diff --git a/ci/env b/ci/env --- a/ci/env +++ b/ci/env @@ -1,6 +1,6 @@ APP_NAME=Kolab APP_ENV=local -APP_KEY= +APP_KEY=base64:EFXja/fHF01EMKiXW200b5zWOynbPzAHfUM78bOp+28= APP_DEBUG=true APP_URL=https://kolab.local APP_PUBLIC_URL=https://kolab.local @@ -152,7 +152,6 @@ APP_PASSPHRASE=simple123 MEET_WEBHOOK_TOKEN=simple123 MEET_SERVER_TOKEN=simple123 -APP_KEY=base64:EFXja/fHF01EMKiXW200b5zWOynbPzAHfUM78bOp+28= PASSPORT_PROXY_OAUTH_CLIENT_ID=5909ca4f-df7e-45fe-b355-e7c195aef117 PASSPORT_PROXY_OAUTH_CLIENT_SECRET=3URb+3JGJM9wPuDnlUSTPOw2mqmHsoOV8NXanx9xwQM= DES_KEY=kBxUM/53N9p9abusAoT0ZEAxwI2pxFz/ diff --git a/ci/kustomize/base/configmaps.yml b/ci/kustomize/base/configmaps.yml new file mode 100644 --- /dev/null +++ b/ci/kustomize/base/configmaps.yml @@ -0,0 +1,149 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: kolab-test-env +data: + APP_DEBUG: "true" + APP_DOMAIN: kolab.local + APP_ENV: local + APP_HEADER_CSP: '"connect-src ''self''; child-src ''self''; font-src ''self''; form-action + ''self'' data:; frame-ancestors ''self''; img-src blob: data: ''self'' *; media-src + ''self''; object-src ''self''; script-src ''self'' ''unsafe-inline'' ''unsafe-eval''; + style-src ''self'' ''unsafe-eval'' ''unsafe-inline''; default-src ''self'';"' + APP_HEADER_XFO: sameorigin + APP_IMAP: "1" + APP_KEY: base64:EFXja/fHF01EMKiXW200b5zWOynbPzAHfUM78bOp+28= + APP_LDAP: "0" + APP_LOCALE: en + APP_LOCALES: "" + APP_NAME: Kolab + APP_PASSPHRASE: simple123 + APP_PUBLIC_URL: https://kolab.local + APP_TENANT_ID: "5" + APP_THEME: default + APP_URL: https://kolab.local + APP_WEBSITE_DOMAIN: kolab.local + APP_WITH_ADMIN: "1" + APP_WITH_FILES: "1" + APP_WITH_RESELLER: "1" + APP_WITH_SERVICES: "1" + APP_WITH_SIGNUP: "1" + APP_WITH_WALLET: "1" + ASSET_URL: https://kolab.local + BROADCAST_DRIVER: redis + CACHE_DRIVER: redis + COMPANY_ADDRESS: "" + COMPANY_DETAILS: "" + COMPANY_EMAIL: "" + COMPANY_FOOTER: "" + COMPANY_LOGO: "" + COMPANY_NAME: kolab.org + DB_CONNECTION: mysql + DB_DATABASE: kolabdev + DB_HOST: mariadb + DB_PASSWORD: simple123 + DB_PORT: "3306" + DB_ROOT_PASSWORD: simple123 + DB_USERNAME: kolabdev + DES_KEY: kBxUM/53N9p9abusAoT0ZEAxwI2pxFz/ + DNS_COPY_FROM: "null" + DNS_SPF: '"v=spf1 mx -all"' + DNS_STATIC: '"%s. MX 10 ext-mx01.mykolab.com."' + DNS_TTL: "3600" + FILESYSTEM_DISK: minio + FIREBASE_API_KEY: "" + GIT_REF_AUTOCONF: master + GIT_REF_CHWALA: dev/mollekopf + GIT_REF_FREEBUSY: master + GIT_REF_IRONY: master + GIT_REF_ROUNDCUBEMAIL: dev/kolab-1.5 + GIT_REF_ROUNDCUBEMAIL_PLUGINS: master + GIT_REF_SYNCROTON: master + GIT_REMOTE_AUTOCONF: https://git.kolab.org/diffusion/AC/autoconf.git + GIT_REMOTE_CHWALA: https://git.kolab.org/diffusion/C/chwala.git + GIT_REMOTE_FREEBUSY: https://git.kolab.org/diffusion/F/freebusy.git + GIT_REMOTE_IRONY: https://git.kolab.org/source/iRony.git + GIT_REMOTE_ROUNDCUBEMAIL: https://git.kolab.org/source/roundcubemail.git + GIT_REMOTE_ROUNDCUBEMAIL_PLUGINS: https://git.kolab.org/diffusion/RPK/roundcubemail-plugins-kolab.git + GIT_REMOTE_SYNCROTON: https://git.kolab.org/diffusion/S/syncroton.git + IMAP_ADMIN_LOGIN: cyrus-admin + IMAP_ADMIN_PASSWORD: simple123 + IMAP_GIT_REF: dev/mollekopf + IMAP_GIT_REMOTE: https://git.kolab.org/source/cyrus-imapd + IMAP_GUAM_PORT: "11143" + IMAP_HOST: imap + IMAP_PORT: "11143" + IMAP_URI: imap:11143 + IMAP_VERIFY_HOST: "false" + IMAP_VERIFY_PEER: "false" + IMAP_WITH_GROUPWARE_DEFAULT_FOLDERS: "false" + KB_ACCOUNT_DELETE: "" + KB_ACCOUNT_SUSPENDED: "" + KB_PAYMENT_SYSTEM: "" + KOLAB_GIT_REF: dev/mollekopf + KOLAB_GIT_REMOTE: https://git.kolab.org/source/kolab + KOLAB_SSL_CERTIFICATE: /etc/certs/kolab.hosted.com.cert + KOLAB_SSL_CERTIFICATE_FULLCHAIN: /etc/certs/kolab.hosted.com.chain.pem + KOLAB_SSL_CERTIFICATE_KEY: /etc/certs/kolab.hosted.com.key + LOG_CHANNEL: stdout + LOG_DEPRECATIONS_CHANNEL: "null" + LOG_LEVEL: debug + LOG_SLOW_REQUESTS: "5" + MAIL_ENCRYPTION: starttls + MAIL_FROM_ADDRESS: '"noreply@kolab.local"' + MAIL_FROM_NAME: '"kolab.local"' + MAIL_HOST: localhost + MAIL_MAILER: smtp + MAIL_PASSWORD: '"simple123"' + MAIL_PORT: "587" + MAIL_REPLYTO_ADDRESS: '"noreply@kolab.local"' + MAIL_REPLYTO_NAME: "null" + MAIL_USERNAME: '"noreply@kolab.local"' + MAIL_VERIFY_PEER: '''false''' + MEET_LISTENING_HOST: meet + MEET_PUBLIC_DOMAIN: kolab.local + MEET_SERVER_TOKEN: simple123 + MEET_SERVER_URLS: https://127.0.0.1:6443/meetmedia/api/ + MEET_SERVER_VERIFY_TLS: "false" + MEET_WEBHOOK_TOKEN: simple123 + MEET_WEBRTC_LISTEN_IP: '''127.0.0.1''' + MFA_DSN: mysql://roundcube:simple123@mariadb/roundcube + MFA_TOTP_DIGEST: sha1 + MFA_TOTP_DIGITS: "6" + MFA_TOTP_INTERVAL: "30" + MINIO_BUCKET: kolab + MINIO_ENDPOINT: http://minio:9000 + MINIO_PASSWORD: