bump to 0.8.0+v0.18.0

- drive-frontend/backend: v0.12.0 → v0.18.0 - collabora/code: 25.04.9.1.1 → 25.04.9.4.1 - onlyoffice/documentserver-de: 9.2 → 9.3.1.2 - redis: 8 → 8.6.3 (pinned) - nginx: 1.29 → 1.30.0 - add optional env vars: DJANGO_EMAIL_URL_APP, DJANGO_CSRF_TRUSTED_ORIGINS, DATA_UPLOAD_MAX_MEMORY_SIZE
Merge pull request '0.7.1v0.12.0' (#4 ) from 0.7.1v0.12.0 into main
2026-05-11 19:52:46 +00:00 · 2026-02-20 14:22:44 +00:00 · 2026-02-20 14:20:07 +00:00 · 2026-02-20 14:19:59 +00:00 · 2026-02-18 16:57:01 +00:00 · 2026-02-18 16:56:37 +00:00
8 changed files with 124 additions and 37 deletions
--- a/.env.sample
+++ b/.env.sample
@ -28,6 +28,8 @@ SECRET_MINIO_RU_VERSION=v1
 SECRET_POSTGRES_P_VERSION=v1
 # DJANGO_HOST_EMAIL_PASSWORD
 SECRET_EMAIL_PASS_VERSION=v1
+# COLLABORA_ADMIN_PASSWORD
+SECRET_COLLABORA_P_VERSION=v1

 ##############################################################################
 # EMAIL
@ -65,3 +67,25 @@ OIDC_AUTH_REQUEST_EXTRA_PARAMS='{"acr_values": "eidas1"}'
 LOGGING_LEVEL_HANDLERS_CONSOLE=INFO
 LOGGING_LEVEL_LOGGERS_ROOT=INFO
 LOGGING_LEVEL_LOGGERS_APP=INFO
+
+##############################################################################
+# COLLABORA ADMIN PANEL
+##############################################################################
+# Username for the Collabora admin panel (https://COLLABORA_DOMAIN/browser/dist/admin/admin.html)
+# Password is managed via Docker secret 'collabora_p'
+#COLLABORA_ADMIN_USERNAME=admin
+
+##############################################################################
+# BACKUPS
+##############################################################################
+# Set to false to disable backup-bot labels (default: true)
+#ENABLE_BACKUPS=true
+
+##############################################################################
+# WOPI SCHEDULING
+##############################################################################
+# Celery Beat crontab for the WOPI configuration task (default: daily at 3:00 AM)
+#WOPI_CONFIGURATION_CRONTAB_MINUTE=0
+#WOPI_CONFIGURATION_CRONTAB_HOUR=3
+#WOPI_CONFIGURATION_CRONTAB_DAY_OF_MONTH=*
+#WOPI_CONFIGURATION_CRONTAB_MONTH_OF_YEAR=*
--- a/README.md
+++ b/README.md
@ -7,11 +7,11 @@
 * **Category**: Apps
 * **Status**: 2
 * **Image**: [`lasuite/drive`](https://hub.docker.com/r/lasuite/drive), 4, upstream
-* **Healthcheck**: No
-* **Backups**: No
-* **Email**: 3
+* **Healthcheck**: Yes
+* **Backups**: Yes
+* **Email**: Yes
 * **Tests**: No
-* **SSO**: 3
+* **SSO**: Yes

 <!-- endmetadata -->

@ -28,11 +28,14 @@ This recipe requires four domains. One domain for drive, and one for minio which
     - make sure to set MINIO_DOMAIN, COLLABORA_DOMAIN, ONLY_OFFICE_DOMAIN to the domains you set up for each. 
 * `abra app deploy <app-name>`
 * `abra app cmd <app-name> backend migrate` # creates database tables
-* `abra app cmd <app-name> backend trigger_wopi` # connects only office & collabora (if they stop working, try running this again)
 * `abra app restart <app-name> minio-createbuckets` (Note: this will appear to fail, but probably worked! Check `abra app logs <app-name> minio-createbuckets`)

 You should then be able to visit the landing page of your app, but not yet to login. To login, you need to deploy and integrate single sign on (described below in the "Configure Authentication" section). 

