Compare commits

...

94 commits

Author SHA1 Message Date
adbba165a6
fix(ci/cd): Missing apt update, wrong exit code
Some checks failed
Build / build (push) Failing after 1m16s
2024-09-22 23:13:52 +02:00
d837b6f4ef
fix(ci/cd): Cache apt packages 2024-09-22 23:05:26 +02:00
c700df21c1
chore: Disaable jobs from upstream 2024-09-22 22:59:30 +02:00
9b6eabced0
fix(ci/cd): Wrong variable name when checking for existing builds 2024-09-22 22:52:58 +02:00
7d2df472a6
feat: Add files for nix 2024-09-22 22:23:41 +02:00
ff49aa4da3
feat: Add gitignore 2024-09-22 22:23:18 +02:00
d94706dd54
Merge remote-tracking branch 'upstream/master'
Some checks failed
Build / build (push) Failing after 38s
Trigger 4testing rebuild / trigget-rebuild (push) Failing after 1s
2024-04-09 01:57:21 +02:00
papacarlo
40efc5bea9 Merge branch release/v8.0.0 into master 2024-01-30 11:32:11 +00:00
3318b6d62f
fix: Forgot to delete cut command, bad if statement 2024-01-27 04:33:47 +01:00
abd8c8fc95
fix: Outputs not working
Some checks failed
Build / build (push) Has been cancelled
2024-01-27 04:19:39 +01:00
fd38c9a98b
fix: Wrong working directory, simplified to 1 command (+ shell output)
Some checks failed
Build / build (push) Failing after 44s
2024-01-27 03:25:34 +01:00
1123cc8e19
test: /var/run/act/workflow/meta.sh: line 5: : No such file or directory
Some checks failed
Build / build (push) Failing after 39s
https://gitea.stefka.eu/jiriks74/Docker-DocumentServer/actions/runs/44
2024-01-27 03:18:18 +01:00
47f07ad059
fix: bad substitution
Some checks failed
Build / build (push) Failing after 39s
https://gitea.stefka.eu/jiriks74/Docker-DocumentServer/actions/runs/43
2024-01-27 03:16:15 +01:00
6871cb70c8
fix: No such file or directory
Some checks failed
Build / build (push) Failing after 40s
https://gitea.stefka.eu/jiriks74/Docker-DocumentServer/actions/runs/40
https://gitea.stefka.eu/jiriks74/Docker-DocumentServer/actions/runs/41
2024-01-27 03:11:40 +01:00
57aa057198
fix: Docker meta action cannot get git tags
Some checks failed
Build / build (push) Failing after 39s
2024-01-27 03:05:57 +01:00
19d79af2db
fix: Invalid context source: upstream
Some checks failed
Build / build (push) Failing after 44s
2024-01-27 02:55:35 +01:00
a61e416bb5
fix: Move to manual git clone
Some checks failed
Build / build (push) Failing after 42s
the actions/checkout cannot pull from github
2024-01-27 02:48:52 +01:00
06da0b1e92
fix: Invalid repository, Expected format {owner}/{repo}.
Some checks failed
Build / build (push) Failing after 57s
2024-01-27 02:46:12 +01:00
c13261154f
fix: identation
Some checks failed
Build / build (push) Failing after 59s
2024-01-27 02:37:47 +01:00
77f4adf134
fix: Use docker meta action to get tags 2024-01-27 02:34:42 +01:00
Alexey Golubev
0a42ee66b0
Fix bug #60688 (#703) 2024-01-18 10:20:37 +03:00
Danil Titarenko
6416c2c32a
Action small fixes (#697) 2023-12-21 13:22:02 +03:00
Semyon Bezrukov
4ab054c502
Add DOCKER_ORG make variable (#696) 2023-12-20 19:54:56 +03:00
Danil Titarenko
016440fd4b
Disable issue creation from zap scanner (#695) 2023-12-20 11:22:37 +03:00
Danil Titarenko
cb06c6f6e1
Correct startup conditions for zap scanner (#694) 2023-12-20 11:21:34 +03:00
Danil Titarenko
276c5da9f5
Add the ability to manually launch the zap scanner (#691)
* Add zap scanning for DocumentServer

* Set branch name as ref for manual trigger

* Use master as default zap action branch

* Move zap action to master branch

* Fix token variable name

* Small cosmetic fix

* Modify zap action trigger condition

Run zap scanner only when documentserver edition hit community and branch hit in `release/` or `hotfix/`
2023-12-19 11:45:12 +03:00
Danil Titarenko
84a8191de9
Add DocumentServer zap scanner (#685)
* Add DocumentServer zap scanner

* Fix zap target url from `http` to `https`
2023-12-19 11:24:58 +03:00
Evgeniy Antonyuk
6fc2b27fcf
fix Bug 65188 - Upgrade to a current version of postgresql (#690) 2023-11-29 12:33:41 +03:00
c981844975
fix(cicd): gitea
Some checks failed
Build / build (push) Failing after 1m44s
2023-11-21 20:55:07 +01:00
fc505d7f85
fix(cicd): testing
Some checks failed
Build / build (push) Failing after 43s
2023-11-21 20:53:43 +01:00
5382012065
fix(cicd): outputh path
Some checks failed
Build / build (push) Failing after 47s
2023-11-21 20:51:41 +01:00
42bcd0adf1
fix(cicd): remove if statements
Some checks failed
Build / build (push) Failing after 1m6s
2023-11-21 20:46:36 +01:00
6910d565c7
fix(cicd): invert exit statements
All checks were successful
Build / build (push) Successful in 24s
2023-11-21 20:44:51 +01:00
8e3fff2ca1
fix(cicd): add exit command
Some checks failed
Build / build (push) Failing after 24s
2023-11-21 20:42:53 +01:00
5ebcce6742
fix(cicd): inverted if statements
All checks were successful
Build / build (push) Successful in 34s
2023-11-21 20:40:40 +01:00
35ade80ab1
fix(cicd): broken new line
All checks were successful
Build / build (push) Successful in 26s
2023-11-21 20:38:56 +01:00
c2e4633b6c
fix(cicd): bad exit codes
Some checks failed
Build / build (push) Failing after 20s
2023-11-21 20:36:43 +01:00
9e9f6d37d2
fix(cicd): wrong command placement
All checks were successful
Build / build (push) Successful in 19s
2023-11-21 20:34:41 +01:00
9a134fc2ba
fix(cicd): try different command
All checks were successful
Build / build (push) Successful in 21s
2023-11-21 20:31:19 +01:00
b104e22c7a
fix(cicd): try different quotes
Some checks failed
Build / build (push) Failing after 45s
2023-11-21 20:26:56 +01:00
1d22c1e9c1
debug(cicd): test output
Some checks failed
Build / build (push) Failing after 43s
2023-11-21 19:50:06 +01:00
82ee7b2a4c
fix(cicd): move tag extraction to it's own job
Some checks failed
Build / build (push) Failing after 45s
2023-11-21 19:46:00 +01:00
c091b8908a
fix(cicd): move output to the end of job
Some checks failed
Build / build (push) Failing after 49s
2023-11-21 19:39:00 +01:00
6d6a87fe5b
fix(cicd): wrong brackets
Some checks failed
Build / build (push) Failing after 1m5s
2023-11-21 19:29:38 +01:00
e1adffa72b
fix(cicd): broken tag extraction
Some checks failed
Build / build (push) Failing after 29s
2023-11-21 19:26:40 +01:00
Semyon Bezrukov
09ac8b5463
Fix build workflow runs names (#679) 2023-11-20 12:05:00 +03:00
papacarlo
cd8177e0ae Merge branch hotfix/v7.5.1 into release/v7.6.0 2023-11-15 12:57:43 +00:00
Dmitry Kireev
012b35d2f8
Cancel prepare4shutdown script during cluster installation (#673)
* Cancel prepare4shutdown script during cluster installation

* Fix line length
2023-10-27 15:08:30 +03:00
papacarlo
5ef86cd090 Merge branch release/v7.5.0 into develop 2023-10-25 10:32:34 +00:00
papacarlo
6e424a5541 Merge branch release/v7.5.0 into master 2023-10-17 12:14:14 +00:00
d800394eb9
feat(ci/cd): Automatically build image, archive upstream workflows
Some checks failed
Build / build (push) Failing after 46s
2023-10-17 13:46:52 +02:00
7e2a6604dd
docs: Remove obsolete badges 2023-10-17 13:46:30 +02:00
Evgeniy Antonyuk
709bfdd734
fix Bug 63804 - Remove gconf from dependencies since it's deprecated (#663) 2023-09-21 17:09:21 +03:00
Alexey Golubev
f42aed52ab
Merge pull request #662 from RealVishy/patch-1
Fix mistype
2023-09-12 10:38:14 +03:00
Vishwas P
c37270f61f
Update README.md
fix the spelling of docker engine
2023-09-12 15:02:02 +10:00
Danil Titarenko
24d737d5b4
Add instructions for ipv6 connection. Related to bug #63537 (#654)
* Update README.md - add the 'ONLYOFFICE Document Server ipv6 setup' section

