Compare commits
18 Commits
feature/cu
...
master
Author | SHA1 | Date | |
---|---|---|---|
bf0ef9e17d | |||
|
013a497dab | ||
f795f619bc | |||
9cc902be7e | |||
71afb4bc3a | |||
|
75d3548bc7 | ||
|
1b1be72fdd | ||
339a2cc1c9 | |||
fd3517fc8e | |||
8cd68c2cfa | |||
6f069fe4d1 | |||
c2a3b46e12 | |||
7bf4b77ec3 | |||
|
a400806726 | ||
c9488e3e1a | |||
2debedcfba | |||
|
7d4dd0da2b | ||
2785f092ce |
89
.github/scripts/release-docspace.sh
vendored
Executable file
89
.github/scripts/release-docspace.sh
vendored
Executable file
@ -0,0 +1,89 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -e
|
||||
|
||||
function get_colors() {
|
||||
COLOR_BLUE=$'\e[34m'
|
||||
COLOR_GREEN=$'\e[32m'
|
||||
COLOR_RED=$'\e[31m'
|
||||
COLOR_RESET=$'\e[0m'
|
||||
COLOR_YELLOW=$'\e[33m'
|
||||
export COLOR_BLUE
|
||||
export COLOR_GREEN
|
||||
export COLOR_RED
|
||||
export COLOR_RESET
|
||||
export COLOR_YELLOW
|
||||
}
|
||||
|
||||
function release_service() {
|
||||
|
||||
# ex. service_source_tag=onlyoffice/4testing-docspace-service-name:2.5.1.1473
|
||||
local service_source_tag=${1}
|
||||
|
||||
echo ${service_source_tag}
|
||||
|
||||
# ex. service_release_tag=onlyoffice/docspace-service-name:2.5.1.1
|
||||
# NOTE: latest tag also will be updated
|
||||
local service_release_tag
|
||||
service_release_tag=$(echo ${service_source_tag%:*} | sed 's/4testing-//')
|
||||
|
||||
# If specifyed tag look like 2.5.1.1 it will release like 3 different tags: 2.5.1 2.5.1.1 latest
|
||||
# Make new image manigest and push it to stable images repository
|
||||
|
||||
docker buildx imagetools create --tag ${service_release_tag}:${RELEASE_VERSION%.*} \
|
||||
--tag ${service_release_tag}:${RELEASE_VERSION} \
|
||||
--tag ${service_release_tag}:latest \
|
||||
${service_source_tag} || local STATUS=$?
|
||||
|
||||
# Make alert
|
||||
if [[ ! ${STATUS} ]]; then
|
||||
RELEASED_SERVICES+=("${service_release_tag}")
|
||||
else
|
||||
UNRELEASED_SERVICES+=("${service_release_tag}")
|
||||
fi
|
||||
}
|
||||
|
||||
function main() {
|
||||
# Import all colors
|
||||
get_colors
|
||||
|
||||
# Make released|unreleased array
|
||||
RELEASED_SERVICES=()
|
||||
UNRELEASED_SERVICES=()
|
||||
|
||||
# REPO mean hub.docker repo owner ex. onlyoffice
|
||||
: "${REPO:?Should be set}"
|
||||
|
||||
# DOCKER_TAG mean tag from 4testing ex. 2.6.1.3123
|
||||
: "${DOCKER_TAG:?Should be set}"
|
||||
|
||||
# RELEASED_VERSION mean tag for stable repo 2.6.1.1
|
||||
: "${RELEASE_VERSION:?Should be set}"
|
||||
|
||||
# DOCKER_IMAGE_PREFIX mean tag prefix ex. 4testing-docspace
|
||||
: "${DOCKER_IMAGE_PREFIX:?Should be set}"
|
||||
|
||||
cd ${GITHUB_WORKSPACE}/install/docker
|
||||
|
||||
SERVICES=($(docker buildx bake -f build.yml --print | jq -r '.target | .[] | .tags[]'))
|
||||
echo ${SERVICES[@]}
|
||||
for service in ${SERVICES[@]}; do
|
||||
release_service ${service}
|
||||
done
|
||||
|
||||
# Output Result
|
||||
echo "Released services"
|
||||
for service in ${RELEASED_SERVICES[@]}; do
|
||||
echo "${COLOR_GREEN}${service}${COLOR_RESET}"
|
||||
done
|
||||
|
||||
# PANIC IF SOME SERVICE WASNT RELEASE
|
||||
if [[ -n ${UNRELEASED_SERVICES} ]]; then
|
||||
for service in ${UNRELEASED_SERVICES[@]}; do
|
||||
echo "${COLOR_RED}PANIC: Service ${service} wasn't relese!${COLOR_RED}"
