refactoring and versioning fix

.drone.jsonnet

@@ -1,44 +1,43 @@
-local PipelineBuild(os='linux', arch='amd64') = {
+local PipelineBuild(arch='amd64') = {
-  local tag = os + '-' + arch,
+  kind: 'pipeline',
-  local version_tag = os + '-' + arch,
+  name: 'build-' + arch,
-  local file_suffix = std.strReplace(version_tag, '-', '.'),
-  kind: "pipeline",
-  name: version_tag,
   platform: {
-    os: os,
+    os: 'linux',
     arch: arch,
   },
   steps: [
     {
       name: 'dryrun',
-      image: 'plugins/docker:' + tag,
+      image: 'plugins/docker',
-      pull: 'always',
       settings: {
         dry_run: true,
-        tags: version_tag,
+        dockerfile: 'Dockerfile',
-        dockerfile: './Dockerfile.' + file_suffix,
         repo: 'xoxys/freshrss',
-        username: { from_secret: "docker_username" },
+        username: { from_secret: 'docker_username' },
-        password: { from_secret: "docker_password" },
+        password: { from_secret: 'docker_password' },
-        build_args: {
+        build_args: [
-          FRESHRSS_VERSION: "${DRONE_TAG%-*}",
+          'FRESHRSS_VERSION=${DRONE_TAG%-*}',
-        },
+        ],
+      },
+      when: {
+        ref: [
+          'refs/pull/**',
+        ],
       },
     },
     {
       name: 'publish',
-      image: 'plugins/docker:' + tag,
+      image: 'plugins/docker',
-      pull: 'always',
       settings: {
         auto_tag: true,
-        auto_tag_suffix: version_tag,
+        auto_tag_suffix: arch,
-        dockerfile: './Dockerfile.' + file_suffix,
+        dockerfile: 'Dockerfile',
         repo: 'xoxys/freshrss',
-        username: { from_secret: "docker_username" },
+        username: { from_secret: 'docker_username' },
-        password: { from_secret: "docker_password" },
+        password: { from_secret: 'docker_password' },
-        build_args: {
+        build_args: [
-          FRESHRSS_VERSION: "${DRONE_TAG%-*}",
+          'FRESHRSS_VERSION=${DRONE_TAG%-*}',
-        },
+        ],
       },
       when: {
         ref: [
@@ -48,15 +47,14 @@ local PipelineBuild(os='linux', arch='amd64') = {
       },
     },
     {
-      name: "publish-gitea",
+      name: 'publish-gitea',
-      image: "plugins/gitea-release",
+      image: 'plugins/gitea-release',
-      pull: "always",
       settings: {
-        api_key: { "from_secret": "gitea_token" },
+        api_key: { from_secret: 'gitea_token' },
-        base_url: "https://gitea.rknet.org",
+        base_url: 'https://gitea.rknet.org',
         overwrite: true,
-        title: "${DRONE_TAG}",
+        title: '${DRONE_TAG}',
-        note: "CHANGELOG.md",
+        note: 'CHANGELOG.md',
       },
       when: {
         ref: ['refs/tags/**'],
@@ -66,83 +64,85 @@ local PipelineBuild(os='linux', arch='amd64') = {
 };
 
 local PipelineNotifications(depends_on=[]) = {
-  kind: "pipeline",
+  kind: 'pipeline',
-  name: "notifications",
+  name: 'notifications',
   platform: {
-    os: "linux",
+    os: 'linux',
-    arch: "amd64",
+    arch: 'amd64',
   },
   steps: [
     {
-      image: "plugins/manifest",
+      image: 'plugins/manifest',
-      name: "manifest",
+      name: 'manifest',
-      pull: "always",
       settings: {
         ignore_missing: true,
-        tags: ["${DRONE_TAG}", "${DRONE_TAG%-*}", "${DRONE_TAG%.*}", "${DRONE_TAG%%.*}"],
+        tags: [
-        username: { from_secret: "docker_username" },
+          '${DRONE_TAG}',
-        password: { from_secret: "docker_password" },
+          '${DRONE_TAG%-*}',
-        spec: "./manifest.tmpl",
+          '${DRONE_TAG%.*}',
+          '${DRONE_TAG%%.*}',
+        ],
+        username: { from_secret: 'docker_username' },
+        password: { from_secret: 'docker_password' },
+        spec: 'manifest.tmpl',
       },
       when: {
-        ref: [
+        status: [
-          'refs/heads/master',
+          'success',
-          'refs/tags/**',
         ],
       },
     },
     {
-      name: "readme",
+      name: 'readme',
-      image: "sheogorath/readme-to-dockerhub",
+      image: 'sheogorath/readme-to-dockerhub',
-      pull: "always",
       environment: {
-        DOCKERHUB_USERNAME: { from_secret: "docker_username" },
+        DOCKERHUB_USERNAME: { from_secret: 'docker_username' },
-        DOCKERHUB_PASSWORD: { from_secret: "docker_password" },
+        DOCKERHUB_PASSWORD: { from_secret: 'docker_password' },
-        DOCKERHUB_REPO_PREFIX: "xoxys",
+        DOCKERHUB_REPO_PREFIX: 'xoxys',
-        DOCKERHUB_REPO_NAME: "freshrss",
+        DOCKERHUB_REPO_NAME: 'freshrss',
-        README_PATH: "README.md",
+        README_PATH: 'README.md',
-        SHORT_DESCRIPTION: "Rootless FreshRSS - Self-hosted RSS feed aggregator"
+        SHORT_DESCRIPTION: 'Rootless FreshRSS - Self-hosted RSS feed aggregator',
       },
       when: {
-        ref: [
+        status: [
-          'refs/heads/master',
+          'success',
-          'refs/tags/**',
         ],
       },
     },
     {
-      name: "microbadger",
+      name: 'matrix',
-      image: "plugins/webhook",
+      image: 'plugins/matrix',
-      pull: "always",
       settings: {
-        urls: { from_secret: "microbadger_url" },
+        homeserver: { from_secret: 'matrix_homeserver' },
-      },
+        roomid: { from_secret: 'matrix_roomid' },
-    },
+        template: 'Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}',
-    {
+        username: { from_secret: 'matrix_username' },
-      image: "plugins/matrix",
+        password: { from_secret: 'matrix_password' },
-      name: "matrix",
-      pull: 'always',
-      settings: {
-        homeserver: "https://matrix.rknet.org",
-        roomid: "MtidqQXWWAtQcByBhH:rknet.org",
-        template: "Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}",
-        username: { from_secret: "matrix_username" },
-        password: { from_secret: "matrix_password" },
       },
       when: {
-        status: [ "success", "failure" ],
+        status: [
+          'success',
+          'failure',
+        ],
       },
     },
   ],
   trigger: {
-    status: [ "success", "failure" ],
+    ref: [
+      'refs/heads/master',
+      'refs/tags/**',
+    ],
+    status: [
+      'success',
+      'failure',
+    ],
   },
   depends_on: depends_on,
 };
 