* Fix README.md formatting

---------

Co-authored-by: svetlana maleeva <svetlana.maleeva@onlyoffice.com>
2023-08-11 10:40:34 +03:00
papacarlo
4bc4f62720 Merge branch hotfix/v7.4.1 into develop 2023-08-01 08:19:29 +00:00
papacarlo
0b60ccb92b Merge branch hotfix/v7.4.1 into master 2023-07-31 07:28:30 +00:00
Iskandar Kurbonov
c413936f1c
Fix Bug #63238 - Fix re-copying of configuration files in supervisor (#645) 2023-07-13 19:51:03 +05:00
Danil Titarenko
9400eedc06
Add auto rebuild previous releases
* Add the ability to rebuild images

Rebuilding images will be done manually (for now). The choice of the number of rebuilt releases is available (1 by default), the choice of repositories for pushing rebuilt images is available (4testing by default).

Principle of operation:
Through the api of the docker hub, we get the last launched tag that falls under the pattern x.x.x.1, after that the tag with the assembly of which the minor tag x.x will be sent will be calculated. Next, at one of the build steps, the number of the previous release will be received, for example x. x.x.4 which will mean that the current one will be x.x.x.5

* Add login to dockerhub

* Refactoring code

Set some variables for all rebuild-info job. Also set default values for repository and quantity variables

* Refactor: remove push trigger

* Refactoring code

* Refactor: Unlinking a version

* Submitting the latest tag for the latest release only
2023-06-29 14:50:17 +05:00
papacarlo
80b4014588 Merge branch release/v7.4.0 into develop 2023-06-28 07:25:32 +00:00
papacarlo
4ae34b4d02 Merge branch release/v7.4.0 into master 2023-06-13 11:25:57 +00:00
Evgeniy Antonyuk
48add9dc89
Add the ability to enable request filtering agent (#628) 2023-05-26 18:59:54 +05:00
Danil Titarenko
7d32cac40a
Add new stable images versioning principles (#633)
* Refactoring stable images release versioning

The new principle of stable docker images versioning: release numbering is now not by build number, but by serial number.

* Refactoring: fix non-example image pull tag
2023-05-25 18:36:33 +05:00
Semyon Bezrukov
989647852e
Fix deprecated set-output (#632) 2023-05-24 13:51:14 +05:00
Alexey Golubev
816b4823d2
Merge pull request #627 from ONLYOFFICE/release/v7.4.0
Merge release/v7.4.0 into develop
2023-05-17 14:44:26 +05:00
Alexey Golubev
a97a8f0aaf
Merge pull request #624 from ONLYOFFICE/hotfix/v7.3.3
Merge branch hotfix/v7.3.3 into release/v7.4.0
2023-05-15 12:01:29 +05:00
Evgeniy Antonyuk
e2080865b9 Merge branch 'release/v7.4.0' into hotfix/v7.3.3 2023-05-15 12:00:20 +05:00
papacarlo
ad7086886c Merge branch hotfix/v7.3.3 into develop 2023-05-15 06:52:33 +00:00
papacarlo
8e08fed4ee Merge branch hotfix/v7.3.3 into master 2023-05-15 06:52:28 +00:00
Alexey Golubev
4c5e5f20ee Revert "Trace build commands (#609)"
This reverts commit 708684ccc1.
2023-05-02 13:25:36 +05:00
Semyon Bezrukov
708684ccc1
Trace build commands (#609)
* Trace build commands

* Small fix
2023-04-25 20:01:14 +05:00
Evgeniy Antonyuk
c61323257b
Use the default supervisord configuration (#608)
* Use a unix socket by default

* Use the default supervisord configuration

* Return the init.d supervisor file
2023-04-20 20:27:35 +05:00
Alexey Golubev
06fe4034f0
Merge master into hotfix/v7.3.3 2023-04-18 22:39:22 +05:00
Alexey Golubev
b011e73f64
Fix nginx secure link url (#604) 2023-04-18 22:34:02 +05:00
Semyon Bezrukov
44eb6c45f2
Fix deb package link (#602) 2023-04-14 22:32:04 +05:00
Semyon Bezrukov
4499ca1d34
Fix deb package link (#599) 2023-04-10 17:10:23 +05:00
Evgeniy Antonyuk
09b9a73637
fix Bug 61960 - Add authentication for supervisord (#598) 2023-04-10 13:16:23 +05:00
Evgeniy Antonyuk
f455bdf433
fix Bug 59826 - Fix database creation without onlyoffice owner (#597)
* fix Bug 59826 - Fix database creation without onlyoffice owner

* Fix an unnecessary space
2023-04-06 15:18:10 +05:00
Dmitry Kireev
f03bc7ec18
Add docker-compose with prometheus and grafana (#495)
* Add docker-compose with prometheus and grafana

* Add dashbord installation

* Fix path to config file
2023-03-21 15:06:05 +05:00
Evgeniy Antonyuk
648ff7322f
Fix the owner of the logrotate config (#591) 2023-03-17 14:25:33 +05:00
papacarlo
00b188d9ff Merge branch hotfix/v7.3.3 into master 2023-03-15 10:53:31 +00:00
Alexey Golubev
6f716134dd
Fix misprint
Instead  https://github.com/ONLYOFFICE/Docker-DocumentServer/pull/579
2023-02-22 17:41:59 +05:00
papacarlo
0fb195b958 Merge branch hotfix/v7.3.2 into develop 2023-02-14 07:59:59 +00:00
Alexey Golubev
4c05627d1f
Merge pull request #585 from ONLYOFFICE/bugfix/psql-owner
fix Bug 59826 - Fix database creation without onlyoffice owner
2023-02-07 18:53:11 +05:00
evgeniy-antonyuk
985bc4020a Fix database creation without onlyoffice owner 2023-02-07 16:08:40 +03:00
Alexey Golubev
46215d4372
Merge pull request #584 from ONLYOFFICE/hotfix/v7.3.2
Merger hotfix/v7.3.2 into hotfix/v7.3.3
2023-02-07 13:02:08 +05:00
Thomas Gerbet
83825d26e9
Generated JWT secret is too small for HMAC SHA256 (#582)
The key that is automatically generated weaken the security strength.
As noted in RFC7518 section 3.2 [0]:
```
A key of the same size as the hash output (for instance, 256 bits for
"HS256") or larger MUST be used with this algorithm.  (This
requirement is based on Section 5.3.4 (Security Effect of the HMAC
Key) of NIST SP 800-117 [NIST.800-107], which states that the
effective security strength is the minimum of the security strength
of the key and two times the size of the internal hash value.)
```

Some JWT libraries are rejecting by default keys that are too small in
a attempt to prevent misusages so generating a key that does not respect
the minimal length can be problematic for OO integrations.