|
||||
done
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
main
|
68
.github/workflows/ci-oci-docker-install.yml
vendored
Normal file
68
.github/workflows/ci-oci-docker-install.yml
vendored
Normal file
@ -0,0 +1,68 @@
|
||||
name: Install OneClickInstall Docker
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
types: [opened, reopened, synchronize]
|
||||
paths:
|
||||
- '.github/workflows/ci-oci-docker-install.yml'
|
||||
- 'install/OneClickInstall/install-Docker.sh'
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
script-branch:
|
||||
description: 'Branch for OCI script docker'
|
||||
required: true
|
||||
type: string
|
||||
default: master
|
||||
|
||||
jobs:
|
||||
Install-OneClickInstall-Docker:
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: Test OCI docker scripts
|
||||
run: |
|
||||
sudo docker image prune --all --force
|
||||
|
||||
BRANCH_NAME=$(
|
||||
case "${{ github.event_name }}" in
|
||||
pull_request) echo "${{ github.event.pull_request.head.ref }}";;
|
||||
workflow_dispatch) echo "${{ github.event.inputs.script-branch }}";;
|
||||
push) echo "${GITHUB_REF#refs/heads/}";;
|
||||
esac
|
||||
)
|
||||
|
||||
wget https://download.onlyoffice.com/docspace/docspace-install.sh
|
||||
sed '/bash install-Docker.sh/i sed -i "1i set -x" install-Docker.sh' -i docspace-install.sh
|
||||
sudo bash docspace-install.sh docker -skiphc true -noni true $([ $BRANCH_NAME != "master" ] && echo "-gb $BRANCH_NAME -s 4testing-") || exit $?
|
||||
|
||||
echo -n "Waiting for all containers to start..."
|
||||
timeout 300 bash -c 'while docker ps | grep -q "starting"; do sleep 5; done' && echo "OK" || echo "container_status=timeout" >> $GITHUB_ENV
|
||||
|
||||
- name: Check container status
|
||||
run: |
|
||||
docker ps --all --format "{{.Names}}" | xargs -I {} sh -c '
|
||||
status=$(docker inspect --format="{{if .State.Health}}{{.State.Health.Status}}{{else}}no healthcheck{{end}}" {});
|
||||
case "$status" in
|
||||
healthy) color="\033[0;32m" ;; # green
|
||||
"no healthcheck") color="\033[0;33m" ;; # yellow
|
||||
*) color="\033[0;31m"; echo "container_status=red" >> $GITHUB_ENV ;; # red
|
||||
esac;
|
||||
printf "%-30s ${color}%s\033[0m\n" "{}:" "$status";
|
||||
'
|
||||
|
||||
- name: Print logs for crashed container
|
||||
run: |
|
||||
docker ps --all --format "{{.Names}}" | xargs -I {} sh -c '
|
||||
status=$(docker inspect --format="{{if .State.Health}}{{.State.Health.Status}}{{else}}no healthcheck{{end}}" {});
|
||||
case "$status" in
|
||||
healthy | "no healthcheck") ;;
|
||||
*)
|
||||
echo "Logs for container {}:";
|
||||
docker logs --tail 30 {} | sed "s/^/\t/g";
|
||||
;;
|
||||
esac;
|
||||
'
|
||||
case "${{ env.container_status }}" in
|
||||
timeout) echo "Timeout reached. Not all containers are running."; exit 1 ;;
|
||||
red) echo "One or more containers have status 'red'. Job will fail."; exit 1 ;;
|
||||
esac
|
||||
|
75
.github/workflows/oci-release.yml
vendored
Normal file
75
.github/workflows/oci-release.yml
vendored
Normal file
@ -0,0 +1,75 @@
|
||||
name: Upload OneСlickInstall scripts on S3
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
paths:
|
||||
- 'install/docker/*.yml'
|
||||
- 'install/docker/*.env'
|
||||
