Update build

add hooks
2022-01-06 12:18:40 +03:00 · 2022-01-06 12:13:22 +03:00 · 2022-01-06 11:46:31 +03:00 · 2021-12-20 11:01:52 +03:00 · 2021-12-17 17:04:20 +03:00
12 changed files with 100 additions and 553 deletions
--- a/.github/workflows/4testing-build.yml
+++ b/.github/workflows/4testing-build.yml
@ -1,139 +0,0 @@
 ### This workflow setup instance then build and push images ###
 name: 4testing multiarch-build
 on:
  workflow_dispatch:
    inputs:
      build:
        description: 'Build number (ex. 45)'
        type: string
        required: true
      amd64:
        type: boolean
        description: 'Build AMD64'
        default: true
      arm64:
        type: boolean
        description: 'Build ARM64'
        default: true
      community:
        type: boolean
        description: 'Build Community Edition'
        default: true
      enterprise:
        type: boolean
        description: 'Build Enterprise Edition'
        default: true
      developer:
        type: boolean
        description: 'Build Developer Edition'
        default: true
 env: 
  COMPANY_NAME: "onlyoffice"
  PRODUCT_NAME: "documentserver"
 jobs:
  prepare:
    runs-on: ubuntu-latest
    steps:
      - id: matrix
        run: |
          set -ex
          BRANCH_NAME=${GITHUB_REF#refs/heads/}
          if ! [[ $BRANCH_NAME == develop || $BRANCH_NAME =~ hotfix || $BRANCH_NAME =~ release ]]; then
            echo "Wrong branch."
            exit 1
          fi
          [ ${{ github.event.inputs.amd64 }} = true ] && PLATFORMS+=("amd64")
          [ ${{ github.event.inputs.arm64 }} = true ] && PLATFORMS+=("arm64")
          if [ -z ${PLATFORMS} ]; then
            echo "None of the platforms are selected."
            exit 1
          fi
          [ ${{ github.event.inputs.community }} = true ] && EDITIONS+=("community")
          [ ${{ github.event.inputs.enterprise }} = true ] && EDITIONS+=("enterprise")
          [ ${{ github.event.inputs.developer }} = true ] && EDITIONS+=("developer")
          if [ -z ${EDITIONS} ]; then
            echo "None of the editions are selected."
            exit 1
          fi
          echo "::set-output name=editions::$(jq -n -c --arg s "${EDITIONS[*]}" '($s|split(" "))')"
    outputs:
      editions: ${{ steps.matrix.outputs.editions }}
  build:
    name: "Build ${{ matrix.image }}-${{ matrix.edition }}"
    runs-on: ubuntu-latest
    needs: prepare
    strategy:
      fail-fast: false
      matrix:
        image: ["documentserver"]
        edition: ${{ fromJSON(needs.prepare.outputs.editions) }}
    steps:
      - name: Checkout code 
        uses: actions/checkout@v3
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v2
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
      - name: Build 4testing
        run: |
          set -eux
          ### ==>> At this step build variable declaration ###
          case ${{ matrix.edition }} in
            community)
              PRODUCT_EDITION=""
              ;;
            enterprise)
              PRODUCT_EDITION="-ee"
              ;;
            developer)
              PRODUCT_EDITION="-de"
              ;;
          esac
          [ ${{ github.event.inputs.amd64 }} = true ] && PLATFORMS+=("amd64")
          [ ${{ github.event.inputs.arm64 }} = true ] && PLATFORMS+=("arm64")
          PLATFORM=$(echo ${PLATFORMS[*]/#/linux/} | tr ' ' ',')
          BRANCH_NAME=${GITHUB_REF#refs/heads/}
          if [ $BRANCH_NAME = develop ]; then
            RELEASE_BRANCH=unstable
            PRODUCT_VERSION=99.99.99
          elif [[ $BRANCH_NAME =~ hotfix || $BRANCH_NAME =~ release ]]; then