simple123 + MINIO_USER: minio + MIX_ASSET_PATH: '''/''' + MOLLIE_KEY: "" + OCTANE_HTTP_HOST: kolab.local + OPENEXCHANGERATES_API_KEY: "" + PASSPORT_PROXY_OAUTH_CLIENT_ID: 5909ca4f-df7e-45fe-b355-e7c195aef117 + PASSPORT_PROXY_OAUTH_CLIENT_SECRET: 3URb+3JGJM9wPuDnlUSTPOw2mqmHsoOV8NXanx9xwQM= + PASSWORD_POLICY: "" + PGP_AGENT: /usr/bin/gpg-agent + PGP_BINARY: /usr/bin/gpg + PGP_ENABLE: "true" + PGP_GPGCONF: /usr/bin/gpgconf + PGP_LENGTH: "" + PROXY_SSL_CERTIFICATE: /etc/certs/imap.hosted.com.cert + PROXY_SSL_CERTIFICATE_KEY: /etc/certs/imap.hosted.com.key + QUEUE_CONNECTION: redis + RATELIMIT_WHITELIST: '"noreply@kolab.local"' + REDIS_HOST: redis + REDIS_PASSWORD: "null" + REDIS_PORT: "6379" + SESSION_DRIVER: file + SESSION_LIFETIME: "120" + SMTP_HOST: imap + SMTP_PORT: "10587" + STRIPE_KEY: "" + STRIPE_PUBLIC_KEY: "" + STRIPE_WEBHOOK_SECRET: "" + SUPPORT_URL: /support + SWOOLE_PACKAGE_MAX_LENGTH: "10485760" + TRUSTED_PROXIES: '"172.18.0.7/8,127.0.0.1/8"' + VAT_COUNTRIES: CH,LI + VAT_RATE: "7.7" + WEBMAIL_URL: /roundcubemail/ diff --git a/ci/kustomize/base/imap_pod.yml b/ci/kustomize/base/imap_pod.yml new file mode 100644 --- /dev/null +++ b/ci/kustomize/base/imap_pod.yml @@ -0,0 +1,88 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: imap + labels: + component: imap +spec: + initContainers: + - name: wait-for-webapp + image: "curlimages/curl:latest" + command: ["/bin/sh","-c"] + args: ["while [ $(curl -sw '%{http_code}' http://webapp:8000 -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for the webserver...'; done"] + containers: + - name: imap + env: + - name: APP_SERVICES_DOMAIN + value: webapp + - name: SERVICES_PORT + value: "8000" + - name: IMAP_ADMIN_LOGIN + value: cyrus-admin + - name: IMAP_ADMIN_PASSWORD + value: simple123 + image: "image-registry.openshift-image-registry.svc:5000/kolab4-ci/imap" + imagePullPolicy: Always + livenessProbe: + initialDelaySeconds: 10 + tcpSocket: + port: 11143 + readinessProbe: + exec: + command: ['test', '-e', '/run/saslauthd/mux'] + resources: {} + securityContext: + capabilities: + drop: + - MKNOD + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - name: var-lib-imap + mountPath: /var/lib/imap + - name: var-spool-imap + mountPath: /var/spool/imap + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + dnsPolicy: ClusterFirst + enableServiceLinks: true + imagePullSecrets: + - name: pipeline-dockercfg-z2lsh + preemptionPolicy: PreemptLowerPriority + priority: 0 + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: pipeline + serviceAccountName: pipeline + terminationGracePeriodSeconds: 30 + volumes: + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + items: + - key: service-ca.crt + path: service-ca.crt + name: openshift-service-ca.crt + - name: var-lib-imap + emptyDir: {} + - name: var-spool-imap + emptyDir: {} diff --git a/ci/kustomize/base/kustomization.yml b/ci/kustomize/base/kustomization.yml new file mode 100644 --- /dev/null +++ b/ci/kustomize/base/kustomization.yml @@ -0,0 +1,11 @@ +resources: + - pods.yml + - imap_pod.yml + - mariadb_pod.yml + - proxy_pod.yml + - secrets.yml + - services.yml + - configmaps.yml + +commonLabels: + app: kolab4-test diff --git a/ci/kustomize/base/mariadb_pod.yml b/ci/kustomize/base/mariadb_pod.yml new file mode 100644 --- /dev/null +++ b/ci/kustomize/base/mariadb_pod.yml @@ -0,0 +1,96 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: mariadb + labels: + component: mariadb +spec: + containers: + - name: mariadb + env: + - name: MYSQL_ROOT_PASSWORD + value: simple123 + - name: TZ + value: "+02:00" + - name: DB_HKCCP_DATABASE + value: kolabdev + - name: DB_HKCCP_USERNAME + value: kolabdev + - name: DB_HKCCP_PASSWORD + value: simple123 + - name: DB_KOLAB_DATABASE + value: kolabdev + - name: DB_KOLAB_USERNAME + value: kolabdev + - name: DB_KOLAB_PASSWORD + value: simple123 + - name: DB_RC_DATABASE + value: roundcube + - name: DB_RC_USERNAME + value: roundcube + - name: DB_RC_PASSWORD + value: simple123 + livenessProbe: + tcpSocket: + port: 3306 + image: "image-registry.openshift-image-registry.svc:5000/kolab4-ci/mariadb" + imagePullPolicy: Always + ports: + - containerPort: 3306 + readinessProbe: + exec: + command: ['mysqladmin', '-u', 'root', 'ping'] + resources: {} + securityContext: + capabilities: + drop: + - MKNOD + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - name: var-lib-mysql + mountPath: /var/lib/mysql + readOnly: False + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + dnsPolicy: ClusterFirst + enableServiceLinks: true + imagePullSecrets: + - name: pipeline-dockercfg-z2lsh + preemptionPolicy: PreemptLowerPriority + priority: 0 + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: pipeline + serviceAccountName: pipeline + terminationGracePeriodSeconds: 30 + volumes: + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + items: + - key: service-ca.crt + path: service-ca.crt + name: openshift-service-ca.crt + - name: var-lib-mysql + emptyDir: {} + diff --git a/ci/kustomize/base/pods.yml b/ci/kustomize/base/pods.yml new file mode 100644 --- /dev/null +++ b/ci/kustomize/base/pods.yml @@ -0,0 +1,355 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: redis + labels: + component: redis +spec: + containers: + - name: redis + image: "image-registry.openshift-image-registry.svc:5000/kolab4-ci/redis" + imagePullPolicy: Always + livenessProbe: + tcpSocket: + port: 6379 + resources: {} + readinessProbe: + exec: + command: ['redis-cli', 'ping'] + securityContext: + capabilities: + drop: + - MKNOD + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - name: var-lib-redis-data + mountPath: /var/lib/redis/data + readOnly: False + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + dnsPolicy: ClusterFirst + enableServiceLinks: true + imagePullSecrets: + - name: pipeline-dockercfg-z2lsh + preemptionPolicy: PreemptLowerPriority + priority: 0 + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: pipeline + serviceAccountName: pipeline + terminationGracePeriodSeconds: 30 + volumes: + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + items: + - key: service-ca.crt + path: service-ca.crt + name: openshift-service-ca.crt + - name: var-lib-redis-data + emptyDir: {} + +--- +apiVersion: v1 +kind: Pod +metadata: + name: roundcube + labels: + component: roundcube +spec: + containers: + - name: roundcube + env: + - name: APP_DOMAIN + value: "kolab.test" + - name: DES_KEY + value: "kBxUM/53N9p9abusAoT0ZEAxwI2pxFz/" + - name: DB_HOST + value: "mariadb" + - name: DB_RC_DATABASE + value: "roundcube" + - name: DB_RC_USERNAME + value: "roundcube" + - name: DB_RC_PASSWORD + value: "simple123" + - name: DB_ROOT_PASSWORD + value: "simple123" + - name: IMAP_HOST + value: "imap" + - name: IMAP_PORT + value: "11143" + # - name: IMAP_ADMIN_LOGIN + # value: cyrus-admin + # - name: IMAP_ADMIN_PASSWORD + # value: simple123 + # - name: MAIL_HOST + # value: localhost + # - name: MAIL_PORT + # value: 10587 + # - name: IMAP_DEBUG + # value: true + # - name: FILEAPI_WOPI_OFFICE + # value: "https://kolab.local" + # - name: CALENDAR_CALDAV_SERVER + # value: "http://imap:11080/dav" + # - name: KOLAB_ADDRESSBOOK_CARDDAV_SERVER + # value: "http://imap:11080/dav" + image: "image-registry.openshift-image-registry.svc:5000/kolab4-ci/roundcube" + imagePullPolicy: Always + resources: {} + securityContext: + capabilities: + drop: + - MKNOD + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + dnsPolicy: ClusterFirst + enableServiceLinks: true + imagePullSecrets: + - name: pipeline-dockercfg-z2lsh + preemptionPolicy: PreemptLowerPriority + priority: 0 + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: pipeline + serviceAccountName: pipeline + terminationGracePeriodSeconds: 30 + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 300 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 300 + volumes: + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + items: + - key: service-ca.crt + path: service-ca.crt + name: openshift-service-ca.crt + +--- +apiVersion: v1 +kind: Pod +metadata: + name: minio + labels: + component: minio +spec: + containers: + - name: minio + env: + - name: MINIO_ROOT_USER + value: "minio" + - name: MINIO_ROOT_PASSWORD + value: "simple123" + command: ['sh', '-c', 'mkdir -p /data/kolab && minio server /data --console-address ":9001"'] + image: "quay.io/minio/minio:latest" + imagePullPolicy: Always + readinessProbe: + exec: + command: ['bash', '-c', 'mc ready local || exit 1'] + resources: {} + securityContext: + capabilities: + drop: + - MKNOD + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + - name: minio-data + mountPath: /data + dnsPolicy: ClusterFirst + enableServiceLinks: true + imagePullSecrets: + - name: pipeline-dockercfg-z2lsh + preemptionPolicy: PreemptLowerPriority + priority: 0 + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: pipeline + serviceAccountName: pipeline + terminationGracePeriodSeconds: 30 + volumes: + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + items: + - key: service-ca.crt + path: service-ca.crt + name: openshift-service-ca.crt + - name: minio-data + emptyDir: {} + +--- +apiVersion: v1 +kind: Pod +metadata: + name: meet + labels: + component: meet +spec: + initContainers: + - name: kolab4-git-source + image: alpine/git + command: ['git', 'clone', 'https://git.kolab.org/source/kolab.git', '/kolab'] + volumeMounts: + - name: kolab4-git-source-config + mountPath: /kolab + readOnly: False + containers: + - name: meet + env: + - name: WEBRTC_LISTEN_IP + value: "127.0.0.1" + - name: WEBRTC_ANNOUNCED_ADDRESS + value: "127.0.0.1" + - name: PUBLIC_DOMAIN + value: "kolab.local" + - name: LISTENING_HOST + value: "127.0.0.1" + - name: LISTENING_PORT + value: "12443" + - name: DEBUG + value: "*" + - name: TURN_SERVER + value: "none" + - name: AUTH_TOKEN + value: "simple123" + - name: WEBHOOK_TOKEN + value: "simple123" + - name: WEBHOOK_URL + value: "kolab.local/api/webhooks/meet" + - name: SSL_CERT + value: "/etc/pki/tls/certs/meet.kolab.local.cert" + - name: SSL_KEY + value: "/etc/pki/tls/private/meet.kolab.local.key" + image: "image-registry.openshift-image-registry.svc:5000/kolab4-ci/meet" + imagePullPolicy: Always + resources: {} + securityContext: + capabilities: + drop: + - MKNOD + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: True + - name: kolab4-git-source-config + subPath: meet/server + mountPath: /src/meet + readOnly: True + - name: kolab4-git-source-config + subPath: docker/certs/meet.kolab.local.cert + mountPath: /etc/pki/tls/certs/meet.kolab.local.cert + readOnly: True + - name: kolab4-git-source-config + subPath: docker/certs/meet.kolab.local.key + mountPath: /etc/pki/tls/certs/meet.kolab.local.key + readOnly: True + + dnsPolicy: ClusterFirst + enableServiceLinks: true + imagePullSecrets: + - name: pipeline-dockercfg-z2lsh + preemptionPolicy: PreemptLowerPriority + priority: 0 + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: pipeline + serviceAccountName: pipeline + terminationGracePeriodSeconds: 30 + volumes: + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + items: + - key: service-ca.crt + path: service-ca.crt + name: openshift-service-ca.crt + - name: kolab4-git-source-config + emptyDir: {} diff --git a/ci/kustomize/base/proxy_pod.yml b/ci/kustomize/base/proxy_pod.yml new file mode 100644 --- /dev/null +++ b/ci/kustomize/base/proxy_pod.yml @@ -0,0 +1,84 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: proxy + labels: + component: proxy +spec: + containers: + - name: proxy + env: + - name: APP_DOMAIN + value: "kolab.local" + - name: APP_WEBSITE_DOMAIN + value: "kolab.local" + - name: SSL_CERTIFICATE + value: "/etc/certs/imap.hosted.com.cert" + - name: SSL_CERTIFICATE_KEY + value: "/etc/certs/imap.hosted.com.key" + - name: WEBAPP_BACKEND + value: "http://webapp:8000" + - name: MEET_BACKEND + value: "https://meet:12443" + - name: ROUNDCUBE_BACKEND + value: "http://roundcube:8080" + - name: DAV_BACKEND + value: "http://dav:11080/dav" + - name: COLLABORA_BACKEND + value: "http://collabora:9980" + image: "image-registry.openshift-image-registry.svc:5000/kolab4-ci/proxy" + imagePullPolicy: Always + resources: {} + securityContext: + capabilities: + drop: + - MKNOD + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - name: docker-certs + mountPath: /etc/certs + readOnly: True + dnsPolicy: ClusterFirst + enableServiceLinks: true + imagePullSecrets: + - name: pipeline-dockercfg-z2lsh + preemptionPolicy: PreemptLowerPriority + priority: 0 + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: pipeline + serviceAccountName: pipeline + terminationGracePeriodSeconds: 30 + volumes: + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + items: + - key: service-ca.crt + path: service-ca.crt + name: openshift-service-ca.crt + - name: docker-certs + configMap: + name: docker-certs + + + diff --git a/ci/kustomize/base/secrets.yml b/ci/kustomize/base/secrets.yml new file mode 100644 --- /dev/null +++ b/ci/kustomize/base/secrets.yml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: passport-keys + namespace: kolab4-ci +type: Opaque +data: + PASSPORT_PRIVATE_KEY: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRQ21ZZVJwN1hYblBlOHcKWDBpT0pScGVza2ZVdU9KL0dxejVkc01JV0ZCNmZQYUk1Lzl0a01FeXArdkNFRjdlRlhMQnJYZVFpNkYvVk5tVgp3bitkR0VRaGtodURvRVhyOFo0YzMzM3dMSDhpT0VGNFdRYnQvV0YzRVJkam1KdDN2S3J5OEIvT0xObW1jSzdqCjRzejgyOGg2TDJaVDZHUGNiR3NOdWt4Qk1jSU1PcGZsbzBTTEh5NFZUaGRvNmIxUTRuRDJLL1BYMXlweWZGYW8KbmozT2ZIQmRTVkxtVGdkN0J2Qi9hellGWVdIUDRJTlk4Y3lsWldJdERYdXFQbEJHU1UyZmYyeFRLWS9XUmNvLwpkanZyTzliTTFXZUkrOFczNkVlTEhFUnJ1MVFScE4yMlRnV0NRMmRiTFJzVnJzTWc4THk2U01lOGNlRFhRdDVDCkxLQU4yNGpGdDFVbkJncitxSzFUcnhrQnR1NStWMldQWVdoVXZCTEkvMnFuRlFoMUdpV01LaW5XUU83ckZDSUMKclJVY1FCVXUyQXlsbUcwUC9vUGpQcmpoQW54cTNIZ3VPbjhjUzFPZUJwT0g3Kzh0ejBDZUVkeVZmVDhtYVZzLwpWV1JaYkViMFVqRkxSTlUraVZFR3p6M2p5UXVLaE9KLzJXdVcwbUp6RjNwUFE2NERsK2ZMeVhxRjFLWE5vUGVtCmV2bW1SakNaV2ZrV0FFQVdkMyt5UmZvT3hHejU1dmFVMXFHUzgxbG5YblAxUjVUWkdYb24yNEhIUzl1UndIdDYKSklJK0ZFd2dxcjhLMlRJU0RQeHg3aVFiWHg4a2NNVU1CSkc4YU5vRzczV1ZYbUhzMHVhRVVzWE15OXZ0