template db, add release note

.drone.yml

@@ -3,12 +3,10 @@ kind: pipeline
 name: deploy to swarm-test.autonomic.zone
 steps:
   - name: deployment
-    image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
+    image: decentral1se/stack-ssh-deploy:latest
     settings:
       host: swarm-test.autonomic.zone
       stack: onlyoffice
-      networks:
-       - proxy
       generate_secrets: true
       purge: true
       deploy_key:
@@ -17,25 +15,16 @@ steps:
       DOMAIN: onlyoffice.swarm-test.autonomic.zone
       STACK_NAME: onlyoffice
       LETS_ENCRYPT_ENV: production
-      ENTRYPOINT_VERSION: v1
-      SECRET_DB_PASSWORD_VERSION: v1
-      PG_BACKUP_VERSION: v2
 trigger:
   branch:
     - main
 ---
 kind: pipeline
-name: generate recipe catalogue
+name: recipe release
 steps:
   - name: release a new version
-    image: plugins/downstream
+    image: thecoopcloud/drone-abra:latest
     settings:
-      server: https://build.coopcloud.tech
+      command: recipe onlyoffice release
-      token:
+      deploy_key:
-        from_secret: drone_abra-bot_token
+        from_secret: abra_bot_deploy_key
-      fork: true
-      repositories:
-        - toolshed/auto-recipes-catalogue-json
-
-trigger:
-  event: tag

.env.sample

@@ -1,8 +1,5 @@
 TYPE=onlyoffice
-TIMEOUT=300
-ENABLE_AUTO_UPDATE=true
 LETS_ENCRYPT_ENV=production
-ENABLE_BACKUPS=true
 DOMAIN=onlyoffice.example.com
 
 SECRET_DB_PASSWORD_VERSION=v1

README.md

@@ -7,21 +7,17 @@
 * **Category**: Apps
 * **Status**: 3, stable
 * **Image**: [`onlyoffice`](https://hub.docker.com/r/onlyoffice/documentserver/), 4, upstream
-* **Healthcheck**: Yes
+* **Healthcheck**: No
 * **Backups**: No
-* **Email**: N/A
+* **Email**: 3
 * **Tests**: 2
 * **SSO**: No
 <!-- endmetadata -->
 
 ## Basic usage
 
-* `abra app new onlyoffice`
+1. Set up Docker Swarm and [`abra`](https://git.autonomic.zone/coop-cloud/abra)
-* `abra app config <app-name>`
+1. Deploy [`coop-cloud/traefik`](https://git.autonomic.zone/coop-cloud/traefik)
-    - uncomment `COMPOSE_FILE` and `SECRET_JWT_SECRET_VERSION` to enable JWT Secret
+1. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
-* `abra app secret generate -a <app-name>`
+   your Docker swarm box
-* `abra app deploy <app-name>`
+1. `abra app YOURAPPDOMAIN deploy`
-
-
-For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech) and [`ONLYOFFICE/Docker-DocumentServer`](https://github.com/ONLYOFFICE/Docker-DocumentServer).
-[Official Onlyoffice docker compose](https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/docker-compose.yml)

abra.sh

@@ -1,5 +1,4 @@
-export ENTRYPOINT_VERSION=v1
+export LOCAL_JSON_VERSION=v1
-export PG_BACKUP_VERSION=v2
 
 prepare_shutdown () {
   documentserver-prepare4shutdown.sh    

alaconnect.yml

@@ -1,6 +0,0 @@
-nextcloud:
-    uncomment:
-        - compose.jwt.yml
-        - SECRET_JWT_SECRET_VERSION
-    shared_secrets:
-        onlyoffice_jwt: jwt_secret

compose.jwt.yml

@@ -5,7 +5,6 @@ services:
       - JWT_ENABLED=true
       - JWT_HEADER=Authorization
       - JWT_IN_BODY=true
-      - JWT_SECRET_FILE=/run/secrets/jwt_secret
     secrets:
       - jwt_secret
 

