diff --git a/.drone.jsonnet b/.drone.jsonnet
index 44659f5..75db467 100644
--- a/.drone.jsonnet
+++ b/.drone.jsonnet
@@ -1,44 +1,43 @@
-local PipelineBuild(os='linux', arch='amd64') = {
- local tag = os + '-' + arch,
- local version_tag = os + '-' + arch,
- local file_suffix = std.strReplace(version_tag, '-', '.'),
- kind: "pipeline",
- name: version_tag,
+local PipelineBuild(arch='amd64') = {
+ kind: 'pipeline',
+ name: 'build-' + arch,
platform: {
- os: os,
+ os: 'linux',
arch: arch,
},
steps: [
{
name: 'dryrun',
- image: 'plugins/docker:' + tag,
- pull: 'always',
+ image: 'plugins/docker',
settings: {
dry_run: true,
- tags: version_tag,
- dockerfile: './Dockerfile.' + file_suffix,
+ dockerfile: 'Dockerfile',
repo: 'xoxys/freshrss',
- username: { from_secret: "docker_username" },
- password: { from_secret: "docker_password" },
- build_args: {
- FRESHRSS_VERSION: "${DRONE_TAG%-*}",
- },
+ username: { from_secret: 'docker_username' },
+ password: { from_secret: 'docker_password' },
+ build_args: [
+ 'FRESHRSS_VERSION=${DRONE_TAG%-*}',
+ ],
+ },
+ when: {
+ ref: [
+ 'refs/pull/**',
+ ],
},
},
{
name: 'publish',
- image: 'plugins/docker:' + tag,
- pull: 'always',
+ image: 'plugins/docker',
settings: {
auto_tag: true,
- auto_tag_suffix: version_tag,
- dockerfile: './Dockerfile.' + file_suffix,
+ auto_tag_suffix: arch,
+ dockerfile: 'Dockerfile',
repo: 'xoxys/freshrss',
- username: { from_secret: "docker_username" },
- password: { from_secret: "docker_password" },
- build_args: {
- FRESHRSS_VERSION: "${DRONE_TAG%-*}",
- },
+ username: { from_secret: 'docker_username' },
+ password: { from_secret: 'docker_password' },
+ build_args: [
+ 'FRESHRSS_VERSION=${DRONE_TAG%-*}',
+ ],
},
when: {
ref: [
@@ -48,15 +47,14 @@ local PipelineBuild(os='linux', arch='amd64') = {
},
},
{
- name: "publish-gitea",
- image: "plugins/gitea-release",
- pull: "always",
+ name: 'publish-gitea',
+ image: 'plugins/gitea-release',
settings: {
- api_key: { "from_secret": "gitea_token" },
- base_url: "https://gitea.rknet.org",
+ api_key: { from_secret: 'gitea_token' },
+ base_url: 'https://gitea.rknet.org',
overwrite: true,
- title: "${DRONE_TAG}",
- note: "CHANGELOG.md",
+ title: '${DRONE_TAG}',
+ note: 'CHANGELOG.md',
},
when: {
ref: ['refs/tags/**'],
@@ -66,83 +64,85 @@ local PipelineBuild(os='linux', arch='amd64') = {
};
local PipelineNotifications(depends_on=[]) = {
- kind: "pipeline",
- name: "notifications",
+ kind: 'pipeline',
+ name: 'notifications',
platform: {
- os: "linux",
- arch: "amd64",
+ os: 'linux',
+ arch: 'amd64',
},
steps: [
{
- image: "plugins/manifest",
- name: "manifest",
- pull: "always",
+ image: 'plugins/manifest',
+ name: 'manifest',
settings: {
ignore_missing: true,
- tags: ["${DRONE_TAG}", "${DRONE_TAG%-*}", "${DRONE_TAG%.*}", "${DRONE_TAG%%.*}"],
- username: { from_secret: "docker_username" },