 [
-  PipelineBuild(os='linux', arch='amd64'),
+  PipelineBuild(arch='amd64'),
   PipelineNotifications(depends_on=[
-    "linux-amd64",
+    'build-amd64',
-  ])
+  ]),
 ]

CHANGELOG.md

@@ -1,8 +1,4 @@
+> __WARNING:__ Versionning was not working due to a bug in CI pipeline. You may run a developent version of FreshRSS currently!
+
 * BUGFIX
-  * fix init error if DB not available
+  * fix versioning
-* ENHANCEMENT
-  * remove stdout redirect for the supercronic main process
-  * remove log redirect from cron scripts
-  * remove `FRESHRSS_LIMITS_MAX_INACTIVITY`
-* SECURITY
-  * update PHP to address [CVE-2019-11043](https://de.tenable.com/blog/cve-2019-11043-vulnerability-in-php-fpm-could-lead-to-remote-code-execution-on-nginx)

Dockerfile

@@ -2,7 +2,7 @@ FROM xoxys/nginx:latest
 
 LABEL maintainer="Robert Kaussow <mail@geeklabor.de>" \
     org.label-schema.name="FreshRSS" \
-    org.label-schema.version="1.2" \
+    org.label-schema.vcs-url="https://gitea.rknet.org/docker/freshrss" \
     org.label-schema.vendor="Robert Kaussow" \
     org.label-schema.schema-version="1.0"
 
@@ -18,6 +18,7 @@ RUN apk --update add --virtual .build-deps tar curl && \
     rm -f /etc/php7/php-fpm.d/www.conf && \
     mkdir -p /var/www/app && \
     mkdir /var/www/.postgresql && \
+    echo "Installing FreshRSS '$FRESHRSS_VERSION' ..." && \
     curl -SsL ${FRESHRSS_TARBALL} | tar xz -C /var/www/app/ --strip-components=1 && \
     curl -SsL -o /etc/php7/browscap.ini https://browscap.org/stream?q=Lite_PHP_BrowsCapINI && \
     apk del .build-deps && \
@@ -45,7 +46,7 @@ USER nginx
 
 STOPSIGNAL SIGTERM
 
-ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+ENTRYPOINT ["/usr/local/bin/entrypoint"]
-HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD /usr/local/bin/healthcheck.sh
+HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD /usr/local/bin/healthcheck
 WORKDIR /var/www/app
 CMD []

overlay/usr/local/bin/entrypoint

@@ -1,17 +1,18 @@
-#!/bin/sh
+#!/usr/bin/env sh
+set -eo pipefail
 
 /usr/local/bin/gomplate -V -o /etc/php7/php.ini -f /etc/templates/php.ini.tmpl
 /usr/local/bin/gomplate -V -o /var/www/app/data/config.php -f /etc/templates/config.php.tmpl
 /usr/local/bin/gomplate -V -o /var/www/app/constants.local.php -f /etc/templates/constants.local.php.tmpl
 
-if [ "${FRESHRSS_POSTGRES_SSL_ROOTCERT}" ] && [ ! -f "/var/www/.postgresql/root.crt" ]; then
+if [ -n "${FRESHRSS_POSTGRES_SSL_ROOTCERT}" ] && [ ! -f "/var/www/.postgresql/root.crt" ]; then
     ln -s "${FRESHRSS_POSTGRES_SSL_ROOTCERT}" /var/www/.postgresql/root.crt
 fi
 
 printf "\nPrepare FreshRSS...\n"
 PREP=$(/usr/bin/php -f ./cli/prepare.php)
 if [ $? -ne 0 ]; then
-    echo $PREP
+    echo "$PREP"
     exit 1
 fi
 
@@ -22,12 +23,12 @@ if [ "${FRESHRSS_DEFAULT_USER}" ]; then
         case "$UCREATE" in
           *"username already taken"*) ;;
           *)
-          echo $UCREATE
+          echo "$UCREATE"
           rm -rf "/var/www/app/data/users/$FRESHRSS_DEFAULT_USER"
           exit 1
           ;;
         esac
-    fi 
+    fi
     printf "Result: success\n\n"
 fi
 

overlay/usr/local/bin/healthcheck

@@ -1,3 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env sh
+set -eo pipefail
 
 (php -r "readfile('http://localhost:8080/i/');" | grep -q 'jsonVars') || exit 1