chore: publish 1.0.0+4.0.2 release

chore: publish 0.7.0+3.11.2 release
add deploy timeout and healthcheck without curl
2025-06-03 14:20:59 +02:00 · 2025-01-28 18:10:14 +01:00 · 2025-01-28 18:09:41 +01:00 · 2025-01-08 10:09:13 -08:00 · 2024-10-25 22:12:08 +02:00 · 2024-10-22 21:54:31 +02:00
10 changed files with 112 additions and 16 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -6,7 +6,7 @@ steps:
    image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
    settings:
      host: swarm-test.autonomic.zone
-      stack: {{ .Name }}
+      stack: rallly
      generate_secrets: true
      purge: true
      deploy_key:
@ -14,9 +14,14 @@ steps:
      networks:
        - proxy
    environment:
-      DOMAIN: {{ .Name }}.swarm-test.autonomic.zone
+      DOMAIN: rallly.swarm-test.autonomic.zone
-      STACK_NAME: {{ .Name }}
+      STACK_NAME: rallly
      LETS_ENCRYPT_ENV: production
      SECRET_SECRET_KEY_VERSION: v1
      SECRET_DB_PASSWORD_VERSION: v1
      SECRET_SMTP_PWD_VERSION: v1
      APP_ENTRYPOINT_VERSION: v1
      PG_BACKUP_VERSION: v1
 trigger:
  branch:
    - main
@ -32,7 +37,7 @@ steps:
        from_secret: drone_abra-bot_token
      fork: true
      repositories:
-        - coop-cloud/auto-recipes-catalogue-json
+        - toolshed/auto-recipes-catalogue-json
 trigger:
  event: tag
--- a/.env.sample
+++ b/.env.sample
@ -1,12 +1,15 @@
 TYPE=rallly
 TIMEOUT=300
 ENABLE_AUTO_UPDATE=true
 ENABLE_BACKUPS=true
 DOMAIN=rallly.example.com
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.rallly.example.com`'
 COMPOSE_FILE="compose.yml"
 LETS_ENCRYPT_ENV=production
 SECRET_SECRET_KEY_VERSION=v1
@ -18,3 +21,11 @@ SMTP_HOST=mail.example.com
 SMTP_PORT=465
 SMTP_SECURE=true
 SMTP_USER=noreply@example.com
 #COMPOSE_FILE="$COMPOSE_FILE:compose.oidc.yml"
 #OIDC_ENABLED=1
 #OIDC_NAME= #The user-facing name of your provider as it will be shown on the login page
 #OIDC_DISCOVERY_URL= #URL of the .well-known/openid-configuration endpoint for your OIDC provider
 #OIDC_CLIENT_ID=
 #OIDC_ISSUER_URL=
 #SECRET_OIDC_CLIENT_SECRET_VERSION=v1
--- a/abra.sh
+++ b/abra.sh
@ -1 +1,2 @@
-export APP_ENTRYPOINT_VERSION=v2
+export APP_ENTRYPOINT_VERSION=v3
 export PG_BACKUP_VERSION=v1
--- a/alaconnect.yml
+++ b/alaconnect.yml
@ -0,0 +1,12 @@
 authentik:
    env:
        OIDC_NAME: "Authentik"
        OIDC_DISCOVERY_URL: "https://authentik.example.com/application/o/rallly/.well-known/openid-configuration"
        OIDC_ISSUER_URL: "https://authentik.example.com/application/o/rallly/"
        OIDC_CLIENT_ID: rallly
    uncomment: 
        - compose.oidc.yml
        - SECRET_OIDC_CLIENT_SECRET_VERSION
        - OIDC_ENABLED
    shared_secrets:
        rallly_secret: oidc_client_secret
--- a/compose.oidc.yml
+++ b/compose.oidc.yml
@ -0,0 +1,16 @@
 ---
 version: "3.8"
 services:
  app:
    secrets:
      - oidc_client_secret
    environment:
      - OIDC_ENABLED
      - OIDC_NAME
      - OIDC_DISCOVERY_URL
      - OIDC_CLIENT_ID
 secrets:
  oidc_client_secret:
    name: ${STACK_NAME}_oidc_client_secret_${SECRET_OIDC_CLIENT_SECRET_VERSION}
    external: true
--- a/compose.yml
+++ b/compose.yml
@ -3,7 +3,8 @@ version: "3.8"
 services:
  app:
-    image: lukevella/rallly:2.11.1
+    image: lukevella/rallly:4.0.2
    hostname: 0.0.0.0
    networks:
      - proxy
      - internal
@ -16,7 +17,9 @@ services:
    environment:
      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
      - DATABASE=rallly_db:5432/db
-      - NEXT_PUBLIC_BASE_URL=${DOMAIN}
+      - NEXT_PUBLIC_BASE_URL=https://${DOMAIN}
      - NEXT_PUBLIC_APP_BASE_URL=https://${DOMAIN}
      - NEXTAUTH_URL=$NEXT_PUBLIC_BASE_URL
      - SECRET_PASSWORD_FILE=/run/secrets/secret_key
      - SUPPORT_EMAIL
      - SMTP_HOST
@ -42,9 +45,10 @@ services:
        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-        - "coop-cloud.${STACK_NAME}.version=0.4.1+2.11.1"
+        - "coop-cloud.${STACK_NAME}.version=1.0.0+4.0.2"
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:3000"]
+      test: "bash -c 'printf \"GET / HTTP/1.1\n\n\" > /dev/tcp/127.0.0.1/3000; exit $$?;'"
      interval: 30s
      timeout: 10s
      retries: 10
@ -53,9 +57,10 @@ services:
    image: postgres:14.8
    deploy:
      labels:
-          backupbot.backup: "true"
+        backupbot.backup: "${ENABLE_BACKUPS:-true}"
