.chglog/CHANGELOG.tpl.md

@@ -0,0 +1,23 @@
+# Changelog
+
+{{ range .Versions -}}
+## {{ if .Tag.Previous }}[{{ .Tag.Name }}]({{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }}){{ else }}{{ .Tag.Name }}{{ end }} ({{ datetime "2006-01-02" .Tag.Date }})
+
+{{ range .CommitGroups -}}
+### {{ .Title }}
+
+{{ range .Commits -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ (regexReplaceAll "(.*)/issues/(.*)" (regexReplaceAll "(Co-\\w*-by.*)" .Subject "") "${1}/pulls/${2}") | trim }}
+{{ end }}
+{{- end -}}
+
+{{- if .NoteGroups -}}
+{{ range .NoteGroups -}}
+### {{ .Title }}
+
+{{ range .Notes }}
+{{ .Body }}
+{{ end }}
+{{ end -}}
+{{ end -}}
+{{ end -}}

.chglog/config.yml

@@ -0,0 +1,25 @@
+style: github
+template: CHANGELOG.tpl.md
+info:
+  title: CHANGELOG
+  repository_url: https://gitea.rknet.org/docker/vaultwarden-ldap
+options:
+  commit_groups:
+    title_maps:
+      feat: Features
+      fix: Bug Fixes
+      perf: Performance Improvements
+      refactor: Code Refactoring
+      chore: Others
+      test: Testing
+      ci: CI Pipeline
+      docs: Documentation
+  header:
+    pattern: "^(\\w*)(?:\\(([\\w\\$\\.\\-\\*\\s]*)\\))?\\:\\s(.*)$"
+    pattern_maps:
+      - Type
+      - Scope
+      - Subject
+  notes:
+    keywords:
+      - BREAKING CHANGE