ZWdldQovL0lQcE5VVGxianNuOE90K3Q2OG1UTkxVWlg3NHdJREFRQUJBb0lDQUU1ZlpUOEtWbFBmSmlpa2NXSlhrdFRSCmFLbUlqMVFzNWhhNlBRTlV5ay93UmhiV0pVamdlMGpYdFdOYjM3di80V2JleGFmR1JnUGJIWVVBTWFsM2tUdzQKL1JIaThKekQydVVoMTBwSFEzbUVnejVqdlRKa2ZNRWZ3V011TXVsVGF6ajFLQjR2blRSYjl0MnNheitlYlpBMApmS0NBb20xbGVvWGtYK0FEeHJLSTlSejc2NkVXeGxmTnlaUW5LZ0NNTVlhYnpJZzZ0NmxtN1ZFTy9QRWpSN0NCCmhmV3JBcllPWGtHKzZCcmZ0TG05T1ZHdjBHU0dYWmo0Tld6TFhuZkZOcld2U1lEZzNucWh0RE54aDZiMk1HZWIKREdLSHFpcEhWVS92T0VHQTQ0aE9Id3V0TThZWTV2b1pSSjFSaldPYVVtUHpQWGFFTTlOaUVaeWROYVZoYUVwcQptN2pOcHU3UzV4YTJFb2R0Mml6MnVRaG5ESHJZbkdWQ0g1cHNhbDZUWkFvOUFQV3d3Qk9zRlErblh3anhUZUw5CiszSkw2K2pyUDBlcXpOVmhsOGMwY0hKbkJEcFNWTkc3MzRSc0s4WE94bUp5cTNYdDhSb2kzVWQ3Z2p5L0ZHcHYKWGd6RHBrRnZkNXVFVG4xVkl1QWZpcm03TUQ4UmJUSVpBV0NncUNyRTdOdVhPY25CR0h1Qzk1NUtGOE9BeDhucAo4eUN0bG1CU1hLaWZvSWVleXUzMkw4czNnN21kK3hSdWFVOHlSdHVDbFRMS0crNm9SWlljYUZOY1ZLS1p6eXU1CnhueFVTNkhhcGhkNS9MaGduQTN1alhra05QZG1IeFB2Sk9XWUFCU05GZVh6TkYxbnBMLzR3RkxOdnBwTUNQUjEKdjdNN0FuYnZ5RXZLbTFRMmVQZTlBb0lCQVFEaWdJNEFKSWFIZVFpdXFGU0lXaG04TllrT1pGMGpmdldNN0s4dgoxSUFFMFdBVFA4S2JlVElOUzJmVVlack5GczdTNjZQbDFXZFBIN2F0Vm9pN1FWY0lvRmhsWVlScUlMRVRwS0pyCnowZEZMSWlhYWp6UTlrVFB6aExSREdCaE8zVEtiN1JwRm5kWUF1eHpTdzFDLzNKSGI0Y3JEOGtESUI4eFZvYmEKeHZzWGRWc3NxQlFnU2NVcmoxRmY0WlB0RmhxTFBzV252ZEJwYk02TFYvMnQvQ25UdTRxVTJzekpaUU5HUDFRZgpnRWFwYnVaQzZZRmFoWERUZ1lGVGZuL3ZLenlLYi9GaXNrejNSczlqZ1kwOGdSeElhbmRlVXFKSUVvSmkrQ3daCnE2dHdEOHFLekdoQjlueFNBT3doSnpEZzRTeWhOblJRdDVYOFhRV1ZqcHhzM0h4bkFvSUJBUUM4RFBzSURONXIKN2pvWmo1ZDQvazhZZytxMWVjeVNtOXpZeTlMemYwV1VGZ1J1OU5XOVVlVVBSakdYaE5vNVZPeHhCNjJyTVpDSgpFODFJdHhVVlF3SEg0UzYyeWNCUGJzWUVhcEUvaXRTK0tkRXpXUVAydTNIQWtMRDNOMjhzbk1sSWhUSlI4ZlhCCkdhc1duZ3M5UTd1QjdXazBuaUthOFQ3ZkJEeDlwT3lqTWxJUHdvMGxaQ3JVQW5tak9nWitSdnZ1R0RncXBEZHAKaDdKVXh0Rm1zV1BnQkZOWnRyNUJUUmNyNWhXUm9TWEpnUU9EcXBUUUhqUWRkTVd5N0xDSmczcUtMaUtWSU9kNQoraUd6aFVJWnpvOTVGWWl5dDhPamR0M1kwazVKOTlOT3JPd0FQTkx2YkM1VFRzaHRBMTQ0RTl1d0VxQmJUbStTClJ0TFplVkJXWjFjbEFvSUJBUUMwajI2anhucEgvTUJqRzJWbjNRdXU4YTUwZnFXUTZtQ3RHdkQ4M0JYQndYY3AKWVNhdDhndG9kYmdyb2pOWlV0bEZZdnVnK0dJR3ZXMU8rVEMrdGZPL3VMTSsvbUlraURNaFNaa0JBSmY4R09nOAowSHZ5eUo5S1dTaSs1WExma0JvbVZxNG5KL1d6ZjRFbTE2bVd3elJDcGpIR3JpcThCeHRXcFhlVGFCUTZPeCtYCmxkV1ZkN2xxWkRHbWtaanU0elA5MU9pVU04aTBnanlVOEd3V0NuTDlpditLY25IV0NtUjExMzRrTG9vbC8zWW4KMlNWNUYrODliSHZBSjVPdEFYYWRsV2VFR2tjb3lKWUM2UC9DUDlwZ0VCOWdYZGRvUlBrVUZHcHpmRnFLVnN4TApvVzlyUmljTTZCZFV4bjA4aDhTZ0wxekNDOWZRK2dhOWxwWTBZZi81QW9JQkFIN1M1azVFbDVFRTVtd3N1a1JnCmhxbUs5alVVQXRMeGlSMHhRWUQwMmRFSWxFN2NrbllQRUVPZjNIeEtuZjVDZHYrMzVQbHJBUVpoczNZUis0Y08KWE5vWDFUQnptbDQzNEJaRVpOY000M09vc2kxR0lIVTdiM2ttWENNdVlLMGV4R1ZEWjI5NmxucDN2RG9SdHBUSAo1R0s0NGRZWnZFN3cycXovcDJnNVhWcW02azgwcjRxREpwczdYQnVvVzQ2NGd0bk52YnVNYXM2aU5MUVdMazFxCjMyZktvd2dEUmdhMlhpVStGRmZWN2EwYmRHcE5GZlhTR09Xd3hsQm9icHNmYi9wWEtQMllabVNPUEVKZFlmb1QKcEJGT1k1WGNkM1g4Q1p4Y0lXNmpWQUJnZ1AyY0I4cHZGRU1kQS9ENWI0YTBaZG8yaGExdWxiSjZUMk5aL01ONQpDSDBDZ2dFQkFNTFJueExRUkNnZHlyWXJvcWRTQlU4NWZBazB1VS8vcm43aS8xdlFHNnBVeTREcTZXL3lCaEZWCi9GcGg2YzlOWEhVVWJNM0hsdnlZMkh0NGFVUWw4ZDUwd3N5VTZlbnh2cGR3enRpNk4yV1h5ckVYNFd0VnFnTlAKT0tIRXUrbWlpM202a09mdkREOTdBVDRoQUd6Q1pSNGxrYjA2dDQ5eTd1YTROUlphS1RyVGlHM2cydVR0QlI4MQovdzFHdEwrRE5VRUZ6TzFJeTJkc2NXeHI3NkkrWlg2VmxGSEduZVVsaHlOOVZKazhXSFZJNXhwVlY5eTdheTNJCmpYWEZEZ05xanFpU0M2QlU3aVlwa1ZFS2wvaHZhR0pVN0NLTEtGYnh6QmdzZXlZLzdYc01Idldid2pLOGEwTG0KYmFraGllN2hKQlA3Qm9PdXArZEQ1TlFQbFhCUTQzND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLS0K + PASSPORT_PUBLIC_KEY: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUFwbUhrYWUxMTV6M3ZNRjlJamlVYQpYckpIMUxqaWZ4cXMrWGJEQ0ZoUWVuejJpT2YvYlpEQk1xZnJ3aEJlM2hWeXdhMTNrSXVoZjFUWmxjSi9uUmhFCklaSWJnNkJGNi9HZUhOOTk4Q3gvSWpoQmVGa0c3ZjFoZHhFWFk1aWJkN3lxOHZBZnppelpwbkN1NCtMTS9OdkkKZWk5bVUraGozR3hyRGJwTVFUSENERHFYNWFORWl4OHVGVTRYYU9tOVVPSnc5aXZ6MTljcWNueFdxSjQ5em54dwpYVWxTNWs0SGV3YndmMnMyQldGaHorQ0RXUEhNcFdWaUxRMTdxajVRUmtsTm4zOXNVeW1QMWtYS1AzWTc2enZXCnpOVm5pUHZGdCtoSGl4eEVhN3RVRWFUZHRrNEZna05uV3kwYkZhN0RJUEM4dWtqSHZISGcxMExlUWl5Z0RkdUkKeGJkVkp3WUsvcWl0VTY4WkFiYnVmbGRsajJGb1ZMd1N5UDlxcHhVSWRSb2xqQ29wMWtEdTZ4UWlBcTBWSEVBVgpMdGdNcFpodEQvNkQ0ejY0NFFKOGF0eDRManAvSEV0VG5nYVRoKy92TGM5QW5oSGNsWDAvSm1sYlAxVmtXV3hHCjlGSXhTMFRWUG9sUkJzODk0OGtMaW9UaWY5bHJsdEppY3hkNlQwT3VBNWZueThsNmhkU2x6YUQzcG5yNXBrWXcKbVZuNUZnQkFGbmQvc2tYNkRzUnMrZWIybE5haGt2TlpaMTV6OVVlVTJSbDZKOXVCeDB2YmtjQjdlaVNDUGhSTQpJS3EvQ3RreUVnejhjZTRrRzE4ZkpIREZEQVNSdkdqYUJ1OTFsVjVoN05MbWhGTEZ6TXZiN1hvSHJ2L3lENlRWCkU1VzQ3Si9EcmZyZXZKa3pTMUdWKytNQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo= + diff --git a/ci/kustomize/base/services.yml b/ci/kustomize/base/services.yml new file mode 100644 --- /dev/null +++ b/ci/kustomize/base/services.yml @@ -0,0 +1,109 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: mariadb +spec: + clusterIP: None + clusterIPs: + - None + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - port: 3306 + protocol: TCP + targetPort: 3306 + selector: + component: mariadb + sessionAffinity: None + type: ClusterIP + +--- +apiVersion: v1 +kind: Service +metadata: + name: imap +spec: + clusterIP: None + clusterIPs: + - None + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - port: 11143 + protocol: TCP + targetPort: 11143 + selector: + component: imap + sessionAffinity: None + type: ClusterIP + +--- +apiVersion: v1 +kind: Service +metadata: + name: minio +spec: + clusterIP: None + clusterIPs: + - None + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - port: 9000 + protocol: TCP + targetPort: 9000 + selector: + component: minio + sessionAffinity: None + type: ClusterIP + +--- +apiVersion: v1 +kind: Service +metadata: + name: redis +spec: + clusterIP: None + clusterIPs: + - None + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - port: 6379 + protocol: TCP + targetPort: 6379 + selector: + component: redis + sessionAffinity: None + type: ClusterIP + +--- +apiVersion: v1 +kind: Service +metadata: + name: meet +spec: + clusterIP: None + clusterIPs: + - None + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - port: 12443 + protocol: TCP + targetPort: 12443 + selector: + component: meet + sessionAffinity: None + type: ClusterIP diff --git a/ci/kustomize/overlays/demo/kustomization.yml b/ci/kustomize/overlays/demo/kustomization.yml new file mode 100644 --- /dev/null +++ b/ci/kustomize/overlays/demo/kustomization.yml @@ -0,0 +1,9 @@ +bases: + - ../../base + +resources: + - webapp_pod.yml + - webapp_svc.yml + +commonLabels: + app: kolab4-test diff --git a/ci/kustomize/overlays/demo/webapp_pod.yml b/ci/kustomize/overlays/demo/webapp_pod.yml new file mode 100644 --- /dev/null +++ b/ci/kustomize/overlays/demo/webapp_pod.yml @@ -0,0 +1,108 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: webapp + labels: + component: webapp +spec: + initContainers: + - name: kolab4-git-source + image: alpine/git + command: ['git', 'clone', 'https://git.kolab.org/source/kolab.git', '/kolab'] + volumeMounts: + - name: kolab4-git-source-config + mountPath: /kolab + readOnly: False + containers: + - name: webapp + envFrom: + - configMapRef: + name: kolab-test-env + - secretRef: + name: passport-keys + env: + - name: NOENVFILE + value: "true" + - name: APP_SERVICES_ALLOWED_DOMAINS + value: "webapp,localhost,services.kolab.local" + - name: DB_USERNAME + value: kolabdev + - name: DB_PASSWORD + value: simple123 + - name: DB_DATABASE + value: kolabdev + - name: DB_HOST + value: mariadb + image: "image-registry.openshift-image-registry.svc:5000/kolab4-ci/webapp" + imagePullPolicy: Always + readinessProbe: + initialDelaySeconds: 5 + exec: + command: ['bash', '-c', './artisan octane:status || exit 1'] + resources: {} + securityContext: + capabilities: + drop: + - MKNOD + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: True + - name: kolab4-git-source-config + subPath: src + mountPath: /src/kolabsrc.orig + readOnly: True + - name: kolab4-git-source-config + subPath: config.demo/src + mountPath: /src/overlay + readOnly: True + dnsPolicy: ClusterFirst + enableServiceLinks: true + imagePullSecrets: + - name: pipeline-dockercfg-z2lsh + preemptionPolicy: PreemptLowerPriority + priority: 0 + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: pipeline + serviceAccountName: pipeline + terminationGracePeriodSeconds: 30 + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 300 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 300 + volumes: + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + items: + - key: service-ca.crt + path: service-ca.crt + name: openshift-service-ca.crt + - name: kolab4-git-source-config + emptyDir: {} diff --git a/ci/kustomize/overlays/demo/webapp_svc.yml b/ci/kustomize/overlays/demo/webapp_svc.yml new file mode 100644 --- /dev/null +++ b/ci/kustomize/overlays/demo/webapp_svc.yml @@ -0,0 +1,26 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: webapp +spec: + clusterIP: None + clusterIPs: + - None + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: httpform + port: 8000 + protocol: TCP + targetPort: 8000 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + component: webapp + sessionAffinity: None + type: ClusterIP diff --git a/ci/kustomize/overlays/tests/kustomization.yml b/ci/kustomize/overlays/tests/kustomization.yml new file mode 100644 --- /dev/null +++ b/ci/kustomize/overlays/tests/kustomization.yml @@ -0,0 +1,5 @@ +resources: + - tests_job.yml + +commonLabels: + app: kolab4-test diff --git a/ci/kustomize/overlays/tests/tests_job.yml