            RELEASE_BRANCH=testing
            PRODUCT_VERSION=${BRANCH_NAME#*/v}
          fi
          BUILD_NUMBER=${{ github.event.inputs.build }}
          export PRODUCT_EDITION
          export PACKAGE_VERSION=${PRODUCT_VERSION}-${BUILD_NUMBER}
          export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL_OLD }}/${RELEASE_BRANCH}/ubuntu
          export RELEASE_BRANCH
          export PLATFORM
          export DOCKERFILE=Dockerfile
          export PREFIX_NAME=4testing-
          export TAG=${PRODUCT_VERSION}.${BUILD_NUMBER}
          ### ==>> Build and push images at this step ###
          docker buildx bake -f docker-bake.hcl ${{ matrix.image }} --push
          echo "DONE: Build success"
        shell: bash
--- a/.github/workflows/stable-build.yml
+++ b/.github/workflows/stable-build.yml
@ -1,130 +0,0 @@
 ### This workflow setup instance then build and push images ###
 name: Multi-arch build stable
 on:
  workflow_dispatch:
    inputs:
      tag:
        description: 'Tag for release (ex. 1.2.3.45)'
        type: string
        required: true
 env:
  COMPANY_NAME: "onlyoffice"
  PRODUCT_NAME: "documentserver" 
 jobs:
  build:
    name: "Release image: DocumentServer${{ matrix.edition }}"
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        images: ["documentserver-stable"]
        edition: ["", "-ee", "-de"]
    steps:
      - name: Checkout code 
        uses: actions/checkout@v3
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
      - name: Build documentserver-release
        run: |
          set -eux
          VERSION=${{ github.event.inputs.tag }}
          PRODUCT_EDITION=${{ matrix.edition }}
          TESTING_IMAGE=${COMPANY_NAME}/4testing-${PRODUCT_NAME}${PRODUCT_EDITION}
          if docker manifest inspect ${TESTING_IMAGE}:${VERSION} > /dev/null; then
            echo "Image present on docker.hub >> start build stable version"
            export PRODUCT_EDITION
            export TAG=${VERSION}
            export SHORTER_TAG=${VERSION%.*}
            export SHORTEST_TAG=${VERSION%.*.*}
            docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push
            echo "DONE: Build success >> exit with 0"
            exit 0
          else
            echo "FAILED: Image with tag ${VERSION} do not presented on docker.hub >> build will not started >> exit with 1"
            exit 1
          fi
        shell: bash
  build-nonexample:
    name: "Release image: DocumentServer${{ matrix.edition }}-nonExample"
    runs-on: ubuntu-latest
    needs: [build]
    if: ${{ false }}
    strategy:
      fail-fast: false
      matrix:
        images: ["documentserver-nonexample"]
        edition: ["", "-ee", "-de"]
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
      - name: build image
        run: |
          set -eux
          export PRODUCT_EDITION=${{ matrix.edition }}
          export TAG=${{ github.event.inputs.tag }}
          docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push
        shell: bash
  build-ucs-ubuntu20:
    name: "Release image: DocumentServer${{ matrix.edition }}-ucs"
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        edition: ["", "-ee"]
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
      - name: build UCS
        run: |
           set -eux
           export PRODUCT_EDITION=${{ matrix.edition }}
           export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL_OLD }}/testing/ubuntu
           export DOCKERFILE=Dockerfile
           export BASE_IMAGE=ubuntu:20.04
           export PG_VERSION=12
           export TAG=${{ github.event.inputs.tag }}
           export PACKAGE_VERSION=$( echo ${TAG} |  sed -E 's/(.*)\./\1-/')
           docker buildx bake -f docker-bake.hcl documentserver-ucs --push
        shell: bash
--- a/33
+++ b/33
@ -1,24 +1,16 @@
-ARG BASE_IMAGE=ubuntu:22.04
+FROM ubuntu:20.04
 FROM ${BASE_IMAGE} as documentserver
 LABEL maintainer Ascensio System SIA <support@onlyoffice.com>
-ARG PG_VERSION=14
+ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=12
 ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=${PG_VERSION}
 ARG ONLYOFFICE_VALUE=onlyoffice
 RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
    apt-get -y update && \
-    apt-get -yq install wget apt-transport-https gnupg locales lsb-release && \
+    apt-get -yq install wget apt-transport-https gnupg locales && \
-    mkdir -p $HOME/.gnupg && \
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \
    gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/onlyoffice.gpg --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \
    chmod 644 /etc/apt/trusted.gpg.d/onlyoffice.gpg && \
    locale-gen en_US.UTF-8 && \
    echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
    wget -O - https://packagecloud.io/install/repositories/rabbitmq/rabbitmq-server/script.deb.sh | bash && \
    if [ $(lsb_release -cs) = focal ]; then RABBITMQ_VERSION=3.8.11-1; else RABBITMQ_VERSION=3.10 ; fi && \
    apt-get -yq install \
        adduser \
        apt-utils \
@ -47,7 +39,7 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
        postgresql \
        postgresql-client \
        pwgen \
-        rabbitmq-server=${RABBITMQ_VERSION}* \
+        rabbitmq-server \
        redis-server \
        software-properties-common \
        sudo \
@ -79,24 +71,19 @@ EXPOSE 80 443
 ARG COMPANY_NAME=onlyoffice
 ARG PRODUCT_NAME=documentserver
-ARG PRODUCT_EDITION=
+ARG PACKAGE_URL="http://download.onlyoffice.com/install/documentserver/linux/${COMPANY_NAME}-${PRODUCT_NAME}_amd64.deb"
 ARG PACKAGE_VERSION=
 ARG TARGETARCH
 ARG PACKAGE_BASEURL="http://download.onlyoffice.com/install/documentserver/linux"
 ENV COMPANY_NAME=$COMPANY_NAME \
-    PRODUCT_NAME=$PRODUCT_NAME \
+    PRODUCT_NAME=$PRODUCT_NAME
    PRODUCT_EDITION=$PRODUCT_EDITION
-RUN PACKAGE_FILE="${COMPANY_NAME}-${PRODUCT_NAME}${PRODUCT_EDITION}${PACKAGE_VERSION:+_$PACKAGE_VERSION}_${TARGETARCH:-$(dpkg --print-architecture)}.deb" && \
+RUN wget -q -P /tmp "$PACKAGE_URL" && \
    wget -q -P /tmp "$PACKAGE_BASEURL/$PACKAGE_FILE" && \
    apt-get -y update && \
    service postgresql start && \
-    apt-get -yq install /tmp/$PACKAGE_FILE && \
+    apt-get -yq install /tmp/$(basename "$PACKAGE_URL") && \
    service postgresql stop && \
    service supervisor stop && \
    chmod 755 /app/ds/*.sh && \
-    rm -f /tmp/$PACKAGE_FILE && \
+    rm -f /tmp/$(basename "$PACKAGE_URL") && \
    rm -rf /var/log/$COMPANY_NAME && \
    rm -rf /var/lib/apt/lists/*
--- a/Dockerfile.cl
+++ b/Dockerfile.cl
@ -0,0 +1,4 @@
 FROM onlyoffice/documentserver-ee:latest
 RUN sed -i '/trap clean_exit SIGTERM/s/^/#/' /app/ds/run-document-server.sh
--- a/66
+++ b/66
@ -1,7 +1,6 @@
 COMPANY_NAME ?= ONLYOFFICE
 GIT_BRANCH ?= develop
 PRODUCT_NAME ?= DocumentServer
 PRODUCT_EDITION ?= 
 PRODUCT_VERSION ?= 0.0.0
 BUILD_NUMBER ?= 0
 ONLYOFFICE_VALUE ?= onlyoffice
@ -12,61 +11,64 @@ COMPANY_NAME_LOW = $(shell echo $(COMPANY_NAME) | tr A-Z a-z)
 PRODUCT_NAME_LOW = $(shell echo $(PRODUCT_NAME) | tr A-Z a-z)
 COMPANY_NAME_LOW_ESCAPED = $(subst -,,$(COMPANY_NAME_LOW))
-PACKAGE_NAME := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)$(PRODUCT_EDITION)
+PACKAGE_NAME := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)
