Compare commits
9 Commits
1.8.2-alph
...
main
Author | SHA1 | Date | |
---|---|---|---|
8fbe402386 | |||
00c72d17ed | |||
28cbee691e | |||
e52ae0ad24 | |||
5a43aaabca | |||
4827656be4 | |||
72900a247b | |||
169a12008b | |||
2fbb41adff |
30
.drone.yml
30
.drone.yml
@ -3,17 +3,39 @@ kind: pipeline
|
||||
name: deploy to swarm-test.autonomic.zone
|
||||
steps:
|
||||
- name: deployment
|
||||
image: decentral1se/stack-ssh-deploy:latest
|
||||
image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
|
||||
settings:
|
||||
host: swarm-test.autonomic.zone
|
||||
stack: ${REPO_NAME_SNAKE}
|
||||
stack: penpot
|
||||
networks:
|
||||
- proxy
|
||||
purge: true
|
||||
deploy_key:
|
||||
from_secret: drone_ssh_swarm_test
|
||||
environment:
|
||||
DOMAIN: ${REPO_NAME_KEBAB}.swarm-test.autonomic.zone
|
||||
STACK_NAME: ${REPO_NAME_SNAKE}
|
||||
DOMAIN: penpot.swarm-test.autonomic.zone
|
||||
STACK_NAME: penpot
|
||||
LETS_ENCRYPT_ENV: production
|
||||
APP_ENTRYPOINT_CONF_VERSION: v1
|
||||
BACKEND_ENTRYPOINT_CONF_VERSION: v1
|
||||
SECRET_PENPOT_DB_PASSWORD_VERSION: v1
|
||||
SECRET_SMTP_PASSWORD_VERSION: v1
|
||||
trigger:
|
||||
branch:
|
||||
- main
|
||||
---
|
||||
kind: pipeline
|
||||
name: generate recipe catalogue
|
||||
steps:
|
||||
- name: release a new version
|
||||
image: plugins/downstream
|
||||
settings:
|
||||
server: https://build.coopcloud.tech
|
||||
token:
|
||||
from_secret: drone_abra-bot_token
|
||||
fork: true
|
||||
repositories:
|
||||
- coop-cloud/auto-recipes-catalogue-json
|
||||
|
||||
trigger:
|
||||
event: tag
|
||||
|
45
.env.sample
45
.env.sample
@ -5,28 +5,21 @@ DOMAIN=penpot.example.com
|
||||
#EXTRA_DOMAINS=', `www.${REPO_NAME_KEBAB}.example.com`'
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
# By default files upload by user are stored in local
|
||||
# filesystem. But it can be configured to store in AWS S3 or
|
||||
# completelly in de the database. Storing in the database makes
|
||||
# the backups more easy but will make access to media less
|
||||
# performant.
|
||||
PENPOT_STORAGE_BACKEND=fs
|
||||
# Generate the secret key manually and insert it e.g.
|
||||
# dd if=/dev/urandom bs=1 count=64 | base64 -
|
||||
SECRET_SECRET_KEY_VERSION=v1
|
||||
SECRET_DB_PASSWORD_VERSION=v1
|
||||
|
||||
# Telemetry. When enabled, a periodical process will send
|
||||
# annonymous data about this instance. Telemetry data will
|
||||
# enable us to learn on how the application is used based on
|
||||
# real scenarios. If you want to help us, please leave it
|
||||
# enabled. In any case you can see the source code of both
|
||||
# client and server in the penpot repository.
|
||||
PENPOT_TELEMETRY_ENABLED=false
|
||||
## All flags take the format of enable-flag-name or disable-flag-name
|
||||
# List of flags:
|
||||
# demo-users email-verification log-emails log-invitation-tokens login-with-github login-with-gitlab login-with-google login-with-ldap login-with-oidc login-with-password registration secure-session-cookies smtp smtp-debug telemetry webhooks prepl-server
|
||||
PENPOT_FLAGS="enable-registration enable-login-with-password disable-email-verification enable-prepl-server disable-telemetry"
