Compare commits

...

9 Commits

Author SHA1 Message Date
8fbe402386
Attempt to fix CI secret generation
Some checks failed
continuous-integration/drone/push Build is failing
2024-03-28 15:08:18 +00:00
00c72d17ed
Added catalouge build to .drone
Some checks failed
continuous-integration/drone/push Build is failing
2024-03-28 15:01:43 +00:00
28cbee691e chore: publish 2.0.1+1.19.3 release
Some checks failed
continuous-integration/drone/push Build is failing
2024-03-28 14:04:31 +00:00
e52ae0ad24 chore: publish 2.0.0+1.19.1 release
Some checks failed
continuous-integration/drone/push Build is failing
2023-09-08 22:19:18 +02:00
3wc
5a43aaabca Switch to self-hosted stack-ssh-deploy image [mass update]
Some checks failed
continuous-integration/drone/push Build is failing
2023-01-21 11:49:56 -08:00
3wc
4827656be4 Add secrets for Drone
Some checks failed
continuous-integration/drone/push Build is failing
2023-01-20 18:57:20 -08:00
3wc
72900a247b Fix CI by adding networks: [mass update]
Some checks failed
continuous-integration/drone/push Build is failing
2023-01-20 11:58:41 -08:00
3wc
169a12008b Update abra syntax in examples (finally) [mass update]
Some checks failed
continuous-integration/drone/push Build is failing
2023-01-19 16:02:28 -08:00
3wc
2fbb41adff Goodbye, emojis! 😢
[ci skip]
2021-11-23 12:19:05 +02:00
5 changed files with 108 additions and 92 deletions

View File

@ -3,17 +3,39 @@ kind: pipeline
name: deploy to swarm-test.autonomic.zone
steps:
- name: deployment
image: decentral1se/stack-ssh-deploy:latest
image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
settings:
host: swarm-test.autonomic.zone
stack: ${REPO_NAME_SNAKE}
stack: penpot
networks:
- proxy
purge: true
deploy_key:
from_secret: drone_ssh_swarm_test
environment:
DOMAIN: ${REPO_NAME_KEBAB}.swarm-test.autonomic.zone
STACK_NAME: ${REPO_NAME_SNAKE}
DOMAIN: penpot.swarm-test.autonomic.zone
STACK_NAME: penpot
LETS_ENCRYPT_ENV: production
APP_ENTRYPOINT_CONF_VERSION: v1
BACKEND_ENTRYPOINT_CONF_VERSION: v1
SECRET_PENPOT_DB_PASSWORD_VERSION: v1
SECRET_SMTP_PASSWORD_VERSION: v1
trigger:
branch:
- main
---
kind: pipeline
name: generate recipe catalogue
steps:
- name: release a new version
image: plugins/downstream
settings:
server: https://build.coopcloud.tech
token:
from_secret: drone_abra-bot_token
fork: true
repositories:
- coop-cloud/auto-recipes-catalogue-json
trigger:
event: tag

