. `abra app YOURAPPDOMAIN config` - edit `.envrc` and uncomment the `SMTP` lines. Set `SMTP_HOST` to
+1. `abra app config YOURAPPDOMAIN` - edit `.envrc` and uncomment the `SMTP` lines. Set `SMTP_HOST` to
    `postfix_relay` for `coop-cloud/postfix_relay`, or `mailu_front` for
    `coop-cloud/mailu` (assuming default stack names)
 2. For `postfix_relay`, add the domain to your email config – `EXTRA_SENDER_DOMAINS` in
    `postfix_relay`. This doesn't seem to be required for Mailu.
-3. `abra app YOURAPPDOMAIN deploy`
+3. `abra app deploy YOURAPPDOMAIN`
 
 ## Single Sign On
 
@@ -48,13 +46,13 @@ This app includes optional SAML Single Sign On using
 NOTE: currently, if you enable SAML then it'll disable Mediawiki's own user account
 system. Patches to make this configurable are welcome!
 
-1. `abra app YOURAPPDOMAIN config` - uncomment lines in the `SAML` section (including `COMPOSE_FILE`)
+1. `abra app config YOURAPPDOMAIN` - uncomment lines in the `SAML` section (including `COMPOSE_FILE`)
 2. Generate secrets: (add `--pass` if you want to store secrets in `pass`)
    ```
    abra app YOURAPPDOMAIN secret generate saml_admin_password v1
    abra app YOURAPPDOMAIN secret generate saml_secret_salt v1 "pwgen -n 64 1"
    ```
-3. `abra app YOURAPPDOMAIN deploy`
+3. `abra app deploy YOURAPPDOMAIN`
 4. Copy your SimpleSAMLphp metadata and certificates to the container (assuming
    you have local `metadata` and `cert` folders:
    ```
@@ -72,14 +70,14 @@ system. Patches to make this configurable are welcome!
 
 ### OpenID Connect
 
-1. `abra app YOURAPPDOMAIN config` - uncomment lines in the `OPENID` section (including `COMPOSE_FILE`)
+1. `abra app config YOURAPPDOMAIN` - uncomment lines in the `OPENID` section (including `COMPOSE_FILE`)
 2. Store your Keycloak-generated client secret in Docker:
 
 ```
 abra app YOURAPPDOMAIN secret insert openid_client_secret v1 put-your-secret-here
 ```
 
-3. `abra app YOURAPPDOMAIN deploy`
+3. `abra app deploy YOURAPPDOMAIN`
 
 ## License
 

abra.sh

@@ -1,10 +1,10 @@
-export LOCAL_SETTINGS_CONF_VERSION=v2
+export LOCAL_SETTINGS_CONF_VERSION=v20
 export HTACCESS_CONF_VERSION=v1
-export ENTRYPOINT_CONF_VERSION=v2
+export ENTRYPOINT_CONF_VERSION=v20
-export COMPOSER_LOCAL_CONF_VERSION=v1
+export COMPOSER_LOCAL_CONF_VERSION=v5
-export PHP_INI_VERSION=v1
+export PHP_INI_VERSION=v4
 
-export SAML_ENTRYPOINT_CONF_VERSION=v1
+export SAML_ENTRYPOINT_CONF_VERSION=v3
 
 abra_backup_app() {
   _abra_backup_dir "app:/var/www/html/images"

compose.simplesaml.yml

@@ -5,7 +5,12 @@ services:
   app:
     volumes:
       - "simplesaml:/var/simplesamlphp/"
+      - "simplesaml_cert:/var/simplesamlphp/cert"
+      - "simplesaml_config:/var/simplesamlphp/config"
+      - "simplesaml_data:/var/simplesamlphp/data"
       - "simplesaml_log:/var/simplesamlphp/log"
+      - "simplesaml_metadata:/var/simplesamlphp/metadata"
+      - "simplesaml_modules:/var/simplesamlphp/modules"
     environment:
       - SAML_AUTH_SOURCE_ID
       - SAML_EMAIL_ATTRIBUTE
@@ -14,7 +19,8 @@ services:
       - SAML_USERNAME_ATTRIBUTE
 
