From 39df5a5a033e15549379db41e7df4a92153bab1c Mon Sep 17 00:00:00 2001
From: Gerold MOUGENEL <gerold@passbolt.com>
Date: Thu, 25 Aug 2022 12:28:00 +0200
Subject: [PATCH 1/7] Changed: PB-16780 changed default key length from 2048 to
 3072

---
 README.md                                | 4 ++--
 debian/bin/docker-entrypoint.sh          | 4 ++--
 debian/bin/docker-entrypoint.sh.rootless | 4 ++--
 dev/bin/docker-entrypoint.sh             | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 37aba1a..f9d565c 100644
--- a/README.md
+++ b/README.md
@@ -106,8 +106,8 @@ Passbolt docker image provides several environment variables to configure differ
 | EMAIL_TRANSPORT_DEFAULT_TLS         | Set tls                                                                   | null
 | EMAIL_TRANSPORT_DEFAULT_URL         | Set url                                                                   | null
 | GNUPGHOME                           | path to gnupghome directory                                               | /var/lib/passbolt/.gnupg
-| PASSBOLT_KEY_LENGTH                 | Gpg desired key length                                                    | 2048
-| PASSBOLT_SUBKEY_LENGTH              | Gpg desired subkey length                                                 | 2048
+| PASSBOLT_KEY_LENGTH                 | Gpg desired key length                                                    | 3072
+| PASSBOLT_SUBKEY_LENGTH              | Gpg desired subkey length                                                 | 3072
 | PASSBOLT_KEY_NAME                   | Key owner name                                                            | Passbolt default user
 | PASSBOLT_KEY_EMAIL                  | Key owner email address                                                   | passbolt@yourdomain.com
 | PASSBOLT_KEY_EXPIRATION             | Key expiration date                                                       | 0, never expires
diff --git a/debian/bin/docker-entrypoint.sh b/debian/bin/docker-entrypoint.sh
index 6b5e01a..996fdc7 100755
--- a/debian/bin/docker-entrypoint.sh
+++ b/debian/bin/docker-entrypoint.sh
@@ -39,8 +39,8 @@ EOF
 gpg_gen_key() {
   key_email="${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com}"
   key_name="${PASSBOLT_KEY_NAME:-Passbolt default user}"
-  key_length="${PASSBOLT_KEY_LENGTH:-2048}"
-  subkey_length="${PASSBOLT_SUBKEY_LENGTH:-2048}"
+  key_length="${PASSBOLT_KEY_LENGTH:-3072}"
+  subkey_length="${PASSBOLT_SUBKEY_LENGTH:-3072}"
   expiration="${PASSBOLT_KEY_EXPIRATION:-0}"
 
   entropy_check
diff --git a/debian/bin/docker-entrypoint.sh.rootless b/debian/bin/docker-entrypoint.sh.rootless
index 02ec866..c4cb1d5 100755
--- a/debian/bin/docker-entrypoint.sh.rootless
+++ b/debian/bin/docker-entrypoint.sh.rootless
@@ -39,8 +39,8 @@ EOF
 gpg_gen_key() {
   key_email="${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com}"
   key_name="${PASSBOLT_KEY_NAME:-Passbolt default user}"
-  key_length="${PASSBOLT_KEY_LENGTH:-2048}"
-  subkey_length="${PASSBOLT_SUBKEY_LENGTH:-2048}"
+  key_length="${PASSBOLT_KEY_LENGTH:-3072}"
+  subkey_length="${PASSBOLT_SUBKEY_LENGTH:-3072}"
   expiration="${PASSBOLT_KEY_EXPIRATION:-0}"
 
   entropy_check
diff --git a/dev/bin/docker-entrypoint.sh b/dev/bin/docker-entrypoint.sh
index a7bb533..e6ade75 100755
--- a/dev/bin/docker-entrypoint.sh
+++ b/dev/bin/docker-entrypoint.sh
@@ -38,8 +38,8 @@ EOF
 gpg_gen_key() {
   key_email="${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com}"
   key_name="${PASSBOLT_KEY_NAME:-Passbolt default user}"
-  key_length="${PASSBOLT_KEY_LENGTH:-2048}"
-  subkey_length="${PASSBOLT_SUBKEY_LENGTH:-2048}"
+  key_length="${PASSBOLT_KEY_LENGTH:-3072}"
+  subkey_length="${PASSBOLT_SUBKEY_LENGTH:-3072}"
   expiration="${PASSBOLT_KEY_EXPIRATION:-0}"
 
