Rafael dos Santos Silva [Thu, 2 Dec 2021 15:54:42 +0000 (12:54 -0300)]
add buildx and qemu setup
Rafael dos Santos Silva [Thu, 2 Dec 2021 14:24:04 +0000 (11:24 -0300)]
move aarch64 build to CI
Rafael dos Santos Silva [Wed, 1 Dec 2021 20:31:05 +0000 (17:31 -0300)]
try building an image for aarch64
Michael Fitz-Payne [Fri, 26 Nov 2021 02:18:04 +0000 (12:18 +1000)]
discourse/base: remove vim package (#582)
A buffer overflow vulnerability (CVE-2021-3973) has been discovered in
vim. As of the moment, this remains unpatched in Debian. Admittedly the
likelihood of encountering this exploit in the wild within the Discourse
base image is pretty low, but given this image is intended to run
non-interactively vim is not strictly required as a part of the image.
In any case, the package can be added at runtime for debugging purposes.
See https://security-tracker.debian.org/tracker/CVE-2021-3973.
Blake Erickson [Fri, 19 Nov 2021 19:32:44 +0000 (12:32 -0700)]
Bump base image used with launcher (#581)
This change includes the oxipng binary.
See:
244c9cb110df44eb9d846a24b5572471a2687071
Jay Pfaffman [Fri, 12 Nov 2021 15:04:37 +0000 (07:04 -0800)]
FIX: add EMBER_CLI_PROD_ASSETS: 1 to web_only.yml
I just noticed that my test of this wasn't much of a test since the change wasn't applied to web_only...
Blake Erickson [Mon, 8 Nov 2021 17:40:32 +0000 (10:40 -0700)]
DEV: Add oxipng binary to base image (#579)
image_optim, a ruby library we use, now has support for oxipng:
https://github.com/toy/image_optim/pull/190#issuecomment-
920433324
So I'm adding the oxipng binary to the base image so that we can
start using it. There currently isn't an apt package for it.
Robin Ward [Thu, 4 Nov 2021 18:46:08 +0000 (14:46 -0400)]
Use Ember CLI production assets by defaults for new installs (#578)
Rafael dos Santos Silva [Mon, 25 Oct 2021 17:45:24 +0000 (14:45 -0300)]
FIX: Remove expired LE root cert from our local validation
The old root was getting openssl confused, resulting in a new
certificate on every rebuild that could easily trigger existing let's
encrypt rate-limits.
Michael Fitz-Payne [Thu, 21 Oct 2021 05:35:48 +0000 (15:35 +1000)]
Bump base image used with launcher (#575)
Jay Pfaffman [Tue, 19 Oct 2021 19:59:04 +0000 (12:59 -0700)]
FIX: See that force_https is set for lets encrypt
Recent changes to let's encrypt having to do with the surprisingly tragic root certificate update are causing sites not to have `force_https` set.
This set force_https.
There remain some issues with let's encrypt requesting certs when it shouldn't but this fixes the worst of the problem with little effort.
Michael Fitz-Payne [Tue, 19 Oct 2021 02:33:03 +0000 (12:33 +1000)]
Update dependencies (#573)
Arpit Jalan [Fri, 8 Oct 2021 05:36:32 +0000 (11:06 +0530)]
DEV: replace mailcatcher with mailhog (#572)
Michael Brown [Fri, 1 Oct 2021 21:17:32 +0000 (17:17 -0400)]
FIX: the output from which confuses an integer comparison
Thanks @ldmosquera for identifying the problem and fix
Michael Brown [Fri, 1 Oct 2021 21:12:45 +0000 (17:12 -0400)]
FIX: discourse/discourse changed from 'master' to 'main'
Rafael dos Santos Silva [Wed, 8 Sep 2021 16:21:36 +0000 (13:21 -0300)]
DEV: Install evergreen Firefox in test image
Rafael dos Santos Silva [Mon, 6 Sep 2021 21:04:32 +0000 (18:04 -0300)]
Update dependencies
David Taylor [Fri, 27 Aug 2021 10:30:43 +0000 (11:30 +0100)]
DEV: Clean yarn cache after yarn install (#568)
The cache is not required to run the application. This should make the docker image much smaller.