+Wopi discovery is supposed to happen automatically, but if collabora/onlyoffice are not connecting, you can try running:
+
+* `abra app cmd <app-name> backend trigger_wopi` # connects only office & collabora (if they stop working, try running this again)
+

 ## Configure Authentication

@ -66,7 +69,7 @@ OIDC_RP_CLIENT_ID=<yourkeycloakclientid>
 then redeploy drive:
 `abra app deploy <app-name> --force`

-at this point, when you go to your drive url, you shoud then be able to click "login" and login with the username and password for the user you created in keycloak.
+at this point, when you go to your drive url, you should then be able to click "login" and login with the username and password for the user you created in keycloak.

 you can make additional users in keycloak for this "client" and they will all be able to login to drive and collaborate. 

--- a/abra-entrypoint.sh
+++ b/abra-entrypoint.sh
@ -11,5 +11,12 @@ set -e

 # if not in "env" mode, then execute the original entrypoint and command
 if [ ! "$1" = "-e" ]; then
+  # Run WOPI configuration on startup if enabled (celery worker service only).
+  # This ensures WOPI clients are configured immediately after each deploy,
+  # rather than waiting for the next celery-beat cron tick (default: 3 AM).
+  if [ "${RUN_WOPI_ON_STARTUP:-}" = "true" ]; then
+    echo "🐳(entrypoint) running WOPI configuration on startup..."
+    python manage.py trigger_wopi_configuration || echo "⚠ WOPI configuration failed (non-fatal, will retry on schedule)"
+  fi
  exec "$@"
 fi
--- a/abra.sh
+++ b/abra.sh
@ -1,9 +1,9 @@
 # Set any config versions here
 # Docs: https://docs.coopcloud.tech/maintainers/handbook/#manage-configs
-export ABRA_ENTRYPOINT_VERSION=v5
+export ABRA_ENTRYPOINT_VERSION=v11
 export NGINX_CONF_VERSION=v6
 export ONLYOFFICE_CONF_VERSION=v2
-export PG_BACKUP_VERSION=v3
+export PG_BACKUP_VERSION=v4

 environment() {
  # this exports all the secrets as environment variables
--- a/compose.yml
+++ b/compose.yml
@ -27,6 +27,9 @@ x-common-env: &common-env
  DJANGO_EMAIL_USE_SSL:
  DJANGO_EMAIL_USE_TLS:
  DJANGO_EMAIL_FROM:
+  DJANGO_EMAIL_URL_APP:
+  DJANGO_CSRF_TRUSTED_ORIGINS:
+  DATA_UPLOAD_MAX_MEMORY_SIZE:
  # Backend url
  DRIVE_BASE_URL: "https://${DOMAIN}"
  # Media
@ -66,6 +69,11 @@ x-common-env: &common-env
  WOPI_COLLABORA_DISCOVERY_URL: "https://${COLLABORA_DOMAIN}/hosting/discovery"
  WOPI_ONLYOFFICE_DISCOVERY_URL: "https://${ONLY_OFFICE_DOMAIN}/hosting/discovery"
  WOPI_SRC_BASE_URL: "https://${DOMAIN}"
+  # WOPI scheduling (Celery Beat crontab for WOPI configuration task)
+  WOPI_CONFIGURATION_CRONTAB_MINUTE: ${WOPI_CONFIGURATION_CRONTAB_MINUTE:-0}
+  WOPI_CONFIGURATION_CRONTAB_HOUR: ${WOPI_CONFIGURATION_CRONTAB_HOUR:-3}
+  WOPI_CONFIGURATION_CRONTAB_DAY_OF_MONTH: ${WOPI_CONFIGURATION_CRONTAB_DAY_OF_MONTH:-*}
+  WOPI_CONFIGURATION_CRONTAB_MONTH_OF_YEAR: ${WOPI_CONFIGURATION_CRONTAB_MONTH_OF_YEAR:-*}

