fix entrypoint script

fix bash script
add support for local storage
2023-12-17 15:51:28 +01:00 · 2023-12-14 14:15:41 +01:00 · 2023-12-14 12:29:37 +01:00 · 2023-11-22 20:32:28 +01:00 · 2023-10-12 17:24:19 +02:00 · 2023-10-07 12:32:22 +02:00
10 changed files with 172 additions and 39 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -21,7 +21,6 @@ steps:
      SECRET_DB_PASSWORD_VERSION: v1
      SECRET_SECRET_KEY_VERSION: v1  # length=64
      SECRET_UTILS_SECRET_VERSION: v1  # length=64
-      SECRET_AWS_SECRET_KEY_VERSION: v1
 trigger:
  branch:
    - main
--- a/.env.sample
+++ b/.env.sample
@ -15,15 +15,9 @@ COMPOSE_FILE="compose.yml"
 SECRET_DB_PASSWORD_VERSION=v1
 SECRET_SECRET_KEY_VERSION=v1  # length=64
 SECRET_UTILS_SECRET_VERSION=v1  # length=64
-SECRET_AWS_SECRET_KEY_VERSION=v1

-AWS_ACCESS_KEY_ID=
-AWS_REGION=
-AWS_S3_UPLOAD_BUCKET_URL=
-AWS_S3_UPLOAD_BUCKET_NAME=
-AWS_S3_UPLOAD_MAX_SIZE=26214400
-AWS_S3_FORCE_PATH_STYLE=true
-AWS_S3_ACL=private
+# Set to s3 to use AWS S3 bucket
+FILE_STORAGE=local

 # –––––––––––––––– OPTIONAL ––––––––––––––––

@ -55,18 +49,20 @@ DEBUG=http
 # set, all domains are allowed by default when using Google OAuth to signin
 ALLOWED_DOMAINS=

-# TODO: setup compose.smtp.yml
 # To support sending outgoing transactional emails such as "document updated" or
 # "you've been invited" you'll need to provide authentication for an SMTP server
+# By default, this enables email login. You can disable this in the settings
+# for configuration details see https://docs.getoutline.com/s/hosting/doc/smtp-cqCJyZGMIB
+#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
 #SMTP_ENABLED=1
 #SMTP_HOST=
 #SMTP_PORT=
 #SMTP_USERNAME=
-#SMTP_PASSWORD=
 #SMTP_FROM_EMAIL=
 #SMTP_REPLY_EMAIL=
 #SMTP_TLS_CIPHERS=
 #SMTP_SECURE=true
+#SECRET_SMTP_PASSWORD_VERSION=v1

 #COMPOSE_FILE="$COMPOSE_FILE:compose.oidc.yml"
 #OIDC_ENABLED=1
@ -83,3 +79,16 @@ ALLOWED_DOMAINS=
 #GOOGLE_ENABLED=1
 #GOOGLE_CLIENT_ID=
 #SECRET_GOOGLE_CLIENT_SECRET_VERSION=v1
+
+COMPOSE_FILE="$COMPOSE_FILE:compose.local.yml"
+FILE_STORAGE_UPLOAD_MAX_SIZE=26214400
+
+#COMPOSE_FILE="$COMPOSE_FILE:compose.aws.yml"
+#AWS_ACCESS_KEY_ID=
+#AWS_REGION=
+#AWS_S3_UPLOAD_BUCKET_URL=
+#AWS_S3_UPLOAD_BUCKET_NAME=
+#AWS_S3_UPLOAD_MAX_SIZE=26214400
+#AWS_S3_FORCE_PATH_STYLE=true
+#AWS_S3_ACL=private
+#SECRET_AWS_SECRET_KEY_VERSION=v1
--- a/README.md
+++ b/README.md
@ -5,12 +5,12 @@ Wiki and knowledge base for growing teams
 <!-- metadata -->

 * **Category**: Apps
-* **Status**: 1, alpha
-* **Image**: [outlinewiki/outline](https://hub.docker.com/r/outlinewiki/outline)
+* **Status**: 3, beta
+* **Image**: [outlinewiki/outline](https://hub.docker.com/r/outlinewiki/outline), 4, upstream
 * **Healthcheck**: No
-* **Backups**: No
-* **Email**: No
-* **Tests**: No
+* **Backups**: Yes
+* **Email**: Yes
+* **Tests**: 2
 * **SSO**: 3 (OAuth)

 <!-- endmetadata -->
@ -19,10 +19,14 @@ Wiki and knowledge base for growing teams