 PACKAGE_VERSION := $(PRODUCT_VERSION)-$(BUILD_NUMBER)
-PACKAGE_BASEURL := https://s3.eu-west-1.amazonaws.com/$(S3_BUCKET)/$(COMPANY_NAME_LOW)/$(RELEASE_BRANCH)/ubuntu
+PACKAGE_URL := http://$(S3_BUCKET).s3.amazonaws.com/$(COMPANY_NAME_LOW)/$(RELEASE_BRANCH)/ubuntu/$(PACKAGE_NAME)_$(PACKAGE_VERSION)_amd64.deb
-ifeq ($(RELEASE_BRANCH),$(filter $(RELEASE_BRANCH),unstable testing))
+UPDATE_LATEST := false
-	DOCKER_TAG := $(subst -,.,$(PACKAGE_VERSION))
+
 ifneq (,$(findstring develop,$(GIT_BRANCH)))
 DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))
 DOCKER_TAGS += latest
 else ifneq (,$(findstring release,$(GIT_BRANCH)))
 DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))
 else ifneq (,$(findstring hotfix,$(GIT_BRANCH)))
 DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))
 else
-	DOCKER_TAG := $(subst -,.,$(PACKAGE_VERSION))-$(subst /,-,$(GIT_BRANCH))
+DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))-$(subst /,-,$(GIT_BRANCH))
 endif
-DOCKER_IMAGE := $(subst -,,$(COMPANY_NAME_LOW))/4testing-$(PRODUCT_NAME_LOW)$(PRODUCT_EDITION)
+DOCKER_TAGS += $(DOCKER_TAG)
-DOCKER_DUMMY := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)$(PRODUCT_EDITION)__$(DOCKER_TAG).dummy
+
 DOCKER_REPO = $(COMPANY_NAME_LOW_ESCAPED)/4testing-$(PRODUCT_NAME_LOW)
 COLON := __colon__
 DOCKER_TARGETS := $(foreach TAG,$(DOCKER_TAGS),$(DOCKER_REPO)$(COLON)$(TAG))
 DOCKER_ARCH := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)_$(PACKAGE_VERSION).tar.gz
 DOCKER_ARCH_URI := $(COMPANY_NAME_LOW)/$(RELEASE_BRANCH)/docker/$(notdir $(DOCKER_ARCH))
-.PHONY: all clean clean-docker image deploy docker publish
+.PHONY: all clean clean-docker deploy docker publish
-$(DOCKER_DUMMY):
+$(DOCKER_TARGETS): $(DEB_REPO_DATA)
 	docker pull ubuntu:20.04
 	docker build \
 		--build-arg PACKAGE_URL=$(PACKAGE_URL) \
 		--build-arg COMPANY_NAME=$(COMPANY_NAME_LOW) \
 		--build-arg PRODUCT_NAME=$(PRODUCT_NAME_LOW) \
 		--build-arg PRODUCT_EDITION=$(PRODUCT_EDITION) \
 		--build-arg PACKAGE_VERSION=$(PACKAGE_VERSION) \
 		--build-arg PACKAGE_BASEURL=$(PACKAGE_BASEURL) \
 		--build-arg TARGETARCH=amd64 \
 		--build-arg ONLYOFFICE_VALUE=$(ONLYOFFICE_VALUE) \
-		-t $(DOCKER_IMAGE):$(DOCKER_TAG) . && \
+		-t $(subst $(COLON),:,$@) . &&\
-	mkdir -p $$(dirname $@) && \
+	mkdir -p $$(dirname $@) &&\
 	echo "Done" > $@
-$(DOCKER_ARCH): $(DOCKER_DUMMY)
+$(DOCKER_ARCH): $(DOCKER_TARGETS)
-	docker save $(DOCKER_IMAGE):$(DOCKER_TAG) | \
+	docker save $(DOCKER_REPO):$(DOCKER_TAG) | \
 		gzip > $@
-all: image
+all: $(DOCKER_TARGETS)
 clean:
-	rm -rfv *.dummy *.tar.gz
+	rm -rfv $(DOCKER_TARGETS) $(DOCKER_ARCH)
 clean-docker:
 	docker rmi -f $$(docker images -q $(COMPANY_NAME_LOW)/*) || exit 0
-image: $(DOCKER_DUMMY)
+deploy: $(DOCKER_TARGETS)
-
+	$(foreach TARGET,$(DOCKER_TARGETS), \
-deploy: $(DOCKER_DUMMY)
+		for i in {1..3}; do \
-	for i in {1..3}; do \
+			docker push $(subst $(COLON),:,$(TARGET)) && break || sleep 1m; \
-		docker push $(DOCKER_IMAGE):$(DOCKER_TAG) && break || sleep 1m; \
+		done;)
 	done
 ifeq ($(RELEASE_BRANCH),unstable)
 	docker tag $(DOCKER_IMAGE):$(DOCKER_TAG) $(DOCKER_IMAGE):latest
 	for i in {1..3}; do \
 		docker push $(DOCKER_IMAGE):latest && break || sleep 1m; \
 	done
 endif
 publish: $(DOCKER_ARCH)
 	aws s3 cp --no-progress --acl public-read \
--- a/README.md
+++ b/README.md
@ -25,8 +25,6 @@ Starting from version 6.0, Document Server is distributed as ONLYOFFICE Docs. It
 ONLYOFFICE Docs can be used as a part of ONLYOFFICE Workspace or with third-party sync&share solutions (e.g. Nextcloud, ownCloud, Seafile) to enable collaborative editing within their interface.
