Merge branch 'release/v3.7.3'

passbolt · Nov 4, 2022 · 0ea73b9 · 0ea73b9
2 parents 75a4b5a + 22e5889
commit 0ea73b9
Show file tree

Hide file tree

Showing 11 changed files with 95 additions and 29 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,20 @@
+on:
+  push:
+    tags:
+      - '*'
+jobs:
+  create-shasums:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v3
+      - run: |
+          cd docker-compose
+          sha512sum docker-compose-ce.yaml > docker-compose-ce-SHA512SUM.txt &&
+          sha512sum docker-compose-pro.yaml > docker-compose-pro-SHA512SUM.txt &&
+          sha512sum docker-compose-dev.yaml > docker-compose-dev-SHA512SUM.txt &&
+          sha512sum docker-compose-ce-postgresql.yaml > docker-compose-ce-postgresql-SHA512SUM.txt
+      - uses: ncipollo/release-action@v1
+        with:
+          artifacts: "docker-compose/docker-compose-*.yaml, docker-compose/*SHA512SUM.txt"
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -11,10 +11,12 @@ stages:
   - test-vulnerabilities
   - test
   - publish
+  - upload-assets
 
 include:
   - local: '/.gitlab-ci/Jobs/build_image.yml'
   - local: '/.gitlab-ci/Jobs/container_security_scan.yml'
   - local: '/.gitlab-ci/Jobs/test_vulnerabilities.yaml'
   - local: '/.gitlab-ci/Jobs/test_images.yaml'
   - local: '/.gitlab-ci/Jobs/publish.yaml'
+  - local: '/.gitlab-ci/Jobs/docker-compose-file-upload.yml'
diff --git a/.gitlab-ci/Jobs/docker-compose-file-upload.yml b/.gitlab-ci/Jobs/docker-compose-file-upload.yml
@@ -0,0 +1,28 @@
+.upload-files:
+  stage: upload-assets
+  image: registry.gitlab.com/passbolt/passbolt-ci-docker-images/gcloud
+  variables:
+    BUCKET: "gs://download.passbolt.com"
+    PREFIX: "ce/docker"
+  before_script:
+    gcloud auth activate-service-account --key-file "$BUCKET_SVC_ACC"
+  after_script:
+    gsutil -m setmeta -r -h "Content-Type:text/html" \
+      -h "Cache-Control:no-cache" \
+      "gs://$BUCKET/$PREFIX/*"
+  rules:
+    - if: '$CI_COMMIT_TAG != null'
+
+upload-ce-files:
+  extends: .upload-files
+  script: |
+    gsutil cp docker-compose/docker-compose-ce.yaml "$BUCKET/$PREFIX/docker-compose-ce.yaml"
+    gsutil cp docker-compose/docker-compose-ce-postgresql.yaml "$BUCKET/$PREFIX/docker-compose-ce-postgresql.yaml"
+        
+upload-pro-files:
+  extends: .upload-files
+  variables:
+    BUCKET: "gs://download.passbolt.com"
+    PREFIX: "pro/docker"
+  script: |
+    gsutil cp docker-compose/docker-compose-pro.yaml "$BUCKET/$PREFIX/docker-compose-pro.yaml"
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,28 +2,38 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
-## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v3.5.0...HEAD)
+## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v3.7.3...HEAD)
 
-## [3.5.0](https://github.com/passbolt/passbolt_docker/compare/v3.4.0...v3.5.0) - 2022-01-18
+## [3.7.3](https://github.com/passbolt/passbolt_docker/compare/v3.0.2...v3.7.3) - 2022-11-04
 
-- This is a sync release. Check [changes](https://github.com/passbolt/passbolt_api/compare/v3.4.0...v3.5.0) for passbolt_api
-
-## [3.4.0](https://github.com/passbolt/passbolt_docker/compare/v3.3.0...v3.4.0) - 2021-12-07
-
-- This is a sync release. Check [changes](https://github.com/passbolt/passbolt_api/compare/v3.3.0...v3.4.0) for passbolt_api
-
-## [3.3.0](https://github.com/passbolt/passbolt_docker/compare/v3.2.0...v3.3.0) - 2021-10-27
-
-- This is a sync release. Check [changes](https://github.com/passbolt/passbolt_api/compare/v3.2.0...v3.3.0) for passbolt_api
-
-## [3.2.0](https://github.com/passbolt/passbolt_docker/compare/v3.1.0...v3.2.0) - 2021-05-31
-
-- This is a sync release. Check [changes](https://github.com/passbolt/passbolt_api/compare/v3.1.0...v3.2.0) for passbolt_api
-
-## [3.1.0](https://github.com/passbolt/passbolt_docker/compare/v3.0.2...v3.1.0) - 2021-03-18
+### Added
 
-- This is a sync release. Check [changes](https://github.com/passbolt/passbolt_api/compare/v3.0.2...v3.1.0) for passbolt_api
+- PB-19792 add github actions to automate release creation
 - Fix dev Dockerfile ln command syntax
+- PB-19311: directory sync command on entrypoint for pro
+- PB-14006: docker-compose file for postgresql
+- Add new subscription file machinery
+- Add pro dependencies
+
+### Changed 
+- Default key length from 2048 to 3072
+- Bump php version to 8 on dev Dockerfile
+- PB-14373 fix composer files
+- PB-14373 use relative paths on build field
+- PB-14373 bump php version to 7.4
+- PB-14111: Set https://passbolt.local as APP_FULL_BASE_URL
+- PB-13681 add subaltname parameter on the automatic certs
+- PB-13552 check jwt variable before executing create_jwt_keys
+- PB-13533 add create_jwt_keys in the entrypoint
+- PB-13533 remove jwt keys during build
+- Security upgrade php from 7.3.31-fpm to 7.3.33-fpm
+- Refactor dockerfile args and vars
+- PB-9399 fix ipv6 http port on rootless image
+- Security upgrade php from 7.3.30-fpm to 7-fpm
+- PB-8416 Use debian 11 image as base image.
+- Fix deprecated license path
+- Add PASSBOLT_FLAVOUR env variable
+- Fix ln command syntax
 