b/ci/kustomize/overlays/tests/tests_job.yml new file mode 100644 --- /dev/null +++ b/ci/kustomize/overlays/tests/tests_job.yml @@ -0,0 +1,98 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + labels: + component: tests + name: tests +spec: + activeDeadlineSeconds: 1800 + backoffLimit: 1 + completions: 1 + parallelism: 1 + template: + metadata: + labels: + component: tests + name: tests + spec: + containers: + - name: tests + command: ['/init.sh', 'testsuite'] + envFrom: + - configMapRef: + name: kolab-test-env + - secretRef: + name: passport-keys + env: + - name: APP_SERVICES_DOMAIN + value: "localhost" + image: "image-registry.openshift-image-registry.svc:5000/kolab4-ci/tests" + imagePullPolicy: Always + resources: {} + securityContext: + capabilities: + drop: + - MKNOD + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - name: kolab4-git-source + mountPath: /src/kolabsrc.orig + readOnly: True + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + dnsPolicy: ClusterFirst + enableServiceLinks: true + hostAliases: + - hostnames: + - kolab.local + - admin.kolab.local + - services.kolab.local + ip: __WEBAPP_POD_IP__ + imagePullSecrets: + - name: pipeline-dockercfg-z2lsh + initContainers: + - name: kolab4-git-source + image: alpine/git + command: ['git', 'clone', 'https://git.kolab.org/source/kolab.git', 'kolab'] + volumeMounts: + - name: kolab4-git-source + mountPath: /kolab + readOnly: False + preemptionPolicy: PreemptLowerPriority + priority: 0 + restartPolicy: Never + schedulerName: default-scheduler + securityContext: {} + serviceAccount: pipeline + serviceAccountName: pipeline + terminationGracePeriodSeconds: 30 + volumes: + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + items: + - key: service-ca.crt + path: service-ca.crt + name: openshift-service-ca.crt + - name: kolab4-git-source + emptyDir: {} + diff --git a/ci/passport_keys b/ci/passport_keys new file mode 100644 --- /dev/null +++ b/ci/passport_keys @@ -0,0 +1,66 @@ +PASSPORT_PRIVATE_KEY="-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCmYeRp7XXnPe8w +X0iOJRpeskfUuOJ/Gqz5dsMIWFB6fPaI5/9tkMEyp+vCEF7eFXLBrXeQi6F/VNmV +wn+dGEQhkhuDoEXr8Z4c333wLH8iOEF4WQbt/WF3ERdjmJt3vKry8B/OLNmmcK7j +4sz828h6L2ZT6GPcbGsNukxBMcIMOpflo0SLHy4VThdo6b1Q4nD2K/PX1ypyfFao +nj3OfHBdSVLmTgd7BvB/azYFYWHP4INY8cylZWItDXuqPlBGSU2ff2xTKY/WRco/ +djvrO9bM1WeI+8W36EeLHERru1QRpN22TgWCQ2dbLRsVrsMg8Ly6SMe8ceDXQt5C +LKAN24jFt1UnBgr+qK1TrxkBtu5+V2WPYWhUvBLI/2qnFQh1GiWMKinWQO7rFCIC +rRUcQBUu2AylmG0P/oPjPrjhAnxq3HguOn8cS1OeBpOH7+8tz0CeEdyVfT8maVs/ +VWRZbEb0UjFLRNU+iVEGzz3jyQuKhOJ/2WuW0mJzF3pPQ64Dl+fLyXqF1KXNoPem +evmmRjCZWfkWAEAWd3+yRfoOxGz55vaU1qGS81lnXnP1R5TZGXon24HHS9uRwHt6 +JII+FEwgqr8K2TISDPxx7iQbXx8kcMUMBJG8aNoG73WVXmHs0uaEUsXMy9vtegeu +//IPpNUTlbjsn8Ot+t68mTNLUZX74wIDAQABAoICAE5fZT8KVlPfJiikcWJXktTR +aKmIj1Qs5ha6PQNUyk/wRhbWJUjge0jXtWNb37v/4WbexafGRgPbHYUAMal3kTw4 +/RHi8JzD2uUh10pHQ3mEgz5jvTJkfMEfwWMuMulTazj1KB4vnTRb9t2saz+ebZA0 +fKCAom1leoXkX+ADxrKI9Rz766EWxlfNyZQnKgCMMYabzIg6t6lm7VEO/PEjR7CB +hfWrArYOXkG+6BrftLm9OVGv0GSGXZj4NWzLXnfFNrWvSYDg3nqhtDNxh6b2MGeb +DGKHqipHVU/vOEGA44hOHwutM8YY5voZRJ1RjWOaUmPzPXaEM9NiEZydNaVhaEpq +m7jNpu7S5xa2Eodt2iz2uQhnDHrYnGVCH5psal6TZAo9APWwwBOsFQ+nXwjxTeL9 ++3JL6+jrP0eqzNVhl8c0cHJnBDpSVNG734RsK8XOxmJyq3Xt8Roi3Ud7gjy/FGpv +XgzDpkFvd5uETn1VIuAfirm7MD8RbTIZAWCgqCrE7NuXOcnBGHuC955KF8OAx8np +8yCtlmBSXKifoIeeyu32L8s3g7md+xRuaU8yRtuClTLKG+6oRZYcaFNcVKKZzyu5 +xnxUS6Haphd5/LhgnA3ujXkkNPdmHxPvJOWYABSNFeXzNF1npL/4wFLNvppMCPR1 +v7M7AnbvyEvKm1Q2ePe9AoIBAQDigI4AJIaHeQiuqFSIWhm8NYkOZF0jfvWM7K8v +1IAE0WATP8KbeTINS2fUYZrNFs7S66Pl1WdPH7atVoi7QVcIoFhlYYRqILETpKJr +z0dFLIiaajzQ9kTPzhLRDGBhO3TKb7RpFndYAuxzSw1C/3JHb4crD8kDIB8xVoba +xvsXdVssqBQgScUrj1Ff4ZPtFhqLPsWnvdBpbM6LV/2t/CnTu4qU2szJZQNGP1Qf +gEapbuZC6YFahXDTgYFTfn/vKzyKb/Fiskz3Rs9jgY08gRxIandeUqJIEoJi+CwZ +q6twD8qKzGhB9nxSAOwhJzDg4SyhNnRQt5X8XQWVjpxs3HxnAoIBAQC8DPsIDN5r +7joZj5d4/k8Yg+q1ecySm9zYy9Lzf0WUFgRu9NW9UeUPRjGXhNo5VOxxB62rMZCJ +E81ItxUVQwHH4S62ycBPbsYEapE/itS+KdEzWQP2u3HAkLD3N28snMlIhTJR8fXB +GasWngs9Q7uB7Wk0niKa8T7fBDx9pOyjMlIPwo0lZCrUAnmjOgZ+RvvuGDgqpDdp +h7JUxtFmsWPgBFNZtr5BTRcr5hWRoSXJgQODqpTQHjQddMWy7LCJg3qKLiKVIOd5 ++iGzhUIZzo95FYiyt8Ojdt3Y0k5J99NOrOwAPNLvbC5TTshtA144E9uwEqBbTm+S +RtLZeVBWZ1clAoIBAQC0j26jxnpH/MBjG2Vn3Quu8a50fqWQ6mCtGvD83BXBwXcp +YSat8gtodbgrojNZUtlFYvug+GIGvW1O+TC+tfO/uLM+/mIkiDMhSZkBAJf8GOg8 +0HvyyJ9KWSi+5XLfkBomVq4nJ/Wzf4Em16mWwzRCpjHGriq8BxtWpXeTaBQ6Ox+X +ldWVd7lqZDGmkZju4zP91OiUM8i0gjyU8GwWCnL9iv+KcnHWCmR1134kLool/3Yn +2SV5F+89bHvAJ5OtAXadlWeEGkcoyJYC6P/CP9pgEB9gXddoRPkUFGpzfFqKVsxL +oW9rRicM6BdUxn08h8SgL1zCC9fQ+ga9lpY0Yf/5AoIBAH7S5k5El5EE5mwsukRg +hqmK9jUUAtLxiR0xQYD02dEIlE7cknYPEEOf3HxKnf5Cdv+35PlrAQZhs3YR+4cO +XNoX1TBzml434BZEZNcM43Oosi1GIHU7b3kmXCMuYK0exGVDZ296lnp3vDoRtpTH +5GK44dYZvE7w2qz/p2g5XVqm6k80r4qDJps7XBuoW464gtnNvbuMas6iNLQWLk1q +32fKowgDRga2XiU+FFfV7a0bdGpNFfXSGOWwxlBobpsfb/pXKP2YZmSOPEJdYfoT +pBFOY5Xcd3X8CZxcIW6jVABggP2cB8pvFEMdA/D5b4a0Zdo2ha1ulbJ6T2NZ/MN5 +CH0CggEBAMLRnxLQRCgdyrYroqdSBU85fAk0uU//rn7i/1vQG6pUy4Dq6W/yBhFV +/Fph6c9NXHUUbM3HlvyY2Ht4aUQl8d50wsyU6enxvpdwzti6N2WXyrEX4WtVqgNP +OKHEu+mii3m6kOfvDD97AT4hAGzCZR4lkb06t49y7ua4NRZaKTrTiG3g2uTtBR81 +/w1GtL+DNUEFzO1Iy2dscWxr76I+ZX6VlFHGneUlhyN9VJk8WHVI5xpVV9y7ay3I +jXXFDgNqjqiSC6BU7iYpkVEKl/hvaGJU7CKLKFbxzBgseyY/7XsMHvWbwjK8a0Lm +bakhie7hJBP7BoOup+dD5NQPlXBQ434= +-----END PRIVATE KEY-----" +PASSPORT_PUBLIC_KEY="-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApmHkae115z3vMF9IjiUa +XrJH1Ljifxqs+XbDCFhQenz2iOf/bZDBMqfrwhBe3hVywa13kIuhf1TZlcJ/nRhE +IZIbg6BF6/GeHN998Cx/IjhBeFkG7f1hdxEXY5ibd7yq8vAfzizZpnCu4+LM/NvI +ei9mU+hj3GxrDbpMQTHCDDqX5aNEix8uFU4XaOm9UOJw9ivz19cqcnxWqJ49znxw +XUlS5k4Hewbwf2s2BWFhz+CDWPHMpWViLQ17qj5QRklNn39sUymP1kXKP3Y76zvW +zNVniPvFt+hHixxEa7tUEaTdtk4FgkNnWy0bFa7DIPC8ukjHvHHg10LeQiygDduI +xbdVJwYK/qitU68ZAbbufldlj2FoVLwSyP9qpxUIdRoljCop1kDu6xQiAq0VHEAV +LtgMpZhtD/6D4z644QJ8atx4Ljp/HEtTngaTh+/vLc9AnhHclX0/JmlbP1VkWWxG +9FIxS0TVPolRBs8948kLioTif9lrltJicxd6T0OuA5fny8l6hdSlzaD3pnr5pkYw +mVn5FgBAFnd/skX6DsRs+eb2lNahkvNZZ15z9UeU2Rl6J9uBx0vbkcB7eiSCPhRM +IKq/CtkyEgz8ce4kG18fJHDFDASRvGjaBu91lV5h7NLmhFLFzMvb7XoHrv/yD6TV +E5W47J/DrfrevJkzS1GV++MCAwEAAQ== +-----END PUBLIC KEY-----" diff --git a/docker/base/almalinux9 b/docker/base/almalinux9 --- a/docker/base/almalinux9 +++ b/docker/base/almalinux9 @@ -6,10 +6,10 @@ ENV LC_ALL=C.utf8 # Add EPEL. -RUN dnf -y install 'dnf-command(config-manager)' && \ +RUN dnf -qy install 'dnf-command(config-manager)' && \ dnf config-manager --set-enabled crb && \ - dnf -y install epel-release && \ - dnf -y install iputils vim-enhanced bind-utils procps-ng tcpdump telnet mc && \ + dnf -qy install epel-release && \ + dnf -qy install iputils vim-enhanced bind-utils procps-ng tcpdump telnet mc && \ dnf clean all && \ rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9 diff --git a/docker/imap/Dockerfile b/docker/imap/Dockerfile --- a/docker/imap/Dockerfile +++ b/docker/imap/Dockerfile @@ -1,4 +1,4 @@ -FROM apheleia/almalinux9 +FROM kolab4-ci/almalinux9 WORKDIR /root/ diff --git a/docker/meet/Dockerfile b/docker/meet/Dockerfile --- a/docker/meet/Dockerfile +++ b/docker/meet/Dockerfile @@ -1,4 +1,4 @@ -FROM apheleia/almalinux9 +FROM kolab4-ci/almalinux9 RUN dnf -y install \ --setopt 'tsflags=nodocs' \ diff --git a/docker/proxy/Dockerfile b/docker/proxy/Dockerfile --- a/docker/proxy/Dockerfile +++ b/docker/proxy/Dockerfile @@ -1,4 +1,4 @@ -FROM apheleia/almalinux9 +FROM kolab4-ci/almalinux9 RUN dnf -y install \ --setopt 'tsflags=nodocs' \ diff --git a/docker/redis/Dockerfile b/docker/redis/Dockerfile --- a/docker/redis/Dockerfile +++ b/docker/redis/Dockerfile @@ -1,4 +1,4 @@ -FROM apheleia/almalinux9 +FROM kolab4-ci/almalinux9 RUN id default || (groupadd -g 1001 default && useradd -d /opt/app-root/ -u 1001 -g 1001 default) diff --git a/docker/roundcube/Dockerfile b/docker/roundcube/Dockerfile --- a/docker/roundcube/Dockerfile +++ b/docker/roundcube/Dockerfile @@ -1,4 +1,4 @@ -FROM apheleia/almalinux9 +FROM kolab4-ci/almalinux9 ENV HOME=/opt/app-root/src diff --git a/docker/swoole/Dockerfile b/docker/swoole/Dockerfile --- a/docker/swoole/Dockerfile +++ b/docker/swoole/Dockerfile @@ -1,14 +1,14 @@ -FROM apheleia/almalinux9 +FROM kolab4-ci/almalinux9 ARG SWOOLE_VERSION=v5.0.2 ENV HOME=/opt/app-root/src RUN dnf module reset php && \ - dnf install -y https://rpms.remirepo.net/enterprise/remi-release-9.rpm && \ - dnf module -y enable php:remi-8.1 && \ - dnf module -y enable nodejs:20 && \ - dnf -y install \ + dnf install -qy https://rpms.remirepo.net/enterprise/remi-release-9.rpm && \ + dnf module -qy enable php:remi-8.1 && \ + dnf module -qy enable nodejs:20 && \ + dnf -qy install \ --setopt=install_weak_deps=False \ --setopt 'tsflags=nodocs' \ composer \ @@ -48,7 +48,7 @@ make install && \ cd / && \ rm -rf /swoole-src.git/ && \ - dnf -y remove \ + dnf -qy remove \ diffutils \ file \ make \ diff --git a/docker/tests/Dockerfile b/docker/tests/Dockerfile --- a/docker/tests/Dockerfile +++ b/docker/tests/Dockerfile @@ -1,4 +1,4 @@ -FROM kolab-webapp:latest +FROM kolab4-ci/webapp:latest USER root diff --git a/docker/webapp/Dockerfile b/docker/webapp/Dockerfile --- a/docker/webapp/Dockerfile +++ b/docker/webapp/Dockerfile @@ -1,8 +1,8 @@ -FROM apheleia/swoole:latest +FROM kolab4-ci/swoole:latest USER root -RUN dnf -y install findutils gnupg2 git rsync && \ +RUN dnf -y install findutils gnupg2 git rsync iproute && \ dnf clean all EXPOSE 8000