 ***Important*** Please update `docker-enginge` to latest version (`20.10.21` as of writing this doc) before using it. We use `ubuntu:22.04` as base image and it older versions of docker have compatibility problems with it
 ## Functionality ##
 * ONLYOFFICE Document Editor
 * ONLYOFFICE Spreadsheet Editor
@ -187,12 +185,10 @@ Below is the complete list of parameters that can be set using environment varia
 - **AMQP_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`.
 - **REDIS_SERVER_HOST**: The IP address or the name of the host where the Redis server is running.
 - **REDIS_SERVER_PORT**:  The Redis server port number.
 - **REDIS_SERVER_PASS**: The Redis server password. The password is not set by default.
 - **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes.
 - **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process.
- **SECURE_LINK_SECRET**: Defines secret for the nginx config directive [secure_link_md5](http://nginx.org/ru/docs/http/ngx_http_secure_link_module.html#secure_link_md5). Defaults to `random string`.
+- **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `false`.
- **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `true`.
+- **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`.
 - **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to random value.
 - **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`.
 - **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`.
 - **WOPI_ENABLED**: Specifies the enabling the wopi handlers. Defaults to `false`.
@ -249,7 +245,7 @@ sudo docker run --init --net onlyoffice --privileged -i -t -d --restart=always -
 onlyoffice/mailserver
 ```
-The additional parameters for mail server are available [here](https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.workspace_enterprise.yml#L87).
+The additional parameters for mail server are available [here](https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.yml#L75).
 To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://github.com/ONLYOFFICE/Docker-MailServer "ONLYOFFICE Mail Server documentation").
@ -299,7 +295,7 @@ bash opensource-install.sh -md yourdomain.com
 Or, use [docker-compose](https://docs.docker.com/compose/install "docker-compose"). For the mail server correct work you need to specify its hostname 'yourdomain.com'. Assuming you have docker-compose installed, execute the following command:
 ```bash
-wget https://raw.githubusercontent.com/ONLYOFFICE/Docker-CommunityServer/master/docker-compose.groups.yml
+wget https://raw.githubusercontent.com/ONLYOFFICE/Docker-CommunityServer/master/docker-compose.yml
 docker-compose up -d
 ```
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@ -1,129 +0,0 @@
 variable "TAG" {
    default = ""
 }
 variable "SHORTER_TAG" {
    default = ""
 }
 variable "SHORTEST_TAG" {
    default = ""
 }
 variable "COMPANY_NAME" {
    default = ""
 }
 variable "PREFIX_NAME" {
    default = ""
 }
 variable "PRODUCT_EDITION" {
    default = ""
 }
 variable "PRODUCT_NAME" {
    default = ""
 }
 variable "PACKAGE_VERSION" {
    default = ""
 }
 variable "DOCKERFILE" {
    default = ""
 }
 variable "PLATFORM" {
    default = ""
 }
 variable "PACKAGE_BASEURL" {
    default = ""
 }
 variable "PACKAGE_FILE" {
    default = ""
 }
 variable "RELEASE_BRANCH" {
    default = ""
 }
 ### ↓ Variables for UCS build ↓
 variable "BASE_IMAGE" {
    default     = ""
 }
 variable "PG_VERSION" {
    default     = ""
 }
 ### ↑ Variables for UCS build ↑
 target "documentserver" {
    target = "documentserver"
    dockerfile = "${DOCKERFILE}"
    tags = [
           "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
           equal("unstable",RELEASE_BRANCH) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest": "",
           ]
    platforms = ["${PLATFORM}"]
    args = {
        "COMPANY_NAME": "${COMPANY_NAME}"
