diff --git a/pipeline/PersistentVolumeCDCI.yaml b/pipeline/PersistentVolumeCDCI.yaml new file mode 100644 index 0000000..fe4f187 --- /dev/null +++ b/pipeline/PersistentVolumeCDCI.yaml @@ -0,0 +1,29 @@ +kind: PersistentVolume +apiVersion: v1 +metadata: + name: cdci-roundcubemail-pvc-volume + namespace: cdci-librecloud-online + labels: + type: local +spec: + storageClassName: manual + persistentVolumeReclaimPolicy: Delete + capacity: + storage: 1Gi + accessModes: + - ReadWriteOnce + hostPath: + path: "/mnt/cdci" +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: cdci-roundcubemail-pvc + namespace: cdci-librecloud-online +spec: + storageClassName: manual + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/pipeline/down.sh b/pipeline/down.sh new file mode 100755 index 0000000..28f48ff --- /dev/null +++ b/pipeline/down.sh @@ -0,0 +1,6 @@ +#/bin/bash +kubectl delete -f pipeline-run.yaml 2>/dev/null +kubectl delete -f pipeline.yaml 2>/dev/null +kubectl delete -f task.yaml 2>/dev/null +kubectl delete -f PersistentVolumeCDCI.yaml 2>/dev/null +kubectl delete -f pipe-resource.yaml 2>/dev/null diff --git a/pipeline/pipe-resource.yaml b/pipeline/pipe-resource.yaml new file mode 100644 index 0000000..7980ae9 --- /dev/null +++ b/pipeline/pipe-resource.yaml @@ -0,0 +1,24 @@ +apiVersion: tekton.dev/v1alpha1 +kind: PipelineResource +metadata: + name: librecloud-roundcubemail-img + namespace: cdci-librecloud-online +spec: + type: image + params: + - name: url + value: termas.librecloud.online/termas_librecloud/roundcubemail:1.4.6 +--- +apiVersion: tekton.dev/v1alpha1 +kind: PipelineResource +metadata: + name: librecloud-roundcubemail-git + namespace: cdci-librecloud-online +spec: + type: git + params: + - name: revision + value: master + - name: url + value: https://rlung.librecloud.online/Termas_LibreCloud/roundcubemail.git + diff --git a/pipeline/pipeline-run.yaml b/pipeline/pipeline-run.yaml new file mode 100644 index 0000000..4bf9d04 --- /dev/null +++ b/pipeline/pipeline-run.yaml @@ -0,0 +1,22 @@ +apiVersion: tekton.dev/v1alpha1 +kind: PipelineRun +metadata: + name: cdci-roundcubemail + namespace: cdci-librecloud-online +spec: + serviceAccountName: build-bot + pipelineRef: + name: cdci-roundcubemail + # podTemplate: + #volumes: + #- name: cdci-volume + # #emptyDir: {} + # persistentVolumeClaim: + # claimName: cdci-roundcubemail-pvc + resources: + - name: source-repo + resourceRef: + name: librecloud-roundcubemail-git + - name: target-image + resourceRef: + name: librecloud-roundcubemail-img diff --git a/pipeline/pipeline.yaml b/pipeline/pipeline.yaml new file mode 100644 index 0000000..7be2a7e --- /dev/null +++ b/pipeline/pipeline.yaml @@ -0,0 +1,32 @@ +apiVersion: tekton.dev/v1alpha1 +kind: Pipeline +metadata: + name: cdci-roundcubemail + namespace: cdci-librecloud-online +spec: + #serviceAccount: build-bot + resources: + - name: source-repo + type: git + #resourceRef: + # name: librecloud-roundcubemail-git + - name: target-image + type: image + #resourceRef: + # name: librecloud-roundcubemail-img + tasks: + - name: build-roundcubemail-img + taskRef: + name: roundcubemail-build-image-from-git-source + params: + - name: pathToDockerFile + value: /workspace/source/src + - name: pathToContext + value: /workspace/source/src #configure: may change according to your source + resources: + inputs: + - name: source + resource: source-repo + outputs: + - name: builtImage + resource: target-image diff --git a/pipeline/task.yaml b/pipeline/task.yaml new file mode 100644 index 0000000..e8d6c1a --- /dev/null +++ b/pipeline/task.yaml @@ -0,0 +1,91 @@ +apiVersion: tekton.dev/v1alpha1 +kind: Task +metadata: + name: roundcubemail-build-image-from-git-source + namespace: cdci-librecloud-online +spec: + #serviceAccount: build-bot + inputs: + params: + - name: pathToDockerFile + type: string + description: The path to the dockerfile to build + default: /workspace/source/src/Dockerfile + - name: pathToContext + type: string + description: + The build context used by Kaniko + (https://github.com/GoogleContainerTools/kaniko#kaniko-build-contexts) + default: /workspace/source/src + - name: DOCKERFILE + type: string + description: The name of the Dockerfile + default: "Dockerfile" + - name: BUILDKIT_CLIENT_IMAGE + type: string + description: The name of the BuildKit client (buildctl) image + + default: "docker.io/moby/buildkit:master-rootless" + - name: BUILDKIT_DAEMON_ADDRESS + type: string + description: The address of the BuildKit daemon (buildkitd) service + default: "tcp://buildkitd:1234" + resources: + - name: source + type: git + outputs: + resources: + - name: builtImage + type: image + volumes: + + - name: dckr-cfg-volume + secret: + secretName: regcred + - name: ssh-volume + secret: + secretName: ssh-key + - name: certs + secret: + secretName: buildkit-client-certs + + steps: + - name: build-and-push + image: $(inputs.params.BUILDKIT_CLIENT_IMAGE) + + + workingDir: /workspace/source + + command: [ "buildctl" ] + args: + - --tlscacert + - /certs/ca.pem + - --tlscert + - /certs/cert.pem + - --tlskey + - /certs/key.pem + - --debug + - --addr=$(inputs.params.BUILDKIT_DAEMON_ADDRESS) + - build + - --progress=plain + - --frontend=dockerfile.v0 + - --opt + - filename=$(inputs.params.DOCKERFILE) + - --local + - context=$(inputs.params.pathToContext) + - --local + - dockerfile=$(inputs.params.pathToDockerFile) + - --output + - type=image,name=$(outputs.resources.builtImage.url),push=true + - --export-cache + - type=inline + - --import-cache + - type=registry,ref=$(outputs.resources.builtImage.url) + volumeMounts: + - name: certs + readOnly: true + mountPath: /certs + - name: ssh-volume + readOnly: true + mountPath: /.ssh + diff --git a/pipeline/up.sh b/pipeline/up.sh new file mode 100755 index 0000000..141a9b4 --- /dev/null +++ b/pipeline/up.sh @@ -0,0 +1,24 @@ +#/bin/bash +FOLLOW_UP="yes" +NS_DOMAIN="cdci-librecloud-online" +PIPELINE_NAME="cdci-roundcubemail" +[ "$1" == "-s" ] && FOLLOW_UP="" +is_running=`kubectl get pods -n $NS_DOMAIN | grep $PIPELINE_NAME 2>/dev/null` +if [ -n "$is_running" ] ; then + kubectl delete -f pipeline-run.yaml 