compose.yml

@@ -1,44 +1,40 @@
 version: '3.8'
 services:
   app:
-    image: onlyoffice/documentserver:8.3.0
+    image: onlyoffice/documentserver:7.1.1
     depends_on:
       - db
       - rabbitmq
     stdin_open: true
     networks:
       - proxy
-      - internal
+      - internal 
     environment:
       DB_TYPE: postgres
       DB_HOST: db
       DB_PORT: 5432
       DB_NAME: onlyoffice
       DB_USER: onlyoffice
-      DB_PWD_FILE: /run/secrets/db_password
       AMQP_URI: amqp://guest:guest@rabbitmq
-      AUTO_ASSEMBLY_ENABLED:
+      AUTO_ASSEMBLY_ENABLED: 
-      AUTO_ASSEMBLY_INTERVAL:
+      AUTO_ASSEMBLY_INTERVAL: 
-      AUTO_ASSEMBLY_STEP:
+      AUTO_ASSEMBLY_STEP: 
     secrets:
       - db_password
     healthcheck:
-      test: [ "CMD", "curl", "-f", "http://localhost/welcome" ]
+      test: ["CMD", "curl", "-f", "http://localhost/welcome"]
       interval: 30s
       timeout: 10s
       retries: 10
       start_period: 1m
     configs:
-      - source: entrypoint
+      - source: local_json
-        target: /custom-entrypoint.sh
+        target: /etc/onlyoffice/documentserver/local.json
-        mode: 555
-    entrypoint: /custom-entrypoint.sh
     deploy:
       update_config:
         failure_action: rollback
         order: start-first
       labels:
-        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
         - "traefik.enable=true"
         - "traefik.docker.network=proxy"
         - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
@@ -47,10 +43,10 @@ services:
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-fwdproto"
         - "traefik.http.middlewares.${STACK_NAME}-fwdproto.headers.customRequestHeaders.X-Forwarded-Proto=https"
-        - "coop-cloud.${STACK_NAME}.version=2.10.0+8.3.0"
+        - "coop-cloud.${STACK_NAME}.app.version=0.1.0+7.1.1"
         
   rabbitmq:
-    image: rabbitmq:4.0.5
+    image: rabbitmq:3.9.5
     networks:
       - internal
     healthcheck:
@@ -59,15 +55,9 @@ services:
       timeout: 10s
       retries: 10
       start_period: 1m
-
+    
   db:
     image: postgres:9.5
-    deploy:
-        labels:
-          backupbot.backup: "${ENABLE_BACKUPS:-true}"
-          backupbot.backup.pre-hook: "/pg_backup.sh backup"
-          backupbot.backup.volumes.db.path: "backup.sql"
-          backupbot.restore.post-hook: '/pg_backup.sh restore'
     environment:
       POSTGRES_DB: onlyoffice
       POSTGRES_USER: onlyoffice
@@ -79,36 +69,28 @@ services:
     networks:
       - internal
     healthcheck:
-      test: [ "CMD", "pg_isready", "-U", "onlyoffice" ]
+      test: ["CMD", "pg_isready"]
       interval: 30s
       timeout: 10s
       retries: 10
       start_period: 1m
-    configs:
-        - source: pg_backup
-          target: /pg_backup.sh
-          mode: 0555
 
 volumes:
   db:
 
-
 networks:
   proxy:
     external: true
   internal:
 
