From db9fcffefe03dab72f9cca011836a1e2615f8d18 Mon Sep 17 00:00:00 2001 From: Timothee Gosselin Date: Fri, 4 Oct 2019 14:49:47 +0200 Subject: [PATCH 01/50] feat: make it stateless --- base/Dockerfile | 15 ++- base/config/apps.config.php | 18 ++++ base/config/apps_enable | 12 +++ base/config/apps_remove | 4 + base/config/base.config.php | 20 ++++ base/config/database.config.php | 11 +++ base/config/installed.config.php | 6 ++ base/config/language.config.php | 7 ++ base/config/redis.config.php | 5 +- base/config/s3.config.php | 21 +++++ base/config/smtp.config.php | 19 ++++ base/entrypoint.sh | 153 ------------------------------- base/scripts/apps.sh | 32 +++++++ base/scripts/install.sh | 75 +++++++++++++++ base/scripts/upgrade.sh | 10 ++ imap/Dockerfile | 3 +- web/Dockerfile | 6 ++ web/nginx.conf | 105 +++++++++++++++++++++ 18 files changed, 363 insertions(+), 159 deletions(-) create mode 100644 base/config/apps.config.php create mode 100644 base/config/apps_enable create mode 100644 base/config/apps_remove create mode 100644 base/config/base.config.php create mode 100644 base/config/database.config.php create mode 100644 base/config/installed.config.php create mode 100644 base/config/language.config.php create mode 100644 base/config/s3.config.php create mode 100644 base/config/smtp.config.php delete mode 100755 base/entrypoint.sh create mode 100755 base/scripts/apps.sh create mode 100755 base/scripts/install.sh create mode 100755 base/scripts/upgrade.sh create mode 100644 web/Dockerfile create mode 100644 web/nginx.conf diff --git a/base/Dockerfile b/base/Dockerfile index b0a4502..894334f 100644 --- a/base/Dockerfile +++ b/base/Dockerfile @@ -1,4 +1,15 @@ ARG VERSION=latest FROM nextcloud:$VERSION -COPY entrypoint.sh / -COPY /config/ /usr/src/nextcloud/config/ +WORKDIR /usr/src/nextcloud/ +RUN chown -R 33:33 /usr/src/nextcloud/apps +RUN chown -R 33:33 /usr/src/nextcloud/data +COPY scripts/apps.sh scripts/apps.sh +COPY config/* /usr/src/nextcloud/config/ +RUN ./scripts/apps.sh instal +RUN ./scripts/apps.sh remove +RUN chown -R 33:33 /usr/src/nextcloud/custom_apps +RUN chown -R 33:33 /usr/src/nextcloud/config +COPY scripts scripts +USER www-data +ENTRYPOINT [""] +CMD ["php-fpm"] diff --git a/base/config/apps.config.php b/base/config/apps.config.php new file mode 100644 index 0000000..f62a304 --- /dev/null +++ b/base/config/apps.config.php @@ -0,0 +1,18 @@ + array ( + 0 => array ( + "path" => OC::$SERVERROOT."/apps", + "url" => "/apps", + "writable" => false, + ), + 1 => array ( + "path" => OC::$SERVERROOT."/custom_apps", + "url" => "/custom_apps", + "writable" => true, + ), + ), + "appstoreenabled" => getenv('APPS_STORE_ENABLE') ?: "true", + "appstoreurl" => getenv('APPS_STORE_URL') ?: "https://api.nextcloud.com/v1" , + 'defaultapp' => getenv('APPS_DEFAULT') ?: "files", +); \ No newline at end of file diff --git a/base/config/apps_enable b/base/config/apps_enable new file mode 100644 index 0000000..9b80c5e --- /dev/null +++ b/base/config/apps_enable @@ -0,0 +1,12 @@ +apporder=0.7.1=https://github.com/juliushaertl/apporder/releases/download/v0.7.1/apporder.tar.gz +registration=0.4.7=https://github.com/pellaeon/registration/releases/download/v0.4.7/registration.tar.gz +calendar=1.7.1=https://github.com/nextcloud/calendar/releases/download/v1.7.1/calendar.tar.gz +files_rightclick=0.15.1=https://github.com/nextcloud/files_rightclick/releases/download/v0.15.1/files_rightclick.tar.gz +announcementcenter=3.5.1=https://github.com/nextcloud/announcementcenter/releases/download/v3.5.1/announcementcenter-3.5.1.tar.gz +bookmarks=2.1.1=https://github.com/nextcloud/bookmarks/releases/download/v2.1.1/bookmarks-2.1.1.tar.gz +contacts=3.1.6=https://github.com/nextcloud/contacts/releases/download/v3.1.6/contacts.tar.gz +groupfolders=4.1.3=https://github.com/nextcloud/groupfolders/releases/download/v4.1.3/groupfolders-4.1.3.tar.gz +drop_account=0.1.0=https://framagit.org/tcit/drop_user/uploads/889d959be561d1a6dcb87271523b00b3/drop_account.tar.gz +quota_warning=1.5.0=https://github.com/nextcloud/quota_warning/releases/download/v1.5.0/quota_warning-1.5.0.tar.gz +files_automatedtagging=1.6.0=https://github.com/nextcloud/files_automatedtagging/releases/download/v1.6.0/files_automatedtagging-1.6.0.tar.gz +data_request=1.3.0=https://github.com/nextcloud/data_request/releases/download/v1.3.0/data_request.tar.gz \ No newline at end of file diff --git a/base/config/apps_remove b/base/config/apps_remove new file mode 100644 index 0000000..d4a66a5 --- /dev/null +++ b/base/config/apps_remove @@ -0,0 +1,4 @@ +updatenotification +support +serverinfo +encryption \ No newline at end of file diff --git a/base/config/base.config.php b/base/config/base.config.php new file mode 100644 index 0000000..0288115 --- /dev/null +++ b/base/config/base.config.php @@ -0,0 +1,20 @@ + getenv('PASSWORD_SALT'), + 'secret' => getenv('SECRET'), + 'trusted_domains' => + array ( + 0 => 'localhost', + ), + 'overwrite.cli.url' => getenv('OVERWRITE_CLI_URL') ?: 'http://localhost', + 'overwriteprotocol' => getenv('OVERWRITE_PROTOCOL') ?: '', + 'datadirectory' => getenv('DATA_DIRECTORY') ?: '/usr/src/nextcloud/data', + 'version' => getenv('VERSION'), + 'debug' => getenv('DEBUG'), + 'instanceid' => getenv('INSTANCE_ID'), + 'config_is_read_only' => getenv('CONFIG_READONLY') ?: false, + 'updatechecker' => getenv('UPDATE_CHECKER') ?: false, + 'updater.server.url' => getenv('UPDATE_URL') ?: 'https://updates.nextcloud.com/updater_server/', + 'updater.release.channel' => getenv('UPDATE_CHANNEL') ?: 'stable', + 'upgrade.disable-web' => getenv('UPDATE_DISABLE_WEB') ?: 'false', +); diff --git a/base/config/database.config.php b/base/config/database.config.php new file mode 100644 index 0000000..a1f7fb1 --- /dev/null +++ b/base/config/database.config.php @@ -0,0 +1,11 @@ + getenv('DB_TYPE'), + 'dbname' => getenv('DB_NAME'), + 'dbhost' => getenv('DB_HOST'), + 'dbport' => getenv('DB_PORT'), + 'dbtableprefix' => getenv('DB_TABLE_PREFIX'), + 'mysql.utf8mb4' => getenv('MYSQL_UTF8MB4'), + 'dbuser' => getenv('DB_USERNAME'), + 'dbpassword' => getenv('DB_PASSWORD'), +); \ No newline at end of file diff --git a/base/config/installed.config.php b/base/config/installed.config.php new file mode 100644 index 0000000..8ad569c --- /dev/null +++ b/base/config/installed.config.php @@ -0,0 +1,6 @@ + getenv('INSTALLED'), + ); +} \ No newline at end of file diff --git a/base/config/language.config.php b/base/config/language.config.php new file mode 100644 index 0000000..2608cc7 --- /dev/null +++ b/base/config/language.config.php @@ -0,0 +1,7 @@ + getenv('DEFAULT_LANGUAGE') ?: 'en', + 'force_language' => getenv('DEFAULT_LANGUAGE') ?: false, + 'default_locale' => getenv('DEFAULT_LOCALE') ?: 'en_US', + 'force_locale' => getenv('DEFAULT_LANGUAGE') ?: false, +); \ No newline at end of file diff --git a/base/config/redis.config.php b/base/config/redis.config.php index 71f1f45..263b8ec 100644 --- a/base/config/redis.config.php +++ b/base/config/redis.config.php @@ -1,10 +1,11 @@ '\OC\Memcache\Redis', 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => getenv('REDIS_HOST'), - 'port' => getenv('REDIS_PORT') ?: 6379, + 'port' => getenv('REDIS_HOST_PORT') ?: 6379, ), ); -} +} \ No newline at end of file diff --git a/base/config/s3.config.php b/base/config/s3.config.php new file mode 100644 index 0000000..000b0dd --- /dev/null +++ b/base/config/s3.config.php @@ -0,0 +1,21 @@ + array( + 'class' => '\\OC\\Files\\ObjectStore\\S3', + 'arguments' => array( + 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), + 'autocreate' => getenv('OBJECTSTORE_S3_AUTOCREATE') ?: true, + 'key' => getenv('OBJECTSTORE_S3_KEY'), + 'secret' => getenv('OBJECTSTORE_S3_SECRET'), + 'hostname' => getenv('OBJECTSTORE_S3_HOST'), + 'port' => getenv('OBJECTSTORE_S3_PORT'), + 'use_ssl' => getenv('OBJECTSTORE_S3_SSL') ?: true, + 'region' => getenv('OBJECTSTORE_S3_REGION') ?: "optional", + // required for some non Amazon S3 implementations + 'use_path_style' => getenv('OBJECTSTORE_S3_USEPATH_STYLE') ?: true, + ), + ), + ); +} + diff --git a/base/config/smtp.config.php b/base/config/smtp.config.php new file mode 100644 index 0000000..12aded5 --- /dev/null +++ b/base/config/smtp.config.php @@ -0,0 +1,19 @@ + 'smtp', + 'mail_smtphost' => getenv('SMTP_HOST'), + 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), + 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', + 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), + 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', + 'mail_smtpname' => getenv('SMTP_NAME') ?: '', + 'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '', + 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), + 'mail_domain' => getenv('MAIL_DOMAIN'), + 'mail_smtpdebug' => getenv('SMTP_DEBUG') ?: false, + 'mail_template_class' => getenv('SMTP_TEMPLATE_CLASS') ?: '\OC\Mail\EMailTemplate', + 'mail_send_plaintext_only' => getenv('SMTP_TEMPLATE_CLASS') ?: false, + 'mail_sendmailmode' => getenv('SMTP_SENDMAIL_MODE') ?: 'smtp', + ); +} \ No newline at end of file diff --git a/base/entrypoint.sh b/base/entrypoint.sh deleted file mode 100755 index f1cd2d6..0000000 --- a/base/entrypoint.sh +++ /dev/null @@ -1,153 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# version_equal A B returns whether A = B -version_equal() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" = "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p www-data -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - installed_version="0.0.0.0" - if [ -f /var/www/html/config/config.php ]; then - # shellcheck disable=SC2016 - installed_version="$(awk '$1 ~ /version/ { print $3 }' /var/www/html/config/config.php | grep -oP "(?<=').*(?=')")" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_equal "$installed_version" "$image_version"; then - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown www-data:root" - else - rsync_options="-rlD" - fi - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - echo "Initializing finished" - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown www-data:root" - else - rsync_options="-rlD" - fi - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - echo "Initializing finished" - - #install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_TABLE_PREFIX+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --database-table-prefix "$NEXTCLOUD_TABLE_PREFIX"' - else - install_options=$install_options' --database-table-prefix ""' - fi - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "starting nexcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "retrying install..." - try=$((try+1)) - sleep 3s - done - if [ "$try" -gt "$max_retries" ]; then - echo "installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "running web-based installer on first connect!" - fi - fi - #upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - fi -fi - -exec "$@" diff --git a/base/scripts/apps.sh b/base/scripts/apps.sh new file mode 100755 index 0000000..d058225 --- /dev/null +++ b/base/scripts/apps.sh @@ -0,0 +1,32 @@ +#!/bin/sh +set -eu + +case $1 in + install) + for i in $(cat /usr/src/nextcloud/config/apps_enable) + do + app=$(echo $i | cut -d '=' -f1) + version=$(echo $i | cut -d '=' -f2) + url=$(echo $i | cut -d '=' -f3) + echo "downloading app $app" + curl -Ls $url -o $app.tar.gz + tar xzf $app.tar.gz + mv $app /usr/src/nextcloud/custom_apps + rm $app.tar.gz + done;; + enable) + for app in $(cat /usr/src/nextcloud/config/apps_remove) + do + echo "removing app $app" + rm -R /usr/src/nextcloud/apps/$app + done;; + remove) + for app in $(cat /usr/src/nextcloud/config/apps_remove) + do + echo "removing app $app" + rm -R /usr/src/nextcloud/apps/$app + done;; + *) + echo "unknown arg $1" + exit 1;; +esac \ No newline at end of file diff --git a/base/scripts/install.sh b/base/scripts/install.sh new file mode 100755 index 0000000..9ec4a42 --- /dev/null +++ b/base/scripts/install.sh @@ -0,0 +1,75 @@ +echo "New nextcloud instance" +if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then +# shellcheck disable=SC2016 + install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' + if [ -n "${NEXTCLOUD_TABLE_PREFIX+x}" ]; then + # shellcheck disable=SC2016 + install_options=$install_options' --database-table-prefix "$NEXTCLOUD_TABLE_PREFIX"' + else + install_options=$install_options' --database-table-prefix ""' + fi + if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then + # shellcheck disable=SC2016 + install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' + fi + + install=false + if [ -n "${SQLITE_DATABASE+x}" ]; then + echo "Installing with SQLite database" + # shellcheck disable=SC2016 + install_options=$install_options' --database-name "$SQLITE_DATABASE"' + install=true + elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then + echo "Installing with MySQL database" + # shellcheck disable=SC2016 + install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' + install=true + elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then + echo "Installing with PostgreSQL database" + # shellcheck disable=SC2016 + install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' + install=true + fi + + if [ "$install" = true ]; then + echo "starting nexcloud installation" + max_retries=10 + try=0 + + until sh -c "php /usr/src/nextcloud/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] + do + echo "retrying install..." + try=$((try+1)) + sleep 3s + done + + if [ "$try" -gt "$max_retries" ]; then + echo "installing of nextcloud failed!" + exit 1 + fi + + if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then + echo "setting trusted domains…" + NC_TRUSTED_DOMAIN_IDX=1 + for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do + DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') + sh -c "php /usr/src/nextcloud/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" + NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) + done + fi + + for app in $(cat /usr/src/nextcloud/config/apps_enable); do + app=$(echo $app| cut -d '=' -f1) + echo "enabling app $app" + sh -c "php /usr/src/nextcloud/occ app:enable $app" + done + + for app in $(cat /usr/src/nextcloud/config/apps_disable); do + echo "disabling app $app" + sh -c "php /usr/src/nextcloud/occ app:disable $app" + done + fi + +else + echo "running web-based installer on first connect!" +fi diff --git a/base/scripts/upgrade.sh b/base/scripts/upgrade.sh new file mode 100755 index 0000000..f99068b --- /dev/null +++ b/base/scripts/upgrade.sh @@ -0,0 +1,10 @@ +#!/bin/sh +set -eu +echo "Upgrading nextcloud to $VERSION ..." +sh -c 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before +sh -c 'php /var/www/html/occ upgrade' +sh -c 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after +echo "The following apps have been disabled:" +diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 +rm -f /tmp/list_before /tmp/list_after +echo "Upgrade finished" diff --git a/imap/Dockerfile b/imap/Dockerfile index 443d5ae..4ec969b 100644 --- a/imap/Dockerfile +++ b/imap/Dockerfile @@ -2,11 +2,10 @@ ARG VERSION=latest FROM indiehosters/nextcloud:$VERSION RUN apt-get update \ && apt-get install -y --no-install-recommends \ + apt-utils \ libc-client-dev \ libkrb5-dev \ libmagickwand-dev \ && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \ && docker-php-ext-install imap \ - && pecl install imagick \ - && docker-php-ext-enable imagick \ && rm -rf /var/lib/apt/lists/* diff --git a/web/Dockerfile b/web/Dockerfile new file mode 100644 index 0000000..9cf7abe --- /dev/null +++ b/web/Dockerfile @@ -0,0 +1,6 @@ +ARG VERSION=latest +FROM unteem/nextcloud:$VERSION as builder +FROM nginx:latest +COPY --from=builder /usr/src/nextcloud /usr/src/nextcloud +RUN chown -R 33:33 /usr/src/nextcloud +COPY nginx.conf /etc/nginx.conf diff --git a/web/nginx.conf b/web/nginx.conf new file mode 100644 index 0000000..560a14f --- /dev/null +++ b/web/nginx.conf @@ -0,0 +1,105 @@ +user www-data; + +events { + worker_connections 768; +} + +http { + upstream backend { + server app:9000; + } + include /etc/nginx/mime.types; + default_type application/octet-stream; + + server { + listen 80; + + # Add headers to serve security related headers + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + + root /usr/src/nextcloud; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + + client_max_body_size 1G; + fastcgi_buffers 64 4K; + + gzip off; + + index index.php; + error_page 403 /core/templates/403.php; + error_page 404 /core/templates/404.php; + + location / { + rewrite ^ /index.php$uri; + } + + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + + location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { + include fastcgi_params; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS on; + #Avoid sending the security headers twice + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass backend; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } + + location ~ ^/(?:updater|ocs-provider)(?:$|/) { + try_files $uri/ =404; + index index.php; + } + + # Adding the cache control header for js and css files + # Make sure it is BELOW the PHP block + location ~* \.(?:css|js)$ { + try_files $uri /index.php$uri$is_args$args; + add_header Cache-Control "public, max-age=7200"; + # Add headers to serve security related headers (It is intended to + # have those duplicated to the ones above) + # Before enabling Strict-Transport-Security headers please read into + # this topic first. + # add_header Strict-Transport-Security "max-age=15768000; + # includeSubDomains; preload;"; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + # Optional: Don't log access to assets + access_log off; + } + + location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { + try_files $uri /index.php$uri$is_args$args; + # Optional: Don't log access to other assets + access_log off; + } + } +} -- GitLab From e4edabb663a8bc080d5c0476499f223e6e5667ca Mon Sep 17 00:00:00 2001 From: Timothee Gosselin Date: Wed, 6 Nov 2019 13:18:23 +0100 Subject: [PATCH 02/50] use own image to remove volume & config with env var --- base/Dockerfile | 147 ++++++++++++++-- base/config-sample.php | 300 ++++++++++++++++++++++++++++++++ base/config/base.config.php | 3 +- base/config/database.config.php | 4 +- base/scripts/install.sh | 56 +++--- base/scripts/install_apps.sh | 15 ++ base/scripts/remove_apps.sh | 9 + base/scripts/start.sh | 7 + base/scripts/upgrade.sh | 8 +- 9 files changed, 501 insertions(+), 48 deletions(-) create mode 100644 base/config-sample.php create mode 100755 base/scripts/install_apps.sh create mode 100755 base/scripts/remove_apps.sh create mode 100755 base/scripts/start.sh diff --git a/base/Dockerfile b/base/Dockerfile index 894334f..bd540f4 100644 --- a/base/Dockerfile +++ b/base/Dockerfile @@ -1,15 +1,134 @@ -ARG VERSION=latest -FROM nextcloud:$VERSION -WORKDIR /usr/src/nextcloud/ -RUN chown -R 33:33 /usr/src/nextcloud/apps -RUN chown -R 33:33 /usr/src/nextcloud/data -COPY scripts/apps.sh scripts/apps.sh -COPY config/* /usr/src/nextcloud/config/ -RUN ./scripts/apps.sh instal -RUN ./scripts/apps.sh remove -RUN chown -R 33:33 /usr/src/nextcloud/custom_apps -RUN chown -R 33:33 /usr/src/nextcloud/config -COPY scripts scripts -USER www-data -ENTRYPOINT [""] +# DO NOT EDIT: created by update.sh from Dockerfile-debian.template +FROM php:7.3-fpm-buster + +# entrypoint.sh and cron.sh dependencies +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + bzip2 \ + busybox-static \ + ; \ + rm -rf /var/lib/apt/lists/*; + +# install the PHP extensions we need +# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html +RUN set -ex; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libcurl4-openssl-dev \ + libevent-dev \ + libfreetype6-dev \ + libicu-dev \ + libjpeg-dev \ + libldap2-dev \ + libmcrypt-dev \ + libmemcached-dev \ + libpng-dev \ + libpq-dev \ + libxml2-dev \ + libmagickwand-dev \ + libzip-dev \ + libwebp-dev \ + ; \ + \ + debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ + docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \ + docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ + docker-php-ext-install -j "$(nproc)" \ + exif \ + gd \ + intl \ + ldap \ + opcache \ + pcntl \ + pdo_mysql \ + pdo_pgsql \ + zip \ + ; \ + \ +# pecl will claim success even if one install fails, so we need to perform each install separately + pecl install APCu-5.1.17; \ + pecl install memcached-3.1.4; \ + pecl install redis-4.3.0; \ + pecl install imagick-3.4.4; \ + \ + docker-php-ext-enable \ + apcu \ + memcached \ + redis \ + imagick \ + ; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ + | awk '/=>/ { print $3 }' \ + | sort -u \ + | xargs -r dpkg-query -S \ + | cut -d: -f1 \ + | sort -u \ + | xargs -rt apt-mark manual; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/* + +# set recommended PHP.ini settings +# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache +RUN { \ + echo 'opcache.enable=1'; \ + echo 'opcache.interned_strings_buffer=8'; \ + echo 'opcache.max_accelerated_files=10000'; \ + echo 'opcache.memory_consumption=128'; \ + echo 'opcache.save_comments=1'; \ + echo 'opcache.revalidate_freq=1'; \ + } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ + \ + echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ + \ + echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \ + \ + mkdir /var/www/data; \ + chown -R www-data:root /var/www; \ + chmod -R g=u /var/www + +ENV NEXTCLOUD_VERSION 16.0.5 + +RUN set -ex; \ + fetchDeps=" \ + gnupg \ + dirmngr \ + "; \ + apt-get update; \ + apt-get install -y --no-install-recommends $fetchDeps; \ + \ + curl -fsSL -o nextcloud.tar.bz2 \ + "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc \ + "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ +# gpg key from https://nextcloud.com/nextcloud.asc + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ + tar -xjf nextcloud.tar.bz2 -C /var/www/html/ --strip-components 1; \ + gpgconf --kill all; \ + rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ + rm -rf /var/www/html/updater; \ + mkdir -p /var/www/html/data; \ + touch /var/www/html/data/.ocdata; \ + mkdir -p /var/www/html/custom_apps; \ + chmod +x /var/www/html/occ; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ + rm -rf /var/lib/apt/lists/* + +COPY --chown=www-data:root config/* /var/www/html/config/ + +RUN chown -R www-data:root /var/www; \ + chmod -R g=u /var/www + + CMD ["php-fpm"] diff --git a/base/config-sample.php b/base/config-sample.php new file mode 100644 index 0000000..a6542a7 --- /dev/null +++ b/base/config-sample.php @@ -0,0 +1,300 @@ + 'en', +/** + * Defaults to ``false`` + */ +'force_language' => 'en', +/** + * Defaults to ``en`` + */ +'default_locale' => 'en_US', +/** + * Defaults to ``false`` + */ +'force_locale' => 