 1. Set up Docker Swarm and [`abra`]
 2. Deploy [`coop-cloud/traefik`]
-3. `abra app new ${REPO_NAME} --secrets` (optionally with `--pass` if you'd like
-   to save secrets in `pass`)
+3. `abra app new ${REPO_NAME}`
+   - **WARNING**: Choose "n" when `abra` asks if you'd like to generate secrets
 4. `abra app config YOURAPPNAME` - be sure to change `$DOMAIN` to something that resolves to
-   your Docker swarm box
+   your Docker swarm box. For Minio, you'll want:
+   - `AWS_ACCESS_KEY_ID=<minio username>`
+   - `AWS_REGION="us-east-1"`
+   - `AWS_S3_UPLOAD_BUCKET_URL=https://minio.example.com`
+   - `AWS_S3_UPLOAD_BUCKET_NAME=
 5. `abra app deploy YOURAPPNAME`
 7. Open the configured domain in your browser to finish set-up

@ -31,6 +35,12 @@ Wiki and knowledge base for growing teams

 ## Tips & Tricks

+### Create an initial admin user
+
+```
+abra app cmd YOURAPPNAME app create_email_user test@example.com
+```
+
 ### Post-deploy migration

 ```
--- a/abra.sh
+++ b/abra.sh
@ -1,4 +1,17 @@
-export APP_ENTRYPOINT_VERSION=v6
+export APP_ENTRYPOINT_VERSION=v8
+export DB_ENTRYPOINT_VERSION=v2
+
+create_email_user() {
+	if [ -z "$1" ]; then
+		echo "Usage: ... create_email_user <email_address>"
+		exit 1
+	fi
+	export DATABASE_PASSWORD=$(cat /run/secrets/db_password)
+	export DATABASE_URL="postgres://outline:${DATABASE_PASSWORD}@${STACK_NAME}_db:5432/outline"
+	export UTILS_SECRET=$(cat /run/secrets/utils_secret)
+	export SECRET_KEY=$(cat /run/secrets/secret_key)
+	node build/server/scripts/seed.js "$1"
+}

 migrate() {
 	export DATABASE_PASSWORD=$(cat /run/secrets/db_password)
--- a/compose.aws.yml
+++ b/compose.aws.yml
@ -0,0 +1,22 @@
+---
+version: "3.8"
+
+services:
+  app:
+    secrets:
+      - aws_secret_key
+    environment:
+      - AWS_ACCESS_KEY_ID
+      - AWS_REGION
+      - AWS_S3_ACL
+      - AWS_S3_FORCE_PATH_STYLE
+      - AWS_S3_UPLOAD_BUCKET_NAME
+      - AWS_S3_UPLOAD_BUCKET_URL
+      - AWS_S3_UPLOAD_MAX_SIZE
+      - AWS_SDK_LOAD_CONFIG=0
+      - AWS_SECRET_KEY_FILE=/run/secrets/aws_secret_key
+
+secrets:
+  aws_secret_key:
+    name: ${STACK_NAME}_aws_secret_key_${SECRET_AWS_SECRET_KEY_VERSION}
+    external: true
--- a/compose.local.yml
+++ b/compose.local.yml
@ -0,0 +1,13 @@
+---
+version: "3.8"
+
+services:
+  app:
+    volumes:
+      - storage-data:/var/lib/outline/data
+    environment:
+      - FILE_STORAGE
+      - FILE_STORAGE_UPLOAD_MAX_SIZE
+
+volumes:
+  storage-data:
--- a/compose.smtp.yml
+++ b/compose.smtp.yml
@ -0,0 +1,18 @@
+version: "3.8"
+services:
+  app:
+    secrets:
+      - smtp_password
+    environment:
+      - SMTP_HOST
+      - SMTP_PORT
+      - SMTP_USERNAME
+      - SMTP_FROM_EMAIL
+      - SMTP_REPLY_EMAIL
+      - SMTP_TLS_CIPHERS
+      - SMTP_SECURE
+
+secrets:
+  smtp_password:
+    external: true
+    name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
--- a/compose.yml
+++ b/compose.yml
@ -6,9 +6,8 @@ services:
    networks:
      - backend
      - proxy
-    image: outlinewiki/outline:0.67.2
+    image: outlinewiki/outline:0.73.1
    secrets:
-      - aws_secret_key
      - db_password
      - secret_key
      - utils_secret
@ -17,15 +16,7 @@ services:
        target: /docker-entrypoint.sh
        mode: 0555
    environment:
-      - AWS_ACCESS_KEY_ID