   simplesaml:
-    image: venatorfox/simplesamlphp:1.18.3
+    # image: unicon/simplesamlphp:1.19.6
+    image: git.coopcloud.tech/coop-cloud-chaos-patchs/simplesamlphp:1.19.7
     secrets:
       - saml_admin_password
       - saml_secret_salt
@@ -47,7 +53,12 @@ services:
         mode: 0555
     volumes:
       - simplesaml:/var/simplesamlphp/
-      - simplesaml_log:/var/simplesamlphp/log
+      - "simplesaml_cert:/var/simplesamlphp/cert"
+      - "simplesaml_config:/var/simplesamlphp/config"
+      - "simplesaml_data:/var/simplesamlphp/data"
+      - "simplesaml_log:/var/simplesamlphp/log"
+      - "simplesaml_metadata:/var/simplesamlphp/metadata"
+      - "simplesaml_modules:/var/simplesamlphp/modules"
     networks:
       - proxy
     entrypoint: /docker-entrypoint.simplesaml.sh
@@ -62,7 +73,12 @@ services:
 
 volumes:
   simplesaml:
+  simplesaml_cert:
+  simplesaml_config:
+  simplesaml_data:
   simplesaml_log:
+  simplesaml_metadata:
+  simplesaml_modules:
 
 secrets:
   saml_admin_password:

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: mediawiki:1.37.1
+    image: mediawiki:1.39.3
     environment:
       - DOMAIN
       - STACK_NAME
@@ -13,6 +13,7 @@ services:
       - MEDIAWIKI_SITENAMESPACE
       - MEDIAWIKI_LOGO_FILE
       - MEDIAWIKI_IS_PRIVATE
+      - MEDIAWIKI_DEBUG
       - SAML_ENABLED
       - OPENID_ENABLED
       - DB_HOST=db
@@ -44,11 +45,11 @@ services:
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
-        - "coop-cloud.${STACK_NAME}.version=2.1.0+1.37.1"
+        - "coop-cloud.${STACK_NAME}.version=2.3.0+1.39.3"
     entrypoint: /docker-entrypoint2.sh
 
   db:
-    image: mariadb:10.8
+    image: mariadb:10.10
     environment:
       - MYSQL_USER=mediawiki
       - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
@@ -62,14 +63,6 @@ services:
     networks:
       - internal
 
-  parsoid:
-    image: thenets/parsoid:0.11.0
-    hostname: parsoidserver
-    networks:
-      - internal
-    environment:
-      PARSOID_DOMAIN_localhost: http://app:80/api.php
-
 volumes:
   mariadb:
   mediawiki_images:

composer.local.json.tmpl

@@ -1,4 +1,9 @@
 {
+{{ if eq (env "SEMANTICMW_ENABLED") "1" }}
+  "require": {
+    "mediawiki/semantic-media-wiki": "^4.1.0"
+  },
+{{ end }}
   "extra": {
     "merge-plugin": {
       "include": [

entrypoint.sh.tmpl

@@ -8,7 +8,7 @@ init_composer() {
 	if ! type composer > /dev/null 2>&1; then
 		apt update -yqq && apt install -yqq curl git unzip zip
 		curl -sS https://getcomposer.org/installer -o /tmp/composer-setup.php
-		php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer --version=1.10.15
+		php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer --version=2.5.4
 		composer -V
 	fi
 }
@@ -40,25 +40,22 @@ init_db() {
 		php /var/www/html/maintenance/sql.php /var/www/html/maintenance/tables.sql
 		php /var/www/html/maintenance/sql.php /var/www/html/maintenance/interwiki.sql
 		# FIXME run createAndPromote.php with $ADMIN_USERNAME
-	else
-		php /var/www/html/maintenance/update.php --quick
 	fi
 
