Compare commits
9 Commits
1.0.0+0.32
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| bda7ee91d7 | |||
e83e071fc4
|
|||
| eecfe6239c | |||
| 012818dfc2 | |||
| 705a039676 | |||
| cf9739b856 | |||
| 0c59e8d3c1 | |||
| 8a1423afaf | |||
| a56da6b1a2 |
16
.gitea/PULL_REQUEST_TEMPLATE.md
Normal file
16
.gitea/PULL_REQUEST_TEMPLATE.md
Normal file
@ -0,0 +1,16 @@
|
||||
---
|
||||
name: "Rauthy pull request template"
|
||||
about: "Rauthy pull request template"
|
||||
---
|
||||
|
||||
<!--
|
||||
Thank you for doing recipe maintenance work!
|
||||
Please mark all checklist items which are relevant for your changes.
|
||||
Please remove the checklist items which are not relevant for your changes.
|
||||
Feel free to remove this comment.
|
||||
-->
|
||||
|
||||
* [ ] I have deployed and tested my changes
|
||||
* [ ] I have [updated relevant versions in `abra.sh`](https://docs.coopcloud.tech/maintainers/upgrade/#updating-versions-in-the-abrash)
|
||||
* [ ] I have made my environment variable changes [backwards compatible](https://docs.coopcloud.tech/maintainers/upgrade/#backwards-compatible-environment-variable-changes)
|
||||
* [ ] I have added a [release note entry](https://docs.coopcloud.tech/maintainers/upgrade/#creating-new-release-notes)
|
||||
32
MAINTENANCE.md
Normal file
32
MAINTENANCE.md
Normal file
@ -0,0 +1,32 @@
|
||||
# Rauthy Recipe Maintenance
|
||||
|
||||
All contributions should be made via a pull request. This is to ensure a
|
||||
certain quality and consistency, that others can rely on.
|
||||
|
||||
## Maintainer Responsibilities
|
||||
|
||||
A recipe maintainer has the following responsibilities:
|
||||
|
||||
- Respond to pull requests / issues within a week
|
||||
- Make image security updates within a day
|
||||
- Make image patch / minor updates within a week
|
||||
- Make image major updates within a month
|
||||
|
||||
In order to fullfill these responsibilities a recipe maintainer:
|
||||
|
||||
- Has to watch the repository (to get notifications)
|
||||
- Needs to make sure renovate is configured properly
|
||||
|
||||
## Pull Requests
|
||||
|
||||
A pull request can be merged if it is approved by at least one maintainer. For
|
||||
pull requests opened by a maintainer they need to be approved by another
|
||||
maintainer. Even though it is okay to merge a pull request with one approval, it
|
||||
is always better if all maintainers looked at the pull request and approved it.
|
||||
|
||||
## Become a maintainer
|
||||
|
||||
Everyone can apply to be a recipe maintainer:
|
||||
1. Watch the repository to always get updates
|
||||
2. Simply add your self to the list in the [README.md](./README.md) and open a new pull request with the change.
|
||||
3. Once the pull request gets merged you will be added to the [rauthy maintainers team](https://git.coopcloud.tech/org/coop-cloud/teams/rauthy-maintainers).
|
||||
@ -4,6 +4,7 @@
|
||||
|
||||
<!-- metadata -->
|
||||
|
||||
* **Maintainer**: [@3wc](https://git.coopcloud.tech/3wordchant), [@decentral1se](https://git.coopcloud.tech/decentral1se)
|
||||
* **Category**: Apps
|
||||
* **Status**: 0
|
||||
* **Image**: [`rauthy`](https://ghcr.io/sebadob/rauthy), 4, upstream
|
||||
|
||||
2
abra.sh
2
abra.sh
@ -1,6 +1,6 @@
|
||||
set -e
|
||||
|
||||
export CONFIG_TOML_VERSION=v2
|
||||
export CONFIG_TOML_VERSION=v3
|
||||
|
||||
generate_enc_keys() {
|
||||
KEY_A="$(openssl rand -base64 32)"
|
||||
|
||||
@ -5,6 +5,7 @@ services:
|
||||
- SMTP_ENABLED
|
||||
- SMTP_FROM
|
||||
- SMTP_URL
|
||||
- SMTP_PORT
|
||||
- SMTP_USERNAME
|
||||
secrets:
|
||||
- smtp_password
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
services:
|
||||
app:
|
||||
image: ghcr.io/sebadob/rauthy:0.32.3
|
||||
image: ghcr.io/sebadob/rauthy:0.33.1
|
||||
environment:
|
||||
- ADMIN_EMAIL
|
||||
- ADMIN_FORCE_MFA
|
||||
@ -31,7 +31,7 @@ services:
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.0.0+0.32.3"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.1.0+0.33.1"
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
|
||||
@ -6,17 +6,17 @@ This release supports encryption key rotation, which unfortunately requires some
|
||||
docker secret list # to obtain the secret's full name
|
||||
docker service create --name temp-reader --secret <secret-name> --mode replicated-job alpine:latest sh -c "cat /run/secrets/<secret-name>" && docker service logs --raw temp-reader && echo && docker service rm temp-reader
|
||||
|
||||
NOTE: the encryption key is only the characters AFTER the "/"
|
||||
NOTE: the enc_keys secret has the format `<key_id>/<key_value>`; we'll refer to those two parts as $KEY_ID and $KEY_VALUE from here on.
|
||||
|
||||
2. Add these lines to your config, overwriting the existing SECRET_ENC_KEYS_VERSION and ENC_KEY_ACTIVE values:
|
||||
|
||||
SECRET_ENC_KEYS_A_VERSION=a1 # generated=false
|
||||
SECRET_ENC_KEYS_A_VERSION=$KEY_ID # generated=false
|
||||
SECRET_ENC_KEYS_B_VERSION=b1 # generated=false
|
||||
ENC_KEY_ACTIVE="a1"
|
||||
ENC_KEY_ACTIVE="$KEY_ID"
|
||||
|
||||
3. Set key_a and generate key_b:
|
||||
|
||||
abra app secret insert $STACK_NAME enc_keys_a a1 "<your-existing-secret>" -C
|
||||
abra app secret insert $STACK_NAME enc_keys_a $KEY_ID "<your-existing-secret>" -C
|
||||
abra app secret insert $STACK_NAME enc_keys_b b1 "$(openssl rand -base64 32)" -C
|
||||
|
||||
Then you can deploy :)
|
||||
|
||||
6
renovate.json
Normal file
6
renovate.json
Normal file
@ -0,0 +1,6 @@
|
||||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"extends": [
|
||||
"config:recommended"
|
||||
]
|
||||
}
|
||||
Reference in New Issue
Block a user