-      - AWS_REGION
-      - AWS_S3_ACL
-      - AWS_S3_FORCE_PATH_STYLE
-      - AWS_S3_UPLOAD_BUCKET_NAME
-      - AWS_S3_UPLOAD_BUCKET_URL
-      - AWS_S3_UPLOAD_MAX_SIZE
-      - AWS_SDK_LOAD_CONFIG=0
-      - AWS_SECRET_KEY_FILE=/run/secrets/aws_secret_key
+      - FILE_STORAGE
      - DATABASE_PASSWORD_FILE=/run/secrets/db_password
      - FORCE_HTTPS=true
      - PGSSLMODE=disable
@ -43,29 +34,34 @@ services:
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "coop-cloud.${STACK_NAME}.version=0.6.0+0.67.2"
+        - "coop-cloud.${STACK_NAME}.version=1.1.0+0.73.1"
        ## Redirect from EXTRA_DOMAINS to DOMAIN
        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"

  cache:
-    image: redis:6.2.6
+    image: redis:7.2.3
    networks:
      - backend

  db:
-    image: postgres:11
+    image: postgres:15.5
    networks:
      - backend
    secrets:
      - db_password
+    configs:
+      - source: db_entrypoint
+        target: /docker-entrypoint.sh
+        mode: 0555
    environment:
      POSTGRES_DB: outline
      POSTGRES_PASSWORD_FILE: /run/secrets/db_password
      POSTGRES_USER: outline
    volumes:
      - "postgres_data:/var/lib/postgresql/data"
+    entrypoint: /docker-entrypoint.sh
    deploy:
      labels:
        backupbot.backup: "true"
@ -80,9 +76,6 @@ secrets:
  utils_secret:
    name: ${STACK_NAME}_utils_secret_${SECRET_UTILS_SECRET_VERSION}
    external: true
-  aws_secret_key:
-    name: ${STACK_NAME}_aws_secret_key_${SECRET_AWS_SECRET_KEY_VERSION}
-    external: true
  db_password:
    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
    external: true
@ -100,3 +93,7 @@ configs:
    name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang
+  db_entrypoint:
+    name: ${STACK_NAME}_db_entrypoint_${DB_ENTRYPOINT_VERSION}
+    file: entrypoint.postgres.sh.tmpl
+    template_driver: golang
--- a/entrypoint.postgres.sh.tmpl
+++ b/entrypoint.postgres.sh.tmpl
@ -0,0 +1,44 @@
+#!/bin/bash
+
+set -e
+
+MIGRATION_MARKER=$PGDATA/migration_in_progress
+OLDDATA=$PGDATA/old_data
+NEWDATA=$PGDATA/new_data
+
+if [ -e $MIGRATION_MARKER ]; then
+  echo "FATAL: migration was started but did not complete in a previous run. manual recovery necessary"
+  exit 1
+fi
+
+if [ -f $PGDATA/PG_VERSION ]; then
+  DATA_VERSION=$(cat $PGDATA/PG_VERSION)
+
+  if [ -n "$DATA_VERSION" -a "$PG_MAJOR" != "$DATA_VERSION" ]; then
+    echo "postgres data version $DATA_VERSION found, but need $PG_MAJOR. Starting migration"
+    echo "Installing postgres $DATA_VERSION"
+    sed -i "s/$/ $DATA_VERSION/" /etc/apt/sources.list.d/pgdg.list
+    apt-get update && apt-get install -y --no-install-recommends \
+      postgresql-$DATA_VERSION \
+      && rm -rf /var/lib/apt/lists/*
+    echo "shuffling around"
+    gosu postgres mkdir $OLDDATA $NEWDATA
+    chmod 700 $OLDDATA $NEWDATA
+    mv $PGDATA/* $OLDDATA/ || true
+    touch $MIGRATION_MARKER
+    echo "running initdb"
+    # abuse entrypoint script for initdb by making server error out
+    gosu postgres bash -c "export PGDATA=$NEWDATA ; /usr/local/bin/docker-entrypoint.sh --invalid-arg || true"
+    echo "running pg_upgrade"
+    cd /tmp
+    gosu postgres pg_upgrade --link -b /usr/lib/postgresql/$DATA_VERSION/bin -d $OLDDATA -D $NEWDATA -U $POSTGRES_USER
