diff --git a/bin/podman_shared b/bin/podman_shared index 9cc68c51..9c18c1b6 100644 --- a/bin/podman_shared +++ b/bin/podman_shared @@ -1,370 +1,370 @@ #!/bin/bash PODMAN=podman if [ -d /etc/letsencrypt ]; then LETSENCRYPT_VOLUME="-v /etc/letsencrypt/:/etc/letsencrypt/:ro" fi podman__build() { path=$1 shift name=$1 shift if [[ "$CACHE_REGISTRY" != "" ]]; then CACHE_ARGS="--layers --cache-from=$CACHE_REGISTRY/$name --cache-to=$CACHE_REGISTRY/$name --cache-ttl=24h" fi podman build $@ $CACHE_ARGS $path -t $name } podman__build_base() { podman__build docker/base/ apheleia/almalinux9 -f almalinux9 podman__build docker/swoole apheleia/swoole } podman__build_webapp() { podman__build docker/webapp kolab-webapp --ulimit nofile=65535:65535 \ ${KOLAB_GIT_REMOTE:+"--build-arg=GIT_REMOTE=$KOLAB_GIT_REMOTE"} \ ${KOLAB_GIT_REF:+"--build-arg=GIT_REF=$KOLAB_GIT_REF"} } podman__build_meet() { podman__build docker/meet kolab-meet --ulimit nofile=65535:65535 \ ${KOLAB_GIT_REMOTE:+"--build-arg=GIT_REMOTE=$KOLAB_GIT_REMOTE"} \ ${KOLAB_GIT_REF:+"--build-arg=GIT_REF=$KOLAB_GIT_REF"} } podman__build_roundcube() { podman__build docker/roundcube roundcube --ulimit nofile=65535:65535 \ ${GIT_REMOTE_ROUNDCUBEMAIL:+"--build-arg=GIT_REMOTE_ROUNDCUBEMAIL=$GIT_REMOTE_ROUNDCUBEMAIL"} \ ${GIT_REF_ROUNDCUBEMAIL:+"--build-arg=GIT_REF_ROUNDCUBEMAIL=$GIT_REF_ROUNDCUBEMAIL"} \ ${GIT_REMOTE_ROUNDCUBEMAIL_PLUGINS:+"--build-arg=GIT_REMOTE_ROUNDCUBEMAIL_PLUGINS=$GIT_REMOTE_ROUNDCUBEMAIL_PLUGINS"} \ ${GIT_REF_ROUNDCUBEMAIL_PLUGINS:+"--build-arg=GIT_REF_ROUNDCUBEMAIL_PLUGINS=$GIT_REF_ROUNDCUBEMAIL_PLUGINS"} \ ${GIT_REMOTE_CHWALA:+"--build-arg=GIT_REMOTE_CHWALA=$GIT_REMOTE_CHWALA"} \ ${GIT_REF_CHWALA:+"--build-arg=GIT_REF_CHWALA=$GIT_REF_CHWALA"} \ ${GIT_REMOTE_SYNCROTON:+"--build-arg=GIT_REMOTE_SYNCROTON=$GIT_REMOTE_SYNCROTON"} \ ${GIT_REF_SYNCROTON:+"--build-arg=GIT_REF_SYNCROTON=$GIT_REF_SYNCROTON"} \ ${GIT_REMOTE_AUTOCONF:+"--build-arg=GIT_REMOTE_AUTOCONF=$GIT_REMOTE_AUTOCONF"} \ ${GIT_REF_AUTOCONF:+"--build-arg=GIT_REF_AUTOCONF=$GIT_REF_AUTOCONF"} \ ${GIT_REMOTE_IRONY:+"--build-arg=GIT_REMOTE_IRONY=$GIT_REMOTE_IRONY"} \ ${GIT_REF_IRONY:+"--build-arg=GIT_REF_IRONY=$GIT_REF_IRONY"} \ ${GIT_REMOTE_FREEBUSY:+"--build-arg=GIT_REMOTE_FREEBUSY=$GIT_REMOTE_FREEBUSY"} \ ${GIT_REF_FREEBUSY:+"--build-arg=GIT_REF_FREEBUSY=$GIT_REF_FREEBUSY"} } podman__build_postfix() { podman__build docker/postfix kolab-postfix } podman__build_imap() { podman__build docker/imap kolab-imap \ ${IMAP_GIT_REMOTE:+"--build-arg=GIT_REMOTE=$IMAP_GIT_REMOTE"} \ ${IMAP_GIT_REF:+"--build-arg=GIT_REF=$IMAP_GIT_REF"} } podman__build_amavis() { podman__build docker/amavis kolab-amavis } podman__build_proxy() { podman__build docker/proxy kolab-proxy } podman__build_collabora() { podman build docker/collabora -t kolab-collabora --build-arg=REPOSITORY="https://www.collaboraoffice.com/repos/CollaboraOnline/23.05-CODE/CODE-rpm/" } podman__build_coturn() { podman build docker/coturn -t kolab-coturn } podman__build_utils() { podman