Revert "Add identity build (#322)" (#329)

Co-authored-by: Elbakyan Shirak <shirak.elbakyan@onlyoffice.com>

.github/scripts/release-docspace.sh

@@ -0,0 +1,89 @@
+#!/usr/bin/env bash
+
+set -e
+
+function get_colors() {
+    COLOR_BLUE=$'\e[34m'
+    COLOR_GREEN=$'\e[32m'
+    COLOR_RED=$'\e[31m'
+    COLOR_RESET=$'\e[0m'
+    COLOR_YELLOW=$'\e[33m'
+    export COLOR_BLUE
+    export COLOR_GREEN
+    export COLOR_RED
+    export COLOR_RESET
+    export COLOR_YELLOW
+}
+
+function release_service() {
+   
+   # ex. service_source_tag=onlyoffice/4testing-docspace-service-name:2.5.1.1473
+   local service_source_tag=${1}
+   
+   echo ${service_source_tag}
+   
+   # ex. service_release_tag=onlyoffice/docspace-service-name:2.5.1.1
+   # NOTE: latest tag also will be updated
+   local service_release_tag
+   service_release_tag=$(echo ${service_source_tag%:*} | sed 's/4testing-//')
+
+   # If specifyed tag look like 2.5.1.1 it will release like 3 different tags: 2.5.1 2.5.1.1 latest
+   # Make new image manigest and push it to stable images repository
+   
+   docker buildx imagetools create --tag ${service_release_tag}:${RELEASE_VERSION%.*} \
+                                   --tag ${service_release_tag}:${RELEASE_VERSION} \
+                                   --tag ${service_release_tag}:latest \
+                                   ${service_source_tag} || local STATUS=$?
+
+   # Make alert
+   if [[ ! ${STATUS} ]]; then
+     RELEASED_SERVICES+=("${service_release_tag}")
+   else
+     UNRELEASED_SERVICES+=("${service_release_tag}")
+   fi
+}
+
+function main() {
+  # Import all colors
+  get_colors
+
+  # Make released|unreleased array
+  RELEASED_SERVICES=()
+  UNRELEASED_SERVICES=()
+  
+  # REPO mean hub.docker repo owner ex. onlyoffice 
+  : "${REPO:?Should be set}"
+  
+  # DOCKER_TAG mean tag from 4testing ex. 2.6.1.3123
+  : "${DOCKER_TAG:?Should be set}"
+
+  # RELEASED_VERSION mean tag for stable repo 2.6.1.1
+  : "${RELEASE_VERSION:?Should be set}"
+
+  # DOCKER_IMAGE_PREFIX mean tag prefix ex. 4testing-docspace
+  : "${DOCKER_IMAGE_PREFIX:?Should be set}"
+
+  cd ${GITHUB_WORKSPACE}/install/docker
+  
+  SERVICES=($(docker buildx bake -f build.yml --print | jq -r '.target | .[] | .tags[]'))
+  echo ${SERVICES[@]}
+  for service in ${SERVICES[@]}; do
+          release_service ${service}
+  done
+
+  # Output Result
+  echo "Released services"
+  for service in ${RELEASED_SERVICES[@]}; do
+         echo "${COLOR_GREEN}${service}${COLOR_RESET}"
+  done
+
+  # PANIC IF SOME SERVICE WASNT RELEASE
+  if [[ -n ${UNRELEASED_SERVICES} ]]; then
+    for service in ${UNRELEASED_SERVICES[@]}; do
+         echo "${COLOR_RED}PANIC: Service ${service} wasn't relese!${COLOR_RED}"
+    done
+    exit 1
+  fi
+}
+
+main