-          backupbot.backup.pre-hook: "PGPASSWORD=$$(cat /run/secrets/db_password) pg_dump -U postgres $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
+        backupbot.backup.pre-hook: "/pg_backup.sh backup"
-          backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql"
+        backupbot.backup.volumes.db-data.path: "backup.sql"
        backupbot.restore.post-hook: '/pg_backup.sh restore'
    volumes:
      - db-data:/var/lib/postgresql/data
    secrets:
@ -63,6 +68,7 @@ services:
    environment:
      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
      - POSTGRES_DB=db
      - POSTGRES_USER=postgres
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 5s
@ -70,6 +76,10 @@ services:
      retries: 5
    networks:
      - internal
    configs:
        - source: pg_backup
          target: /pg_backup.sh
          mode: 0555
 secrets:
  db_password:
@ -88,9 +98,6 @@ networks:
  internal:
 volumes:
  mongodb_log:
  mongodb_lib:
  mongodb:
  db-data:
 configs:
@ -98,3 +105,6 @@ configs:
    name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang
  pg_backup:
    name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
    file: pg_backup.sh
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -1,5 +1,9 @@
 #!/bin/bash
 {{ if eq (env "OIDC_ENABLED") "1" }}
 export OIDC_CLIENT_SECRET=$(cat /run/secrets/oidc_client_secret)
 {{ end }}
 set -eu
 file_env() {
@ -26,6 +30,7 @@ file_env() {
 file_env "SECRET_PASSWORD"
 file_env "SMTP_PWD"
 file_env "POSTGRES_PASSWORD"
 file_env "OIDC_CLIENT_SECRET"
 export DATABASE_URL=postgres://postgres:$POSTGRES_PASSWORD@$DATABASE
--- a/pg_backup.sh
+++ b/pg_backup.sh
@ -0,0 +1,34 @@
 #!/bin/bash
 set -e
 BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
 function backup {
  export PGPASSWORD=$(cat /run/secrets/db_password)
  pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE
 }
 function restore {
    cd /var/lib/postgresql/data/
    restore_config(){
        # Restore allowed connections
        cat pg_hba.conf.bak > pg_hba.conf
        su postgres -c 'pg_ctl reload'
    }
    # Don't allow any other connections than local
    cp pg_hba.conf pg_hba.conf.bak
    echo "local all all trust" > pg_hba.conf
    su postgres -c 'pg_ctl reload'
    trap restore_config EXIT INT TERM
    # Recreate Database
    psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);" 
    createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
    psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
    trap - EXIT INT TERM
    restore_config
 }
 $@
--- a/release/0.5.0+3.5.1
+++ b/release/0.5.0+3.5.1
@ -0,0 +1 @@
 Rallly and recipe now support oidc. But you need to be registered to create polls now.
--- a/release/1.0.0+4.0.2
+++ b/release/1.0.0+4.0.2
@ -0,0 +1 @@
 BREAKING CHANGE: SSO requires OIDC_ISSUER_URL env.
Author	SHA1	Message	Date
Moritz	45c7b2aaef	chore: publish 1.0.0+4.0.2 release	2025-06-03 14:20:59 +02:00
Moritz	91e8018410	chore: publish 0.7.0+3.11.2 release	2025-01-28 18:10:14 +01:00
Moritz	4a4e536125	add deploy timeout and healthcheck without curl	2025-01-28 18:09:41 +01:00
Cassowary	0d1bbfa99a	Update .drone.yml	2025-01-08 10:09:13 -08:00
Moritz	957eb45fea	fix drone runner	2024-10-25 22:12:08 +02:00
Moritz	2b7bcd5a67	chore: publish 0.6.1+3.10.1 release	2024-10-22 21:54:31 +02:00
Moritz	27dd971444	update backupbot labels	2024-10-22 21:54:28 +02:00
Simon	6be1ac13b8	chore: publish 0.6.0+3.10.1 release	2024-09-26 15:43:30 +02:00
Simon	db812fd1d3	add shared secret to alaconnect	2024-05-15 11:00:08 +02:00
Moritz	4ba224875f	add alakazam integration file alaconnect.yml	2024-05-13 17:37:57 +02:00
Simon	e794bc21fd	chore: publish 0.5.3+3.5.1 release	2024-03-28 12:26:03 +01:00
3wc	e85b902262	chore: publish 0.5.1+3.5.1 release	2024-02-05 13:12:05 -03:00
3wc	d134057749	More drone fixing 🤖🔧	2024-02-05 13:08:05 -03:00
3wc	b2319ae650	Fix Drone	2024-02-05 13:05:09 -03:00
Simon	466126e7d1	chore: publish 0.5.0+3.5.1 release	2024-02-01 14:16:59 +01:00
Simon	b95df148f8	upgrade to v3.5 and add OIDC	2024-01-15 16:52:40 +01:00
`@ -1 +1,2 @@`
	`export APP_ENTRYPOINT_VERSION=v2`	`export APP_ENTRYPOINT_VERSION=v3`
		`export PG_BACKUP_VERSION=v1`
		`@ -0,0 +1 @@`
							`Rallly and recipe now support oidc. But you need to be registered to create polls now.`
		`@ -0,0 +1 @@`
							`BREAKING CHANGE: SSO requires OIDC_ISSUER_URL env.`