Merge branch 'release/4.0.0'

passbolt · Jun 15, 2023 · 5c3b4d8 · 5c3b4d8
2 parents 402f9e4 + 809fa08
commit 5c3b4d8
Show file tree

Hide file tree

Showing 14 changed files with 130 additions and 105 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,42 +1,10 @@
-# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
-# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
-
-# IDE and editor specific files
-/nbproject
-.idea
-
-# mpeltonen/sbt-idea plugin
-.idea_modules/
-
-## File-based project format:
-*.iws
-
-## Plugin-specific files:
-
-# IntelliJ
-/out/
-
-# JIRA plugin
-atlassian-ide-plugin.xml
-
-# Crashlytics plugin (for Android Studio and IntelliJ)
-com_crashlytics_export_strings.xml
-crashlytics.properties
-crashlytics-build.properties
-fabric.properties
-
 # Generated docker files
 conf/*.key
 
-# src directory used for local development
-src
-
-.ruby-version
-
 .bundle
 
 # docker compose specific
 dev/.env
-
-# Vim session files
 *.vim
+vendor
+*subscription_key.txt
diff --git a/.gitlab-ci/Jobs/build_image.yml b/.gitlab-ci/Jobs/build_image.yml
@@ -59,7 +59,7 @@ build-ce-stable-docker:
     DOCKERFILE_PATH: "debian/Dockerfile"
     DOCKER_TAG: "root"
     SUPERCRONIC_ARCH: amd64
-    SUPERCRONIC_SHA1SUM: 2319da694833c7a147976b8e5f337cd83397d6be
+    SUPERCRONIC_SHA1SUM: 642f4f5a2b67f3400b5ea71ff24f18c0a7d77d49
     PLATFORM: "linux/amd64"
 
 build-ce-stable-rootless:
@@ -68,7 +68,7 @@ build-ce-stable-rootless:
     DOCKERFILE_PATH: "debian/Dockerfile.rootless"
     DOCKER_TAG: "rootless"
     SUPERCRONIC_ARCH: amd64
-    SUPERCRONIC_SHA1SUM: 2319da694833c7a147976b8e5f337cd83397d6be
+    SUPERCRONIC_SHA1SUM: 642f4f5a2b67f3400b5ea71ff24f18c0a7d77d49
     PLATFORM: "linux/amd64"
 
 build-pro-stable-docker:
@@ -77,7 +77,7 @@ build-pro-stable-docker:
     DOCKERFILE_PATH: "debian/Dockerfile"
     DOCKER_TAG: "root"
     SUPERCRONIC_ARCH: amd64
-    SUPERCRONIC_SHA1SUM: 2319da694833c7a147976b8e5f337cd83397d6be
+    SUPERCRONIC_SHA1SUM: 642f4f5a2b67f3400b5ea71ff24f18c0a7d77d49
     PLATFORM: "linux/amd64"
 
 build-pro-stable-rootless:
@@ -86,7 +86,7 @@ build-pro-stable-rootless:
     DOCKERFILE_PATH: "debian/Dockerfile.rootless"
     DOCKER_TAG: "rootless"
     SUPERCRONIC_ARCH: amd64
-    SUPERCRONIC_SHA1SUM: 2319da694833c7a147976b8e5f337cd83397d6be
+    SUPERCRONIC_SHA1SUM: 642f4f5a2b67f3400b5ea71ff24f18c0a7d77d49
     PLATFORM: "linux/amd64"
 
 build-ce-stable-docker-arm64-v8:
@@ -98,7 +98,7 @@ build-ce-stable-docker-arm64-v8:
     DOCKER_TAG: "root-arm64-v8"
     PLATFORM: "linux/arm64/v8"
     SUPERCRONIC_ARCH: arm64
-    SUPERCRONIC_SHA1SUM: c7d51b610d96a9a58d5eef0308922acc8be62eac
+    SUPERCRONIC_SHA1SUM: 0b658d66bd54cf10aeccd9bdbd95fc7d9ba84a61
 
