Andrew Schleifer [Tue, 21 Jun 2022 05:54:36 +0000 (05:54 +0000)]
Bump default base image to 2.0.
20220621-0049
Andrew Schleifer [Tue, 21 Jun 2022 07:19:11 +0000 (07:19 +0000)]
slim: use apt-get instead of apt
WARNING: apt does not have a stable CLI interface. Use with caution in
scripts.
Also apply some DEBIAN_FRONTEND=noninteractive because this is running
in CI.
David Taylor [Mon, 20 Jun 2022 18:12:17 +0000 (19:12 +0100)]
DEV: Remove Ember CLI flag from templates (#633)
Ember CLI assets are now the only option in Discourse. This flag is now a no-op.
Jarek Radosz [Mon, 13 Jun 2022 22:10:43 +0000 (00:10 +0200)]
FIX: Update the macOS memory check (#632)
`free` is not available by default on macOS
Jarek Radosz [Tue, 31 May 2022 11:01:37 +0000 (13:01 +0200)]
FIX: Unset RAILS_ENV to allow running both dev stuff and test (#629)
Trying to run specs with RAILS_ENV=development ends up like:
```
/usr/local/lib/ruby/gems/2.7.0/gems/bootsnap-1.11.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30: warning: ⛔️ WARNING: Sidekiq testing API enabled, but this is not the test environment. Your jobs will not go to Redis.
Randomized with seed 1716
FF
Failures:
1) CategoryBadge escapes HTML in category names / descriptions
Failure/Error: DB.test_transaction = ActiveRecord::Base.connection.current_transaction
NoMethodError:
undefined method `test_transaction=' for #<MiniSqlMultisiteConnection:0x000055a7662ea1e0>
# ./spec/rails_helper.rb:284:in `block (2 levels) in <top (required)>'
# ./spec/rails_helper.rb:277:in `block (2 levels) in <top (required)>'
```
Gabe Pacuilla [Tue, 3 May 2022 15:54:24 +0000 (11:54 -0400)]
DEV: Ensure secure file permissions by default (#627)
`discourse-setup` will now ensure container definitions are
installed with `0600` permissions mode only.
`launcher` will now throw a warning when an existing container
definition is world-readable.
Also clean up leftover `launcher setup` logic which no longer exists.
Merge pre-existing logic into `check_prereqs` function.
Michael Brown [Tue, 3 May 2022 00:41:07 +0000 (20:41 -0400)]
FIX: ensure the latest image is always pulled for the container we're building
If the user has overridden the `base_image` to something other than default, we
may not get the latest version of that image when bootstrapping.
To remedy, always pull the image to check the manifest after we parse it out.
Jarek Radosz [Fri, 29 Apr 2022 18:28:47 +0000 (20:28 +0200)]
FIX: rsyslog uses `adm` group now (#625)
`syslog` group doesn't exist anymore and:
```
# grep -i 'group' /etc/rsyslog.conf
$FileGroup adm
```
Jarek Radosz [Fri, 29 Apr 2022 12:19:37 +0000 (14:19 +0200)]
DEV: Add usage info to auto_build script (#626)
Jarek Radosz [Fri, 29 Apr 2022 10:18:10 +0000 (12:18 +0200)]
DEV: Don't install eslint and babel-eslint (#624)
Core has eslint in its dependencies, so there's no need for global eslint as far I can tell.
