adding authentik support

chore: publish 0.1.1+5.59.4-wordpress-php8.1 release
fix recipe type
2025-04-02 01:39:15 -04:00 · 2023-04-03 10:24:07 +02:00 · 2023-03-31 11:42:39 +02:00 · 2023-03-31 11:35:28 +02:00 · 2023-03-31 11:32:10 +02:00 · 2023-03-31 11:27:10 +02:00
8 changed files with 158 additions and 37 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -6,33 +6,27 @@ steps:
    image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
    settings:
      host: swarm-test.autonomic.zone
-      stack: {{ .Name }}
+      stack: civicrm-wordpress
      generate_secrets: true
      purge: true
      deploy_key:
        from_secret: drone_ssh_swarm_test
      networks:
-        - proxy
+         proxy
    environment:
-      DOMAIN: {{ .Name }}.swarm-test.autonomic.zone
+      DOMAIN: civicrm-wordpress.swarm-test.autonomic.zone
-      STACK_NAME: {{ .Name }}
+      STACK_NAME: civicrm-wordpress
      LETS_ENCRYPT_ENV: production
      EXTRA_VOLUME: "/dev/null:/tmp/.dummy"
      APACHE_SITES_AVAILABLE_CONF_VERSION: v1
      CIVICRM_SETTINGS_PHP_VERSION: v1
      ENTRYPOINT_VERSION: v1
      SECRET_DB_PASSWORD_VERSION: v1
      SECRET_DB_ROOT_PASSWORD_VERSION: v1
      SECRET_CIVICRM_SITE_KEY_VERSION: 'v1'
      SECRET_CIVICRM_CRED_KEY_VERSION: 'v1'
      SECRET_CIVICRM_SIGN_KEY_VERSION: 'v1'
      CIVICRM_COMPONENTS: 'CiviEvent,CiviContribute,CiviMember,CiviMail,CiviReport'
 trigger:
  branch:
    - main
 ---
 kind: pipeline
 name: generate recipe catalogue
 steps:
  - name: release a new version
    image: plugins/downstream
    settings:
      server: https://build.coopcloud.tech
      token:
        from_secret: drone_abra-bot_token
      fork: true
      repositories:
        - coop-cloud/auto-recipes-catalogue-json
 trigger:
  event: tag
--- a/.env.sample
+++ b/.env.sample
@ -1,6 +1,6 @@
-TYPE=civicrm
+TYPE=civicrm-wordpress
-DOMAIN=civicrm.example.com
+DOMAIN=civicrm-wordpress.example.com
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.civicrm.example.com`'
@ -10,12 +10,14 @@ LETS_ENCRYPT_ENV=production
 PROJECT_NAME=example
 CIVICRM_COMPONENTS=CiviEvent,CiviContribute,CiviMember,CiviMail,CiviReport
-# CIVICRM_EXTENSIONS=shoreditch mosaico
+# CIVICRM_EXTENSIONS=mosaico
 CIVICRM_DB_NAME=civicrm
 CIVICRM_DB_USER=civicrm
 CIVICRM_DB_HOST=mysql
 CIVICRM_DB_PORT=3306
 WORDPRESS_LOCALE=en_US
 WORDPRESS_ADMIN_EMAIL=
 WORDPRESS_DB_NAME=wordpress
 WORDPRESS_DB_USER=wordpress
 WORDPRESS_DB_HOST=mysql
@ -34,3 +36,21 @@ SECRET_DB_ROOT_PASSWORD_VERSION=v1
 SECRET_CIVICRM_SITE_KEY_VERSION=v1 # length=16
 SECRET_CIVICRM_CRED_KEY_VERSION=v1 # length=43
 SECRET_CIVICRM_SIGN_KEY_VERSION=v1 # length=43
 SECRET_WORDPRESS_ADMIN_PASSWORD_VERSION=v1
 ## -- OpenId Connect --
 #COMPOSE_FILE="compose.yml:compose.openidconnect.yml"
 #OPEN_ID_CLIENT_ID=
 #SECRET_OPEN_ID_CLIENT_SECRET_VERSION=v1
 # If you are using authentik, just set this
 #AUTHENTIK_DOMAIN=authentik.company
 # Otherwise, you must set all of these
 #OPEN_ID_PROVIDER_LOGIN_URL=https://authentik.company/application/o/authorize/
 #OPEN_ID_USERINFO_URL=https://authentik.company/application/o/userinfo/
 #OPEN_ID_TOKEN_ENDPOINT_URL=https://authentik.company/application/o/token/
 #OPEN_ID_END_SESSION_URL=https://authentik.company/application/o/wordpress/end-session/
 ## -- OpenId Connect --
--- a/README.md
+++ b/README.md
@ -26,11 +26,11 @@ For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).