.dictionary

@@ -1,3 +0,0 @@
-vaultwarden-ldap
-LDAP
-(V|v)aultwarden

.drone.yml

@@ -0,0 +1,205 @@
+---
+kind: pipeline
+name: test
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+  - name: markdownlint
+    image: thegeeklab/markdownlint-cli
+    commands:
+      - markdownlint 'README.md'
+
+trigger:
+  ref:
+    - refs/heads/main
+    - refs/pull/**
+    - refs/tags/**
+
+---
+kind: pipeline
+name: build-container
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+  - name: binary
+    image: clux/muslrust:nightly-2021-04-14
+    commands:
+      - make build
+    environment:
+      BUILD_VERSION: ${DRONE_TAG%-*}
+
+  - name: dryrun
+    image: thegeeklab/drone-docker-buildx:20
+    settings:
+      dockerfile: Dockerfile
+      dry_run: true
+      repo: thegeeklab/${DRONE_REPO_NAME}
+    when:
+      ref:
+        - refs/pull/**
+    depends_on:
+      - binary
+
+  - name: tags
+    image: thegeeklab/docker-autotag
+    environment:
+      DOCKER_AUTOTAG_FORCE_LATEST: True
+      DOCKER_AUTOTAG_IGNORE_PRERELEASE: True
+      DOCKER_AUTOTAG_OUTPUT_FILE: .tags
+      DOCKER_AUTOTAG_VERSION: ${DRONE_TAG}
+    when:
+      ref:
+        - refs/heads/main
+        - refs/tags/**
+    depends_on:
+      - dryrun
+
+  - name: changelog-generate
+    image: thegeeklab/git-chglog
+    commands:
+      - git fetch -tq
+      - git-chglog --no-color --no-emoji -o CHANGELOG.md ${DRONE_TAG:---next-tag unreleased unreleased}
+    depends_on:
+      - tags
+
+  - name: changelog-format
+    image: thegeeklab/alpine-tools
+    commands:
+      - prettier CHANGELOG.md
+      - prettier -w CHANGELOG.md
+    depends_on:
+      - changelog-generate
+
+  - name: publish-dockerhub
+    image: thegeeklab/drone-docker-buildx:20
+    settings:
+      dockerfile: Dockerfile
+      password:
+        from_secret: docker_password
+      repo: thegeeklab/${DRONE_REPO_NAME}
+      username:
+        from_secret: docker_username
+    when:
+      ref:
+        - refs/heads/main
+        - refs/tags/**
+    depends_on:
+      - changelog-format
+
+  - name: publish-quay
+    image: thegeeklab/drone-docker-buildx:20
+    settings:
+      dockerfile: Dockerfile
+      password:
+        from_secret: quay_password
+      registry: quay.io
+      repo: quay.io/thegeeklab/${DRONE_REPO_NAME}
+      username:
+        from_secret: quay_username
+    when:
+      ref:
+        - refs/heads/main
+        - refs/tags/**
+    depends_on:
+      - changelog-format
+
+  - name: publish-gitea
+    image: plugins/gitea-release
+    settings:
+      api_key:
+        from_secret: gitea_token
+      base_url: https://gitea.rknet.org
+      note: CHANGELOG.md
+      overwrite: true
+      title: ${DRONE_TAG}
+    when:
+      ref:
+        - refs/tags/**
+    depends_on:
+      - publish-dockerhub
+      - publish-quay
+
+trigger:
+  ref:
+    - refs/heads/main
+    - refs/pull/**
+    - refs/tags/**
+
+depends_on:
+  - test
+
+---
+kind: pipeline
+name: notifications
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+  - name: pushrm-dockerhub
+    pull: always
+    image: chko/docker-pushrm:1
+    environment:
+      DOCKER_PASS:
+        from_secret: docker_password
+      DOCKER_USER:
+        from_secret: docker_username
+      PUSHRM_FILE: README.md
+      PUSHRM_SHORT: Custom image for the Vaultwarden LDAP connector
+      PUSHRM_TARGET: thegeeklab/${DRONE_REPO_NAME}
+    when:
+      status:
+        - success
+
+  - name: pushrm-quay
+    pull: always
+    image: chko/docker-pushrm:1
+    environment:
+      APIKEY__QUAY_IO:
+        from_secret: quay_token
+      PUSHRM_FILE: README.md
+      PUSHRM_TARGET: quay.io/thegeeklab/${DRONE_REPO_NAME}
+    when:
+      status:
+        - success
+
+  - name: matrix
+    image: thegeeklab/drone-matrix
+    settings:
+      homeserver:
+        from_secret: matrix_homeserver
+      password:
+        from_secret: matrix_password
+      roomid:
+        from_secret: matrix_roomid
+      template: "Status: **{{ build.Status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.Link }}){{#if build.Branch}} ({{ build.Branch }}){{/if}} by {{ commit.Author }}<br/> Message: {{ commit.Message.Title }}"
+      username:
+        from_secret: matrix_username
+    when:
+      status:
+        - success
+        - failure
+
+trigger:
+  ref:
+    - refs/heads/main
+    - refs/tags/**
+  status:
+    - success
+    - failure
+
+depends_on:
+  - build-container
+
+---
+kind: signature
+hmac: 9bb496b4d68fd0b2f3b93e595e9541c7098a10ce45495889b7eb77e6fe051f3e
+
+...

.gitsv/config.yml

@@ -1,47 +0,0 @@
----
-version: "1.1"
-
-versioning:
-  update-major: []
-  update-minor: [feat]
-  update-patch: [fix, perf, refactor, chore, test, ci, docs]
-
-tag:
-  pattern: "v%d.%d.%d"
-
-release-notes:
-  sections:
-    - name: Features
-      commit-types: [feat]
-      section-type: commits
-    - name: Bug Fixes
-      commit-types: [fix]
-      section-type: commits
-    - name: Performance Improvements
-      commit-types: [perf]
-      section-type: commits
-    - name: Code Refactoring
-      commit-types: [refactor]
-      section-type: commits
-    - name: Others
-      commit-types: [chore]
-      section-type: commits
-    - name: Testing
-      commit-types: [test]
-      section-type: commits
-    - name: CI Pipeline
-      commit-types: [ci]
-      section-type: commits
-    - name: Documentation
-      commit-types: [docs]
-      section-type: commits
-    - name: BREAKING CHANGES
-      section-type: breaking-changes
-
-commit-message:
-  footer:
-    issue:
-      key: issue
-      add-value-prefix: "#"
-  issue:
-    regex: "#?[0-9]+"

