coop-cloud/penpot
coop-cloud
/
penpot
0
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

chore: publish 2.0.0+1.19.1 release
continuous-integration/drone/push Build is failing Details

This commit is contained in:
knoflook 2023-09-08 22:19:18 +02:00
parent 5a43aaabca
commit e52ae0ad24
3 changed files with 78 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
.env.sample
View File

@ -5,28 +5,21 @@ DOMAIN=penpot.example.com
#EXTRA_DOMAINS=', `www.${REPO_NAME_KEBAB}.example.com`'
LETS_ENCRYPT_ENV=production
# By default files upload by user are stored in local
# filesystem. But it can be configured to store in AWS S3 or
# completelly in de the database. Storing in the database makes
# the backups more easy but will make access to media less
# performant.
PENPOT_STORAGE_BACKEND=fs
# Generate the secret key manually and insert it e.g.
# dd if=/dev/urandom bs=1 count=64 | base64 -
SECRET_SECRET_KEY_VERSION=v1
SECRET_DB_PASSWORD_VERSION=v1
# Telemetry. When enabled, a periodical process will send
# annonymous data about this instance. Telemetry data will
# enable us to learn on how the application is used based on
# real scenarios. If you want to help us, please leave it
# enabled. In any case you can see the source code of both
# client and server in the penpot repository.
PENPOT_TELEMETRY_ENABLED=false
## All flags take the format of enable-flag-name or disable-flag-name
# List of flags:
# demo-users email-verification log-emails log-invitation-tokens login-with-github login-with-gitlab login-with-google login-with-ldap login-with-oidc login-with-password registration secure-session-cookies smtp smtp-debug telemetry webhooks prepl-server
PENPOT_FLAGS="enable-registration enable-login-with-password disable-email-verification enable-prepl-server disable-telemetry"
# Email sending configuration. By default emails are printed in
# console, but for production usage is recommeded to setup a
# real SMTP provider. Emails are used for confirm user
# registration.
PENPOT_SMTP_ENABLED=false
PENPOT_SMTP_DEFAULT_FROM=penpot@example.com
PENPOT_SMTP_DEFAULT_REPLY_TO=penpot@example.com
## If not set, mails will be printed to logs
#PENPOT_FLAGS="$PENPOT_FLAGS enable-smtp"
#SECRET_SMTP_PASSWORD_VERSION=v1
#PENPOT_SMTP_DEFAULT_FROM=penpot@example.com
#PENPOT_SMTP_DEFAULT_REPLY_TO=penpot@example.com
#PENPOT_SMTP_HOST=smtp.example.com
#PENPOT_SMTP_PORT=25
#PENPOT_SMTP_USERNAME=username
@ -34,10 +27,18 @@ PENPOT_SMTP_DEFAULT_REPLY_TO=penpot@example.com
#PENPOT_SMTP_TLS=true
#PENPOT_SMTP_SSL=false
SECRET_DB_PASSWORD_VERSION=v1
SECRET_SMTP_PASSWORD_VERSION=v1
## Store assets in the filesystem
PENPOT_ASSETS_STORAGE_BACKEND=assets-fs
PENPOT_ASSETS_FS_DIRECTORY=/opt/data/assets
## Or store them in an S3 bucket
#- PENPOT_ASSETS_STORAGE_BACKEND=assets-s3
#- PENPOT_STORAGE_ASSETS_S3_ENDPOINT=http://penpot-minio:9000
#- PENPOT_STORAGE_ASSETS_S3_BUCKET=<BUKET_NAME>
#- AWS_ACCESS_KEY_ID=<KEY_ID>
#- AWS_SECRET_ACCESS_KEY=<ACCESS_KEY>
# e.g. for Keycloak https://id.example.com/auth/realms/example/
#PENPOT_FLAGS_FRONTEND="$PENPOT_FLAGS_FRONTEND enable-login-with-oidc"
#PENPOT_OIDC_BASE_URI=
#PENPOT_OIDC_CLIENT_ID=
#PENPOT_OIDC_CLIENT_SECRET=