- password: { from_secret: "docker_password" },
- spec: "./manifest.tmpl",
+ tags: [
+ '${DRONE_TAG}',
+ '${DRONE_TAG%-*}',
+ '${DRONE_TAG%.*}',
+ '${DRONE_TAG%%.*}',
+ ],
+ username: { from_secret: 'docker_username' },
+ password: { from_secret: 'docker_password' },
+ spec: 'manifest.tmpl',
},
when: {
- ref: [
- 'refs/heads/master',
- 'refs/tags/**',
+ status: [
+ 'success',
],
},
},
{
- name: "readme",
- image: "sheogorath/readme-to-dockerhub",
- pull: "always",
+ name: 'readme',
+ image: 'sheogorath/readme-to-dockerhub',
environment: {
- DOCKERHUB_USERNAME: { from_secret: "docker_username" },
- DOCKERHUB_PASSWORD: { from_secret: "docker_password" },
- DOCKERHUB_REPO_PREFIX: "xoxys",
- DOCKERHUB_REPO_NAME: "freshrss",
- README_PATH: "README.md",
- SHORT_DESCRIPTION: "Rootless FreshRSS - Self-hosted RSS feed aggregator"
+ DOCKERHUB_USERNAME: { from_secret: 'docker_username' },
+ DOCKERHUB_PASSWORD: { from_secret: 'docker_password' },
+ DOCKERHUB_REPO_PREFIX: 'xoxys',
+ DOCKERHUB_REPO_NAME: 'freshrss',
+ README_PATH: 'README.md',
+ SHORT_DESCRIPTION: 'Rootless FreshRSS - Self-hosted RSS feed aggregator',
},
when: {
- ref: [
- 'refs/heads/master',
- 'refs/tags/**',
+ status: [
+ 'success',
],
},
},
{
- name: "microbadger",
- image: "plugins/webhook",
- pull: "always",
+ name: 'matrix',
+ image: 'plugins/matrix',
settings: {
- urls: { from_secret: "microbadger_url" },
- },
- },
- {
- image: "plugins/matrix",
- name: "matrix",
- pull: 'always',
- settings: {
- homeserver: "https://matrix.rknet.org",
- roomid: "MtidqQXWWAtQcByBhH:rknet.org",
- template: "Status: **{{ build.status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}
Message: {{ build.message }}",
- username: { from_secret: "matrix_username" },
- password: { from_secret: "matrix_password" },
+ homeserver: { from_secret: 'matrix_homeserver' },
+ roomid: { from_secret: 'matrix_roomid' },
+ template: 'Status: **{{ build.status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}
Message: {{ build.message }}',
+ username: { from_secret: 'matrix_username' },
+ password: { from_secret: 'matrix_password' },
},
when: {
- status: [ "success", "failure" ],
+ status: [
+ 'success',
+ 'failure',
+ ],
},
},
],
trigger: {
- status: [ "success", "failure" ],
+ ref: [
+ 'refs/heads/master',
+ 'refs/tags/**',
+ ],
+ status: [
+ 'success',
+ 'failure',
+ ],
},
depends_on: depends_on,
};
[
- PipelineBuild(os='linux', arch='amd64'),
+ PipelineBuild(arch='amd64'),
PipelineNotifications(depends_on=[
- "linux-amd64",
- ])
+ 'build-amd64',
+ ]),
]
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0caeade..be32180 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,8 +1,4 @@
+> __WARNING:__ Versionning was not working due to a bug in CI pipeline. You may run a developent version of FreshRSS currently!