[0] https://www.rfc-editor.org/rfc/rfc7518.html#section-3.2
2023-02-07 11:02:40 +05:00
Danil Titarenko
cac79dea01
Install rabbitmq-server from default ubuntu repo, fixed bug closes #575 (#578) 2023-02-02 20:41:49 +05:00
papacarlo
22ab86d2d6 Merge branch release/v7.3.0 into develop 2023-02-02 13:38:11 +00:00
papacarlo
eb643e3adb
Merge pull request #561 from ONLYOFFICE/hotfix/v7.2.2
Merge branch hotfix/v7.2.2 into develop
2022-12-27 18:34:45 +03:00
Semyon Bezrukov
19debc5181
Merge branch 'develop' into hotfix/v7.2.2 2022-12-27 18:31:52 +03:00
Alexey Golubev
b59175d13f
Merge pull request #552 from ONLYOFFICE/release/v7.3.0
Merge branch release/v7.3.0 into develop
2022-12-12 15:32:25 +03:00
papacarlo
47503e6c98 Merge branch hotfix/v7.2.1 into develop 2022-11-11 11:12:56 +00:00
25 changed files with 3605 additions and 69 deletions

1
.envrc Normal file
View file

@ -0,0 +1 @@
use nix

View file

@ -1,5 +1,14 @@
### This workflow setup instance then build and push images ### ### This workflow setup instance then build and push images ###
name: 4testing multiarch-build name: 4testing multiarch-build
run-name: >-
Build #${{ inputs.build }} [
${{ inputs.amd64 && 'AMD64' || '-' }}
${{ inputs.arm64 && 'ARM64' || '-' }}
] [
${{ inputs.community && 'CE' || '-' }}
${{ inputs.developer && 'DE' || '-' }}
${{ inputs.enterprise && 'EE' || '-' }}
]
on: on:
workflow_dispatch: workflow_dispatch:
@ -61,7 +70,7 @@ jobs:
echo "None of the editions are selected." echo "None of the editions are selected."
exit 1 exit 1
fi fi
echo "::set-output name=editions::$(jq -n -c --arg s "${EDITIONS[*]}" '($s|split(" "))')" echo "editions=$(jq -n -c --arg s "${EDITIONS[*]}" '($s|split(" "))')" >> $GITHUB_OUTPUT
outputs: outputs:
editions: ${{ steps.matrix.outputs.editions }} editions: ${{ steps.matrix.outputs.editions }}
@ -92,6 +101,7 @@ jobs:
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
- name: Build 4testing - name: Build 4testing
id: build-ds
run: | run: |
set -eux set -eux
@ -124,8 +134,8 @@ jobs:
BUILD_NUMBER=${{ github.event.inputs.build }} BUILD_NUMBER=${{ github.event.inputs.build }}
export PRODUCT_EDITION export PRODUCT_EDITION
export PACKAGE_VERSION=${PRODUCT_VERSION}-${BUILD_NUMBER}~stretch export PACKAGE_VERSION=${PRODUCT_VERSION}-${BUILD_NUMBER}
export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }}/${BUILD_CHANNEL} export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }}
export BUILD_CHANNEL export BUILD_CHANNEL
export PLATFORM export PLATFORM
export DOCKERFILE=Dockerfile export DOCKERFILE=Dockerfile
@ -136,4 +146,29 @@ jobs:
docker buildx bake -f docker-bake.hcl ${{ matrix.image }} --push docker buildx bake -f docker-bake.hcl ${{ matrix.image }} --push
echo "DONE: Build success" echo "DONE: Build success"
### Set output for Zap scanner
### NOTE: Output will be used only in release/hotfix branches
echo "version=${TAG}" >> "$GITHUB_OUTPUT"
echo "branch=${BRANCH_NAME}" >> "$GITHUB_OUTPUT"
shell: bash shell: bash
# Run scanner only when edition is community
# and branch hit release/ or hotfix/
- name: Trigger zap manualy
if: >-
matrix.edition == 'community' &&
(startsWith(steps.build-ds.outputs.branch, 'release/') ||
startsWith(steps.build-ds.outputs.branch, 'hotfix/'))
env:
VERSION: ${{ steps.build-ds.outputs.version }}
BRANCH: ${{ steps.build-ds.outputs.branch }}
GITHUB_TOKEN: ${{ secrets.TOKEN }}
run: |
gh workflow run zap-ds.yaml \
--repo ${{ github.repository }} \
-f branch=${BRANCH} \
-f version=${VERSION}
shell: bash

View file

@ -0,0 +1,66 @@
name: Build
on:
schedule:
- cron: "0 0 * * 1"
push:
tags:
- 'manual_build'
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get upstream repository
run: |
git clone https://github.com/ONLYOFFICE/DocumentServer/ upstream
- name: Extract tags and labels for Docker
id: meta
run: |
export VERSION="$(cd upstream && git describe --tags --abbrev=0 | cut -d 'v' -f2-)"
echo "Version: ${VERSION}"
echo "tag=${VERSION}" >> $GITHUB_OUTPUT
shell: bash
- name: Check if the image was already built
id: check-build-status
run: |
echo ${{ steps.meta.outputs.tag }}
if curl --silent -f -lSL "https://hub.docker.com/v2/repositories/jiriks74/onlyoffice-documentserver/tags/$(echo ${{ steps.meta.outputs.tag }})" > /dev/null; then echo "Already exists" && exit 1; else echo "Desn't exist" && exit 0; fi
- name: Set tag in Dockerfile
run: |
sed -i "s/ARG PACKAGE_VERSION=/ARG PACKAGE_VERSION=$(echo ${{ steps.meta.outputs.tag }} | cut -d ':' -f2)/g" Dockerfile
- name: Update repositories
run: sudo apt update
- name: Install Docker
uses: awalsh128/cache-apt-pkgs-action@latest
with:
packages: docker.io
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
with:
platforms: linux/amd64,linux/arm64
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push image
uses: docker/build-push-action@v2
with:
push: true
tags: jiriks74/onlyoffice-documentserver:${{ steps.meta.outputs.tag }},jiriks74/onlyoffice-documentserver:latest
platforms: linux/amd64,linux/arm64
context: .
file: ./Dockerfile

View file

@ -0,0 +1,22 @@
---
name: Trigger 4testing rebuild
run-name: "Weekly 4testing rebuild trigger"
on:
schedule:
# Run every Saturday at 10 p.m.
- cron: '00 22 * * 6'
jobs:
trigger-rebuild:
name: "trigget-rebuild"
runs-on: "ubuntu-latest"
steps:
- name: Rebuild 4testing manualy
env:
GITHUB_TOKEN: ${{ secrets.TOKEN }}
run: |
gh workflow run rebuild.yml \
--repo ONLYOFFICE/Docker-DocumentServer \
-f repo=4test