We may want to re-evaluate this decision when switching to yarn v2, which has a very different caching system.
David Taylor [Fri, 27 Aug 2021 10:11:28 +0000 (11:11 +0100)]
PERF: Remove unneeded recursive `chown` (#567)
This command can take a very long time (> 2 minutes on a CDCK build machine) now that the directory contains the `yarn` cache. However, there are no files in `/home/discourse` that are owned by a different user, so the command does absolutely nothing. This can be demonstrated by using the `-c` flag (which prints any changes made):
```
docker run --rm -it discourse/base:2.0.
20210826-1706 /bin/bash -c "time chown -cR discourse /home/discourse"
```
This has an empty output for the latest base image. Therefore this line can be safely removed
Rafael dos Santos Silva [Thu, 26 Aug 2021 19:43:57 +0000 (16:43 -0300)]
Fix #551 regression on old pg
David Taylor [Thu, 26 Aug 2021 18:15:13 +0000 (19:15 +0100)]
FIX: `yarn install` in web.template.yml (#565)
This is required in case dependency versions have changed between the base image, and the current version of Discourse. `yarn install` will only be run when `node_modules` exists, so this change will only affect recent versions of the base image.
David Taylor [Thu, 26 Aug 2021 16:11:01 +0000 (17:11 +0100)]
FIX: Don't install devDependencies in production image (#564)
devDependencies includes `lefthook`, which can cause some unexpected side effects during git operations in a production image
Rafael dos Santos Silva [Mon, 23 Aug 2021 14:31:46 +0000 (11:31 -0300)]
FIX: Don't run yarn install as root
Rafael dos Santos Silva [Fri, 20 Aug 2021 17:05:56 +0000 (14:05 -0300)]
DEV: Add firefox for Ember tests
Also removes install of nodejs/yarn since they are already provided
by the base image.
Rafael dos Santos Silva [Fri, 20 Aug 2021 15:28:22 +0000 (12:28 -0300)]
DEV: Remove references to deprecated main branch
Rafael dos Santos Silva [Thu, 19 Aug 2021 19:39:16 +0000 (16:39 -0300)]
DEV: Also run ember tests in Firefox
Sam Saffron [Fri, 6 Aug 2021 01:11:01 +0000 (11:11 +1000)]
FEATURE: update NGINX mainline
Sam Saffron [Fri, 6 Aug 2021 01:10:46 +0000 (11:10 +1000)]
FEATURE: update Ruby from 2.7.2 -> 2.7.4
Rafael dos Santos Silva [Mon, 16 Aug 2021 15:24:54 +0000 (12:24 -0300)]
FIX: Use example domain in mail receiver example config
Context at https://meta.discourse.org/t/-/193664/4?u=falco
Co-authored-by: Jay Pfaffman <jay@literatecomputing.com>
Paul Buonopane [Thu, 12 Aug 2021 17:05:45 +0000 (13:05 -0400)]
Fix line break handling in Cloudflare template
Cloudflare's IP list has gone back and forth between including a trailing line break and omitting it.
When a trailing line break was first added in 2015, it resulted in a bug: https://meta.discourse.org/t/issue-with-cloudflare-template/35113
The trailing line break was removed again in 2021: https://meta.discourse.org/t/cloudflare-template-broken-again/200219
This fixes the template so that it will work regardless of extra line breaks. It will also safely ignore any empty lines that may appear in the files.
Joel Uckelman [Fri, 6 Aug 2021 20:34:01 +0000 (21:34 +0100)]
FIX: Use the return code from which correctly
The return code of which is the number of arguments which failed...
but what we actually want is 0 when at least one of the docker
exectutables is found and nonzero when none are found.