 build-ce-stable-rootless-arm64-v8:
   tags:
@@ -109,7 +109,7 @@ build-ce-stable-rootless-arm64-v8:
     DOCKER_TAG: "rootless-arm64-v8"
     PLATFORM: "linux/arm64/v8"
     SUPERCRONIC_ARCH: arm64
-    SUPERCRONIC_SHA1SUM: c7d51b610d96a9a58d5eef0308922acc8be62eac
+    SUPERCRONIC_SHA1SUM: 0b658d66bd54cf10aeccd9bdbd95fc7d9ba84a61
 
 build-pro-stable-docker-arm64-v8:
   tags:
@@ -120,7 +120,7 @@ build-pro-stable-docker-arm64-v8:
     DOCKER_TAG: "root-arm64-v8"
     PLATFORM: "linux/arm64/v8"
     SUPERCRONIC_ARCH: arm64
-    SUPERCRONIC_SHA1SUM: c7d51b610d96a9a58d5eef0308922acc8be62eac
+    SUPERCRONIC_SHA1SUM: 0b658d66bd54cf10aeccd9bdbd95fc7d9ba84a61
 
 build-pro-stable-rootless-arm64-v8:
   tags:
@@ -131,7 +131,7 @@ build-pro-stable-rootless-arm64-v8:
     DOCKER_TAG: "rootless-arm64-v8"
     PLATFORM: "linux/arm64/v8"
     SUPERCRONIC_ARCH: arm64
-    SUPERCRONIC_SHA1SUM: c7d51b610d96a9a58d5eef0308922acc8be62eac
+    SUPERCRONIC_SHA1SUM: 0b658d66bd54cf10aeccd9bdbd95fc7d9ba84a61
 
 build-ce-stable-docker-arm-v5:
   tags:
@@ -142,7 +142,7 @@ build-ce-stable-docker-arm-v5:
     DOCKER_TAG: "root-arm-v5"
     PLATFORM: "linux/arm/v5"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
 
 build-ce-stable-rootless-arm-v5:
   tags:
@@ -153,7 +153,7 @@ build-ce-stable-rootless-arm-v5:
     DOCKER_TAG: "rootless-arm-v5"
     PLATFORM: "linux/arm/v5"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
 
 build-pro-stable-docker-arm-v5:
   tags:
@@ -164,7 +164,7 @@ build-pro-stable-docker-arm-v5:
     DOCKER_TAG: "root-arm-v5"
     PLATFORM: "linux/arm/v5"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
 
 build-pro-stable-rootless-arm-v5:
   tags:
@@ -175,7 +175,7 @@ build-pro-stable-rootless-arm-v5:
     DOCKER_TAG: "rootless-arm-v5"
     PLATFORM: "linux/arm/v5"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
 
 build-ce-stable-docker-arm-v7:
   tags:
@@ -186,7 +186,7 @@ build-ce-stable-docker-arm-v7:
     DOCKER_TAG: "root-arm-v7"
     PLATFORM: "linux/arm/v7"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
 
 build-ce-stable-rootless-arm-v7:
   tags:
@@ -197,7 +197,7 @@ build-ce-stable-rootless-arm-v7:
     DOCKER_TAG: "rootless-arm-v7"
     PLATFORM: "linux/arm/v7"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
 
 build-pro-stable-docker-arm-v7:
   tags:
@@ -208,7 +208,7 @@ build-pro-stable-docker-arm-v7:
     DOCKER_TAG: "root-arm-v7"
     PLATFORM: "linux/arm/v7"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
 