View file

@ -0,0 +1,224 @@
---
name: Rebuild Docker-Documentserver
run-name: >
Rebuild DocumentServer with secure updates for repo: ${{ github.event.inputs.repo }}
on:
workflow_dispatch:
inputs:
repo:
type: choice
description: Please, choose upload repo..
options:
- '4test'
- 'stable'
permissions:
# All other permissions are set to none
contents: read
# Technically read access while waiting for images should be more than enough. However,
# there is a bug in GitHub Actions/Packages and in case private repositories are used, you get a permission
# denied error when attempting to just pull private image, changing the token permission to write solves the
# issue. This is not dangerous, because if it is for "ONLYOFFICE/Docker-DocumentServer", only maintainers can use ds-rebuild.yaml
# If it is for a fork, then the token is read-only anyway.
packages: read
env:
COMPANY_NAME: "onlyoffice"
PRODUCT_NAME: "documentserver"
REGISTRY_URL: "https://hub.docker.com/v2/repositories"
jobs:
rebuild-info:
name: "Rebuild-info"
runs-on: "ubuntu-22.04"
env:
REPO_INPUTS: ${{ github.event.inputs.repo }}
EVENT: ${{ github.event_name }}
outputs:
stable-versions: ${{ steps.selective-checks.outputs.stable-versions }}
ucs-versions: ${{ steps.selective-checks.outputs.ucs-versions }}
minor-tags: ${{ steps.selective-checks.outputs.minor-tags }}
ucs-rebuild-condition: ${{ steps.selective-checks.outputs.ucs-rebuild-condition }}
prefix-name: ${{ steps.selective-checks.outputs.prefix-name }}
repo: ${{ steps.selective-checks.outputs.repo }}
steps:
- name: Selective checks
id: selective-checks
run: |
set -e
REPO=${REPO_INPUTS:-"4test"}
if [ "${REPO}" == "stable" ]; then
UCS_REBUILD=true
UCS_VERSIONS=($(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}-ucs/tags/?page_size=100 | \
jq -r '.results|.[]|.name' | grep -oxE '[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.1' || true))
echo "ucs-versions=$(jq -c -n '$ARGS.positional' --args "${UCS_VERSIONS[@]}")" >> "$GITHUB_OUTPUT"
elif
[ "${REPO}" == "4test" ]; then
UCS_REBUILD=false
PREFIX_NAME=4testing-
fi
STABLE_VERSIONS=($(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 | \
jq -r '.results|.[]|.name' | grep -oxE '[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.1' || true))
# When rebuilding stable versions of the document server,
# it is necessary to determine the version from which the
# minor x.x tag will need to be pushed.
VERSIONS=(${STABLE_VERSIONS[@]})
for i in {1..10}; do
if [ -z "${VERSIONS}" ]; then
break
else
TEMPLATE=${VERSIONS[0]%.*.*}
TEMPLATE_MINOR=$(printf -- '%s\n' "${VERSIONS[@]}" | grep -o -m 1 "${VERSIONS[0]%.*.*}.[0-9].[0-9]")
MINOR_TAGS+=(${TEMPLATE_MINOR%.*})
for v in ${MINOR_TAGS[@]}; do
VERSIONS=(${VERSIONS[@]//${v%.*}.*.*})
done
fi
done
echo "Stable releases that will be rebuilded"
echo "--------------------------------------"
echo "${STABLE_VERSIONS[@]}"
echo
echo
echo "Ucs releases that will be rebuilded"
echo "-----------------------------------"
echo "${UCS_VERSIONS[@]}"
echo "stable-versions=$(jq -c -n '$ARGS.positional' --args "${STABLE_VERSIONS[@]}")" >> "$GITHUB_OUTPUT"
echo "minor-tags=${MINOR_TAGS[@]}" >> "$GITHUB_OUTPUT"
echo "ucs-rebuild-condition=${UCS_REBUILD}" >> "$GITHUB_OUTPUT"
echo "prefix-name=${PREFIX_NAME}" >> "$GITHUB_OUTPUT"
echo "repo=${REPO}" >> "$GITHUB_OUTPUT"
shell: bash
re-build-stable:
name: "Rebuild stable:${{ matrix.version }} ${{ matrix.edition }}"
needs: [rebuild-info]
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
type: ["stable"]
edition: ["", "-ee", "-de"]
version: ${{fromJSON(needs.rebuild-info.outputs.stable-versions)}}
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
# Determines the new build number based
# on data from the hub.docker registry
- name: Declare release number
id: release-number
env:
REBUILD_VERSION: ${{ matrix.version }}
run: |
MINOR_VERSION=${REBUILD_VERSION%.*}
LAST_RELEASE=$(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 \
| jq -r '.results|.[]|.name' | grep -Eo -m1 "${MINOR_VERSION}.[0-9]{1,}")
LAST_RELEASE=${LAST_RELEASE#*.*.*.}
echo "release-number=$((LAST_RELEASE+1))" >> "$GITHUB_OUTPUT"
shell: bash
# Note: Rebuilding images with an
# extra layer to update security and
# all dependencies. Update tags got +1 to previous release.
- name: Re-build documentserver-stable
env:
MINOR_TAGS_ST: ${{ needs.rebuild-info.outputs.minor-tags }}
VERSION: ${{ matrix.version }}
RELEASE_NUMBER: ${{ steps.release-number.outputs.release-number }}
PREFIX_NAME: ${{ needs.rebuild-info.outputs.prefix-name }}
REPO: ${{ needs.rebuild-info.outputs.repo }}
PRODUCT_EDITION: ${{ matrix.edition }}
run: |
set -eux
export PULL_TAG=${VERSION}
export TAG=${VERSION%.*}.${RELEASE_NUMBER}
export SHORTER_TAG=${VERSION%.*}
export SHORTEST_TAG=${VERSION%.*.*}
if [ "${REPO}" == "stable" ]; then
MINOR_TAGS=(${MINOR_TAGS_ST})
for v in ${MINOR_TAGS[@]}; do
if [ "${SHORTER_TAG}" == "${v}" ]; then
export PUSH_MAJOR="true"
fi
done
if [ "${SHORTER_TAG}" == "${MINOR_TAGS[0]}" ]; then
export LATEST="true"
fi
fi
docker buildx bake -f docker-bake.hcl documentserver-stable-rebuild --push
shell: bash
re-build-ucs:
name: "Rebuild ucs: ${{ matrix.version }} ${{ matrix.edition }}"
if: needs.rebuild-info.outputs.ucs-rebuild-condition == 'true'
needs: [rebuild-info]
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
type: ["ucs"]
edition: ["", "-ee"]
version: ${{fromJSON(needs.rebuild-info.outputs.ucs-versions)}}
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
# Determines the new build number based
# on data from the hub.docker registry
- name: Declare release number
id: release-number
env:
REBUILD_VERSION: ${{ matrix.version }}
run: |
MINOR_VERSION=${REBUILD_VERSION%.*}
LAST_RELEASE=$(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 \
| jq -r '.results|.[]|.name' | grep -Eo -m1 "${MINOR_VERSION}.[0-9]{1,}")
LAST_RELEASE=${LAST_RELEASE#*.*.*.}
echo "release-number=$((LAST_RELEASE+1))" >> "$GITHUB_OUTPUT"
shell: bash
# Note: Rebuilding images with an
# extra layer to update security and
# all dependencies. Update tags +1 to previous release.
- name: Re-build documentserver-ucs
env:
VERSION: ${{ matrix.version }}
RELEASE_NUMBER: ${{ steps.release-number.outputs.release-number }}
PRODUCT_EDITION: ${{ matrix.edition }}
run: |
set -eux
export PULL_TAG=${VERSION}
export TAG=${VERSION%.*}.${RELEASE_NUMBER}
export SHORTER_TAG=${VERSION%.*}
export SHORTEST_TAG=${VERSION%.*.*}
export UCS_REBUILD=true
export UCS_PREFIX=-ucs
docker buildx bake -f docker-bake.hcl documentserver-stable-rebuild --push
shell: bash

View file

@ -1,5 +1,6 @@
### This workflow setup instance then build and push images ### ### This workflow setup instance then build and push images ###
name: Multi-arch build stable name: Multi-arch build stable
run-name: ${{ inputs.tag }} (${{ inputs.release_number }})
on: on:
workflow_dispatch: workflow_dispatch:
@ -8,6 +9,11 @@ on:
description: 'Tag for release (ex. 1.2.3.45)' description: 'Tag for release (ex. 1.2.3.45)'
type: string type: string
required: true required: true
release_number:
description: 'Sequence number of the release (ex. x.x.x.<number>)'
type: string
required: true
default: '1'
env: env:
COMPANY_NAME: "onlyoffice" COMPANY_NAME: "onlyoffice"
@ -42,10 +48,12 @@ jobs:
run: | run: |
set -eux set -eux
VERSION=${{ github.event.inputs.tag }} VERSION=${{ github.event.inputs.tag }}
RELEASE_NUMBER=${{ github.event.inputs.release_number }}
PRODUCT_EDITION=${{ matrix.edition }} PRODUCT_EDITION=${{ matrix.edition }}
TESTING_IMAGE=${COMPANY_NAME}/4testing-${PRODUCT_NAME}${PRODUCT_EDITION} TESTING_IMAGE=${COMPANY_NAME}/4testing-${PRODUCT_NAME}${PRODUCT_EDITION}
export PRODUCT_EDITION export PRODUCT_EDITION
export TAG=${VERSION} export PULL_TAG=${VERSION}
export TAG=${VERSION%.*}.${RELEASE_NUMBER}
export SHORTER_TAG=${VERSION%.*} export SHORTER_TAG=${VERSION%.*}
export SHORTEST_TAG=${VERSION%.*.*} export SHORTEST_TAG=${VERSION%.*.*}
docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push
@ -82,8 +90,11 @@ jobs:
- name: build image - name: build image
run: | run: |
set -eux set -eux
VERSION=${{ github.event.inputs.tag }}
RELEASE_NUMBER=${{ github.event.inputs.release_number }}
export PULL_TAG=${VERSION%.*}.${RELEASE_NUMBER}
export PRODUCT_EDITION=${{ matrix.edition }} export PRODUCT_EDITION=${{ matrix.edition }}
export TAG=${{ github.event.inputs.tag }} export TAG=${VERSION%.*}.${RELEASE_NUMBER}
docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push
shell: bash shell: bash
@ -113,12 +124,14 @@ jobs:
- name: build UCS - name: build UCS
run: | run: |
set -eux set -eux
VERSION=${{ github.event.inputs.tag }}
RELEASE_NUMBER=${{ github.event.inputs.release_number }}
export PRODUCT_EDITION=${{ matrix.edition }} export PRODUCT_EDITION=${{ matrix.edition }}
export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }}/test export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }}
export DOCKERFILE=Dockerfile export DOCKERFILE=Dockerfile
export BASE_IMAGE=ubuntu:20.04 export BASE_IMAGE=ubuntu:20.04
export PG_VERSION=12 export PG_VERSION=12
export TAG=${{ github.event.inputs.tag }} export TAG=${VERSION%.*}.${RELEASE_NUMBER}
export PACKAGE_VERSION=$( echo ${TAG} | sed -E 's/(.*)\./\1-/')~stretch export PACKAGE_VERSION=$( echo ${VERSION} | sed -E 's/(.*)\./\1-/')
docker buildx bake -f docker-bake.hcl documentserver-ucs --push docker buildx bake -f docker-bake.hcl documentserver-ucs --push
shell: bash shell: bash