Jarek Radosz [Fri, 29 Apr 2022 10:18:02 +0000 (12:18 +0200)]
DEV: Fix workflow formatting (#623)
and update actions/checkout version
Jarek Radosz [Fri, 29 Apr 2022 09:40:27 +0000 (11:40 +0200)]
DEV: Update readme (#622)
Rafael dos Santos Silva [Mon, 18 Apr 2022 21:34:53 +0000 (18:34 -0300)]
Always pull image on arm
Alan Guo Xiang Tan [Wed, 13 Apr 2022 04:22:53 +0000 (12:22 +0800)]
Alan Guo Xiang Tan [Wed, 13 Apr 2022 02:33:37 +0000 (10:33 +0800)]
Bump base Ruby version to 2.7.6
Pulls in fix for CVE-2022-28739
https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/
Stefan Weil [Tue, 5 Apr 2022 09:27:51 +0000 (11:27 +0200)]
Fix some typos (found by codespell) (#613)
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Michael Brown [Thu, 31 Mar 2022 16:28:55 +0000 (12:28 -0400)]
CLEANUP: literally this was my own feedback on my own changes I forgot to push before merging
Michael Brown [Thu, 31 Mar 2022 02:47:08 +0000 (22:47 -0400)]
Add label showing image creation time on commit
Michael Brown [Thu, 31 Mar 2022 02:46:34 +0000 (22:46 -0400)]
Cleanup code in the bootstrap function
I came here to do something else, but could not help cleaning up the bootstrap
code.
* add die() helper
* pull the container ID into an environment variable right away instead of
interpolating it every time
* we don't need to write out to a file prior to piping it into docker
* use $() instead of backticks
* tidied up messaging from failed docker commits
Grant [Thu, 24 Mar 2022 22:51:41 +0000 (22:51 +0000)]
FIX: pg_basebackup parameter in take-database-backup (#611)
take-database-backup tries to use pg_baseback --xlog parameter which
was remove in postgres >=10.
Jarek Radosz [Tue, 15 Mar 2022 09:43:10 +0000 (10:43 +0100)]
DEV: Make wget consistently quiet (#612)
That firefox download is ~1.5k log lines long. 😅
Gabe Pacuilla [Mon, 14 Mar 2022 23:22:43 +0000 (19:22 -0400)]
DEV: use consistent third-party installation method (#610)
* DEV: use consistent third-party installation method
* FIX: slim base image build on aarch64
Gabe Pacuilla [Fri, 4 Mar 2022 20:38:33 +0000 (15:38 -0500)]
DEV: use proper upstream repo path for ruby-build (#609)
Fernando (Ariznaf) [Thu, 3 Mar 2022 13:11:35 +0000 (14:11 +0100)]
Add support for btrfs storage driver in docker
After several months of using btrfs in our forum in production with no issue, I can say that btrfs seems quite stable and I am proposing to add it to the supported storage drivers under docker.
Using btrfs makes it a breeze to take snapshots and revert to a previous state of discourse, and taking backups with minimal forum interrupt time.
Here is a discussion about it in discourse forum:
https://meta.discourse.org/t/unable-to-rebuild-app-not-supported-docker-storage-driver-btrfs/209200/14
Eleni Michalaki [Thu, 3 Mar 2022 15:27:22 +0000 (16:27 +0100)]
Bump base image
Gabe Pacuilla [Thu, 24 Feb 2022 19:14:33 +0000 (14:14 -0500)]
DEV: compile redis with TLS support in our base image (#606)
Rafael dos Santos Silva [Wed, 23 Feb 2022 19:03:53 +0000 (16:03 -0300)]
FIX: Worker connections are set on nginx.conf
Rafael dos Santos Silva [Thu, 17 Feb 2022 19:54:08 +0000 (16:54 -0300)]
FEATURE: Bump and allow customization of nginx worker_processes
MessageBus connections on busy sites can easily use more than the max
default number of connections.