-
 secrets:
   db_password:
     external: true
     name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
 
 configs:
-  entrypoint:
+  local_json:
-    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
+    name: ${STACK_NAME}_local_json_${LOCAL_JSON_VERSION}
-    file: entrypoint.sh.tmpl
+    file: local.json.tmpl 
     template_driver: golang
-  pg_backup:
+
-    name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
-    file: pg_backup.sh

entrypoint.sh.tmpl

@@ -1,37 +0,0 @@
-#!/bin/bash
-
-set -eu
-
-file_env() {
-  local var="$1"
-  local fileVar="${var}_FILE"
-  local def="${2:-}"
-
-  if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
-    echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
-    exit 1
-  fi
-
-  local val="$def"
-  if [ "${!var:-}" ]; then
-    val="${!var}"
-  elif [ "${!fileVar:-}" ]; then
-    val="$(< "${!fileVar}")"
-  fi
-
-  export "$var"="$val"
-  unset "$fileVar"
-}
-
-file_env "DB_PWD"
-file_env "JWT_SECRET"
-
-CONFIG=/etc/onlyoffice/documentserver/local.json
-JSON_BIN=/var/www/onlyoffice/documentserver/npm/json
-JSON="${JSON_BIN} -q -f ${CONFIG}"
-${JSON} -I -e "if(this.services.CoAuthoring.autoAssembly===undefined)this.services.CoAuthoring.autoAssembly={};"
-${JSON} -I -e "this.services.CoAuthoring.autoAssembly.enable = ${AUTO_ASSEMBLY_ENABLED}"
-${JSON} -I -e "this.services.CoAuthoring.autoAssembly.interval = '${AUTO_ASSEMBLY_INTERVAL}'"
-${JSON} -I -e "this.services.CoAuthoring.autoAssembly.step = '${AUTO_ASSEMBLY_STEP}'"
-
-/app/ds/run-document-server.sh

local.json.tmpl

@@ -0,0 +1,55 @@
+{
+  "services": {
+    "CoAuthoring": {
+      "sql": {
+       "type": "{{ env "DB_TYPE" }}",
+        "dbHost": "{{ env "DB_HOST" }}",
+        "dbPort": "{{ env "DB_PORT" }}",
+        "dbName": "{{ env "DB_NAME" }}",
+        "dbUser": "{{ env "DB_USER" }}",
+        "dbPass": "{{ secret  "db_password" }}"
+      },
+  {{ if eq (env "JWT_ENABLED") "true" }}
+      "token": {
+        "enable": {
+          "request": {
+            "inbox": true,
+            "outbox": true
+          },
+          "browser": true
+        },
+        "inbox": {
+          "header": "Authorization",
+          "inBody": true
+        },
+        "outbox": {
+          "header": "Authorization",
+          "inBody": true
+        }
+      },
+      "secret": {
+        "inbox": {
+          "string": "{{ secret "jwt_secret" }}"
+        },
+        "outbox": {
+          "string": "{{ secret "jwt_secret" }}"
+        },
+        "session": {
+          "string": "{{ secret "jwt_secret" }}"
+        }
+      },
+    {{ end }}
+    "autoAssembly" : {
+      "enable": {{ env "AUTO_ASSEMBLY_ENABLED" }},
+      "interval": "{{ env "AUTO_ASSEMBLY_INTERVAL" }}",
+      "step": "{{ env "AUTO_ASSEMBLY_STEP" }}"
+      }
+    }
+  },
+  "rabbitmq": {
+    "url": "amqp://guest:guest@rabbitmq"
+  },
+  "queue": {
+    "type": "rabbitmq"
+  }
+}

pg_backup.sh

@@ -1,34 +0,0 @@
-#!/bin/bash
-
-set -e
-
-BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
-
-function backup {
-  export PGPASSWORD=$(cat /run/secrets/db_password)
-  pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE
-}
-
-function restore {
-    cd /var/lib/postgresql/data/
-    restore_config(){
-        # Restore allowed connections
-        cat pg_hba.conf.bak > pg_hba.conf
-        su postgres -c 'pg_ctl reload'
-    }
-    # Don't allow any other connections than local
-    cp pg_hba.conf pg_hba.conf.bak
-    echo "local all all trust" > pg_hba.conf
-    su postgres -c 'pg_ctl reload'
-    trap restore_config EXIT INT TERM
-
-    # Recreate Database
-    psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);" 
-    createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
-    psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
-
-    trap - EXIT INT TERM
-    restore_config
-}
-
-$@