-	if [ -n "${OPENID_ENABLED-}" ]; then
+	php /var/www/html/maintenance/update.php --quick
-		php /var/www/html/maintenance/update.php --quick
-	fi
 }
 
 init_extensions() {
+
 	if [ ! -d /var/www/html/extensions/PluggableAuth ]; then
-		git clone --depth 1 -b REL1_32 \
+		git clone --depth 1 -b REL1_39 \
 			https://gerrit.wikimedia.org/r/p/mediawiki/extensions/PluggableAuth \
 			/var/www/html/extensions/PluggableAuth
 	fi
 
 	if [ -n "${SAML_ENABLED-}" ]; then
 		if [ ! -d /var/www/html/extensions/SimpleSAMLphp ]; then
-			git clone --depth 1 -b REL1_32 \
+			git clone --depth 1 -b REL1_39 \
 				https://gerrit.wikimedia.org/r/p/mediawiki/extensions/SimpleSAMLphp \
 				/var/www/html/extensions/SimpleSAMLphp
 		fi
@@ -66,17 +63,72 @@ init_extensions() {
 
 	if [ -n "${OPENID_ENABLED-}" ]; then
 		if [ ! -d /var/www/html/extensions/OpenIDConnect ]; then
-			git clone --depth 1 -b REL1_35 \
+			git clone --depth 1 -b REL1_39 \
 				https://gerrit.wikimedia.org/r/mediawiki/extensions/OpenIDConnect \
 				/var/www/html/extensions/OpenIDConnect
 		fi
 	fi
+
+	if [ -n "${MOBILEFRONTEND_ENABLED-}" ]; then
+		if [ ! -d /var/www/html/extensions/MobileFrontend ]; then
+			git clone --depth 1 -b REL1_39 \
+				https://github.com/wikimedia/mediawiki-extensions-MobileFrontend.git \
+				/var/www/html/extensions/MobileFrontend
+		fi
+	fi
+
+	if [ -n "${MSU_ENABLED-}" ]; then
+		if [ ! -d /var/www/html/extensions/MsUpload ]; then
+			git clone --depth 1 -b REL1_39 \
+				https://gerrit.wikimedia.org/r/mediawiki/extensions/MsUpload \
+				/var/www/html/extensions/MsUpload
+		fi
+	fi
+
+	if [ -n "${PAGEFORMS_ENABLED-}" ]; then
+		if [ ! -d /var/www/html/extensions/PageForms ]; then
+			git clone --depth 1 -b REL1_39 \
+				https://gerrit.wikimedia.org/r/mediawiki/extensions/PageForms \
+				/var/www/html/extensions/PageForms
+		fi
+	fi
+
+	if [ -n "${PAGESCHEMAS_ENABLED-}" ]; then
+		if [ ! -d /var/www/html/extensions/PageSchemas ]; then
+			git clone --depth 1 -b REL1_39 \
+				https://gerrit.wikimedia.org/r/mediawiki/extensions/PageSchemas \
+				/var/www/html/extensions/PageSchemas
+		fi
+	fi
+
+	if [ -n "${MARKDOWN_ENABLED-}" ]; then
+		if [ ! -d /var/www/html/extensions/WikiMarkdown ]; then
+			git clone --depth 1 \
+				https://github.com/kuenzign/WikiMarkdown \
+				/var/www/html/extensions/WikiMarkdown
+		fi
+	fi
+
 }
 
+init_skins() {
+
+	if [ -n "${TWEEKI_ENABLED-}" ]; then
+		if [ ! -d /var/www/html/skins/Tweeki ]; then
+			git clone --depth 1 \
+				https://github.com/thaider/Tweeki \
+				/var/www/html/skins/Tweeki
+		fi
+	fi
+
+}
+
+
 main() {
 	set -eu
 
 	init_extensions
+	init_skins
 	init_composer
 	composer_install
 	init_db

php.ini.tmpl

@@ -2,3 +2,9 @@ upload_max_filesize = 10M
 post_max_size = 10M
 max_execution_time = 7200
 max_file_uploads = 1000
+
+{{ if eq (env "MEDIAWIKI_DEBUG") "0" }}
+error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
+{{ else }}
+error_reporting = E_ALL
+{{ end }}