- 'install/docker/config/**'
|
||||
- 'install/OneClickInstall/**'
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
PRODUCT: docspace
|
||||
|
||||
jobs:
|
||||
release:
|
||||
name: Scripts release
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
DOCKER_DIR: "${{ github.workspace }}/install/docker"
|
||||
SCRIPT_DIR: "${{ github.workspace }}/install/OneClickInstall"
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Creating an enterprise script
|
||||
run: |
|
||||
cp ${{ env.SCRIPT_DIR }}/${{ env.PRODUCT }}-install.sh ${{ env.SCRIPT_DIR }}/${{ env.PRODUCT }}-enterprise-install.sh
|
||||
sed -i 's/\(PARAMETERS -it\).*";/\1 ENTERPRISE";/' ${{ env.SCRIPT_DIR }}/${{ env.PRODUCT }}-enterprise-install.sh
|
||||
|
||||
- name: Create Docker Tarball
|
||||
run: |
|
||||
cd ${{ env.DOCKER_DIR }}
|
||||
tar -czvf ${{ env.SCRIPT_DIR }}/docker.tar.gz --exclude='config/supervisor*' *.yml .env config/
|
||||
|
||||
- name: Configure AWS Credentials
|
||||
uses: aws-actions/configure-aws-credentials@v1
|
||||
with:
|
||||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_OCI }}
|
||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_OCI }}
|
||||
aws-region: us-east-1
|
||||
|
||||
- name: Upload scripts
|
||||
run: |
|
||||
cd ${{ env.SCRIPT_DIR }}
|
||||
aws s3 cp . ${{ secrets.AWS_BUCKET_URL_OCI }}/ \
|
||||
--recursive \
|
||||
--acl public-read \
|
||||
--content-type application/x-sh \
|
||||
--metadata-directive REPLACE \
|
||||
--exclude '*' \
|
||||
--include="${{ env.PRODUCT }}-install.sh" \
|
||||
--include="${{ env.PRODUCT }}-enterprise-install.sh" \
|
||||
--include="install-RedHat.sh" \
|
||||
--include="install-RedHat/*" \
|
||||
--include="install-Debian.sh" \
|
||||
--include="install-Debian/*" \
|
||||
--include="install-Docker.sh" \
|
||||
--include="docker.tar.gz"
|
||||
|
||||
- name: Invalidate AWS CloudFront cache
|
||||
run: |
|
||||
aws cloudfront create-invalidation \
|
||||
--distribution-id ${{ secrets.AWS_DISTRIBUTION_ID_OCI }} \
|
||||
--paths \
|
||||
"/${{ env.PRODUCT }}/${{ env.PRODUCT }}-install.sh" \
|
||||
"/${{ env.PRODUCT }}/${{ env.PRODUCT }}-enterprise-install.sh" \
|
||||
"/${{ env.PRODUCT }}/install-RedHat.sh" \
|
||||
"/${{ env.PRODUCT }}/install-RedHat/*" \
|
||||
"/${{ env.PRODUCT }}/install-Debian.sh" \
|
||||
"/${{ env.PRODUCT }}/install-Debian/*" \
|
||||
"/${{ env.PRODUCT }}/install-Docker.sh" \
|
||||
"/${{ env.PRODUCT }}/docker.tar.gz"
|
31
.github/workflows/release-docspace.yaml
vendored
Normal file
31
.github/workflows/release-docspace.yaml
vendored
Normal file
@ -0,0 +1,31 @@
|
||||
name: Release DocSpace
|
||||
|
||||
run-name: "Release Docker-DocSpace ${{ github.event.inputs.release_version }}"
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
repo:
|
||||
description: 'hub.docker repo owner (ex. onlyoffice)'
|
||||
type: string
|
||||
required: true
|
||||
default: 'onlyoffice'
|
||||
release_version:
|
||||
type: string
|
||||
description: 'Tag for stable release (ex. 2.5.1.1)'
|
||||
required: true
|
||||
source_version:
|
||||
type: string
|
||||
description: '4testing tag from which the release will be created (ex. 2.5.1.2678)'
|
||||
required: true
|
||||
|
||||
jobs:
|
||||
docker-release:
|
||||
uses: ONLYOFFICE/DocSpace-buildtools/.github/workflows/reusable-docspace-release.yaml@master
