chore: publish 3.1.0+6.5.2-22 release

abra.sh

@@ -3,28 +3,27 @@ export AUTO_WIZARD_VERSION=v2
 export PG_BACKUP_VERSION=v2
 
 get_setting_changes() {
-    /custom-entrypoint.sh "rails r 'puts JSON.pretty_generate(JSON.parse(Setting.all.select{ |setting| setting.state_current != setting.state_initial }.map { |setting| {name: setting.name, value: setting.state_current[\""value\""]} } .to_json))'"
+  /custom-entrypoint.sh "rails r 'puts JSON.pretty_generate(JSON.parse(Setting.all.select{ |setting| setting.state_current != setting.state_initial }.map { |setting| {name: setting.name, value: setting.state_current[\""value\""]} } .to_json))'"
 }
 
 console() {
-    /custom-entrypoint.sh "rails c"
+  /custom-entrypoint.sh "rails c"
 }
 
-
 rails_run() {
-    COMMAND="rails r \"$@\""
-    /custom-entrypoint.sh "$COMMAND"
+  COMMAND="rails r \"$@\""
+  /custom-entrypoint.sh "$COMMAND"
 }
 
 init() {
-    cp -f /opt/zammad/contrib/auto_wizard.json /tmp/auto_wizard.json
-    /custom-entrypoint.sh "rails zammad:setup:auto_wizard[/tmp/auto_wizard.json]"
+  cp -f /opt/zammad/contrib/auto_wizard.json /tmp/auto_wizard.json
+  /custom-entrypoint.sh "rails zammad:setup:auto_wizard[/tmp/auto_wizard.json]"
 }
 
 enable_authentik_sso() {
-    ADMIN_UID=$(abra app cmd -T $SSO_PROVIDER_DOMAIN worker get_user_uid akadmin)
-    CERT=$(abra app cmd -T $SSO_PROVIDER_DOMAIN worker get_certificate zammad)
-    COMMAND="
+  ADMIN_UID=$(abra app cmd -T $SSO_PROVIDER_DOMAIN worker get_user_uid akadmin)
+  CERT=$(abra app cmd -T $SSO_PROVIDER_DOMAIN worker get_certificate zammad)
+  COMMAND="
     (u = User.find_by(login: 'admin')) && (u.login='$ADMIN_UID') && u.save!;
     Setting.set('auth_saml', true);
     Setting.set('auth_third_party_auto_link_at_inital_login', true);
@@ -36,18 +35,26 @@ enable_authentik_sso() {
         'idp_cert_fingerprint'=>'',
         'name_identifier_format'=>'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'})
     "
-    abra app cmd -T $DOMAIN zammad-railsserver rails_run "$(printf "%q " $COMMAND )"
+  abra app cmd -T $DOMAIN zammad-railsserver rails_run "$(printf "%q " $COMMAND)"
 }
 
 set_logo() {
-    LOGO_PATH="$1"
-    abra app cp "$APP_NAME" "$LOGO_PATH" zammad-railsserver:/tmp/
-    filename="$(basename "$LOGO_PATH")"
-    COMMAND="
+  LOGO_PATH="$1"
+  abra app cp "$APP_NAME" "$LOGO_PATH" zammad-railsserver:/tmp/
+  filename="$(basename "$LOGO_PATH")"
+  COMMAND="
     logo_path = '/tmp/$filename';
     logo_content = File.open(logo_path, 'rb') { |file| file.read };
     logo_timestamp = Service::SystemAssets::ProductLogo.store(logo_content);
     Setting.set('product_logo', logo_timestamp);
     "
-    abra app cmd -T $DOMAIN zammad-railsserver rails_run "$(printf "%q " $COMMAND )"
+  abra app cmd -T $DOMAIN zammad-railsserver rails_run "$(printf "%q " $COMMAND)"
+}
+
+fix_permissions() {
+  i=0
+  while ! abra app run -t -u 0 $DOMAIN zammad-elasticsearch -- chown elasticsearch -Rv /usr/share/elasticsearch/data && [[ $i -lt 30 ]]; do
+    ((i++))
+    sleep 1
+  done
 }

compose.yml

@@ -24,6 +24,8 @@ x-shared:
       ELASTICSEARCH_NAMESPACE:
       ELASTICSEARCH_REINDEX:
       ELASTICSEARCH_SSL_VERIFY:
+      ELASTICSEARCH_USER:
+      ELASTICSEARCH_PASS:
       NGINX_PORT:
       NGINX_SERVER_NAME:
       NGINX_SERVER_SCHEME: https
@@ -43,7 +45,7 @@ x-shared:
       SSO_PROVIDER_DOMAIN:
       IDP_SSO_TARGET_URL:
       IDP_SLO_SERVICE_URL:
-    image: ghcr.io/zammad/zammad:6.5.0-34
+    image: ghcr.io/zammad/zammad:6.5.2-22
     deploy:
       restart_policy:
         condition: on-failure
@@ -67,7 +69,7 @@ x-shared:
 
 services:
   zammad-elasticsearch:
-    image: bitnami/elasticsearch:8.18.0
+    image: elasticsearch:8.19.6
     deploy:
       restart_policy:
         condition: on-failure
@@ -77,11 +79,13 @@ services:
         reservations:
           memory: 2G
     volumes:
-      - elasticsearch-data:/bitnami/elasticsearch/data
+      - elasticsearch-data:/usr/share/elasticsearch/data
     environment:
-      - discovery.type=single-node
+      discovery.type: single-node
+      xpack.security.enabled: "false"
+      ES_JAVA_OPTS: -Xms1g -Xmx1g
     healthcheck:
-      test: "/opt/bitnami/scripts/elasticsearch/healthcheck.sh"
+      #test: TODO
       interval: 30s
       timeout: 10s
       retries: 10
@@ -96,7 +100,7 @@ services:
 
   zammad-memcached:
     command: memcached -m 256M
-    image: memcached:1.6.38-alpine
+    image: memcached:1.6.39-alpine
     healthcheck:
       test: 'echo "version" | nc -vn -w 1 127.0.0.1 11211'
       interval: 30s
@@ -128,9 +132,9 @@ services:
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
-        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https"
-        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true"
-        - "coop-cloud.${STACK_NAME}.version=2.1.0+6.5.0-34"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
+        - "coop-cloud.${STACK_NAME}.version=3.1.0+6.5.2-22"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8080"]
@@ -181,7 +185,7 @@ services:
       start_period: 5m
 
   zammad-redis:
-    image: redis:7.4.3-alpine
+    image: redis:7.4.6-alpine
     deploy:
       restart_policy:
         condition: on-failure

release/3.0.0+6.5.0-34

@@ -0,0 +1,2 @@
+Breaking Change. You need to run the following command to change the elasticsearch volume permissions: 
+abra app cmd --local <APPDOMAIN> fix_permission