2>/dev/null + kubectl delete -f pipeline.yaml 2>/dev/null + kubectl delete -f task.yaml 2>/dev/null + kubectl delete -f pipe-resource.yaml 2>/dev/null +fi +kubectl delete -f PersistentVolumeCDCI.yaml 2>/dev/null +kubectl create -f PersistentVolumeCDCI.yaml +#. lib_dply.sh +#make_host_alias task +kubectl apply -f pipe-resource.yaml +kubectl apply -f task.yaml +kubectl apply -f pipeline.yaml +kubectl apply -f pipeline-run.yaml +if [ -n "$FOLLOW_UP" ] ; then + has_tkn=`type tkn 2>/dev/null` + [ -n "$has_tkn" ] && tkn pipelinerun logs -f $PIPELINE_NAME -n $NS_DOMAIN +fi diff --git a/repo-config.yaml b/repo-config.yaml new file mode 100644 index 0000000..1706820 --- /dev/null +++ b/repo-config.yaml @@ -0,0 +1,14 @@ +Active: true +# Active: false # to not follow up webhook workflow + +# Sources for src file +Repo: https://github.com/roundcube/roundcubemail-docker.git +Source: roundcubemail-docker/fpm-alpine + +# Name - Version, etc +Name: roundcubemail +Version: 1.4.6 + +# To get latest +IMAGE_NAME: roundcube/roundcubemail +IMAGE_MATCH: 1.4 diff --git a/src/Dockerfile b/src/Dockerfile new file mode 100644 index 0000000..3881827 --- /dev/null +++ b/src/Dockerfile @@ -0,0 +1,86 @@ +FROM php:7.3-fpm-alpine +LABEL maintainer="Thomas Bruederli " + +# entrypoint.sh and cron.sh dependencies +RUN set -ex; \ + \ + apk add --no-cache \ + bash \ + coreutils \ + tzdata + +RUN set -ex; \ + \ + apk add --no-cache --virtual .build-deps \ + icu-dev \ + libjpeg-turbo-dev \ + libpng-dev \ + libzip-dev \ + openldap-dev \ + postgresql-dev \ + sqlite-dev \ + ; \ + \ + docker-php-ext-configure gd --with-png-dir=/usr --with-jpeg-dir=/usr; \ + docker-php-ext-configure ldap; \ + docker-php-ext-install \ + exif \ + gd \ + intl \ + ldap \ + pdo_mysql \ + pdo_pgsql \ + pdo_sqlite \ + zip \ + ; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )"; \ + apk add --virtual .roundcubemail-phpext-rundeps $runDeps; \ + apk del .build-deps + +# expose these volumes +#VOLUME /var/roundcube/config +#VOLUME /var/roundcube/db +#VOLUME /var/www/html +#VOLUME /tmp/roundcube-temp + +# Define Roundcubemail version +ENV ROUNDCUBEMAIL_VERSION 1.4.6 + +# Download package and extract to web volume +RUN set -ex; \ + apk add --no-cache --virtual .fetch-deps \ + gnupg \ + ; \ + \ + curl -o roundcubemail.tar.gz -fSL https://github.com/roundcube/roundcubemail/releases/download/${ROUNDCUBEMAIL_VERSION}/roundcubemail-${ROUNDCUBEMAIL_VERSION}-complete.tar.gz; \ + curl -o roundcubemail.tar.gz.asc -fSL https://github.com/roundcube/roundcubemail/releases/download/${ROUNDCUBEMAIL_VERSION}/roundcubemail-${ROUNDCUBEMAIL_VERSION}-complete.tar.gz.asc; \ + export GNUPGHOME="$(mktemp -d)"; \ + # workaround for "Cannot assign requested address", see e.g. https://github.com/inversepath/usbarmory-debian-base_image/issues/9 + echo "disable-ipv6" > "$GNUPGHOME/dirmngr.conf"; \ + # ha.pool.sks-keyservers.net seems to be unreliable, use pgp.mit.edu as fallback + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys F3E4C04BB3DB5D4215C45F7F5AB2BAA141C4F7D5 || gpg --batch --keyserver pgp.mit.edu --recv-keys F3E4C04BB3DB5D4215C45F7F5AB2BAA141C4F7D5; \ + gpg --batch --verify roundcubemail.tar.gz.asc roundcubemail.tar.gz; \ + tar -xf roundcubemail.tar.gz -C /usr/src/; \ + gpgconf --kill all; \ + rm -r "$GNUPGHOME" roundcubemail.tar.gz.asc roundcubemail.tar.gz; \ + # upstream tarballs include ./roundcubemail-${ROUNDCUBEMAIL_VERSION}/ so this gives us /usr/src/roundcubemail-${ROUNDCUBEMAIL_VERSION} + mv /usr/src/roundcubemail-${ROUNDCUBEMAIL_VERSION} /usr/src/roundcubemail; \ + rm -rf /usr/src/roundcubemail/installer; \ + apk del .fetch-deps + +# include the wait-for-it.sh script +RUN curl -fL https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh > /wait-for-it.sh && chmod +x /wait-for-it.sh + +# use custom PHP settings +COPY php.ini /usr/local/etc/php/conf.d/roundcube-defaults.ini + +COPY docker-entrypoint.sh / + +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["php-fpm"] diff --git a/src/docker-compose.yml b/src/docker-compose.yml new file mode 100644 index 0000000..dac7526 --- /dev/null +++ b/src/docker-compose.yml @@ -0,0 +1,102 @@ +version: "2" + +services: + roundcube: + build: ./ + container_name: roundcube + #restart: always + depends_on: + - roundcubedb + links: + - roundcubedb + ports: + - 9000:9000 + volumes: + - /srv/roundcube/html:/var/www/html + environment: + - ROUNDCUBEMAIL_DB_TYPE=pgsql + - ROUNDCUBEMAIL_DB_HOST=roundcubedb # same as pgsql container name + - ROUNDCUBEMAIL_DB_NAME=roundcube # same as pgsql POSTGRES_DB env name + - ROUNDCUBEMAIL_DB_USER=roundcube # same as pgsql POSTGRES_USER env name + - ROUNDCUBEMAIL_DB_PASSWORD=roundcube # same as pgsql POSTGRES_PASSWORD env name + + roundcubedb: + image: postgres:latest + container_name: roundcubedb + restart: always + ports: + - 5432:5432 + volumes: + - /srv/roundcube/db:/var/lib/postgresql/data + environment: + - POSTGRES_DB=roundcube + - POSTGRES_USER=roundcube + - POSTGRES_PASSWORD=roundcube + + roundcubenginx: + image: nginx:latest + container_name: roundcubenginx + restart: always + ports: + - 80:80 + # If you need SSL connection + # - '443:443' + depends_on: + - roundcube + links: + - roundcube + volumes: + - /srv/roundcube/html:/var/www/html + # TODO Provide a custom nginx conf + #- ./nginx.conf:/etc/nginx/nginx.conf:ro + # If you need SSL connection, you can provide your own certificates + # - ./certs:/etc/letsencrypt + # - ./certs-data:/data/letsencrypt + environment: + - NGINX_HOST=localhost # set your local domain or your live domain + # - NGINX_CGI=roundcube:9000 # same as roundcube container name + + # Sample mail server to use with RoundCube: https://github.com/tomav/docker-mailserver +# mailserver: +# image: tvial/docker-mailserver:latest +# hostname: mail +# domainname: +# container_name: mail +# restart: always +# ports: +# # receiving email from other mailservers +# - "25:25" +# # SSL & TLS Client email submission (SMTP) +# - "465:465" +# - "587:587" +# # StartTLS & TLS/SSL IMAP client +# - "143:143" +# - "993:993" +# # POP3 & TLS/SSL POP3 client +# - "110:110" +# - "995:995" +# # Manage