'en_US', +'defaultapp' => 'files', +'knowledgebaseenabled' => true, +'allow_user_to_change_display_name' => true, +'remember_login_cookie_lifetime' => 60*60*24*15, +'session_lifetime' => 60 * 60 * 24, +'session_keepalive' => true, + +/** + * Enforce token authentication for clients, which blocks requests using the user + * password for enhanced security. Users need to generate tokens in personal settings + * which can be used as passwords on their clients. + * + * Defaults to ``false`` + */ +'token_auth_enforced' => false, +'auth.bruteforce.protection.enabled' => true, +'skeletondirectory' => '/path/to/nextcloud/core/skeleton', +'user_backends' => array( + array( + 'class' => 'OC_User_IMAP', + 'arguments' => array('{imap.gmail.com:993/imap/ssl}INBOX') + ) +), +'lost_password_link' => 'https://example.org/link/to/password/reset', +'mail_domain' => 'example.com', +'mail_from_address' => 'nextcloud', +'mail_smtpdebug' => false, +'mail_smtpmode' => 'smtp', +'mail_smtphost' => '127.0.0.1', +'mail_smtpport' => 25, +'mail_smtptimeout' => 10, +'mail_smtpsecure' => '', +'mail_smtpauth' => false, +'mail_smtpauthtype' => 'LOGIN', +'mail_smtpname' => '', +'mail_smtppassword' => '', +'mail_template_class' => '\OC\Mail\EMailTemplate', +'mail_send_plaintext_only' => false, +'mail_sendmailmode' => 'smtp', +q +'overwritehost' => '', +'overwriteprotocol' => '', +'overwritewebroot' => '', +'overwritecondaddr' => '', +'overwrite.cli.url' => '', +'htaccess.RewriteBase' => '/', +'htaccess.IgnoreFrontController' => false, +'proxy' => '', +'proxyuserpwd' => '', +'trashbin_retention_obligation' => 'auto', +'versions_retention_obligation' => 'auto', +'appcodechecker' => true, +'updatechecker' => true, +'updater.server.url' => 'https://updates.nextcloud.com/updater_server/', +'updater.release.channel' => 'stable', +'has_internet_connection' => true, +'connectivity_check_domains' => array( + 'www.nextcloud.com', + 'www.startpage.com', + 'www.eff.org', + 'www.edri.org' +), +'check_for_working_wellknown_setup' => true, +'check_for_working_htaccess' => true, +'check_data_directory_permissions' => true, +'config_is_read_only' => false, +'log_type' => 'file', +'logfile' => '/var/log/nextcloud.log', +'logfilemode' => 0640, +'loglevel' => 2, +'syslog_tag' => 'Nextcloud', +'log.condition' => [ + 'shared_secret' => '57b58edb6637fe3059b3595cf9c41b9', + 'users' => ['sample-user'], + 'apps' => ['files'], +], +'logdateformat' => 'F d, Y H:i:s', +'logtimezone' => 'Europe/Berlin', +'log_query' => false, +'log_rotate_size' => 100 * 1024 * 1024, +'customclient_desktop' => + 'https://nextcloud.com/install/#install-clients', +'customclient_android' => + 'https://play.google.com/store/apps/details?id=com.nextcloud.client', +'customclient_ios' => + 'https://itunes.apple.com/us/app/nextcloud/id1125420102?mt=8', +'customclient_ios_appid' => + '1125420102', +'appstoreenabled' => true, + +'apps_paths' => array( + array( + 'path'=> '/var/www/nextcloud/apps', + 'url' => '/apps', + 'writable' => true, + ), +), + +'enable_previews' => true, +'preview_max_x' => 4096, +'preview_max_y' => 4096, +'preview_max_filesize_image' => 50, +'preview_libreoffice_path' => '/usr/bin/libreoffice', +'preview_office_cl_parameters' => +'enabledPreviewProviders' => array( + 'OC\Preview\PNG', + 'OC\Preview\JPEG', + 'OC\Preview\GIF', + 'OC\Preview\HEIC', + 'OC\Preview\BMP', + 'OC\Preview\XBitmap', + 'OC\Preview\MP3', + 'OC\Preview\TXT', + 'OC\Preview\MarkDown' +), +'ldapUserCleanupInterval' => 51, +'sort_groups_by_name' => false, +'comments.managerFactory' => '\OC\Comments\ManagerFactory', +'systemtags.managerFactory' => '\OC\SystemTag\ManagerFactory', +'maintenance' => false, +'openssl' => array( + 'config' => '/absolute/location/of/openssl.cnf', +), +'memcache.local' => '\OC\Memcache\APCu', +'memcache.distributed' => '\OC\Memcache\Memcached', +'redis' => [ + 'host' => 'localhost', // can also be a unix domain socket: '/tmp/redis.sock' + 'port' => 6379, + 'timeout' => 0.0, + 'password' => '', // Optional, if not defined no password will be used. + 'dbindex' => 0, // Optional, if undefined SELECT will not run and will use Redis Server's default DB Index. +], + +'redis.cluster' => [ + 'seeds' => [ // provide some/all of the cluster servers to bootstrap discovery, port required + 'localhost:7000', + 'localhost:7001', + ], + 'timeout' => 0.0, + 'read_timeout' => 0.0, + 'failover_mode' => \RedisCluster::FAILOVER_ERROR, + 'password' => '', // Optional, if not defined no password will be used. +], + +'memcached_servers' => array( + array('localhost', 11211), + //array('other.host.local', 11211), +), + +'memcached_options' => array( + // Set timeouts to 50ms + \Memcached::OPT_CONNECT_TIMEOUT => 50, + \Memcached::OPT_RETRY_TIMEOUT => 50, + \Memcached::OPT_SEND_TIMEOUT => 50, + \Memcached::OPT_RECV_TIMEOUT => 50, + \Memcached::OPT_POLL_TIMEOUT => 50, + + // Enable compression + \Memcached::OPT_COMPRESSION => true, + + // Turn on consistent hashing + \Memcached::OPT_LIBKETAMA_COMPATIBLE => true, + + // Enable Binary Protocol + \Memcached::OPT_BINARY_PROTOCOL => true, + + // Binary serializer vill be enabled if the igbinary PECL module is available + //\Memcached::OPT_SERIALIZER => \Memcached::SERIALIZER_IGBINARY, +), +'cache_path' => '', +'cache_chunk_gc_ttl' => 60*60*24, +'objectstore' => [ + 'class' => 'OC\\Files\\ObjectStore\\Swift', + 'arguments' => [ + // trystack will use your facebook id as the user name + 'username' => 'facebook100000123456789', + // in the trystack dashboard go to user -> settings -> API Password to + // generate a password + 'password' => 'Secr3tPaSSWoRdt7', + // must already exist in the objectstore, name can be different + 'container' => 'nextcloud', + // prefix to prepend to the fileid, default is 'oid:urn:' + 'objectPrefix' => 'oid:urn:', + // create the container if it does not exist. default is false + 'autocreate' => true, + // required, dev-/trystack defaults to 'RegionOne' + 'region' => 'RegionOne', + // The Identity / Keystone endpoint + 'url' => 'http://8.21.28.222:5000/v2.0', + // required on dev-/trystack + 'tenantName' => 'facebook100000123456789', + // dev-/trystack uses swift by default, the lib defaults to 'cloudFiles' + // if omitted + 'serviceName' => 'swift', + // The Interface / url Type, optional + 'urlType' => 'internal' + ], +], +'objectstore' => [ + 'class' => 'OC\\Files\\ObjectStore\\Swift', + 'arguments' => [ + 'autocreate' => true, + 'user' => [ + 'name' => 'swift', + 'password' => 'swift', + 'domain' => [ + 'name' => 'default', + ], + ], + 'scope' => [ + 'project' => [ + 'name' => 'service', + 'domain' => [ + 'name' => 'default', + ], + ], + ], + 'tenantName' => 'service', + 'serviceName' => 'swift', + 'region' => 'regionOne', + 'url' => 'http://yourswifthost:5000/v3', + 'bucket' => 'nextcloud', + ], +], +'sharing.managerFactory' => '\OC\Share20\ProviderFactory', +'sharing.maxAutocompleteResults' => 0, +'sharing.minSearchStringLength' => 0, +'dbdriveroptions' => array( + PDO::MYSQL_ATTR_SSL_CA => '/file/path/to/ca_cert.pem', + PDO::MYSQL_ATTR_INIT_COMMAND => 'SET wait_timeout = 28800' +), +'sqlite.journal_mode' => 'DELETE', +'mysql.utf8mb4' => false, +'supportedDatabases' => array( + 'sqlite', + 'mysql', + 'pgsql', + 'oci', +), +'tempdirectory' => '/tmp/nextcloudtemp', +'hashingCost' => 10, +'blacklisted_files' => array('.htaccess'), +'share_folder' => '/', +'theme' => '', +'cipher' => 'AES-256-CFB', +'minimum.supported.desktop.version' => '2.0.0', +'quota_include_external_storage' => false, +'filesystem_check_changes' => 0, +'part_file_in_storage' => true, +'mount_file' => '/var/www/nextcloud/data/mount.json', +'filesystem_cache_readonly' => false, +'secret' => '', +'trusted_proxies' => array('203.0.113.45', '198.51.100.128', '192.168.2.0/24'), +'forwarded_for_headers' => array('HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR'), +'max_filesize_animated_gifs_public_sharing' => 10, +'filelocking.enabled' => true, +'filelocking.ttl' => 60*60, +'memcache.locking' => '\\OC\\Memcache\\Redis', +'filelocking.debug' => false, +'upgrade.disable-web' => false, + +'debug' => false, + +'data-fingerprint' => '', + +'copied_sample_config' => true, + +'lookup_server' => 'https://lookup.nextcloud.com', + +'gs.enabled' => false, + +'gs.federation' => 'internal', + +'csrf.optout' => array( + '/^WebDAVFS/', // OS X Finder + '/^Microsoft-WebDAV-MiniRedir/', // Windows webdav drive +), + +'simpleSignUpLink.shown' => true, +'login_form_autocomplete' => true, +); \ No newline at end of file diff --git a/base/config/base.config.php b/base/config/base.config.php index 0288115..40d5e73 100644 --- a/base/config/base.config.php +++ b/base/config/base.config.php @@ -4,11 +4,10 @@ $CONFIG = array ( 'secret' => getenv('SECRET'), 'trusted_domains' => array ( - 0 => 'localhost', + 0 => getenv('NEXTCLOUD_TRUSTED_DOMAINS') ?: 'localhost', ), 'overwrite.cli.url' => getenv('OVERWRITE_CLI_URL') ?: 'http://localhost', 'overwriteprotocol' => getenv('OVERWRITE_PROTOCOL') ?: '', - 'datadirectory' => getenv('DATA_DIRECTORY') ?: '/usr/src/nextcloud/data', 'version' => getenv('VERSION'), 'debug' => getenv('DEBUG'), 'instanceid' => getenv('INSTANCE_ID'), diff --git a/base/config/database.config.php b/base/config/database.config.php index a1f7fb1..2a45261 100644 --- a/base/config/database.config.php +++ b/base/config/database.config.php @@ -6,6 +6,6 @@ $CONFIG = array ( 'dbport' => getenv('DB_PORT'), 'dbtableprefix' => getenv('DB_TABLE_PREFIX'), 'mysql.utf8mb4' => getenv('MYSQL_UTF8MB4'), - 'dbuser' => getenv('DB_USERNAME'), + 'dbuser' => getenv('DB_USER'), 'dbpassword' => getenv('DB_PASSWORD'), -); \ No newline at end of file +); diff --git a/base/scripts/install.sh b/base/scripts/install.sh index 9ec4a42..6054aa8 100755 --- a/base/scripts/install.sh +++ b/base/scripts/install.sh @@ -1,3 +1,6 @@ +#!/bin/sh +set -eu + echo "New nextcloud instance" if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 @@ -14,20 +17,15 @@ if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; fi install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then + if [ ${DB_TYPE} = "sqlite" ]; then echo "Installing with SQLite database" # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' + install_options=$install_options' --database-name "$DB_NAME"' install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" + elif [ ${DB_TYPE} = "pgsql" ] || [ ${DB_TYPE} = "mysql" ]; then + echo "Installing with ${DB_TYPE} database" # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' + install_options=$install_options' --database $DB_TYPE --database-name "$DB_NAME" --database-user "$DB_USER" --database-pass "$DB_PASSWORD" --database-host "$DB_HOST"' install=true fi @@ -48,27 +46,27 @@ if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; exit 1 fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - sh -c "php /usr/src/nextcloud/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) - done - fi +# if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then +# echo "setting trusted domains…" +# NC_TRUSTED_DOMAIN_IDX=1 +# for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do +# DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') +# sh -c "php /usr/src/nextcloud/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" +# NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) +# done +# fi - for app in $(cat /usr/src/nextcloud/config/apps_enable); do - app=$(echo $app| cut -d '=' -f1) - echo "enabling app $app" - sh -c "php /usr/src/nextcloud/occ app:enable $app" - done +# for app in $(cat /usr/src/nextcloud/config/apps_enable); do +# app=$(echo $app| cut -d '=' -f1) +# echo "enabling app $app" +# sh -c "php /usr/src/nextcloud/occ app:enable $app" +# done - for app in $(cat /usr/src/nextcloud/config/apps_disable); do - echo "disabling app $app" - sh -c "php /usr/src/nextcloud/occ app:disable $app" - done - fi +# for app in $(cat /usr/src/nextcloud/config/apps_disable); do +# echo "disabling app $app" +# sh -c "php /usr/src/nextcloud/occ app:disable $app" +# done + fi else echo "running web-based installer on first connect!" diff --git a/base/scripts/install_apps.sh b/base/scripts/install_apps.sh new file mode 100755 index 0000000..505f06d --- /dev/null +++ b/base/scripts/install_apps.sh @@ -0,0 +1,15 @@ +#!/bin/sh +set -eu + +for i in $(cat /usr/src/nextcloud/config/apps_enable) + do + app=$(echo $i | cut -d '=' -f1) + version=$(echo $i | cut -d '=' -f2) + url=$(echo $i | cut -d '=' -f3) + echo "downloading app $app" + curl -Ls $url -o $app.tar.gz + tar xzf $app.tar.gz + mv $app /usr/src/nextcloud/custom_apps + rm $app.tar.gz + done + \ No newline at end of file diff --git a/base/scripts/remove_apps.sh b/base/scripts/remove_apps.sh new file mode 100755 index 0000000..d4be499 --- /dev/null +++ b/base/scripts/remove_apps.sh @@ -0,0 +1,9 @@ +#!/bin/sh +set -eu + +for app in $(cat /usr/src/nextcloud/config/apps_remove) + do + echo "removing app $app" + rm -R /usr/src/nextcloud/apps/$app + done + \ No newline at end of file diff --git a/base/scripts/start.sh b/base/scripts/start.sh new file mode 100755 index 0000000..b352432 --- /dev/null +++ b/base/scripts/start.sh @@ -0,0 +1,7 @@ +#!/bin/sh +set -eu + +echo "Starting nextcloud instance" +touch /usr/src/nextcloud/.ocdata + +exec "$@" diff --git a/base/scripts/upgrade.sh b/base/scripts/upgrade.sh index f99068b..7626234 100755 --- a/base/scripts/upgrade.sh +++ b/base/scripts/upgrade.sh @@ -1,10 +1,16 @@ #!/bin/sh set -eu -echo "Upgrading nextcloud to $VERSION ..." +echo "Initializing nextcloud $image_version ..." +echo "Upgrading nextcloud from $installed_version ..." sh -c 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before sh -c 'php /var/www/html/occ upgrade' sh -c 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after echo "The following apps have been disabled:" diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after +for i in $(cat apps_enable) + do + app=${i%=*} + sh -c "php /usr/src/app/nextcloud/occ app:enable $app" + done echo "Upgrade finished" -- GitLab From fc824f30fb1c03eb635d61015ac51fcb521af2b9 Mon Sep 17 00:00:00 2001 From: Timothee Gosselin Date: Wed, 6 Nov 2019 13:23:53 +0100 Subject: [PATCH 03/50] update web container --- web/Dockerfile | 10 +++---- web/docker-entrypoint.sh | 6 ++++ web/{nginx.conf => nginx.tmpl} | 51 +++++++++++++++++++--------------- 3 files changed, 38 insertions(+), 29 deletions(-) create mode 100755 web/docker-entrypoint.sh rename web/{nginx.conf => nginx.tmpl} (64%) diff --git a/web/Dockerfile b/web/Dockerfile index 9cf7abe..467a655 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -1,6 +1,4 @@ -ARG VERSION=latest -FROM unteem/nextcloud:$VERSION as builder -FROM nginx:latest -COPY --from=builder /usr/src/nextcloud /usr/src/nextcloud -RUN chown -R 33:33 /usr/src/nextcloud -COPY nginx.conf /etc/nginx.conf +FROM indiehosters/nextcloud:16.0.5 as builder +FROM nginx +COPY --from=builder /var/www/html /var/www/html +CMD ["nginx", "-g", "daemon off;"] diff --git a/web/docker-entrypoint.sh b/web/docker-entrypoint.sh new file mode 100755 index 0000000..8ed3130 --- /dev/null +++ b/web/docker-entrypoint.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env sh +set -eu + +envsubst '${SERVER_HOST} ${SERVER_PORT}' < /etc/nginx/nginx.tmpl > /etc/nginx/nginx.conf + +exec "$@" diff --git a/web/nginx.conf b/web/nginx.tmpl similarity index 64% rename from web/nginx.conf rename to web/nginx.tmpl index 560a14f..b75fd13 100644 --- a/web/nginx.conf +++ b/web/nginx.tmpl @@ -6,22 +6,27 @@ events { http { upstream backend { - server app:9000; + server ${SERVER_HOST}:${SERVER_PORT}; } include /etc/nginx/mime.types; default_type application/octet-stream; - server { + server { + set_real_ip_from 10.0.0.0/8; + set_real_ip_from 172.16.0.0/12; + set_real_ip_from 192.168.0.0/16; + real_ip_header X-Forwarded-For; listen 80; - + # Add headers to serve security related headers add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; - root /usr/src/nextcloud; + root /var/www/html; location = /robots.txt { allow all; @@ -30,37 +35,36 @@ http { } location = /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; + return 301 https://$host/remote.php/dav; } location = /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; + return 301 https://$host/remote.php/dav; } client_max_body_size 1G; fastcgi_buffers 64 4K; - gzip off; + gzip off; # handled at haproxy level - index index.php; - error_page 403 /core/templates/403.php; - error_page 404 /core/templates/404.php; - location / { - rewrite ^ /index.php$uri; + rewrite ^ /index.php; } - location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { deny all; } - location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + + location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } - location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { - include fastcgi_params; + location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { fastcgi_split_path_info ^(.+\.php)(/.*)$; + try_files $fastcgi_script_name =404; + set $path_info $fastcgi_path_info; + include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param PATH_INFO $path_info; fastcgi_param HTTPS on; #Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; @@ -70,16 +74,16 @@ http { fastcgi_request_buffering off; } - location ~ ^/(?:updater|ocs-provider)(?:$|/) { + location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { try_files $uri/ =404; index index.php; } # Adding the cache control header for js and css files # Make sure it is BELOW the PHP block - location ~* \.(?:css|js)$ { - try_files $uri /index.php$uri$is_args$args; - add_header Cache-Control "public, max-age=7200"; + location ~ \.(?:css|js|woff2?|svg|gif|map)$ { + try_files $uri /index.php$request_uri; + add_header Cache-Control "public, max-age=15778463"; # Add headers to serve security related headers (It is intended to # have those duplicated to the ones above) # Before enabling Strict-Transport-Security headers please read into @@ -92,12 +96,13 @@ http { add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; # Optional: Don't log access to assets access_log off; } - location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { - try_files $uri /index.php$uri$is_args$args; + location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { + try_files $uri /index.php$request_uri; # Optional: Don't log access to other assets access_log off; } -- GitLab From 73fd9d85a60cc2c8b1536d6b90bd948382a26f20 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 18 Nov 2019 17:42:06 +0100 Subject: [PATCH 04/50] Add docker-copy --- docker-copyedit.py | 744 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 744 insertions(+) create mode 100755 docker-copyedit.py diff --git a/docker-copyedit.py b/docker-copyedit.py new file mode 100755 index 0000000..4d68927 --- /dev/null +++ b/docker-copyedit.py @@ -0,0 +1,744 @@ +#! /usr/bin/python +from __future__ import print_function + +__copyright__ = "(C) 2017-2019 Guido U. Draheim, licensed under the EUPL" +__version__ = "1.3.2045" + +import subprocess +import collections +import sys +import os +import re +import json +import copy +import shutil +import hashlib +import datetime +import logging +from fnmatch import fnmatchcase as fnmatch + +logg = logging.getLogger("edit") + +TMPDIR = "load.tmp" +KEEPDIR = 0 +OK=True +NULL="NULL" + +StringConfigs = {"user": "User", "domainname": "Domainname", "workingdir": "WorkingDir", "workdir": "WorkingDir", "hostname": "Hostname" } +StringMeta = {"author": "author", "os": "os", "architecture": "architecture", "arch": "architecture" } +StringCmd = {"cmd": "Cmd", "entrypoint": "Entrypoint"} + +def sh(cmd = None, shell=True, check = True, ok = None, default = ""): + if ok is None: ok = OK # a parameter "ok = OK" does not work in python + Result = collections.namedtuple("ShellResult", ["returncode", "stdout", "stderr"]) + if not ok: + logg.info("skip %s", cmd) + return Result(0, default, "") + run = subprocess.Popen(cmd, shell=shell, stdout = subprocess.PIPE, stderr=subprocess.PIPE) + run.wait() + result = Result(run.returncode, run.stdout.read(), run.stderr.read()) + if check and result.returncode: + logg.error("CMD %s", cmd) + logg.error("EXIT %s", result.returncode) + logg.error("STDOUT %s", result.stdout) + logg.error("STDERR %s", result.stderr) + raise Exception("shell command failed") + return result + +def portprot(arg): + port, prot = arg, "" + if "/" in arg: + port, prot = arg.rsplit("/", 1) + if port and port[0] in "0123456789": + pass + else: + import socket + if prot: + port = socket.getservbyname(port, prot) + else: + port = socket.getservbyname(port) + if not prot: + prot = "tcp" + return port, prot + +class ImageName: + def __init__(self, image): + self.registry = None + self.image = image + self.version = None + self.parse(image) + def parse(self, image): + parsing = image + parts = image.split("/") + if ":" in parts[-1] or "@" in parts[-1]: + colon = parts[-1].find(":") + atref = parts[-1].find("@") + if colon >= 0 and atref >= 0: + first = min(colon, atref) + else: + first = max(colon, atref) + version = parts[-1][first:] + parts[-1] = parts[-1][:first] + self.version = version + self.image = "/".join(parts) + if len(parts) > 1 and ":" in parts[0]: + registry = parts[0] + parts = parts[1:] + self.registry = registry + self.image = "/".join(parts) + logg.debug("image parsing = %s", parsing) + logg.debug(".registry = %s", self.registry) + logg.debug(".image = %s", self.image) + logg.debug(".version = %s", self.version) + def __str__(self): + image = self.image + if self.registry: + image = "/".join([self.registry, image]) + if self.version: + image += self.version + return image + def tag(self): + image = self.image + if self.registry: + image = "/".join([self.registry, image]) + if self.version: + image += self.version + else: + image += ":latest" + return image + def valid(self): + return not list(self.problems()) + def problems(self): + # https://docs.docker.com/engine/reference/commandline/tag/ + # https://github.com/docker/distribution/blob/master/reference/regexp.go + if self.registry and self.registry.startswith("["): + if len(self.registry) > 253: + yield "registry name: full name may not be longer than 253 characters" + yield "registry name= " + self.registry + x = self.registry.find("]") + if not x: + yield "registry name: invalid ipv6 number (missing bracket)" + yield "registry name= " + self.registry + port = self.registry[x+1:] + if port: + m = re.match("^:[A-Za-z0-9]+$", port) + if not m: + yield 'registry name: invalid ipv6 port (only alnum)' + yield "registry name= " + port + base = self.registry[:x] + if not base: + yield "registry name: invalid ipv6 number (empty)" + else: + m = re.match("^[0-9abcdefABCDEF:]*$", base) + if not m: + yield "registry name: invalid ipv6 number (only hexnum+colon)" + yield "registry name= " + base + elif self.registry: + if len(self.registry) > 253: + yield "registry name: full name may not be longer than 253 characters" + yield "registry name= " + self.registry + registry = self.registry + if registry.count(":") > 1: + yield "a colon may only be used to seperate the port number" + yield "registry name= " + registry + elif registry.count(":") == 1: + registry, port = registry.split(":", 1) + m = re.match("^[A-Za-z0-9]+$", port) + if not m: + yield 'registry name: invalid ipv4 port (only alnum)' + yield "registry name= " + registry + parts = registry.split(".") + if "" in parts: + yield "no double dots '..' allowed in registry names" + yield "registry name= " + registry + for part in parts: + if len(part) > 63: + yield "registry name: dot-seperated parts may only have 63 characters" + yield "registry name= " + part + m = re.match("^[A-Za-z0-9-]*$", part) + if not m: + yield "registry name: dns names may only have alnum+dots+dash" + yield "registry name= " + part + if part.startswith("-"): + yield "registry name: dns name parts may not start with a dash" + yield "registry name= " + part + if part.endswith("-") and len(part) > 1: + yield "registry name: dns name parts may not end with a dash" + yield "registry name= " + part + if self.image: + if len(self.image) > 253: + yield "image name: should not be longer than 253 characters (min path_max)" + yield "image name= " + self.image + if len(self.image) > 1024: + yield "image name: can not be longer than 1024 characters (limit path_max)" + yield "image name= " + self.image + parts = self.image.split("/") + for part in parts: + if not part: + yield "image name: double slashes are not a good idea" + yield "image name= " + part + continue + if len(part) > 253: + yield "image name: slash-seperated parts should only have 253 characters" + yield "image name= " + part + seperators = "._-" + m = re.match("^[a-z0-9._-]*$", part) + if not m: + yield "image name: only lowercase+digits+dots+dash+underscore" + yield "image name= " + part + if part[0] in seperators: + yield "image name: components may not start with a seperator (%s)" % part[0] + yield "image name= " + part + if part[-1] in seperators and len(part) > 1: + yield "image name: components may not end with a seperator (%s)" % part[-1] + yield "image name= " + part + elems = part.split(".") + if "" in elems: + yield "image name: only single dots are allowed, not even double" + yield "image name= " + part + elems = part.split("_") + if len(elems) > 2: + for x in xrange(len(elems)-1): + if not elems[x] and not elems[x+1]: + yield "image name: only single or double underscores are allowed" + yield "image name= " + part + if self.version: + if len(self.version) > 128: + yield "image version: may not be longer than 127 characters" + yield "image version= " + self.version + if self.version[0] not in ":@": + yield "image version: must either be :version or @digest" + yield "image version= " + self.version + if len(self.version) > 1 and self.version[1] in "-.": + yield "image version: may not start with dots or dash" + yield "image version= " + self.version + version = self.version[1:] + if not version: + yield "image version: no name provided after '%s'" % self.version[0] + yield "image version= " + self.version + m = re.match("^[A-Za-z0-9_.