chore: publish 6.3.0+2024.6.1 release

.env.sample

@@ -1,7 +1,7 @@
 TYPE=authentik
 TIMEOUT=900
 ENABLE_AUTO_UPDATE=true
-# POST_DEPLOY_CMDS="worker worker apply_blueprints|worker add_applications"
+# POST_DEPLOY_CMDS="worker set_admin_pass|worker apply_blueprints|worker add_applications"
 LETS_ENCRYPT_ENV=production
 
 DOMAIN=authentik.example.com
@@ -17,6 +17,9 @@ AUTHENTIK_LOG_LEVEL=info
 ## Outpost Integration
 # COMPOSE_FILE="$COMPOSE_FILE:compose.outposts.yml"
 
+## ADMIN
+AUTHENTIK_BOOTSTRAP_EMAIL=admin@example.com
+
 ## EMAIL
 AUTHENTIK_EMAIL__HOST=smtp
 AUTHENTIK_EMAIL__PORT=587

README.md

@@ -35,6 +35,7 @@ abra app secret generate -a <app_name>
 abra app undeploy <app_name>
 abra app deploy <app_name>
 abra app cmd <app_name> db rotate_db_pass
+abra app cmd <app_name> app set_admin_pass
 ```
 
 ## Add SSO for Nextcloud

abra.sh

@@ -73,7 +73,30 @@ with open('/tmp/$1', newline='') as file:
 }
 
 set_admin_pass() {
-echo "The set_admin_pass function is depricated"
+password=$(cat /run/secrets/admin_pass)
+token=$(cat /run/secrets/admin_token)
+/manage.py shell -c """
+akadmin = User.objects.get(username='akadmin')
+akadmin.set_password('$password')
+akadmin.save()
+print('Changed akadmin password')
+
+from authentik.core.models import TokenIntents
+key='$token'
+if (token:= Token.objects.filter(identifier='authentik-bootstrap-token').first()):
+    token.key=key
+    token.save()
+    print('Changed authentik-bootstrap-token')
+else:
+    Token.objects.create(
+        identifier='authentik-bootstrap-token',
+        user=akadmin,
+        intent=TokenIntents.INTENT_API,
+        expiring=False,
+        key=key,
+    )
+    print('Created authentik-bootstrap-token')
+""" 2>&1 | quieten
 }
 
 rotate_db_pass() {

compose.yml

@@ -8,8 +8,6 @@ x-env: &env
     - AUTHENTIK_REDIS__HOST=redis
     - AUTHENTIK_ERROR_REPORTING__ENABLED
     - AUTHENTIK_SECRET_KEY=file:///run/secrets/secret_key
-    - AUTHENTIK_BOOTSTRAP_PASSWORD=file:///run/secrets/admin_pass
-    - AUTHENTIK_BOOTSTRAP_TOKEN=file:///run/secrets/admin_token
     - AUTHENTIK_EMAIL__HOST
     - AUTHENTIK_EMAIL__PORT
     - AUTHENTIK_EMAIL__USERNAME
@@ -23,6 +21,7 @@ x-env: &env
     - AUTHENTIK_COLOR_BACKGROUND_LIGHT
     - AUTHENTIK_FOOTER_LINKS
     - AUTHENTIK_IMPERSONATION
+    - AUTHENTIK_BOOTSTRAP_EMAIL
     - WELCOME_MESSAGE
     - DEFAULT_LANGUAGE
     - EMAIL_SUBJECT
@@ -34,7 +33,7 @@ x-env: &env
 version: '3.8'
 services:
   app:
-    image: ghcr.io/goauthentik/server:2024.4.2
+    image: ghcr.io/goauthentik/server:2024.6.1
     command: server
     depends_on:
       - db
@@ -60,9 +59,6 @@ services:
       start_period: 5m
     environment: *env
     deploy:
-      update_config:
-        failure_action: rollback
-        order: start-first
       labels:
         - "traefik.enable=true"
         - "traefik.docker.network=proxy"
@@ -75,11 +71,11 @@ services:
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
         - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
         - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
-        - "coop-cloud.${STACK_NAME}.version=6.1.1+2024.4.2"
+        - "coop-cloud.${STACK_NAME}.version=6.3.0+2024.6.1"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
 
   worker:
-    image: ghcr.io/goauthentik/server:2024.4.2
+    image: ghcr.io/goauthentik/server:2024.6.1
     command: worker
     depends_on:
       - db
@@ -145,7 +141,7 @@ services:
           backupbot.backup.path: "/var/lib/postgresql/data"
 
   redis:
-    image:  redis:7.2.4-alpine
+    image:  redis:7.2.5-alpine
     networks:
       - internal
     healthcheck: