coop-cloud/penpot
coop-cloud
/
penpot
0
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

chore: publish 2.0.0+1.19.1 release
continuous-integration/drone/push Build is failing Details

This commit is contained in:
knoflook 2023-09-08 22:19:18 +02:00
parent 5a43aaabca
commit e52ae0ad24
3 changed files with 78 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
.env.sample
View File

@ -5,28 +5,21 @@ DOMAIN=penpot.example.com
#EXTRA_DOMAINS=', `www.${REPO_NAME_KEBAB}.example.com`' #EXTRA_DOMAINS=', `www.${REPO_NAME_KEBAB}.example.com`'
LETS_ENCRYPT_ENV=production LETS_ENCRYPT_ENV=production
# By default files upload by user are stored in local # Generate the secret key manually and insert it e.g.
# filesystem. But it can be configured to store in AWS S3 or # dd if=/dev/urandom bs=1 count=64 | base64 -
# completelly in de the database. Storing in the database makes SECRET_SECRET_KEY_VERSION=v1
# the backups more easy but will make access to media less SECRET_DB_PASSWORD_VERSION=v1
# performant.
PENPOT_STORAGE_BACKEND=fs
# Telemetry. When enabled, a periodical process will send ## All flags take the format of enable-flag-name or disable-flag-name
# annonymous data about this instance. Telemetry data will # List of flags:
# enable us to learn on how the application is used based on # demo-users email-verification log-emails log-invitation-tokens login-with-github login-with-gitlab login-with-google login-with-ldap login-with-oidc login-with-password registration secure-session-cookies smtp smtp-debug telemetry webhooks prepl-server
# real scenarios. If you want to help us, please leave it PENPOT_FLAGS="enable-registration enable-login-with-password disable-email-verification enable-prepl-server disable-telemetry"
# enabled. In any case you can see the source code of both
# client and server in the penpot repository.
PENPOT_TELEMETRY_ENABLED=false
# Email sending configuration. By default emails are printed in ## If not set, mails will be printed to logs
# console, but for production usage is recommeded to setup a #PENPOT_FLAGS="$PENPOT_FLAGS enable-smtp"
# real SMTP provider. Emails are used for confirm user #SECRET_SMTP_PASSWORD_VERSION=v1
# registration. #PENPOT_SMTP_DEFAULT_FROM=penpot@example.com
PENPOT_SMTP_ENABLED=false #PENPOT_SMTP_DEFAULT_REPLY_TO=penpot@example.com
PENPOT_SMTP_DEFAULT_FROM=penpot@example.com
PENPOT_SMTP_DEFAULT_REPLY_TO=penpot@example.com
#PENPOT_SMTP_HOST=smtp.example.com #PENPOT_SMTP_HOST=smtp.example.com
#PENPOT_SMTP_PORT=25 #PENPOT_SMTP_PORT=25
#PENPOT_SMTP_USERNAME=username #PENPOT_SMTP_USERNAME=username
@ -34,10 +27,18 @@ PENPOT_SMTP_DEFAULT_REPLY_TO=penpot@example.com
#PENPOT_SMTP_TLS=true #PENPOT_SMTP_TLS=true
#PENPOT_SMTP_SSL=false #PENPOT_SMTP_SSL=false
SECRET_DB_PASSWORD_VERSION=v1 ## Store assets in the filesystem
SECRET_SMTP_PASSWORD_VERSION=v1 PENPOT_ASSETS_STORAGE_BACKEND=assets-fs
PENPOT_ASSETS_FS_DIRECTORY=/opt/data/assets
## Or store them in an S3 bucket
#- PENPOT_ASSETS_STORAGE_BACKEND=assets-s3
#- PENPOT_STORAGE_ASSETS_S3_ENDPOINT=http://penpot-minio:9000
#- PENPOT_STORAGE_ASSETS_S3_BUCKET=<BUKET_NAME>
#- AWS_ACCESS_KEY_ID=<KEY_ID>
#- AWS_SECRET_ACCESS_KEY=<ACCESS_KEY>
# e.g. for Keycloak https://id.example.com/auth/realms/example/ # e.g. for Keycloak https://id.example.com/auth/realms/example/
#PENPOT_FLAGS_FRONTEND="$PENPOT_FLAGS_FRONTEND enable-login-with-oidc"
#PENPOT_OIDC_BASE_URI= #PENPOT_OIDC_BASE_URI=
#PENPOT_OIDC_CLIENT_ID= #PENPOT_OIDC_CLIENT_ID=
#PENPOT_OIDC_CLIENT_SECRET= #PENPOT_OIDC_CLIENT_SECRET=