Refer to http://nginx.org/en/docs/ngx_core_module.html#worker_connections
Jarek Radosz [Thu, 27 Jan 2022 23:25:38 +0000 (00:25 +0100)]
Fix checksums
Jarek Radosz [Thu, 27 Jan 2022 23:14:25 +0000 (00:14 +0100)]
DEV: Update nginx
Jarek Radosz [Thu, 27 Jan 2022 23:14:15 +0000 (00:14 +0100)]
DEV: Update ImageMagick
Jarek Radosz [Thu, 27 Jan 2022 23:00:00 +0000 (00:00 +0100)]
DEV: Update oxipng to 5.0.1
Gerhard Schlager [Fri, 11 Feb 2022 17:33:41 +0000 (18:33 +0100)]
DEV: Update phpBB3 template to work with latest base image (#603)
Gabe Pacuilla [Fri, 28 Jan 2022 19:47:14 +0000 (14:47 -0500)]
DEV: update launcher for new base image and pups gem (#602)
Gabe Pacuilla [Fri, 28 Jan 2022 17:37:03 +0000 (12:37 -0500)]
DEV: Install latest pups via gem instead of git clone (#599)
Jarek Radosz [Thu, 27 Jan 2022 23:14:45 +0000 (00:14 +0100)]
DEV: Update ruby to 2.7.5 (#600)
David Taylor [Wed, 26 Jan 2022 10:18:49 +0000 (10:18 +0000)]
FIX: Use `bundle config` instead of deprecated flags (#598)
Bundler 2.3.0 started re-installing and re-invoking itself based on the `BUNDLED WITH` declaration in the Gemfile.lock. The second run of bundler doesn't receive the flags from the initial invocation.
These flags were deprecated some time ago. The recommended solution is to use `bundle config`, which persists the config to the filesystem for future invocations to load.
Leonardo Mosquera [Fri, 14 Jan 2022 17:53:41 +0000 (14:53 -0300)]
FIX: md5 auth replace for postgres.13.template.yml (#594)
There has likely been one s/12/13/ too many in this file.
Note: the typo is not present in the default postgres template; only this specific file, which is otherwise identical to the default one.
Leonardo Mosquera [Fri, 14 Jan 2022 17:53:02 +0000 (14:53 -0300)]
FIX: script name in run-all-tests (#595)
David Taylor [Tue, 11 Jan 2022 12:18:08 +0000 (12:18 +0000)]
FIX: Do not activate plugins before checking compatibility (#593)
https://github.com/discourse/discourse/pull/15537
David Taylor [Wed, 15 Dec 2021 00:09:46 +0000 (00:09 +0000)]
DEV: Fix aarch64 build (#592)
buildx can't build `FROM` a local image, so we need to set up a temporary local registry for the intermediate image
David Taylor [Tue, 14 Dec 2021 14:53:20 +0000 (14:53 +0000)]
DEV: Provide slim versions of the discourse_test image (#586)
Also moves the discourse_test image to use a multi-stage build
David Taylor [Tue, 14 Dec 2021 00:11:03 +0000 (00:11 +0000)]
DEV: Tag the correct images as 'slim' (#591)
David Taylor [Mon, 13 Dec 2021 22:57:16 +0000 (22:57 +0000)]
DEV: Pass `TAG` variable between workflow steps (#590)
David Taylor [Mon, 13 Dec 2021 21:44:07 +0000 (21:44 +0000)]
DEV: Correct GitHub actions build definition (#589)
David Taylor [Mon, 13 Dec 2021 21:03:00 +0000 (21:03 +0000)]
Introduce a discourse/base:slim image (#588)
The base-slim image doesn't run `yarn install` or `bundle install`, so it is much more lightweight. This is intended for use by systems which do their own dependency caching (e.g. GitHub Actions)
The image will be released under the `:slim` tag, and also `:v2.0.{timestamp}-slim`
David Taylor [Mon, 13 Dec 2021 11:56:57 +0000 (11:56 +0000)]
discourse_test: re-use bundled gems from the base file (#587)
By doing `rm -rf .bundle` and `bundle install --standalone`, we were setting up bundle to install gems in `./bundle`. The base file installs gems in `./vendor/bundle`. That means that the test image was ending up with two complete copies of our dependencies.
This commit removes the `--standalone` command, and allows the `./vendor/bundle` artifacts to be re-used in the test image.