View File

@ -5,28 +5,21 @@ DOMAIN=penpot.example.com
#EXTRA_DOMAINS=', `www.${REPO_NAME_KEBAB}.example.com`'
LETS_ENCRYPT_ENV=production
# By default files upload by user are stored in local
# filesystem. But it can be configured to store in AWS S3 or
# completelly in de the database. Storing in the database makes
# the backups more easy but will make access to media less
# performant.
PENPOT_STORAGE_BACKEND=fs
# Generate the secret key manually and insert it e.g.
# dd if=/dev/urandom bs=1 count=64 | base64 -
SECRET_SECRET_KEY_VERSION=v1
SECRET_DB_PASSWORD_VERSION=v1
# Telemetry. When enabled, a periodical process will send
# annonymous data about this instance. Telemetry data will
# enable us to learn on how the application is used based on
# real scenarios. If you want to help us, please leave it
# enabled. In any case you can see the source code of both
# client and server in the penpot repository.
PENPOT_TELEMETRY_ENABLED=false
## All flags take the format of enable-flag-name or disable-flag-name
# List of flags:
# demo-users email-verification log-emails log-invitation-tokens login-with-github login-with-gitlab login-with-google login-with-ldap login-with-oidc login-with-password registration secure-session-cookies smtp smtp-debug telemetry webhooks prepl-server
PENPOT_FLAGS="enable-registration enable-login-with-password disable-email-verification enable-prepl-server disable-telemetry"
# Email sending configuration. By default emails are printed in
# console, but for production usage is recommeded to setup a
# real SMTP provider. Emails are used for confirm user
# registration.
PENPOT_SMTP_ENABLED=false
PENPOT_SMTP_DEFAULT_FROM=penpot@example.com
PENPOT_SMTP_DEFAULT_REPLY_TO=penpot@example.com
## If not set, mails will be printed to logs
#PENPOT_FLAGS="$PENPOT_FLAGS enable-smtp"
#SECRET_SMTP_PASSWORD_VERSION=v1
#PENPOT_SMTP_DEFAULT_FROM=penpot@example.com
#PENPOT_SMTP_DEFAULT_REPLY_TO=penpot@example.com
#PENPOT_SMTP_HOST=smtp.example.com
#PENPOT_SMTP_PORT=25
#PENPOT_SMTP_USERNAME=username
@ -34,10 +27,18 @@ PENPOT_SMTP_DEFAULT_REPLY_TO=penpot@example.com
#PENPOT_SMTP_TLS=true
#PENPOT_SMTP_SSL=false
SECRET_DB_PASSWORD_VERSION=v1
SECRET_SMTP_PASSWORD_VERSION=v1
## Store assets in the filesystem
PENPOT_ASSETS_STORAGE_BACKEND=assets-fs
PENPOT_ASSETS_FS_DIRECTORY=/opt/data/assets
## Or store them in an S3 bucket
#- PENPOT_ASSETS_STORAGE_BACKEND=assets-s3
#- PENPOT_STORAGE_ASSETS_S3_ENDPOINT=http://penpot-minio:9000
#- PENPOT_STORAGE_ASSETS_S3_BUCKET=<BUKET_NAME>
#- AWS_ACCESS_KEY_ID=<KEY_ID>
#- AWS_SECRET_ACCESS_KEY=<ACCESS_KEY>
# e.g. for Keycloak https://id.example.com/auth/realms/example/
#PENPOT_FLAGS_FRONTEND="$PENPOT_FLAGS_FRONTEND enable-login-with-oidc"
#PENPOT_OIDC_BASE_URI=
#PENPOT_OIDC_CLIENT_ID=
#PENPOT_OIDC_CLIENT_SECRET=

View File

@ -2,13 +2,13 @@
<!-- metadata -->
* **Category**: Apps
* **Status**: ❹💣
* **Status**: 0, work-in-progress
* **Image**: [`penpotapp/*`](https://hub.docker.com/r/penpotapp)
* **Healthcheck**:
* **Backups**:
* **Email**:
* **Tests**:
* **SSO**: ❶💚 (OAuth)
* **SSO**: 3 (OAuth)
<!-- endmetadata -->
## Basic usage
@ -17,9 +17,9 @@
2. Deploy [`coop-cloud/traefik`]
3. `abra app new penpot --secrets` (optionally with `--pass` if you'd like
to save secrets in `pass`)
4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
your Docker swarm box
5. `abra app YOURAPPDOMAIN deploy`
5. `abra app deploy YOURAPPDOMAIN`
6. Open the configured domain in your browser to finish set-up
[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra

View File

@ -1,92 +1,86 @@
version: "3.8"
x-environment:
&default-env
- PENPOT_PUBLIC_URI=https://{domain}
- PENPOT_DATABASE_URI=postgresql://postgres/penpot
- PENPOT_DATABASE_USERNAME=penpot
- PENPOT_DATABASE_PASSWORD_FILE=/run/secrets/db_password
- PENPOT_REDIS_URI=redis://redis/0
- PENPOT_STORAGE_BACKEND
- PENPOT_STORAGE_FS_DIRECTORY=/opt/data/assets
- PENPOT_TELEMETRY_ENABLED
- PENPOT_SMTP_ENABLED
- PENPOT_SMTP_DEFAULT_FROM
- PENPOT_SMTP_DEFAULT_REPLY_TO
- PENPOT_SMTP_HOST
- PENPOT_SMTP_PORT
- PENPOT_SMTP_USERNAME
- PENPOT_SMTP_TLS
- PENPOT_SMTP_SSL
services:
app:
image: "penpotapp/frontend:1.8.2-alpha"
image: "penpotapp/frontend:1.19.3"
networks:
- proxy
- backend
- internal
volumes:
- penpot_assets:/opt/data
depends_on:
- penpot-backend
- penpot-exporter
environment: *default-env
entrypoint: /entrypoint.override.sh
environment:
- PENPOT_FLAGS
secrets:
- db_password
configs:
- source: app_entrypoint
target: /entrypoint.override.sh
mode: 0555
deploy:
restart_policy:
condition: on-failure
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
# Redirect from EXTRA_DOMAINS to DOMAIN
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
- coop-cloud.${STACK_NAME}.version=0.2.0+1.8.2-alpha
- "coop-cloud.${STACK_NAME}.version=2.0.1+1.19.3"
penpot-backend:
image: "penpotapp/backend:1.8.2-alpha"
image: "penpotapp/backend:1.19.3"
volumes:
- penpot_assets:/opt/data
depends_on:
- postgres
- redis
environment: *default-env
- penpot-postgres
- penpot-redis
environment:
- PENPOT_FLAGS
- PENPOT_PREPL_HOST=0.0.0.0 # I don't really understand what that is for
- PENPOT_PUBLIC_URI=${DOMAIN}
- PENPOT_SECRET_KEY_FILE=/run/secrets/secret_key
- PENPOT_DATABASE_PASSWORD_FILE=/run/secrets/db_password
- PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot
- PENPOT_DATABASE_USERNAME=penpot
- PENPOT_REDIS_URI=redis://penpot-redis/0
- PENPOT_SMTP_DEFAULT_FROM
- PENPOT_SMTP_DEFAULT_REPLY_TO
- PENPOT_SMTP_HOST
- PENPOT_SMTP_PORT
- PENPOT_SMTP_USERNAME
- PENPOT_SMTP_PASSWORD
- PENPOT_SMTP_TLS
- PENPOT_SMTP_SSL
- PENPOT_ASSETS_STORAGE_BACKEND
- PENPOT_ASSETS_FS_DIRECTORY
- PENPOT_STORAGE_ASSETS_S3_ENDPOINT
- PENPOT_STORAGE_ASSETS_S3_BUCKET
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
secrets:
- db_password
- secret_key
configs:
- source: backend_entrypoint
target: /docker-entrypoint.sh
mode: 0555
entrypoint: /docker-entrypoint.sh
networks:
- backend
# FIXME 3wc: this is only required for email
- proxy
deploy:
labels:
- coop-cloud.${STACK_NAME}.penpot-backend.version=1.4.0-alpha-
- internal
penpot-exporter:
image: "penpotapp/exporter:1.8.2-alpha"
image: "penpotapp/exporter:1.19.3"
environment:
# Don't touch it; this uses internal docker network to
# communicate with the frontend.
- PENPOT_PUBLIC_URI=http://app
- PENPOT_REDIS_URI=redis://penpot-redis/0
networks:
- backend
deploy:
labels:
- coop-cloud.${STACK_NAME}.penpot-exporter.version=1.4.0-alpha-617c54da
postgres:
image: "postgres:14"
- internal
penpot-postgres:
image: "postgres:16.2"
stop_signal: SIGINT
secrets:
- db_password
@ -98,31 +92,23 @@ services:
volumes:
- postgres:/var/lib/postgresql/data
networks:
- backend
deploy:
labels:
- coop-cloud.${STACK_NAME}.postgres.version=13-61d5d8ef
redis:
image: redis:6
- internal
penpot-redis:
image: redis:7.2.4
networks:
- backend
deploy:
labels:
- coop-cloud.${STACK_NAME}.redis.version=6-e10f55f9
- internal
networks:
internal:
proxy:
external: true
backend:
volumes:
postgres:
penpot_assets:
configs:
app_entrypoint:
name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_CONF_VERSION}
file: entrypoint-app.sh
backend_entrypoint:
name: ${STACK_NAME}_backend_entrypoint_${BACKEND_ENTRYPOINT_CONF_VERSION}
file: entrypoint-backend.sh
@ -131,3 +117,9 @@ secrets:
db_password:
external: true
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
secret_key:
external: true
name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
smtp_password:
external: true
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}

View File

@ -23,6 +23,7 @@ file_env() {
load_vars() {
file_env "PENPOT_DATABASE_PASSWORD"
file_env "PENPOT_SECRET_KEY"
file_env "PENPOT_SMTP_PASSWORD"
file_env "PENPOT_LDAP_BIND_PASSWORD"
file_env "PENPOT_GOOGLE_CLIENT_SECRET"