|
||||
with:
|
||||
repo: ${{ github.event.inputs.repo }}
|
||||
release_version: ${{ github.event.inputs.release_version }}
|
||||
source_version: ${{ github.event.inputs.source_version }}
|
||||
secrets:
|
||||
docker-username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
docker-usertoken: ${{ secrets.DOCKERHUB_TOKEN }}
|
49
.github/workflows/reusable-docspace-release.yaml
vendored
Normal file
49
.github/workflows/reusable-docspace-release.yaml
vendored
Normal file
@ -0,0 +1,49 @@
|
||||
name: "<reusable> release Docker-DocSpace"
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
repo:
|
||||
type: string
|
||||
required: true
|
||||
description: 'hub.docker repo owner (ex. onlyoffice)'
|
||||
release_version:
|
||||
type: string
|
||||
required: true
|
||||
description: 'Tag for stable release (ex. 1.0.0.1)'
|
||||
source_version:
|
||||
type: string
|
||||
required: true
|
||||
description: '4testing tag from which the release will be created (ex. 2.5.1.5678)'
|
||||
secrets:
|
||||
docker-username:
|
||||
required: true
|
||||
description: "hub.docker username"
|
||||
docker-usertoken:
|
||||
description: "hub.docker token"
|
||||
required: true
|
||||
|
||||
jobs:
|
||||
Release:
|
||||
name: "Release Docker-DocSpace"
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
repository: 'ONLYOFFICE/DocSpace-buildtools'
|
||||
|
||||
- name: Login to DockerHub
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
username: ${{ secrets.docker-username }}
|
||||
password: ${{ secrets.docker-usertoken }}
|
||||
|
||||
- name: "Release Docker-DocSpace"
|
||||
shell: bash
|
||||
env:
|
||||
REPO: ${{ inputs.repo }}
|
||||
DOCKER_TAG: ${{ inputs.source_version }}
|
||||
RELEASE_VERSION: ${{ inputs.release_version }}
|
||||
DOCKER_IMAGE_PREFIX: "4testing-docspace"
|
||||
run: |
|
||||
${GITHUB_WORKSPACE}/.github/scripts/release-docspace.sh
|
@ -129,6 +129,9 @@
|
||||
"internal": "http://localhost:9899/"
|
||||
},
|
||||
"cultures": "az,cs,de,en-GB,en-US,es,fr,it,lv,nl,pl,pt-BR,pt,ro,sk,sl,fi,vi,tr,el-GR,bg,ru,sr-Cyrl-RS,sr-Latn-RS,uk-UA,hy-AM,ar-SA,si,lo-LA,zh-CN,ja-JP,ko-KR",
|
||||
"logo": {
|
||||
"custom-cultures": ["zh-CN"]
|
||||
},
|
||||
"controlpanel": {
|
||||
"url": ""
|
||||
},
|
||||
|
@ -104,16 +104,6 @@ server {
|
||||
local accept_header = ngx.req.get_headers()["Accept"]
|
||||
if ngx.req.get_method() == "GET" and accept_header ~= nil and string.find(accept_header, "html") and not ngx.re.match(ngx.var.request_uri, "ds-vpath|/api/") then
|
||||
|
||||
if not ngx.re.match(ngx.var.request_uri, "login|sdk|filehandler|thirdparty|confirm|error|wizard|preparation-portal|unavailable|share=.|rooms/share(.*)key=.|/s/*|token=.") then
|
||||
if ngx.var.http_cookie == nil or not string.find(ngx.var.http_cookie, "asc_auth_key") then
|
||||
if ngx.var.request_uri == "/" then
|
||||
return ngx.redirect("/login")
|
||||
else
|
||||
return ngx.redirect("/login?referenceUrl=" .. ngx.var.request_uri)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
local key = string.format("csp:%s",ngx.var.host)
|
||||
local redis = require "resty.redis"
|
||||
local red = redis:new()
|
||||
|
@ -94,8 +94,8 @@ case $1 in
|
||||
echo "Generating Let's Encrypt SSL Certificates..."