.github/workflows/ci-oci-docker-install.yml

@@ -0,0 +1,68 @@
+name: Install OneClickInstall Docker
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize]
+    paths:
+      - '.github/workflows/ci-oci-docker-install.yml'
+      - 'install/OneClickInstall/install-Docker.sh'
+  workflow_dispatch:
+    inputs:
+      script-branch:
+        description: 'Branch for OCI script docker'
+        required: true
+        type: string
+        default: master
+    
+jobs:
+  Install-OneClickInstall-Docker:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Test OCI docker scripts
+        run: |
+          sudo docker image prune --all --force
+          
+          BRANCH_NAME=$(
+            case "${{ github.event_name }}" in
+              pull_request) echo "${{ github.event.pull_request.head.ref }}";;
+              workflow_dispatch) echo "${{ github.event.inputs.script-branch }}";;
+              push) echo "${GITHUB_REF#refs/heads/}";;
+            esac
+          )
+
+          wget https://download.onlyoffice.com/docspace/docspace-install.sh
+          sed '/bash install-Docker.sh/i sed -i "1i set -x" install-Docker.sh' -i docspace-install.sh
+          sudo bash docspace-install.sh docker -skiphc true -noni true $([ $BRANCH_NAME != "master" ] && echo "-gb $BRANCH_NAME -s 4testing-") || exit $?
+          
+          echo -n "Waiting for all containers to start..."
+          timeout 300 bash -c 'while docker ps | grep -q "starting"; do sleep 5; done' && echo "OK" || echo "container_status=timeout" >> $GITHUB_ENV
+
+      - name: Check container status
+        run: |
+          docker ps --all --format "{{.Names}}" | xargs -I {} sh -c '
+              status=$(docker inspect --format="{{if .State.Health}}{{.State.Health.Status}}{{else}}no healthcheck{{end}}" {});
+              case "$status" in
+                healthy) color="\033[0;32m" ;;                                        # green
+                "no healthcheck") color="\033[0;33m" ;;                               # yellow
+                *) color="\033[0;31m"; echo "container_status=red" >> $GITHUB_ENV ;;  # red
+              esac;
+              printf "%-30s ${color}%s\033[0m\n" "{}:" "$status";
+          '
+      
+      - name: Print logs for crashed container
+        run: |
+          docker ps --all --format "{{.Names}}" | xargs -I {} sh -c '
+              status=$(docker inspect --format="{{if .State.Health}}{{.State.Health.Status}}{{else}}no healthcheck{{end}}" {});
+              case "$status" in
+                healthy | "no healthcheck") ;;
+                *)
+                  echo "Logs for container {}:";
+                  docker logs --tail 30 {} | sed "s/^/\t/g";
+                  ;;
+              esac;
+          '
+          case "${{ env.container_status }}" in
+              timeout) echo "Timeout reached. Not all containers are running."; exit 1 ;;
+              red) echo "One or more containers have status 'red'. Job will fail."; exit 1 ;;
+          esac
+

.github/workflows/oci-release.yml

@@ -0,0 +1,75 @@
+name: Upload OneСlickInstall scripts on S3
+
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - 'install/docker/*.yml'
+      - 'install/docker/*.env'
+      - 'install/docker/config/**'
+      - 'install/OneClickInstall/**'
+  workflow_dispatch:
+
+env:
+  PRODUCT: docspace
+
+jobs:
+  release:
+    name: Scripts release
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_DIR: "${{ github.workspace }}/install/docker"
+      SCRIPT_DIR: "${{ github.workspace }}/install/OneClickInstall"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Creating an enterprise script
+        run: |
+          cp ${{ env.SCRIPT_DIR }}/${{ env.PRODUCT }}-install.sh ${{ env.SCRIPT_DIR }}/${{ env.PRODUCT }}-enterprise-install.sh
+          sed -i 's/\(PARAMETERS -it\).*";/\1 ENTERPRISE";/' ${{ env.SCRIPT_DIR }}/${{ env.PRODUCT }}-enterprise-install.sh
+
+      - name: Create Docker Tarball
+        run: |
+          cd ${{ env.DOCKER_DIR }}
+          tar -czvf ${{ env.SCRIPT_DIR }}/docker.tar.gz --exclude='config/supervisor*' *.yml .env config/
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_OCI }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_OCI }}
+          aws-region: us-east-1
+
+      - name: Upload scripts
+        run: |
+          cd ${{ env.SCRIPT_DIR }}
+          aws s3 cp . ${{ secrets.AWS_BUCKET_URL_OCI }}/ \
+            --recursive \
+            --acl public-read \
+            --content-type application/x-sh \
+            --metadata-directive REPLACE \
+            --exclude '*' \
+            --include="${{ env.PRODUCT }}-install.sh" \
+            --include="${{ env.PRODUCT }}-enterprise-install.sh" \
+            --include="install-RedHat.sh" \
+            --include="install-RedHat/*" \
+            --include="install-Debian.sh" \
+            --include="install-Debian/*" \
+            --include="install-Docker.sh" \
+            --include="docker.tar.gz"
+
+      - name: Invalidate AWS CloudFront cache
+        run: |
+          aws cloudfront create-invalidation \
+            --distribution-id ${{ secrets.AWS_DISTRIBUTION_ID_OCI }} \
+            --paths \
+            "/${{ env.PRODUCT }}/${{ env.PRODUCT }}-install.sh" \
+            "/${{ env.PRODUCT }}/${{ env.PRODUCT }}-enterprise-install.sh" \
+            "/${{ env.PRODUCT }}/install-RedHat.sh" \
+            "/${{ env.PRODUCT }}/install-RedHat/*" \
+            "/${{ env.PRODUCT }}/install-Debian.sh" \
+            "/${{ env.PRODUCT }}/install-Debian/*" \
+            "/${{ env.PRODUCT }}/install-Docker.sh" \
+            "/${{ env.PRODUCT }}/docker.tar.gz"