 ## [3.0.2](https://github.com/passbolt/passbolt_docker/compare/v3.0.1...v3.0.2) - 2021-03-12
 

diff --git a/README.md b/README.md
@@ -106,8 +106,8 @@ Passbolt docker image provides several environment variables to configure differ
 | EMAIL_TRANSPORT_DEFAULT_TLS         | Set tls                                                                   | null
 | EMAIL_TRANSPORT_DEFAULT_URL         | Set url                                                                   | null
 | GNUPGHOME                           | path to gnupghome directory                                               | /var/lib/passbolt/.gnupg
-| PASSBOLT_KEY_LENGTH                 | Gpg desired key length                                                    | 2048
-| PASSBOLT_SUBKEY_LENGTH              | Gpg desired subkey length                                                 | 2048
+| PASSBOLT_KEY_LENGTH                 | Gpg desired key length                                                    | 3072
+| PASSBOLT_SUBKEY_LENGTH              | Gpg desired subkey length                                                 | 3072
 | PASSBOLT_KEY_NAME                   | Key owner name                                                            | Passbolt default user
 | PASSBOLT_KEY_EMAIL                  | Key owner email address                                                   | [email protected]
 | PASSBOLT_KEY_EXPIRATION             | Key expiration date                                                       | 0, never expires

diff --git a/debian/bin/docker-entrypoint.sh b/debian/bin/docker-entrypoint.sh
@@ -39,8 +39,8 @@ EOF
 gpg_gen_key() {
   key_email="${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com}"
   key_name="${PASSBOLT_KEY_NAME:-Passbolt default user}"
-  key_length="${PASSBOLT_KEY_LENGTH:-2048}"
-  subkey_length="${PASSBOLT_SUBKEY_LENGTH:-2048}"
+  key_length="${PASSBOLT_KEY_LENGTH:-3072}"
+  subkey_length="${PASSBOLT_SUBKEY_LENGTH:-3072}"
   expiration="${PASSBOLT_KEY_EXPIRATION:-0}"
 
   entropy_check

diff --git a/debian/bin/docker-entrypoint.sh.rootless b/debian/bin/docker-entrypoint.sh.rootless
@@ -39,8 +39,8 @@ EOF
 gpg_gen_key() {
   key_email="${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com}"
   key_name="${PASSBOLT_KEY_NAME:-Passbolt default user}"
-  key_length="${PASSBOLT_KEY_LENGTH:-2048}"
-  subkey_length="${PASSBOLT_SUBKEY_LENGTH:-2048}"
+  key_length="${PASSBOLT_KEY_LENGTH:-3072}"
+  subkey_length="${PASSBOLT_SUBKEY_LENGTH:-3072}"
   expiration="${PASSBOLT_KEY_EXPIRATION:-0}"
 
   entropy_check

diff --git a/dev/Dockerfile b/dev/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:7.4-fpm
+FROM php:8-fpm
 
 LABEL maintainer="Passbolt SA <[email protected]>"
 

diff --git a/dev/bin/docker-entrypoint.sh b/dev/bin/docker-entrypoint.sh
@@ -38,8 +38,8 @@ EOF
 gpg_gen_key() {
   key_email="${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com}"
   key_name="${PASSBOLT_KEY_NAME:-Passbolt default user}"
-  key_length="${PASSBOLT_KEY_LENGTH:-2048}"
-  subkey_length="${PASSBOLT_SUBKEY_LENGTH:-2048}"
+  key_length="${PASSBOLT_KEY_LENGTH:-3072}"
+  subkey_length="${PASSBOLT_SUBKEY_LENGTH:-3072}"
   expiration="${PASSBOLT_KEY_EXPIRATION:-0}"
 
   entropy_check

diff --git a/docker-compose/docker-compose-dev.yml → docker-compose/docker-compose-dev.yaml b/docker-compose/docker-compose-dev.yml → docker-compose/docker-compose-dev.yaml
diff --git a/docker-compose/docker-compose-pro.yaml b/docker-compose/docker-compose-pro.yaml
@@ -27,8 +27,14 @@ services:
     volumes:
       - gpg_volume:/etc/passbolt/gpg
       - jwt_volume:/etc/passbolt/jwt
-      - ./subscription_key.txt:/etc/passbolt/subscription_key.txt:ro
-    command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"]
+      - ${PWD}/subscription_key.txt:/etc/passbolt/subscription_key.txt:ro
+    command:
+      - /bin/bash
+      - -c
+      - |
+        # Uncomment line below if you are using ldap sync. Change '* * * * *' to your preferred sync schedule. More info: https://en.wikipedia.org/wiki/Cron
+        # echo '* * * * * www-data exec /bin/bash -c "source /etc/environment && /usr/share/php/passbolt/bin/cake directory_sync all" >> /var/log/cron.log 2>&1' >> /etc/cron.d/passbolt-pro-server
+        /usr/bin/wait-for.sh -t 0 db:3306 -- /docker-entrypoint.sh
     ports:
       - 80:80
       - 443:443