-]*$", version) + if not m: + yield 'image version: only alnum+undescore+dots+dash are allowed' + yield "image version= " + self.version + +def edit_image(inp, out, edits): + if not inp: + logg.error("no FROM value provided") + return False + if not out: + logg.error("no INTO value provided") + return False + inp_name = ImageName(inp) + out_name = ImageName(out) + for problem in inp_name.problems(): + logg.warning("FROM value: %s", problem) + for problem in out_name.problems(): + logg.warning("INTO value: %s", problem) + inp_tag = inp + out_tag = out_name.tag() + # + tmpdir = TMPDIR + if not os.path.isdir(tmpdir): + logg.debug("mkdir %s", tmpdir) + if OK: os.makedirs(tmpdir) + datadir = os.path.join(tmpdir, "data") + if not os.path.isdir(datadir): + logg.debug("mkdir %s", datadir) + if OK: os.makedirs(datadir) + inputfile = os.path.join(tmpdir, "saved.tar") + outputfile = os.path.join(tmpdir, "ready.tar") + # + cmd = "docker save {inp} -o {inputfile}" + sh(cmd.format(**locals())) + cmd = "tar xf {inputfile} -C {datadir}" + sh(cmd.format(**locals())) + run = sh("ls -l {tmpdir}".format(**locals())) + logg.debug(run.stdout) + # + if OK: + changed = edit_datadir(datadir, out_tag, edits) + if changed: + outfile = os.path.realpath(outputfile) + cmd = "cd {datadir} && tar cf {outfile} ." + sh(cmd.format(**locals())) + cmd = "docker load -i {outputfile}" + sh(cmd.format(**locals())) + else: + logg.warning("unchanged image from %s", inp_tag) + if inp != out: + cmd = "docker tag {inp_tag} {out_tag}" + sh(cmd.format(**locals())) + logg.warning(" tagged old image as %s", out_tag) + # + if KEEPDIR >= 1: + logg.warning("keeping %s", datadir) + else: + if os.path.exists(datadir): + shutil.rmtree(datadir) + if KEEPDIR >= 2: + logg.warning("keeping %s", inputfile) + else: + if os.path.exists(inputfile): + os.remove(inputfile) + if KEEPDIR >= 3: + logg.warning("keeping %s", outputfile) + else: + if os.path.exists(outputfile): + os.remove(outputfile) + +def edit_datadir(datadir, out, edits): + manifest_file = "manifest.json" + manifest_filename = os.path.join(datadir, manifest_file) + with open(manifest_filename) as fp: + manifest = json.load(fp) + replaced = {} + for item in xrange(len(manifest)): + config_file = manifest[item]["Config"] + config_filename = os.path.join(datadir, config_file) + replaced[config_filename] = None + # + for item in xrange(len(manifest)): + config_file = manifest[item]["Config"] + config_filename = os.path.join(datadir, config_file) + with open(config_filename) as fp: + config = json.load(fp) + old_config_text = json.dumps(config) # to compare later + # + for CONFIG in ['config','Config','container_config']: + if CONFIG not in config: + logg.debug("no section '%s' in config", CONFIG) + continue + logg.debug("with %s: %s", CONFIG, config[CONFIG]) + for action, target, arg in edits: + if action in ["remove", "rm"] and target in ["volume", "volumes"]: + key = 'Volumes' + if target in ["volumes"] and arg in ["*", "%"]: + args = [] + try: + if config[CONFIG][key] is not None: + del config[CONFIG][key] + logg.warning("done actual config %s %s '%s'", action, target, arg) + except KeyError, e: + logg.warning("there was no '%s' in %s", key, config_filename) + elif target in ["volumes"]: + pattern = arg.replace("%", "*") + args = [] + if key in config[CONFIG]: + for entry in config[CONFIG][key]: + if fnmatch(entry, pattern): + args += [ entry ] + logg.debug("volume pattern %s -> %s", pattern, args) + if not args: + logg.warning("%s pattern '%s' did not match anything", target, pattern) + elif arg.startswith("/"): + args = [ arg ] + else: + logg.error("can not do edit %s %s %s", action, target, arg) + continue + # + for arg in args: + entry = os.path.normpath(arg) + try: + del config[CONFIG]['Volumes'][entry] + except KeyError, e: + logg.warning("there was no '%s' in '%s' of %s", entry, key, config_filename) + if action in ["remove", "rm"] and target in ["port", "ports"]: + key = 'ExposedPorts' + if target in ["ports"] and arg in ["*", "%"]: + args = [] + try: + del config[CONFIG][key] + logg.warning("done actual config %s %s %s", action, target, arg) + except KeyError, e: + logg.warning("there were no '%s' in %s", key, config_filename) + elif target in ["ports"]: + pattern = arg.replace("%", "*") + args = [] + if key in config[CONFIG]: + for entry in config[CONFIG][key]: + if fnmatch(entry, pattern): + args += [ entry ] + logg.debug("ports pattern %s -> %s", pattern, args) + if not args: + logg.warning("%s pattern '%s' did not match anything", target, pattern) + else: + args = [ arg ] + # + for arg in args: + port, prot = portprot(arg) + if not port: + logg.error("can not do edit %s %s %s", action, target, arg) + return False + entry = u"%s/%s" % (port, prot) + try: + del config[CONFIG][key][entry] + logg.info("done rm-port '%s' from '%s'", entry, key) + except KeyError, e: + logg.warning("there was no '%s' in '%s' of %s", entry, key, config_filename) + if action in ["append", "add"] and target in ["volume"]: + key = 'Volumes' + entry = os.path.normpath(arg) + if key not in config[CONFIG]: + config[CONFIG][key] = {} + if arg not in config[CONFIG][key]: + config[CONFIG][key][entry] = {} + logg.info("added %s to %s", entry, key) + if action in ["append", "add"] and target in ["port"]: + key = 'ExposedPorts' + port, prot = portprot(arg) + entry = "%s/%s" % (port, prot) + if key not in config[CONFIG]: + config[CONFIG][key] = {} + if arg not in config[CONFIG][key]: + config[CONFIG][key][entry] = {} + logg.info("added %s to %s", entry, key) + if action in ["set", "set-shell"] and target in ["entrypoint"]: + key = 'Entrypoint' + try: + if arg in ["", None ]: + running = None + elif action in ["set-shell"]: + running = [ "/bin/sh", "-c", arg ] + elif arg.startswith("["): + running = json.loads(arg) + else: + running = [ arg ] + config[CONFIG][key] = running + logg.warning("done edit %s %s", action, arg) + except KeyError, e: + logg.warning("there was no '%s' in %s", key, config_filename) + if action in ["set", "set-shell"] and target in ["cmd"]: + key = 'Cmd' + try: + if arg in ["", None ]: + running = None + elif action in ["set-shell"]: + running = [ "/bin/sh", "-c", arg ] + logg.info("%s %s", action, running) + elif arg.startswith("["): + running = json.loads(arg) + else: + running = [ arg ] + config[CONFIG][key] = running + logg.warning("done edit %s %s", action, arg) + except KeyError, e: + logg.warning("there was no '%s' in %s", key, config_filename) + if action in ["set"] and target in StringConfigs: + key = StringConfigs[target] + try: + if arg in ["", None ]: + value = u'' + else: + value = arg + if key in config[CONFIG]: + if config[CONFIG][key] == value: + logg.warning("unchanged config '%s' %s", key, value) + else: + config[CONFIG][key] = value + logg.warning("done edit config '%s' %s", key, value) + else: + config[CONFIG][key] = value + logg.warning("done new config '%s' %s", key, value) + except KeyError, e: + logg.warning("there was no config %s in %s", target, config_filename) + if action in ["set"] and target in StringMeta: + key = StringMeta[target] + try: + if arg in ["", None ]: + value = u'' + else: + value = arg + if key in config: + if config[key] == value: + logg.warning("unchanged meta '%s' %s", key, value) + else: + config[key] = value + logg.warning("done edit meta '%s' %s", key, value) + else: + logg.warning("skip missing meta '%s'", key) + logg.warning("config = %s", config) + except KeyError, e: + logg.warning("there was no meta %s in %s", target, config_filename) + if action in ["set-label"]: + key = "Labels" + try: + value = arg or u'' + if key not in config[CONFIG]: + config[key] = {} + if target in config[CONFIG][key]: + if config[CONFIG][key][target] == value: + logg.warning("unchanged label '%s' %s", target, value) + else: + config[CONFIG][key][target] = value + logg.warning("done edit label '%s' %s", target, value) + else: + config[CONFIG][key][target] = value + logg.warning("done new label '%s' %s", target, value) + except KeyError, e: + logg.warning("there was no config %s in %s", target, config_filename) + if action in ["remove-label", "rm-label"]: + key = "Labels" + try: + if key in config[CONFIG]: + del config[CONFIG][key][target] + logg.warning("done actual %s %s ", action, target) + except KeyError, e: + logg.warning("there was no label %s in %s", target, config_filename) + if action in ["remove-labels", "rm-labels"]: + key = "Labels" + try: + pattern = target.replace("%", "*") + args = [] + if key in config[CONFIG]: + for entry in config[CONFIG][key]: + if fnmatch(entry, pattern): + args += [ entry ] + for arg in args: + del config[CONFIG][key][arg] + logg.warning("done actual %s %s (%s)", action, target, arg) + except KeyError, e: + logg.warning("there was no label %s in %s", target, config_filename) + if action in ["remove-envs", "rm-envs"]: + key = "Env" + try: + pattern = target.strip() + "=*" + pattern = pattern.replace("%", "*") + found = [] + if key in config[CONFIG]: + for n, entry in enumerate(config[CONFIG][key]): + if fnmatch(entry, pattern): + found += [ n ] + for n in reversed(found): + del config[CONFIG][key][n] + logg.warning("done actual %s %s (%s)", action, target, n) + except KeyError, e: + logg.warning("there was no label %s in %s", target, config_filename) + if action in ["remove-env", "rm-env"]: + key = "Env" + try: + pattern = target.strip() + "=" + found = [] + if key in config[CONFIG]: + for n, entry in enumerate(config[CONFIG][key]): + if entry.startswith(pattern): + found += [ n ] + for n in reversed(found): + del config[CONFIG][key][n] + logg.warning("done actual %s %s (%s)", action, target, n) + except KeyError, e: + logg.warning("there was no label %s in %s", target, config_filename) + if action in ["set-env"]: + key = "Env" + try: + pattern = target.strip() + "=" + value = pattern + (arg or u'') + if key not in config[CONFIG]: + config[key] = {} + found = None + for n, entry in enumerate(config[CONFIG][key]): + if entry.startswith(pattern): + found = n + if found is not None: + if config[CONFIG][key][found] == value: + logg.warning("unchanged var '%s' %s", target, value) + else: + config[CONFIG][key][found] = value + logg.warning("done edit var '%s' %s", target, value) + else: + config[CONFIG][key] += [ pattern + value ] + logg.warning("done new var '%s' %s", target, value) + except KeyError, e: + logg.warning("there was no config %s in %s", target, config_filename) + logg.debug("done %s: %s", CONFIG, config[CONFIG]) + new_config_text = json.dumps(config) + if new_config_text != old_config_text: + for CONFIG in ['history']: + if CONFIG in config: + myself = os.path.basename(sys.argv[0]) + config[CONFIG] += [ {"empty_layer": True, + "created_by": "%s #(%s)" % (myself, __version__), + "created": datetime.datetime.utcnow().isoformat() + "Z"} ] + new_config_text = json.dumps(config) + new_config_md = hashlib.sha256() + new_config_md.update(new_config_text) + for collision in xrange(1, 100): + new_config_hash = new_config_md.hexdigest() + new_config_file = "%s.json" % new_config_hash + new_config_filename = os.path.join(datadir, new_config_file) + if new_config_filename in replaced.keys() or new_config_filename in replaced.values(): + logg.info("collision %s %s", collision, new_config_filename) + new_config_md.update(" ") + continue + break + with open(new_config_filename, "wb") as fp: + fp.write(new_config_text) + logg.info("written new %s", new_config_filename) + logg.info("removed old %s", config_filename) + # + manifest[item]["Config"] = new_config_file + replaced[config_filename] = new_config_filename + else: + logg.info(" unchanged %s", config_filename) + # + if manifest[item]["RepoTags"]: + manifest[item]["RepoTags"] = [ out ] + manifest_text = json.dumps(manifest) + manifest_filename = os.path.join(datadir, manifest_file) + # report the result + with open(manifest_filename, "wb") as fp: + fp.write(manifest_text) + changed = 0 + for a, b in replaced.items(): + if b: + changed += 1 + logg.debug("replaced\n\t old %s\n\t new %s", a, b) + else: + logg.debug("unchanged\n\t old %s", a) + logg.debug("updated\n\t --> %s", manifest_filename) + logg.debug("changed %s layer metadata", changed) + return changed + +def parsing(args): + inp = None + out = None + action = None + target = None + commands = [] + known_set_targets = StringCmd.keys() + StringConfigs.keys() + StringMeta.keys() + for n in xrange(len(args)): + arg = args[n] + if target is not None: + if target.lower() in [ "all" ]: + # remove all ports => remove ports * + commands.append((action, arg.lower(), "*")) + elif action in ["set", "set-shell"] and target.lower() in [ "null", "no" ]: + # set null cmd => set cmd + if arg.lower() not in known_set_targets: + logg.error("bad edit command: %s %s %s", action, target, arg) + commands.append((action, arg.lower(), None)) + elif action in ["set", "set-shell"] and target.lower() in known_set_targets: + # set cmd null => set cmd + if arg.lower() in [ NULL.lower(), NULL.upper() ]: + logg.info("do not use '%s %s %s' - use 'set null %s'", action, target, arg, target.lower()) + commands.append((action, target.lower(), None)) + elif arg.lower() in [ '' ]: + logg.error("do not use '%s %s %s' - use 'set null %s'", action, target, '""', target.lower()) + logg.warning("we assume here but that will change in the future") + commands.append((action, target.lower(), None)) + else: + commands.append((action, target.lower(), arg)) + else: + commands.append((action, target, arg)) + action, target = None, None + continue + if action is None: + if arg in ["and", "+", ",", "/"]: + continue + action = arg.lower() + continue + rm_labels = ["rm-label", "remove-label", "rm-labels", "remove-labels"] + rm_vars = ["rm-var", "remove-var", "rm-vars", "remove-vars"] + rm_envs = ["rm-env", "remove-env", "rm-envs", "remove-envs"] + if action in (rm_labels + rm_vars + rm_envs): + target = arg + commands.append((action, target, None)) + action, target = None, None + continue + # + if action in ["set"] and arg.lower() in ["shell", "label", "labels", "var", "vars", "env", "envs"]: + action = "%s-%s" % (action, arg.lower()) + continue + if action in ["rm", "remove"] and arg.lower() in ["label", "labels", "var", "vars", "env", "envs"]: + action = "%s-%s" % (action, arg.lower()) + continue + if action in ["from"]: + inp = arg + action = None + continue + elif action in ["into"]: + out = arg + action = None + continue + elif action in ["remove", "rm"]: + if arg.lower() in ["volume", "port", "all", "volumes", "ports"]: + target = arg.lower() + continue + logg.error("unknown edit command starting with %s %s", action, arg) + return None, None, None + elif action in ["append", "add"]: + if arg.lower() in ["volume", "port"]: + target = arg.lower() + continue + logg.error("unknown edit command starting with %s %s", action, arg) + return None, None, None + elif action in ["set", "override"]: + if arg.lower() in known_set_targets: + target = arg.lower() + continue + if arg.lower() in [ "null", "no" ]: + target = arg.lower() + continue # handled in "all" / "no" case + logg.error("unknown edit command starting with %s %s", action, arg) + return None, None, None + elif action in ["set-shell"]: + if arg.lower() in StringCmd: + target = arg.lower() + continue + logg.error("unknown edit command starting with %s %s", action, arg) + return None, None, None + elif action in ["set-label", "set-var", "set-env"]: + target = arg + continue + else: + logg.error("unknown edit command starting with %s", action) + return None, None, None + if not inp: + logg.error("no input image given - use 'FROM image-name'") + return None, None, None + if not out: + logg.error("no output image given - use 'INTO image-name'") + return None, None, None + return inp, out, commands + +if __name__ == "__main__": + from optparse import OptionParser + cmdline = OptionParser("%prog input-image output-image [commands...]") + cmdline.add_option("-T", "--tmpdir", metavar="DIR", default=TMPDIR, + help="use this base temp dir %s [%default]" ) + cmdline.add_option("-k", "--keepdir", action="count", default=KEEPDIR, + help="keep the unpacked dirs [%default]") + cmdline.add_option("-v", "--verbose", action="count", default=0, + help="increase logging level [%default]") + cmdline.add_option("-z", "--dryrun", action="store_true", default=not OK, + help="only run logic, do not change anything [%default]") + cmdline.add_option("--with-null", metavar="name", default=NULL, + help="specify the special value for disable [%default]") + opt, args = cmdline.parse_args() + logging.basicConfig(level = max(0, logging.ERROR - 10 * opt.verbose)) + TMPDIR = opt.tmpdir + KEEPDIR = opt.keepdir + OK = not opt.dryrun + NULL = opt.with_null + if len(args) < 2: + logg.error("not enough arguments, use --help") + else: + inp, out, commands = parsing(args) + if not commands: + logg.warning("nothing to do for %s", out) + if inp and out and inp != out: + cmd = "docker tag {inp} {out}" + logg.info("%s", cmd) + sh("docker tag {inp} {out}".format(**locals()), check = False) + else: + if opt.dryrun: + oldlevel = logg.level + logg.level = logging.INFO + logg.info(" | from %s into %s", inp, out) + for action, target, arg in commands: + if arg is None: + arg = "" + else: + arg = "'%s'" % arg + logg.info(" | %s %s %s", action, target, arg) + logg.level = oldlevel + edit_image(inp, out, commands) -- GitLab From 14e50ec3eeb63e64d7fdbd6543453b3ebce5e3c3 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 11:38:16 +0100 Subject: [PATCH 05/50] WIP --- .gitlab-ci copy.yaml | 39 ++ .gitlab-ci.yaml | 25 ++ .gitmodules | 3 + README.md | 3 +- base/Dockerfile | 145 +----- base/config-sample.php | 300 ------------- base/config/20.apps.config.php | 11 + base/config/apps.config.php | 18 - base/config/apps_enable | 9 +- base/config/base.config.php | 19 - base/config/database.config.php | 11 - base/config/installed.config.php | 6 - base/config/language.config.php | 7 - base/config/mail.config.php | 15 - base/config/redis.config.php | 11 - base/config/s3.config.php | 21 - base/config/smtp.config.php | 19 - base/redis.ini | 2 + base/scripts/install_apps.sh | 21 +- base/scripts/remove_apps.sh | 9 +- docker-copyedit.py | 744 ------------------------------- fr/Dockerfile | 1 + imap/Dockerfile | 11 - upstream | 1 + web/Dockerfile | 3 +- web/docker-entrypoint.sh | 6 - web/{nginx.tmpl => nginx.conf} | 2 +- 27 files changed, 125 insertions(+), 1337 deletions(-) create mode 100644 .gitlab-ci copy.yaml create mode 100644 .gitlab-ci.yaml create mode 100644 .gitmodules delete mode 100644 base/config-sample.php create mode 100644 base/config/20.apps.config.php delete mode 100644 base/config/apps.config.php delete mode 100644 base/config/base.config.php delete mode 100644 base/config/database.config.php delete mode 100644 base/config/installed.config.php delete mode 100644 base/config/language.config.php delete mode 100644 base/config/mail.config.php delete mode 100644 base/config/redis.config.php delete mode 100644 base/config/s3.config.php delete mode 100644 base/config/smtp.config.php create mode 100644 base/redis.ini delete mode 100755 docker-copyedit.py create mode 100644 fr/Dockerfile delete mode 100644 imap/Dockerfile create mode 160000 upstream delete mode 100755 web/docker-entrypoint.sh rename web/{nginx.tmpl => nginx.conf} (98%) diff --git a/.gitlab-ci copy.yaml b/.gitlab-ci copy.yaml new file mode 100644 