|
||||
|
||||
# Request and generate Let's Encrypt SSL certificate
|
||||
echo certbot certonly --expand --webroot -w ${WEBROOT_PATH} --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAINS[@]} > /var/log/le-start.log
|
||||
certbot certonly --expand --webroot -w ${WEBROOT_PATH} --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAINS[@]} > /var/log/le-new.log
|
||||
echo certbot certonly --expand --webroot -w ${WEBROOT_PATH} --key-type rsa --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAINS[@]} > /var/log/le-start.log
|
||||
certbot certonly --expand --webroot -w ${WEBROOT_PATH} --key-type rsa --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAINS[@]} > /var/log/le-new.log
|
||||
else
|
||||
help
|
||||
fi
|
||||
|
@ -109,7 +109,7 @@ case $1 in
|
||||
-v /var/log:/var/log \
|
||||
-v onlyoffice_webroot_path:${WEBROOT_PATH} \
|
||||
certbot/certbot certonly \
|
||||
--expand --webroot -w ${WEBROOT_PATH} \
|
||||
--expand --webroot -w ${WEBROOT_PATH} --key-type rsa \
|
||||
--cert-name ${PRODUCT} --non-interactive --agree-tos --email ${MAIL} -d ${DOMAINS[@]}
|
||||
else
|
||||
help
|
||||
|
@ -28,6 +28,7 @@ if ( -not $certbot_path )
|
||||
exit
|
||||
}
|
||||
|
||||
$product = "docspace"
|
||||
$letsencrypt_root_dir = "$env:SystemDrive\Certbot\live"
|
||||
$app = Resolve-Path -Path ".\..\"
|
||||
$root_dir = "${app}\letsencrypt"
|
||||
@ -46,17 +47,17 @@ if ( $args.Count -ge 2 )
|
||||
}
|
||||
|
||||
else {
|
||||
$letsencrypt_mail = $args[0]
|
||||
$letsencrypt_domain = $args[1]
|
||||
$letsencrypt_mail = $args[0] -JOIN ","
|
||||
$letsencrypt_domain = $args[1] -JOIN ","
|
||||
|
||||
[void](New-Item -ItemType "directory" -Path "${root_dir}\Logs" -Force)
|
||||
|
||||
"certbot certonly --expand --webroot -w `"${root_dir}`" --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-start.log"
|
||||
cmd.exe /c "certbot certonly --expand --webroot -w `"${root_dir}`" --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-new.log"
|
||||
"certbot certonly --expand --webroot -w `"${root_dir}`" --key-type rsa --cert-name ${product} --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-start.log"
|
||||
cmd.exe /c "certbot certonly --expand --webroot -w `"${root_dir}`" --key-type rsa --cert-name ${product} --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-new.log"
|
||||
|
||||
pushd "${letsencrypt_root_dir}\${letsencrypt_domain}"
|
||||
$ssl_cert = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${letsencrypt_domain}\fullchain.pem").Target).ToString().Replace('\', '/')
|
||||
$ssl_key = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${letsencrypt_domain}\privkey.pem").Target).ToString().Replace('\', '/')
|
||||
pushd "${letsencrypt_root_dir}\${product}"
|
||||
$ssl_cert = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${product}\fullchain.pem").Target).ToString().Replace('\', '/')
|
||||
$ssl_key = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${product}\privkey.pem").Target).ToString().Replace('\', '/')
|
||||
popd
|
||||
}
|
||||
|
||||
@ -68,7 +69,7 @@ if ( $args.Count -ge 2 )
|
||||
|
||||
if ($letsencrypt_domain)
|
||||
{
|
||||
$acl = Get-Acl -Path "$env:SystemDrive\Certbot\archive\${letsencrypt_domain}"
|
||||
$acl = Get-Acl -Path "$env:SystemDrive\Certbot\archive\${product}"
|
||||
$acl.SetSecurityDescriptorSddlForm('O:LAG:S-1-5-21-4011186057-2202358572-2315966083-513D:PAI(A;;0x1200a9;;;WD)(A;;FA;;;SY)(A;OI;0x1200a9;;;LS)(A;;FA;;;BA)(A;;FA;;;LA)')
|
||||
Set-Acl -Path $acl.path -ACLObject $acl
|
||||
}
|
||||
@ -107,6 +108,8 @@ else
|
||||
Write-Output " comma to register multiple emails, ex: "
|
||||
Write-Output " u1@example.com,u2@example.com. "
|
||||
Write-Output " DOMAIN Domain name to apply "
|
||||
Write-Output " Use comma to register multiple domains, ex: "
|
||||
Write-Output " example.com,s1.example.com,s2.example.com. "
|
||||
Write-Output " "
|
||||
Write-Output " Using your own certificates via the -f parameter: "
|
||||
Write-Output " usage: "
|
||||
|
Loading…
Reference in New Issue
Block a user