From aac70254e2c5dd5fa66266260f056123365490f9 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Fri, 21 Feb 2020 23:54:20 +0100 Subject: [PATCH] refactoring and versioning fix --- .drone.jsonnet | 158 +++++++++--------- CHANGELOG.md | 10 +- Dockerfile.linux.amd64 => Dockerfile | 7 +- .../local/bin/{entrypoint.sh => entrypoint} | 11 +- .../local/bin/{healthcheck.sh => healthcheck} | 3 +- 5 files changed, 94 insertions(+), 95 deletions(-) rename Dockerfile.linux.amd64 => Dockerfile (90%) rename overlay/usr/local/bin/{entrypoint.sh => entrypoint} (86%) rename overlay/usr/local/bin/{healthcheck.sh => healthcheck} (69%) diff --git a/.drone.jsonnet b/.drone.jsonnet index 44659f5..75db467 100644 --- a/.drone.jsonnet +++ b/.drone.jsonnet @@ -1,44 +1,43 @@ -local PipelineBuild(os='linux', arch='amd64') = { - local tag = os + '-' + arch, - local version_tag = os + '-' + arch, - local file_suffix = std.strReplace(version_tag, '-', '.'), - kind: "pipeline", - name: version_tag, +local PipelineBuild(arch='amd64') = { + kind: 'pipeline', + name: 'build-' + arch, platform: { - os: os, + os: 'linux', arch: arch, }, steps: [ { name: 'dryrun', - image: 'plugins/docker:' + tag, - pull: 'always', + image: 'plugins/docker', settings: { dry_run: true, - tags: version_tag, - dockerfile: './Dockerfile.' + file_suffix, + dockerfile: 'Dockerfile', repo: 'xoxys/freshrss', - username: { from_secret: "docker_username" }, - password: { from_secret: "docker_password" }, - build_args: { - FRESHRSS_VERSION: "${DRONE_TAG%-*}", - }, + username: { from_secret: 'docker_username' }, + password: { from_secret: 'docker_password' }, + build_args: [ + 'FRESHRSS_VERSION=${DRONE_TAG%-*}', + ], + }, + when: { + ref: [ + 'refs/pull/**', + ], }, }, { name: 'publish', - image: 'plugins/docker:' + tag, - pull: 'always', + image: 'plugins/docker', settings: { auto_tag: true, - auto_tag_suffix: version_tag, - dockerfile: './Dockerfile.' + file_suffix, + auto_tag_suffix: arch, + dockerfile: 'Dockerfile', repo: 'xoxys/freshrss', - username: { from_secret: "docker_username" }, - password: { from_secret: "docker_password" }, - build_args: { - FRESHRSS_VERSION: "${DRONE_TAG%-*}", - }, + username: { from_secret: 'docker_username' }, + password: { from_secret: 'docker_password' }, + build_args: [ + 'FRESHRSS_VERSION=${DRONE_TAG%-*}', + ], }, when: { ref: [ @@ -48,15 +47,14 @@ local PipelineBuild(os='linux', arch='amd64') = { }, }, { - name: "publish-gitea", - image: "plugins/gitea-release", - pull: "always", + name: 'publish-gitea', + image: 'plugins/gitea-release', settings: { - api_key: { "from_secret": "gitea_token" }, - base_url: "https://gitea.rknet.org", + api_key: { from_secret: 'gitea_token' }, + base_url: 'https://gitea.rknet.org', overwrite: true, - title: "${DRONE_TAG}", - note: "CHANGELOG.md", + title: '${DRONE_TAG}', + note: 'CHANGELOG.md', }, when: { ref: ['refs/tags/**'], @@ -66,83 +64,85 @@ local PipelineBuild(os='linux', arch='amd64') = { }; local PipelineNotifications(depends_on=[]) = { - kind: "pipeline", - name: "notifications", + kind: 'pipeline', + name: 'notifications', platform: { - os: "linux", - arch: "amd64", + os: 'linux', + arch: 'amd64', }, steps: [ { - image: "plugins/manifest", - name: "manifest", - pull: "always", + image: 'plugins/manifest', + name: 'manifest', settings: { ignore_missing: true, - tags: ["${DRONE_TAG}", "${DRONE_TAG%-*}", "${DRONE_TAG%.