Rafael dos Santos Silva [Fri, 6 Aug 2021 19:21:10 +0000 (16:21 -0300)]
Run yarn and cache packages
Rafael dos Santos Silva [Fri, 6 Aug 2021 19:02:48 +0000 (16:02 -0300)]
Add yarn to base image
Bernhard Fürst [Fri, 6 Aug 2021 04:33:20 +0000 (06:33 +0200)]
Allow all to connect in with md5 auth using IPv6 (#551)
Joel Uckelman [Fri, 6 Aug 2021 01:22:46 +0000 (02:22 +0100)]
FIX: Don't print error message from which when checking docker install (#549)
'which docker.io || which docker' prints an error message when docker.io
is missing, which will be the case on any non-Ubuntu-based system. This
is confusing and not actually an error unless _both_ are missing.
Jarek Radosz [Fri, 6 Aug 2021 01:17:01 +0000 (03:17 +0200)]
FIX: `/var/lib/docker` doesn't exist on macOS (#543)
Even though `docker info --format '{{.DockerRootDir}}'` returns that path.
Trung Lê [Fri, 6 Aug 2021 01:13:46 +0000 (11:13 +1000)]
Update to NodeJS 16 (#552)
Rafael dos Santos Silva [Tue, 3 Aug 2021 18:50:04 +0000 (15:50 -0300)]
Rename master to main
Rafael dos Santos Silva [Mon, 19 Jul 2021 17:27:20 +0000 (14:27 -0300)]
discourse/discourse moved from master to main
David Taylor [Fri, 18 Jun 2021 11:55:06 +0000 (12:55 +0100)]
Update GitHub actions configuration (#548)
- Only attempt dockerhub push if previous steps are successful
- Make auto_build.rb exit with non-zero status if build fails
- enable experimental features (--squash) for dev image build
David Taylor [Fri, 18 Jun 2021 09:28:05 +0000 (10:28 +0100)]
Add GitHub actions configuration (#547)
Rafael dos Santos Silva [Wed, 16 Jun 2021 17:52:49 +0000 (14:52 -0300)]
Force acme.sh to use LE instead of ZeroSSL
Rafael dos Santos Silva [Wed, 16 Jun 2021 17:05:15 +0000 (14:05 -0300)]
Bump acme.sh to latest
Rafael dos Santos Silva [Mon, 31 May 2021 17:02:27 +0000 (14:02 -0300)]
Promote new base image as default
Rafael dos Santos Silva [Fri, 28 May 2021 16:39:46 +0000 (13:39 -0300)]
Bump deps
Rafael dos Santos Silva [Mon, 19 Apr 2021 20:11:53 +0000 (17:11 -0300)]
Update to NodeJS 15
Penar Musaraj [Tue, 27 Apr 2021 18:32:58 +0000 (14:32 -0400)]
Bump base image (#538)
Jeff Wong [Mon, 12 Apr 2021 23:57:03 +0000 (13:57 -1000)]
no longer allow nested templates (#535)
Penar Musaraj [Mon, 12 Apr 2021 17:15:27 +0000 (13:15 -0400)]
Bump base image to add Terser, remove SVGO (#536)
Sam [Fri, 9 Apr 2021 00:32:05 +0000 (10:32 +1000)]
FEATURE: ensure pups runs a specific version (#534)
Previously we used a "floating" head branch. This makes it impossible to make
any breaking changes in pups.
Penar Musaraj [Thu, 8 Apr 2021 15:34:29 +0000 (11:34 -0400)]
Remove Svgo, update ImageMagick, Redis, Libheif (#533)
Penar Musaraj [Tue, 6 Apr 2021 23:44:44 +0000 (19:44 -0400)]
Add Terser (#532)
Jeff Wong [Mon, 5 Apr 2021 16:13:53 +0000 (06:13 -1000)]
Reverse the order of nested templates. (#531)
Reverses the order of nested template declaration.
This way templates that depend nested templates over the same
hook are ensured to run in the proper order.