|
||||
|
||||
# Email sending configuration. By default emails are printed in
|
||||
# console, but for production usage is recommeded to setup a
|
||||
# real SMTP provider. Emails are used for confirm user
|
||||
# registration.
|
||||
PENPOT_SMTP_ENABLED=false
|
||||
PENPOT_SMTP_DEFAULT_FROM=penpot@example.com
|
||||
PENPOT_SMTP_DEFAULT_REPLY_TO=penpot@example.com
|
||||
## If not set, mails will be printed to logs
|
||||
#PENPOT_FLAGS="$PENPOT_FLAGS enable-smtp"
|
||||
#SECRET_SMTP_PASSWORD_VERSION=v1
|
||||
#PENPOT_SMTP_DEFAULT_FROM=penpot@example.com
|
||||
#PENPOT_SMTP_DEFAULT_REPLY_TO=penpot@example.com
|
||||
#PENPOT_SMTP_HOST=smtp.example.com
|
||||
#PENPOT_SMTP_PORT=25
|
||||
#PENPOT_SMTP_USERNAME=username
|
||||
@ -34,10 +27,18 @@ PENPOT_SMTP_DEFAULT_REPLY_TO=penpot@example.com
|
||||
#PENPOT_SMTP_TLS=true
|
||||
#PENPOT_SMTP_SSL=false
|
||||
|
||||
SECRET_DB_PASSWORD_VERSION=v1
|
||||
SECRET_SMTP_PASSWORD_VERSION=v1
|
||||
## Store assets in the filesystem
|
||||
PENPOT_ASSETS_STORAGE_BACKEND=assets-fs
|
||||
PENPOT_ASSETS_FS_DIRECTORY=/opt/data/assets
|
||||
## Or store them in an S3 bucket
|
||||
#- PENPOT_ASSETS_STORAGE_BACKEND=assets-s3
|
||||
#- PENPOT_STORAGE_ASSETS_S3_ENDPOINT=http://penpot-minio:9000
|
||||
#- PENPOT_STORAGE_ASSETS_S3_BUCKET=<BUKET_NAME>
|
||||
#- AWS_ACCESS_KEY_ID=<KEY_ID>
|
||||
#- AWS_SECRET_ACCESS_KEY=<ACCESS_KEY>
|
||||
|
||||
# e.g. for Keycloak https://id.example.com/auth/realms/example/
|
||||
#PENPOT_FLAGS_FRONTEND="$PENPOT_FLAGS_FRONTEND enable-login-with-oidc"
|
||||
#PENPOT_OIDC_BASE_URI=
|
||||
#PENPOT_OIDC_CLIENT_ID=
|
||||
#PENPOT_OIDC_CLIENT_SECRET=
|
||||
|
@ -2,13 +2,13 @@
|
||||
|
||||
<!-- metadata -->
|
||||
* **Category**: Apps
|
||||
* **Status**: ❹💣
|
||||
* **Status**: 0, work-in-progress
|
||||
* **Image**: [`penpotapp/*`](https://hub.docker.com/r/penpotapp)
|
||||
* **Healthcheck**:
|
||||
* **Backups**:
|
||||
* **Email**:
|
||||
* **Tests**:
|
||||
* **SSO**: ❶💚 (OAuth)
|
||||
* **SSO**: 3 (OAuth)
|
||||
<!-- endmetadata -->
|
||||
|
||||
## Basic usage
|
||||
@ -17,9 +17,9 @@
|
||||
2. Deploy [`coop-cloud/traefik`]
|
||||
3. `abra app new penpot --secrets` (optionally with `--pass` if you'd like
|
||||
to save secrets in `pass`)
|
||||
4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
|
||||
4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
|
||||
your Docker swarm box
|
||||
5. `abra app YOURAPPDOMAIN deploy`
|
||||
5. `abra app deploy YOURAPPDOMAIN`
|
||||
6. Open the configured domain in your browser to finish set-up
|
||||
|
||||
[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
|
||||
|
116
compose.yml
116
compose.yml
@ -1,92 +1,86 @@
|