index 0000000..ba5ca36 --- /dev/null +++ b/.gitlab-ci copy.yaml @@ -0,0 +1,39 @@ +variables: + GIT_SUBMODULE_STRATEGY: recursive + +stages: + - build + - deploy + +test: + stage: build + image: + name: gcr.io/kaniko-project/executor:debug + entrypoint: [""] + script: + - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --no-push + except: + - master + +build: + stage: build + image: + name: gcr.io/kaniko-project/executor:debug + entrypoint: [""] + script: + - cp $DOCKER_SECRET_CONFIG /kaniko/.docker/config.json + - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination indiepaas/website:$CI_COMMIT_SHORT_SHA + only: + - master + +deploy: + stage: deploy + tags: + - deploy + image: + name: lachlanevenson/k8s-kubectl + entrypoint: [""] + script: + - cat $CI_PROJECT_DIR/k8s.yml | sed "s/latest/$CI_COMMIT_SHORT_SHA/" | kubectl apply -f - + only: + - master diff --git a/.gitlab-ci.yaml b/.gitlab-ci.yaml new file mode 100644 index 0000000..5cbfa57 --- /dev/null +++ b/.gitlab-ci.yaml @@ -0,0 +1,25 @@ +variables: + GIT_SUBMODULE_STRATEGY: recursive + VERSIONS: ( 16 17 18 ) + +stages: +- upstream +- base +- fr +- web + +build: + stage: upstream + tags: build + image: + name: gcr.io/kaniko-project/executor:debug + entrypoint: [""] + script: + script: + - > + cp $DOCKER_SECRET_CONFIG /kaniko/.docker/config.json + for version in "${versions[@]}"; do + /kaniko/executor --context $CI_PROJECT_DIR/upstream/$version --dockerfile $CI_PROJECT_DIR/upstream/$version/Dockerfile --destination libresh/nextcloud:${version}-upstream-`date "+%Y-%m-%d"` + done +# only: +# - master \ No newline at end of file diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..063da10 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "upstream"] + path = upstream + url = https://github.com/pierreozoux/docker-1 diff --git a/README.md b/README.md index 7c5987b..630e974 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,3 @@ # docker-nextcloud -Nextcloud docker image for libre.sh + +Nextcloud docker image for libre.sh \ No newline at end of file diff --git a/base/Dockerfile b/base/Dockerfile index bd540f4..04253f1 100644 --- a/base/Dockerfile +++ b/base/Dockerfile @@ -1,134 +1,21 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-debian.template -FROM php:7.3-fpm-buster +FROM nextcloud-local:TAG +FROM indiehosters/nextcloud:16.0.5-2 -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - bzip2 \ - busybox-static \ - ; \ - rm -rf /var/lib/apt/lists/*; - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libcurl4-openssl-dev \ - libevent-dev \ - libfreetype6-dev \ - libicu-dev \ - libjpeg-dev \ - libldap2-dev \ - libmcrypt-dev \ - libmemcached-dev \ - libpng-dev \ - libpq-dev \ - libxml2-dev \ - libmagickwand-dev \ - libzip-dev \ - libwebp-dev \ - ; \ - \ - debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ - docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \ - docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ - docker-php-ext-install -j "$(nproc)" \ - exif \ - gd \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.17; \ - pecl install memcached-3.1.4; \ - pecl install redis-4.3.0; \ - pecl install imagick-3.4.4; \ - \ - docker-php-ext-enable \ - apcu \ - memcached \ - redis \ - imagick \ - ; \ - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies - apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ - ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ - | sort -u \ - | xargs -r dpkg-query -S \ - | cut -d: -f1 \ - | sort -u \ - | xargs -rt apt-mark manual; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - rm -rf /var/lib/apt/lists/* - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=8'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=1'; \ - } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ - \ - echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ - \ - echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -ENV NEXTCLOUD_VERSION 16.0.5 +COPY redis.ini /usr/local/etc/php/conf.d/ +COPY --chown=www-data:root custom_apps /var/www/html/custom_apps +COPY --chown=www-data:root config/* /var/www/html/config/ -RUN set -ex; \ - fetchDeps=" \ - gnupg \ - dirmngr \ - "; \ - apt-get update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /var/www/html/ --strip-components 1; \ - gpgconf --kill all; \ - rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf /var/www/html/updater; \ - mkdir -p /var/www/html/data; \ - touch /var/www/html/data/.ocdata; \ - mkdir -p /var/www/html/custom_apps; \ - chmod +x /var/www/html/occ; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ - rm -rf /var/lib/apt/lists/* +CMD ["php-fpm"] -COPY --chown=www-data:root config/* /var/www/html/config/ -RUN chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -CMD ["php-fpm"] +ARG VERSION=latest +FROM indiehosters/nextcloud:$VERSION +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + apt-utils \ + libc-client-dev \ + libmagickwand-dev \ + && docker-php-ext-configure imap --with-imap-ssl \ + && docker-php-ext-install imap \ + && rm -rf /var/lib/apt/lists/* diff --git a/base/config-sample.php b/base/config-sample.php deleted file mode 100644 index a6542a7..0000000 --- a/base/config-sample.php +++ /dev/null @@ -1,300 +0,0 @@ - 'en', -/** - * Defaults to ``false`` - */ -'force_language' => 'en', -/** - * Defaults to ``en`` - */ -'default_locale' => 'en_US', -/** - * Defaults to ``false`` - */ -'force_locale' => 'en_US', -'defaultapp' => 'files', -'knowledgebaseenabled' => true, -'allow_user_to_change_display_name' => true, -'remember_login_cookie_lifetime' => 60*60*24*15, -'session_lifetime' => 60 * 60 * 24, -'session_keepalive' => true, - -/** - * Enforce token authentication for clients, which blocks requests using the user - * password for enhanced security. Users need to generate tokens in personal settings - * which can be used as passwords on their clients. - * - * Defaults to ``false`` - */ -'token_auth_enforced' => false, -'auth.bruteforce.protection.enabled' => true, -'skeletondirectory' => '/path/to/nextcloud/core/skeleton', -'user_backends' => array( - array( - 'class' => 'OC_User_IMAP', - 'arguments' => array('{imap.gmail.com:993/imap/ssl}INBOX') - ) -), -'lost_password_link' => 'https://example.org/link/to/password/reset', -'mail_domain' => 'example.com', -'mail_from_address' => 'nextcloud', -'mail_smtpdebug' => false, -'mail_smtpmode' => 'smtp', -'mail_smtphost' => '127.0.0.1', -'mail_smtpport' => 25, -'mail_smtptimeout' => 10, -'mail_smtpsecure' => '', -'mail_smtpauth' => false, -'mail_smtpauthtype' => 'LOGIN', -'mail_smtpname' => '', -'mail_smtppassword' => '', -'mail_template_class' => '\OC\Mail\EMailTemplate', -'mail_send_plaintext_only' => false, -'mail_sendmailmode' => 'smtp', -q -'overwritehost' => '', -'overwriteprotocol' => '', -'overwritewebroot' => '', -'overwritecondaddr' => '', -'overwrite.cli.url' => '', -'htaccess.RewriteBase' => '/', -'htaccess.IgnoreFrontController' => false, -'proxy' => '', -'proxyuserpwd' => '', -'trashbin_retention_obligation' => 'auto', -'versions_retention_obligation' => 'auto', -'appcodechecker' => true, -'updatechecker' => true, -'updater.server.url' => 'https://updates.nextcloud.com/updater_server/', -'updater.release.channel' => 'stable', -'has_internet_connection' => true, -'connectivity_check_domains' => array( - 'www.nextcloud.com', - 'www.startpage.com', - 'www.eff.org', - 'www.edri.org' -), -'check_for_working_wellknown_setup' => true, -'check_for_working_htaccess' => true, -'check_data_directory_permissions' => true, -'config_is_read_only' => false, -'log_type' => 'file', -'logfile' => '/var/log/nextcloud.log', -'logfilemode' => 0640, -'loglevel' => 2, -'syslog_tag' => 'Nextcloud', -'log.condition' => [ - 'shared_secret' => '57b58edb6637fe3059b3595cf9c41b9', - 'users' => ['sample-user'], - 'apps' => ['files'], -], -'logdateformat' => 'F d, Y H:i:s', -'logtimezone' => 'Europe/Berlin', -'log_query' => false, -'log_rotate_size' => 100 * 1024 * 1024, -'customclient_desktop' => - 'https://nextcloud.com/install/#install-clients', -'customclient_android' => - 'https://play.google.com/store/apps/details?id=com.nextcloud.client', -'customclient_ios' => - 'https://itunes.apple.com/us/app/nextcloud/id1125420102?mt=8', -'customclient_ios_appid' => - '1125420102', -'appstoreenabled' => true, - -'apps_paths' => array( - array( - 'path'=> '/var/www/nextcloud/apps', - 'url' => '/apps', - 'writable' => true, - ), -), - -'enable_previews' => true, -'preview_max_x' => 4096, -'preview_max_y' => 4096, -'preview_max_filesize_image' => 50, -'preview_libreoffice_path' => '/usr/bin/libreoffice', -'preview_office_cl_parameters' => -'enabledPreviewProviders' => array( - 'OC\Preview\PNG', - 'OC\Preview\JPEG', - 'OC\Preview\GIF', - 'OC\Preview\HEIC', - 'OC\Preview\BMP', - 'OC\Preview\XBitmap', - 'OC\Preview\MP3', - 'OC\Preview\TXT', - 'OC\Preview\MarkDown' -), -'ldapUserCleanupInterval' => 51, -'sort_groups_by_name' => false, -'comments.managerFactory' => '\OC\Comments\ManagerFactory', -'systemtags.managerFactory' => '\OC\SystemTag\ManagerFactory', -'maintenance' => false, -'openssl' => array( - 'config' => '/absolute/location/of/openssl.cnf', -), -'memcache.local' => '\OC\Memcache\APCu', -'memcache.distributed' => '\OC\Memcache\Memcached', -'redis' => [ - 'host' => 'localhost', // can also be a unix domain socket: '/tmp/redis.sock' - 'port' => 6379, - 'timeout' => 0.0, - 'password' => '', // Optional, if not defined no password will be used. - 'dbindex' => 0, // Optional, if undefined SELECT will not run and will use Redis Server's default DB Index. -], - -'redis.cluster' => [ - 'seeds' => [ // provide some/all of the cluster servers to bootstrap discovery, port required - 'localhost:7000', - 'localhost:7001', - ], - 'timeout' => 0.0, - 'read_timeout' => 0.0, - 'failover_mode' => \RedisCluster::FAILOVER_ERROR, - 'password' => '', // Optional, if not defined no password will be used. -], - -'memcached_servers' => array( - array('localhost', 11211), - //array('other.host.local', 11211), -), - -'memcached_options' => array( - // Set timeouts to 50ms - \Memcached::OPT_CONNECT_TIMEOUT => 50, - \Memcached::OPT_RETRY_TIMEOUT => 50, - \Memcached::OPT_SEND_TIMEOUT => 50, - \Memcached::OPT_RECV_TIMEOUT => 50, - \Memcached::OPT_POLL_TIMEOUT => 50, - - // Enable compression - \Memcached::OPT_COMPRESSION => true, - - // Turn on consistent hashing - \Memcached::OPT_LIBKETAMA_COMPATIBLE => true, - - // Enable Binary Protocol - \Memcached::OPT_BINARY_PROTOCOL => true, - - // Binary serializer vill be enabled if the igbinary PECL module is available - //\Memcached::OPT_SERIALIZER => \Memcached::SERIALIZER_IGBINARY, -), -'cache_path' => '', -'cache_chunk_gc_ttl' => 60*60*24, -'objectstore' => [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - // trystack will use your facebook id as the user name - 'username' => 'facebook100000123456789', - // in the trystack dashboard go to user -> settings -> API Password to - // generate a password - 'password' => 'Secr3tPaSSWoRdt7', - // must already exist in the objectstore, name can be different - 'container' => 'nextcloud', - // prefix to prepend to the fileid, default is 'oid:urn:' - 'objectPrefix' => 'oid:urn:', - // create the container if it does not exist. default is false - 'autocreate' => true, - // required, dev-/trystack defaults to 'RegionOne' - 'region' => 'RegionOne', - // The Identity / Keystone endpoint - 'url' => 'http://8.21.28.222:5000/v2.0', - // required on dev-/trystack - 'tenantName' => 'facebook100000123456789', - // dev-/trystack uses swift by default, the lib defaults to 'cloudFiles' - // if omitted - 'serviceName' => 'swift', - // The Interface / url Type, optional - 'urlType' => 'internal' - ], -], -'objectstore' => [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => true, - 'user' => [ - 'name' => 'swift', - 'password' => 'swift', - 'domain' => [ - 'name' => 'default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => 'service', - 'domain' => [ - 'name' => 'default', - ], - ], - ], - 'tenantName' => 'service', - 'serviceName' => 'swift', - 'region' => 'regionOne', - 'url' => 'http://yourswifthost:5000/v3', - 'bucket' => 'nextcloud', - ], -], -'sharing.managerFactory' => '\OC\Share20\ProviderFactory', -'sharing.maxAutocompleteResults' => 0, -'sharing.minSearchStringLength' => 0, -'dbdriveroptions' => array( - PDO::MYSQL_ATTR_SSL_CA => '/file/path/to/ca_cert.pem', - PDO::MYSQL_ATTR_INIT_COMMAND => 'SET wait_timeout = 28800' -), -'sqlite.journal_mode' => 'DELETE', -'mysql.utf8mb4' => false, -'supportedDatabases' => array( - 'sqlite', - 'mysql', - 'pgsql', - 'oci', -), -'tempdirectory' => '/tmp/nextcloudtemp', -'hashingCost' => 10, -'blacklisted_files' => array('.htaccess'), -'share_folder' => '/', -'theme' => '', -'cipher' => 'AES-256-CFB', -'minimum.supported.desktop.version' => '2.0.0', -'quota_include_external_storage' => false, -'filesystem_check_changes' => 0, -'part_file_in_storage' => true, -'mount_file' => '/var/www/nextcloud/data/mount.json', -'filesystem_cache_readonly' => false, -'secret' => '', -'trusted_proxies' => array('203.0.113.45', '198.51.100.128', '192.168.2.0/24'), -'forwarded_for_headers' => array('HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR'), -'max_filesize_animated_gifs_public_sharing' => 10, -'filelocking.enabled' => true, -'filelocking.ttl' => 60*60, -'memcache.locking' => '\\OC\\Memcache\\Redis', -'filelocking.debug' => false, -'upgrade.disable-web' => false, - -'debug' => false, - -'data-fingerprint' => '', - -'copied_sample_config' => true, - -'lookup_server' => 'https://lookup.nextcloud.com', - -'gs.enabled' => false, - -'gs.federation' => 'internal', - -'csrf.optout' => array( - '/^WebDAVFS/', // OS X Finder - '/^Microsoft-WebDAV-MiniRedir/', // Windows webdav drive -), - -'simpleSignUpLink.shown' => true, -'login_form_autocomplete' => true, -); \ No newline at end of file diff --git a/base/config/20.apps.config.php b/base/config/20.apps.config.php new file mode 100644 index 0000000..d356d91 --- /dev/null +++ b/base/config/20.apps.config.php @@ -0,0 +1,11 @@ + array ( + 0 => array ( + "path" => OC::$SERVERROOT."/apps", + "url" => "/apps", + "writable" => false, + ), + ), + "appstoreenabled" => "false", +); \ No newline at end of file diff --git a/base/config/apps.config.php b/base/config/apps.config.php deleted file mode 100644 index f62a304..0000000 --- a/base/config/apps.config.php +++ /dev/null @@ -1,18 +0,0 @@ - array ( - 0 => array ( - "path" => OC::$SERVERROOT."/apps", - "url" => "/apps", - "writable" => false, - ), - 1 => array ( - "path" => OC::$SERVERROOT."/custom_apps", - "url" => "/custom_apps", - "writable" => true, - ), - ), - "appstoreenabled" => getenv('APPS_STORE_ENABLE') ?: "true", - "appstoreurl" => getenv('APPS_STORE_URL') ?: "https://api.nextcloud.com/v1" , - 'defaultapp' => getenv('APPS_DEFAULT') ?: "files", -); \ No newline at end of file diff --git a/base/config/apps_enable b/base/config/apps_enable index 9b80c5e..dad0300 100644 --- a/base/config/apps_enable +++ b/base/config/apps_enable @@ -9,4 +9,11 @@ groupfolders=4.1.3=https://github.com/nextcloud/groupfolders/releases/download/v drop_account=0.1.0=https://framagit.org/tcit/drop_user/uploads/889d959be561d1a6dcb87271523b00b3/drop_account.tar.gz quota_warning=1.5.0=https://github.com/nextcloud/quota_warning/releases/download/v1.5.0/quota_warning-1.5.0.tar.gz files_automatedtagging=1.6.0=https://github.com/nextcloud/files_automatedtagging/releases/download/v1.6.0/files_automatedtagging-1.6.0.tar.gz -data_request=1.3.0=https://github.com/nextcloud/data_request/releases/download/v1.3.0/data_request.tar.gz \ No newline at end of file +data_request=1.3.0=https://github.com/nextcloud/data_request/releases/download/v1.3.0/data_request.tar.gz + + +files_rightclick +impersonate +richdocuments +text +twofactor_totp \ No newline at end of file diff --git a/base/config/base.config.php b/base/config/base.config.php deleted file mode 100644 index 40d5e73..0000000 --- a/base/config/base.config.php +++ /dev/null @@ -1,19 +0,0 @@ - getenv('PASSWORD_SALT'), - 'secret' => getenv('SECRET'), - 'trusted_domains' => - array ( - 0 => getenv('NEXTCLOUD_TRUSTED_DOMAINS') ?: 'localhost', - ), - 'overwrite.cli.url' => getenv('OVERWRITE_CLI_URL') ?: 'http://localhost', - 'overwriteprotocol' => getenv('OVERWRITE_PROTOCOL') ?: '', - 'version' => getenv('VERSION'), - 'debug' => getenv('DEBUG'), - 'instanceid' => getenv('INSTANCE_ID'), - 'config_is_read_only' => getenv('CONFIG_READONLY') ?: false, - 'updatechecker' => getenv('UPDATE_CHECKER') ?: false, - 'updater.server.url' => getenv('UPDATE_URL') ?: 'https://updates.nextcloud.com/updater_server/', - 'updater.release.channel' => getenv('UPDATE_CHANNEL') ?: 'stable', - 'upgrade.disable-web' => getenv('UPDATE_DISABLE_WEB') ?: 'false', -); diff --git a/base/config/database.config.php b/base/config/database.config.php deleted file mode 100644 index 2a45261..0000000 --- a/base/config/database.config.php +++ /dev/null @@ -1,11 +0,0 @@ - getenv('DB_TYPE'), - 'dbname' => getenv('DB_NAME'), - 'dbhost' => getenv('DB_HOST'), - 'dbport' => getenv('DB_PORT'), - 'dbtableprefix' => getenv('DB_TABLE_PREFIX'), - 'mysql.utf8mb4' => getenv('MYSQL_UTF8MB4'), - 'dbuser' => getenv('DB_USER'), - 'dbpassword' => getenv('DB_PASSWORD'), -); diff --git a/base/config/installed.config.php b/base/config/installed.config.php deleted file mode 100644 index 8ad569c..0000000 --- a/base/config/installed.config.php +++ /dev/null @@ -1,6 +0,0 @@ - getenv('INSTALLED'), - ); -} \ No newline at end of file diff --git a/base/config/language.config.php b/base/config/language.config.php deleted file mode 100644 index 2608cc7..0000000 --- a/base/config/language.config.php +++ /dev/null @@ -1,7 +0,0 @@ - getenv('DEFAULT_LANGUAGE') ?: 'en', - 'force_language' => getenv('DEFAULT_LANGUAGE') ?: false, - 'default_locale' => getenv('DEFAULT_LOCALE') ?: 'en_US', - 'force_locale' => getenv('DEFAULT_LANGUAGE') ?: false, -); \ No newline at end of file diff --git a/base/config/mail.config.php b/base/config/mail.config.php deleted file mode 100644 index 59f1eaa..0000000 --- a/base/config/mail.config.php +++ /dev/null @@ -1,15 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); -} diff --git a/base/config/redis.config.php b/base/config/redis.config.php deleted file mode 100644 index 263b8ec..0000000 --- a/base/config/redis.config.php +++ /dev/null @@ -1,11 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'port' => getenv('REDIS_HOST_PORT') ?: 6379, - ), - ); -} \ No newline at end of file diff --git a/base/config/s3.config.php b/base/config/s3.config.php deleted file mode 100644 index 000b0dd..0000000 --- a/base/config/s3.config.php +++ /dev/null @@ -1,21 +0,0 @@ - array( - 'class' => '\\OC\\Files\\ObjectStore\\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'autocreate' => getenv('OBJECTSTORE_S3_AUTOCREATE') ?: true, - 'key' => getenv('OBJECTSTORE_S3_KEY'), - 'secret' => getenv('OBJECTSTORE_S3_SECRET'), - 'hostname' => getenv('OBJECTSTORE_S3_HOST'), - 'port' => getenv('OBJECTSTORE_S3_PORT'), - 'use_ssl' => getenv('OBJECTSTORE_S3_SSL') ?: true, - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: "optional", - // required for some non Amazon S3 implementations - 'use_path_style' => getenv('OBJECTSTORE_S3_USEPATH_STYLE') ?: true, - ), - ), - ); -} - diff --git a/base/config/smtp.config.php b/base/config/smtp.config.php deleted file mode 100644 index 12aded5..0000000 --- a/base/config/smtp.config.php +++ /dev/null @@ -1,19 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - 'mail_smtpdebug' => getenv('SMTP_DEBUG') ?: false, - 'mail_template_class' => getenv('SMTP_TEMPLATE_CLASS') ?: '\OC\Mail\EMailTemplate', - 'mail_send_plaintext_only' => getenv('SMTP_TEMPLATE_CLASS') ?: false, - 'mail_sendmailmode' => getenv('SMTP_SENDMAIL_MODE') ?: 'smtp', - ); -} \ No newline at end of file diff --git a/base/redis.ini b/base/redis.ini new file mode 100644 index 0000000..bf8fac1 --- /dev/null +++ b/base/redis.ini @@ -0,0 +1,2 @@ +session.save_handler = redis +session.save_path = "tcp://${REDIS_HOST}:${REDIS_PORT}" \ No newline at end of file diff --git a/base/scripts/install_apps.sh b/base/scripts/install_apps.sh index 505f06d..714eb57 100755 --- a/base/scripts/install_apps.sh +++ b/base/scripts/install_apps.sh @@ -2,14 +2,13 @@ set -eu for i in $(cat /usr/src/nextcloud/config/apps_enable) - do - app=$(echo $i | cut -d '=' -f1) - version=$(echo $i | cut -d '=' -f2) - url=$(echo $i | cut -d '=' -f3) - echo "downloading app $app" - curl -Ls $url -o $app.tar.gz - tar xzf $app.tar.gz - mv $app /usr/src/nextcloud/custom_apps - rm $app.tar.gz - done - \ No newline at end of file +do + app=$(echo $i | cut -d '=' -f1) + version=$(echo $i | cut -d '=' -f2) + url=$(echo $i | cut -d '=' -f3) + echo "downloading app $app" + curl -Ls $url -o $app.tar.gz + tar xzf $app.tar.gz + mv $app /usr/src/nextcloud/custom_apps + rm $app.tar.gz +done \ No newline at end of file diff --git a/base/scripts/remove_apps.sh b/base/scripts/remove_apps.sh index d4be499..1b259a8 100755 --- a/base/scripts/remove_apps.sh +++ b/base/scripts/remove_apps.sh @@ -2,8 +2,7 @@ set -eu for app in $(cat /usr/src/nextcloud/config/apps_remove) - do - echo "removing app $app" - rm -R /usr/src/nextcloud/apps/$app - done - \ No newline at end of file +do + echo "removing app $app" + rm -R /usr/src/nextcloud/apps/$app +done diff --git a/docker-copyedit.py b/docker-copyedit.py deleted file mode 100755 index 4d68927..0000000 --- a/docker-copyedit.py +++ /dev/null @@ -1,744 +0,0 @@ -#! /usr/bin/python -from __future__ import print_function - -__copyright__ = "(C) 2017-2019 Guido U. Draheim, licensed under the EUPL" -__version__ = "1.3.2045" - -import subprocess -import collections -import sys -import os -import re -import json -import copy -import shutil -import hashlib -import datetime -import logging -from fnmatch import fnmatchcase as fnmatch - -logg = logging.getLogger("edit") - -TMPDIR = "load.tmp" -KEEPDIR = 0 -OK=True -NULL="NULL" - -StringConfigs = {"user": "User", "domainname": "Domainname", "workingdir": "WorkingDir", "workdir": "WorkingDir", "hostname": "Hostname" } -StringMeta = {"author": "author", "os": "os", "architecture": "architecture", "arch": "architecture" } -StringCmd = {"cmd": "Cmd", "entrypoint": "Entrypoint"} - -def sh(cmd = None, shell=True, check = True, ok = None, default = ""): - if ok is None: ok = OK # a parameter "ok = OK" does not work in python - Result = collections.namedtuple("ShellResult", ["returncode", "stdout", "stderr"]) - if not ok: - logg.info("skip %s", cmd) - return Result(0, default, "") - run = subprocess.Popen(cmd, shell=shell, stdout = subprocess.PIPE, stderr=subprocess.PIPE) - run.wait() - result = Result(run.returncode, run.stdout.read(), run.stderr.read()) - if