.prettierignore

@@ -1,2 +1,3 @@
+.drone.yml
 *.tpl.md
 LICENSE

.woodpecker/build-container.yml

@@ -1,68 +0,0 @@
----
-when:
-  - event: [pull_request, tag]
-  - event: [push, manual]
-    branch:
-      - ${CI_REPO_DEFAULT_BRANCH}
-
-steps:
-  - name: binary
-    image: docker.io/clux/muslrust:nightly-2021-04-14
-    commands:
-      - make build
-
-  - name: security-build
-    image: quay.io/thegeeklab/wp-docker-buildx:3
-    settings:
-      containerfile: Containerfile
-      output: type=oci,dest=oci/${CI_REPO_NAME},tar=false
-      repo: thegeeklab/${CI_REPO_NAME}
-
-  - name: security-scan
-    image: ghcr.io/aquasecurity/trivy
-    commands:
-      - trivy -v
-      - trivy image --input oci/${CI_REPO_NAME}
-    environment:
-      TRIVY_EXIT_CODE: "1"
-      TRIVY_IGNORE_UNFIXED: "true"
-      TRIVY_NO_PROGRESS: "true"
-      TRIVY_SEVERITY: HIGH,CRITICAL
-      TRIVY_TIMEOUT: 1m
-
-  - name: publish-dockerhub
-    image: quay.io/thegeeklab/wp-docker-buildx:3
-    group: container
-    settings:
-      auto_tag: true
-      containerfile: Containerfile
-      password:
-        from_secret: docker_password
-      provenance: false
-      repo: thegeeklab/${CI_REPO_NAME}
-      username:
-        from_secret: docker_username
-    when:
-      - event: [tag]
-      - event: [push, manual]
-        branch:
-          - ${CI_REPO_DEFAULT_BRANCH}
-
-  - name: publish-quay
-    image: quay.io/thegeeklab/wp-docker-buildx:3
-    group: container
-    settings:
-      auto_tag: true
-      containerfile: Containerfile
-      password:
-        from_secret: quay_password
-      provenance: false
-      registry: quay.io
-      repo: quay.io/thegeeklab/${CI_REPO_NAME}
-      username:
-        from_secret: quay_username
-    when:
-      - event: [tag]
-      - event: [push, manual]
-        branch:
-          - ${CI_REPO_DEFAULT_BRANCH}

.woodpecker/build-package.yml

@@ -1,25 +0,0 @@
----
-when:
-  - event: [pull_request, tag]
-  - event: [push, manual]
-    branch:
-      - ${CI_REPO_DEFAULT_BRANCH}
-
-steps:
-  - name: changelog
-    image: quay.io/thegeeklab/git-sv
-    commands:
-      - git sv current-version
-      - git sv release-notes -t ${CI_COMMIT_TAG:-next} -o CHANGELOG.md
-      - cat CHANGELOG.md
-
-  - name: publish-gitea
-    image: quay.io/thegeeklab/wp-gitea-release
-    settings:
-      api_key:
-        from_secret: gitea_token
-      base_url: https://gitea.rknet.org
-      note: CHANGELOG.md
-      title: ${CI_COMMIT_TAG}
-    when:
-      - event: [tag]