.github/workflows/release-docspace.yaml

@@ -0,0 +1,31 @@
+name: Release DocSpace
+
+run-name: "Release Docker-DocSpace ${{ github.event.inputs.release_version }}"
+
+on:
+  workflow_dispatch:
+    inputs:
+      repo:
+        description: 'hub.docker repo owner (ex. onlyoffice)'
+        type: string
+        required: true
+        default: 'onlyoffice'
+      release_version:
+        type: string
+        description: 'Tag for stable release (ex. 2.5.1.1)'
+        required: true
+      source_version:
+        type: string
+        description: '4testing tag from which the release will be created (ex. 2.5.1.2678)'
+        required: true
+   
+jobs:
+  docker-release:
+    uses: ONLYOFFICE/DocSpace-buildtools/.github/workflows/reusable-docspace-release.yaml@master
+    with:
+      repo: ${{ github.event.inputs.repo }}
+      release_version: ${{ github.event.inputs.release_version }}
+      source_version: ${{ github.event.inputs.source_version }}
+    secrets:
+      docker-username: ${{ secrets.DOCKERHUB_USERNAME }}
+      docker-usertoken: ${{ secrets.DOCKERHUB_TOKEN }}

.github/workflows/reusable-docspace-release.yaml

@@ -0,0 +1,49 @@
+name: "<reusable> release Docker-DocSpace"
+
+on:
+  workflow_call:
+    inputs:
+      repo:
+        type: string
+        required: true
+        description: 'hub.docker repo owner (ex. onlyoffice)'
+      release_version:
+        type: string
+        required: true
+        description: 'Tag for stable release (ex. 1.0.0.1)'
+      source_version:
+        type: string
+        required: true
+        description: '4testing tag from which the release will be created (ex. 2.5.1.5678)'
+    secrets:
+      docker-username:
+        required: true
+        description: "hub.docker username"
+      docker-usertoken:
+        description: "hub.docker token"
+        required: true
+
+jobs:
+  Release:
+    name: "Release Docker-DocSpace"
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with: 
+        repository: 'ONLYOFFICE/DocSpace-buildtools'
+
+    - name: Login to DockerHub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.docker-username }}
+        password: ${{ secrets.docker-usertoken }}
+           
+    - name: "Release Docker-DocSpace"
+      shell: bash
+      env:
+        REPO: ${{ inputs.repo }}
+        DOCKER_TAG: ${{ inputs.source_version }}
+        RELEASE_VERSION: ${{ inputs.release_version }}
+        DOCKER_IMAGE_PREFIX: "4testing-docspace"
+      run: |
+         ${GITHUB_WORKSPACE}/.github/scripts/release-docspace.sh

config/appsettings.json

@@ -129,6 +129,9 @@
       "internal": "http://localhost:9899/"
     },
     "cultures": "az,cs,de,en-GB,en-US,es,fr,it,lv,nl,pl,pt-BR,pt,ro,sk,sl,fi,vi,tr,el-GR,bg,ru,sr-Cyrl-RS,sr-Latn-RS,uk-UA,hy-AM,ar-SA,si,lo-LA,zh-CN,ja-JP,ko-KR",
+    "logo": {
+        "custom-cultures": ["zh-CN"]
+    },
     "controlpanel": {
       "url": ""
     },

config/nginx/onlyoffice.conf

@@ -104,16 +104,6 @@ server {
 	local accept_header = ngx.req.get_headers()["Accept"]
 	if ngx.req.get_method() == "GET" and accept_header ~= nil and string.find(accept_header, "html") and not ngx.re.match(ngx.var.request_uri, "ds-vpath|/api/") then
 
-		if not ngx.re.match(ngx.var.request_uri, "login|sdk|filehandler|thirdparty|confirm|error|wizard|preparation-portal|unavailable|share=.|rooms/share(.*)key=.|/s/*|token=.") then
-			if ngx.var.http_cookie == nil or not string.find(ngx.var.http_cookie, "asc_auth_key") then
-				if ngx.var.request_uri == "/" then
-					return ngx.redirect("/login")
-				else
-					return ngx.redirect("/login?referenceUrl=" .. ngx.var.request_uri)
-				end
-			end
-		end
-
 		local key = string.format("csp:%s",ngx.var.host)
 		local redis = require "resty.redis"
 		local red = redis:new()

install/common/product-ssl-setup

@@ -94,8 +94,8 @@ case $1 in
       echo "Generating Let's Encrypt SSL Certificates..."
 