Ensures consistency of run-order template includes, for both
base yml files, and nested template yml
eg:
base.yml
```
templates:
- "templates/template1.yml"
hooks:
after_code:
- exec: cat "/tmp/file_made_from_template1.yml.txt"
```
template1.yml
```
templates:
- "templates/template2.yml"
hooks:
after_code:
- exec: cat "/tmp/file_made_from_template2.yml.txt"
- exec: echo "data from template1" > /tmp/file_made_from_template1.yml.txt
```
template2.yml
```
hooks:
after_code:
- exec: echo "data from template2" > /tmp/file_made_from_template2.yml.txt
```
David Taylor [Tue, 23 Mar 2021 14:40:49 +0000 (14:40 +0000)]
DEV: Parse and install bundler version from Gemfile.lock (#530)
This ensures that changes in Bundler's behavior are only introduced
when we deliberately bump the version in the Gemfile
Justin DiRose [Mon, 8 Mar 2021 22:06:53 +0000 (16:06 -0600)]
DEV: Add import template for Vanilla (#529)
Jay Pfaffman [Mon, 22 Feb 2021 21:52:20 +0000 (13:52 -0800)]
FIX: discourse-setup stop running container (#528)
This got commented out during testing of the previous commit
Jay Pfaffman [Thu, 11 Feb 2021 19:19:41 +0000 (11:19 -0800)]
feature: discourse-setup email config improvements
Rafael dos Santos Silva [Thu, 18 Feb 2021 19:01:50 +0000 (16:01 -0300)]
Bump base image for OpenSSL CVEs
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947949
YAEGASHI Takeshi [Sat, 16 May 2020 14:39:15 +0000 (23:39 +0900)]
Ensure it overrides all locale related variables
LC_ALL, LANG and LANGUAGE are set to en_US.UTF-8 in the docker image.
The config should override all of them when other locale is needed.
Otherwise it fails to create a DB with the proper locale setting.
Sam Saffron [Mon, 8 Feb 2021 01:04:01 +0000 (12:04 +1100)]
FIX: match prune time for cleanup with description
Previously docs said we prune after 24 hours but we pruned after 1 hour.
Jay Pfaffman [Wed, 27 Jan 2021 18:30:15 +0000 (10:30 -0800)]
FIX: discourse-setup MAXMIND works correctly
Ouch. This was worse than I thought.
Things fixed:
- consistent formatting (mostly that after `then` was indented by 4, not 2)
- fail if `DISCOURSE_MAXMIND_LICENSE_KEY` is not added to $web_file
- detect if `web_only.yml` exists
- stop `web_only` if it exists rather than non-existing `app` (but why is it stopping it anyway?)
- don't try to `assert_maxmind_license_key` before `app.yml` exists
Jay Pfaffman [Wed, 27 Jan 2021 01:29:56 +0000 (17:29 -0800)]
use $web_file not app.yml
Maybe this will do the trick
Jay Pfaffman [Wed, 27 Jan 2021 01:16:48 +0000 (17:16 -0800)]
FIX: discourse-setup was not adding MAXMIND key
Oops. The line that was supposed to add the MAXMIND line to app.yml was broken.
Penar Musaraj [Thu, 4 Feb 2021 15:15:05 +0000 (10:15 -0500)]
Revert "Separate themes:update and assets:precompile tasks (#522)" (#523)
This reverts commit
70686cf6ee53432aa9f92880c368e52a589f7196.