 ### Install extensions
-set them in the env config and run: `abra app cmd civi.dev.local-it.cloud app install_extensions`
+set them in the env config and run: `abra app cmd civi.example.org app install_extensions`
 to install unoffical extension run smth like:
 ```
-abra app cmd civi.dev.local-it.cloud app install_custom_extension shoreditch https://github.com/civicrm/org.civicrm.shoreditch
+abra app cmd civi.example.org app install_custom_extension shoreditch https://github.com/civicrm/org.civicrm.shoreditch
-abra app cmd civi.dev.local-it.cloud app install_custom_extension shoreditchwpworkarounds https://lab.civicrm.org/extensions/shoreditchwpworkarounds.git
+abra app cmd civi.example.org app install_custom_extension shoreditchwpworkarounds https://lab.civicrm.org/extensions/shoreditchwpworkarounds.git
 ```
--- a/abra.sh
+++ b/abra.sh
@ -31,6 +31,7 @@ file_env "SMTP_PASSWORD"
 export APACHE_SITES_AVAILABLE_CONF_VERSION=v1
 export CIVICRM_SETTINGS_PHP_VERSION=v1
 export ENTRYPOINT_VERSION=v1
 export OPENID_SETTINGS_VERSION=v1
 change_password(){
    echo "Changing password for $1"
--- a/compose.openidconnect.yml
+++ b/compose.openidconnect.yml
@ -0,0 +1,14 @@
 ---
 version: "3.8"
 services:
  app:
    environment:
      - OPEN_ID_CLIENT_SECRET_FILE=/run/secrets/openid_client_secret
    secrets:
      - openid_client_secret
 secrets:
  openid_client_secret:
    external: true
    name: ${STACK_NAME}_openid_client_secret_${SECRET_OPEN_ID_CLIENT_SECRET_VERSION}
--- a/compose.yml
+++ b/compose.yml
@ -3,7 +3,7 @@ version: "3.8"
 services:
  app:
-    image: michaelmcandrew/civicrm:5.59.4-wordpress-php8.1
+    image: michaelmcandrew/civicrm:5.82.0-wordpress-php8.1
    hostname: civicrm
    environment:
      - PROJECT_NAME
@ -24,16 +24,18 @@ services:
      - SMTP_PORT
      - SMTP_USER
      - SMTP_PASSWORD_FILE=/run/secrets/smtp_password
      - WORDPRESS_ADMIN_PASSWORD_FILE=/run/secrets/wordpress_admin_password
    secrets:
      - db_password
      - civicrm_site_key
      - civicrm_cred_key
      - civicrm_sign_key
      - smtp_password
      - wordpress_admin_password
    volumes:
      - data:/var/www/html/wp-content/uploads
    networks:
-      - default
+      - internal
      - proxy
    configs:
      - source: apache-sites-available-conf
@ -43,6 +45,8 @@ services:
        mode: 555
      - source: civicrm-settings-php
        target: /usr/local/etc/civicrm/civicrm.settings.php
      - source: openid-settings
        target: /usr/local/etc/civicrm/openid_settings.json
    entrypoint: /usr/local/bin/entrypoint.sh
    deploy:
      restart_policy:
@ -57,7 +61,7 @@ services:
        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-        - "coop-cloud.${STACK_NAME}.version=0.1.0+5.59.4-wordpress-php8.1"
+        - "coop-cloud.${STACK_NAME}.version=0.1.3+5.82.0-wordpress-php8.1"
        - "backupbot.backup=true"
        - "backupbot.backup.path=/var/www/html/wp-content/uploads"
    healthcheck:
@ -90,6 +94,8 @@ services:
      timeout: 10s
      retries: 10
      start_period: 1m
    networks:
      - internal
    deploy:
      restart_policy:
        condition: on-failure
@ -114,6 +120,7 @@ services:
 networks:
  proxy:
    external: true
  internal:
 volumes:
  mariadb:
@ -134,6 +141,10 @@ configs:
    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
    file: entrypoint.sh
    template_driver: golang
  openid-settings:
    name: ${STACK_NAME}_openid_settings_${OPENID_SETTINGS_VERSION}
    file: openid_settings.json
    template_driver: golang
 secrets:
  db_root_password:
@ -154,3 +165,6 @@ secrets:
  civicrm_sign_key:
    external: true
    name: ${STACK_NAME}_civicrm_sign_key_${SECRET_CIVICRM_SIGN_KEY_VERSION}
  wordpress_admin_password:
    external: true
    name: ${STACK_NAME}_wordpress_admin_password_${SECRET_WORDPRESS_ADMIN_PASSWORD_VERSION}
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -28,6 +28,8 @@ file_env "CIVICRM_DB_PASS"
 file_env "CIVICRM_SITE_KEY"
 file_env "CIVICRM_CRED_KEYS"
 file_env "SMTP_PASSWORD"
 file_env "WORDPRESS_ADMIN_PASSWORD"
 file_env "OPEN_ID_CLIENT_SECRET"
 if  [[  "${1-default}" == "cron" ]]; then
  echo "============ Running cron job ============"
@ -36,7 +38,7 @@ if  [[  "${1-default}" == "cron" ]]; then
  exit $?