116
compose.yml
View File

@ -1,92 +1,86 @@
version: "3.8"
x-environment:
&default-env
- PENPOT_PUBLIC_URI=https://{domain}
- PENPOT_DATABASE_URI=postgresql://postgres/penpot
- PENPOT_DATABASE_USERNAME=penpot
- PENPOT_DATABASE_PASSWORD_FILE=/run/secrets/db_password
- PENPOT_REDIS_URI=redis://redis/0
- PENPOT_STORAGE_BACKEND
- PENPOT_STORAGE_FS_DIRECTORY=/opt/data/assets
- PENPOT_TELEMETRY_ENABLED
- PENPOT_SMTP_ENABLED
- PENPOT_SMTP_DEFAULT_FROM
- PENPOT_SMTP_DEFAULT_REPLY_TO
- PENPOT_SMTP_HOST
- PENPOT_SMTP_PORT
- PENPOT_SMTP_USERNAME
- PENPOT_SMTP_TLS
- PENPOT_SMTP_SSL
services:
app:
image: "penpotapp/frontend:1.8.2-alpha"
image: "penpotapp/frontend:1.19.1"
networks:
- proxy
- backend
- internal
volumes:
- penpot_assets:/opt/data
depends_on:
- penpot-backend
- penpot-exporter
environment: *default-env
entrypoint: /entrypoint.override.sh
environment:
- PENPOT_FLAGS
secrets:
- db_password
configs:
- source: app_entrypoint
target: /entrypoint.override.sh
mode: 0555
deploy:
restart_policy:
condition: on-failure
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
# Redirect from EXTRA_DOMAINS to DOMAIN
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
- coop-cloud.${STACK_NAME}.version=0.2.0+1.8.2-alpha
- "coop-cloud.${STACK_NAME}.version=2.0.0+1.19.1"
penpot-backend:
image: "penpotapp/backend:1.8.2-alpha"
image: "penpotapp/backend:1.19.1"
volumes:
- penpot_assets:/opt/data
depends_on:
- postgres
- redis
environment: *default-env
- penpot-postgres
- penpot-redis
environment:
- PENPOT_FLAGS
- PENPOT_PREPL_HOST=0.0.0.0 # I don't really understand what that is for
- PENPOT_PUBLIC_URI=${DOMAIN}
- PENPOT_SECRET_KEY_FILE=/run/secrets/secret_key
- PENPOT_DATABASE_PASSWORD_FILE=/run/secrets/db_password
- PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot
- PENPOT_DATABASE_USERNAME=penpot
- PENPOT_REDIS_URI=redis://penpot-redis/0
- PENPOT_SMTP_DEFAULT_FROM
- PENPOT_SMTP_DEFAULT_REPLY_TO
- PENPOT_SMTP_HOST
- PENPOT_SMTP_PORT
- PENPOT_SMTP_USERNAME
- PENPOT_SMTP_PASSWORD
- PENPOT_SMTP_TLS
- PENPOT_SMTP_SSL
- PENPOT_ASSETS_STORAGE_BACKEND
- PENPOT_ASSETS_FS_DIRECTORY
- PENPOT_STORAGE_ASSETS_S3_ENDPOINT
- PENPOT_STORAGE_ASSETS_S3_BUCKET
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
secrets:
- db_password
- secret_key
configs:
- source: backend_entrypoint
target: /docker-entrypoint.sh
mode: 0555
entrypoint: /docker-entrypoint.sh
networks:
- backend
# FIXME 3wc: this is only required for email
- proxy
deploy:
labels:
- coop-cloud.${STACK_NAME}.penpot-backend.version=1.4.0-alpha-
- internal
penpot-exporter:
image: "penpotapp/exporter:1.8.2-alpha"
image: "penpotapp/exporter:1.19.1"
environment:
# Don't touch it; this uses internal docker network to
# communicate with the frontend.
- PENPOT_PUBLIC_URI=http://app
- PENPOT_REDIS_URI=redis://penpot-redis/0
networks:
- backend
deploy:
labels:
- coop-cloud.${STACK_NAME}.penpot-exporter.version=1.4.0-alpha-617c54da
postgres:
image: "postgres:14"
- internal
penpot-postgres:
image: "postgres:15.4"
stop_signal: SIGINT
secrets:
- db_password
@ -98,31 +92,23 @@ services:
volumes:
- postgres:/var/lib/postgresql/data
networks:
- backend
deploy:
labels:
- coop-cloud.${STACK_NAME}.postgres.version=13-61d5d8ef
redis:
image: redis:6
- internal
penpot-redis:
image: redis:7.2.1
networks:
- backend
deploy:
labels:
- coop-cloud.${STACK_NAME}.redis.version=6-e10f55f9
- internal
networks:
internal:
proxy:
external: true
backend:
volumes:
postgres:
penpot_assets:
configs:
app_entrypoint:
name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_CONF_VERSION}
file: entrypoint-app.sh
backend_entrypoint:
name: ${STACK_NAME}_backend_entrypoint_${BACKEND_ENTRYPOINT_CONF_VERSION}
file: entrypoint-backend.sh
@ -131,3 +117,9 @@ secrets:
db_password:
external: true
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
secret_key:
external: true
name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
smtp_password:
external: true
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}

1
entrypoint-backend.sh
View File

@ -23,6 +23,7 @@ file_env() {
load_vars() {
file_env "PENPOT_DATABASE_PASSWORD"
file_env "PENPOT_SECRET_KEY"
file_env "PENPOT_SMTP_PASSWORD"
file_env "PENPOT_LDAP_BIND_PASSWORD"
file_env "PENPOT_GOOGLE_CLIENT_SECRET"