       # Request and generate Let's Encrypt SSL certificate
-      echo certbot certonly --expand --webroot -w ${WEBROOT_PATH} --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAINS[@]} > /var/log/le-start.log
-      certbot certonly --expand --webroot -w ${WEBROOT_PATH} --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAINS[@]} > /var/log/le-new.log
+      echo certbot certonly --expand --webroot -w ${WEBROOT_PATH} --key-type rsa --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAINS[@]} > /var/log/le-start.log
+      certbot certonly --expand --webroot -w ${WEBROOT_PATH} --key-type rsa --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAINS[@]} > /var/log/le-new.log
     else
       help
     fi

install/docker/config/docspace-ssl-setup

@@ -109,7 +109,7 @@ case $1 in
       -v /var/log:/var/log \
       -v onlyoffice_webroot_path:${WEBROOT_PATH} \
       certbot/certbot certonly \
-      --expand --webroot -w ${WEBROOT_PATH} \
+      --expand --webroot -w ${WEBROOT_PATH} --key-type rsa \
       --cert-name ${PRODUCT} --non-interactive --agree-tos --email ${MAIL} -d ${DOMAINS[@]}
     else
       help

install/win/sbin/docspace-ssl-setup.ps1

@@ -28,6 +28,7 @@ if ( -not $certbot_path )
   exit
 }
 
+$product = "docspace"
 $letsencrypt_root_dir = "$env:SystemDrive\Certbot\live"
 $app = Resolve-Path -Path ".\..\"
 $root_dir = "${app}\letsencrypt"
@@ -46,17 +47,17 @@ if ( $args.Count -ge 2 )
   }
 
   else {
-    $letsencrypt_mail = $args[0]
-    $letsencrypt_domain = $args[1]
+    $letsencrypt_mail = $args[0] -JOIN ","
+    $letsencrypt_domain = $args[1] -JOIN ","
 
     [void](New-Item -ItemType "directory" -Path "${root_dir}\Logs" -Force)
 
-    "certbot certonly --expand --webroot -w `"${root_dir}`" --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-start.log"
-    cmd.exe /c "certbot certonly --expand --webroot -w `"${root_dir}`" --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-new.log"
+    "certbot certonly --expand --webroot -w `"${root_dir}`" --key-type rsa --cert-name ${product} --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-start.log"
+    cmd.exe /c "certbot certonly --expand --webroot -w `"${root_dir}`" --key-type rsa --cert-name ${product} --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-new.log"
 
-    pushd "${letsencrypt_root_dir}\${letsencrypt_domain}"
-        $ssl_cert = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${letsencrypt_domain}\fullchain.pem").Target).ToString().Replace('\', '/')
-        $ssl_key = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${letsencrypt_domain}\privkey.pem").Target).ToString().Replace('\', '/')
+    pushd "${letsencrypt_root_dir}\${product}"
+        $ssl_cert = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${product}\fullchain.pem").Target).ToString().Replace('\', '/')
+        $ssl_key = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${product}\privkey.pem").Target).ToString().Replace('\', '/')
     popd
   }
 
@@ -68,7 +69,7 @@ if ( $args.Count -ge 2 )
 
     if ($letsencrypt_domain)
     {
-        $acl = Get-Acl -Path "$env:SystemDrive\Certbot\archive\${letsencrypt_domain}"
+        $acl = Get-Acl -Path "$env:SystemDrive\Certbot\archive\${product}"
         $acl.SetSecurityDescriptorSddlForm('O:LAG:S-1-5-21-4011186057-2202358572-2315966083-513D:PAI(A;;0x1200a9;;;WD)(A;;FA;;;SY)(A;OI;0x1200a9;;;LS)(A;;FA;;;BA)(A;;FA;;;LA)')
         Set-Acl -Path $acl.path -ACLObject $acl
     }
@@ -107,6 +108,8 @@ else
   Write-Output "                  comma to register multiple emails, ex: "
   Write-Output "                  u1@example.com,u2@example.com. "
   Write-Output "      DOMAIN      Domain name to apply "
+  Write-Output "                  Use comma to register multiple domains, ex: "
+  Write-Output "                  example.com,s1.example.com,s2.example.com. "
   Write-Output " "
   Write-Output " Using your own certificates via the -f parameter: "
   Write-Output " usage: "