diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7272e16..235ce2e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -139,6 +139,17 @@ dendrite: variables: - $CI_COMMIT_REF_PROTECTED == "true" +roundcubemail: + stage: build + tags: + - docker + script: + - cd roundcubemail + - make push + only: + variables: + - $CI_COMMIT_REF_PROTECTED == "true" + .docker_init: &docker_init | if ! docker info &>/dev/null; then if [ -z "${DOCKER_HOST}" -a "${KUBERNETES_PORT}" ]; then diff --git a/roundcubemail/Dockerfile b/roundcubemail/Dockerfile new file mode 100644 index 0000000..dbbe2a3 --- /dev/null +++ b/roundcubemail/Dockerfile @@ -0,0 +1,107 @@ +FROM php:7.3-apache +LABEL maintainer="Thomas Bruederli " + +RUN set -ex; \ + apt-get update; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + apt-get install -y --no-install-recommends \ + libfreetype6-dev \ + libicu-dev \ + libjpeg62-turbo-dev \ + libldap2-dev \ + libmagickwand-dev \ + libpng-dev \ + libpq-dev \ + libsqlite3-dev \ + libzip-dev \ + ; \ + \ + debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ + docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-png-dir=/usr --with-jpeg-dir=/usr; \ + docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ + docker-php-ext-install \ + exif \ + gd \ + intl \ + ldap \ + pdo_mysql \ + pdo_pgsql \ + pdo_sqlite \ + zip \ + ; \ + pecl install imagick; \ + docker-php-ext-enable imagick; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ + | awk '/=>/ { print $3 }' \ + | sort -u \ + | xargs -r dpkg-query -S \ + | cut -d: -f1 \ + | sort -u \ + | xargs -rt apt-mark manual; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/* + +# installto.sh dependencies +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + rsync \ + ; \ + rm -rf /var/lib/apt/lists/* + +# ... and composer.phar +ADD https://getcomposer.org/installer /tmp/composer-installer.php + +RUN php /tmp/composer-installer.php --install-dir=/usr/local/bin/; \ + rm /tmp/composer-installer.php + +RUN a2enmod rewrite + +# expose these volumes +VOLUME /var/roundcube/config +VOLUME /var/roundcube/db +VOLUME /var/www/html +VOLUME /tmp/roundcube-temp + +# Define Roundcubemail version +ARG VERSION +ENV ROUNDCUBEMAIL_VERSION $VERSION + +# Download package and extract to web volume +RUN set -ex; \ + fetchDeps="gnupg dirmngr locales libc-l10n"; \ + apt-get -qq update; \ + apt-get install -y --no-install-recommends $fetchDeps; \ + curl -o roundcubemail.tar.gz -fSL https://github.com/roundcube/roundcubemail/releases/download/${ROUNDCUBEMAIL_VERSION}/roundcubemail-${ROUNDCUBEMAIL_VERSION}-complete.tar.gz; \ + curl -o roundcubemail.tar.gz.asc -fSL https://github.com/roundcube/roundcubemail/releases/download/${ROUNDCUBEMAIL_VERSION}/roundcubemail-${ROUNDCUBEMAIL_VERSION}-complete.tar.gz.asc; \ + export GNUPGHOME="$(mktemp -d)"; \ + # workaround for "Cannot assign requested address", see e.g. https://github.com/inversepath/usbarmory-debian-base_image/issues/9 + echo "disable-ipv6" > "$GNUPGHOME/dirmngr.conf"; \ + # ha.pool.sks-keyservers.net seems to be unreliable, use pgp.mit.edu as fallback + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys F3E4C04BB3DB5D4215C45F7F5AB2BAA141C4F7D5 || gpg --batch --keyserver pgp.mit.edu --recv-keys F3E4C04BB3DB5D4215C45F7F5AB2BAA141C4F7D5; \ + gpg --batch --verify roundcubemail.tar.gz.asc roundcubemail.tar.gz; \ + gpgconf --kill all; \ + mkdir /usr/src/roundcubemail; \ + tar -xf roundcubemail.tar.gz -C /usr/src/roundcubemail --strip-components=1 --no-same-owner; \ + rm -r "$GNUPGHOME" roundcubemail.tar.gz.asc