Sieve port +# - "4190:4190" +# environment: +# - DMS_DEBUG=0 +# - ONE_DIR=1 +# - ENABLE_CLAMAV=1 +# - ENABLE_FAIL2BAN=1 +# - ENABLE_POSTGREY=1 +# - ENABLE_MANAGESIEVE=1 +# # If you need SSL connection, you can provide your own certificates +# #- SSL_TYPE=manual +# #- SSL_CERT_PATH=/etc/letsencrypt/fullchain.pem +# #- SSL_KEY_PATH=/etc/letsencrypt/privkey.pem +# cap_add: +# - NET_ADMIN +# - SYS_PTRACE +# volumes: +# - /srv/mail/data:/var/mail +# - /srv/mail/state:/var/mail-state +# # For proper delivery, generate DKIM keys in /srv/mail/setup +# - /srv/mail/setup:/tmp/docker-mailserver +# - /etc/localtime:/etc/localtime:ro +# - /etc/timezone:/etc/timezone:ro +# # If you need SSL connection, you can provide your own certificates +# # - ./certs:/etc/letsencrypt diff --git a/src/docker-entrypoint.sh b/src/docker-entrypoint.sh new file mode 100755 index 0000000..4a45bee --- /dev/null +++ b/src/docker-entrypoint.sh @@ -0,0 +1,109 @@ +#!/bin/bash +# set -ex + +# PWD=`pwd` + +if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then + if ! [ -e index.php -a -e bin/installto.sh ]; then + echo >&2 "roundcubemail not found in $PWD - copying now..." + if [ "$(ls -A)" ]; then + echo >&2 "WARNING: $PWD is not empty - press Ctrl+C now if this is an error!" + ( set -x; ls -A; sleep 10 ) + fi + tar cf - --one-file-system -C /usr/src/roundcubemail . | tar xf - + echo >&2 "Complete! ROUNDCUBEMAIL has been successfully copied to $PWD" + fi + + if [ -f /run/secrets/roundcube_db_user ]; then + ROUNDCUBEMAIL_DB_USER=`cat /run/secrets/roundcube_db_user` + fi + if [ -f /run/secrets/roundcube_db_password ]; then + ROUNDCUBEMAIL_DB_PASSWORD=`cat /run/secrets/roundcube_db_password` + fi + + if [ ! -z "${!POSTGRES_ENV_POSTGRES_*}" ] || [ "$ROUNDCUBEMAIL_DB_TYPE" == "pgsql" ]; then + : "${ROUNDCUBEMAIL_DB_TYPE:=pgsql}" + : "${ROUNDCUBEMAIL_DB_HOST:=postgres}" + : "${ROUNDCUBEMAIL_DB_PORT:=5432}" + : "${ROUNDCUBEMAIL_DB_USER:=${POSTGRES_ENV_POSTGRES_USER}}" + : "${ROUNDCUBEMAIL_DB_PASSWORD:=${POSTGRES_ENV_POSTGRES_PASSWORD}}" + : "${ROUNDCUBEMAIL_DB_NAME:=${POSTGRES_ENV_POSTGRES_DB:-roundcubemail}}" + : "${ROUNDCUBEMAIL_DSNW:=${ROUNDCUBEMAIL_DB_TYPE}://${ROUNDCUBEMAIL_DB_USER}:${ROUNDCUBEMAIL_DB_PASSWORD}@${ROUNDCUBEMAIL_DB_HOST}:${ROUNDCUBEMAIL_DB_PORT}/${ROUNDCUBEMAIL_DB_NAME}}" + + /wait-for-it.sh ${ROUNDCUBEMAIL_DB_HOST}:${ROUNDCUBEMAIL_DB_PORT} -t 30 + elif [ ! -z "${!MYSQL_ENV_MYSQL_*}" ] || [ "$ROUNDCUBEMAIL_DB_TYPE" == "mysql" ]; then + : "${ROUNDCUBEMAIL_DB_TYPE:=mysql}" + : "${ROUNDCUBEMAIL_DB_HOST:=mysql}" + : "${ROUNDCUBEMAIL_DB_PORT:=3306}" + : "${ROUNDCUBEMAIL_DB_USER:=${MYSQL_ENV_MYSQL_USER:-root}}" + if [ "$ROUNDCUBEMAIL_DB_USER" = 'root' ]; then + : "${ROUNDCUBEMAIL_DB_PASSWORD:=${MYSQL_ENV_MYSQL_ROOT_PASSWORD}}" + else + : "${ROUNDCUBEMAIL_DB_PASSWORD:=${MYSQL_ENV_MYSQL_PASSWORD}}" + fi + : "${ROUNDCUBEMAIL_DB_NAME:=${MYSQL_ENV_MYSQL_DATABASE:-roundcubemail}}" + : "${ROUNDCUBEMAIL_DSNW:=${ROUNDCUBEMAIL_DB_TYPE}://${ROUNDCUBEMAIL_DB_USER}:${ROUNDCUBEMAIL_DB_PASSWORD}@${ROUNDCUBEMAIL_DB_HOST}:${ROUNDCUBEMAIL_DB_PORT}/${ROUNDCUBEMAIL_DB_NAME}}" + + /wait-for-it.sh ${ROUNDCUBEMAIL_DB_HOST}:${ROUNDCUBEMAIL_DB_PORT} -t 30 + else + # use local SQLite DB in /var/www/html/db + : "${ROUNDCUBEMAIL_DB_TYPE:=sqlite}" + : "${ROUNDCUBEMAIL_DB_DIR:=$PWD/db}" + : "${ROUNDCUBEMAIL_DB_NAME:=sqlite}" + : "${ROUNDCUBEMAIL_DSNW:=${ROUNDCUBEMAIL_DB_TYPE}:///$ROUNDCUBEMAIL_DB_DIR/${ROUNDCUBEMAIL_DB_NAME}.db?mode=0646}" + + mkdir -p $ROUNDCUBEMAIL_DB_DIR + chown www-data:www-data $ROUNDCUBEMAIL_DB_DIR + fi + + : "${ROUNDCUBEMAIL_DEFAULT_HOST:=localhost}" + : "${ROUNDCUBEMAIL_DEFAULT_PORT:=143}" + : "${ROUNDCUBEMAIL_SMTP_SERVER:=localhost}" + : "${ROUNDCUBEMAIL_SMTP_PORT:=587}" + : "${ROUNDCUBEMAIL_PLUGINS:=archive,zipdownload}" + : "${ROUNDCUBEMAIL_SKIN:=larry}" + : "${ROUNDCUBEMAIL_TEMP_DIR:=/tmp/roundcube-temp}" + + if [ ! -e config/config.inc.php ]; then + ROUNDCUBEMAIL_PLUGINS_PHP=`echo "${ROUNDCUBEMAIL_PLUGINS}" | sed -E "s/[, ]+/', '/g"` + ROUNDCUBEMAIL_DES_KEY=`test -f /run/secrets/roundcube_des_key && cat /run/secrets/roundcube_des_key || head /dev/urandom | base64 | head -c 24` + touch config/config.inc.php + + echo "Write config to $PWD/config/config.inc.php" + echo " config/config.inc.php + + for fn in `ls /var/roundcube/config/*.php 2>/dev/null || true`; do + echo "include('$fn');" >> config/config.inc.php + done + + # initialize DB if not SQLite + echo "${ROUNDCUBEMAIL_DSNW}" | grep -q 'sqlite:' || bin/initdb.sh --dir=$PWD/SQL || bin/updatedb.sh --dir=$PWD/SQL --package=roundcube || echo "Failed to initialize databse. Please run $PWD/bin/initdb.sh manually." + else + echo "WARNING: $PWD/config/config.inc.php already exists." + echo "ROUNDCUBEMAIL_* environment variables have been ignored." + fi + + if [ ! -z "${ROUNDCUBEMAIL_TEMP_DIR}" ]; then + mkdir -p ${ROUNDCUBEMAIL_TEMP_DIR} && chown www-data ${ROUNDCUBEMAIL_TEMP_DIR} + fi + + if [ ! -z "${ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE}" ]; then + echo "upload_max_filesize=${ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE}" >> /usr/local/etc/php/conf.d/roundcube-override.ini + echo "post_max_size=${ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE}" >> /usr/local/etc/php/conf.d/roundcube-override.ini + fi +fi + +exec "$@" diff --git a/src/hooks/post_build b/src/hooks/post_build new file mode 100755 index 0000000..23a078e --- /dev/null +++ b/src/hooks/post_build @@ -0,0 +1,14 @@ +#!/bin/bash + +set -e + +tagStart=$(echo $IMAGE_NAME | awk '{print index($1,":")}') +repoName=${IMAGE_NAME:0:tagStart-1} +tagName=${IMAGE_NAME:tagStart:99} + +if [ "$tagName" = "latest-apache" ]; then + echo "Tagging $IMAGE_NAME as :latest" + + docker tag $IMAGE_NAME ${repoName}:latest + docker push ${repoName}:latest +fi diff --git a/src/php.ini b/src/php.ini new file mode 100644 index 0000000..7b2147d --- /dev/null +++ b/src/php.ini @@ -0,0 +1,10 @@ +memory_limit=64M +display_errors=Off +log_errors=On +upload_max_filesize=5M +post_max_size=6M +zlib.output_compression=Off +session.auto_start=Off +session.gc_maxlifetime=21600 +session.gc_divisor=500 +session.gc_probability=1