Penar Musaraj [Thu, 4 Feb 2021 13:52:03 +0000 (08:52 -0500)]
Separate themes:update and assets:precompile tasks (#522)
Rafael dos Santos Silva [Wed, 27 Jan 2021 21:23:36 +0000 (18:23 -0300)]
Re-add removed packages
Rafael dos Santos Silva [Wed, 27 Jan 2021 20:31:10 +0000 (17:31 -0300)]
Make script work on ubuntu and debian
Rafael dos Santos Silva [Wed, 27 Jan 2021 19:18:37 +0000 (16:18 -0300)]
No inline comments in bash
Rafael dos Santos Silva [Wed, 27 Jan 2021 17:50:55 +0000 (14:50 -0300)]
Update ImageMagick build
- Use libpng from package manager
- Update libheif
- Update ImageMagick
- Adds libaom so libheif and IM can deal with AVIF image format
Rafael dos Santos Silva [Wed, 27 Jan 2021 17:27:59 +0000 (14:27 -0300)]
Bump Redis minor version
Rafael dos Santos Silva [Wed, 27 Jan 2021 17:24:41 +0000 (14:24 -0300)]
Bump to NodeJS 14 since NodeJS 10 is EOL this April
Rafael dos Santos Silva [Wed, 27 Jan 2021 17:23:54 +0000 (14:23 -0300)]
Use pngquant from package manager
Rafael dos Santos Silva [Wed, 27 Jan 2021 17:13:56 +0000 (14:13 -0300)]
Use pngcrush from package manager
Rafael dos Santos Silva [Wed, 27 Jan 2021 17:09:27 +0000 (14:09 -0300)]
Remove gifsicle dependency
https://github.com/discourse/discourse/commit/
43e52a7dc1d9e610792ff37755d26b1168ecf20d
Rafael dos Santos Silva [Wed, 27 Jan 2021 17:02:57 +0000 (14:02 -0300)]
nginx brotli module bundles libbrotli nowadays
Jay Pfaffman [Sat, 23 Jan 2021 01:24:46 +0000 (17:24 -0800)]
Support maxmind (#512)
* add prompts for maxmind
* can leave key blank
* include message for removing key
* fix maxmind prompts
* cleanup assert_maxmind_license_key
* remove changes to check_port()
* remove trailing whitespace
* do not remove ip match check
* fix indent for chech_IP_match
* remove all trailing whitespace
Rafael dos Santos Silva [Thu, 21 Jan 2021 15:05:26 +0000 (12:05 -0300)]
Expose SMTP_DOMAIN Global Setting in sample file (#515)
This is useful when using some SMTP providers, like Google Apps
https://meta.discourse.org/t/discourse-smtp-sends-ehlo-localhost-instead-of-domain-breaking-google-smtp-relay/176755/6?u=falco
tshenry [Sat, 9 Jan 2021 05:08:05 +0000 (21:08 -0800)]
FEATURE: Add validation to admin email prompt in discourse-setup (#514)
Spencer Imbleau [Fri, 8 Jan 2021 00:15:02 +0000 (19:15 -0500)]
FEATURE: Changed awk config command to be more cross platform (#513)
in Ubuntu 20.04 LTS, pre installed is mawk 1.3.4, which is called when you use awk. In this version, "--field-seperator" is not a valid option, leaving discourse-doctor with many errors.
Described in https://meta.discourse.org/t/discourse-doctor-parsing-smtp-credentials-not-working-admin-registration-email-not-working/174461, this commit aims to use -F as the accepted flag for field separation which is unambiguous across GNU AWK and Ubuntu MAWK.
Rafael dos Santos Silva [Mon, 21 Dec 2020 22:45:38 +0000 (19:45 -0300)]
FEATURE: Bump base image (#511)
Provides new version of ImageMagick
Jeff Atwood [Mon, 21 Dec 2020 20:46:01 +0000 (12:46 -0800)]
Add maxmind geolocation IP key to web template (#510)
Add maxmind geolocation IP key to web only template (commented out)
Jeff Atwood [Mon, 21 Dec 2020 20:17:41 +0000 (12:17 -0800)]
Update standalone.yml (#508)
Rafael dos Santos Silva [Mon, 21 Dec 2020 19:46:50 +0000 (16:46 -0300)]
Revert "Add env var for image version (#507)" (#509)
This reverts commit
35806741fe8934367a010e1fcf4de9b483ce038c.
Rafael dos Santos Silva [Fri, 18 Dec 2020 20:10:18 +0000 (17:10 -0300)]
Add env var for image version (#507)
Rafael dos Santos Silva [Fri, 18 Dec 2020 17:34:54 +0000 (14:34 -0300)]
Adds WEBP support in ImageMagick (#506)
Arpit Jalan [Wed, 16 Dec 2020 18:22:47 +0000 (23:52 +0530)]
FIX: perform bundle install after modifying directory permissions (#504)
Alan Guo Xiang Tan [Tue, 15 Dec 2020 01:11:07 +0000 (09:11 +0800)]
Remove `host_run` from `launcher`. (#498)
This is legacy code that we no longer use and support.