View file

@ -0,0 +1,70 @@
---
name: Scanning DocumentServer with ZAP
run-name: >
ZAP DocumentServer ver: ${{ github.event.inputs.version }} from branch: ${{ github.event.inputs.branch }}
on:
workflow_dispatch:
inputs:
version:
description: 'Set DocumentServer version that will be deployed'
type: string
required: true
branch:
description: 'The branch from which the scan will be performed'
type: string
required: true
jobs:
zap:
name: "Zap scanning DocumentServer"
runs-on: ubuntu-latest
permissions:
issues: write
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Run DS
id: run-ds
env:
TAG: ${{ github.event.inputs.version }}
run: |
# Create ssl certs
openssl genrsa -out tls.key 2048
openssl req -new -key tls.key -out tls.csr -subj "/C=RU/ST=NizhObl/L=NizhNov/O=RK-Tech/OU=TestUnit/CN=TestName"
openssl x509 -req -days 365 -in tls.csr -signkey tls.key -out tls.crt
openssl dhparam -out dhparam.pem 2048
sudo mkdir -p /app/onlyoffice/DocumentServer/data/certs
sudo cp ./tls.key /app/onlyoffice/DocumentServer/data/certs/
sudo cp ./tls.crt /app/onlyoffice/DocumentServer/data/certs/
sudo cp ./dhparam.pem /app/onlyoffice/DocumentServer/data/certs/
sudo chmod 400 /app/onlyoffice/DocumentServer/data/certs/tls.key
rm ./tls.key ./tls.crt ./dhparam.pem
# Run Ds with enabled ssl
export CONTAINER_NAME="documentserver"
sudo docker run -itd \
--name ${CONTAINER_NAME} \
-p 80:80 \
-p 443:443 \
-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
onlyoffice/4testing-documentserver:${TAG}
sleep 60
sudo docker exec ${CONTAINER_NAME} sudo supervisorctl start ds:example
LOCAL_IP=$(hostname -I | awk '{print $1}')
echo "local-ip=${LOCAL_IP}" >> "$GITHUB_OUTPUT"
# Scan DocumentServer with ZAP.
# NOTE: Full scan get a lot of time.
# If you want make scan more faster (but less accurate) remove `cmd options` field
# -j mean that scanning use AJAX Spider, with this spider the scan takes approximately an hour
# Without any cmd options will be used default spider and the scan takes approximately ~10-15 minutes
- name: ZAP Scan
uses: zaproxy/action-full-scan@v0.8.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
target: 'https://${{ steps.run-ds.outputs.local-ip }}/'
allow_issue_writing: false
cmd_options: '-j'

2
.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
# Nix, direnv
.direnv

131
.travis.yml Normal file
View file

@ -0,0 +1,131 @@
language: generic
dist: trusty
env:
# community edition
- config: standalone.yml
# integration edition
- config: standalone.yml
PRODUCT_NAME: documentserver-ie
# certificates (default tls if onlyoffice not exists)
- config: certs.yml
ssl: true
# certificates (default onlyoffice if exists)
- config: certs.yml
ssl: true
private_key: onlyoffice.key
certificate_request: onlyoffice.csr
certificate: onlyoffice.crt
# custom certificates
- config: certs-customized.yml
ssl: true
private_key: mycert.key
certificate_request: mycert.csr
certificate: mycert.crt
SSL_CERTIFICATE_PATH: /var/www/onlyoffice/Data/certs/mycert.crt
SSL_KEY_PATH: /var/www/onlyoffice/Data/certs/mycert.key
# postgresql 16
- config: postgres.yml
POSTGRES_VERSION: 16
# postgresql 15
- config: postgres.yml
POSTGRES_VERSION: 15
# postgresql 14
- config: postgres.yml
POSTGRES_VERSION: 14
# postgresql 13
- config: postgres.yml
POSTGRES_VERSION: 13
# postgresql 12
- config: postgres.yml
# postgresql custom values
- config: postgres.yml
DB_NAME: mydb
DB_USER: myuser
DB_PWD: password
POSTGRES_DB: mydb
POSTGRES_USER: myuser
# postgresql deprecated variables
- config: postgres-old.yml
# mysql 8
- config: mysql.yml
MYSQL_VERSION: 8
# mysql 5
- config: mysql.yml
MYSQL_VERSION: 5
# mysql 5.7
- config: mysql.yml
# mariadb 10
- config: mariadb.yml
MARIADB_VERSION: 10
# mariadb 10.5
- config: mariadb.yml
- config: activemq.yml
ACTIVEMQ_VERSION: latest
# activemq 5.14.3
- config: activemq.yml
# rabbitmq latest
- config: rabbitmq.yml
# rabbitmq 3
- config: rabbitmq.yml
RABBITMQ_VERSION: 3
# rabbitmq old variables
- config: rabbitmq-old.yml
# redis latest with community edition
- config: redis.yml
# redis latest with integraion edition
- config: redis.yml
PRODUCT_NAME: documentserver-ie
# redis 6
- config: redis.yml
REDIS_VERSION: 6
# redis 5
- config: redis.yml
REDIS_VERSION: 5
# graphite
- config: graphite.yml
services:
- docker
script:
# Go to tests dir
- cd ${PWD}/tests
# Run test.
- ./test.sh

View file

@ -19,8 +19,8 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
apt-utils \ apt-utils \
bomstrip \ bomstrip \
certbot \ certbot \
cron \
curl \ curl \
gconf-service \
htop \ htop \
libasound2 \ libasound2 \
libboost-regex-dev \ libboost-regex-dev \
@ -57,9 +57,8 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
sed 's|\(application\/zip.*\)|\1\n application\/wasm wasm;|' -i /etc/nginx/mime.types && \ sed 's|\(application\/zip.*\)|\1\n application\/wasm wasm;|' -i /etc/nginx/mime.types && \
pg_conftool $PG_VERSION main set listen_addresses 'localhost' && \ pg_conftool $PG_VERSION main set listen_addresses 'localhost' && \
service postgresql restart && \ service postgresql restart && \
sudo -u postgres psql -c "CREATE DATABASE $ONLYOFFICE_VALUE;" && \
sudo -u postgres psql -c "CREATE USER $ONLYOFFICE_VALUE WITH password '$ONLYOFFICE_VALUE';" && \ sudo -u postgres psql -c "CREATE USER $ONLYOFFICE_VALUE WITH password '$ONLYOFFICE_VALUE';" && \
sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE $ONLYOFFICE_VALUE TO $ONLYOFFICE_VALUE;" && \ sudo -u postgres psql -c "CREATE DATABASE $ONLYOFFICE_VALUE OWNER $ONLYOFFICE_VALUE;" && \
service postgresql stop && \ service postgresql stop && \
service redis-server stop && \ service redis-server stop && \
service rabbitmq-server stop && \ service rabbitmq-server stop && \
@ -67,7 +66,8 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
service nginx stop && \ service nginx stop && \
rm -rf /var/lib/apt/lists/* rm -rf /var/lib/apt/lists/*
COPY config /app/ds/setup/config/ COPY config/supervisor/supervisor /etc/init.d/
COPY config/supervisor/ds/*.conf /etc/supervisor/conf.d/
COPY run-document-server.sh /app/ds/run-document-server.sh COPY run-document-server.sh /app/ds/run-document-server.sh
EXPOSE 80 443 EXPOSE 80 443
@ -90,6 +90,8 @@ RUN PACKAGE_FILE="${COMPANY_NAME}-${PRODUCT_NAME}${PRODUCT_EDITION}${PACKAGE_VER
service postgresql start && \ service postgresql start && \
apt-get -yq install /tmp/$PACKAGE_FILE && \ apt-get -yq install /tmp/$PACKAGE_FILE && \
service postgresql stop && \ service postgresql stop && \
chmod 755 /etc/init.d/supervisor && \
sed "s/COMPANY_NAME/${COMPANY_NAME}/g" -i /etc/supervisor/conf.d/*.conf && \
service supervisor stop && \ service supervisor stop && \
chmod 755 /app/ds/*.sh && \ chmod 755 /app/ds/*.sh && \
rm -f /tmp/$PACKAGE_FILE && \ rm -f /tmp/$PACKAGE_FILE && \