||||
version: "3.8"
|
||||
|
||||
x-environment:
|
||||
&default-env
|
||||
- PENPOT_PUBLIC_URI=https://{domain}
|
||||
- PENPOT_DATABASE_URI=postgresql://postgres/penpot
|
||||
- PENPOT_DATABASE_USERNAME=penpot
|
||||
- PENPOT_DATABASE_PASSWORD_FILE=/run/secrets/db_password
|
||||
- PENPOT_REDIS_URI=redis://redis/0
|
||||
- PENPOT_STORAGE_BACKEND
|
||||
- PENPOT_STORAGE_FS_DIRECTORY=/opt/data/assets
|
||||
- PENPOT_TELEMETRY_ENABLED
|
||||
- PENPOT_SMTP_ENABLED
|
||||
- PENPOT_SMTP_DEFAULT_FROM
|
||||
- PENPOT_SMTP_DEFAULT_REPLY_TO
|
||||
- PENPOT_SMTP_HOST
|
||||
- PENPOT_SMTP_PORT
|
||||
- PENPOT_SMTP_USERNAME
|
||||
- PENPOT_SMTP_TLS
|
||||
- PENPOT_SMTP_SSL
|
||||
|
||||
services:
|
||||
app:
|
||||
image: "penpotapp/frontend:1.8.2-alpha"
|
||||
image: "penpotapp/frontend:1.19.3"
|
||||
networks:
|
||||
- proxy
|
||||
- backend
|
||||
- internal
|
||||
volumes:
|
||||
- penpot_assets:/opt/data
|
||||
depends_on:
|
||||
- penpot-backend
|
||||
- penpot-exporter
|
||||
environment: *default-env
|
||||
entrypoint: /entrypoint.override.sh
|
||||
environment:
|
||||
- PENPOT_FLAGS
|
||||
secrets:
|
||||
- db_password
|
||||
configs:
|
||||
- source: app_entrypoint
|
||||
target: /entrypoint.override.sh
|
||||
mode: 0555
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=proxy"
|
||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
# Redirect from EXTRA_DOMAINS to DOMAIN
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- coop-cloud.${STACK_NAME}.version=0.2.0+1.8.2-alpha
|
||||
- "coop-cloud.${STACK_NAME}.version=2.0.1+1.19.3"
|
||||
|
||||
penpot-backend:
|
||||
image: "penpotapp/backend:1.8.2-alpha"
|
||||
image: "penpotapp/backend:1.19.3"
|
||||
volumes:
|
||||
- penpot_assets:/opt/data
|
||||
depends_on:
|
||||
- postgres
|
||||
- redis
|
||||
environment: *default-env
|
||||
- penpot-postgres
|
||||
- penpot-redis
|
||||
environment:
|
||||
- PENPOT_FLAGS
|
||||
- PENPOT_PREPL_HOST=0.0.0.0 # I don't really understand what that is for
|
||||
- PENPOT_PUBLIC_URI=${DOMAIN}
|
||||
- PENPOT_SECRET_KEY_FILE=/run/secrets/secret_key
|
||||
- PENPOT_DATABASE_PASSWORD_FILE=/run/secrets/db_password
|
||||
- PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot
|
||||
- PENPOT_DATABASE_USERNAME=penpot
|
||||
- PENPOT_REDIS_URI=redis://penpot-redis/0
|
||||
- PENPOT_SMTP_DEFAULT_FROM
|
||||
- PENPOT_SMTP_DEFAULT_REPLY_TO
|
||||
- PENPOT_SMTP_HOST
|
||||
- PENPOT_SMTP_PORT
|
||||
- PENPOT_SMTP_USERNAME
|
||||
- PENPOT_SMTP_PASSWORD
|
||||
- PENPOT_SMTP_TLS
|
||||
- PENPOT_SMTP_SSL
|
||||
- PENPOT_ASSETS_STORAGE_BACKEND
|
||||
- PENPOT_ASSETS_FS_DIRECTORY
|
||||
- PENPOT_STORAGE_ASSETS_S3_ENDPOINT
|
||||
- PENPOT_STORAGE_ASSETS_S3_BUCKET