 x-postgres-env: &postgres-env
  # Postgresql db container configuration
@ -87,14 +95,14 @@ services:

  app:
    user: "${DOCKER_USER:-1000}"
-    image: lasuite/drive-frontend:v0.10.1
+    image: lasuite/drive-frontend:v0.18.0
    networks:
      - backend
    deploy:
      labels:
        - "traefik.enable=false"
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
-        - "coop-cloud.${STACK_NAME}.version=0.2.5+v0.10.1"
+        - "coop-cloud.${STACK_NAME}.version=0.8.0+v0.18.0"
    environment:
      <<: [ *common-env ]
    healthcheck:
@ -108,8 +116,7 @@ services:

  backend:
    user: ${DOCKER_USER:-1000}
-#    image: lasuite/drive-backend:v0.10.1
-    image: lasuite/drive-backend:main
+    image: lasuite/drive-backend:v0.18.0
    command: [ "gunicorn", "-c", "/usr/local/etc/gunicorn/drive.py", "drive.wsgi:application" ]
    entrypoint: [ "/abra-entrypoint.sh", "/usr/local/bin/entrypoint" ]
    environment:
@ -133,11 +140,33 @@ services:

  celery:
    user: ${DOCKER_USER:-1000}
-    image: lasuite/drive-backend:v0.10.1
+    image: lasuite/drive-backend:v0.18.0
    networks:
      - backend
    command: [ "celery", "-A", "drive.celery_app", "worker", "-l", "INFO" ]
    entrypoint: ["/abra-entrypoint.sh", "/usr/local/bin/entrypoint"]
+    environment:
+      <<: [*common-env, *postgres-env]
+      RUN_WOPI_ON_STARTUP: "true"
+    configs:
+      - source: abra_entrypoint
+        target: /abra-entrypoint.sh
+        mode: 0555
+    secrets:
+      - django_sk
+      - django_sp
+      - oidc_rpcs
+      - minio_rp
+      - postgres_p
+      - email_pass
+
+  celery-beat:
+    user: ${DOCKER_USER:-1000}
+    image: lasuite/drive-backend:v0.18.0
+    networks:
+      - backend
+    command: [ "celery", "-A", "drive.celery_app", "beat", "-l", "INFO", "--schedule", "/tmp/celerybeat-schedule" ]
+    entrypoint: ["/abra-entrypoint.sh", "/usr/local/bin/entrypoint"]
    environment:
      <<: [*common-env, *postgres-env]
    configs:
@ -153,17 +182,17 @@ services:
      - email_pass

  db:
-    image: postgres:16
+    image: pgautoupgrade/pgautoupgrade:18-debian
    networks:
      - backend 
    healthcheck:
-      test: ["CMD", "pg_isready", "-q", "-U", "docs", "-d", "docs"]
+      test: ["CMD", "pg_isready", "-q", "-U", "drive", "-d", "drive"]
      interval: 1s
      timeout: 2s
      retries: 300
    environment:
      <<: *postgres-env
-      PGDATA: var/lib/postgresql/data/pgdata
+      PGDATA: /var/lib/postgresql/data/pgdata
    volumes:
      - postgres:/var/lib/postgresql/data/pgdata
    deploy:
@ -180,9 +209,14 @@ services:
      - postgres_p

  redis:
-    image: redis:5
+    image: redis:8.6.3
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
    networks:
-      - backend 
+      - backend

  mailcatcher:
    image: sj26/mailcatcher:v0.10.0
@ -249,23 +283,29 @@ services:
        - "traefik.http.middlewares.${STACK_NAME}_minio-cors.headers.accessControlMaxAge=600"
        - "traefik.http.middlewares.${STACK_NAME}_minio-cors.headers.addVaryHeader=true"
        - "traefik.http.routers.${STACK_NAME}_minio.middlewares=${STACK_NAME}_minio-cors"
+        - "backupbot.backup=${ENABLE_BACKUPS:-true}"