View file

@ -8,11 +8,10 @@ BUILD_CHANNEL ?= nightly
ONLYOFFICE_VALUE ?= onlyoffice ONLYOFFICE_VALUE ?= onlyoffice
COMPANY_NAME_LOW = $(shell echo $(COMPANY_NAME) | tr A-Z a-z) COMPANY_NAME_LOW = $(shell echo $(COMPANY_NAME) | tr A-Z a-z)
COMPANY_NAME_ESC = $(subst -,,$(COMPANY_NAME_LOW))
PACKAGE_NAME := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)$(PRODUCT_EDITION) PACKAGE_NAME := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)$(PRODUCT_EDITION)
PACKAGE_VERSION ?= $(PRODUCT_VERSION)-$(BUILD_NUMBER)~stretch PACKAGE_VERSION ?= $(PRODUCT_VERSION)-$(BUILD_NUMBER)~stretch
PACKAGE_BASEURL ?= https://s3.eu-west-1.amazonaws.com/repo-doc-onlyoffice-com/server/linux/debian/$(BUILD_CHANNEL) PACKAGE_BASEURL ?= https://s3.eu-west-1.amazonaws.com/repo-doc-onlyoffice-com/server/linux/debian
ifeq ($(BUILD_CHANNEL),$(filter $(BUILD_CHANNEL),nightly test)) ifeq ($(BUILD_CHANNEL),$(filter $(BUILD_CHANNEL),nightly test))
DOCKER_TAG := $(PRODUCT_VERSION).$(BUILD_NUMBER) DOCKER_TAG := $(PRODUCT_VERSION).$(BUILD_NUMBER)
@ -20,7 +19,8 @@ else
DOCKER_TAG := $(PRODUCT_VERSION).$(BUILD_NUMBER)-$(subst /,-,$(GIT_BRANCH)) DOCKER_TAG := $(PRODUCT_VERSION).$(BUILD_NUMBER)-$(subst /,-,$(GIT_BRANCH))
endif endif
DOCKER_IMAGE := $(COMPANY_NAME_ESC)/4testing-$(PRODUCT_NAME)$(PRODUCT_EDITION) DOCKER_ORG ?= $(COMPANY_NAME_LOW)
DOCKER_IMAGE := $(DOCKER_ORG)/4testing-$(PRODUCT_NAME)$(PRODUCT_EDITION)
DOCKER_DUMMY := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)$(PRODUCT_EDITION)__$(DOCKER_TAG).dummy DOCKER_DUMMY := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)$(PRODUCT_EDITION)__$(DOCKER_TAG).dummy
DOCKER_ARCH := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)_$(DOCKER_TAG).tar.gz DOCKER_ARCH := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)_$(DOCKER_TAG).tar.gz