        "PRODUCT_NAME": "${PRODUCT_NAME}"
        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
        "PACKAGE_VERSION": "${PACKAGE_VERSION}"
        "PACKAGE_BASEURL": "${PACKAGE_BASEURL}"
        "PLATFORM": "${PLATFORM}"
    }
 }
 target "documentserver-stable" {
    target = "documentserver-stable"
    dockerfile = "production.dockerfile"
    tags = ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTER_TAG}",
            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTEST_TAG}",
            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest",
            equal("-ee",PRODUCT_EDITION) ? "docker.io/${COMPANY_NAME}4enterprise/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}": "",]
    platforms = ["linux/amd64", "linux/arm64"]
    args = {
        "TAG": "${TAG}"
        "COMPANY_NAME": "${COMPANY_NAME}"
        "PRODUCT_NAME": "${PRODUCT_NAME}"
        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
    }
 }
 target "documentserver-ucs" {
    target = "documentserver"
    dockerfile = "${DOCKERFILE}"
    tags = [
           "docker.io/${COMPANY_NAME}/${PRODUCT_NAME}${PRODUCT_EDITION}-ucs:${TAG}"
           ]
    platforms = ["linux/amd64", "linux/arm64"]
    args = {
        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
        "PRODUCT_NAME": "${PRODUCT_NAME}"
        "COMPANY_NAME": "${COMPANY_NAME}"
        "PACKAGE_VERSION": "${PACKAGE_VERSION}"
        "PACKAGE_BASEURL": "${PACKAGE_BASEURL}"
        "BASE_IMAGE": "${BASE_IMAGE}"
        "PG_VERSION": "${PG_VERSION}"
    }
 }
 target "documentserver-nonexample" {
    target = "documentserver-nonexample"
    dockerfile = "production.dockerfile"
    tags = [ "docker.io/${COMPANY_NAME}/${PRODUCT_NAME}${PREFIX_NAME}${PRODUCT_EDITION}:${TAG}-nonexample" ]
    platforms = ["linux/amd64", "linux/arm64"]
    args = {
        "TAG": "${TAG}"
        "COMPANY_NAME": "${COMPANY_NAME}"
        "PRODUCT_NAME": "${PRODUCT_NAME}"
        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
    } 
 }
--- a/hooks/build
+++ b/hooks/build
@ -0,0 +1,5 @@
 #!/bin/bash
 sed -i '/trap clean_exit SIGTERM/s/^/#/' run-document-server.sh
 docker build -t $IMAGE_NAME .
--- a/hooks/post_push
+++ b/hooks/post_push
@ -0,0 +1,7 @@
 #!/bin/bash
 NEW_TAG=6.4.2
 NEW_IMAGE_NAME=$DOCKER_REPO:$NEW_TAG
 docker tag $IMAGE_NAME $NEW_IMAGE_NAME
 docker push $NEW_IMAGE_NAME
--- a/hooks/push
+++ b/hooks/push
@ -0,0 +1,3 @@
 #!/bin/bash
 docker push $IMAGE_NAME
--- a/production.dockerfile
+++ b/production.dockerfile
@ -1,24 +0,0 @@
 ### Arguments avavlivable only for FROM instruction ### 
 ARG TAG=latest
 ARG COMPANY_NAME=onlyoffice
 ARG PRODUCT_EDITION=
 ### Build main-release ###
 FROM ${COMPANY_NAME}/4testing-documentserver${PRODUCT_EDITION}:${TAG} as documentserver-stable
 ### Build nonexample ###
 FROM ${COMPANY_NAME}/documentserver${PRODUCT_EDITION}:${TAG} as documentserver-nonexample
 ARG COMPANY_NAME=onlyoffice
 ARG PRODUCT_NAME=documentserver
 ARG DS_SUPERVISOR_CONF=/etc/supervisor/conf.d/ds.conf
 ### Remove all documentserver-example data ###
 RUN    rm -rf /var/www/$COMPANY_NAME/$PRODUCT_NAME-example \
    && rm -rf /etc/$COMPANY_NAME/$PRODUCT_NAME-example \
    && rm -f $DS_SUPERVISOR_CONF \ 
    && rm -f /etc/nginx/includes/ds-example.conf \
    && ln -s /etc/$COMPANY_NAME/$PRODUCT_NAME/supervisor/ds.conf  $DS_SUPERVISOR_CONF 
--- a/run-document-server.sh
+++ b/run-document-server.sh
@ -1,7 +1,5 @@
 #!/bin/bash
 umask 0022
 function clean_exit {
  /usr/bin/documentserver-prepare4shutdown.sh
 }
@ -39,21 +37,14 @@ if [ "${RELEASE_DATE}" != "${PREV_RELEASE_DATE}" ]; then
  fi
 fi
-SSL_CERTIFICATES_DIR="/usr/share/ca-certificates/ds"
+SSL_CERTIFICATES_DIR="${DATA_DIR}/certs"
-mkdir -p ${SSL_CERTIFICATES_DIR}
+if [[ -z $SSL_CERTIFICATE_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/onlyoffice.crt ]]; then