Rafael dos Santos Silva [Mon, 6 Dec 2021 19:47:33 +0000 (16:47 -0300)]
Use aarch64 tag automatically when necessary
Rafael dos Santos Silva [Thu, 2 Dec 2021 15:54:42 +0000 (12:54 -0300)]
add buildx and qemu setup
Rafael dos Santos Silva [Thu, 2 Dec 2021 14:24:04 +0000 (11:24 -0300)]
move aarch64 build to CI
Rafael dos Santos Silva [Wed, 1 Dec 2021 20:31:05 +0000 (17:31 -0300)]
try building an image for aarch64
Michael Fitz-Payne [Fri, 26 Nov 2021 02:18:04 +0000 (12:18 +1000)]
discourse/base: remove vim package (#582)
A buffer overflow vulnerability (CVE-2021-3973) has been discovered in
vim. As of the moment, this remains unpatched in Debian. Admittedly the
likelihood of encountering this exploit in the wild within the Discourse
base image is pretty low, but given this image is intended to run
non-interactively vim is not strictly required as a part of the image.
In any case, the package can be added at runtime for debugging purposes.
See https://security-tracker.debian.org/tracker/CVE-2021-3973.
Blake Erickson [Fri, 19 Nov 2021 19:32:44 +0000 (12:32 -0700)]
Bump base image used with launcher (#581)
This change includes the oxipng binary.
See:
244c9cb110df44eb9d846a24b5572471a2687071
Jay Pfaffman [Fri, 12 Nov 2021 15:04:37 +0000 (07:04 -0800)]
FIX: add EMBER_CLI_PROD_ASSETS: 1 to web_only.yml
I just noticed that my test of this wasn't much of a test since the change wasn't applied to web_only...
Blake Erickson [Mon, 8 Nov 2021 17:40:32 +0000 (10:40 -0700)]
DEV: Add oxipng binary to base image (#579)
image_optim, a ruby library we use, now has support for oxipng:
https://github.com/toy/image_optim/pull/190#issuecomment-
920433324
So I'm adding the oxipng binary to the base image so that we can
start using it. There currently isn't an apt package for it.
Robin Ward [Thu, 4 Nov 2021 18:46:08 +0000 (14:46 -0400)]
Use Ember CLI production assets by defaults for new installs (#578)
Rafael dos Santos Silva [Mon, 25 Oct 2021 17:45:24 +0000 (14:45 -0300)]
FIX: Remove expired LE root cert from our local validation
The old root was getting openssl confused, resulting in a new
certificate on every rebuild that could easily trigger existing let's
encrypt rate-limits.
Michael Fitz-Payne [Thu, 21 Oct 2021 05:35:48 +0000 (15:35 +1000)]
Bump base image used with launcher (#575)
Jay Pfaffman [Tue, 19 Oct 2021 19:59:04 +0000 (12:59 -0700)]
FIX: See that force_https is set for lets encrypt
Recent changes to let's encrypt having to do with the surprisingly tragic root certificate update are causing sites not to have `force_https` set.
This set force_https.
There remain some issues with let's encrypt requesting certs when it shouldn't but this fixes the worst of the problem with little effort.
Michael Fitz-Payne [Tue, 19 Oct 2021 02:33:03 +0000 (12:33 +1000)]
Update dependencies (#573)
Arpit Jalan [Fri, 8 Oct 2021 05:36:32 +0000 (11:06 +0530)]
DEV: replace mailcatcher with mailhog (#572)
Michael Brown [Fri, 1 Oct 2021 21:17:32 +0000 (17:17 -0400)]
FIX: the output from which confuses an integer comparison
Thanks @ldmosquera for identifying the problem and fix
Michael Brown [Fri, 1 Oct 2021 21:12:45 +0000 (17:12 -0400)]
FIX: discourse/discourse changed from 'master' to 'main'
Rafael dos Santos Silva [Wed, 8 Sep 2021 16:21:36 +0000 (13:21 -0300)]
DEV: Install evergreen Firefox in test image
Rafael dos Santos Silva [Mon, 6 Sep 2021 21:04:32 +0000 (18:04 -0300)]
Update dependencies
David Taylor [Fri, 27 Aug 2021 10:30:43 +0000 (11:30 +0100)]
DEV: Clean yarn cache after yarn install (#568)
The cache is not required to run the application. This should make the docker image much smaller.
