diff --git a/.github/workflows/ci-master-pr.yml b/.github/workflows/ci-master-pr.yml index d0e6c38..4486739 100644 --- a/.github/workflows/ci-master-pr.yml +++ b/.github/workflows/ci-master-pr.yml @@ -79,7 +79,7 @@ jobs: # This step generates the docker tags - name: Prepare - id: prep-v1-3 + id: prep-1-3 run: | set -e @@ -92,7 +92,7 @@ jobs: # Generate docker image tags # E.g. 'v0.0.0-' and 'v0.0.0-abc0123-' # E.g. 'master-' and 'master-abc0123-' - VARIANT="v1.3" + VARIANT="1.3" REF_VARIANT="${REF}-${VARIANT}" REF_SHA_VARIANT="${REF}-${SHA}-${VARIANT}" @@ -102,45 +102,45 @@ jobs: echo "REF_VARIANT=$REF_VARIANT" >> $GITHUB_OUTPUT echo "REF_SHA_VARIANT=$REF_SHA_VARIANT" >> $GITHUB_OUTPUT - - name: v1.3 - Build (PRs) + - name: 1.3 - Build (PRs) # Run only on pull requests if: github.event_name == 'pull_request' uses: docker/build-push-action@v3 with: - context: variants/v1.3 + context: variants/1.3 platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/s390x push: false tags: | - ${{ github.repository }}:${{ steps.prep-v1-3.outputs.REF_VARIANT }} - ${{ github.repository }}:${{ steps.prep-v1-3.outputs.REF_SHA_VARIANT }} + ${{ github.repository }}:${{ steps.prep-1-3.outputs.REF_VARIANT }} + ${{ github.repository }}:${{ steps.prep-1-3.outputs.REF_SHA_VARIANT }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max - - name: v1.3 - Build and push (master) + - name: 1.3 - Build and push (master) # Run only on master if: github.ref == 'refs/heads/master' uses: docker/build-push-action@v3 with: - context: variants/v1.3 + context: variants/1.3 platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/s390x push: true tags: | - ${{ github.repository }}:${{ steps.prep-v1-3.outputs.REF_VARIANT }} - ${{ github.repository }}:${{ steps.prep-v1-3.outputs.REF_SHA_VARIANT }} + ${{ github.repository }}:${{ steps.prep-1-3.outputs.REF_VARIANT }} + ${{ github.repository }}:${{ steps.prep-1-3.outputs.REF_SHA_VARIANT }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max - - name: v1.3 - Build and push (release) + - name: 1.3 - Build and push (release) if: startsWith(github.ref, 'refs/tags/') uses: docker/build-push-action@v3 with: - context: variants/v1.3 + context: variants/1.3 platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/s390x push: true tags: | - ${{ github.repository }}:${{ steps.prep-v1-3.outputs.VARIANT }} - ${{ github.repository }}:${{ steps.prep-v1-3.outputs.REF_VARIANT }} - ${{ github.repository }}:${{ steps.prep-v1-3.outputs.REF_SHA_VARIANT }} + ${{ github.repository }}:${{ steps.prep-1-3.outputs.VARIANT }} + ${{ github.repository }}:${{ steps.prep-1-3.outputs.REF_VARIANT }} + ${{ github.repository }}:${{ steps.prep-1-3.outputs.REF_SHA_VARIANT }} ${{ github.repository }}:latest cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max diff --git a/README.md b/README.md index 853ca07..580cd3f 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ A dockerfile for the LDAP ToolBox (LTB) Self Service Password utility, which is | Tag | Dockerfile Build Context | |:-------:|:---------:| -| `:v1.3`, `:latest` | [View](variants/v1.3) | +| `:1.3`, `:latest` | [View](variants/1.3) | ## Deprecation notice diff --git a/Update-Versions.ps1 b/Update-Versions.ps1 new file mode 100644 index 0000000..2a24388 --- /dev/null +++ b/Update-Versions.ps1 @@ -0,0 +1,55 @@ +# This script is to update versions in versions.json, create PR(s) for each bumped version, merge PRs, and release +# It may be run manually or as a cron +# Use -WhatIf for dry run +[CmdletBinding(SupportsShouldProcess)] +param ( + [Parameter(HelpMessage="Whether to clone a temporary repo before opening PRs. Useful in development")] + [switch]$CloneTempRepo +, + [Parameter(HelpMessage="Whether to open a PR for each updated version in version.json")] + [switch]$PR +, + [Parameter(HelpMessage="Whether to merge each PR one after another (note that this is not GitHub merge queue which cannot handle merge conflicts). The queue ensures each