-if [[ -d ${DATA_DIR}/certs ]] && [ -e ${DATA_DIR}/certs/*.crt ]; then
+  SSL_CERTIFICATE_PATH=${SSL_CERTIFICATES_DIR}/onlyoffice.crt
  cp -f ${DATA_DIR}/certs/* ${SSL_CERTIFICATES_DIR}
  chmod 644 ${SSL_CERTIFICATES_DIR}/*.crt ${SSL_CERTIFICATES_DIR}/*.pem
  chmod 400 ${SSL_CERTIFICATES_DIR}/*.key
 fi
 if [[ -z $SSL_CERTIFICATE_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt ]]; then
  SSL_CERTIFICATE_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt
 else
  SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-${SSL_CERTIFICATES_DIR}/tls.crt}
 fi
-if [[ -z $SSL_KEY_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key ]]; then
+if [[ -z $SSL_KEY_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/onlyoffice.key ]]; then
-  SSL_KEY_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key
+  SSL_KEY_PATH=${SSL_CERTIFICATES_DIR}/onlyoffice.key
 else
  SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/tls.key}
 fi
@ -73,21 +64,10 @@ NGINX_ONLYOFFICE_EXAMPLE_CONF="${NGINX_ONLYOFFICE_EXAMPLE_PATH}/includes/ds-exam
 NGINX_CONFIG_PATH="/etc/nginx/nginx.conf"
 NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-1}
-# Limiting the maximum number of simultaneous connections due to possible memory shortage
+NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}
 [ $(ulimit -n) -gt 1048576 ] && NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-1048576} || NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}
-JWT_ENABLED=${JWT_ENABLED:-true}
+JWT_ENABLED=${JWT_ENABLED:-false}
-
+JWT_SECRET=${JWT_SECRET:-secret}
 # validate user's vars before usinig in json
 if [ "${JWT_ENABLED}" == "true" ]; then
  JWT_ENABLED="true"
 else
  JWT_ENABLED="false"
 fi
 [ -z $JWT_SECRET ] && JWT_MESSAGE='JWT is enabled by default. A random secret is generated automatically. Run the command "docker exec $(sudo docker ps -q) sudo documentserver-jwt-status.sh" to get information about JWT.'
 JWT_SECRET=${JWT_SECRET:-$(pwgen -s 20)}
 JWT_HEADER=${JWT_HEADER:-Authorization}
 JWT_IN_BODY=${JWT_IN_BODY:-false}
@ -95,7 +75,7 @@ WOPI_ENABLED=${WOPI_ENABLED:-false}
 GENERATE_FONTS=${GENERATE_FONTS:-true}
-if [[ ${PRODUCT_NAME}${PRODUCT_EDITION} == "documentserver" ]]; then
+if [[ ${PRODUCT_NAME} == "documentserver" ]]; then
  REDIS_ENABLED=false
 else
  REDIS_ENABLED=true
@ -200,7 +180,7 @@ parse_rabbitmq_url(){
  # extract the host
  local hostport="$(echo ${url/$userpass@/} | cut -d/ -f1)"
  # by request - try to extract the port
-  local port="$(echo $hostport | grep : | sed -r 's_^.*:+|/.*$__g')"
+  local port="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')"
  local host
  if [ -n "$port" ]; then
@ -304,37 +284,33 @@ update_rabbitmq_setting(){
 }
 update_redis_settings(){
  ${JSON} -I -e "if(this.services.CoAuthoring.redis===undefined)this.services.CoAuthoring.redis={};"
  ${JSON} -I -e "this.services.CoAuthoring.redis.host = '${REDIS_SERVER_HOST}'"
  ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'"
  if [ -n "${REDIS_SERVER_PASS}" ]; then
    ${JSON} -I -e "this.services.CoAuthoring.redis.options = {'password':'${REDIS_SERVER_PASS}'}"
  fi
 }
 update_ds_settings(){
-  ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}"
+  if [ "${JWT_ENABLED}" == "true" ]; then
-  ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}"
+    ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}"
-  ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}"
+    ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}"
    ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}"
-  ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'"
+    ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'"
-  ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'"
+    ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'"
-  ${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'"
+    ${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'"