check and result.returncode: - logg.error("CMD %s", cmd) - logg.error("EXIT %s", result.returncode) - logg.error("STDOUT %s", result.stdout) - logg.error("STDERR %s", result.stderr) - raise Exception("shell command failed") - return result - -def portprot(arg): - port, prot = arg, "" - if "/" in arg: - port, prot = arg.rsplit("/", 1) - if port and port[0] in "0123456789": - pass - else: - import socket - if prot: - port = socket.getservbyname(port, prot) - else: - port = socket.getservbyname(port) - if not prot: - prot = "tcp" - return port, prot - -class ImageName: - def __init__(self, image): - self.registry = None - self.image = image - self.version = None - self.parse(image) - def parse(self, image): - parsing = image - parts = image.split("/") - if ":" in parts[-1] or "@" in parts[-1]: - colon = parts[-1].find(":") - atref = parts[-1].find("@") - if colon >= 0 and atref >= 0: - first = min(colon, atref) - else: - first = max(colon, atref) - version = parts[-1][first:] - parts[-1] = parts[-1][:first] - self.version = version - self.image = "/".join(parts) - if len(parts) > 1 and ":" in parts[0]: - registry = parts[0] - parts = parts[1:] - self.registry = registry - self.image = "/".join(parts) - logg.debug("image parsing = %s", parsing) - logg.debug(".registry = %s", self.registry) - logg.debug(".image = %s", self.image) - logg.debug(".version = %s", self.version) - def __str__(self): - image = self.image - if self.registry: - image = "/".join([self.registry, image]) - if self.version: - image += self.version - return image - def tag(self): - image = self.image - if self.registry: - image = "/".join([self.registry, image]) - if self.version: - image += self.version - else: - image += ":latest" - return image - def valid(self): - return not list(self.problems()) - def problems(self): - # https://docs.docker.com/engine/reference/commandline/tag/ - # https://github.com/docker/distribution/blob/master/reference/regexp.go - if self.registry and self.registry.startswith("["): - if len(self.registry) > 253: - yield "registry name: full name may not be longer than 253 characters" - yield "registry name= " + self.registry - x = self.registry.find("]") - if not x: - yield "registry name: invalid ipv6 number (missing bracket)" - yield "registry name= " + self.registry - port = self.registry[x+1:] - if port: - m = re.match("^:[A-Za-z0-9]+$", port) - if not m: - yield 'registry name: invalid ipv6 port (only alnum)' - yield "registry name= " + port - base = self.registry[:x] - if not base: - yield "registry name: invalid ipv6 number (empty)" - else: - m = re.match("^[0-9abcdefABCDEF:]*$", base) - if not m: - yield "registry name: invalid ipv6 number (only hexnum+colon)" - yield "registry name= " + base - elif self.registry: - if len(self.registry) > 253: - yield "registry name: full name may not be longer than 253 characters" - yield "registry name= " + self.registry - registry = self.registry - if registry.count(":") > 1: - yield "a colon may only be used to seperate the port number" - yield "registry name= " + registry - elif registry.count(":") == 1: - registry, port = registry.split(":", 1) - m = re.match("^[A-Za-z0-9]+$", port) - if not m: - yield 'registry name: invalid ipv4 port (only alnum)' - yield "registry name= " + registry - parts = registry.split(".") - if "" in parts: - yield "no double dots '..' allowed in registry names" - yield "registry name= " + registry - for part in parts: - if len(part) > 63: - yield "registry name: dot-seperated parts may only have 63 characters" - yield "registry name= " + part - m = re.match("^[A-Za-z0-9-]*$", part) - if not m: - yield "registry name: dns names may only have alnum+dots+dash" - yield "registry name= " + part - if part.startswith("-"): - yield "registry name: dns name parts may not start with a dash" - yield "registry name= " + part - if part.endswith("-") and len(part) > 1: - yield "registry name: dns name parts may not end with a dash" - yield "registry name= " + part - if self.image: - if len(self.image) > 253: - yield "image name: should not be longer than 253 characters (min path_max)" - yield "image name= " + self.image - if len(self.image) > 1024: - yield "image name: can not be longer than 1024 characters (limit path_max)" - yield "image name= " + self.image - parts = self.image.split("/") - for part in parts: - if not part: - yield "image name: double slashes are not a good idea" - yield "image name= " + part - continue - if len(part) > 253: - yield "image name: slash-seperated parts should only have 253 characters" - yield "image name= " + part - seperators = "._-" - m = re.match("^[a-z0-9._-]*$", part) - if not m: - yield "image name: only lowercase+digits+dots+dash+underscore" - yield "image name= " + part - if part[0] in seperators: - yield "image name: components may not start with a seperator (%s)" % part[0] - yield "image name= " + part - if part[-1] in seperators and len(part) > 1: - yield "image name: components may not end with a seperator (%s)" % part[-1] - yield "image name= " + part - elems = part.split(".") - if "" in elems: - yield "image name: only single dots are allowed, not even double" - yield "image name= " + part - elems = part.split("_") - if len(elems) > 2: - for x in xrange(len(elems)-1): - if not elems[x] and not elems[x+1]: - yield "image name: only single or double underscores are allowed" - yield "image name= " + part - if self.version: - if len(self.version) > 128: - yield "image version: may not be longer than 127 characters" - yield "image version= " + self.version - if self.version[0] not in ":@": - yield "image version: must either be :version or @digest" - yield "image version= " + self.version - if len(self.version) > 1 and self.version[1] in "-.": - yield "image version: may not start with dots or dash" - yield "image version= " + self.version - version = self.version[1:] - if not version: - yield "image version: no name provided after '%s'" % self.version[0] - yield "image version= " + self.version - m = re.match("^[A-Za-z0-9_.-]*$", version) - if not m: - yield 'image version: only alnum+undescore+dots+dash are allowed' - yield "image version= " + self.version - -def edit_image(inp, out, edits): - if not inp: - logg.error("no FROM value provided") - return False - if not out: - logg.error("no INTO value provided") - return False - inp_name = ImageName(inp) - out_name = ImageName(out) - for problem in inp_name.problems(): - logg.warning("FROM value: %s", problem) - for problem in out_name.problems(): - logg.warning("INTO value: %s", problem) - inp_tag = inp - out_tag = out_name.tag() - # - tmpdir = TMPDIR - if not os.path.isdir(tmpdir): - logg.debug("mkdir %s", tmpdir) - if OK: os.makedirs(tmpdir) - datadir = os.path.join(tmpdir, "data") - if not os.path.isdir(datadir): - logg.debug("mkdir %s", datadir) - if OK: os.makedirs(datadir) - inputfile = os.path.join(tmpdir, "saved.tar") - outputfile = os.path.join(tmpdir, "ready.tar") - # - cmd = "docker save {inp} -o {inputfile}" - sh(cmd.format(**locals())) - cmd = "tar xf {inputfile} -C {datadir}" - sh(cmd.format(**locals())) - run = sh("ls -l {tmpdir}".format(**locals())) - logg.debug(run.stdout) - # - if OK: - changed = edit_datadir(datadir, out_tag, edits) - if changed: - outfile = os.path.realpath(outputfile) - cmd = "cd {datadir} && tar cf {outfile} ." - sh(cmd.format(**locals())) - cmd = "docker load -i {outputfile}" - sh(cmd.format(**locals())) - else: - logg.warning("unchanged image from %s", inp_tag) - if inp != out: - cmd = "docker tag {inp_tag} {out_tag}" - sh(cmd.format(**locals())) - logg.warning(" tagged old image as %s", out_tag) - # - if KEEPDIR >= 1: - logg.warning("keeping %s", datadir) - else: - if os.path.exists(datadir): - shutil.rmtree(datadir) - if KEEPDIR >= 2: - logg.warning("keeping %s", inputfile) - else: - if os.path.exists(inputfile): - os.remove(inputfile) - if KEEPDIR >= 3: - logg.warning("keeping %s", outputfile) - else: - if os.path.exists(outputfile): - os.remove(outputfile) - -def edit_datadir(datadir, out, edits): - manifest_file = "manifest.json" - manifest_filename = os.path.join(datadir, manifest_file) - with open(manifest_filename) as fp: - manifest = json.load(fp) - replaced = {} - for item in xrange(len(manifest)): - config_file = manifest[item]["Config"] - config_filename = os.path.join(datadir, config_file) - replaced[config_filename] = None - # - for item in xrange(len(manifest)): - config_file = manifest[item]["Config"] - config_filename = os.path.join(datadir, config_file) - with open(config_filename) as fp: - config = json.load(fp) - old_config_text = json.dumps(config) # to compare later - # - for CONFIG in ['config','Config','container_config']: - if CONFIG not in config: - logg.debug("no section '%s' in config", CONFIG) - continue - logg.debug("with %s: %s", CONFIG, config[CONFIG]) - for action, target, arg in edits: - if action in ["remove", "rm"] and target in ["volume", "volumes"]: - key = 'Volumes' - if target in ["volumes"] and arg in ["*", "%"]: - args = [] - try: - if config[CONFIG][key] is not None: - del config[CONFIG][key] - logg.warning("done actual config %s %s '%s'", action, target, arg) - except KeyError, e: - logg.warning("there was no '%s' in %s", key, config_filename) - elif target in ["volumes"]: - pattern = arg.replace("%", "*") - args = [] - if key in config[CONFIG]: - for entry in config[CONFIG][key]: - if fnmatch(entry, pattern): - args += [ entry ] - logg.debug("volume pattern %s -> %s", pattern, args) - if not args: - logg.warning("%s pattern '%s' did not match anything", target, pattern) - elif arg.startswith("/"): - args = [ arg ] - else: - logg.error("can not do edit %s %s %s", action, target, arg) - continue - # - for arg in args: - entry = os.path.normpath(arg) - try: - del config[CONFIG]['Volumes'][entry] - except KeyError, e: - logg.warning("there was no '%s' in '%s' of %s", entry, key, config_filename) - if action in ["remove", "rm"] and target in ["port", "ports"]: - key = 'ExposedPorts' - if target in ["ports"] and arg in ["*", "%"]: - args = [] - try: - del config[CONFIG][key] - logg.warning("done actual config %s %s %s", action, target, arg) - except KeyError, e: - logg.warning("there were no '%s' in %s", key, config_filename) - elif target in ["ports"]: - pattern = arg.replace("%", "*") - args = [] - if key in config[CONFIG]: - for entry in config[CONFIG][key]: - if fnmatch(entry, pattern): - args += [ entry ] - logg.debug("ports pattern %s -> %s", pattern, args) - if not args: - logg.warning("%s pattern '%s' did not match anything", target, pattern) - else: - args = [ arg ] - # - for arg in args: - port, prot = portprot(arg) - if not port: - logg.error("can not do edit %s %s %s", action, target, arg) - return False - entry = u"%s/%s" % (port, prot) - try: - del config[CONFIG][key][entry] - logg.info("done rm-port '%s' from '%s'", entry, key) - except KeyError, e: - logg.warning("there was no '%s' in '%s' of %s", entry, key, config_filename) - if action in ["append", "add"] and target in ["volume"]: - key = 'Volumes' - entry = os.path.normpath(arg) - if key not in config[CONFIG]: - config[CONFIG][key] = {} - if arg not in config[CONFIG][key]: - config[CONFIG][key][entry] = {} - logg.info("added %s to %s", entry, key) - if action in ["append", "add"] and target in ["port"]: - key = 'ExposedPorts' - port, prot = portprot(arg) - entry = "%s/%s" % (port, prot) - if key not in config[CONFIG]: - config[CONFIG][key] = {} - if arg not in config[CONFIG][key]: - config[CONFIG][key][entry] = {} - logg.info("added %s to %s", entry, key) - if action in ["set", "set-shell"] and target in ["entrypoint"]: - key = 'Entrypoint' - try: - if arg in ["", None ]: - running = None - elif action in ["set-shell"]: - running = [ "/bin/sh", "-c", arg ] - elif arg.startswith("["): - running = json.loads(arg) - else: - running = [ arg ] - config[CONFIG][key] = running - logg.warning("done edit %s %s", action, arg) - except KeyError, e: - logg.warning("there was no '%s' in %s", key, config_filename) - if action in ["set", "set-shell"] and target in ["cmd"]: - key = 'Cmd' - try: - if arg in ["", None ]: - running = None - elif action in ["set-shell"]: - running = [ "/bin/sh", "-c", arg ] - logg.info("%s %s", action, running) - elif arg.startswith("["): - running = json.loads(arg) - else: - running = [ arg ] - config[CONFIG][key] = running - logg.warning("done edit %s %s", action, arg) - except KeyError, e: - logg.warning("there was no '%s' in %s", key, config_filename) - if action in ["set"] and target in StringConfigs: - key = StringConfigs[target] - try: - if arg in ["", None ]: - value = u'' - else: - value = arg - if key in config[CONFIG]: - if config[CONFIG][key] == value: - logg.warning("unchanged config '%s' %s", key, value) - else: - config[CONFIG][key] = value - logg.warning("done edit config '%s' %s", key, value) - else: - config[CONFIG][key] = value - logg.warning("done new config '%s' %s", key, value) - except KeyError, e: - logg.warning("there was no config %s in %s", target, config_filename) - if action in ["set"] and target in StringMeta: - key = StringMeta[target] - try: - if arg in ["", None ]: - value = u'' - else: - value = arg - if key in config: - if config[key] == value: - logg.warning("unchanged meta '%s' %s", key, value) - else: - config[key] = value - logg.warning("done edit meta '%s' %s", key, value) - else: - logg.warning("skip missing meta '%s'", key) - logg.warning("config = %s", config) - except KeyError, e: - logg.warning("there was no meta %s in %s", target, config_filename) - if action in ["set-label"]: - key = "Labels" - try: - value = arg or u'' - if key not in config[CONFIG]: - config[key] = {} - if target in config[CONFIG][key]: - if config[CONFIG][key][target] == value: - logg.warning("unchanged label '%s' %s", target, value) - else: - config[CONFIG][key][target] = value - logg.warning("done edit label '%s' %s", target, value) - else: - config[CONFIG][key][target] = value - logg.warning("done new label '%s' %s", target, value) - except KeyError, e: - logg.warning("there was no config %s in %s", target, config_filename) - if action in ["remove-label", "rm-label"]: - key = "Labels" - try: - if key in config[CONFIG]: - del config[CONFIG][key][target] - logg.warning("done actual %s %s ", action, target) - except KeyError, e: - logg.warning("there was no label %s in %s", target, config_filename) - if action in ["remove-labels", "rm-labels"]: - key = "Labels" - try: - pattern = target.replace("%", "*") - args = [] - if key in config[CONFIG]: - for entry in config[CONFIG][key]: - if fnmatch(entry, pattern): - args += [ entry ] - for arg in args: - del config[CONFIG][key][arg] - logg.warning("done actual %s %s (%s)", action, target, arg) - except KeyError, e: - logg.warning("there was no label %s in %s", target, config_filename) - if action in ["remove-envs", "rm-envs"]: - key = "Env" - try: - pattern = target.strip() + "=*" - pattern = pattern.replace("%", "*") - found = [] - if key in config[CONFIG]: - for n, entry in enumerate(config[CONFIG][key]): - if fnmatch(entry, pattern): - found += [ n ] - for n in reversed(found): - del config[CONFIG][key][n] - logg.warning("done actual %s %s (%s)", action, target, n) - except KeyError, e: - logg.warning("there was no label %s in %s", target, config_filename) - if action in ["remove-env", "rm-env"]: - key = "Env" - try: - pattern = target.strip() + "=" - found = [] - if key in config[CONFIG]: - for n, entry in enumerate(config[CONFIG][key]): - if entry.startswith(pattern): - found += [ n ] - for n in reversed(found): - del config[CONFIG][key][n] - logg.warning("done actual %s %s (%s)", action, target, n) - except KeyError, e: - logg.warning("there was no label %s in %s", target, config_filename) - if action in ["set-env"]: - key = "Env" - try: - pattern = target.strip() + "=" - value = pattern + (arg or u'') - if key not in config[CONFIG]: - config[key] = {} - found = None - for n, entry in enumerate(config[CONFIG][key]): - if entry.startswith(pattern): - found = n - if found is not None: - if config[CONFIG][key][found] == value: - logg.warning("unchanged var '%s' %s", target, value) - else: - config[CONFIG][key][found] = value - logg.warning("done edit var '%s' %s", target, value) - else: - config[CONFIG][key] += [ pattern + value ] - logg.warning("done new var '%s' %s", target, value) - except KeyError, e: - logg.warning("there was no config %s in %s", target, config_filename) - logg.debug("done %s: %s", CONFIG, config[CONFIG]) - new_config_text = json.dumps(config) - if new_config_text != old_config_text: - for CONFIG in ['history']: - if CONFIG in config: - myself = os.path.basename(sys.argv[0]) - config[CONFIG] += [ {"empty_layer": True, - "created_by": "%s #(%s)" % (myself, __version__), - "created": datetime.datetime.utcnow().isoformat() + "Z"} ] - new_config_text = json.dumps(config) - new_config_md = hashlib.sha256() - new_config_md.update(new_config_text) - for collision in xrange(1, 100): - new_config_hash = new_config_md.hexdigest() - new_config_file = "%s.json" % new_config_hash - new_config_filename = os.path.join(datadir, new_config_file) - if new_config_filename in replaced.keys() or new_config_filename in replaced.values(): - logg.info("collision %s %s", collision, new_config_filename) - new_config_md.update(" ") - continue - break - with open(new_config_filename, "wb") as fp: - fp.write(new_config_text) - logg.info("written new %s", new_config_filename) - logg.info("removed old %s", config_filename) - # - manifest[item]["Config"] = new_config_file - replaced[config_filename] = new_config_filename - else: - logg.info(" unchanged %s", config_filename) - # - if manifest[item]["RepoTags"]: - manifest[item]["RepoTags"] = [ out ] - manifest_text = json.dumps(manifest) - manifest_filename = os.path.join(datadir, manifest_file) - # report the result - with open(manifest_filename, "wb") as fp: - fp.write(manifest_text) - changed = 0 - for a, b in replaced.items(): - if b: - changed += 1 - logg.debug("replaced\n\t old %s\n\t new %s", a, b) - else: - logg.debug("unchanged\n\t old %s", a) - logg.debug("updated\n\t --> %s", manifest_filename) - logg.debug("changed %s layer metadata", changed) - return changed - -def parsing(args): - inp = None - out = None - action = None - target = None - commands = [] - known_set_targets = StringCmd.keys() + StringConfigs.keys() + StringMeta.keys() - for n in xrange(len(args)): - arg = args[n] - if target is not None: - if target.lower() in [ "all" ]: - # remove all ports => remove ports * - commands.append((action, arg.lower(), "*")) - elif action in ["set", "set-shell"] and target.lower() in [ "null", "no" ]: - # set null cmd => set cmd - if arg.lower() not in known_set_targets: - logg.error("bad edit command: %s %s %s", action, target, arg) - commands.append((action, arg.lower(), None)) - elif action in ["set", "set-shell"] and target.lower() in known_set_targets: - # set cmd null => set cmd - if arg.lower() in [ NULL.lower(), NULL.upper() ]: - logg.info("do not use '%s %s %s' - use 'set null %s'", action, target, arg, target.lower()) - commands.append((action, target.lower(), None)) - elif arg.lower() in [ '' ]: - logg.error("do not use '%s %s %s' - use 'set null %s'", action, target, '""', target.lower()) - logg.warning("we assume here but that will change in the future") - commands.append((action, target.lower(), None)) - else: - commands.append((action, target.lower(), arg)) - else: - commands.append((action, target, arg)) - action, target = None, None - continue - if action is None: - if arg in ["and", "+", ",", "/"]: - continue - action = arg.lower() - continue - rm_labels = ["rm-label", "remove-label", "rm-labels", "remove-labels"] - rm_vars = ["rm-var", "remove-var", "rm-vars", "remove-vars"] - rm_envs = ["rm-env", "remove-env", "rm-envs", "remove-envs"] - if action in (rm_labels + rm_vars + rm_envs): - target = arg - commands.append((action, target, None)) - action, target = None, None - continue - # - if action in ["set"] and arg.lower() in ["shell", "label", "labels", "var", "vars", "env", "envs"]: - action = "%s-%s" % (action, arg.lower()) - continue - if action in ["rm", "remove"] and arg.lower() in ["label", "labels", "var", "vars", "env", "envs"]: - action = "%s-%s" % (action, arg.lower()) - continue - if action in ["from"]: - inp = arg - action = None - continue - elif action in ["into"]: - out = arg - action = None - continue - elif action in ["remove", "rm"]: - if arg.lower() in ["volume", "port", "all", "volumes", "ports"]: - target = arg.lower() - continue - logg.error("unknown edit command starting with %s %s", action, arg) - return None, None, None - elif action in ["append", "add"]: - if arg.lower() in ["volume", "port"]: - target = arg.lower() - continue - logg.error("unknown edit command starting with %s %s", action, arg) - return None, None, None - elif action in ["set", "override"]: - if arg.lower() in known_set_targets: - target = arg.lower() - continue - if arg.lower() in [ "null", "no" ]: - target = arg.lower() - continue # handled in "all" / "no" case - logg.error("unknown edit command starting with %s %s", action, arg) - return None, None, None - elif action in ["set-shell"]: - if arg.lower() in StringCmd: - target = arg.lower() - continue - logg.error("unknown edit command starting with %s %s", action, arg) - return None, None, None - elif action in ["set-label", "set-var", "set-env"]: - target = arg - continue - else: - logg.error("unknown edit command starting with %s", action) - return None, None, None - if not inp: - logg.error("no input image given - use 'FROM image-name'") - return None, None, None - if not out: - logg.error("no output image given - use 'INTO image-name'") - return None, None, None - return inp, out, commands - -if __name__ == "__main__": - from optparse import OptionParser - cmdline = OptionParser("%prog input-image output-image [commands...]") - cmdline.add_option("-T", "--tmpdir", metavar="DIR", default=TMPDIR, - help="use this base temp dir %s [%default]" ) - cmdline.add_option("-k", "--keepdir", action="count", default=KEEPDIR, - help="keep the unpacked dirs [%default]") - cmdline.add_option("-v", "--verbose", action="count", default=0, - help="increase logging level [%default]") - cmdline.add_option("-z", "--dryrun", action="store_true", default=not OK, - help="only run logic, do not change anything [%default]") - cmdline.add_option("--with-null", metavar="name", default=NULL, - help="specify the special value for disable [%default]") - opt, args = cmdline.parse_args() - logging.basicConfig(level = max(0, logging.ERROR - 10 * opt.verbose)) - TMPDIR = opt.tmpdir - KEEPDIR = opt.keepdir - OK = not opt.dryrun - NULL = opt.with_null - if len(args) < 2: - logg.error("not enough arguments, use --help") - else: - inp, out, commands = parsing(args) - if not commands: - logg.warning("nothing to do for %s", out) - if inp and out and inp != out: - cmd = "docker tag {inp} {out}" - logg.info("%s", cmd) - sh("docker tag {inp} {out}".format(**locals()), check = False) - else: - if opt.dryrun: - oldlevel = logg.level - logg.level = logging.INFO - logg.info(" | from %s into %s", inp, out) - for action, target, arg in commands: - if arg is None: - arg = "" - else: - arg = "'%s'" % arg - logg.info(" | %s %s %s", action, target, arg) - logg.level = oldlevel - edit_image(inp, out, commands) diff --git a/fr/Dockerfile b/fr/Dockerfile new file mode 100644 index 0000000..3a0b586 --- /dev/null +++ b/fr/Dockerfile @@ -0,0 +1 @@ +COPY --chown=www-data:root _build/html/release/fr/ /var/www/html/core/doc/user/ diff --git a/imap/Dockerfile b/imap/Dockerfile deleted file mode 100644 index 4ec969b..0000000 --- a/imap/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -ARG VERSION=latest -FROM indiehosters/nextcloud:$VERSION -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - apt-utils \ - libc-client-dev \ - libkrb5-dev \ - libmagickwand-dev \ - && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \ - && docker-php-ext-install imap \ - && rm -rf /var/lib/apt/lists/* diff --git a/upstream b/upstream new file mode 160000 index 0000000..63b1d87 --- /dev/null +++ b/upstream @@ -0,0 +1 @@ +Subproject commit 63b1d87e50c5bc61b3acc1ed8a637c0365321539 diff --git a/web/Dockerfile b/web/Dockerfile index 467a655..01ac6e3 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -1,4 +1,5 @@ FROM indiehosters/nextcloud:16.0.5 as builder FROM nginx COPY --from=builder /var/www/html /var/www/html -CMD ["nginx", "-g", "daemon off;"] +COPY nginx.conf /etc/nginx/nginx.conf +CMD ["nginx", "-g", "daemon off;"] \ No newline at end of file diff --git a/web/docker-entrypoint.sh b/web/docker-entrypoint.sh deleted file mode 100755 index 8ed3130..0000000 --- a/web/docker-entrypoint.