build docker/utils -t kolab-utils } podman__build_all() { podman__build_base podman__build_webapp podman__build_meet podman__build_postfix podman__build_imap podman__build_amavis podman__build_collabora podman build docker/mariadb -t mariadb podman build docker/redis -t redis podman__build_proxy podman__build_coturn podman__build_utils podman build docker/fluentbit -t fluentbit podman build docker/synapse -t synapse podman build docker/element -t element podman__build_roundcube } kolab__validate() { POD=$1 $PODMAN exec $POD-imap testsaslauthd -u cyrus-admin -p simple123 $PODMAN exec $POD-imap testsaslauthd -u "john@kolab.org" -p simple123 # Ensure the inbox is created FOUND=false for i in {1..60}; do if $PODMAN exec $POD-imap bash -c 'echo "lm" | cyradm --auth PLAIN -u cyrus-admin -w simple123 --port 11143 localhost | grep "user/john@kolab.org"'; then echo "Found mailbox"; FOUND=true break else echo "Waiting for mailbox"; sleep 1; fi done if ! $FOUND; then echo "Failed to find the inbox for john@kolab.org" exit 1 fi } podman__is_ready() { if [[ "$(timeout 5 podman wait --condition running $1)" != "-1" ]]; then echo "Container $1 is not running" return 1 fi # We can only wait for healthy if healthcheck is available return 0 } podman__healthcheck() { for CONTAINER in $@; do echo "Waiting for ${CONTAINER} to become healthy" while [ $(podman healthcheck run ${CONTAINER}) ]; do echo -n "."; sleep 5; done echo # Abort if the container failed to start if ! podman__is_ready $CONTAINER; then exit 1 fi done } podman__run_proxy() { $PODMAN run -dt --pod $POD --name $POD-proxy --replace \ -v $CERTS_PATH:/etc/certs:ro \ $LETSENCRYPT_VOLUME \ -e APP_WEBSITE_DOMAIN \ -e SSL_CERTIFICATE=${KOLAB_SSL_CERTIFICATE} \ -e SSL_CERTIFICATE_KEY=${KOLAB_SSL_CERTIFICATE_KEY} \ -e WEBAPP_BACKEND="http://localhost:8000" \ -e MEET_BACKEND="http://localhost:12080" \ -e ROUNDCUBE_BACKEND="http://localhost:8080" \ -e DAV_BACKEND="http://localhost:11080/dav" \ -e COLLABORA_BACKEND="http://localhost:9980" \ -e MATRIX_BACKEND="http://localhost:8008" \ -e ELEMENT_BACKEND="http://localhost:8880" \ -e SIEVE_BACKEND="localhost:4190" \ kolab-proxy:latest } podman__run_roundcube() { $PODMAN run -dt --pod $POD --name $POD-roundcube --replace \ -v ./ext:/src.orig:ro \ -e APP_DOMAIN \ -e DES_KEY \ -e DB_HOST \ -e DB_RC_DATABASE="roundcube" \ -e DB_RC_USERNAME="roundcube" \ -e DB_RC_PASSWORD="${DB_PASSWORD:?"missing env variable"}" \ -e IMAP_HOST=127.0.0.1 \ -e IMAP_PORT=11143 \ -e IMAP_ADMIN_LOGIN \ -e IMAP_ADMIN_PASSWORD \ -e SUBMISSION_HOST=127.0.0.1 \ -e SUBMISSION_ENCRYPTION=starttls \ -e SUBMISSION_PORT=10587 \ -e IMAP_DEBUG \ -e LOG_DRIVER=stdout \ -e KOLAB_FILES_SERVER_URL=http://localhost:8080/chwala \ -e FILEAPI_WOPI_OFFICE=http://localhost:9980 \ -e FILEAPI_KOLABFILES_BASEURI=http://localhost:8000/api \ -e FILE_API_SERVER_URL=http://localhost:8080/chwala/api/ \ -e KOLAB_ADDRESSBOOK_CARDDAV_SERVER=http://localhost:11080/dav \ -e CALENDAR_CALDAV_SERVER=http://localhost:11080/dav \ -e TASKLIST_CALDAV_SERVER=http://localhost:11080/dav \ roundcube:latest } podman__run_mariadb() { $PODMAN run -dt --pod $POD --name $POD-mariadb --replace \ $MARIADB_STORAGE \ -e MYSQL_ROOT_PASSWORD=${DB_ROOT_PASSWORD:?"missing env variable"} \ -e TZ="+02:00" \ -e DB_HKCCP_DATABASE="kolabdev" \ -e DB_HKCCP_USERNAME="kolabdev" \ -e DB_HKCCP_PASSWORD=${DB_PASSWORD:?"missing env variable"} \ -e DB_KOLAB_DATABASE="kolab" \ -e DB_KOLAB_USERNAME="kolab" \ -e DB_KOLAB_PASSWORD=${DB_PASSWORD:?"missing env variable"} \ -e DB_RC_DATABASE="roundcube" \ -e DB_RC_USERNAME="roundcube" \ -e DB_RC_PASSWORD=${DB_PASSWORD:?"missing env variable"} \ --health-cmd "mysqladmin -u root ping && test -e /tmp/initialized" \ mariadb:latest } podman__run_redis() { $PODMAN run -dt --pod $POD --name $POD-redis --replace \ $REDIS_STORAGE \ --health-cmd "redis-cli ping || exit 1" \ redis:latest } podman__run_minio() { $PODMAN run -dt --pod $POD --name $POD-minio --replace \ $MINIO_STORAGE \ -e MINIO_ROOT_USER=${MINIO_USER:?"missing env variable"} \ -e MINIO_ROOT_PASSWORD=${MINIO_PASSWORD:?"missing env variable"} \ --health-cmd "mc ready local || exit 1" \ --entrypoint sh \ quay.io/minio/minio:latest -c 'mkdir -p /data/kolab && minio server /data --console-address ":9001"' } podman__run_webapp() { # We run with a fixed config.demo overlay and override the environment with ci/env $PODMAN run -dt --pod $POD --name $POD-webapp --replace \ --env-file=$ENV_FILE \ -v ./src:/src/kolabsrc.orig:ro \ -v ./$CONFIG/src:/src/overlay:ro \ -e NOENVFILE=true \ -e APP_SERVICES_ALLOWED_DOMAINS="webapp,localhost,services.$HOST" \ -e KOLAB_ROLE=combined \ -e PASSPORT_PRIVATE_KEY="$PASSPORT_PRIVATE_KEY" \ -e PASSPORT_PUBLIC_KEY="$PASSPORT_PUBLIC_KEY" \ -e MINIO_ENDPOINT="http://localhost:9000" \ -e MEET_SERVER_URLS="http://127.0.0.1:12080/meetmedia/api/" \ -e MEET_SERVER_VERIFY_TLS=false \ --health-cmd "./artisan octane:status || exit 1" \ kolab-webapp:latest } podman__run_imap() { $PODMAN run -dt --pod $POD --name $POD-imap --replace \ $IMAP_SPOOL_STORAGE \ $IMAP_LIB_STORAGE \ -e APP_SERVICES_DOMAIN="localhost" \ -e SERVICES_PORT=8000 \ -e IMAP_ADMIN_LOGIN \ -e IMAP_ADMIN_PASSWORD \ --health-cmd "test -e /run/saslauthd/mux && kill -0 \$(cat /var/run/master.pid)" \ kolab-imap:latest } podman__run_postfix() { $PODMAN run -dt --pod $POD --name $POD-postfix --replace \ --privileged \ $POSTFIX_SPOOL_STORAGE \ $POSTFIX_LIB_STORAGE \ -v $CERTS_PATH:/etc/certs:ro \ $LETSENCRYPT_VOLUME \ -e SSL_CERTIFICATE="$KOLAB_SSL_CERTIFICATE" \ -e SSL_CERTIFICATE_FULLCHAIN="$KOLAB_SSL_CERTIFICATE_FULLCHAIN" \ -e SSL_CERTIFICATE_KEY="$KOLAB_SSL_CERTIFICATE_KEY" \ -e APP_DOMAIN \ -e APP_SERVICES_DOMAIN="localhost" \ -e SERVICES_PORT=8000 \ -e AMAVIS_HOST=127.0.0.1 \ -e DB_HOST=127.0.0.1 \ -e DB_USERNAME \ -e DB_PASSWORD \ -e DB_DATABASE \ -e LMTP_DESTINATION="localhost:11024" \ --health-cmd "test -e /run/saslauthd/mux && kill -0 \$(cat /var/spool/postfix/pid/master.pid)" \ kolab-postfix:latest } podman__run_amavis() { $PODMAN