.woodpecker/docs.yml

@@ -1,62 +0,0 @@
----
-when:
-  - event: [pull_request, tag]
-  - event: [push, manual]
-    branch:
-      - ${CI_REPO_DEFAULT_BRANCH}
-
-steps:
-  - name: markdownlint
-    image: quay.io/thegeeklab/markdownlint-cli
-    group: test
-    commands:
-      - markdownlint 'README.md'
-
-  - name: spellcheck
-    image: quay.io/thegeeklab/alpine-tools
-    group: test
-    commands:
-      - spellchecker --files '_docs/**/*.md' 'README.md' -d .dictionary -p spell indefinite-article syntax-urls
-    environment:
-      FORCE_COLOR: "true"
-
-  - name: link-validation
-    image: docker.io/lycheeverse/lychee
-    group: test
-    commands:
-      - lychee --no-progress --format detailed README.md
-
-  - name: pushrm-dockerhub
-    image: docker.io/chko/docker-pushrm:1
-    secrets:
-      - source: docker_password
-        target: DOCKER_PASS
-      - source: docker_username
-        target: DOCKER_USER
-    environment:
-      PUSHRM_FILE: README.md
-      PUSHRM_SHORT: Custom image for the Vaultwarden LDAP connector
-      PUSHRM_TARGET: thegeeklab/${CI_REPO_NAME}
-    when:
-      - event: [push, manual]
-        branch:
-          - ${CI_REPO_DEFAULT_BRANCH}
-        status: [success]
-
-  - name: pushrm-quay
-    image: docker.io/chko/docker-pushrm:1
-    secrets:
-      - source: quay_token
-        target: APIKEY__QUAY_IO
-    environment:
-      PUSHRM_FILE: README.md
-      PUSHRM_TARGET: quay.io/thegeeklab/${CI_REPO_NAME}
-    when:
-      - event: [push, manual]
-        branch:
-          - ${CI_REPO_DEFAULT_BRANCH}
-        status: [success]
-
-depends_on:
-  - build-package
-  - build-container

.woodpecker/notify.yml

@@ -1,26 +0,0 @@
----
-when:
-  - event: [tag]
-  - event: [push, manual]
-    branch:
-      - ${CI_REPO_DEFAULT_BRANCH}
-
-runs_on: [success, failure]
-
-steps:
-  - name: matrix
-    image: quay.io/thegeeklab/wp-matrix
-    settings:
-      homeserver:
-        from_secret: matrix_homeserver
-      password:
-        from_secret: matrix_password
-      roomid:
-        from_secret: matrix_roomid
-      username:
-        from_secret: matrix_username
-    when:
-      - status: [success, failure]
-
-depends_on:
-  - docs

Dockerfile

@@ -1,11 +1,11 @@
-FROM docker.io/thegeeklab/alpine:latest@sha256:db2eacba26729a8d122a447a4dd1f658074b84e1d26720c54403db1ef9ee42c5
+FROM thegeeklab/alpine:latest@sha256:2c90eaf476a5027976458166a4789d014a2d1a61f21343b8081f39faff2c2431
 
 LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>"
 LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>"
 LABEL org.opencontainers.image.title="vaultwarden-ldap"
-LABEL org.opencontainers.image.url="https://gitea.rknet.org/container/vaultwarden-ldap"
-LABEL org.opencontainers.image.source="https://gitea.rknet.org/container/vaultwarden-ldap"
-LABEL org.opencontainers.image.documentation="https://gitea.rknet.org/container/vaultwarden-ldap"
+LABEL org.opencontainers.image.url="https://gitea.rknet.org/docker/vaultwarden-ldap"
+LABEL org.opencontainers.image.source="https://gitea.rknet.org/docker/vaultwarden-ldap"
+LABEL org.opencontainers.image.documentation="https://gitea.rknet.org/docker/vaultwarden-ldap"
 
