diff --git a/.github/workflows/4testing-build.yml b/.github/workflows/4testing-build.yml new file mode 100644 index 0000000..0716979 --- /dev/null +++ b/.github/workflows/4testing-build.yml @@ -0,0 +1,75 @@ +### This workflow setup instance then build and push images ### +name: 4testing multiarch-build + +on: + push: + tags: + - "v*" + - "!v*-stable" + +env: + COMPANY_NAME: "onlyoffice" + PRODUCT_NAME: "documentserver" + +jobs: + build: + name: Build + runs-on: ubuntu-latest + continue-on-error: ${{ matrix.condition }} + strategy: + matrix: + images: ["documentserver"] + edition: ["", "-ee", "-de"] + condition: [true] + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to Docker Hub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + - name: Get Tag Name + id: tag_name + run: | + echo ::set-output name=SOURCE_TAG::${GITHUB_REF#refs/tags/} + + - name: Build 4testing + run: | + DOCKER_TAG=$(echo ${{ steps.tag_name.outputs.SOURCE_TAG }} | sed 's/^.//' ) + PACKAGE_VERSION=$(echo $DOCKER_TAG | sed 's/\./-/3') + PACKAGE_URL=${{ secrets.REPO_URL }}${{ matrix.edition }}_"$PACKAGE_VERSION"_amd64.deb + STATUS=$(curl -s -o /dev/null -w "%{http_code}\n" "$PACKAGE_URL") + if [[ "$STATUS" = "200" ]]; then + echo "Have access to documentserver${{ matrix.edition }} amd64 arch >> check arm64 access" + else + echo "FAILED: Have no access to documentserver${{ matrix.edition }} amd64 arch" + exit 1 + fi + PACKAGE_URL=${{ secrets.REPO_URL }}${{ matrix.edition }}_"$PACKAGE_VERSION"_arm64.deb + STATUS=$(curl -s -o /dev/null -w "%{http_code}\n" "$PACKAGE_URL") + if [[ "$STATUS" = "200" ]]; then + echo "Have access to documentserver${{ matrix.edition }} arm64 arch" + echo "All architecture are available >> build is starting." + sed -i "s|http://download.onlyoffice.com/install/documentserver/linux/\${COMPANY_NAME}-\${PRODUCT_NAME}\${PRODUCT_EDITION}|${{ secrets.REPO_URL }}${{ matrix.edition }}_$PACKAGE_VERSION|g" Dockerfile + PRODUCT_EDITION=${{ matrix.edition }} COMPANY_NAME=${{ env.COMPANY_NAME }} \ + PRODUCT_NAME=${{ env.PRODUCT_NAME }} DOCKERFILE=Dockerfile \ + PREFIX_NAME=4testing- TAG=$DOCKER_TAG \ + docker buildx bake \ + -f docker-bake.hcl ${{ matrix.images }} \ + --push + echo "DONE: Build success >> exit with 0" + exit 0 + else + echo "FAILED: Have no access to some required architecture documentserver${{ matrix.edition }} >> Exit with 0." + exit 1 + fi + shell: bash diff --git a/.github/workflows/stable-build.yml b/.github/workflows/stable-build.yml new file mode 100644 index 0000000..7fd434a --- /dev/null +++ b/.github/workflows/stable-build.yml @@ -0,0 +1,67 @@ +### This workflow setup instance then build and push images ### +name: Multi-arch build stable + +on: + push: + tags: + - "v*-stable" + +env: + COMPANY_NAME: "onlyoffice" + PRODUCT_NAME: "documentserver" + +jobs: + build: + name: Build + runs-on: ubuntu-latest + continue-on-error: ${{ matrix.condition }} + strategy: + matrix: + images: ["documentserver-stable"] + edition: ["", "-ee", "-de"] + condition: [true] + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to Docker Hub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + - name: Get Tag Name + id: tag_name + run: | + echo ::set-output name=SOURCE_TAG::${GITHUB_REF#refs/tags/} + + - name: Build documentserver-release + run: | + TAG=$(echo ${{ steps.tag_name.outputs.SOURCE_TAG }} | sed 's/^.//; s/-stable//') + SHORTER_TAG=$(echo ${TAG} | grep -o -P '^[\d]+\.[\d]+\.[\d]+') + SHORTEST_TAG=$(echo ${TAG} | grep -o -P '^[\d]+\.[\d]+') + IMAGE_STATUS=$(docker manifest inspect ${{ env.COMPANY_NAME }}/4testing-${{ env.PRODUCT_NAME }}${{ matrix.edition }}:$TAG > /dev/null ; echo $?) + if [[ "$IMAGE_STATUS" = "0" ]]; then + echo "Image present on docker.hub >> start build stable version" + echo "FROM ${{ env.COMPANY_NAME }}/4testing-${{ env.PRODUCT_NAME }}${{ matrix.edition }}:$TAG as ${{ env.PRODUCT_NAME }}-stable" >> Dockerfile.stable + PRODUCT_EDITION=${{ matrix.edition }} PRODUCT_NAME=${{ env.PRODUCT_NAME }} \ + COMPANY_NAME=${{ env.COMPANY_NAME}} DOCKERFILE=Dockerfile.stable \ + TAG=$TAG \ + SHORTER_TAG=$SHORTER_TAG \ + SHORTEST_TAG=$SHORTEST_TAG \ + docker buildx bake \ + -f docker-bake.hcl ${{ matrix.images }} \ + --push + echo "DONE: Build success >> exit with 0" + exit 0 + else + echo "FAILED: Image with tag $TAG do not presented on docker.hub >> build will not started >> exit with 1" + exit 1 + fi + shell: bash diff --git a/Dockerfile b/Dockerfile index 69e2e2a..7405b2b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ -FROM ubuntu:20.04 +FROM ubuntu:22.04 as documentserver LABEL maintainer Ascensio System SIA -ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=12 +ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=14 ARG ONLYOFFICE_VALUE=onlyoffice @@ -71,12 +71,15 @@ COPY run-document-server.sh /app/ds/run-document-server.sh EXPOSE 80 443 +ARG TARGETARCH +ARG PRODUCT_EDITION= ARG COMPANY_NAME=onlyoffice ARG PRODUCT_NAME=documentserver -ARG PACKAGE_URL="http://download.onlyoffice.com/install/documentserver/linux/${COMPANY_NAME}-${PRODUCT_NAME}_amd64.deb" +ARG PACKAGE_URL="http://download.onlyoffice.com/install/documentserver/linux/${COMPANY_NAME}-${PRODUCT_NAME}${PRODUCT_EDITION}_$TARGETARCH.deb" ENV COMPANY_NAME=$COMPANY_NAME \ - PRODUCT_NAME=$PRODUCT_NAME + PRODUCT_NAME=$PRODUCT_NAME \ + PRODUCT_EDITION=$PRODUCT_EDITION RUN wget -q -P /tmp "$PACKAGE_URL" && \ apt-get -y update && \ diff --git a/README.md b/README.md index 18fb96e..a7bc84d 100644 --- a/README.md +++ b/README.md @@ -187,6 +187,7 @@ Below is the complete list of parameters that can be set using environment varia - **REDIS_SERVER_PORT**: The Redis server port number. - **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes. - **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process. +- **SECURE_LINK_SECRET**: Defines secret for the nginx config directive [secure_link_md5](http://nginx.org/ru/docs/http/ngx_http_secure_link_module.html#secure_link_md5). Defaults to `random string`. - **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `false`. - **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`. - **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`. diff --git a/docker-bake.hcl b/docker-bake.hcl new file mode 100644 index 0000000..04ed4a0 --- /dev/null +++ b/docker-bake.hcl @@ -0,0 +1,58 @@ +variable "TAG" { + default = "" +} + +variable "SHORTER_TAG" { + default = "" +} + +variable "SHORTEST_TAG" { + default = "" +} + +variable "COMPANY_NAME" { + default = "" +} + +variable "PREFIX_NAME" { + default = "" +} + +variable "PRODUCT_EDITION" { + default = "" +} + +variable "PRODUCT_NAME" { + default = "" +} + +variable "DOCKERFILE" { + default = "" +} + +target "documentserver" { + target = "documentserver" + dockerfile= "${DOCKERFILE}" + tags = ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}"] + platforms = ["linux/amd64", "linux/arm64"] + args = { + "PRODUCT_EDITION": "${PRODUCT_EDITION}" + "PRODUCT_NAME": "${PRODUCT_NAME}" + "COMPANY_NAME": "${COMPANY_NAME}" + } +} + +target "documentserver-stable" { + target = "documentserver-stable" + dockerfile= "${DOCKERFILE}" + tags = ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}", + "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTER_TAG}", + "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTEST_TAG}", + "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest"] + platforms = ["linux/amd64", "linux/arm64"] + args = { + "PRODUCT_EDITION": "${PRODUCT_EDITION}" + "PRODUCT_NAME": "${PRODUCT_NAME}" + "COMPANY_NAME": "${COMPANY_NAME}" + } +} diff --git a/run-document-server.sh b/run-document-server.sh index c8dcf39..2b2e386 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -37,7 +37,12 @@ if [ "${RELEASE_DATE}" != "${PREV_RELEASE_DATE}" ]; then fi fi -SSL_CERTIFICATES_DIR="${DATA_DIR}/certs" +SSL_CERTIFICATES_DIR="/usr/share/ca-certificates/ds" +mkdir -p ${SSL_CERTIFICATES_DIR} +cp -f ${DATA_DIR}/certs/* ${SSL_CERTIFICATES_DIR} +chmod 644 ${SSL_CERTIFICATES_DIR}/*.crt ${SSL_CERTIFICATES_DIR}/*.pem +chmod 400 ${SSL_CERTIFICATES_DIR}/*.key + if [[ -z $SSL_CERTIFICATE_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt ]]; then SSL_CERTIFICATE_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt else @@ -83,7 +88,7 @@ WOPI_ENABLED=${WOPI_ENABLED:-false} GENERATE_FONTS=${GENERATE_FONTS:-true} -if [[ ${PRODUCT_NAME} == "documentserver" ]]; then +if [[ ${PRODUCT_NAME}${PRODUCT_EDITION} == "documentserver" ]]; then REDIS_ENABLED=false else REDIS_ENABLED=true @@ -468,6 +473,8 @@ update_nginx_settings(){ if [ -f "${NGINX_ONLYOFFICE_EXAMPLE_CONF}" ]; then sed 's/linux/docker/' -i ${NGINX_ONLYOFFICE_EXAMPLE_CONF} fi + + documentserver-update-securelink.sh -s ${SECURE_LINK_SECRET:-$(pwgen -s 20)} -r false } update_supervisor_settings(){ @@ -503,7 +510,7 @@ for i in ${DS_LIB_DIR}/App_Data/cache/files ${DS_LIB_DIR}/App_Data/docbuilder ${ done # change folder rights -for i in ${LOG_DIR} ${LIB_DIR} ${DATA_DIR}; do +for i in ${LOG_DIR} ${LIB_DIR}; do chown -R ds:ds "$i" chmod -R 755 "$i" done