*}", "${DRONE_TAG%%.*}"], - username: { from_secret: "docker_username" }, - password: { from_secret: "docker_password" }, - spec: "./manifest.tmpl", + tags: [ + '${DRONE_TAG}', + '${DRONE_TAG%-*}', + '${DRONE_TAG%.*}', + '${DRONE_TAG%%.*}', + ], + username: { from_secret: 'docker_username' }, + password: { from_secret: 'docker_password' }, + spec: 'manifest.tmpl', }, when: { - ref: [ - 'refs/heads/master', - 'refs/tags/**', + status: [ + 'success', ], }, }, { - name: "readme", - image: "sheogorath/readme-to-dockerhub", - pull: "always", + name: 'readme', + image: 'sheogorath/readme-to-dockerhub', environment: { - DOCKERHUB_USERNAME: { from_secret: "docker_username" }, - DOCKERHUB_PASSWORD: { from_secret: "docker_password" }, - DOCKERHUB_REPO_PREFIX: "xoxys", - DOCKERHUB_REPO_NAME: "freshrss", - README_PATH: "README.md", - SHORT_DESCRIPTION: "Rootless FreshRSS - Self-hosted RSS feed aggregator" + DOCKERHUB_USERNAME: { from_secret: 'docker_username' }, + DOCKERHUB_PASSWORD: { from_secret: 'docker_password' }, + DOCKERHUB_REPO_PREFIX: 'xoxys', + DOCKERHUB_REPO_NAME: 'freshrss', + README_PATH: 'README.md', + SHORT_DESCRIPTION: 'Rootless FreshRSS - Self-hosted RSS feed aggregator', }, when: { - ref: [ - 'refs/heads/master', - 'refs/tags/**', + status: [ + 'success', ], }, }, { - name: "microbadger", - image: "plugins/webhook", - pull: "always", + name: 'matrix', + image: 'plugins/matrix', settings: { - urls: { from_secret: "microbadger_url" }, - }, - }, - { - image: "plugins/matrix", - name: "matrix", - pull: 'always', - settings: { - homeserver: "https://matrix.rknet.org", - roomid: "MtidqQXWWAtQcByBhH:rknet.org", - template: "Status: **{{ build.status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}
Message: {{ build.message }}", - username: { from_secret: "matrix_username" }, - password: { from_secret: "matrix_password" }, + homeserver: { from_secret: 'matrix_homeserver' }, + roomid: { from_secret: 'matrix_roomid' }, + template: 'Status: **{{ build.status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}
Message: {{ build.message }}', + username: { from_secret: 'matrix_username' }, + password: { from_secret: 'matrix_password' }, }, when: { - status: [ "success", "failure" ], + status: [ + 'success', + 'failure', + ], }, }, ], trigger: { - status: [ "success", "failure" ], + ref: [ + 'refs/heads/master', + 'refs/tags/**', + ], + status: [ + 'success', + 'failure', + ], }, depends_on: depends_on, }; [ - PipelineBuild(os='linux', arch='amd64'), + PipelineBuild(arch='amd64'), PipelineNotifications(depends_on=[ - "linux-amd64", - ]) + 'build-amd64', + ]), ] diff --git a/CHANGELOG.md b/CHANGELOG.md index 0caeade..be32180 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,4 @@ +> __WARNING:__ Versionning was not working due to a bug in CI pipeline. You may run a developent version of FreshRSS currently! + * BUGFIX - * fix init error if DB not available -* ENHANCEMENT - * remove stdout redirect for the supercronic main process - * remove log redirect from cron scripts - * remove `FRESHRSS_LIMITS_MAX_INACTIVITY` -* SECURITY - * update PHP to address [CVE-2019-11043](https://de.tenable.com/blog/cve-2019-11043-vulnerability-in-php-fpm-could-lead-to-remote-code-execution-on-nginx) + * fix versioning diff --git a/Dockerfile.linux.amd64 b/Dockerfile similarity index 90% rename from Dockerfile.linux.amd64 rename to Dockerfile index 81f4ab3..0ae4d52 100644 --- a/Dockerfile.linux.amd64 +++ b/Dockerfile @@ -2,7 +2,7 @@ FROM xoxys/nginx:latest LABEL maintainer="Robert Kaussow " \ org.label-schema.name="FreshRSS" \ - org.label-schema.version="1.2" \ + org.label-schema.vcs-url="https://gitea.rknet.org/docker/freshrss" \ org.label-schema.vendor="Robert Kaussow" \ org.label-schema.schema-version="1.0" @@ -18,6 +18,7 @@ RUN apk --update add --virtual .build-deps tar curl && \ rm -f /etc/php7/php-fpm.d/www.conf && \ mkdir -p /var/www/app && \ mkdir /var/www/.postgresql && \ + echo "Installing FreshRSS '$FRESHRSS_VERSION' ..." && \ curl -SsL ${FRESHRSS_TARBALL} | tar xz -C /var/www/app/ --strip-components=1 && \ curl -SsL -o /etc/php7/browscap.ini https://browscap.org/stream?q=Lite_PHP_BrowsCapINI && \ apk del .build-deps && \ @@ -45,7 +46,7 @@ USER nginx STOPSIGNAL SIGTERM -ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] -HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD /usr/local/bin/healthcheck.sh +ENTRYPOINT ["/usr/local/bin/entrypoint"] +HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD /usr/local/bin/healthcheck WORKDIR /var/www/app CMD [] diff --git a/overlay/usr/local/bin/entrypoint.sh b/overlay/usr/local/bin/entrypoint similarity index 86% rename from overlay/usr/local/bin/entrypoint.sh rename to overlay/usr/local/bin/entrypoint index 73fa69d..75ee0f5 100755 --- a/overlay/usr/local/bin/entrypoint.sh +++ b/overlay/usr/local/bin/entrypoint @@ -1,17 +1,18 @@ -#!/bin/sh +#!/usr/bin/env sh +set -eo pipefail /usr/local/bin/gomplate -V -o /etc/php7/php.ini -f /etc/templates/php.ini.tmpl /usr/local/bin/gomplate -V -o /var/www/app/data/config.php -f /etc/templates/config.php.tmpl /usr/local/bin/gomplate -V -o /var/www/app/constants.local.php -f /etc/templates/constants.local.php.tmpl -if [ "${FRESHRSS_POSTGRES_SSL_ROOTCERT}" ] && [ ! -f "/var/www/.postgresql/root.crt" ]; then +if [ -n "${FRESHRSS_POSTGRES_SSL_ROOTCERT}" ] && [ ! -f "/var/www/.postgresql/root.crt" ]; then ln -s "${FRESHRSS_POSTGRES_SSL_ROOTCERT}" /var/www/.postgresql/root.crt fi printf "\nPrepare FreshRSS...\n" PREP=$(/usr/bin/php -f ./cli/prepare.php) if [ $? -ne 0 ]; then - echo $PREP + echo "$PREP" exit 1 fi @@ -22,12 +23,12 @@ if [ "${FRESHRSS_DEFAULT_USER}" ]; then case "$UCREATE" in *"username already taken"*) ;; *) - echo $UCREATE + echo "$UCREATE" rm -rf "/var/www/app/data/users/$FRESHRSS_DEFAULT_USER" exit 1 ;; esac - fi + fi printf "Result: success\n\n" fi diff --git a/overlay/usr/local/bin/healthcheck.sh b/overlay/usr/local/bin/healthcheck similarity index 69% rename from overlay/usr/local/bin/healthcheck.sh rename to overlay/usr/local/bin/healthcheck index 4eb04b5..8433869 100755 --- a/overlay/usr/local/bin/healthcheck.sh +++ b/overlay/usr/local/bin/healthcheck @@ -1,3 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh +set -eo pipefail (php -r "readfile('http://localhost:8080/i/');" | grep -q 'jsonVars') || exit 1