   entropy_check

From fe10844d0a26907d8c6a8f3fc8f059ad194d8c94 Mon Sep 17 00:00:00 2001
From: Diego Lendoiro <diego@passbolt.com>
Date: Thu, 29 Sep 2022 14:18:37 +0200
Subject: [PATCH 2/7] Changed: bump php version to 8 on dev Dockerfile

---
 dev/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev/Dockerfile b/dev/Dockerfile
index 7638284..e3d78d7 100644
--- a/dev/Dockerfile
+++ b/dev/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:7.4-fpm
+FROM php:8-fpm
 
 LABEL maintainer="Passbolt SA <contact@passbolt.com>"
 

From 2a62c8fbc58caaedd71a31d148267433ea46032f Mon Sep 17 00:00:00 2001
From: Diego Lendoiro <diego@passbolt.com>
Date: Thu, 13 Oct 2022 08:55:35 +0200
Subject: [PATCH 3/7] PB-19311: Add directory sync command on entrypoint for
 pro

---
 docker-compose/docker-compose-pro.yaml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/docker-compose/docker-compose-pro.yaml b/docker-compose/docker-compose-pro.yaml
index 8b6dbf5..f7e27c5 100644
--- a/docker-compose/docker-compose-pro.yaml
+++ b/docker-compose/docker-compose-pro.yaml
@@ -28,7 +28,12 @@ services:
       - gpg_volume:/etc/passbolt/gpg
       - jwt_volume:/etc/passbolt/jwt
       - ./subscription_key.txt:/etc/passbolt/subscription_key.txt:ro
-    command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"]
+    command:
+      - /bin/bash
+      - -c
+      - |
+        echo '0 0 * * * www-data exec /bin/bash -c "/usr/share/php/passbolt/bin/cake directory_sync all" >> /var/log/cron.log 2>&1' >> /etc/cron.d/passbolt-ce-server
+        /usr/bin/wait-for.sh -t 0 db:3306 -- /docker-entrypoint.sh
     ports:
       - 80:80
       - 443:443

From 9c41fd51eba51f263785532eb9c9933bc735b91b Mon Sep 17 00:00:00 2001
From: Diego Lendoiro <diego@passbolt.com>
Date: Fri, 14 Oct 2022 11:19:24 +0200
Subject: [PATCH 4/7] PB-19311: source environment before dir syncing and add a
 comment for ldap users

---
 docker-compose/docker-compose-pro.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/docker-compose/docker-compose-pro.yaml b/docker-compose/docker-compose-pro.yaml
index f7e27c5..131a60d 100644
--- a/docker-compose/docker-compose-pro.yaml
+++ b/docker-compose/docker-compose-pro.yaml
@@ -27,12 +27,13 @@ services:
     volumes:
       - gpg_volume:/etc/passbolt/gpg
       - jwt_volume:/etc/passbolt/jwt
-      - ./subscription_key.txt:/etc/passbolt/subscription_key.txt:ro
+      - ${PWD}/subscription_key.txt:/etc/passbolt/subscription_key.txt:ro
     command:
       - /bin/bash
       - -c
       - |
-        echo '0 0 * * * www-data exec /bin/bash -c "/usr/share/php/passbolt/bin/cake directory_sync all" >> /var/log/cron.log 2>&1' >> /etc/cron.d/passbolt-ce-server
+        # Uncomment line below if you are using ldap sync. Change '* * * * *' to your preferred sync schedule. More info: https://en.wikipedia.org/wiki/Cron
+        # echo '* * * * * www-data exec /bin/bash -c "source /etc/environment && /usr/share/php/passbolt/bin/cake directory_sync all" >> /var/log/cron.log 2>&1' >> /etc/cron.d/passbolt-pro-server
         /usr/bin/wait-for.sh -t 0 db:3306 -- /docker-entrypoint.sh
     ports:
       - 80:80