View file

@ -2,9 +2,6 @@
[![Docker Stars](https://img.shields.io/docker/stars/jiriks74/onlyoffice-documentserver.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=stars&logo=docker)](https://hub.docker.com/r/jiriks74/onlyoffice-documentserver) [![Docker Stars](https://img.shields.io/docker/stars/jiriks74/onlyoffice-documentserver.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=stars&logo=docker)](https://hub.docker.com/r/jiriks74/onlyoffice-documentserver)
[![Docker Size](https://img.shields.io/docker/image-size/jiriks74/onlyoffice-documentserver/latest.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Size&logo=docker)](https://hub.docker.com/r/jiriks74/onlyoffice-documentserver) [![Docker Size](https://img.shields.io/docker/image-size/jiriks74/onlyoffice-documentserver/latest.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Size&logo=docker)](https://hub.docker.com/r/jiriks74/onlyoffice-documentserver)
[![GitHub Stars](https://img.shields.io/github/stars/jiriks74/Docker-DocumentServer.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/jiriks74/Docker-DocumentServer)
[![GitHub Forks](https://img.shields.io/github/forks/jiriks74/Docker-DocumentServer?color=94398d&label=Forks&logo=github&logoColor=ffffff&style=for-the-badge)](https://github.com/jiriks74/Docker-DocumentServer)
#### This repository is based on the official `Dockerfile` and `docker-compose.yml` files with all the needed files as well #### This repository is based on the official `Dockerfile` and `docker-compose.yml` files with all the needed files as well
# Table of contents # Table of contents
@ -201,6 +198,7 @@ version of the `onlyoffice-documentserver` debian package used in the image
+ [Installation of the SSL Certificates](#installation-of-the-ssl-certificates) + [Installation of the SSL Certificates](#installation-of-the-ssl-certificates)
+ [Available Configuration Parameters](#available-configuration-parameters) + [Available Configuration Parameters](#available-configuration-parameters)
* [Installing ONLYOFFICE Document Server integrated with Community and Mail Servers](#installing-onlyoffice-document-server-integrated-with-community-and-mail-servers) * [Installing ONLYOFFICE Document Server integrated with Community and Mail Servers](#installing-onlyoffice-document-server-integrated-with-community-and-mail-servers)
* [ONLYOFFICE Document Server ipv6 setup](#onlyoffice-document-server-ipv6-setup)
* [Issues](#issues) * [Issues](#issues)
- [Docker Issues](#docker-issues) - [Docker Issues](#docker-issues)
- [Document Server usage Issues](#document-server-usage-issues) - [Document Server usage Issues](#document-server-usage-issues)
@ -215,7 +213,7 @@ Starting from version 6.0, Document Server is distributed as ONLYOFFICE Docs. It
ONLYOFFICE Docs can be used as a part of ONLYOFFICE Workspace or with third-party sync&share solutions (e.g. Nextcloud, ownCloud, Seafile) to enable collaborative editing within their interface. ONLYOFFICE Docs can be used as a part of ONLYOFFICE Workspace or with third-party sync&share solutions (e.g. Nextcloud, ownCloud, Seafile) to enable collaborative editing within their interface.
***Important*** Please update `docker-enginge` to latest version (`20.10.21` as of writing this doc) before using it. We use `ubuntu:22.04` as base image and it older versions of docker have compatibility problems with it ***Important*** Please update `docker-engine` to latest version (`20.10.21` as of writing this doc) before using it. We use `ubuntu:22.04` as base image and it older versions of docker have compatibility problems with it
## Functionality ## ## Functionality ##
* ONLYOFFICE Document Editor * ONLYOFFICE Document Editor
@ -380,12 +378,14 @@ Below is the complete list of parameters that can be set using environment varia
- **REDIS_SERVER_PASS**: The Redis server password. The password is not set by default. - **REDIS_SERVER_PASS**: The Redis server password. The password is not set by default.
- **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes. - **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes.
- **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process. - **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process.
- **SECURE_LINK_SECRET**: Defines secret for the nginx config directive [secure_link_md5](http://nginx.org/ru/docs/http/ngx_http_secure_link_module.html#secure_link_md5). Defaults to `random string`. - **SECURE_LINK_SECRET**: Defines secret for the nginx config directive [secure_link_md5](https://nginx.org/en/docs/http/ngx_http_secure_link_module.html#secure_link_md5). Defaults to `random string`.
- **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `true`. - **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `true`.
- **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to random value. - **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to random value.
- **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`. - **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`.
- **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`. - **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`.
- **WOPI_ENABLED**: Specifies the enabling the wopi handlers. Defaults to `false`. - **WOPI_ENABLED**: Specifies the enabling the wopi handlers. Defaults to `false`.
- **ALLOW_META_IP_ADDRESS**: Defines if it is allowed to connect meta IP address or not. Defaults to `false`.
- **ALLOW_PRIVATE_IP_ADDRESS**: Defines if it is allowed to connect private IP address or not. Defaults to `false`.
- **USE_UNAUTHORIZED_STORAGE**: Set to `true`if using selfsigned certificates for your storage server e.g. Nextcloud. Defaults to `false` - **USE_UNAUTHORIZED_STORAGE**: Set to `true`if using selfsigned certificates for your storage server e.g. Nextcloud. Defaults to `false`
- **GENERATE_FONTS**: When 'true' regenerates fonts list and the fonts thumbnails etc. at each start. Defaults to `true` - **GENERATE_FONTS**: When 'true' regenerates fonts list and the fonts thumbnails etc. at each start. Defaults to `true`
- **METRICS_ENABLED**: Specifies the enabling StatsD for ONLYOFFICE Document Server. Defaults to `false`. - **METRICS_ENABLED**: Specifies the enabling StatsD for ONLYOFFICE Document Server. Defaults to `false`.
@ -508,6 +508,30 @@ wget https://raw.githubusercontent.com/ONLYOFFICE/Docker-CommunityServer/master/
docker-compose up -d docker-compose up -d
``` ```
## ONLYOFFICE Document Server ipv6 setup
(Works and is supported only for Linux hosts)
Docker does not currently provide ipv6 addresses to containers by default. This function is experimental now.
To set up interaction via ipv6, you need to enable support for this feature in your Docker. For this you need:
- create the `/etc/docker/daemon.json` file with the following content:
```
{
"ipv6": true,
"fixed-cidr-v6": "2001:db8:abc1::/64"
}
```
- restart docker with the following command: `systemctl restart docker`
After that, all running containers receive an ipv6 address and have an inet6 interface.
You can check your default bridge network and see the field there
`EnableIPv6=true`. A new ipv6 subnet will also be added.
For more information, visit the official [Docker manual site](https://docs.docker.com/config/daemon/ipv6/)
## Issues ## Issues
### Docker Issues ### Docker Issues

View file

@ -1,27 +0,0 @@
; supervisor config file
[inet_http_server]
port = 127.0.0.1:9001
[supervisord]
logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
childlogdir=/var/log/supervisor ; ('AUTO' child log dir, default $TEMP)
; the below section must remain in the config file for RPC
; (supervisorctl/web interface) to work, additional interfaces may be
; added by defining them in separate rpcinterface: sections
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl = http://localhost:9001 ; use a unix:// URL for a unix socket
; The [include] section can just contain the "files" setting. This
; setting can list multiple files (separated by whitespace or
; newlines). It can also contain wildcards. The filenames are
; interpreted as relative to this file. Included files *cannot*
; include files themselves.
[include]
files = /etc/supervisor/conf.d/*.conf

11
default.nix Normal file
View file

@ -0,0 +1,11 @@
{ pkgs ? (import <nixpkgs> {
config.allowUnfree = true;
}),
}:
pkgs.mkShell {
pure = true;
packages = with pkgs; [
# Choose the build tools that you need
act
];
}

View file

@ -10,6 +10,10 @@ variable "SHORTEST_TAG" {
default = "" default = ""
} }
variable "PULL_TAG" {
default = ""
}
variable "COMPANY_NAME" { variable "COMPANY_NAME" {
default = "" default = ""
} }
@ -50,6 +54,14 @@ variable "BUILD_CHANNEL" {
default = "" default = ""
} }
variable "PUSH_MAJOR" {
default = "false"
}
variable "LATEST" {
default = "false"
}
### Variables for UCS build ### Variables for UCS build
variable "BASE_IMAGE" { variable "BASE_IMAGE" {
@ -60,6 +72,14 @@ variable "PG_VERSION" {
default = "" default = ""
} }
variable "UCS_REBUILD" {
default = ""
}
variable "UCS_PREFIX" {
default = ""
}
### Variables for UCS build ### Variables for UCS build
target "documentserver" { target "documentserver" {
@ -90,7 +110,7 @@ target "documentserver-stable" {
equal("-ee",PRODUCT_EDITION) ? "docker.io/${COMPANY_NAME}4enterprise/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}": "",] equal("-ee",PRODUCT_EDITION) ? "docker.io/${COMPANY_NAME}4enterprise/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}": "",]
platforms = ["linux/amd64", "linux/arm64"] platforms = ["linux/amd64", "linux/arm64"]
args = { args = {
"TAG": "${TAG}" "PULL_TAG": "${PULL_TAG}"
"COMPANY_NAME": "${COMPANY_NAME}" "COMPANY_NAME": "${COMPANY_NAME}"
"PRODUCT_NAME": "${PRODUCT_NAME}" "PRODUCT_NAME": "${PRODUCT_NAME}"
"PRODUCT_EDITION": "${PRODUCT_EDITION}" "PRODUCT_EDITION": "${PRODUCT_EDITION}"
@ -121,7 +141,27 @@ target "documentserver-nonexample" {
tags = [ "docker.io/${COMPANY_NAME}/${PRODUCT_NAME}${PREFIX_NAME}${PRODUCT_EDITION}:${TAG}-nonexample" ] tags = [ "docker.io/${COMPANY_NAME}/${PRODUCT_NAME}${PREFIX_NAME}${PRODUCT_EDITION}:${TAG}-nonexample" ]