  collabora:
-    image: collabora/code:latest
-#    healthcheck:
-#      test: [ "CMD", "curl", "-f", "http://localhost:9980/hosting/discovery" ]
-#      interval: 30s
-#      retries: 5
-#      start_period: 60s
-#      timeout: 10s
+    image: collabora/code:25.04.9.4.1
+    entrypoint: >
+      sh -c "
+      export password=\"$$(cat /run/secrets/collabora_p)\" &&
+      exec /start-collabora-online.sh"
+    healthcheck:
+      test: [ "CMD", "curl", "-f", "http://localhost:9980/hosting/discovery" ]
+      interval: 30s
+      retries: 5
+      start_period: 60s
+      timeout: 10s
    networks:
      - backend
      - proxy
    environment:
      - extra_params=--o:ssl.enable=false --o:ssl.termination=true
-      - username=drive
-      - password=password
+      - username=${COLLABORA_ADMIN_USERNAME:-admin}
      - server_name=${COLLABORA_DOMAIN}
+    secrets:
+      - collabora_p
    deploy:
      labels:
      - "traefik.enable=true"
@ -284,13 +324,13 @@ services:
      - "traefik.http.routers.${STACK_NAME}_collabora.middlewares=${STACK_NAME}_collabora-cors"

  onlyoffice:
-    image: onlyoffice/documentserver-de:9.2
-#    healthcheck:
-#      test: [ "CMD", "curl", "-f", "http://localhost/hosting/discovery" ]
-#      interval: 30s
-#      retries: 5
-#      start_period: 60s
-#      timeout: 10s
+    image: onlyoffice/documentserver-de:9.3.1.2
+    healthcheck:
+      test: [ "CMD", "curl", "-f", "http://localhost/hosting/discovery" ]
+      interval: 30s
+      retries: 5
+      start_period: 60s
+      timeout: 10s
    environment:
      TZ: "Europe/Berlin"
      USE_UNAUTHORIZED_STORAGE: "true"
@ -323,7 +363,7 @@ services:


  web:
-    image: nginx:1.25
+    image: nginx:1.30.0
    configs:
      - source: nginx_conf
        target: /etc/nginx/conf.d/default.conf
@ -388,7 +428,10 @@ secrets:
    name: ${STACK_NAME}_minio_rp_${SECRET_MINIO_RP_VERSION}
  minio_ru:
    external: true
-    name: ${STACK_NAME}_minio_ru_${SECRET_MINIO_RP_VERSION}
+    name: ${STACK_NAME}_minio_ru_${SECRET_MINIO_RU_VERSION}
+  collabora_p:
+    external: true
+    name: ${STACK_NAME}_collabora_p_${SECRET_COLLABORA_P_VERSION}
  email_pass:
    external: true
    name: ${STACK_NAME}_email_pass_${SECRET_EMAIL_PASS_VERSION}
--- a/pg_backup.sh
+++ b/pg_backup.sh
@ -10,7 +10,7 @@ function backup {
 }