 ADD overlay/ /
 

README.md

@@ -2,17 +2,19 @@
 
 Custom image for the Vaultwarden LDAP connector
 
-<!-- spellchecker-disable -->
-
-[![Build Status](https://ci.rknet.org/api/badges/container/vaultwarden-ldap/status.svg)](https://ci.rknet.org/repos/container/vaultwarden-ldap)
+[![Build Status](https://img.shields.io/drone/build/docker/vaultwarden-ldap?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/docker/vaultwarden-ldap)
 [![Docker Hub](https://img.shields.io/badge/dockerhub-latest-blue.svg?logo=docker&logoColor=white)](https://hub.docker.com/r/thegeeklab/vaultwarden-ldap)
 [![Quay.io](https://img.shields.io/badge/quay-latest-blue.svg?logo=docker&logoColor=white)](https://quay.io/repository/thegeeklab/vaultwarden-ldap)
-[![Source: Gitea](https://img.shields.io/badge/source-gitea-blue.svg?logo=gitea&logoColor=white)](https://gitea.rknet.org/container/vaultwarden-ldap)
-[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/container/vaultwarden-ldap/src/branch/main/LICENSE)
+[![Source: Gitea](https://img.shields.io/badge/source-gitea-blue.svg?logo=gitea&logoColor=white)](https://gitea.rknet.org/docker/vaultwarden-ldap)
+[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/docker/vaultwarden-ldap/src/branch/main/LICENSE)
 
-<!-- spellchecker-enable -->
+This is a rootless custom Docker image for [vaultwarden_ldap](https://github.com/ViViDboarder/vaultwarden_ldap) a simple LDAP connector for vaultwarden.
 
-Custom rootless container image for [vaultwarden-ldap](https://github.com/ViViDboarder/vaultwarden_ldap) a simple LDAP connector for vaultwarden.
+## Usage
+
+### Docker Compose
+
+Please take a look at the [example](https://gitea.rknet.org/docker/vaultwarden-ldap/src/branch/main/docker-compose.yml) compose file from the git repo.
 
 ## Configuration
 
@@ -37,4 +39,4 @@ VAULTWARDEN_LDAP_SYNC_LOOP=True
 
 ## License
 
-This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/container/vaultwarden-ldap/src/branch/main/LICENSE) file for details.
+This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/docker/vaultwarden-ldap/src/branch/main/LICENSE) file for details.

docker-compose.yml

@@ -0,0 +1,48 @@
+---
+version: "3"
+
+services:
+  postgres:
+    container_name: postgres
+    image: postgres
+    environment:
+      POSTGRES_DB: vaultwarden
+      POSTGRES_PASSWORD: pass
+      POSTGRES_USER: user
+
+  ldap:
+    container_name: ldap
+    image: osixia/openldap
+
+  vaultwarden:
+    container_name: vaultwarden_server
+    image: thegeeklab/vaultwarden
+    depends_on:
+      - postgres
+    ports:
+      - "80:8080"
+    volumes:
+      - data:/app/data
+    environment:
+      VAULTWARDEN_DATABASE_URL: postgresql://user:pass@postgres:5432/vaultwarden
+      VAULTWARDEN_ADMIN_TOKEN: my_secure_token
+
+  vaultwarden-ldap:
+    container_name: ldap_sync
+    restart: always
+    image: thegeeklab/vaultwarden-ldap
+    depends_on:
+      - vaultwarden
+      - ldap
+    environment:
+      VAULTWARDEN_LDAP_VAULTWARDEN_URL: http://vaultwarden_server:8080
+      VAULTWARDEN_LDAP_VAULTWARDEN_ADMIN_TOKEN: my_secure_token
+      VAULTWARDEN_LDAP_HOST: ldap
+      VAULTWARDEN_LDAP_SSL: "False"
+      VAULTWARDEN_LDAP_BIND_DN: "cn=admin,dc=example,dc=org"
+      VAULTWARDEN_LDAP_SEARCH_BASE_DN: "dc=example,dc=org"
+      VAULTWARDEN_LDAP_BIND_PASSWORD: admin
+
+volumes:
+  data:
+    driver: local