 fi
-until mysql -e '\q' -h db -p"${WORDPRESS_DB_PASS}" && mysql -e '\q' -h "${CIVICRM_DB_HOST}" -p"${CIVICRM_DB_PASS}"; do
+until mysql -e '\q' -h"${WORDPRESS_DB_HOST}" -u"${WORDPRESS_DB_USER}" -p"${WORDPRESS_DB_PASS}" && mysql -e '\q' -h"${CIVICRM_DB_HOST}" -u"${CIVICRM_DB_USER}" -p"${CIVICRM_DB_PASS}"; do
  echo "============ Waiting for db container to come up============"
  sleep 2
 done;
@ -49,9 +51,9 @@ if su civicrm -c "wp core is-installed"; then
  echo "============ Wordpress already installed ============"
 else
  echo "============ Installing Wordpress ============"
-  su civicrm -c "wp core install --locale=de_DE --url=$BASE_URL --title=$PROJECT_NAME --admin_user=admin --admin_email=$SMTP_USER"
+  su civicrm -c "wp core install --locale=$WORDPRESS_LOCALE --url=$BASE_URL --title=$PROJECT_NAME --admin_user=admin --admin_email=$WORDPRESS_ADMIN_EMAIL --admin_password='$WORDPRESS_ADMIN_PASSWORD'"
-  su civicrm -c "wp language core install de_DE"
+  su civicrm -c "wp language core install $WORDPRESS_LOCALE"
-  su civicrm -c "wp language core activate de_DE"
+  su civicrm -c "wp language core activate $WORDPRESS_LOCALE"
 fi
 # Setup Civicrm L10n
@ -73,7 +75,7 @@ pushd /var/www/html/wp-content/uploads/civicrm/
      touch is_installed
      rm -rf civicrm.settings.php
      su civicrm -c "wp plugin activate civicrm"
-      su civicrm -c "cv core:install -vv --keep --db=mysql://$CIVICRM_DB_USER:$CIVICRM_DB_PASS@$CIVICRM_DB_HOST:$CIVICRM_DB_PORT/$CIVICRM_DB_NAME --lang de_DE --comp $CIVICRM_COMPONENTS"
+      su civicrm -c "cv core:install -vv --keep --db=mysql://$CIVICRM_DB_USER:$CIVICRM_DB_PASS@$CIVICRM_DB_HOST:$CIVICRM_DB_PORT/$CIVICRM_DB_NAME --lang $WORDPRESS_LOCALE --comp $CIVICRM_COMPONENTS"
      mv civicrm.settings.php civicrm.settings.php.generated
      cp /usr/local/etc/civicrm/civicrm.settings.php civicrm.settings.php
      chmod a-wx /var/www/html/wp-content/uploads/civicrm/civicrm.settings.php
@ -87,11 +89,58 @@ pushd /var/www/html/wp-content/uploads/civicrm/
  fi
 popd
 if  [[ -n "${OPEN_ID_CLIENT_ID}" ]]; then
  # install OpenID Connect Generic plugin
  if ! su civicrm -c "wp plugin is-installed daggerhart-openid-connect-generic"; then
    # su civicrm -c "wp option list"
    echo "============ Running OpenId Connect Install ============"
    su civicrm -c "wp plugin install daggerhart-openid-connect-generic --activate"
    # su civicrm -c "wp option list"
  fi
  if ! su civicrm -c "wp option get openid_connect_generic_settings"; then
    echo "Couldn't find openid connect settings option!"