We may want to re-evaluate this decision when switching to yarn v2, which has a very different caching system.
David Taylor [Fri, 27 Aug 2021 10:11:28 +0000 (11:11 +0100)]
PERF: Remove unneeded recursive `chown` (#567)
This command can take a very long time (> 2 minutes on a CDCK build machine) now that the directory contains the `yarn` cache. However, there are no files in `/home/discourse` that are owned by a different user, so the command does absolutely nothing. This can be demonstrated by using the `-c` flag (which prints any changes made):
```
docker run --rm -it discourse/base:2.0.
20210826-1706 /bin/bash -c "time chown -cR discourse /home/discourse"
```
This has an empty output for the latest base image. Therefore this line can be safely removed
Rafael dos Santos Silva [Thu, 26 Aug 2021 19:43:57 +0000 (16:43 -0300)]
Fix #551 regression on old pg
David Taylor [Thu, 26 Aug 2021 18:15:13 +0000 (19:15 +0100)]
FIX: `yarn install` in web.template.yml (#565)
This is required in case dependency versions have changed between the base image, and the current version of Discourse. `yarn install` will only be run when `node_modules` exists, so this change will only affect recent versions of the base image.
David Taylor [Thu, 26 Aug 2021 16:11:01 +0000 (17:11 +0100)]
FIX: Don't install devDependencies in production image (#564)
devDependencies includes `lefthook`, which can cause some unexpected side effects during git operations in a production image
Rafael dos Santos Silva [Mon, 23 Aug 2021 14:31:46 +0000 (11:31 -0300)]
FIX: Don't run yarn install as root
Rafael dos Santos Silva [Fri, 20 Aug 2021 17:05:56 +0000 (14:05 -0300)]
DEV: Add firefox for Ember tests
Also removes install of nodejs/yarn since they are already provided
by the base image.
Rafael dos Santos Silva [Fri, 20 Aug 2021 15:28:22 +0000 (12:28 -0300)]
DEV: Remove references to deprecated main branch
Rafael dos Santos Silva [Thu, 19 Aug 2021 19:39:16 +0000 (16:39 -0300)]
DEV: Also run ember tests in Firefox
Sam Saffron [Fri, 6 Aug 2021 01:11:01 +0000 (11:11 +1000)]
FEATURE: update NGINX mainline
Sam Saffron [Fri, 6 Aug 2021 01:10:46 +0000 (11:10 +1000)]
FEATURE: update Ruby from 2.7.2 -> 2.7.4
Rafael dos Santos Silva [Mon, 16 Aug 2021 15:24:54 +0000 (12:24 -0300)]
FIX: Use example domain in mail receiver example config
Context at https://meta.discourse.org/t/-/193664/4?u=falco
Co-authored-by: Jay Pfaffman <jay@literatecomputing.com>
Paul Buonopane [Thu, 12 Aug 2021 17:05:45 +0000 (13:05 -0400)]
Fix line break handling in Cloudflare template
Cloudflare's IP list has gone back and forth between including a trailing line break and omitting it.
When a trailing line break was first added in 2015, it resulted in a bug: https://meta.discourse.org/t/issue-with-cloudflare-template/35113
The trailing line break was removed again in 2021: https://meta.discourse.org/t/cloudflare-template-broken-again/200219
This fixes the template so that it will work regardless of extra line breaks. It will also safely ignore any empty lines that may appear in the files.