overlay/etc/templates/config.toml.tmpl

@@ -8,8 +8,8 @@ ldap_host = "{{ getenv "VAULTWARDEN_LDAP_HOST" }}"
 {{ if (getenv "VAULTWARDEN_LDAP_SCHEME") -}}
 ldap_scheme = "{{ getenv "VAULTWARDEN_LDAP_SCHEME" }}"
 {{ end -}}
-ldap_ssl = {{ getenv "VAULTWARDEN_LDAP_SSL" "true" | conv.ToBool }}
-ldap_no_tls_verify = {{ not (getenv "VAULTWARDEN_LDAP_SSL_VERIFY" "true" | conv.ToBool) }}
+ldap_ssl = {{ getenv "VAULTWARDEN_LDAP_SSL" "true" | conv.Bool }}
+ldap_no_tls_verify = {{ not (getenv "VAULTWARDEN_LDAP_SSL_VERIFY" "true" | conv.Bool) }}
 {{ if (getenv "VAULTWARDEN_LDAP_PORT") -}}
 ldap_port = {{ getenv "VAULTWARDEN_LDAP_PORT" }}
 {{ end -}}
@@ -19,4 +19,4 @@ ldap_search_base_dn = "{{ getenv "VAULTWARDEN_LDAP_SEARCH_BASE_DN" }}"
 ldap_search_filter = "{{ getenv "VAULTWARDEN_LDAP_SEARCH_FILTER" "(&(objectClass=*)(uid=*))" }}"
 ldap_mail_field = "{{ getenv "VAULTWARDEN_LDAP_MAIL_FIELD" "mail" }}"
 ldap_sync_interval_seconds = {{ getenv "VAULTWARDEN_LDAP_SYNC_INTERVAL_SECONDS" "60" }}
-ldap_sync_loop = {{ getenv "VAULTWARDEN_LDAP_SYNC_LOOP" "true" | conv.ToBool }}
+ldap_sync_loop = {{ getenv "VAULTWARDEN_LDAP_SYNC_LOOP" "true" | conv.Bool }}

overlay/usr/local/bin/entrypoint

@@ -14,9 +14,9 @@ if [ -z "$VAULTWARDEN_LDAP_VAULTWARDEN_URL" ] || [ -z "$VAULTWARDEN_LDAP_HOST" ]
 fi
 
 if [ -n "$VAULTWARDEN_LDAP_VAULTWARDEN_URL" ]; then
-  WAITFOR_BW_SCHEME=$(/usr/local/bin/url-parser --url "$VAULTWARDEN_LDAP_VAULTWARDEN_URL" scheme)
-  WAITFOR_BW_HOST=$(/usr/local/bin/url-parser --url "$VAULTWARDEN_LDAP_VAULTWARDEN_URL" host)
-  WAITFOR_BW_PORT=$(/usr/local/bin/url-parser --url "$VAULTWARDEN_LDAP_VAULTWARDEN_URL" port)
+  WAITFOR_BW_SCHEME=$(/usr/local/bin/url-parser scheme --url "$VAULTWARDEN_LDAP_VAULTWARDEN_URL")
+  WAITFOR_BW_HOST=$(/usr/local/bin/url-parser host --url "$VAULTWARDEN_LDAP_VAULTWARDEN_URL")
+  WAITFOR_BW_PORT=$(/usr/local/bin/url-parser port --url "$VAULTWARDEN_LDAP_VAULTWARDEN_URL")
 
   if [ -z "$WAITFOR_BW_PORT" ]; then
     [ "$WAITFOR_BW_SCHEME" = "https" ] && WAITFOR_BW_PORT=433 || WAITFOR_BW_PORT=80
@@ -27,7 +27,7 @@ if [ -n "$VAULTWARDEN_LDAP_VAULTWARDEN_URL" ]; then
 fi
 
 if [ -n "$VAULTWARDEN_LDAP_HOST" ]; then
-  WAITFOR_LDAP_SSL=$(/usr/local/bin/gomplate -i '{{ getenv "VAULTWARDEN_LDAP_SSL" "true" | conv.ToBool }}')
+  WAITFOR_LDAP_SSL=$(/usr/local/bin/gomplate -i '{{ getenv "VAULTWARDEN_LDAP_SSL" "true" | conv.Bool }}')
 
   if [ -z "$VAULTWARDEN_LDAP_PORT" ]; then
     [ "$WAITFOR_LDAP_SSL" = true ] && VAULTWARDEN_LDAP_PORT=636 || VAULTWARDEN_LDAP_PORT=389

trivy.yaml

@@ -1,4 +0,0 @@
----
-scan:
-  skip-files:
-    - /usr/local/bin/gomplate