 build-pro-stable-rootless-arm-v7:
   tags:
@@ -219,4 +219,4 @@ build-pro-stable-rootless-arm-v7:
     DOCKER_TAG: "rootless-arm-v7"
     PLATFORM: "linux/arm/v7"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
diff --git a/.gitlab-ci/Jobs/publish.yaml b/.gitlab-ci/Jobs/publish.yaml
@@ -99,7 +99,7 @@ publish-ce:
     - crane cp "${CI_REGISTRY_IMAGE}:latest-${PASSBOLT_IMAGE_FLAVOUR}" "${DOCKER_HUB_PASSBOLT_REGISTRY}:latest-${PASSBOLT_IMAGE_FLAVOUR}"
     - crane cp "${CI_REGISTRY_IMAGE}:${PASSBOLT_VERSION}-${PASSBOLT_IMAGE_FLAVOUR}" "${DOCKER_HUB_PASSBOLT_REGISTRY}:${PASSBOLT_VERSION}-${PASSBOLT_IMAGE_FLAVOUR}"
     - crane cp "${CI_REGISTRY_IMAGE}:latest" "${DOCKER_HUB_PASSBOLT_REGISTRY}:latest"
-
+    - 'bash .gitlab-ci/scripts/bin/slack-status-messages.sh ":whale: $PASSBOLT_VERSION $PASSBOLT_IMAGE_FLAVOUR docker image has been published" "$CI_PROJECT_URL/-/jobs/$CI_JOB_ID"'
 publish-ce-non-root:
   extends: .publish
   variables:
@@ -111,7 +111,7 @@ publish-ce-non-root:
     - ./manifest-tool-linux-amd64 push from-spec manifests.yaml
     - crane cp "${CI_REGISTRY_IMAGE}:latest-${PASSBOLT_IMAGE_FLAVOUR}" "${DOCKER_HUB_PASSBOLT_REGISTRY}:latest-${PASSBOLT_IMAGE_FLAVOUR}"
     - crane cp "${CI_REGISTRY_IMAGE}:${PASSBOLT_VERSION}-${PASSBOLT_IMAGE_FLAVOUR}" "${DOCKER_HUB_PASSBOLT_REGISTRY}:${PASSBOLT_VERSION}-${PASSBOLT_IMAGE_FLAVOUR}"
-
+    - 'bash .gitlab-ci/scripts/bin/slack-status-messages.sh ":whale: $PASSBOLT_VERSION $PASSBOLT_IMAGE_FLAVOUR docker image has been published" "$CI_PROJECT_URL/-/jobs/$CI_JOB_ID"'
 publish-pro:
   extends: .publish
   variables:
@@ -123,10 +123,10 @@ publish-pro:
     - ./manifest-tool-linux-amd64 push from-spec manifests.yaml
     - crane cp "${CI_REGISTRY_IMAGE}:latest-${PASSBOLT_IMAGE_FLAVOUR}" "${DOCKER_HUB_PASSBOLT_REGISTRY}:latest-${PASSBOLT_IMAGE_FLAVOUR}"
     - crane cp "${CI_REGISTRY_IMAGE}:${PASSBOLT_VERSION}-${PASSBOLT_IMAGE_FLAVOUR}" "${DOCKER_HUB_PASSBOLT_REGISTRY}:${PASSBOLT_VERSION}-${PASSBOLT_IMAGE_FLAVOUR}"
+    - 'bash .gitlab-ci/scripts/bin/slack-status-messages.sh ":whale: $PASSBOLT_VERSION $PASSBOLT_IMAGE_FLAVOUR docker image has been published" "$CI_PROJECT_URL/-/jobs/$CI_JOB_ID"'
   rules:
     - if: '$PASSBOLT_VERSION && $CI_COMMIT_BRANCH == "master" && $PASSBOLT_PUBLISH == "pro"'
       when: on_success
-
 publish-pro-non-root:
   extends: .publish
   variables:
@@ -138,6 +138,7 @@ publish-pro-non-root:
     - ./manifest-tool-linux-amd64 push from-spec manifests.yaml
     - crane cp "${CI_REGISTRY_IMAGE}:latest-${PASSBOLT_IMAGE_FLAVOUR}" "${DOCKER_HUB_PASSBOLT_REGISTRY}:latest-${PASSBOLT_IMAGE_FLAVOUR}"
     - crane cp "${CI_REGISTRY_IMAGE}:${PASSBOLT_VERSION}-${PASSBOLT_IMAGE_FLAVOUR}" "${DOCKER_HUB_PASSBOLT_REGISTRY}:${PASSBOLT_VERSION}-${PASSBOLT_IMAGE_FLAVOUR}"
+    - 'bash .gitlab-ci/scripts/bin/slack-status-messages.sh ":whale: $PASSBOLT_VERSION $PASSBOLT_IMAGE_FLAVOUR docker image has been published" "$CI_PROJECT_URL/-/jobs/$CI_JOB_ID"'
   rules:
     - if: '$PASSBOLT_VERSION && $CI_COMMIT_BRANCH == "master" && $PASSBOLT_PUBLISH == "pro"'
       when: on_success
diff --git a/.gitlab-ci/scripts/bin/slack-status-messages.sh b/.gitlab-ci/scripts/bin/slack-status-messages.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+# Variables required
+# CI_PROJECT_NAME
+# CI_PIPELINE_ID
+# SLACK_CHANNEL_ID
+# SLACK_WEBHOOK
+
+title="$1"
+url="$2"
+
+curl -X POST -H 'Content-type: application/json' $SLACK_WEBHOOK \
+--data-binary @- <<EOF
+{
+  "channel": "$SLACK_CHANNEL_ID",
+  "attachments": [
+    {
+      "color": "#36A64F",
+      "title": "$title",
+      "attachment_type": "default",
+      "actions": [
+        {
+          "name": "Logs",
+          "text": "Logs",
+          "type": "button",
+          "style": "default",
+          "url": "$url"
+        },
+        {
+          "name": "DockerHub",
+          "text": "DockerHub",
+          "type": "button",
+          "style": "primary",
+          "url": "https://hub.docker.com/r/passbolt/passbolt/tags"
+        }
+      ]
+    }
+  ]
+}
+EOF
+
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,7 +2,17 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
-## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v3.10.0...HEAD)
+## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/4.0.0...HEAD)
+
+## [4.0.0](https://github.com/passbolt/passbolt_docker/compare/v3.10.0...4.0.0) - 2023-06-15
+
+### Changed
+- bookworm as base container
+- php version set to 8.2
+- Mariadb set to 10.11
+- Updated rootless superchronic to 0.2.25
+- Supervisor php-fpm command updated to php-fpm8.2
+- Small refactor in kitchen tests
 