roundcubemail.tar.gz; \ + rm -rf /usr/src/roundcubemail/installer; \ + chown -R www-data:www-data /usr/src/roundcubemail/logs + +# include the wait-for-it.sh script +RUN curl -fL https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh > /wait-for-it.sh && chmod +x /wait-for-it.sh + +# use custom PHP settings +COPY php.ini /usr/local/etc/php/conf.d/roundcube-defaults.ini + +COPY docker-entrypoint.sh / + +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["apache2-foreground"] diff --git a/roundcubemail/Makefile b/roundcubemail/Makefile new file mode 100644 index 0000000..4760d5a --- /dev/null +++ b/roundcubemail/Makefile @@ -0,0 +1,18 @@ +NAMESPACE=alemairebe +include version + +IMAGE=roundcubemail + +nopush: + docker buildx build --platform linux/amd64 --load \ + --build-arg VERSION=$(VERSION) \ + --tag ${NAMESPACE}/${IMAGE}:$(VERSION) \ + --tag ${CI_REGISTRY_IMAGE}/${IMAGE}:$(VERSION) . + +push: + docker buildx build --platform linux/amd64,linux/arm64,linux/arm --push \ + --build-arg VERSION=$(VERSION) \ + --cache-from=type=registry,ref=${NAMESPACE}/buildx:${IMAGE} \ + --cache-to=type=registry,ref=${NAMESPACE}/buildx:${IMAGE} \ + --tag ${NAMESPACE}/${IMAGE}:$(VERSION) \ + --tag ${CI_REGISTRY_IMAGE}/${IMAGE}:$(VERSION) . diff --git a/roundcubemail/docker-entrypoint.sh b/roundcubemail/docker-entrypoint.sh new file mode 100644 index 0000000..83758b8 --- /dev/null +++ b/roundcubemail/docker-entrypoint.sh @@ -0,0 +1,135 @@ +#!/bin/bash +# set -ex + +# PWD=`pwd` + +if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then + # docroot is empty + if ! [ -e index.php -a -e bin/installto.sh ]; then + echo >&2 "roundcubemail not found in $PWD - copying now..." + if [ "$(ls -A)" ]; then + echo >&2 "WARNING: $PWD is not empty - press Ctrl+C now if this is an error!" + ( set -x; ls -A; sleep 10 ) + fi + tar cf - --one-file-system -C /usr/src/roundcubemail . | tar xf - + echo >&2 "Complete! ROUNDCUBEMAIL has been successfully copied to $PWD" + # update Roundcube in docroot + else + INSTALLDIR=`pwd` + echo >&2 "roundcubemail found in $INSTALLDIR - installing update..." + (cd /usr/src/roundcubemail && bin/installto.sh -y $INSTALLDIR) + composer.phar update --no-dev + fi + + if [ -f /run/secrets/roundcube_db_user ]; then + ROUNDCUBEMAIL_DB_USER=`cat /run/secrets/roundcube_db_user` + fi + if [ -f /run/secrets/roundcube_db_password ]; then + ROUNDCUBEMAIL_DB_PASSWORD=`cat /run/secrets/roundcube_db_password` + fi + + if [ ! -z "${!POSTGRES_ENV_POSTGRES_*}" ] || [ "$ROUNDCUBEMAIL_DB_TYPE" == "pgsql" ]; then + : "${ROUNDCUBEMAIL_DB_TYPE:=pgsql}" + : "${ROUNDCUBEMAIL_DB_HOST:=postgres}" + : "${ROUNDCUBEMAIL_DB_PORT:=5432}" + : "${ROUNDCUBEMAIL_DB_USER:=${POSTGRES_ENV_POSTGRES_USER}}" + : "${ROUNDCUBEMAIL_DB_PASSWORD:=${POSTGRES_ENV_POSTGRES_PASSWORD}}" + : "${ROUNDCUBEMAIL_DB_NAME:=${POSTGRES_ENV_POSTGRES_DB:-roundcubemail}}" + : "${ROUNDCUBEMAIL_DSNW:=${ROUNDCUBEMAIL_DB_TYPE}://${ROUNDCUBEMAIL_DB_USER}:${ROUNDCUBEMAIL_DB_PASSWORD}@${ROUNDCUBEMAIL_DB_HOST}:${ROUNDCUBEMAIL_DB_PORT}/${ROUNDCUBEMAIL_DB_NAME}}" + + /wait-for-it.sh ${ROUNDCUBEMAIL_DB_HOST}:${ROUNDCUBEMAIL_DB_PORT} -t 30 + elif [ ! -z "${!MYSQL_ENV_MYSQL_*}" ] || [ "$ROUNDCUBEMAIL_DB_TYPE" == "mysql" ]; then + : "${ROUNDCUBEMAIL_DB_TYPE:=mysql}" + : "${ROUNDCUBEMAIL_DB_HOST:=mysql}" + : "${ROUNDCUBEMAIL_DB_PORT:=3306}" + : "${ROUNDCUBEMAIL_DB_USER:=${MYSQL_ENV_MYSQL_USER:-root}}" + if [ "$ROUNDCUBEMAIL_DB_USER" = 'root' ]; then + : "${ROUNDCUBEMAIL_DB_PASSWORD:=${MYSQL_ENV_MYSQL_ROOT_PASSWORD}}" + else + : "${ROUNDCUBEMAIL_DB_PASSWORD:=${MYSQL_ENV_MYSQL_PASSWORD}}" + fi + : "${ROUNDCUBEMAIL_DB_NAME:=${MYSQL_ENV_MYSQL_DATABASE:-roundcubemail}}" + : "${ROUNDCUBEMAIL_DSNW:=${ROUNDCUBEMAIL_DB_TYPE}://${ROUNDCUBEMAIL_DB_USER}:${ROUNDCUBEMAIL_DB_PASSWORD}@${ROUNDCUBEMAIL_DB_HOST}:${ROUNDCUBEMAIL_DB_PORT}/${ROUNDCUBEMAIL_DB_NAME}}" + + /wait-for-it.sh ${ROUNDCUBEMAIL_DB_HOST}:${ROUNDCUBEMAIL_DB_PORT} -t 30 + else + # use local SQLite DB in /var/roundcube/db + : "${ROUNDCUBEMAIL_DB_TYPE:=sqlite}" + : "${ROUNDCUBEMAIL_DB_DIR:=/var/roundcube/db}" + : "${ROUNDCUBEMAIL_DB_NAME:=sqlite}" + : "${ROUNDCUBEMAIL_DSNW:=${ROUNDCUBEMAIL_DB_TYPE}:///$ROUNDCUBEMAIL_DB_DIR/${ROUNDCUBEMAIL_DB_NAME}.db?mode=0646}" + + mkdir -p $ROUNDCUBEMAIL_DB_DIR + chown www-data:www-data $ROUNDCUBEMAIL_DB_DIR + fi + + : "${ROUNDCUBEMAIL_DEFAULT_HOST:=localhost}" + : "${ROUNDCUBEMAIL_DEFAULT_PORT:=143}" + : "${ROUNDCUBEMAIL_SMTP_SERVER:=localhost}" + : "${ROUNDCUBEMAIL_SMTP_PORT:=587}" + : "${ROUNDCUBEMAIL_PLUGINS:=archive,zipdownload}" + : "${ROUNDCUBEMAIL_SKIN:=larry}" + : "${ROUNDCUBEMAIL_TEMP_DIR:=/tmp/roundcube-temp}" + + if [ ! -e config/config.inc.php ]; then + ROUNDCUBEMAIL_DES_KEY=`head /dev/urandom | base64 | head -c 24` + touch config/config.inc.php + + echo "Write root config to $PWD/config/config.inc.php" + echo " config/config.inc.php + + elif ! grep -q "config.docker.inc.php" config/config.inc.php; then + echo "include(__DIR__ . '/config.docker.inc.php');" >> config/config.inc.php + fi + + ROUNDCUBEMAIL_PLUGINS_PHP=`echo "${ROUNDCUBEMAIL_PLUGINS}" | sed -E "s/[, ]+/', '/g"` + echo "Write Docker config to $PWD/config/config.docker.inc.php" + echo " config/config.docker.inc.php + + if [ -e /run/secrets/roundcube_des_key ]; then + ROUNDCUBEMAIL_DES_KEY=`cat /run/secrets/roundcube_des_key` + echo "\$config['des_key'] = '${ROUNDCUBEMAIL_DES_KEY}';" >> config/config.docker.inc.php + fi + + # include custom config files + for fn in `ls /var/roundcube/config/*.php 2>/dev/null || true`; do + echo "include('$fn');" >> config/config.docker.inc.php + done + + # initialize or update DB + bin/initdb.sh --dir=$PWD/SQL --create || bin/updatedb.sh --dir=$PWD/SQL --package=roundcube || echo "Failed to initialize database. Please run $PWD/bin/initdb.sh and $PWD/bin/updatedb.sh manually." + + if [ ! -z "${ROUNDCUBEMAIL_TEMP_DIR}" ]; then + mkdir -p ${ROUNDCUBEMAIL_TEMP_DIR} && chown www-data ${ROUNDCUBEMAIL_TEMP_DIR} + fi + + if [ ! -z "${ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE}" ]; then + echo "upload_max_filesize=${ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE}" >> /usr/local/etc/php/conf.d/roundcube-override.ini + echo "post_max_size=${ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE}" >> /usr/local/etc/php/conf.d/roundcube-override.ini + fi + + : "${ROUNDCUBEMAIL_LOCALE:=en_US.UTF-8 UTF-8}" + + if [ -e /usr/sbin/locale-gen ] && [ ! -z "${ROUNDCUBEMAIL_LOCALE}" ]; then + echo "${ROUNDCUBEMAIL_LOCALE}" > /etc/locale.gen + /usr/sbin/locale-gen + fi +fi + +exec "$@" diff --git a/roundcubemail/php.ini b/roundcubemail/php.ini new file mode 100644 index 0000000..7b2147d --- /dev/null +++ b/roundcubemail/php.ini @@ -0,0 +1,10 @@ +memory_limit=64M +display_errors=Off +log_errors=On +upload_max_filesize=5M +post_max_size=6M +zlib.output_compression=Off +session.auto_start=Off +session.gc_maxlifetime=21600 +session.gc_divisor=500 +session.gc_probability=1 diff --git a/roundcubemail/version b/roundcubemail/version new file mode 100644 index 0000000..1f57c43 --- /dev/null +++ b/roundcubemail/version @@ -0,0 +1 @@ +VERSION=1.4.10