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env sh -set -eu - -envsubst '${SERVER_HOST} ${SERVER_PORT}' < /etc/nginx/nginx.tmpl > /etc/nginx/nginx.conf - -exec "$@" diff --git a/web/nginx.tmpl b/web/nginx.conf similarity index 98% rename from web/nginx.tmpl rename to web/nginx.conf index b75fd13..6ea3933 100644 --- a/web/nginx.tmpl +++ b/web/nginx.conf @@ -6,7 +6,7 @@ events { http { upstream backend { - server ${SERVER_HOST}:${SERVER_PORT}; + server nextcloud-app:9000; } include /etc/nginx/mime.types; default_type application/octet-stream; -- GitLab From 480fa3338125d780ec2e0fa24316129497080d2b Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 14:37:58 +0100 Subject: [PATCH 06/50] wip --- .gitlab-ci copy.yaml | 39 ------------------------------- .gitlab-ci.yaml => .gitlab-ci.yml | 0 2 files changed, 39 deletions(-) delete mode 100644 .gitlab-ci copy.yaml rename .gitlab-ci.yaml => .gitlab-ci.yml (100%) diff --git a/.gitlab-ci copy.yaml b/.gitlab-ci copy.yaml deleted file mode 100644 index ba5ca36..0000000 --- a/.gitlab-ci copy.yaml +++ /dev/null @@ -1,39 +0,0 @@ -variables: - GIT_SUBMODULE_STRATEGY: recursive - -stages: - - build - - deploy - -test: - stage: build - image: - name: gcr.io/kaniko-project/executor:debug - entrypoint: [""] - script: - - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --no-push - except: - - master - -build: - stage: build - image: - name: gcr.io/kaniko-project/executor:debug - entrypoint: [""] - script: - - cp $DOCKER_SECRET_CONFIG /kaniko/.docker/config.json - - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination indiepaas/website:$CI_COMMIT_SHORT_SHA - only: - - master - -deploy: - stage: deploy - tags: - - deploy - image: - name: lachlanevenson/k8s-kubectl - entrypoint: [""] - script: - - cat $CI_PROJECT_DIR/k8s.yml | sed "s/latest/$CI_COMMIT_SHORT_SHA/" | kubectl apply -f - - only: - - master diff --git a/.gitlab-ci.yaml b/.gitlab-ci.yml similarity index 100% rename from .gitlab-ci.yaml rename to .gitlab-ci.yml -- GitLab From b50e8425e28740bd3ea974f160504bfc5ff94a6b Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 14:38:32 +0100 Subject: [PATCH 07/50] w --- .gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5cbfa57..05ed801 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -10,7 +10,8 @@ stages: build: stage: upstream - tags: build + tags: + - build image: name: gcr.io/kaniko-project/executor:debug entrypoint: [""] -- GitLab From bfbc55f223c3e12a10ecdba218bf2c31fd7cf82f Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 14:42:28 +0100 Subject: [PATCH 08/50] w --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 05ed801..3f75763 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -18,8 +18,8 @@ build: script: script: - > - cp $DOCKER_SECRET_CONFIG /kaniko/.docker/config.json - for version in "${versions[@]}"; do + cp $DOCKER_SECRET_CONFIG /kaniko/.docker/config.json; + for version in "${versions[@]}";do /kaniko/executor --context $CI_PROJECT_DIR/upstream/$version --dockerfile $CI_PROJECT_DIR/upstream/$version/Dockerfile --destination libresh/nextcloud:${version}-upstream-`date "+%Y-%m-%d"` done # only: -- GitLab From bc3955f938f28d7018bf06781a660178532c3442 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 14:44:18 +0100 Subject: [PATCH 09/50] w --- .gitlab-ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3f75763..57b1b12 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -16,9 +16,8 @@ build: name: gcr.io/kaniko-project/executor:debug entrypoint: [""] script: - script: + - cp $DOCKER_SECRET_CONFIG /kaniko/.docker/config.json - > - cp $DOCKER_SECRET_CONFIG /kaniko/.docker/config.json; for version in "${versions[@]}";do /kaniko/executor --context $CI_PROJECT_DIR/upstream/$version --dockerfile $CI_PROJECT_DIR/upstream/$version/Dockerfile --destination libresh/nextcloud:${version}-upstream-`date "+%Y-%m-%d"` done -- GitLab From 7765395d8e332e15d152d49bfe978f94b13a2550 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 14:45:34 +0100 Subject: [PATCH 10/50] w --- .gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 57b1b12..d73dd0a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -16,6 +16,7 @@ build: name: gcr.io/kaniko-project/executor:debug entrypoint: [""] script: + - ls - cp $DOCKER_SECRET_CONFIG /kaniko/.docker/config.json - > for version in "${versions[@]}";do -- GitLab From 320007dfca87f23aa470769af3d3f86286a15e86 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 14:48:40 +0100 Subject: [PATCH 11/50] d --- .gitlab-ci.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d73dd0a..3eea786 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -16,11 +16,12 @@ build: name: gcr.io/kaniko-project/executor:debug entrypoint: [""] script: - - ls - cp $DOCKER_SECRET_CONFIG /kaniko/.docker/config.json + - echo $VERSIONS - > for version in "${versions[@]}";do - /kaniko/executor --context $CI_PROJECT_DIR/upstream/$version --dockerfile $CI_PROJECT_DIR/upstream/$version/Dockerfile --destination libresh/nextcloud:${version}-upstream-`date "+%Y-%m-%d"` + #/kaniko/executor --context $CI_PROJECT_DIR/upstream/$version --dockerfile $CI_PROJECT_DIR/upstream/$version/Dockerfile --destination libresh/nextcloud:${version}-upstream-`date "+%Y-%m-%d"` + echo $version done # only: # - master \ No newline at end of file -- GitLab From 4c3debbacc8cceeebb51f535788e577fa55fae53 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 14:50:10 +0100 Subject: [PATCH 12/50] w --- .gitlab-ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3eea786..12c3125 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -17,9 +17,8 @@ build: entrypoint: [""] script: - cp $DOCKER_SECRET_CONFIG /kaniko/.docker/config.json - - echo $VERSIONS - > - for version in "${versions[@]}";do + for version in "${VERSIONS[@]}";do #/kaniko/executor --context $CI_PROJECT_DIR/upstream/$version --dockerfile $CI_PROJECT_DIR/upstream/$version/Dockerfile --destination libresh/nextcloud:${version}-upstream-`date "+%Y-%m-%d"` echo $version done -- GitLab From dfea7d58b3bb1ed92a2f33a6a87e78efb23a4702 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 15:01:46 +0100 Subject: [PATCH 13/50] w --- .gitlab-ci.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 12c3125..fa90bf7 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,6 +1,5 @@ variables: GIT_SUBMODULE_STRATEGY: recursive - VERSIONS: ( 16 17 18 ) stages: - upstream @@ -15,12 +14,10 @@ build: image: name: gcr.io/kaniko-project/executor:debug entrypoint: [""] + variables: + VERSION: 16 script: - cp $DOCKER_SECRET_CONFIG /kaniko/.docker/config.json - - > - for version in "${VERSIONS[@]}";do - #/kaniko/executor --context $CI_PROJECT_DIR/upstream/$version --dockerfile $CI_PROJECT_DIR/upstream/$version/Dockerfile --destination libresh/nextcloud:${version}-upstream-`date "+%Y-%m-%d"` - echo $version - done + - /kaniko/executor --context $CI_PROJECT_DIR/upstream/${VERSION} --dockerfile $CI_PROJECT_DIR/upstream/${VERSION}/Dockerfile --destination libresh/nextcloud:${VERSION}-upstream-`date "+%Y-%m-%d"` # only: # - master \ No newline at end of file -- GitLab From 57ef3841b15f4131a1501d282a8e7a9d59829378 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 15:05:45 +0100 Subject: [PATCH 14/50] w --- .gitlab-ci.yml | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index fa90bf7..e58cb6e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,6 +7,22 @@ stages: - fr - web +test: + stage: upstream + tags: + - build + image: + name: gcr.io/kaniko-project/executor:debug + entrypoint: [""] + variables: + VERSION: 16 + script: + - cp $DOCKER_SECRET_CONFIG /kaniko/.docker/config.json + - export CONTEXT=$CI_PROJECT_DIR/upstream/${VERSION}/fpm-alpine + - /kaniko/executor --context ${CONTEXT} --no-push + except: + - master + build: stage: upstream tags: @@ -18,6 +34,7 @@ build: VERSION: 16 script: - cp $DOCKER_SECRET_CONFIG /kaniko/.docker/config.json - - /kaniko/executor --context $CI_PROJECT_DIR/upstream/${VERSION} --dockerfile $CI_PROJECT_DIR/upstream/${VERSION}/Dockerfile --destination libresh/nextcloud:${VERSION}-upstream-`date "+%Y-%m-%d"` -# only: -# - master \ No newline at end of file + - export CONTEXT=$CI_PROJECT_DIR/upstream/${VERSION}/fpm-alpine + - /kaniko/executor --context ${CONTEXT} --destination libresh/nextcloud:${VERSION}-upstream-`date "+%Y-%m-%d"` + only: + - master \ No newline at end of file -- GitLab From e1f4697fb243bafa5d5c733c950bfbfa67ddd9b7 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 15:07:57 +0100 Subject: [PATCH 15/50] w --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e58cb6e..83b1b23 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -17,8 +17,8 @@ test: variables: VERSION: 16 script: - - cp $DOCKER_SECRET_CONFIG /kaniko/.docker/config.json - export CONTEXT=$CI_PROJECT_DIR/upstream/${VERSION}/fpm-alpine + - cd ${CONTEXT} - /kaniko/executor --context ${CONTEXT} --no-push except: - master -- GitLab From 8230ca3f753defea91efd0e02e706c3432533d99 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 15:09:12 +0100 Subject: [PATCH 16/50] t --- .gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 83b1b23..72d1526 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -18,6 +18,7 @@ test: VERSION: 16 script: - export CONTEXT=$CI_PROJECT_DIR/upstream/${VERSION}/fpm-alpine + - ls $CI_PROJECT_DIR/upstream - cd ${CONTEXT} - /kaniko/executor --context ${CONTEXT} --no-push except: -- GitLab From 788453545656a06f608c81d9fdca0e18473cbffd Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 15:09:48 +0100 Subject: [PATCH 17/50] w --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 72d1526..c4695ac 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -15,7 +15,7 @@ test: name: gcr.io/kaniko-project/executor:debug entrypoint: [""] variables: - VERSION: 16 + VERSION: 16.0 script: - export CONTEXT=$CI_PROJECT_DIR/upstream/${VERSION}/fpm-alpine - ls $CI_PROJECT_DIR/upstream -- GitLab From 67b892a6ddc357be758f2d5577f8d8dbaddd5cd6 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 15:10:14 +0100 Subject: [PATCH 18/50] w --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c4695ac..bc3a0d8 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -32,7 +32,7 @@ build: name: gcr.io/kaniko-project/executor:debug entrypoint: [""] variables: - VERSION: 16 + VERSION: 16.0 script: - cp $DOCKER_SECRET_CONFIG /kaniko/.docker/config.json - export CONTEXT=$CI_PROJECT_DIR/upstream/${VERSION}/fpm-alpine -- GitLab From 39781bc2a376b1fc02080c1b768db15137c75b9a Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 15:10:45 +0100 Subject: [PATCH 19/50] w --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index bc3a0d8..5d3e437 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -15,7 +15,7 @@ test: name: gcr.io/kaniko-project/executor:debug entrypoint: [""] variables: - VERSION: 16.0 + VERSION: "16.0" script: - export CONTEXT=$CI_PROJECT_DIR/upstream/${VERSION}/fpm-alpine - ls $CI_PROJECT_DIR/upstream @@ -32,7 +32,7 @@ build: name: gcr.io/kaniko-project/executor:debug entrypoint: [""] variables: - VERSION: 16.0 + VERSION: "16.0" script: - cp $DOCKER_SECRET_CONFIG /kaniko/.docker/config.json - export CONTEXT=$CI_PROJECT_DIR/upstream/${VERSION}/fpm-alpine -- GitLab From 2d10e8f3dbad4a97898a4a19e2cc652350172e94 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 15:16:55 +0100 Subject: [PATCH 20/50] t --- .gitlab-ci.yml | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5d3e437..ab62bfd 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,7 +7,7 @@ stages: - fr - web -test: +.generic: stage: upstream tags: - build @@ -15,15 +15,29 @@ test: name: gcr.io/kaniko-project/executor:debug entrypoint: [""] variables: - VERSION: "16.0" + DESTINATION: "--no-push" script: - export CONTEXT=$CI_PROJECT_DIR/upstream/${VERSION}/fpm-alpine - - ls $CI_PROJECT_DIR/upstream - cd ${CONTEXT} - - /kaniko/executor --context ${CONTEXT} --no-push + - /kaniko/executor --context ${CONTEXT} ${DESTINATION} except: - master +16: + extends: .generic + variables: + VERSION: "16.0" + +17: + extends: .generic + variables: + VERSION: "17.0" + +18: + extends: .generic + variables: + VERSION: "18.0" + build: stage: upstream tags: -- GitLab From 4b756a332e4eb8be4c7428427bffe39640dd1832 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 15:18:01 +0100 Subject: [PATCH 21/50] e --- .gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ab62bfd..73b92e2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -23,17 +23,17 @@ stages: except: - master -16: +v16: extends: .generic variables: VERSION: "16.0" -17: +v17: extends: .generic variables: VERSION: "17.0" -18: +v18: extends: .generic variables: VERSION: "18.0" -- GitLab From aa98da5dbf366e6d7a3f0c99abc119fee4afa1b0 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 15:35:09 +0100 Subject: [PATCH 22/50] t --- .gitlab-ci.yml | 74 ++++++++++++++++++++++++++++++++------------------ 1 file changed, 47 insertions(+), 27 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 73b92e2..fcff063 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,55 +1,75 @@ variables: GIT_SUBMODULE_STRATEGY: recursive + DOCKER_HUB_REPO: libresh/nextcloud -stages: -- upstream -- base -- fr -- web - -.generic: - stage: upstream +.test: tags: - build image: name: gcr.io/kaniko-project/executor:debug entrypoint: [""] variables: - DESTINATION: "--no-push" + DESTINATION_UPSTREAM: "--no-push" + DESTINATION_BASE: "--no-push" + DESTINATION_FR: "--no-push" + DESTINATION_WEB: "--no-push" script: - - export CONTEXT=$CI_PROJECT_DIR/upstream/${VERSION}/fpm-alpine + - export CONTEXT=${CI_PROJECT_DIR}/upstream/${VERSION}/fpm-alpine + - cd ${CONTEXT} + - /kaniko/executor --context ${CONTEXT} ${DESTINATION_UPSTREAM} + - export CONTEXT=${CI_PROJECT_DIR}/base + - cd ${CONTEXT} + - /kaniko/executor --context ${CONTEXT} ${DESTINATION_BASE} + - export CONTEXT=${CI_PROJECT_DIR}/fr - cd ${CONTEXT} - - /kaniko/executor --context ${CONTEXT} ${DESTINATION} + - /kaniko/executor --context ${CONTEXT} ${DESTINATION_FR} + - export CONTEXT=${CI_PROJECT_DIR}/web + - cd ${CONTEXT} + - /kaniko/executor --context ${CONTEXT} ${DESTINATION_FR} except: - master -v16: + +test-v16: extends: .generic variables: VERSION: "16.0" -v17: +test-v17: extends: .generic variables: VERSION: "17.0" -v18: + +test-v18: extends: .generic variables: VERSION: "18.0" -build: - stage: upstream - tags: - - build - image: - name: gcr.io/kaniko-project/executor:debug - entrypoint: [""] +.push: + extends: .generic + before_script: + - export DESTINATION_PREFIX=${DOCKER_HUB_REPO}:${VERSION} + - export DATE=`date "+%Y-%m-%d"` + - export DESTINATION_UPSTREAM=${DESTINATION_PREFIX}-upstream-${DATE} + - export DESTINATION_BASE=${DESTINATION_PREFIX}-${DATE} + - export DESTINATION_FR=${DESTINATION_PREFIX}-fr-${DATE} + - export DESTINATION_WEB=${DESTINATION_PREFIX}-web-${DATE} + except: [] + only: + - master + +push-v16: + extends: .push variables: VERSION: "16.0" - script: - - cp $DOCKER_SECRET_CONFIG /kaniko/.docker/config.json - - export CONTEXT=$CI_PROJECT_DIR/upstream/${VERSION}/fpm-alpine - - /kaniko/executor --context ${CONTEXT} --destination libresh/nextcloud:${VERSION}-upstream-`date "+%Y-%m-%d"` - only: - - master \ No newline at end of file + +push-v17: + extends: .push + variables: + VERSION: "16.0" + +push-v18: + extends: .push + variables: + VERSION: "18.0" \ No newline at end of file -- GitLab From 42cadf9d9ddce37c4b47cd35560a30c223b47553 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 15:36:04 +0100 Subject: [PATCH 23/50] w --- .gitlab-ci.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index fcff063..06227a1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -31,23 +31,23 @@ variables: test-v16: - extends: .generic + extends: .test variables: VERSION: "16.0" test-v17: - extends: .generic + extends: .test variables: VERSION: "17.0" test-v18: - extends: .generic + extends: .test variables: VERSION: "18.0" .push: - extends: .generic + extends: .test before_script: - export DESTINATION_PREFIX=${DOCKER_HUB_REPO}:${VERSION} - export DATE=`date "+%Y-%m-%d"` -- GitLab From 59ac0c33ffd709a1f0321a7fdc1a6cb4459548f9 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 15:48:38 +0100 Subject: [PATCH 24/50] w --- .gitlab-ci.yml | 17 +++++++-------- base/Dockerfile | 32 +++++++++++++++------------- base/{config => scripts}/apps_enable | 0 base/{config => scripts}/apps_remove | 0 4 files changed, 25 insertions(+), 24 deletions(-) rename base/{config => scripts}/apps_enable (100%) rename base/{config => scripts}/apps_remove (100%) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 06227a1..a4a2622 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -19,7 +19,7 @@ variables: - /kaniko/executor --context ${CONTEXT} ${DESTINATION_UPSTREAM} - export CONTEXT=${CI_PROJECT_DIR}/base - cd ${CONTEXT} - - /kaniko/executor --context ${CONTEXT} ${DESTINATION_BASE} + - /kaniko/executor --context ${CONTEXT} ${DESTINATION_BASE} --build-arg VERSION=$VERSION - export CONTEXT=${CI_PROJECT_DIR}/fr - cd ${CONTEXT} - /kaniko/executor --context ${CONTEXT} ${DESTINATION_FR} @@ -29,7 +29,6 @@ variables: except: - master - test-v16: extends: .test variables: @@ -49,14 +48,14 @@ test-v18: .push: extends: .test before_script: - - export DESTINATION_PREFIX=${DOCKER_HUB_REPO}:${VERSION} + - export DESTINATION_PREFIX="--destination ${DOCKER_HUB_REPO}:${VERSION}" - export DATE=`date "+%Y-%m-%d"` - - export DESTINATION_UPSTREAM=${DESTINATION_PREFIX}-upstream-${DATE} - - export DESTINATION_BASE=${DESTINATION_PREFIX}-${DATE} - - export DESTINATION_FR=${DESTINATION_PREFIX}-fr-${DATE} - - export DESTINATION_WEB=${DESTINATION_PREFIX}-web-${DATE} - except: [] - only: + - export DESTINATION_UPSTREAM="${DESTINATION_PREFIX}-upstream ${DESTINATION_PREFIX}-upstream-${DATE}" + - export DESTINATION_BASE="${DESTINATION_PREFIX} ${DESTINATION_PREFIX}-${DATE}" + - export DESTINATION_FR="${DESTINATION_PREFIX}-fr ${DESTINATION_PREFIX}-fr-${DATE}" + - export DESTINATION_WEB="${DESTINATION_PREFIX}-web ${DESTINATION_PREFIX}-web-${DATE}" + #except: [] + except: - master push-v16: diff --git a/base/Dockerfile b/base/Dockerfile index 04253f1..3a7c16d 100644 --- a/base/Dockerfile +++ b/base/Dockerfile @@ -1,21 +1,23 @@ -FROM nextcloud-local:TAG -FROM indiehosters/nextcloud:16.0.5-2 +FROM libresh/nextcloud:$VERSION-upstream COPY redis.ini /usr/local/etc/php/conf.d/ -COPY --chown=www-data:root custom_apps /var/www/html/custom_apps COPY --chown=www-data:root config/* /var/www/html/config/ -CMD ["php-fpm"] +RUN set -ex; \ + \ + apk add --no-cache \ + imagemagick \ + ; +RUN set -ex; \ + \ + apk add --no-cache --virtual .build-deps \ + imap-dev \ + libressl-dev \ + bzip2-dev \ + ; \ + docker-php-ext-configure imap --with-imap-ssl; \ + docker-php-ext-install imap; \ + apk del .build-deps - -ARG VERSION=latest -FROM indiehosters/nextcloud:$VERSION -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - apt-utils \ - libc-client-dev \ - libmagickwand-dev \ - && docker-php-ext-configure imap --with-imap-ssl \ - && docker-php-ext-install imap \ - && rm -rf /var/lib/apt/lists/* +CMD ["php-fpm"] \ No newline at end of file diff --git a/base/config/apps_enable b/base/scripts/apps_enable similarity index 100% rename from base/config/apps_enable rename to base/scripts/apps_enable diff --git a/base/config/apps_remove b/base/scripts/apps_remove similarity index 100% rename from base/config/apps_remove rename to base/scripts/apps_remove -- GitLab From 937d0b615f7d25c700118849154a5b2ea4ebd31c Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 15:50:55 +0100 Subject: [PATCH 25/50] w --- .gitlab-ci.yml | 3 ++- web/Dockerfile | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a4a2622..4245cdf 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -14,6 +14,7 @@ variables: DESTINATION_FR: "--no-push" DESTINATION_WEB: "--no-push" script: + - echo ${DESTINATION_UPSTREAM} - export CONTEXT=${CI_PROJECT_DIR}/upstream/${VERSION}/fpm-alpine - cd ${CONTEXT} - /kaniko/executor --context ${CONTEXT} ${DESTINATION_UPSTREAM} @@ -22,7 +23,7 @@ variables: - /kaniko/executor --context ${CONTEXT} ${DESTINATION_BASE} --build-arg VERSION=$VERSION - export CONTEXT=${CI_PROJECT_DIR}/fr - cd ${CONTEXT} - - /kaniko/executor --context ${CONTEXT} ${DESTINATION_FR} + #- /kaniko/executor --context ${CONTEXT} ${DESTINATION_FR} - export CONTEXT=${CI_PROJECT_DIR}/web - cd ${CONTEXT} - /kaniko/executor --context ${CONTEXT} ${DESTINATION_FR} diff --git a/web/Dockerfile b/web/Dockerfile index 01ac6e3..0b3fc8d 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -1,4 +1,4 @@ -FROM indiehosters/nextcloud:16.0.5 as builder +FROM indiehosters/nextcloud:${VERSION} as builder FROM nginx COPY --from=builder /var/www/html /var/www/html COPY nginx.conf /etc/nginx/nginx.conf -- GitLab From 0a431a77326f5e1bca36358101ed6cc1874a2405 