 ## [3.10.0](https://github.com/passbolt/passbolt_docker/compare/v3.9.4...v3.10.0) - 2023-05-02
 

diff --git a/conf/supervisor/php.conf b/conf/supervisor/php.conf
@@ -1,5 +1,5 @@
 [program:php-fpm]
-command=php-fpm7.4 -F
+command=php-fpm8.2 -F
 autostart=true
 priority=5
 stdout_logfile=/dev/stdout

diff --git a/debian/Dockerfile b/debian/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:bullseye-slim
+FROM debian:bookworm-slim
 
 LABEL maintainer="Passbolt SA <[email protected]>"
 
@@ -9,7 +9,7 @@ ARG PASSBOLT_SERVER_KEY="hkps://keys.mailvelope.com "
 ARG PASSBOLT_REPO_URL="https://download.passbolt.com/$PASSBOLT_FLAVOUR/debian"
 
 ENV PASSBOLT_PKG_KEY=0xDE8B853FC155581D
-ENV PHP_VERSION=7.4
+ENV PHP_VERSION=8.2
 ENV GNUPGHOME=/var/lib/passbolt/.gnupg
 ENV PASSBOLT_FLAVOUR=$PASSBOLT_FLAVOUR
 ENV PASSBOLT_PKG="passbolt-$PASSBOLT_FLAVOUR-server"
@@ -28,7 +28,6 @@ RUN apt-get update \
   curl \
   && rm -f /etc/passbolt/jwt/* \
   && rm /etc/nginx/sites-enabled/default \
-  && mkdir /run/php \
   && cp /usr/share/passbolt/examples/nginx-passbolt-ssl.conf /etc/nginx/snippets/passbolt-ssl.conf \
   && sed -i 's,;clear_env = no,clear_env = no,' /etc/php/$PHP_VERSION/fpm/pool.d/www.conf \
   && sed -i 's,# include __PASSBOLT_SSL__,include /etc/nginx/snippets/passbolt-ssl.conf;,' /etc/nginx/sites-enabled/nginx-passbolt.conf \
@@ -63,4 +62,4 @@ EXPOSE 80 443
 