116
compose.yml
View File

@ -1,92 +1,86 @@
version: "3.8" version: "3.8"
x-environment:
&default-env
- PENPOT_PUBLIC_URI=https://{domain}
- PENPOT_DATABASE_URI=postgresql://postgres/penpot
- PENPOT_DATABASE_USERNAME=penpot
- PENPOT_DATABASE_PASSWORD_FILE=/run/secrets/db_password
- PENPOT_REDIS_URI=redis://redis/0
- PENPOT_STORAGE_BACKEND
- PENPOT_STORAGE_FS_DIRECTORY=/opt/data/assets
- PENPOT_TELEMETRY_ENABLED
- PENPOT_SMTP_ENABLED
- PENPOT_SMTP_DEFAULT_FROM
- PENPOT_SMTP_DEFAULT_REPLY_TO
- PENPOT_SMTP_HOST
- PENPOT_SMTP_PORT
- PENPOT_SMTP_USERNAME
- PENPOT_SMTP_TLS
- PENPOT_SMTP_SSL
services: services:
app: app:
image: "penpotapp/frontend:1.8.2-alpha" image: "penpotapp/frontend:1.19.1"
networks: networks:
- proxy - proxy
- backend - internal
volumes: volumes:
- penpot_assets:/opt/data - penpot_assets:/opt/data
depends_on: depends_on:
- penpot-backend - penpot-backend
- penpot-exporter - penpot-exporter
environment: *default-env environment:
entrypoint: /entrypoint.override.sh - PENPOT_FLAGS
secrets: secrets:
- db_password - db_password
configs:
- source: app_entrypoint
target: /entrypoint.override.sh
mode: 0555
deploy: deploy:
restart_policy: restart_policy:
condition: on-failure condition: on-failure
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
# Redirect from EXTRA_DOMAINS to DOMAIN
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
- coop-cloud.${STACK_NAME}.version=0.2.0+1.8.2-alpha - "coop-cloud.${STACK_NAME}.version=2.0.0+1.19.1"
penpot-backend: penpot-backend:
image: "penpotapp/backend:1.8.2-alpha" image: "penpotapp/backend:1.19.1"
volumes: volumes:
- penpot_assets:/opt/data - penpot_assets:/opt/data
depends_on: depends_on:
- postgres - penpot-postgres
- redis - penpot-redis
environment: *default-env environment:
- PENPOT_FLAGS
- PENPOT_PREPL_HOST=0.0.0.0 # I don't really understand what that is for
- PENPOT_PUBLIC_URI=${DOMAIN}
- PENPOT_SECRET_KEY_FILE=/run/secrets/secret_key
- PENPOT_DATABASE_PASSWORD_FILE=/run/secrets/db_password
- PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot
- PENPOT_DATABASE_USERNAME=penpot
- PENPOT_REDIS_URI=redis://penpot-redis/0
- PENPOT_SMTP_DEFAULT_FROM
- PENPOT_SMTP_DEFAULT_REPLY_TO
- PENPOT_SMTP_HOST
- PENPOT_SMTP_PORT
- PENPOT_SMTP_USERNAME
- PENPOT_SMTP_PASSWORD
- PENPOT_SMTP_TLS
- PENPOT_SMTP_SSL
- PENPOT_ASSETS_STORAGE_BACKEND
- PENPOT_ASSETS_FS_DIRECTORY
- PENPOT_STORAGE_ASSETS_S3_ENDPOINT
- PENPOT_STORAGE_ASSETS_S3_BUCKET
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
secrets: secrets:
- db_password - db_password
- secret_key
configs: configs:
- source: backend_entrypoint - source: backend_entrypoint
target: /docker-entrypoint.sh target: /docker-entrypoint.sh
mode: 0555 mode: 0555
entrypoint: /docker-entrypoint.sh entrypoint: /docker-entrypoint.sh
networks: networks:
- backend - internal
# FIXME 3wc: this is only required for email
- proxy
deploy:
labels:
- coop-cloud.${STACK_NAME}.penpot-backend.version=1.4.0-alpha-
penpot-exporter: penpot-exporter:
image: "penpotapp/exporter:1.8.2-alpha" image: "penpotapp/exporter:1.19.1"
environment: environment:
# Don't touch it; this uses internal docker network to
# communicate with the frontend.
- PENPOT_PUBLIC_URI=http://app - PENPOT_PUBLIC_URI=http://app
- PENPOT_REDIS_URI=redis://penpot-redis/0
networks: networks:
- backend - internal
deploy:
labels: penpot-postgres:
- coop-cloud.${STACK_NAME}.penpot-exporter.version=1.4.0-alpha-617c54da image: "postgres:15.4"
postgres:
image: "postgres:14"
stop_signal: SIGINT stop_signal: SIGINT
secrets: secrets:
- db_password - db_password
@ -98,31 +92,23 @@ services:
volumes: volumes:
- postgres:/var/lib/postgresql/data - postgres:/var/lib/postgresql/data
networks: networks:
- backend - internal
deploy:
labels: penpot-redis:
- coop-cloud.${STACK_NAME}.postgres.version=13-61d5d8ef image: redis:7.2.1
redis:
image: redis:6
networks: networks:
- backend - internal
deploy:
labels:
- coop-cloud.${STACK_NAME}.redis.version=6-e10f55f9
networks: networks:
internal:
proxy: proxy:
external: true external: true
backend:
volumes: volumes:
postgres: postgres:
penpot_assets: penpot_assets:
configs: configs:
app_entrypoint:
name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_CONF_VERSION}
file: entrypoint-app.sh
backend_entrypoint: backend_entrypoint:
name: ${STACK_NAME}_backend_entrypoint_${BACKEND_ENTRYPOINT_CONF_VERSION} name: ${STACK_NAME}_backend_entrypoint_${BACKEND_ENTRYPOINT_CONF_VERSION}
file: entrypoint-backend.sh file: entrypoint-backend.sh
@ -131,3 +117,9 @@ secrets:
db_password: db_password:
external: true external: true
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
secret_key:
external: true
name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
smtp_password:
external: true
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}

1
entrypoint-backend.sh
View File

@ -23,6 +23,7 @@ file_env() {
load_vars() { load_vars() {
file_env "PENPOT_DATABASE_PASSWORD" file_env "PENPOT_DATABASE_PASSWORD"
file_env "PENPOT_SECRET_KEY"
file_env "PENPOT_SMTP_PASSWORD" file_env "PENPOT_SMTP_PASSWORD"
file_env "PENPOT_LDAP_BIND_PASSWORD" file_env "PENPOT_LDAP_BIND_PASSWORD"
file_env "PENPOT_GOOGLE_CLIENT_SECRET" file_env "PENPOT_GOOGLE_CLIENT_SECRET"