+
* BUGFIX
- * fix init error if DB not available
-* ENHANCEMENT
- * remove stdout redirect for the supercronic main process
- * remove log redirect from cron scripts
- * remove `FRESHRSS_LIMITS_MAX_INACTIVITY`
-* SECURITY
- * update PHP to address [CVE-2019-11043](https://de.tenable.com/blog/cve-2019-11043-vulnerability-in-php-fpm-could-lead-to-remote-code-execution-on-nginx)
+ * fix versioning
diff --git a/Dockerfile.linux.amd64 b/Dockerfile
similarity index 90%
rename from Dockerfile.linux.amd64
rename to Dockerfile
index 81f4ab3..0ae4d52 100644
--- a/Dockerfile.linux.amd64
+++ b/Dockerfile
@@ -2,7 +2,7 @@ FROM xoxys/nginx:latest
LABEL maintainer="Robert Kaussow " \
org.label-schema.name="FreshRSS" \
- org.label-schema.version="1.2" \
+ org.label-schema.vcs-url="https://gitea.rknet.org/docker/freshrss" \
org.label-schema.vendor="Robert Kaussow" \
org.label-schema.schema-version="1.0"
@@ -18,6 +18,7 @@ RUN apk --update add --virtual .build-deps tar curl && \
rm -f /etc/php7/php-fpm.d/www.conf && \
mkdir -p /var/www/app && \
mkdir /var/www/.postgresql && \
+ echo "Installing FreshRSS '$FRESHRSS_VERSION' ..." && \
curl -SsL ${FRESHRSS_TARBALL} | tar xz -C /var/www/app/ --strip-components=1 && \
curl -SsL -o /etc/php7/browscap.ini https://browscap.org/stream?q=Lite_PHP_BrowsCapINI && \
apk del .build-deps && \
@@ -45,7 +46,7 @@ USER nginx
STOPSIGNAL SIGTERM
-ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
-HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD /usr/local/bin/healthcheck.sh
+ENTRYPOINT ["/usr/local/bin/entrypoint"]
+HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD /usr/local/bin/healthcheck
WORKDIR /var/www/app
CMD []
diff --git a/overlay/usr/local/bin/entrypoint.sh b/overlay/usr/local/bin/entrypoint
similarity index 86%
rename from overlay/usr/local/bin/entrypoint.sh
rename to overlay/usr/local/bin/entrypoint
index 73fa69d..75ee0f5 100755
--- a/overlay/usr/local/bin/entrypoint.sh
+++ b/overlay/usr/local/bin/entrypoint
@@ -1,17 +1,18 @@
-#!/bin/sh
+#!/usr/bin/env sh
+set -eo pipefail
/usr/local/bin/gomplate -V -o /etc/php7/php.ini -f /etc/templates/php.ini.tmpl
/usr/local/bin/gomplate -V -o /var/www/app/data/config.php -f /etc/templates/config.php.tmpl
/usr/local/bin/gomplate -V -o /var/www/app/constants.local.php -f /etc/templates/constants.local.php.tmpl
-if [ "${FRESHRSS_POSTGRES_SSL_ROOTCERT}" ] && [ ! -f "/var/www/.postgresql/root.crt" ]; then
+if [ -n "${FRESHRSS_POSTGRES_SSL_ROOTCERT}" ] && [ ! -f "/var/www/.postgresql/root.crt" ]; then
ln -s "${FRESHRSS_POSTGRES_SSL_ROOTCERT}" /var/www/.postgresql/root.crt
fi
printf "\nPrepare FreshRSS...\n"
PREP=$(/usr/bin/php -f ./cli/prepare.php)
if [ $? -ne 0 ]; then
- echo $PREP
+ echo "$PREP"
exit 1
fi
@@ -22,12 +23,12 @@ if [ "${FRESHRSS_DEFAULT_USER}" ]; then
case "$UCREATE" in
*"username already taken"*) ;;
*)
- echo $UCREATE
+ echo "$UCREATE"
rm -rf "/var/www/app/data/users/$FRESHRSS_DEFAULT_USER"
exit 1
;;
esac
- fi
+ fi
printf "Result: success\n\n"
fi
diff --git a/overlay/usr/local/bin/healthcheck.sh b/overlay/usr/local/bin/healthcheck
similarity index 69%
rename from overlay/usr/local/bin/healthcheck.sh
rename to overlay/usr/local/bin/healthcheck
index 4eb04b5..8433869 100755
--- a/overlay/usr/local/bin/healthcheck.sh
+++ b/overlay/usr/local/bin/healthcheck
@@ -1,3 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env sh
+set -eo pipefail
(php -r "readfile('http://localhost:8080/i/');" | grep -q 'jsonVars') || exit 1