 WORKDIR /usr/share/php/passbolt
 
-CMD ["//docker-entrypoint.sh"]
+CMD ["/docker-entrypoint.sh"]
diff --git a/debian/Dockerfile.rootless b/debian/Dockerfile.rootless
@@ -1,9 +1,9 @@
-FROM debian:bullseye-slim
+FROM debian:bookworm-slim
 
 LABEL maintainer="Passbolt SA <[email protected]>"
 
 ARG SUPERCRONIC_ARCH=amd64
-ARG SUPERCRONIC_SHA1SUM=2319da694833c7a147976b8e5f337cd83397d6be
+ARG SUPERCRONIC_SHA1SUM=642f4f5a2b67f3400b5ea71ff24f18c0a7d77d49
 
 ARG PASSBOLT_DISTRO="buster"
 ARG PASSBOLT_COMPONENT="stable"
@@ -13,9 +13,9 @@ ARG PASSBOLT_PKG=passbolt-$PASSBOLT_FLAVOUR-server
 ARG PASSBOLT_REPO_URL="https://download.passbolt.com/$PASSBOLT_FLAVOUR/debian"
 
 ENV PASSBOLT_PKG_KEY=0xDE8B853FC155581D
-ENV PHP_VERSION=7.4
+ENV PHP_VERSION=8.2
 ENV GNUPGHOME=/var/lib/passbolt/.gnupg
-ENV SUPERCRONIC_VERSION=0.2.2
+ENV SUPERCRONIC_VERSION=0.2.25
 ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v${SUPERCRONIC_VERSION}/supercronic-linux-${SUPERCRONIC_ARCH} \
     SUPERCRONIC=supercronic-linux-${SUPERCRONIC_ARCH}
 ENV PASSBOLT_FLAVOUR="${PASSBOLT_FLAVOUR}"

diff --git a/docker-compose/docker-compose-ce.yaml b/docker-compose/docker-compose-ce.yaml
@@ -1,7 +1,7 @@
-version: '3.9'
+version: "3.9"
 services:
   db:
-    image: mariadb:10.10
+    image: mariadb:10.11
     restart: unless-stopped
     environment:
       MYSQL_RANDOM_ROOT_PASSWORD: "true"
@@ -27,7 +27,15 @@ services:
     volumes:
       - gpg_volume:/etc/passbolt/gpg
       - jwt_volume:/etc/passbolt/jwt
-    command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"]
+    command:
+      [
+        "/usr/bin/wait-for.sh",
+        "-t",
+        "0",
+        "db:3306",
+        "--",
+        "/docker-entrypoint.sh",
+      ]
     ports:
       - 80:80
       - 443:443

diff --git a/docker-compose/docker-compose-pro.yaml b/docker-compose/docker-compose-pro.yaml
@@ -1,7 +1,7 @@
-version: '3.9'
+version: "3.9"
 services:
   db:
-    image: mariadb:10.10
+    image: mariadb:10.11
     restart: unless-stopped
     environment:
       MYSQL_RANDOM_ROOT_PASSWORD: "true"

diff --git a/spec/docker_image/image_spec.rb b/spec/docker_image/image_spec.rb
@@ -36,7 +36,7 @@
   end
 
   let(:nginx_conf)      { '/etc/nginx/nginx.conf' }
-  let(:php_conf)        { '/etc/php/7.4/fpm/php.ini' }
+  let(:php_conf)        { '/etc/php/8.2/fpm/php.ini' }
   let(:site_conf)       { '/etc/nginx/sites-enabled/nginx-passbolt.conf' }
   let(:supervisor_conf) do
     ['/etc/supervisor/conf.d/nginx.conf',