 function restore {
-    cd /var/lib/postgresql/data/
+    cd /var/lib/postgresql/data/pgdata
    restore_config(){
        # Restore allowed connections
        cat pg_hba.conf.bak > pg_hba.conf
--- a/release/0.3.0+v0.11.1
+++ b/release/0.3.0+v0.11.1
@ -0,0 +1 @@
+Switched the database image from postgres:16 to pgautoupgrade/pgautoupgrade:18-debian. This enables automatic PostgreSQL major version upgrades. No action required from the operator — the upgrade from PostgreSQL 16 to 18 is handled automatically by the pgautoupgrade image on first start.
--- a/release/0.7.0+v0.12.0
+++ b/release/0.7.0+v0.12.0
@ -0,0 +1,9 @@
+**Breaking change:** The Collabora admin panel password is now a secret (`collabora_p`).
+
+After upgrading, you must generate the new secret for collabora to work:
+
+```
+abra app secret generate <app-domain> collabora_p v1
+abra app config <app-domain>  # set SECRET_COLLABORA_P_VERSION=v1
+```
+
Author	SHA1	Message	Date
notplants	f4135d7820	bump to 0.8.0+v0.18.0 - drive-frontend/backend: v0.12.0 → v0.18.0 - collabora/code: 25.04.9.1.1 → 25.04.9.4.1 - onlyoffice/documentserver-de: 9.2 → 9.3.1.2 - redis: 8 → 8.6.3 (pinned) - nginx: 1.29 → 1.30.0 - add optional env vars: DJANGO_EMAIL_URL_APP, DJANGO_CSRF_TRUSTED_ORIGINS, DATA_UPLOAD_MAX_MEMORY_SIZE	2026-05-11 19:52:46 +00:00
notplants	016728f970	Merge pull request '0.7.1v0.12.0' (#4 ) from 0.7.1v0.12.0 into main Reviewed-on: https://git.coopcloud.tech/coop-cloud/lasuite-drive/pulls/4	2026-02-20 14:22:44 +00:00
notplants	9c4a1f823c	bump to 0.7.1+v0.12.0	2026-02-20 14:20:07 +00:00
notplants	0411553e36	add minio backup label and fix pg restore path	2026-02-20 14:19:59 +00:00
notplants	7146f3e8be	fix release note: consistent placeholder	2026-02-18 16:57:01 +00:00
notplants	306914f9d8	fix release note: use placeholder domain	2026-02-18 16:56:37 +00:00
notplants	c408893d5f	fix release note: lowercase secret name	2026-02-18 16:56:08 +00:00
notplants	196d20a92e	bump to 0.7.0+v0.12.0	2026-02-18 16:54:43 +00:00
notplants	8ec47fa554	fix release note	2026-02-18 11:26:08 -05:00
notplants	e6ebe275a3	update release note	2026-02-18 11:24:54 -05:00
notplants	415bb3d9a9	Merge pull request 'update-0.7.0' (#3 ) from update-0.7.0 into main Reviewed-on: https://git.coopcloud.tech/coop-cloud/lasuite-drive/pulls/3	2026-02-18 16:07:22 +00:00
notplants	7bc5a4bcca	fix env.sample	2026-02-18 11:05:26 -05:00
notplants	d838d62103	fix env.sample	2026-02-18 11:04:40 -05:00
notplants	af25d3acc0	fixing up collabora secret	2026-02-18 11:02:52 -05:00
notplants	223a242f70	working on release 0.7.0	2026-02-18 10:43:49 -05:00
notplants	6ac2a5c838	Merge pull request 'bump to 0.6.0+v0.12.0' (#2 ) from update2 into main Reviewed-on: https://git.coopcloud.tech/coop-cloud/lasuite-drive/pulls/2	2026-02-18 15:03:13 +00:00
notplants	3a9e85a114	bump to 0.6.0+v0.12.0	2026-02-18 14:38:22 +00:00
notplants	f114ed0bab	bump to 0.5.0+v0.12.0	2026-02-18 13:54:20 +00:00
notplants	bbc1270356	upgrade to 0.4.0+v0.12.0	2026-02-18 12:03:26 +00:00
notplants	ccac11e01c	bump to 0.3.0+v0.11.1	2026-02-18 11:47:40 +00:00
notplants	0c861eae16	update to version 0.2.6+v0.11.1	2026-01-26 18:34:44 -05:00
notplants	e364cdbaf7	update to version 0.2.6+v0.11.1	2026-01-26 18:34:44 -05:00
notplants	2c7387523f	automatic wopi configuration	2026-01-26 18:18:16 -05:00
notplants	a2d8ebb8e5	rename	2026-01-26 17:23:31 -05:00
notplants	4512245d82	working on wopi scheduler	2026-01-26 16:48:49 -05:00
				`@ -0,0 +1 @@`
				`Switched the database image from postgres:16 to pgautoupgrade/pgautoupgrade:18-debian. This enables automatic PostgreSQL major version upgrades. No action required from the operator — the upgrade from PostgreSQL 16 to 18 is handled automatically by the pgautoupgrade image on first start.`