Jeff Wong [Sat, 12 Dec 2020 02:18:42 +0000 (16:18 -1000)]
Remove git pull (#503)
Sam [Fri, 11 Dec 2020 06:29:24 +0000 (17:29 +1100)]
Revert git command changes (#502)
* Revert "FIX: reset takes the full slash path (#501)"
This reverts commit
bf223b05427d432d6ab313eb7740d42caa989c6a.
* Revert "FIX: Run reset and clean after checkout (#500)"
This reverts commit
bc380c73eef970e57195159a654edd2b14fb633b.
* Revert "FIX: remove pull for Discourse core (#499)"
This reverts commit
0ab1da11598467b944182748b8e8c6d363093544.
Jeff Wong [Fri, 11 Dec 2020 02:19:06 +0000 (16:19 -1000)]
FIX: reset takes the full slash path (#501)
Jeff Wong [Fri, 11 Dec 2020 01:53:58 +0000 (15:53 -1000)]
FIX: Run reset and clean after checkout (#500)
shallow fetching and resetting may result in a dirty working tree.
Ensure we have a clean working tree by running the reset and clean after the
fetch.
Previously, we needed the clean and reset before the PULL, to ensure a clean
pull, but since we are using fetch + checkout (which does not result in a
merge if dirty) we might end up with a dirty repo after the checkout, such
as if a clone remote has a different master branch than core.
Jeff Wong [Fri, 11 Dec 2020 01:11:53 +0000 (15:11 -1000)]
FIX: remove pull for Discourse core (#499)
We are already shallow-fetching a few lines below. A pull with a shallow
clone can be dangerous if Discourse is using a different repository
or version, as that potentially results in more data being pulled or a
dirty merge with a different upstream.
Remove the pull and rely only on the fetch and checkout.
Michael Fitz-Payne [Wed, 9 Dec 2020 02:28:04 +0000 (12:28 +1000)]
postgres.10.template: purge postgres-13 rather than 12. (#497)
This purge command was missed and caused issues with the database
starting up correctly in some cases. Postgres-12 is no longer in the
base image so this wouldn't be doing anything.
Rafael dos Santos Silva [Tue, 8 Dec 2020 18:28:31 +0000 (15:28 -0300)]
New image with fix for CVE-2020-1971 (#496)
Rafael dos Santos Silva [Tue, 8 Dec 2020 18:10:16 +0000 (15:10 -0300)]
Fix dev image to work with pg13 (#495)
Régis Hanol [Tue, 8 Dec 2020 11:08:43 +0000 (12:08 +0100)]
FIX: prompt to remove old psql data defaults to 'N'
Michael Fitz-Payne [Mon, 7 Dec 2020 22:50:50 +0000 (08:50 +1000)]
launcher: update base image for postgres 13 update. (#494)
Michael Fitz-Payne [Mon, 7 Dec 2020 22:00:08 +0000 (08:00 +1000)]
Update base image and default to postgres 13. (#493)
FEATURE: update to PostgreSQL 13.
* postgres.template.yml: update to new major version of 13.
This changes the default postgres version to 13 for the postgres
template.
* images/base: bump postgres to version 13.
* postgres.13.template.yml: add postgres 13 template.
* postgres.12.template: add step to remove pg 13 install.
* launcher: increase timeout allowed for docker stop.
With large databases Postgres may take some time to stop gracefully, so
increase the allowed timeout.
* launcher: use temporary pg13 image while build is running.
Note this will be updated once the image change lands in master.
Rafael dos Santos Silva [Thu, 26 Nov 2020 21:04:23 +0000 (18:04 -0300)]
Bump default base image
Michael Brown [Thu, 26 Nov 2020 04:51:48 +0000 (23:51 -0500)]
Handle the case where IPv6 is also used (#480)
* We want web.ssl.template.yml to handle the IPv6 case as well