platforms = ["linux/amd64", "linux/arm64"] platforms = ["linux/amd64", "linux/arm64"]
args = { args = {
"TAG": "${TAG}" "PULL_TAG": "${PULL_TAG}"
"COMPANY_NAME": "${COMPANY_NAME}"
"PRODUCT_NAME": "${PRODUCT_NAME}"
"PRODUCT_EDITION": "${PRODUCT_EDITION}"
}
}
target "documentserver-stable-rebuild" {
target = "documentserver-stable-rebuild"
dockerfile = "production.dockerfile"
tags = equal("true",UCS_REBUILD) ? ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}-ucs:${TAG}",] : [
"docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
equal("",PREFIX_NAME) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTER_TAG}": "",
equal("true",PUSH_MAJOR) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTEST_TAG}": "",
equal("",PREFIX_NAME) && equal("true",LATEST) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest": "",
equal("-ee",PRODUCT_EDITION) && equal("",PREFIX_NAME) ? "docker.io/${COMPANY_NAME}4enterprise/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}": "",
]
platforms = ["linux/amd64", "linux/arm64"]
args = {
"UCS_PREFIX": "${UCS_PREFIX}"
"PULL_TAG": "${PULL_TAG}"
"COMPANY_NAME": "${COMPANY_NAME}" "COMPANY_NAME": "${COMPANY_NAME}"
"PRODUCT_NAME": "${PRODUCT_NAME}" "PRODUCT_NAME": "${PRODUCT_NAME}"
"PRODUCT_EDITION": "${PRODUCT_EDITION}" "PRODUCT_EDITION": "${PRODUCT_EDITION}"

View file

@ -46,7 +46,7 @@ services:
onlyoffice-postgresql: onlyoffice-postgresql:
container_name: onlyoffice-postgresql container_name: onlyoffice-postgresql
image: postgres:9.5 image: postgres:12
environment: environment:
- POSTGRES_DB=onlyoffice - POSTGRES_DB=onlyoffice
- POSTGRES_USER=onlyoffice - POSTGRES_USER=onlyoffice

View file

@ -1,15 +1,24 @@
### Arguments avavlivable only for FROM instruction ### ### Arguments avavlivable only for FROM instruction ###
ARG TAG=latest ARG PULL_TAG=latest
ARG COMPANY_NAME=onlyoffice ARG COMPANY_NAME=onlyoffice
ARG PRODUCT_EDITION= ARG PRODUCT_EDITION=
### Rebuild arguments
ARG UCS_PREFIX=
ARG IMAGE=${COMPANY_NAME}/documentserver${PRODUCT_EDITION}${UCS_PREFIX}:${PULL_TAG}
### Build main-release ### ### Build main-release ###
FROM ${COMPANY_NAME}/4testing-documentserver${PRODUCT_EDITION}:${TAG} as documentserver-stable FROM ${COMPANY_NAME}/4testing-documentserver${PRODUCT_EDITION}:${PULL_TAG} as documentserver-stable
### Rebuild stable images with secure updates
FROM ${IMAGE} as documentserver-stable-rebuild
RUN echo "This is rebuild" \
&& apt-get update -y \
&& apt-get upgrade -y
### Build nonexample ### ### Build nonexample ###
FROM ${COMPANY_NAME}/documentserver${PRODUCT_EDITION}:${TAG} as documentserver-nonexample FROM ${COMPANY_NAME}/documentserver${PRODUCT_EDITION}:${PULL_TAG} as documentserver-nonexample
ARG COMPANY_NAME=onlyoffice ARG COMPANY_NAME=onlyoffice
ARG PRODUCT_NAME=documentserver ARG PRODUCT_NAME=documentserver

28
run-document-server.sh Executable file → Normal file
View file

@ -3,7 +3,10 @@
umask 0022 umask 0022
function clean_exit { function clean_exit {
if [ ${ONLYOFFICE_DATA_CONTAINER} == "false" ] && \
[ ${ONLYOFFICE_DATA_CONTAINER_HOST} == "localhost" ]; then
/usr/bin/documentserver-prepare4shutdown.sh /usr/bin/documentserver-prepare4shutdown.sh
fi
} }
trap clean_exit SIGTERM trap clean_exit SIGTERM
@ -87,11 +90,13 @@ fi
[ -z $JWT_SECRET ] && JWT_MESSAGE='JWT is enabled by default. A random secret is generated automatically. Run the command "docker exec $(sudo docker ps -q) sudo documentserver-jwt-status.sh" to get information about JWT.' [ -z $JWT_SECRET ] && JWT_MESSAGE='JWT is enabled by default. A random secret is generated automatically. Run the command "docker exec $(sudo docker ps -q) sudo documentserver-jwt-status.sh" to get information about JWT.'
JWT_SECRET=${JWT_SECRET:-$(pwgen -s 20)} JWT_SECRET=${JWT_SECRET:-$(pwgen -s 32)}
JWT_HEADER=${JWT_HEADER:-Authorization} JWT_HEADER=${JWT_HEADER:-Authorization}
JWT_IN_BODY=${JWT_IN_BODY:-false} JWT_IN_BODY=${JWT_IN_BODY:-false}
WOPI_ENABLED=${WOPI_ENABLED:-false} WOPI_ENABLED=${WOPI_ENABLED:-false}
ALLOW_META_IP_ADDRESS=${ALLOW_META_IP_ADDRESS:-false}
ALLOW_PRIVATE_IP_ADDRESS=${ALLOW_PRIVATE_IP_ADDRESS:-false}
GENERATE_FONTS=${GENERATE_FONTS:-true} GENERATE_FONTS=${GENERATE_FONTS:-true}
@ -344,6 +349,12 @@ update_ds_settings(){
${JSON} -I -e "if(this.wopi===undefined)this.wopi={}" ${JSON} -I -e "if(this.wopi===undefined)this.wopi={}"
${JSON} -I -e "this.wopi.enable = true" ${JSON} -I -e "this.wopi.enable = true"
fi fi
if [ "${ALLOW_META_IP_ADDRESS}" = "true" ] || [ "${ALLOW_PRIVATE_IP_ADDRESS}" = "true" ]; then
${JSON} -I -e "if(this.services.CoAuthoring['request-filtering-agent']===undefined)this.services.CoAuthoring['request-filtering-agent']={}"
[ "${ALLOW_META_IP_ADDRESS}" = "true" ] && ${JSON} -I -e "this.services.CoAuthoring['request-filtering-agent'].allowMetaIPAddress = true"
[ "${ALLOW_PRIVATE_IP_ADDRESS}" = "true" ] && ${JSON} -I -e "this.services.CoAuthoring['request-filtering-agent'].allowPrivateIPAddress = true"
fi
} }
create_postgresql_cluster(){ create_postgresql_cluster(){
@ -358,9 +369,8 @@ create_postgresql_cluster(){
} }
create_postgresql_db(){ create_postgresql_db(){
sudo -u postgres psql -c "CREATE DATABASE $DB_NAME;"
sudo -u postgres psql -c "CREATE USER $DB_USER WITH password '"$DB_PWD"';" sudo -u postgres psql -c "CREATE USER $DB_USER WITH password '"$DB_PWD"';"
sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE $DB_NAME TO $DB_USER;" sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_USER;"
} }
create_db_tbl() { create_db_tbl() {
@ -492,15 +502,6 @@ update_nginx_settings(){
documentserver-update-securelink.sh -s ${SECURE_LINK_SECRET:-$(pwgen -s 20)} -r false documentserver-update-securelink.sh -s ${SECURE_LINK_SECRET:-$(pwgen -s 20)} -r false
} }
update_supervisor_settings(){
# Copy modified supervisor start script
cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisor /etc/init.d/
# Copy modified supervisor config
cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
sed "s/COMPANY_NAME/${COMPANY_NAME}/g" -i ${SYSCONF_TEMPLATES_DIR}/supervisor/ds/*.conf
cp ${SYSCONF_TEMPLATES_DIR}/supervisor/ds/*.conf etc/supervisor/conf.d/
}
update_log_settings(){ update_log_settings(){
${JSON_LOG} -I -e "this.categories.default.level = '${DS_LOG_LEVEL}'" ${JSON_LOG} -I -e "this.categories.default.level = '${DS_LOG_LEVEL}'"
} }
@ -601,7 +602,7 @@ else
update_welcome_page update_welcome_page
fi fi
find /etc/${COMPANY_NAME} -exec chown ds:ds {} \; find /etc/${COMPANY_NAME} ! -path '*logrotate*' -exec chown ds:ds {} \;
#start needed local services #start needed local services
for i in ${LOCAL_SERVICES[@]}; do for i in ${LOCAL_SERVICES[@]}; do
@ -627,7 +628,6 @@ if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then
update_nginx_settings update_nginx_settings
update_supervisor_settings
service supervisor start service supervisor start
# start cron to enable log rotating # start cron to enable log rotating

35
tests/postgres.yml Normal file
View file

@ -0,0 +1,35 @@
version: '2.1'
services:
onlyoffice-documentserver:
container_name: onlyoffice-documentserver
build:
context: ../.
depends_on:
- onlyoffice-postgresql
environment:
- DB_TYPE=${DB_TYPE:-postgres}
- DB_HOST=${DB_HOST:-onlyoffice-postgresql}
- DB_PORT=${DB_PORT:-5432}
- DB_NAME=${DB_NAME:-onlyoffice}
- DB_USER=${DB_USER:-onlyoffice}
- DB_PWD=${DB_PWD:-onlyoffice}
stdin_open: true
restart: always
ports:
- '80:80'
onlyoffice-postgresql:
container_name: onlyoffice-postgresql
image: postgres:${POSTGRES_VERSION:-12}
environment:
- POSTGRES_DB=${POSTGRES_DB:-onlyoffice}
- POSTGRES_USER=${POSTGRES_USER:-onlyoffice}
- POSTGRES_HOST_AUTH_METHOD=${POSTGRES_HOST_AUTH_METHOD:-trust}
restart: always
expose:
- '5432'
volumes:
- postgresql_data:/var/lib/postgresql
volumes:
postgresql_data:

46
tests/prometheus.yml Normal file
View file

@ -0,0 +1,46 @@
version: '2.1'
services:
onlyoffice-documentserver:
container_name: onlyoffice-documentserver
build:
context: ../.
depends_on:
- onlyoffice-statsd-exporter
environment:
- METRICS_ENABLED=${METRICS_ENABLED:-true}
- METRICS_HOST=${METRICS_HOST:-onlyoffice-statsd-exporter}
- METRICS_PORT=${METRICS_PORT:-9125}
- METRICS_PREFIX=${METRICS_PREFIX:-ds.}
stdin_open: true
restart: always
ports:
- '80:80'
onlyoffice-statsd-exporter:
container_name: onlyoffice-statsd-exporter
image: prom/statsd-exporter
command: --statsd.event-flush-interval=30000ms
ports:
- '9102:9102'
- '9125:9125/tcp'
- '9125:9125/udp'
onlyoffice-prometheus:
container_name: onlyoffice-prometheus
image: prom/prometheus
ports:
- '9090:9090'
volumes:
- ./prometheus/prometheus-scrape/statsd-exporter.yml:/etc/prometheus/prometheus.yml
grafana:
container_name: onlyoffice-grafana
image: bitnami/grafana
ports:
- '3000:3000'
environment:
- 'GF_SECURITY_ADMIN_PASSWORD=G0pGE4'
volumes:
- ./prometheus/grafana/conf/prometheus.yml:/opt/bitnami/grafana/conf/provisioning/datasources/prometheus.yml
- ./prometheus/grafana/conf/default-provider.yaml:/opt/bitnami/grafana/conf/provisioning/dashboards/default-provider.yaml
- ./prometheus/grafana/dashboards:/opt/bitnami/grafana/dashboards

View file

@ -0,0 +1,23 @@
apiVersion: 1
providers:
# <string> an unique provider name
- name: 'default-provider'
# <int> org id. will default to orgId 1 if not specified
orgId: 1
# <string, required> name of the dashboard folder. Required
folder: dashboards
# <string> folder UID. will be automatically generated if not specified
folderUid: ''
# <string, required> provider type. Required
type: file
# <bool> disable dashboard deletion
disableDeletion: false
# <bool> enable dashboard editing
editable: true
# <int> how often Grafana will scan for changed dashboards
updateIntervalSeconds: 10
options:
# <string, required> path to dashboard files on disk. Required
path: /opt/bitnami/grafana/dashboards
# <bool> enable folders creation for dashboards
#foldersFromFilesStructure: true

View file

@ -0,0 +1,6 @@
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
url: http://onlyoffice-prometheus:9090
editable: true

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,6 @@
scrape_configs:
- job_name: 'statsd'
scrape_interval: 30s
static_configs:
- targets:
- onlyoffice-statsd-exporter:9102