|
||||
- AWS_ACCESS_KEY_ID
|
||||
- AWS_SECRET_ACCESS_KEY
|
||||
secrets:
|
||||
- db_password
|
||||
- secret_key
|
||||
configs:
|
||||
- source: backend_entrypoint
|
||||
target: /docker-entrypoint.sh
|
||||
mode: 0555
|
||||
entrypoint: /docker-entrypoint.sh
|
||||
networks:
|
||||
- backend
|
||||
# FIXME 3wc: this is only required for email
|
||||
- proxy
|
||||
deploy:
|
||||
labels:
|
||||
- coop-cloud.${STACK_NAME}.penpot-backend.version=1.4.0-alpha-
|
||||
- internal
|
||||
|
||||
penpot-exporter:
|
||||
image: "penpotapp/exporter:1.8.2-alpha"
|
||||
image: "penpotapp/exporter:1.19.3"
|
||||
environment:
|
||||
# Don't touch it; this uses internal docker network to
|
||||
# communicate with the frontend.
|
||||
- PENPOT_PUBLIC_URI=http://app
|
||||
- PENPOT_REDIS_URI=redis://penpot-redis/0
|
||||
networks:
|
||||
- backend
|
||||
deploy:
|
||||
labels:
|
||||
- coop-cloud.${STACK_NAME}.penpot-exporter.version=1.4.0-alpha-617c54da
|
||||
postgres:
|
||||
image: "postgres:14"
|
||||
- internal
|
||||
|
||||
penpot-postgres:
|
||||
image: "postgres:16.2"
|
||||
stop_signal: SIGINT
|
||||
secrets:
|
||||
- db_password
|
||||
@ -98,31 +92,23 @@ services:
|
||||
volumes:
|
||||
- postgres:/var/lib/postgresql/data
|
||||
networks:
|
||||
- backend
|
||||
deploy:
|
||||
labels:
|
||||
- coop-cloud.${STACK_NAME}.postgres.version=13-61d5d8ef
|
||||
redis:
|
||||
image: redis:6
|
||||
- internal
|
||||
|
||||
penpot-redis:
|
||||
image: redis:7.2.4
|
||||
networks:
|
||||
- backend
|
||||
deploy:
|
||||
labels:
|
||||
- coop-cloud.${STACK_NAME}.redis.version=6-e10f55f9
|
||||
- internal
|
||||
|
||||
networks:
|
||||
internal:
|
||||
proxy:
|
||||
external: true
|
||||
backend:
|
||||
|
||||
volumes:
|
||||
postgres:
|
||||
penpot_assets:
|
||||
|
||||
configs:
|
||||
app_entrypoint:
|
||||
name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_CONF_VERSION}
|
||||
file: entrypoint-app.sh
|
||||
backend_entrypoint:
|
||||
name: ${STACK_NAME}_backend_entrypoint_${BACKEND_ENTRYPOINT_CONF_VERSION}
|
||||
file: entrypoint-backend.sh
|
||||
@ -131,3 +117,9 @@ secrets:
|
||||
db_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||
secret_key:
|
||||
external: true
|
||||
name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
|
||||
smtp_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
|
||||
|
@ -23,6 +23,7 @@ file_env() {
|
||||
|
||||
load_vars() {
|
||||
file_env "PENPOT_DATABASE_PASSWORD"
|
||||
file_env "PENPOT_SECRET_KEY"
|
||||
file_env "PENPOT_SMTP_PASSWORD"
|
||||
file_env "PENPOT_LDAP_BIND_PASSWORD"
|
||||
file_env "PENPOT_GOOGLE_CLIENT_SECRET"
|
||||
|
Loading…
Reference in New Issue
Block a user