+    cp $OLDDATA/pg_hba.conf $NEWDATA/
+    mv $NEWDATA/* $PGDATA
+    rm -rf $OLDDATA
+    rmdir $NEWDATA
+    rm $MIGRATION_MARKER
+    echo "migration complete"
+  fi
+fi
+
+/usr/local/bin/docker-entrypoint.sh postgres
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -1,6 +1,12 @@
 #!/bin/sh

+{{ if eq (env "FILE_STORAGE")  "s3" }}
 export AWS_SECRET_ACCESS_KEY=$(cat /run/secrets/aws_secret_key)
+{{ end }}
+
+{{ if eq (env "SMTP_ENABLED") "1" }}
+export SMTP_PASSWORD=$(cat /run/secrets/smtp_password)
+{{ end }}

 {{ if eq (env "OIDC_ENABLED") "1" }}
 export OIDC_CLIENT_SECRET=$(cat /run/secrets/oidc_client_secret)
@ -15,5 +21,7 @@ export SECRET_KEY=$(cat /run/secrets/secret_key)
 export DATABASE_PASSWORD=$(cat /run/secrets/db_password)
 export DATABASE_URL="postgres://outline:${DATABASE_PASSWORD}@${STACK_NAME}_db:5432/outline"

+if [ ! "$1" = "-e" ]; then
 	/usr/local/bin/yarn db:migrate --env=production-ssl-disabled
 	/usr/local/bin/yarn start "$@"
+fi
Author	SHA1	Message	Date
Simon Thiessen	907597aab3	fix entrypoint script	2023-12-17 15:51:28 +01:00
Simon Thiessen	d9ce8fb168	fix bash script	2023-12-14 14:15:41 +01:00
Simon Thiessen	73de12d12f	add support for local storage	2023-12-14 12:29:37 +01:00
iexos	8c3521b87f	chore: publish 1.1.0+0.73.1 release	2023-11-22 20:32:28 +01:00
iexos	4273faad76	chore: publish 1.0.1+0.72.2 release	2023-10-12 17:24:19 +02:00
iexos	0e84bbc2ee	chore: publish 1.0.0+0.72.1 release	2023-10-07 12:32:22 +02:00
knoflook	ca60a0f1a3	chore: publish 0.13.0+0.71.0 release	2023-09-05 15:25:00 +02:00
3wc	3b1eeb6160	chore: publish 0.12.0+0.70.2 release	2023-08-11 12:31:16 +02:00
3wc	52f3bf31ed	Update recipe metadata [ci skip]	2023-08-05 14:21:05 +02:00
3wc	e229ab6e30	chore: publish 0.11.0+0.70.2 release	2023-07-31 14:23:14 +01:00
kawaiipunk	0ab6c0c244	chore: publish 0.11.0+0.69.2 release	2023-07-24 13:48:01 +01:00
3wc	5e2a13a93a	Add a mode to entrypoint to allow just loading env	2023-07-21 10:20:31 +01:00
3wc	8796269ad2	Some readme tweaks [ci skip]	2023-07-21 10:09:45 +01:00
3wc	a4f75f2da0	Add create_email_user script	2023-07-19 13:40:41 +01:00
3wc	76523535ca	Bump entrypoint version	2023-07-19 11:42:40 +01:00
3wc	68f23084aa	Don't run postgres migrate on a new DB	2023-07-19 11:41:20 +01:00
3wc	e487a36bb5	chore: publish 0.10.0+0.69.2 release	2023-06-23 12:43:35 +01:00
3wordchant	8426058959	Merge pull request 'Add SMTP support' (#16 ) from iexos/outline:smtp-new into main Reviewed-on: coop-cloud/outline#16	2023-06-23 11:17:38 +00:00
iexos	277a5d2343	add smtp support	2023-06-20 12:58:15 +02:00
iexos	56be9efd22	chore: publish 0.9.0+0.69.2 release	2023-06-19 13:36:59 +02:00
iexos	7d2f35277b	Merge pull request 'Update to postgres 15 and run pg_upgrade automatically' (#15 ) from iexos/outline:pg15 into main Reviewed-on: coop-cloud/outline#15	2023-06-19 11:32:38 +00:00
iexos	53913b92cd	pg_upgrade: catch intentionally failing cmd	2023-06-18 23:03:53 +02:00
iexos	e0cc0ff9af	make pg upgrade more safe	2023-06-15 18:51:28 +02:00
iexos	5e3e8a655b	use postgres 15 and add entrypoint.sh for pg_upgrade	2023-06-15 16:04:05 +02:00
iexos	53e4d82aa3	chore: publish 0.8.0+0.69.2 release	2023-06-14 18:28:56 +02:00
3wc	361908fe84	chore: publish 0.7.0+0.69.0 release	2023-04-27 15:04:50 -04:00