PR is rebased to prevent merge conflicts")] + [switch]$AutoMergeQueue +, + [Parameter(HelpMessage="Whether to create a tagged release and closing milestone, after merging all PRs")] + [switch]$AutoRelease +, + [Parameter(HelpMessage="-AutoRelease tag convention")] + [ValidateSet('calver', 'semver')] + [string]$AutoReleaseTagConvention = 'calver' +) +$ErrorActionPreference = 'Stop' +Set-StrictMode -Version Latest + +# Install modules +@( + 'Generate-DockerImageVariantsHelpers' + 'Powershell-Yaml' +) | % { + if (! (Get-InstalledModule $_ -ErrorAction SilentlyContinue) ) { + Install-Module $_ -Scope CurrentUser -Force + } +} +# Override with development module if it exists +if (Test-Path ../Generate-DockerImageVariantsHelpers/src/Generate-DockerImageVariantsHelpers) { + Import-module ../Generate-DockerImageVariantsHelpers/src/Generate-DockerImageVariantsHelpers -Force +} + +try { + if ($CloneTempRepo) { + $repo = Clone-TempRepo + Push-Location $repo + } + + # Update versions.json, and open PRs with CI disabled + $prs = Update-DockerImageVariantsVersions -CommitPreScriptblock { Move-Item .github .github.disabled -Force } -PR:$PR -WhatIf:$WhatIfPreference + # Update versions.json, update PRs with CI, merge PRs one at a time, release and close milestone + $return = Update-DockerImageVariantsVersions -PR:$PR -AutoMergeQueue:$AutoMergeQueue -AutoRelease:$AutoRelease -AutoReleaseTagConvention $AutoReleaseTagConvention -WhatIf:$WhatIfPreference +}catch { + throw +}finally { + if ($CloneTempRepo) { + Pop-Location + } +} diff --git a/generate/definitions/VARIANTS.ps1 b/generate/definitions/VARIANTS.ps1 index 20ea823..fc04ec4 100644 --- a/generate/definitions/VARIANTS.ps1 +++ b/generate/definitions/VARIANTS.ps1 @@ -9,7 +9,7 @@ $VARIANTS = @( platforms = 'linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/s390x' job_group_key = $v } - tag = "v$v" + tag = $v tag_as_latest = if ($v -eq $local:VERSIONS[0] ) { $true } else { $false } } } diff --git a/variants/1.3/Dockerfile b/variants/1.3/Dockerfile new file mode 100644 index 0000000..ee0e829 --- /dev/null +++ b/variants/1.3/Dockerfile @@ -0,0 +1,32 @@ +# Use this container to download the .deb because the SSL certs are expired in phusion/baseimage:0.9.16 +FROM alpine:3.14 AS build +RUN wget -q https://ltb-project.org/archives/self-service-password_1.3-1_all.deb -O /self-service-password.deb + +FROM phusion/baseimage:0.9.16 AS final + +# Use baseimage-docker's init system. +CMD ["/sbin/my_init"] + +ENV DEBIAN_FRONTEND noninteractive + +# Install Apache2, PHP and LTB ssp +RUN apt-get update && apt-get install -y ca-certificates apache2 php5 php5-mcrypt php5-ldap && apt-get clean +COPY --from=build /self-service-password.deb . +RUN dpkg -i self-service-password.deb ; rm -f self-service-password.deb + +# Log to stdout +RUN sed -i 's#/var/log/apache2/ssp_error.log#/dev/stdout#g' `dpkg -L self-service-password | grep -w 'self-service-password\.conf'` \ + && sed -i 's#/var/log/apache2/ssp_access.log#/dev/stdout#g' `dpkg -L self-service-password | grep -w 'self-service-password\.conf'` + +# Configure self-service-password site +RUN ln -s ../../mods-available/mcrypt.ini /etc/php5/apache2/conf.d/20-mcrypt.ini +RUN a2dissite 000-default && a2ensite self-service-password + +# This is where configuration goes +ADD assets/config.inc.php /usr/share/self-service-password/conf/config.inc.php + +# Start Apache2 as runit service +RUN mkdir /etc/service/apache2 +ADD assets/apache2.sh /etc/service/apache2/run + +EXPOSE 80 diff --git a/variants/1.3/assets/apache2.sh b/variants/1.3/assets/apache2.sh new file mode 100755 index 0000000..b59de66 --- /dev/null +++ b/variants/1.3/assets/apache2.sh @@ -0,0 +1,3 @@ +#!/bin/sh +exec /usr/sbin/apache2ctl -DFOREGROUND -k start + diff --git a/variants/1.3/assets/config.inc.php b/variants/1.3/assets/config.inc.php new file mode 100644 index 0000000..9cb0429 --- /dev/null +++ b/variants/1.3/assets/config.inc.php @@ -0,0 +1,310 @@ +