From 77033ec333c080be9c5e898619aa3a0d449380d6 Mon Sep 17 00:00:00 2001
From: Daniel Del Rio <daniel@passbolt.com>
Date: Thu, 3 Nov 2022 15:52:45 +0000
Subject: [PATCH 5/7] PB-19792 add github actions to automate release creation

---
 .github/workflows/release.yaml                | 20 +++++++++++++++++++
 ...ompose-dev.yml => docker-compose-dev.yaml} |  0
 2 files changed, 20 insertions(+)
 create mode 100644 .github/workflows/release.yaml
 rename docker-compose/{docker-compose-dev.yml => docker-compose-dev.yaml} (100%)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
new file mode 100644
index 0000000..543b87e
--- /dev/null
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,20 @@
+on:
+  push:
+    tags:
+      - '*'
+jobs:
+  create-shasums:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v3
+      - run: |
+          cd docker-compose
+          sha512sum docker-compose-ce.yaml > docker-compose-ce-SHA512SUM.txt &&
+          sha512sum docker-compose-pro.yaml > docker-compose-pro-SHA512SUM.txt &&
+          sha512sum docker-compose-dev.yaml > docker-compose-dev-SHA512SUM.txt &&
+          sha512sum docker-compose-ce-postgresql.yaml > docker-compose-ce-postgresql-SHA512SUM.txt
+      - uses: ncipollo/release-action@v1
+        with:
+          artifacts: "docker-compose/docker-compose-*.yaml, docker-compose/*SHA512SUM.txt"
diff --git a/docker-compose/docker-compose-dev.yml b/docker-compose/docker-compose-dev.yaml
similarity index 100%
rename from docker-compose/docker-compose-dev.yml
rename to docker-compose/docker-compose-dev.yaml

From b66ae2ce7a76fec5d74ef0a864df6379308e1832 Mon Sep 17 00:00:00 2001
From: Daniel Del Rio <daniel@passbolt.com>
Date: Fri, 4 Nov 2022 09:45:16 +0000
Subject: [PATCH 6/7] PB-19792 add upload process for docker-compose files

---
 .gitlab-ci.yml                                |  2 ++
 .../Jobs/docker-compose-file-upload.yml       | 28 +++++++++++++++++++
 2 files changed, 30 insertions(+)
 create mode 100644 .gitlab-ci/Jobs/docker-compose-file-upload.yml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 229e355..1120a0a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -11,6 +11,7 @@ stages:
   - test-vulnerabilities
   - test
   - publish
+  - upload-assets
 
 include:
   - local: '/.gitlab-ci/Jobs/build_image.yml'
@@ -18,3 +19,4 @@ include:
   - local: '/.gitlab-ci/Jobs/test_vulnerabilities.yaml'
   - local: '/.gitlab-ci/Jobs/test_images.yaml'
   - local: '/.gitlab-ci/Jobs/publish.yaml'
+  - local: '/.gitlab-ci/Jobs/docker-compose-file-upload.yml'
diff --git a/.gitlab-ci/Jobs/docker-compose-file-upload.yml b/.gitlab-ci/Jobs/docker-compose-file-upload.yml
new file mode 100644
index 0000000..7969bd7
--- /dev/null
+++ b/.gitlab-ci/Jobs/docker-compose-file-upload.yml
@@ -0,0 +1,28 @@
+.upload-files:
+  stage: upload-assets
+  image: registry.gitlab.com/passbolt/passbolt-ci-docker-images/gcloud
+  variables:
+    BUCKET: "gs://download.passbolt.com"
+    PREFIX: "ce/docker"
+  before_script:
+    gcloud auth activate-service-account --key-file "$BUCKET_SVC_ACC"
+  after_script:
+    gsutil -m setmeta -r -h "Content-Type:text/html" \
+      -h "Cache-Control:no-cache" \
+      "gs://$BUCKET/$PREFIX/*"
+  rules:
+    - if: '$CI_COMMIT_TAG != null'
+    
+upload-ce-files:
+  extends: .upload-files
+  script: |
+    gsutil cp docker-compose/docker-compose-ce.yaml "$BUCKET/$PREFIX/docker-compose-ce.yaml"
+    gsutil cp docker-compose/docker-compose-ce-postgresql.yaml "$BUCKET/$PREFIX/docker-compose-ce-postgresql.yaml"
+        
+upload-pro-files:
+  extends: .upload-files
+  variables:
+    BUCKET: "gs://download.passbolt.com"
+    PREFIX: "pro/docker"
+  script: |
+    gsutil cp docker-compose/docker-compose-pro.yaml "$BUCKET/$PREFIX/docker-compose-pro.yaml"