    # cat /usr/local/etc/civicrm/openid_settings.json
    su civicrm -c "wp option add openid_connect_generic_settings --format=json < /usr/local/etc/civicrm/openid_settings.json"
  fi
  su civicrm -c "wp option list"
  su civicrm -c "wp option patch update openid_connect_generic_settings client_id $OPEN_ID_CLIENT_ID"
  su civicrm -c "wp option patch update openid_connect_generic_settings client_secret $OPEN_ID_CLIENT_SECRET"
  if  [[ -n "${AUTHENTIK_DOMAIN}" ]]; then
    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_login https://$AUTHENTIK_DOMAIN/application/o/authorize/"
    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_userinfo https://$AUTHENTIK_DOMAIN/application/o/userinfo/"
    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_token https://$AUTHENTIK_DOMAIN/application/o/token/"
    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_end_session https://$AUTHENTIK_DOMAIN/application/o/wordpress/end-session/"
  else
    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_login $OPEN_ID_PROVIDER_LOGIN_URL"
    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_userinfo $OPEN_ID_USERINFO_URL"
    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_token $OPEN_ID_TOKEN_ENDPOINT_URL"
    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_end_session $OPEN_ID_END_SESSION_URL"
  fi
  su civicrm -c "wp option list"
 fi
 echo "============ Setting up cron ============"
 printenv > /etc/environment
 apt update && apt install -y cron
 crontab -l | { cat; echo "*/5 * * * * /usr/local/bin/entrypoint.sh cron > /tmp/cronlog 2>&1"; } | crontab -
 cron
 # if  [[  "${OPEN_ID_CONNECT_ENABLED}" == "1" ]]; then
 #   sleep 30s
 #   echo "============ Configuring OpenID Connect ============"
 #   if su civicrm -c "wp option get openid_connect_generic_settings"; then
 #     echo "found openid connect settings option!"
 #     su civicrm -c "wp option get openid_connect_generic_settings"
 #     # su civicrm -c "wp option patch update openid_connect_generic_settings client_id $OPEN_ID_CLIENT_ID"
 #   else
 #     echo "Couldn't find openid connect settings option!"
 #   fi
 # fi
 echo "============ Running Webserver ============"
 exec apache2-foreground
--- a/openid_settings.json
+++ b/openid_settings.json
@ -0,0 +1,29 @@
 {
    "login_type":"button",
    "client_id":"",
    "client_secret":"",
    "scope":"email profile openid offline_access",
    "endpoint_login":"",
    "endpoint_userinfo":"",
    "endpoint_token":"",
    "endpoint_end_session":"",
    "acr_values":"",
    "identity_key":"preferred_username",
    "no_sslverify":"0",
    "http_request_timeout":"5",
    "enforce_privacy":"0",
    "alternate_redirect_uri":"0",
    "nickname_key":"preferred_username",
    "email_format":"{email}",
    "displayname_format":"",
    "identify_with_username":"0",
    "state_time_limit":"180",
    "token_refresh_enable":"1",
    "link_existing_users":"0",
    "create_if_does_not_exist":"1",
    "redirect_user_back":"0",
    "redirect_on_logout":"1",
    "enable_logging":"0",
    "log_limit":"1000"
 }
Author	SHA1	Message	Date
many	224e78ea6c	adding authentik support	2025-04-02 01:39:15 -04:00
Philipp Rothmann	95903d25f4	chore: publish 0.1.1+5.59.4-wordpress-php8.1 release	2023-04-03 10:24:07 +02:00
Philipp Rothmann	715a96a376	fix recipe type	2023-03-31 11:42:39 +02:00
Philipp Rothmann	c84df17fe0	fix drone	2023-03-31 11:35:28 +02:00
Philipp Rothmann	b4491ebe20	fix drone	2023-03-31 11:32:10 +02:00
Philipp Rothmann	f09f8f6ab0	add drone	2023-03-31 11:27:10 +02:00