Joel Uckelman [Fri, 6 Aug 2021 20:34:01 +0000 (21:34 +0100)]
FIX: Use the return code from which correctly
The return code of which is the number of arguments which failed...
but what we actually want is 0 when at least one of the docker
exectutables is found and nonzero when none are found.
Rafael dos Santos Silva [Fri, 6 Aug 2021 19:21:10 +0000 (16:21 -0300)]
Run yarn and cache packages
Rafael dos Santos Silva [Fri, 6 Aug 2021 19:02:48 +0000 (16:02 -0300)]
Add yarn to base image
Bernhard Fürst [Fri, 6 Aug 2021 04:33:20 +0000 (06:33 +0200)]
Allow all to connect in with md5 auth using IPv6 (#551)
Joel Uckelman [Fri, 6 Aug 2021 01:22:46 +0000 (02:22 +0100)]
FIX: Don't print error message from which when checking docker install (#549)
'which docker.io || which docker' prints an error message when docker.io
is missing, which will be the case on any non-Ubuntu-based system. This
is confusing and not actually an error unless _both_ are missing.
Jarek Radosz [Fri, 6 Aug 2021 01:17:01 +0000 (03:17 +0200)]
FIX: `/var/lib/docker` doesn't exist on macOS (#543)
Even though `docker info --format '{{.DockerRootDir}}'` returns that path.
Trung Lê [Fri, 6 Aug 2021 01:13:46 +0000 (11:13 +1000)]
Update to NodeJS 16 (#552)
Rafael dos Santos Silva [Tue, 3 Aug 2021 18:50:04 +0000 (15:50 -0300)]
Rename master to main
Rafael dos Santos Silva [Mon, 19 Jul 2021 17:27:20 +0000 (14:27 -0300)]
discourse/discourse moved from master to main
David Taylor [Fri, 18 Jun 2021 11:55:06 +0000 (12:55 +0100)]
Update GitHub actions configuration (#548)
- Only attempt dockerhub push if previous steps are successful
- Make auto_build.rb exit with non-zero status if build fails
- enable experimental features (--squash) for dev image build
David Taylor [Fri, 18 Jun 2021 09:28:05 +0000 (10:28 +0100)]
Add GitHub actions configuration (#547)
Rafael dos Santos Silva [Wed, 16 Jun 2021 17:52:49 +0000 (14:52 -0300)]
Force acme.sh to use LE instead of ZeroSSL
Rafael dos Santos Silva [Wed, 16 Jun 2021 17:05:15 +0000 (14:05 -0300)]
Bump acme.sh to latest
Rafael dos Santos Silva [Mon, 31 May 2021 17:02:27 +0000 (14:02 -0300)]
Promote new base image as default
Rafael dos Santos Silva [Fri, 28 May 2021 16:39:46 +0000 (13:39 -0300)]
Bump deps
Rafael dos Santos Silva [Mon, 19 Apr 2021 20:11:53 +0000 (17:11 -0300)]
Update to NodeJS 15
Penar Musaraj [Tue, 27 Apr 2021 18:32:58 +0000 (14:32 -0400)]
Bump base image (#538)
Jeff Wong [Mon, 12 Apr 2021 23:57:03 +0000 (13:57 -1000)]
no longer allow nested templates (#535)
Penar Musaraj [Mon, 12 Apr 2021 17:15:27 +0000 (13:15 -0400)]
Bump base image to add Terser, remove SVGO (#536)
Sam [Fri, 9 Apr 2021 00:32:05 +0000 (10:32 +1000)]
FEATURE: ensure pups runs a specific version (#534)
Previously we used a "floating" head branch. This makes it impossible to make
any breaking changes in pups.
Penar Musaraj [Thu, 8 Apr 2021 15:34:29 +0000 (11:34 -0400)]
Remove Svgo, update ImageMagick, Redis, Libheif (#533)
Penar Musaraj [Tue, 6 Apr 2021 23:44:44 +0000 (19:44 -0400)]
Add Terser (#532)