diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5007c2b..57d1cca 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,23 +7,23 @@ variables: DOCKER_BUILDKIT: 1 -dev-freshrss: +dev-minio: stage: build tags: - docker script: - - cd freshrss + - cd minio - make nopush only: variables: - $CI_COMMIT_REF_PROTECTED == "false" -freshrss: +minio: stage: build tags: - docker script: - - cd freshrss + - cd minio - make push only: variables: diff --git a/freshrss/Dockerfile b/freshrss/Dockerfile deleted file mode 100644 index 046fc01..0000000 --- a/freshrss/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -FROM debian:buster-20200908-slim -ARG DEBIAN_FRONTEND=noninteractive - -ENV TZ UTC -SHELL ["/bin/bash", "-o", "pipefail", "-c"] -RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone - -RUN apt-get update -qq && \ - apt-get install --no-install-recommends -qqy \ - ca-certificates cron \ - apache2 libapache2-mod-php \ - php-curl php-gmp php-intl php-mbstring php-xml php-zip \ - php-sqlite3 php-mysql php-pgsql wget && \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir -p /var/www/ /run/apache2/ - -ARG VERSION -ARG SRC=https://github.com/FreshRSS/FreshRSS/archive/${VERSION}.tar.gz -RUN wget ${SRC} && tar -xf ${VERSION}.tar.gz && rm ${VERSION}.tar.gz && \ - mv FreshRSS-${VERSION} /var/www/FreshRSS && \ - mv /var/www/FreshRSS/Docker/FreshRSS.Apache.conf /etc/apache2/sites-available/ && \ - sed -i "s/\:80/\:8080/" /etc/apache2/sites-available/FreshRSS.Apache.conf && \ - sed -i "s/OS/Prod/" /etc/apache2/sites-available/FreshRSS.Apache.conf - -ADD entrypoint.sh /usr/local/bin/entrypoint.sh - -RUN a2dismod -f alias autoindex negotiation status && \ - a2enmod deflate expires headers mime setenvif && \ - a2disconf '*' && \ - a2dissite '*' && \ - a2ensite 'FreshRSS*' - -RUN sed -r -i "/^\s*(CustomLog|ErrorLog|Listen) /s/^/#/" /etc/apache2/apache2.conf && \ - sed -r -i "/^\s*Listen /s/^/#/" /etc/apache2/ports.conf && \ - sed -r -i "/^\s*User /s/^/#/" /etc/apache2/apache2.conf && \ - sed -r -i "/^\s*Group /s/^/#/" /etc/apache2/apache2.conf && \ - touch /var/www/FreshRSS/Docker/env.txt && \ - chown www-data:www-data /var/run/apache2/ - -WORKDIR /var/www/FreshRSS -RUN chown -R :www-data . && \ - chmod -R g+r . && chmod -R g+w ./data/ ./Docker/env.txt && \ - find /etc/php*/ -name php.ini -exec sed -r -i "\\#^;?date.timezone#s#^.*#date.timezone = $TZ#" {} \; && \ - find /etc/php*/ -name php.ini -exec sed -r -i "\\#^;?post_max_size#s#^.*#post_max_size = 32M#" {} \; && \ - find /etc/php*/ -name php.ini -exec sed -r -i "\\#^;?upload_max_filesize#s#^.*#upload_max_filesize = 32M#" {} \; - -ENV COPY_LOG_TO_SYSLOG On -ENV COPY_SYSLOG_TO_STDERR On -ENV CRON_MIN '' -ENV FRESHRSS_ENV '' - -# UID of www-data -USER 33 -ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] - -EXPOSE 8080 -CMD ([ -z "$CRON_MIN" ] || cron) && \ - . /etc/apache2/envvars && \ - exec apache2 -D FOREGROUND diff --git a/freshrss/entrypoint.sh b/freshrss/entrypoint.sh deleted file mode 100755 index 9df1984..0000000 --- a/freshrss/entrypoint.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh - -php -f ./cli/prepare.php >/dev/null - -if [ -n "$CRON_MIN" ]; then - ( - echo "export TZ=$TZ" - echo "export COPY_LOG_TO_SYSLOG=$COPY_LOG_TO_SYSLOG" - echo "export COPY_SYSLOG_TO_STDERR=$COPY_SYSLOG_TO_STDERR" - echo "export FRESHRSS_ENV=$FRESHRSS_ENV" - ) >/var/www/FreshRSS/Docker/env.txt - echo "${CRON_MIN} * * * * . /var/www/FreshRSS/Docker/env.txt; \ - php /var/www/FreshRSS/app/actualize_script.php \ - 2>> /proc/1/fd/2 > /tmp/FreshRSS.log" | crontab - - -fi - -exec "$@" diff --git a/freshrss/version b/freshrss/version deleted file mode 100644 index c6182c0..0000000 --- a/freshrss/version +++ /dev/null @@ -1 +0,0 @@ -VERSION=1.17.0 \ No newline at end of file diff --git a/minio/Dockerfile b/minio/Dockerfile new file mode 100644 index 0000000..0f0c105 --- /dev/null +++ b/minio/Dockerfile @@ -0,0 +1,26 @@ +FROM alpine:3.12 + +ENV MINIO_ACCESS_KEY_FILE=access_key \ + MINIO_SECRET_KEY_FILE=secret_key \ + MINIO_KMS_MASTER_KEY_FILE=kms_master_key \ + MINIO_SSE_MASTER_KEY_FILE=sse_master_key \ + MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav" + +EXPOSE 9000 + +COPY entrypoint.sh /usr/bin/docker-entrypoint.sh +ARG VERSION +ARG TARGETVARIANT +ARG TARGETARCH +ENV VERSION $VERSION +ADD https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${VERSION} /usr/bin/minio + +RUN \ + apk add --no-cache ca-certificates 'curl>7.61.0' 'su-exec>=0.2' && \ + echo 'hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4' >> /etc/nsswitch.conf + +ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"] + +VOLUME ["/data"] + +CMD ["minio"] diff --git a/freshrss/Makefile b/minio/Makefile similarity index 97% rename from freshrss/Makefile rename to minio/Makefile index fdfc1d8..786fdf8 100644 --- a/freshrss/Makefile +++ b/minio/Makefile @@ -1,7 +1,7 @@ NAMESPACE=alemairebe include version -IMAGE=freshrss +IMAGE=minio nopush: docker buildx build --platform linux/amd64 --load \ diff --git a/minio/entrypoint.sh b/minio/entrypoint.sh new file mode 100755 index 0000000..b55a999 --- /dev/null +++ b/minio/entrypoint.sh @@ -0,0 +1,104 @@ +#!/bin/sh +# +# MinIO Cloud Storage, (C) 2019 MinIO, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# If command starts with an option, prepend minio. +if [ "${1}" != "minio" ]; then + if [ -n "${1}" ]; then + set -- minio "$@" + fi +fi + +## Look for docker secrets at given absolute path or in default documented location. +docker_secrets_env() { + if [ -f "$MINIO_ACCESS_KEY_FILE" ]; then + ACCESS_KEY_FILE="$MINIO_ACCESS_KEY_FILE" + else + ACCESS_KEY_FILE="/run/secrets/$MINIO_ACCESS_KEY_FILE" + fi + if [ -f "$MINIO_SECRET_KEY_FILE" ]; then + SECRET_KEY_FILE="$MINIO_SECRET_KEY_FILE" + else + SECRET_KEY_FILE="/run/secrets/$MINIO_SECRET_KEY_FILE" + fi + + if [ -f "$ACCESS_KEY_FILE" ] && [ -f "$SECRET_KEY_FILE" ]; then + if [ -f "$ACCESS_KEY_FILE" ]; then + MINIO_ACCESS_KEY="$(cat "$ACCESS_KEY_FILE")" + export MINIO_ACCESS_KEY + fi + if [ -f "$SECRET_KEY_FILE" ]; then + MINIO_SECRET_KEY="$(cat "$SECRET_KEY_FILE")" + export MINIO_SECRET_KEY + fi + fi +} + +## Set KMS_MASTER_KEY from docker secrets if provided +docker_kms_encryption_env() { + if [ -f "$MINIO_KMS_MASTER_KEY_FILE" ]; then + KMS_MASTER_KEY_FILE="$MINIO_KMS_MASTER_KEY_FILE" + else + KMS_MASTER_KEY_FILE="/run/secrets/$MINIO_KMS_MASTER_KEY_FILE" + fi + + if [ -f "$KMS_MASTER_KEY_FILE" ]; then + MINIO_KMS_MASTER_KEY="$(cat "$KMS_MASTER_KEY_FILE")" + export MINIO_KMS_MASTER_KEY + fi +} + +## Legacy +## Set SSE_MASTER_KEY from docker secrets if provided +docker_sse_encryption_env() { + SSE_MASTER_KEY_FILE="/run/secrets/$MINIO_SSE_MASTER_KEY_FILE" + + if [ -f "$SSE_MASTER_KEY_FILE" ]; then + MINIO_SSE_MASTER_KEY="$(cat "$SSE_MASTER_KEY_FILE")" + export MINIO_SSE_MASTER_KEY + fi +} + +# su-exec to requested user, if service cannot run exec will fail. +docker_switch_user() { + if [ ! -z "${MINIO_USERNAME}" ] && [ ! -z "${MINIO_GROUPNAME}" ]; then + + if [ ! -z "${MINIO_UID}" ] && [ ! -z "${MINIO_GID}" ]; then + addgroup -S -g "$MINIO_GID" "$MINIO_GROUPNAME" && \ + adduser -S -u "$MINIO_UID" -G "$MINIO_GROUPNAME" "$MINIO_USERNAME" + else + addgroup -S "$MINIO_GROUPNAME" && \ + adduser -S -G "$MINIO_GROUPNAME" "$MINIO_USERNAME" + fi + + exec su-exec "${MINIO_USERNAME}:${MINIO_GROUPNAME}" "$@" + else + # fallback + exec "$@" + fi +} + +## Set access env from secrets if necessary. +docker_secrets_env + +## Set kms encryption from secrets if necessary. +docker_kms_encryption_env + +## Set sse encryption from secrets if necessary. Legacy +docker_sse_encryption_env + +## Switch to user if applicable. +docker_switch_user "$@" diff --git a/minio/version b/minio/version new file mode 100644 index 0000000..b11c98b --- /dev/null +++ b/minio/version @@ -0,0 +1 @@ +VERSION=RELEASE.2020-05-08T02-40-49Z