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 15:56:36 +0100 Subject: [PATCH 26/50] w --- .gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4245cdf..bb18b00 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -14,7 +14,7 @@ variables: DESTINATION_FR: "--no-push" DESTINATION_WEB: "--no-push" script: - - echo ${DESTINATION_UPSTREAM} + - cp $DOCKER_SECRET_CONFIG /kaniko/.docker/config.json - export CONTEXT=${CI_PROJECT_DIR}/upstream/${VERSION}/fpm-alpine - cd ${CONTEXT} - /kaniko/executor --context ${CONTEXT} ${DESTINATION_UPSTREAM} @@ -23,10 +23,10 @@ variables: - /kaniko/executor --context ${CONTEXT} ${DESTINATION_BASE} --build-arg VERSION=$VERSION - export CONTEXT=${CI_PROJECT_DIR}/fr - cd ${CONTEXT} - #- /kaniko/executor --context ${CONTEXT} ${DESTINATION_FR} + #- /kaniko/executor --context ${CONTEXT} ${DESTINATION_FR} --build-arg VERSION=$VERSION - export CONTEXT=${CI_PROJECT_DIR}/web - cd ${CONTEXT} - - /kaniko/executor --context ${CONTEXT} ${DESTINATION_FR} + - /kaniko/executor --context ${CONTEXT} ${DESTINATION_WEB} --build-arg VERSION=$VERSION except: - master -- GitLab From 68dab21d4a6b434a58d806742c606e906cc444d4 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 16:52:45 +0100 Subject: [PATCH 27/50] w --- .gitlab-ci.yml | 15 ++++++++++----- base/scripts/apps_enable | 26 ++++++++++++-------------- base/scripts/install_apps.sh | 18 ++++++++++++++++-- scripts/long_version.sh | 15 +++++++++++++++ web/Dockerfile | 2 +- 5 files changed, 54 insertions(+), 22 deletions(-) create mode 100755 scripts/long_version.sh diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index bb18b00..290da02 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -49,12 +49,17 @@ test-v18: .push: extends: .test before_script: - - export DESTINATION_PREFIX="--destination ${DOCKER_HUB_REPO}:${VERSION}" + - export LONG_VERSION=`./scripts/long_version.sh ${VERSION}` + - export DESTINATION_PREFIX="--destination ${DOCKER_HUB_REPO}" - export DATE=`date "+%Y-%m-%d"` - - export DESTINATION_UPSTREAM="${DESTINATION_PREFIX}-upstream ${DESTINATION_PREFIX}-upstream-${DATE}" - - export DESTINATION_BASE="${DESTINATION_PREFIX} ${DESTINATION_PREFIX}-${DATE}" - - export DESTINATION_FR="${DESTINATION_PREFIX}-fr ${DESTINATION_PREFIX}-fr-${DATE}" - - export DESTINATION_WEB="${DESTINATION_PREFIX}-web ${DESTINATION_PREFIX}-web-${DATE}" + - export DESTINATION_UPSTREAM="${DESTINATION_PREFIX}:${VERSION}-upstream ${DESTINATION_PREFIX}:${VERSION}-upstream-${DATE}" + - export DESTINATION_UPSTREAM="${DESTINATION_UPSTREAM} ${DESTINATION_PREFIX}:${LONG_VERSION}-upstream ${DESTINATION_PREFIX}:${LONG_VERSION}-upstream-${DATE}" + - export DESTINATION_BASE="${DESTINATION_PREFIX}:${VERSION} ${DESTINATION_PREFIX}:${VERSION}-${DATE}" + - export DESTINATION_BASE="${DESTINATION_BASE} ${DESTINATION_PREFIX}:${LONG_VERSION} ${DESTINATION_PREFIX}:${LONG_VERSION}-${DATE}" + - export DESTINATION_FR="${DESTINATION_PREFIX}:${VERSION}-fr ${DESTINATION_PREFIX}:${VERSION}-fr-${DATE}" + - export DESTINATION_FR="${DESTINATION_FR} ${DESTINATION_PREFIX}:${LONG_VERSION}-fr ${DESTINATION_PREFIX}:${LONG_VERSION}-fr-${DATE}" + - export DESTINATION_WEB="${DESTINATION_PREFIX}:${VERSION}-web ${DESTINATION_PREFIX}:${VERSION}-web-${DATE}" + - export DESTINATION_WEB="${DESTINATION_FR} ${DESTINATION_PREFIX}:${LONG_VERSION}-web ${DESTINATION_PREFIX}:${LONG_VERSION}-web-${DATE}" #except: [] except: - master diff --git a/base/scripts/apps_enable b/base/scripts/apps_enable index dad0300..2892b7f 100644 --- a/base/scripts/apps_enable +++ b/base/scripts/apps_enable @@ -1,17 +1,15 @@ -apporder=0.7.1=https://github.com/juliushaertl/apporder/releases/download/v0.7.1/apporder.tar.gz -registration=0.4.7=https://github.com/pellaeon/registration/releases/download/v0.4.7/registration.tar.gz -calendar=1.7.1=https://github.com/nextcloud/calendar/releases/download/v1.7.1/calendar.tar.gz -files_rightclick=0.15.1=https://github.com/nextcloud/files_rightclick/releases/download/v0.15.1/files_rightclick.tar.gz -announcementcenter=3.5.1=https://github.com/nextcloud/announcementcenter/releases/download/v3.5.1/announcementcenter-3.5.1.tar.gz -bookmarks=2.1.1=https://github.com/nextcloud/bookmarks/releases/download/v2.1.1/bookmarks-2.1.1.tar.gz -contacts=3.1.6=https://github.com/nextcloud/contacts/releases/download/v3.1.6/contacts.tar.gz -groupfolders=4.1.3=https://github.com/nextcloud/groupfolders/releases/download/v4.1.3/groupfolders-4.1.3.tar.gz -drop_account=0.1.0=https://framagit.org/tcit/drop_user/uploads/889d959be561d1a6dcb87271523b00b3/drop_account.tar.gz -quota_warning=1.5.0=https://github.com/nextcloud/quota_warning/releases/download/v1.5.0/quota_warning-1.5.0.tar.gz -files_automatedtagging=1.6.0=https://github.com/nextcloud/files_automatedtagging/releases/download/v1.6.0/files_automatedtagging-1.6.0.tar.gz -data_request=1.3.0=https://github.com/nextcloud/data_request/releases/download/v1.3.0/data_request.tar.gz - - +apporder +registration +calendar +files_rightclick +announcementcenter +bookmarks +contacts +groupfolders +drop_account +quota_warning +files_automatedtagging +data_request files_rightclick impersonate richdocuments diff --git a/base/scripts/install_apps.sh b/base/scripts/install_apps.sh index 714eb57..006c401 100755 --- a/base/scripts/install_apps.sh +++ b/base/scripts/install_apps.sh @@ -1,5 +1,19 @@ -#!/bin/sh -set -eu +#!/bin/bash -eux + + +curl https://apps.nextcloud.com/api/v1/platform/16.0.7/apps.json +cat base/scripts/apps_enable | xargs -I@ bash -c "$(declare -f download_link) ; download_link @ ; " +curl -Ls $url | tar xz + + +| jq '.[] | select(.id == "'$1'") | .releases[0].download' + + + +VERSION='16.0' + + + for i in $(cat /usr/src/nextcloud/config/apps_enable) do diff --git a/scripts/long_version.sh b/scripts/long_version.sh new file mode 100755 index 0000000..4d85934 --- /dev/null +++ b/scripts/long_version.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +fullversions=( $( curl -fsSL 'https://download.nextcloud.com/server/releases/' |tac|tac| \ + grep -oE 'nextcloud-[[:digit:]]+(\.[[:digit:]]+){2}' | \ + grep -oE '[[:digit:]]+(\.[[:digit:]]+){2}' | \ + sort -urV ) ) +versions=( $( printf '%s\n' "${fullversions[@]}" | cut -d. -f1-2 | sort -urV ) ) + +for version in "${versions[@]}"; do + fullversion="$( printf '%s\n' "${fullversions[@]}" | grep -E "^$version" | head -1 )" + + if [[ "$version" == "$1" ]]; then + echo $fullversion + fi +done \ No newline at end of file diff --git a/web/Dockerfile b/web/Dockerfile index 0b3fc8d..baa49ae 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -1,4 +1,4 @@ -FROM indiehosters/nextcloud:${VERSION} as builder +FROM libresh/nextcloud:${VERSION} as builder FROM nginx COPY --from=builder /var/www/html /var/www/html COPY nginx.conf /etc/nginx/nginx.conf -- GitLab From d10c884ede534741e7b3f55c519d4b959583aba1 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 18:04:25 +0100 Subject: [PATCH 28/50] w --- base/Dockerfile | 13 +++++ base/apps/install.sh | 16 ++++++ base/{scripts/apps_enable => apps/list} | 15 ++--- base/config/apps_remove | 4 ++ base/scripts/apps.sh | 32 ----------- base/scripts/apps_remove | 4 -- base/scripts/install.sh | 73 ------------------------- base/scripts/install_apps.sh | 28 ---------- base/scripts/remove_apps.sh | 8 --- base/scripts/start.sh | 7 --- base/scripts/upgrade.sh | 16 ------ 11 files changed, 41 insertions(+), 175 deletions(-) create mode 100755 base/apps/install.sh rename base/{scripts/apps_enable => apps/list} (92%) create mode 100644 base/config/apps_remove delete mode 100755 base/scripts/apps.sh delete mode 100644 base/scripts/apps_remove delete mode 100755 base/scripts/install.sh delete mode 100755 base/scripts/install_apps.sh delete mode 100755 base/scripts/remove_apps.sh delete mode 100755 base/scripts/start.sh delete mode 100755 base/scripts/upgrade.sh diff --git a/base/Dockerfile b/base/Dockerfile index 3a7c16d..0ff96d3 100644 --- a/base/Dockerfile +++ b/base/Dockerfile @@ -1,7 +1,15 @@ +FROM alpine as apps +RUN apk add --no-cache jq curl bash +COPY apps /apps +WORKDIR /apps +ARG VERSION +RUN ./install.sh + FROM libresh/nextcloud:$VERSION-upstream COPY redis.ini /usr/local/etc/php/conf.d/ COPY --chown=www-data:root config/* /var/www/html/config/ +COPY --from=apps --chown=www-data:root /apps/* /var/www/html/apps/ RUN set -ex; \ \ @@ -20,4 +28,9 @@ RUN set -ex; \ docker-php-ext-install imap; \ apk del .build-deps +RUN for app in $(cat /usr/src/nextcloud/config/apps_remove);do \ + echo "removing app $app"; \ + rm -R /var/www/html/apps/$app; \ +done + CMD ["php-fpm"] \ No newline at end of file diff --git a/base/apps/install.sh b/base/apps/install.sh new file mode 100755 index 0000000..fb03411 --- /dev/null +++ b/base/apps/install.sh @@ -0,0 +1,16 @@ +#!/bin/bash -eux +curl -Ls https://apps.nextcloud.com/api/v1/platform/${VERSION}/apps.json > /tmp/apps.json + +function download_link() { + cat /tmp/apps.json | jq '.[] | select(.id == "'$1'") | .releases[0].download' +} + +links=`cat ./list | xargs -I@ bash -c "$(declare -f download_link) ; download_link @ ; " | tr -d '"'` + +mkdir -p apps +cd apps + +for link in $links; do + echo "downloading $link..." + curl -Ls $link | tar xz +done diff --git a/base/scripts/apps_enable b/base/apps/list similarity index 92% rename from base/scripts/apps_enable rename to base/apps/list index 2892b7f..d49db24 100644 --- a/base/scripts/apps_enable +++ b/base/apps/list @@ -1,17 +1,18 @@ -apporder -registration -calendar -files_rightclick announcementcenter +apporder bookmarks +calendar contacts -groupfolders +data_request drop_account -quota_warning files_automatedtagging -data_request files_rightclick +groupfolders impersonate +music +notes +quota_warning +registration richdocuments text twofactor_totp \ No newline at end of file diff --git a/base/config/apps_remove b/base/config/apps_remove new file mode 100644 index 0000000..28390f1 --- /dev/null +++ b/base/config/apps_remove @@ -0,0 +1,4 @@ +encryption +serverinfo +support +updatenotification \ No newline at end of file diff --git a/base/scripts/apps.sh b/base/scripts/apps.sh deleted file mode 100755 index d058225..0000000 --- a/base/scripts/apps.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh -set -eu - -case $1 in - install) - for i in $(cat /usr/src/nextcloud/config/apps_enable) - do - app=$(echo $i | cut -d '=' -f1) - version=$(echo $i | cut -d '=' -f2) - url=$(echo $i | cut -d '=' -f3) - echo "downloading app $app" - curl -Ls $url -o $app.tar.gz - tar xzf $app.tar.gz - mv $app /usr/src/nextcloud/custom_apps - rm $app.tar.gz - done;; - enable) - for app in $(cat /usr/src/nextcloud/config/apps_remove) - do - echo "removing app $app" - rm -R /usr/src/nextcloud/apps/$app - done;; - remove) - for app in $(cat /usr/src/nextcloud/config/apps_remove) - do - echo "removing app $app" - rm -R /usr/src/nextcloud/apps/$app - done;; - *) - echo "unknown arg $1" - exit 1;; -esac \ No newline at end of file diff --git a/base/scripts/apps_remove b/base/scripts/apps_remove deleted file mode 100644 index d4a66a5..0000000 --- a/base/scripts/apps_remove +++ /dev/null @@ -1,4 +0,0 @@ -updatenotification -support -serverinfo -encryption \ No newline at end of file diff --git a/base/scripts/install.sh b/base/scripts/install.sh deleted file mode 100755 index 6054aa8..0000000 --- a/base/scripts/install.sh +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/sh -set -eu - -echo "New nextcloud instance" -if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then -# shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_TABLE_PREFIX+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --database-table-prefix "$NEXTCLOUD_TABLE_PREFIX"' - else - install_options=$install_options' --database-table-prefix ""' - fi - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - install=false - if [ ${DB_TYPE} = "sqlite" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$DB_NAME"' - install=true - elif [ ${DB_TYPE} = "pgsql" ] || [ ${DB_TYPE} = "mysql" ]; then - echo "Installing with ${DB_TYPE} database" - # shellcheck disable=SC2016 - install_options=$install_options' --database $DB_TYPE --database-name "$DB_NAME" --database-user "$DB_USER" --database-pass "$DB_PASSWORD" --database-host "$DB_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "starting nexcloud installation" - max_retries=10 - try=0 - - until sh -c "php /usr/src/nextcloud/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "retrying install..." - try=$((try+1)) - sleep 3s - done - - if [ "$try" -gt "$max_retries" ]; then - echo "installing of nextcloud failed!" - exit 1 - fi - -# if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then -# echo "setting trusted domains…" -# NC_TRUSTED_DOMAIN_IDX=1 -# for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do -# DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') -# sh -c "php /usr/src/nextcloud/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" -# NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) -# done -# fi - -# for app in $(cat /usr/src/nextcloud/config/apps_enable); do -# app=$(echo $app| cut -d '=' -f1) -# echo "enabling app $app" -# sh -c "php /usr/src/nextcloud/occ app:enable $app" -# done - -# for app in $(cat /usr/src/nextcloud/config/apps_disable); do -# echo "disabling app $app" -# sh -c "php /usr/src/nextcloud/occ app:disable $app" -# done - fi - -else - echo "running web-based installer on first connect!" -fi diff --git a/base/scripts/install_apps.sh b/base/scripts/install_apps.sh deleted file mode 100755 index 006c401..0000000 --- a/base/scripts/install_apps.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -eux - - -curl https://apps.nextcloud.com/api/v1/platform/16.0.7/apps.json -cat base/scripts/apps_enable | xargs -I@ bash -c "$(declare -f download_link) ; download_link @ ; " -curl -Ls $url | tar xz - - -| jq '.[] | select(.id == "'$1'") | .releases[0].download' - - - -VERSION='16.0' - - - - -for i in $(cat /usr/src/nextcloud/config/apps_enable) -do - app=$(echo $i | cut -d '=' -f1) - version=$(echo $i | cut -d '=' -f2) - url=$(echo $i | cut -d '=' -f3) - echo "downloading app $app" - curl -Ls $url -o $app.tar.gz - tar xzf $app.tar.gz - mv $app /usr/src/nextcloud/custom_apps - rm $app.tar.gz -done \ No newline at end of file diff --git a/base/scripts/remove_apps.sh b/base/scripts/remove_apps.sh deleted file mode 100755 index 1b259a8..0000000 --- a/base/scripts/remove_apps.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -eu - -for app in $(cat /usr/src/nextcloud/config/apps_remove) -do - echo "removing app $app" - rm -R /usr/src/nextcloud/apps/$app -done diff --git a/base/scripts/start.sh b/base/scripts/start.sh deleted file mode 100755 index b352432..0000000 --- a/base/scripts/start.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh -set -eu - -echo "Starting nextcloud instance" -touch /usr/src/nextcloud/.ocdata - -exec "$@" diff --git a/base/scripts/upgrade.sh b/base/scripts/upgrade.sh deleted file mode 100755 index 7626234..0000000 --- a/base/scripts/upgrade.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -set -eu -echo "Initializing nextcloud $image_version ..." -echo "Upgrading nextcloud from $installed_version ..." -sh -c 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before -sh -c 'php /var/www/html/occ upgrade' -sh -c 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after -echo "The following apps have been disabled:" -diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 -rm -f /tmp/list_before /tmp/list_after -for i in $(cat apps_enable) - do - app=${i%=*} - sh -c "php /usr/src/app/nextcloud/occ app:enable $app" - done -echo "Upgrade finished" -- GitLab From 6d035b37cbcb546fe6484f50eb53e8da22e2cdca Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 19:12:03 +0100 Subject: [PATCH 29/50] w --- .gitlab-ci.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 290da02..13a81cd 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -40,7 +40,6 @@ test-v17: variables: VERSION: "17.0" - test-v18: extends: .test variables: @@ -54,13 +53,18 @@ test-v18: - export DATE=`date "+%Y-%m-%d"` - export DESTINATION_UPSTREAM="${DESTINATION_PREFIX}:${VERSION}-upstream ${DESTINATION_PREFIX}:${VERSION}-upstream-${DATE}" - export DESTINATION_UPSTREAM="${DESTINATION_UPSTREAM} ${DESTINATION_PREFIX}:${LONG_VERSION}-upstream ${DESTINATION_PREFIX}:${LONG_VERSION}-upstream-${DATE}" + - echo $DESTINATION_UPSTREAM - export DESTINATION_BASE="${DESTINATION_PREFIX}:${VERSION} ${DESTINATION_PREFIX}:${VERSION}-${DATE}" - export DESTINATION_BASE="${DESTINATION_BASE} ${DESTINATION_PREFIX}:${LONG_VERSION} ${DESTINATION_PREFIX}:${LONG_VERSION}-${DATE}" + - echo $DESTINATION_BASE - export DESTINATION_FR="${DESTINATION_PREFIX}:${VERSION}-fr ${DESTINATION_PREFIX}:${VERSION}-fr-${DATE}" - export DESTINATION_FR="${DESTINATION_FR} ${DESTINATION_PREFIX}:${LONG_VERSION}-fr ${DESTINATION_PREFIX}:${LONG_VERSION}-fr-${DATE}" + - echo $DESTINATION_FR - export DESTINATION_WEB="${DESTINATION_PREFIX}:${VERSION}-web ${DESTINATION_PREFIX}:${VERSION}-web-${DATE}" - export DESTINATION_WEB="${DESTINATION_FR} ${DESTINATION_PREFIX}:${LONG_VERSION}-web ${DESTINATION_PREFIX}:${LONG_VERSION}-web-${DATE}" + - echo $DESTINATION_WEB #except: [] + #only except: - master @@ -72,7 +76,7 @@ push-v16: push-v17: extends: .push variables: - VERSION: "16.0" + VERSION: "17.0" push-v18: extends: .push -- GitLab From 3892399a157e0e46669671db0935d27c8f78ea53 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 19:15:05 +0100 Subject: [PATCH 30/50] w --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 13a81cd..f5ef939 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -48,7 +48,7 @@ test-v18: .push: extends: .test before_script: - - export LONG_VERSION=`./scripts/long_version.sh ${VERSION}` + - export LONG_VERSION=`${CI_PROJECT_DIR}/scripts/long_version.sh ${VERSION}` - export DESTINATION_PREFIX="--destination ${DOCKER_HUB_REPO}" - export DATE=`date "+%Y-%m-%d"` - export DESTINATION_UPSTREAM="${DESTINATION_PREFIX}:${VERSION}-upstream ${DESTINATION_PREFIX}:${VERSION}-upstream-${DATE}" @@ -61,7 +61,7 @@ test-v18: - export DESTINATION_FR="${DESTINATION_FR} ${DESTINATION_PREFIX}:${LONG_VERSION}-fr ${DESTINATION_PREFIX}:${LONG_VERSION}-fr-${DATE}" - echo $DESTINATION_FR - export DESTINATION_WEB="${DESTINATION_PREFIX}:${VERSION}-web ${DESTINATION_PREFIX}:${VERSION}-web-${DATE}" - - export DESTINATION_WEB="${DESTINATION_FR} ${DESTINATION_PREFIX}:${LONG_VERSION}-web ${DESTINATION_PREFIX}:${LONG_VERSION}-web-${DATE}" + - export DESTINATION_WEB="${DESTINATION_WEB} ${DESTINATION_PREFIX}:${LONG_VERSION}-web ${DESTINATION_PREFIX}:${LONG_VERSION}-web-${DATE}" - echo $DESTINATION_WEB #except: [] #only -- GitLab From 60749f63ce1b74b8b51d87a49e5406d0e8020837 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 19:18:40 +0100 Subject: [PATCH 31/50] w --- .gitlab-ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f5ef939..517e551 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -48,6 +48,9 @@ test-v18: .push: extends: .test before_script: + - ls ${CI_PROJECT_DIR} + - ls ${CI_PROJECT_DIR}/scripts/ + - ls ${CI_PROJECT_DIR}/scripts/long_version.sh - export LONG_VERSION=`${CI_PROJECT_DIR}/scripts/long_version.sh ${VERSION}` - export DESTINATION_PREFIX="--destination ${DOCKER_HUB_REPO}" - export DATE=`date "+%Y-%m-%d"` -- GitLab From 01580b2c0eda7bec296fc26db36f5f36b6a8c7a0 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 19:20:29 +0100 Subject: [PATCH 32/50] w --- .gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 517e551..f2ce2bf 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -49,8 +49,9 @@ test-v18: extends: .test before_script: - ls ${CI_PROJECT_DIR} - - ls ${CI_PROJECT_DIR}/scripts/ + - ls ${CI_PROJECT_DIR}/scripts/ -lat - ls ${CI_PROJECT_DIR}/scripts/long_version.sh + - cat ${CI_PROJECT_DIR}/scripts/long_version.sh - export LONG_VERSION=`${CI_PROJECT_DIR}/scripts/long_version.sh ${VERSION}` - export DESTINATION_PREFIX="--destination ${DOCKER_HUB_REPO}" - export DATE=`date "+%Y-%m-%d"` -- GitLab From ccf77cc98991f9eb93a602ced8b2c791fd57a634 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 19:23:56 +0100 Subject: [PATCH 33/50] w --- scripts/long_version.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/long_version.sh b/scripts/long_version.sh index 4d85934..29d7b52 100755 --- a/scripts/long_version.sh +++ b/scripts/long_version.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh fullversions=( $( curl -fsSL 'https://download.nextcloud.com/server/releases/' |tac|tac| \ grep -oE 'nextcloud-[[:digit:]]+(\.[[:digit:]]+){2}' | \ -- GitLab From 890edcbe06babd8bb09216ef7c85371b53c21851 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 19:25:56 +0100 Subject: [PATCH 34/50] w --- .gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f2ce2bf..a1ad8ff 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -52,6 +52,7 @@ test-v18: - ls ${CI_PROJECT_DIR}/scripts/ -lat - ls ${CI_PROJECT_DIR}/scripts/long_version.sh - cat ${CI_PROJECT_DIR}/scripts/long_version.sh + - which sh - export LONG_VERSION=`${CI_PROJECT_DIR}/scripts/long_version.sh ${VERSION}` - export DESTINATION_PREFIX="--destination ${DOCKER_HUB_REPO}" - export DATE=`date "+%Y-%m-%d"` -- GitLab From 250e98c4046ad81f80068790763f8818d194a828 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 19:28:05 +0100 Subject: [PATCH 35/50] w --- scripts/long_version.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/long_version.sh b/scripts/long_version.sh index 29d7b52..23a6ef7 100755 --- a/scripts/long_version.sh +++ b/scripts/long_version.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh fullversions=( $( curl -fsSL 'https://download.nextcloud.com/server/releases/' |tac|tac| \ grep -oE 'nextcloud-[[:digit:]]+(\.[[:digit:]]+){2}' | \ -- GitLab From e68e5da5179c5ce6c8d3b48e5664fdf2bcc832ad Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 19:29:35 +0100 Subject: [PATCH 36/50] w --- .gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a1ad8ff..607169a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -53,6 +53,7 @@ test-v18: - ls ${CI_PROJECT_DIR}/scripts/long_version.sh - cat ${CI_PROJECT_DIR}/scripts/long_version.sh - which sh + - which env - export LONG_VERSION=`${CI_PROJECT_DIR}/scripts/long_version.sh ${VERSION}` - export DESTINATION_PREFIX="--destination ${DOCKER_HUB_REPO}" - export DATE=`date "+%Y-%m-%d"` -- GitLab From 2332b1dbb558f397bf502331535c7f74c3bf661b Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 19:31:55 +0100 Subject: [PATCH 37/50] w --- .gitlab-ci.yml | 8 +------- scripts/long_version.sh | 2 +- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 607169a..4cd5635 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -48,13 +48,7 @@ test-v18: .push: extends: .test before_script: - - ls ${CI_PROJECT_DIR} - - ls ${CI_PROJECT_DIR}/scripts/ -lat - - ls ${CI_PROJECT_DIR}/scripts/long_version.sh - - cat ${CI_PROJECT_DIR}/scripts/long_version.sh - - which sh - - which env - - export LONG_VERSION=`${CI_PROJECT_DIR}/scripts/long_version.sh ${VERSION}` + - export LONG_VERSION=`sh ${CI_PROJECT_DIR}/scripts/long_version.sh ${VERSION}` - export DESTINATION_PREFIX="--destination ${DOCKER_HUB_REPO}" - export DATE=`date "+%Y-%m-%d"` - export DESTINATION_UPSTREAM="${DESTINATION_PREFIX}:${VERSION}-upstream ${DESTINATION_PREFIX}:${VERSION}-upstream-${DATE}" diff --git a/scripts/long_version.sh b/scripts/long_version.sh index 23a6ef7..29d7b52 100755 --- a/scripts/long_version.sh +++ b/scripts/long_version.