run -dt --pod $POD --name $POD-amavis --replace \ -e APP_DOMAIN \ -e POSTFIX_HOST=localhost \ -e DB_HOST=localhost \ -e DB_USERNAME \ -e DB_PASSWORD \ -e DB_DATABASE \ kolab-amavis:latest } podman__run_collabora() { $PODMAN run -dt --pod $POD --name $POD-collabora --replace \ --privileged \ -e ALLOWED_HOSTS=${APP_DOMAIN} \ kolab-collabora:latest } podman__run_synapse() { $PODMAN run -dt --pod $POD --name $POD-synapse --replace \ $SYNAPSE_STORAGE \ -v $CERTS_PATH:/etc/certs:ro \ -e APP_DOMAIN \ -e KOLAB_URL="http://127.0.0.1:8000" \ -e SYNAPSE_OAUTH_CLIENT_ID="${PASSPORT_SYNAPSE_OAUTH_CLIENT_ID:?"missing env variable"}" \ -e SYNAPSE_OAUTH_CLIENT_SECRET="${PASSPORT_SYNAPSE_OAUTH_CLIENT_SECRET:?"missing env variable"}" \ synapse:latest } podman__run_element() { $PODMAN run -dt --pod $POD --name $POD-element --replace \ -e APP_DOMAIN \ element:latest } podman__run_meet() { $PODMAN run -dt --pod $POD --name $POD-meet --replace \ -v ./meet/server:/src/meet:ro \ -e WEBRTC_LISTEN_IP=0.0.0.0 \ -e WEBRTC_ANNOUNCED_ADDRESS=${PUBLIC_IP:?"missing env variable"} \ -e PUBLIC_DOMAIN=$APP_DOMAIN \ -e LISTENING_HOST=127.0.0.1 \ -e LISTENING_PORT=12080 \ -e DEBUG="*" \ -e TURN_SERVER=none \ -e AUTH_TOKEN=${MEET_SERVER_TOKEN} \ -e WEBHOOK_TOKEN=${MEET_WEBHOOK_TOKEN} \ -e WEBHOOK_URL=$APP_DOMAIN/api/webhooks/meet \ -e SSL_CERT=none \ -e FORCE_WSS=true \ kolab-meet:latest } function pin_commit() { git ls-remote --exit-code -h "$1" "refs/heads/$2" | awk '{print $1}' } pin_git_refs() { echo "Pinning commits" # This are the pinned commits that are going to be used for the base images export KOLAB_GIT_REMOTE=https://git.kolab.org/source/kolab export KOLAB_GIT_REF=$(pin_commit "$KOLAB_GIT_REMOTE" "master") export GIT_REMOTE_ROUNDCUBEMAIL=https://git.kolab.org/source/roundcubemail.git export GIT_REF_ROUNDCUBEMAIL=$(pin_commit "$GIT_REMOTE_ROUNDCUBEMAIL" "dev/kolab-1.5") export GIT_REMOTE_ROUNDCUBEMAIL_PLUGINS=https://git.kolab.org/diffusion/RPK/roundcubemail-plugins-kolab.git export GIT_REF_ROUNDCUBEMAIL_PLUGINS=$(pin_commit "$GIT_REMOTE_ROUNDCUBEMAIL_PLUGINS" "master") export GIT_REMOTE_CHWALA=https://git.kolab.org/diffusion/C/chwala.git export GIT_REF_CHWALA=$(pin_commit "$GIT_REMOTE_CHWALA" "master") export GIT_REMOTE_SYNCROTON=https://git.kolab.org/diffusion/S/syncroton.git export GIT_REF_SYNCROTON=$(pin_commit "$GIT_REMOTE_SYNCROTON" "master") export GIT_REMOTE_AUTOCONF=https://git.kolab.org/diffusion/AC/autoconf.git export GIT_REF_AUTOCONF=$(pin_commit "$GIT_REMOTE_AUTOCONF" "master") export GIT_REMOTE_IRONY=https://git.kolab.org/source/iRony.git export GIT_REF_IRONY=$(pin_commit "$GIT_REMOTE_IRONY" "master") export GIT_REMOTE_FREEBUSY=https://git.kolab.org/diffusion/F/freebusy.git export GIT_REF_FREEBUSY=$(pin_commit "$GIT_REMOTE_FREEBUSY" "master") export IMAP_GIT_REMOTE=https://git.kolab.org/source/cyrus-imapd - export IMAP_GIT_REF=$(pin_commit "$GIT_REMOTE_FREEBUSY" "dev/kolab-3.6") + export IMAP_GIT_REF=$(pin_commit "$IMAP_GIT_REMOTE" "dev/kolab-3.6") }