From 22e58899cf84187ba21fff2c4528cbdfbc5d073c Mon Sep 17 00:00:00 2001
From: Daniel Del Rio Figueira <d.delrio.figueira@gmail.com>
Date: Fri, 4 Nov 2022 11:20:15 +0100
Subject: [PATCH 7/7] PB-19792 update changelog for 3.7.3 with old changes also

---
 CHANGELOG.md | 46 ++++++++++++++++++++++++++++------------------
 1 file changed, 28 insertions(+), 18 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 942a82f..796b859 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,28 +2,38 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
-## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v3.5.0...HEAD)
+## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v3.7.3...HEAD)
 
-## [3.5.0](https://github.com/passbolt/passbolt_docker/compare/v3.4.0...v3.5.0) - 2022-01-18
+## [3.7.3](https://github.com/passbolt/passbolt_docker/compare/v3.0.2...v3.7.3) - 2022-11-04
 
-- This is a sync release. Check [changes](https://github.com/passbolt/passbolt_api/compare/v3.4.0...v3.5.0) for passbolt_api
-
-## [3.4.0](https://github.com/passbolt/passbolt_docker/compare/v3.3.0...v3.4.0) - 2021-12-07
-
-- This is a sync release. Check [changes](https://github.com/passbolt/passbolt_api/compare/v3.3.0...v3.4.0) for passbolt_api
-
-## [3.3.0](https://github.com/passbolt/passbolt_docker/compare/v3.2.0...v3.3.0) - 2021-10-27
-
-- This is a sync release. Check [changes](https://github.com/passbolt/passbolt_api/compare/v3.2.0...v3.3.0) for passbolt_api
-
-## [3.2.0](https://github.com/passbolt/passbolt_docker/compare/v3.1.0...v3.2.0) - 2021-05-31
-
-- This is a sync release. Check [changes](https://github.com/passbolt/passbolt_api/compare/v3.1.0...v3.2.0) for passbolt_api
-
-## [3.1.0](https://github.com/passbolt/passbolt_docker/compare/v3.0.2...v3.1.0) - 2021-03-18
+### Added
 
-- This is a sync release. Check [changes](https://github.com/passbolt/passbolt_api/compare/v3.0.2...v3.1.0) for passbolt_api
+- PB-19792 add github actions to automate release creation
 - Fix dev Dockerfile ln command syntax
+- PB-19311: directory sync command on entrypoint for pro
+- PB-14006: docker-compose file for postgresql
+- Add new subscription file machinery
+- Add pro dependencies
+
+### Changed 
+- Default key length from 2048 to 3072
+- Bump php version to 8 on dev Dockerfile
+- PB-14373 fix composer files
+- PB-14373 use relative paths on build field
+- PB-14373 bump php version to 7.4
+- PB-14111: Set https://passbolt.local as APP_FULL_BASE_URL
+- PB-13681 add subaltname parameter on the automatic certs
+- PB-13552 check jwt variable before executing create_jwt_keys
+- PB-13533 add create_jwt_keys in the entrypoint
+- PB-13533 remove jwt keys during build
+- Security upgrade php from 7.3.31-fpm to 7.3.33-fpm
+- Refactor dockerfile args and vars
+- PB-9399 fix ipv6 http port on rootless image
+- Security upgrade php from 7.3.30-fpm to 7-fpm
+- PB-8416 Use debian 11 image as base image.
+- Fix deprecated license path
+- Add PASSBOLT_FLAVOUR env variable
+- Fix ln command syntax
 
 ## [3.0.2](https://github.com/passbolt/passbolt_docker/compare/v3.0.1...v3.0.2) - 2021-03-12