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/sh fullversions=( $( curl -fsSL 'https://download.nextcloud.com/server/releases/' |tac|tac| \ grep -oE 'nextcloud-[[:digit:]]+(\.[[:digit:]]+){2}' | \ -- GitLab From 4f7fe92705efbe51be7608ebf41dd07bbefeefec Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 19:34:08 +0100 Subject: [PATCH 38/50] w --- .gitlab-ci.yml | 2 +- scripts/long_version.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4cd5635..bb55e50 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -48,7 +48,7 @@ test-v18: .push: extends: .test before_script: - - export LONG_VERSION=`sh ${CI_PROJECT_DIR}/scripts/long_version.sh ${VERSION}` + - export LONG_VERSION=`bash ${CI_PROJECT_DIR}/scripts/long_version.sh ${VERSION}` - export DESTINATION_PREFIX="--destination ${DOCKER_HUB_REPO}" - export DATE=`date "+%Y-%m-%d"` - export DESTINATION_UPSTREAM="${DESTINATION_PREFIX}:${VERSION}-upstream ${DESTINATION_PREFIX}:${VERSION}-upstream-${DATE}" diff --git a/scripts/long_version.sh b/scripts/long_version.sh index 29d7b52..4d85934 100755 --- a/scripts/long_version.sh +++ b/scripts/long_version.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash fullversions=( $( curl -fsSL 'https://download.nextcloud.com/server/releases/' |tac|tac| \ grep -oE 'nextcloud-[[:digit:]]+(\.[[:digit:]]+){2}' | \ -- GitLab From b895555726fd379ac997e3911e522c3022191ee6 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 21:37:14 +0100 Subject: [PATCH 39/50] w --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index bb55e50..9777131 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -48,7 +48,7 @@ test-v18: .push: extends: .test before_script: - - export LONG_VERSION=`bash ${CI_PROJECT_DIR}/scripts/long_version.sh ${VERSION}` + - export LONG_VERSION=`curl -fsSL 'https://download.nextcloud.com/server/releases/' |tac|tac| grep -oE 'nextcloud-[[:digit:]]+(\.[[:digit:]]+){2}' | grep -oE '[[:digit:]]+(\.[[:digit:]]+){2}' | sort -urV | grep ${VERSION} | head -n1` - export DESTINATION_PREFIX="--destination ${DOCKER_HUB_REPO}" - export DATE=`date "+%Y-%m-%d"` - export DESTINATION_UPSTREAM="${DESTINATION_PREFIX}:${VERSION}-upstream ${DESTINATION_PREFIX}:${VERSION}-upstream-${DATE}" -- GitLab From f794d957923a5b3776bbaa708a1e203a380c7a8c Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 21:44:00 +0100 Subject: [PATCH 40/50] w --- .gitlab-ci.yml | 14 +++++--------- base/apps/install.sh | 5 ++++- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 9777131..b7d8cbf 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -48,21 +48,17 @@ test-v18: .push: extends: .test before_script: - - export LONG_VERSION=`curl -fsSL 'https://download.nextcloud.com/server/releases/' |tac|tac| grep -oE 'nextcloud-[[:digit:]]+(\.[[:digit:]]+){2}' | grep -oE '[[:digit:]]+(\.[[:digit:]]+){2}' | sort -urV | grep ${VERSION} | head -n1` + # - export LONG_VERSION=`curl -fsSL 'https://download.nextcloud.com/server/releases/' |tac|tac| grep -oE 'nextcloud-[[:digit:]]+(\.[[:digit:]]+){2}' | grep -oE '[[:digit:]]+(\.[[:digit:]]+){2}' | sort -urV | grep ${VERSION} | head -n1` - export DESTINATION_PREFIX="--destination ${DOCKER_HUB_REPO}" - export DATE=`date "+%Y-%m-%d"` - export DESTINATION_UPSTREAM="${DESTINATION_PREFIX}:${VERSION}-upstream ${DESTINATION_PREFIX}:${VERSION}-upstream-${DATE}" - - export DESTINATION_UPSTREAM="${DESTINATION_UPSTREAM} ${DESTINATION_PREFIX}:${LONG_VERSION}-upstream ${DESTINATION_PREFIX}:${LONG_VERSION}-upstream-${DATE}" - - echo $DESTINATION_UPSTREAM + # - export DESTINATION_UPSTREAM="${DESTINATION_UPSTREAM} ${DESTINATION_PREFIX}:${LONG_VERSION}-upstream ${DESTINATION_PREFIX}:${LONG_VERSION}-upstream-${DATE}" - export DESTINATION_BASE="${DESTINATION_PREFIX}:${VERSION} ${DESTINATION_PREFIX}:${VERSION}-${DATE}" - - export DESTINATION_BASE="${DESTINATION_BASE} ${DESTINATION_PREFIX}:${LONG_VERSION} ${DESTINATION_PREFIX}:${LONG_VERSION}-${DATE}" - - echo $DESTINATION_BASE + # - export DESTINATION_BASE="${DESTINATION_BASE} ${DESTINATION_PREFIX}:${LONG_VERSION} ${DESTINATION_PREFIX}:${LONG_VERSION}-${DATE}" - export DESTINATION_FR="${DESTINATION_PREFIX}:${VERSION}-fr ${DESTINATION_PREFIX}:${VERSION}-fr-${DATE}" - - export DESTINATION_FR="${DESTINATION_FR} ${DESTINATION_PREFIX}:${LONG_VERSION}-fr ${DESTINATION_PREFIX}:${LONG_VERSION}-fr-${DATE}" - - echo $DESTINATION_FR + # - export DESTINATION_FR="${DESTINATION_FR} ${DESTINATION_PREFIX}:${LONG_VERSION}-fr ${DESTINATION_PREFIX}:${LONG_VERSION}-fr-${DATE}" - export DESTINATION_WEB="${DESTINATION_PREFIX}:${VERSION}-web ${DESTINATION_PREFIX}:${VERSION}-web-${DATE}" - - export DESTINATION_WEB="${DESTINATION_WEB} ${DESTINATION_PREFIX}:${LONG_VERSION}-web ${DESTINATION_PREFIX}:${LONG_VERSION}-web-${DATE}" - - echo $DESTINATION_WEB + # - export DESTINATION_WEB="${DESTINATION_WEB} ${DESTINATION_PREFIX}:${LONG_VERSION}-web ${DESTINATION_PREFIX}:${LONG_VERSION}-web-${DATE}" #except: [] #only except: diff --git a/base/apps/install.sh b/base/apps/install.sh index fb03411..b9b0405 100755 --- a/base/apps/install.sh +++ b/base/apps/install.sh @@ -1,5 +1,8 @@ #!/bin/bash -eux -curl -Ls https://apps.nextcloud.com/api/v1/platform/${VERSION}/apps.json > /tmp/apps.json + +export LONG_VERSION=`curl -fsSL 'https://download.nextcloud.com/server/releases/' |tac|tac| grep -oE 'nextcloud-[[:digit:]]+(\.[[:digit:]]+){2}' | grep -oE '[[:digit:]]+(\.[[:digit:]]+){2}' | sort -urV | grep ${VERSION} | head -n1` + +curl -Ls https://apps.nextcloud.com/api/v1/platform/${LONG_VERSION}/apps.json > /tmp/apps.json function download_link() { cat /tmp/apps.json | jq '.[] | select(.id == "'$1'") | .releases[0].download' -- GitLab From df9180cc6c2fa07126e5fd327eae87e55c1a9746 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 22:01:16 +0100 Subject: [PATCH 41/50] f --- .gitlab-ci.yml | 10 ++++----- base/Dockerfile | 21 +++++++++++-------- base/apps/{list => install-list} | 0 base/apps/install.sh | 4 +--- base/{config/apps_remove => apps/remove-list} | 0 scripts/long_version.sh | 15 ------------- 6 files changed, 18 insertions(+), 32 deletions(-) rename base/apps/{list => install-list} (100%) rename base/{config/apps_remove => apps/remove-list} (100%) delete mode 100755 scripts/long_version.sh diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b7d8cbf..c7f1ea9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -48,17 +48,17 @@ test-v18: .push: extends: .test before_script: - # - export LONG_VERSION=`curl -fsSL 'https://download.nextcloud.com/server/releases/' |tac|tac| grep -oE 'nextcloud-[[:digit:]]+(\.[[:digit:]]+){2}' | grep -oE '[[:digit:]]+(\.[[:digit:]]+){2}' | sort -urV | grep ${VERSION} | head -n1` + - export LONG_VERSION=`cat ${CI_PROJECT_DIR}/upstream/${VERSION}/fpm-alpine/Dockerfile | grep "ENV NEXTCLOUD_VERSION" | cut -d" " -f3` - export DESTINATION_PREFIX="--destination ${DOCKER_HUB_REPO}" - export DATE=`date "+%Y-%m-%d"` - export DESTINATION_UPSTREAM="${DESTINATION_PREFIX}:${VERSION}-upstream ${DESTINATION_PREFIX}:${VERSION}-upstream-${DATE}" - # - export DESTINATION_UPSTREAM="${DESTINATION_UPSTREAM} ${DESTINATION_PREFIX}:${LONG_VERSION}-upstream ${DESTINATION_PREFIX}:${LONG_VERSION}-upstream-${DATE}" + - export DESTINATION_UPSTREAM="${DESTINATION_UPSTREAM} ${DESTINATION_PREFIX}:${LONG_VERSION}-upstream ${DESTINATION_PREFIX}:${LONG_VERSION}-upstream-${DATE}" - export DESTINATION_BASE="${DESTINATION_PREFIX}:${VERSION} ${DESTINATION_PREFIX}:${VERSION}-${DATE}" - # - export DESTINATION_BASE="${DESTINATION_BASE} ${DESTINATION_PREFIX}:${LONG_VERSION} ${DESTINATION_PREFIX}:${LONG_VERSION}-${DATE}" + - export DESTINATION_BASE="${DESTINATION_BASE} ${DESTINATION_PREFIX}:${LONG_VERSION} ${DESTINATION_PREFIX}:${LONG_VERSION}-${DATE}" - export DESTINATION_FR="${DESTINATION_PREFIX}:${VERSION}-fr ${DESTINATION_PREFIX}:${VERSION}-fr-${DATE}" - # - export DESTINATION_FR="${DESTINATION_FR} ${DESTINATION_PREFIX}:${LONG_VERSION}-fr ${DESTINATION_PREFIX}:${LONG_VERSION}-fr-${DATE}" + - export DESTINATION_FR="${DESTINATION_FR} ${DESTINATION_PREFIX}:${LONG_VERSION}-fr ${DESTINATION_PREFIX}:${LONG_VERSION}-fr-${DATE}" - export DESTINATION_WEB="${DESTINATION_PREFIX}:${VERSION}-web ${DESTINATION_PREFIX}:${VERSION}-web-${DATE}" - # - export DESTINATION_WEB="${DESTINATION_WEB} ${DESTINATION_PREFIX}:${LONG_VERSION}-web ${DESTINATION_PREFIX}:${LONG_VERSION}-web-${DATE}" + - export DESTINATION_WEB="${DESTINATION_WEB} ${DESTINATION_PREFIX}:${LONG_VERSION}-web ${DESTINATION_PREFIX}:${LONG_VERSION}-web-${DATE}" #except: [] #only except: diff --git a/base/Dockerfile b/base/Dockerfile index 0ff96d3..a7b1c94 100644 --- a/base/Dockerfile +++ b/base/Dockerfile @@ -1,15 +1,23 @@ -FROM alpine as apps +FROM libresh/nextcloud:$VERSION-upstream as upstream + +FROM alpine as upstream_with_apps RUN apk add --no-cache jq curl bash -COPY apps /apps -WORKDIR /apps +COPY --from upstream /var/www/html /var/www/html +COPY apps /var/www/html/apps +WORKDIR /var/www/html/apps ARG VERSION RUN ./install.sh +RUN for app in $(cat /var/www/html/apps/remove-list);do \ + echo "removing app $app"; \ + rm -R /var/www/html/apps/$app; \ +done +RUN rm install.sh remove-list install-list FROM libresh/nextcloud:$VERSION-upstream COPY redis.ini /usr/local/etc/php/conf.d/ +COPY --from=upstream_with_apps --chown=www-data:root /var/www/html /var/www/html COPY --chown=www-data:root config/* /var/www/html/config/ -COPY --from=apps --chown=www-data:root /apps/* /var/www/html/apps/ RUN set -ex; \ \ @@ -28,9 +36,4 @@ RUN set -ex; \ docker-php-ext-install imap; \ apk del .build-deps -RUN for app in $(cat /usr/src/nextcloud/config/apps_remove);do \ - echo "removing app $app"; \ - rm -R /var/www/html/apps/$app; \ -done - CMD ["php-fpm"] \ No newline at end of file diff --git a/base/apps/list b/base/apps/install-list similarity index 100% rename from base/apps/list rename to base/apps/install-list diff --git a/base/apps/install.sh b/base/apps/install.sh index b9b0405..f60cd6c 100755 --- a/base/apps/install.sh +++ b/base/apps/install.sh @@ -1,8 +1,6 @@ #!/bin/bash -eux -export LONG_VERSION=`curl -fsSL 'https://download.nextcloud.com/server/releases/' |tac|tac| grep -oE 'nextcloud-[[:digit:]]+(\.[[:digit:]]+){2}' | grep -oE '[[:digit:]]+(\.[[:digit:]]+){2}' | sort -urV | grep ${VERSION} | head -n1` - -curl -Ls https://apps.nextcloud.com/api/v1/platform/${LONG_VERSION}/apps.json > /tmp/apps.json +curl -Ls https://apps.nextcloud.com/api/v1/platform/${NEXTCLOUD_VERSION}/apps.json > /tmp/apps.json function download_link() { cat /tmp/apps.json | jq '.[] | select(.id == "'$1'") | .releases[0].download' diff --git a/base/config/apps_remove b/base/apps/remove-list similarity index 100% rename from base/config/apps_remove rename to base/apps/remove-list diff --git a/scripts/long_version.sh b/scripts/long_version.sh deleted file mode 100755 index 4d85934..0000000 --- a/scripts/long_version.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -fullversions=( $( curl -fsSL 'https://download.nextcloud.com/server/releases/' |tac|tac| \ - grep -oE 'nextcloud-[[:digit:]]+(\.[[:digit:]]+){2}' | \ - grep -oE '[[:digit:]]+(\.[[:digit:]]+){2}' | \ - sort -urV ) ) -versions=( $( printf '%s\n' "${fullversions[@]}" | cut -d. -f1-2 | sort -urV ) ) - -for version in "${versions[@]}"; do - fullversion="$( printf '%s\n' "${fullversions[@]}" | grep -E "^$version" | head -1 )" - - if [[ "$version" == "$1" ]]; then - echo $fullversion - fi -done \ No newline at end of file -- GitLab From 46fb3a86045933267dcc0f56a020e4f76a47f2d9 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Mon, 20 Jan 2020 22:01:49 +0100 Subject: [PATCH 42/50] f --- upstream | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/upstream b/upstream index 63b1d87..3fc96a0 160000 --- a/upstream +++ b/upstream @@ -1 +1 @@ -Subproject commit 63b1d87e50c5bc61b3acc1ed8a637c0365321539 +Subproject commit 3fc96a035c6f9aa32c4967ba2c7e9b9710521ffc -- GitLab From 384ec317f5465746da6b22e4170da0ea88fa5eba Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Tue, 21 Jan 2020 09:36:05 +0100 Subject: [PATCH 43/50] w --- base/Dockerfile | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/base/Dockerfile b/base/Dockerfile index a7b1c94..4a75bfd 100644 --- a/base/Dockerfile +++ b/base/Dockerfile @@ -1,11 +1,12 @@ +ARG VERSION + FROM libresh/nextcloud:$VERSION-upstream as upstream FROM alpine as upstream_with_apps RUN apk add --no-cache jq curl bash -COPY --from upstream /var/www/html /var/www/html +COPY --from=upstream /var/www/html /var/www/html COPY apps /var/www/html/apps WORKDIR /var/www/html/apps -ARG VERSION RUN ./install.sh RUN for app in $(cat /var/www/html/apps/remove-list);do \ echo "removing app $app"; \ @@ -14,17 +15,14 @@ done RUN rm install.sh remove-list install-list FROM libresh/nextcloud:$VERSION-upstream - COPY redis.ini /usr/local/etc/php/conf.d/ COPY --from=upstream_with_apps --chown=www-data:root /var/www/html /var/www/html COPY --chown=www-data:root config/* /var/www/html/config/ - RUN set -ex; \ \ apk add --no-cache \ imagemagick \ ; - RUN set -ex; \ \ apk add --no-cache --virtual .build-deps \ @@ -35,5 +33,4 @@ RUN set -ex; \ docker-php-ext-configure imap --with-imap-ssl; \ docker-php-ext-install imap; \ apk del .build-deps - CMD ["php-fpm"] \ No newline at end of file -- GitLab From 8919e0bdcd35d3d43a37e4853370387e5ca01caa Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Tue, 21 Jan 2020 09:45:03 +0100 Subject: [PATCH 44/50] w --- base/Dockerfile | 26 ++++++++++++-------------- base/apps/install.sh | 2 +- 2 files changed, 13 insertions(+), 15 deletions(-) diff --git a/base/Dockerfile b/base/Dockerfile index 4a75bfd..59fee60 100644 --- a/base/Dockerfile +++ b/base/Dockerfile @@ -1,23 +1,13 @@ ARG VERSION -FROM libresh/nextcloud:$VERSION-upstream as upstream - -FROM alpine as upstream_with_apps +FROM alpine as apps RUN apk add --no-cache jq curl bash -COPY --from=upstream /var/www/html /var/www/html -COPY apps /var/www/html/apps -WORKDIR /var/www/html/apps +COPY apps /apps +WORKDIR /apps RUN ./install.sh -RUN for app in $(cat /var/www/html/apps/remove-list);do \ - echo "removing app $app"; \ - rm -R /var/www/html/apps/$app; \ -done -RUN rm install.sh remove-list install-list +RUN rm ./install.sh ./install-list FROM libresh/nextcloud:$VERSION-upstream -COPY redis.ini /usr/local/etc/php/conf.d/ -COPY --from=upstream_with_apps --chown=www-data:root /var/www/html /var/www/html -COPY --chown=www-data:root config/* /var/www/html/config/ RUN set -ex; \ \ apk add --no-cache \ @@ -33,4 +23,12 @@ RUN set -ex; \ docker-php-ext-configure imap --with-imap-ssl; \ docker-php-ext-install imap; \ apk del .build-deps +COPY redis.ini /usr/local/etc/php/conf.d/ +COPY --chown=www-data:root config/* /var/www/html/config/ +COPY --from=apps --chown=www-data:root /apps/* /var/www/html/apps/ +RUN for app in $(cat /var/www/html/apps/remove-list);do \ + echo "removing app $app"; \ + rm -R /var/www/html/apps/$app; \ +done +RUN rm /var/www/html/apps/remove-list CMD ["php-fpm"] \ No newline at end of file diff --git a/base/apps/install.sh b/base/apps/install.sh index f60cd6c..c973988 100755 --- a/base/apps/install.sh +++ b/base/apps/install.sh @@ -6,7 +6,7 @@ function download_link() { cat /tmp/apps.json | jq '.[] | select(.id == "'$1'") | .releases[0].download' } -links=`cat ./list | xargs -I@ bash -c "$(declare -f download_link) ; download_link @ ; " | tr -d '"'` +links=`cat ./install-list | xargs -I@ bash -c "$(declare -f download_link) ; download_link @ ; " | tr -d '"'` mkdir -p apps cd apps -- GitLab From 2b83db3702167f92a7b8efc938f1eecf102ee037 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Tue, 21 Jan 2020 10:54:36 +0100 Subject: [PATCH 45/50] w --- base/Dockerfile | 2 +- base/apps/install-list | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/base/Dockerfile b/base/Dockerfile index 59fee60..5bdf1d5 100644 --- a/base/Dockerfile +++ b/base/Dockerfile @@ -1,9 +1,9 @@ ARG VERSION - FROM alpine as apps RUN apk add --no-cache jq curl bash COPY apps /apps WORKDIR /apps +ARG VERSION RUN ./install.sh RUN rm ./install.sh ./install-list diff --git a/base/apps/install-list b/base/apps/install-list index d49db24..26bf805 100644 --- a/base/apps/install-list +++ b/base/apps/install-list @@ -15,4 +15,5 @@ quota_warning registration richdocuments text -twofactor_totp \ No newline at end of file +twofactor_totp +user_saml \ No newline at end of file -- GitLab From 41fe8f96c5907bcb9f5ad998665c9cb0309023d2 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Tue, 21 Jan 2020 11:40:45 +0100 Subject: [PATCH 46/50] e --- base/apps/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/base/apps/install.sh b/base/apps/install.sh index c973988..cd1e0f8 100755 --- a/base/apps/install.sh +++ b/base/apps/install.sh @@ -1,6 +1,6 @@ #!/bin/bash -eux -curl -Ls https://apps.nextcloud.com/api/v1/platform/${NEXTCLOUD_VERSION}/apps.json > /tmp/apps.json +curl -Ls https://apps.nextcloud.com/api/v1/platform/${VERSION}/apps.json > /tmp/apps.json function download_link() { cat /tmp/apps.json | jq '.[] | select(.id == "'$1'") | .releases[0].download' -- GitLab From 495bade7d863e5f32f43a34a350e2a25abc46899 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Tue, 21 Jan 2020 11:55:18 +0100 Subject: [PATCH 47/50] final? --- .gitlab-ci.yml | 8 ++++---- fr/Dockerfile | 2 ++ web/Dockerfile | 1 + 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c7f1ea9..f2375e2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -15,18 +15,19 @@ variables: DESTINATION_WEB: "--no-push" script: - cp $DOCKER_SECRET_CONFIG /kaniko/.docker/config.json + - export LONG_VERSION=`cat ${CI_PROJECT_DIR}/upstream/${VERSION}/fpm-alpine/Dockerfile | grep "ENV NEXTCLOUD_VERSION" | cut -d" " -f3` - export CONTEXT=${CI_PROJECT_DIR}/upstream/${VERSION}/fpm-alpine - cd ${CONTEXT} - /kaniko/executor --context ${CONTEXT} ${DESTINATION_UPSTREAM} - export CONTEXT=${CI_PROJECT_DIR}/base - cd ${CONTEXT} - - /kaniko/executor --context ${CONTEXT} ${DESTINATION_BASE} --build-arg VERSION=$VERSION + - /kaniko/executor --context ${CONTEXT} ${DESTINATION_BASE} --build-arg VERSION=$LONG_VERSION - export CONTEXT=${CI_PROJECT_DIR}/fr - cd ${CONTEXT} - #- /kaniko/executor --context ${CONTEXT} ${DESTINATION_FR} --build-arg VERSION=$VERSION + #- /kaniko/executor --context ${CONTEXT} ${DESTINATION_FR} --build-arg VERSION=$LONG_VERSION - export CONTEXT=${CI_PROJECT_DIR}/web - cd ${CONTEXT} - - /kaniko/executor --context ${CONTEXT} ${DESTINATION_WEB} --build-arg VERSION=$VERSION + - /kaniko/executor --context ${CONTEXT} ${DESTINATION_WEB} --build-arg VERSION=$LONG_VERSION except: - master @@ -48,7 +49,6 @@ test-v18: .push: extends: .test before_script: - - export LONG_VERSION=`cat ${CI_PROJECT_DIR}/upstream/${VERSION}/fpm-alpine/Dockerfile | grep "ENV NEXTCLOUD_VERSION" | cut -d" " -f3` - export DESTINATION_PREFIX="--destination ${DOCKER_HUB_REPO}" - export DATE=`date "+%Y-%m-%d"` - export DESTINATION_UPSTREAM="${DESTINATION_PREFIX}:${VERSION}-upstream ${DESTINATION_PREFIX}:${VERSION}-upstream-${DATE}" diff --git a/fr/Dockerfile b/fr/Dockerfile index 3a0b586..bc937d7 100644 --- a/fr/Dockerfile +++ b/fr/Dockerfile @@ -1 +1,3 @@ +ARG VERSION +FROM libresh/nextcloud:${VERSION} as builder COPY --chown=www-data:root _build/html/release/fr/ /var/www/html/core/doc/user/ diff --git a/web/Dockerfile b/web/Dockerfile index baa49ae..795f8d5 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -1,3 +1,4 @@ +ARG VERSION FROM libresh/nextcloud:${VERSION} as builder FROM nginx COPY --from=builder /var/www/html /var/www/html -- GitLab From 4d0e2bd514cb4f21159e9f57405783693b97357b Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Tue, 21 Jan 2020 12:07:45 +0100 Subject: [PATCH 48/50] w --- .gitlab-ci.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f2375e2..af8c0c7 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -2,6 +2,9 @@ variables: GIT_SUBMODULE_STRATEGY: recursive DOCKER_HUB_REPO: libresh/nextcloud +.compute_long_version: &compute_long_version + - export LONG_VERSION=`cat ${CI_PROJECT_DIR}/upstream/${VERSION}/fpm-alpine/Dockerfile | grep "ENV NEXTCLOUD_VERSION" | cut -d" " -f3` + .test: tags: - build @@ -14,8 +17,8 @@ variables: DESTINATION_FR: "--no-push" DESTINATION_WEB: "--no-push" script: + - *compute_long_version - cp $DOCKER_SECRET_CONFIG /kaniko/.docker/config.json - - export LONG_VERSION=`cat ${CI_PROJECT_DIR}/upstream/${VERSION}/fpm-alpine/Dockerfile | grep "ENV NEXTCLOUD_VERSION" | cut -d" " -f3` - export CONTEXT=${CI_PROJECT_DIR}/upstream/${VERSION}/fpm-alpine - cd ${CONTEXT} - /kaniko/executor --context ${CONTEXT} ${DESTINATION_UPSTREAM} @@ -49,6 +52,7 @@ test-v18: .push: extends: .test before_script: + - *compute_long_version - export DESTINATION_PREFIX="--destination ${DOCKER_HUB_REPO}" - export DATE=`date "+%Y-%m-%d"` - export DESTINATION_UPSTREAM="${DESTINATION_PREFIX}:${VERSION}-upstream ${DESTINATION_PREFIX}:${VERSION}-upstream-${DATE}" -- GitLab From 88799321df388650607cc70ae40abcdac591b6a8 Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Tue, 21 Jan 2020 12:10:41 +0100 Subject: [PATCH 49/50] w --- upstream | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/upstream b/upstream index 3fc96a0..0433976 160000 --- a/upstream +++ b/upstream @@ -1 +1 @@ -Subproject commit 3fc96a035c6f9aa32c4967ba2c7e9b9710521ffc +Subproject commit 0433976ebe509588ec6967392d9e093f47abbf81 -- GitLab From 880016bd0bebda40d24019db203f0ae00998815a Mon Sep 17 00:00:00 2001 From: pierreozoux Date: Tue, 21 Jan 2020 14:42:51 +0100 Subject: [PATCH 50/50] w --- .gitlab-ci.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index af8c0c7..58f889b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -63,9 +63,8 @@ test-v18: - export DESTINATION_FR="${DESTINATION_FR} ${DESTINATION_PREFIX}:${LONG_VERSION}-fr ${DESTINATION_PREFIX}:${LONG_VERSION}-fr-${DATE}" - export DESTINATION_WEB="${DESTINATION_PREFIX}:${VERSION}-web ${DESTINATION_PREFIX}:${VERSION}-web-${DATE}" - export DESTINATION_WEB="${DESTINATION_WEB} ${DESTINATION_PREFIX}:${LONG_VERSION}-web ${DESTINATION_PREFIX}:${LONG_VERSION}-web-${DATE}" - #except: [] - #only - except: + except: [] + only: - master push-v16: -- GitLab