-  ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"
+    ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"
-  ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'"
+    ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'"
-  ${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = ${JWT_IN_BODY}"
+    ${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = ${JWT_IN_BODY}"
-  ${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = ${JWT_IN_BODY}"
+    ${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = ${JWT_IN_BODY}"
-  if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ]; then
+    if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ] && [ "${JWT_ENABLED}" == "true" ]; then
-    ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}"
+      ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}"
-    ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'"
+      ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'"
-    ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'"
+      ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'"
    fi
  fi
- 
+
  if [ "${USE_UNAUTHORIZED_STORAGE}" == "true" ]; then
    ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults===undefined)this.services.CoAuthoring.requestDefaults={}"
    ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false"
@ -427,16 +403,11 @@ update_welcome_page() {
  WELCOME_PAGE="${APP_DIR}-example/welcome/docker.html"
  if [[ -e $WELCOME_PAGE ]]; then
    DOCKER_CONTAINER_ID=$(basename $(cat /proc/1/cpuset))
-    (( ${#DOCKER_CONTAINER_ID} < 12 )) && DOCKER_CONTAINER_ID=$(hostname)
+    if [[ -x $(command -v docker) ]]; then
-    if (( ${#DOCKER_CONTAINER_ID} >= 12 )); then
+      DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID)
-      if [[ -x $(command -v docker) ]]; then
+      sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE
-        DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID)
+    else
-        sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE
+      sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE
        JWT_MESSAGE=$(echo $JWT_MESSAGE | sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/')
      else
        sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE
        JWT_MESSAGE=$(echo $JWT_MESSAGE | sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/')
      fi
    fi
  fi
 }
@ -488,8 +459,6 @@ update_nginx_settings(){
  if [ -f "${NGINX_ONLYOFFICE_EXAMPLE_CONF}" ]; then
    sed 's/linux/docker/' -i ${NGINX_ONLYOFFICE_EXAMPLE_CONF}
  fi
  documentserver-update-securelink.sh -s ${SECURE_LINK_SECRET:-$(pwgen -s 20)} -r false
 }
 update_supervisor_settings(){
@ -525,7 +494,7 @@ for i in ${DS_LIB_DIR}/App_Data/cache/files ${DS_LIB_DIR}/App_Data/docbuilder ${
 done
 # change folder rights
-for i in ${LOG_DIR} ${LIB_DIR}; do
+for i in ${LOG_DIR} ${LIB_DIR} ${DATA_DIR}; do
  chown -R ds:ds "$i"
  chmod -R 755 "$i"
 done
@ -599,8 +568,6 @@ else
  update_welcome_page
 fi
 find /etc/${COMPANY_NAME} -exec chown ds:ds {} \;
 #start needed local services
 for i in ${LOCAL_SERVICES[@]}; do
  service $i start
@ -649,7 +616,5 @@ if [ "${GENERATE_FONTS}" == "true" ]; then
 fi
 documentserver-static-gzip.sh ${ONLYOFFICE_DATA_CONTAINER}
 echo "${JWT_MESSAGE}" 
 tail -f /var/log/${COMPANY_NAME}/**/*.log &
 wait $!
Author	SHA1	Message	Date
AlexandrKharitonov	f663fbd43b	Update build	2022-01-06 12:18:40 +03:00
AlexandrKharitonov	e3f8ab9a1d	Update build	2022-01-06 12:13:22 +03:00
AlexandrKharitonov	2fbbccccec	add hooks	2022-01-06 11:46:31 +03:00
AlexandrKharitonov	9c1975df7b	Update Dockerfile.cl	2021-12-20 11:01:52 +03:00
AlexandrKharitonov	f9499ba9ff	Create Dockerfile.cl	2021-12-17 17:04:20 +03:00
		`@ -0,0 +1,4 @@`
							`FROM onlyoffice/documentserver-ee:latest`

							`RUN sed -i '/trap clean_exit SIGTERM/s/^/#/' /app/ds/run-document-server.sh`