chore: publish 0.10.1+v0.19.0 release

Reviewed-on: https://git.coopcloud.tech/coop-cloud/lasuite-drive/pulls/9

.env.sample

@@ -28,6 +28,8 @@ SECRET_MINIO_RU_VERSION=v1
 SECRET_POSTGRES_P_VERSION=v1
 # DJANGO_HOST_EMAIL_PASSWORD
 SECRET_EMAIL_PASS_VERSION=v1
+# COLLABORA_ADMIN_PASSWORD
+SECRET_COLLABORA_P_VERSION=v1
 
 ##############################################################################
 # EMAIL
@@ -66,6 +68,19 @@ LOGGING_LEVEL_HANDLERS_CONSOLE=INFO
 LOGGING_LEVEL_LOGGERS_ROOT=INFO
 LOGGING_LEVEL_LOGGERS_APP=INFO
 
+##############################################################################
+# COLLABORA ADMIN PANEL
+##############################################################################
+# Username for the Collabora admin panel (https://COLLABORA_DOMAIN/browser/dist/admin/admin.html)
+# Password is managed via Docker secret 'collabora_p'
+#COLLABORA_ADMIN_USERNAME=admin
+
+##############################################################################
+# BACKUPS
+##############################################################################
+# Set to false to disable backup-bot labels (default: true)
+#ENABLE_BACKUPS=true
+
 ##############################################################################
 # WOPI SCHEDULING
 ##############################################################################

README.md

@@ -7,11 +7,11 @@
 * **Category**: Apps
 * **Status**: 2
 * **Image**: [`lasuite/drive`](https://hub.docker.com/r/lasuite/drive), 4, upstream
-* **Healthcheck**: No
+* **Healthcheck**: Yes
-* **Backups**: No
+* **Backups**: Yes
-* **Email**: 3
+* **Email**: Yes
 * **Tests**: No
-* **SSO**: 3
+* **SSO**: Yes
 
 <!-- endmetadata -->
 
@@ -69,7 +69,7 @@ OIDC_RP_CLIENT_ID=<yourkeycloakclientid>
 then redeploy drive:
 `abra app deploy <app-name> --force`
 
-at this point, when you go to your drive url, you shoud then be able to click "login" and login with the username and password for the user you created in keycloak.
+at this point, when you go to your drive url, you should then be able to click "login" and login with the username and password for the user you created in keycloak.
 
 you can make additional users in keycloak for this "client" and they will all be able to login to drive and collaborate. 
 

abra.sh

@@ -1,9 +1,9 @@
 # Set any config versions here
 # Docs: https://docs.coopcloud.tech/maintainers/handbook/#manage-configs
-export ABRA_ENTRYPOINT_VERSION=v7
+export ABRA_ENTRYPOINT_VERSION=v11
 export NGINX_CONF_VERSION=v6
 export ONLYOFFICE_CONF_VERSION=v2
-export PG_BACKUP_VERSION=v3
+export PG_BACKUP_VERSION=v4
 
 environment() {
   # this exports all the secrets as environment variables

compose.yml

@@ -27,6 +27,9 @@ x-common-env: &common-env
   DJANGO_EMAIL_USE_SSL:
   DJANGO_EMAIL_USE_TLS:
   DJANGO_EMAIL_FROM:
+  DJANGO_EMAIL_URL_APP:
+  DJANGO_CSRF_TRUSTED_ORIGINS:
+  DATA_UPLOAD_MAX_MEMORY_SIZE:
   # Backend url
   DRIVE_BASE_URL: "https://${DOMAIN}"
   # Media
@@ -92,14 +95,14 @@ services:
 
   app:
     user: "${DOCKER_USER:-1000}"
-    image: lasuite/drive-frontend:v0.12.0
+    image: lasuite/drive-frontend:v0.19.0
     networks:
       - backend
     deploy:
       labels:
         - "traefik.enable=false"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
-        - "coop-cloud.${STACK_NAME}.version=0.6.0+v0.12.0"
+        - "coop-cloud.${STACK_NAME}.version=0.10.1+v0.19.0"
     environment:
       <<: [ *common-env ]
     healthcheck:
@@ -113,7 +116,7 @@ services:
 
   backend:
     user: ${DOCKER_USER:-1000}
-    image: lasuite/drive-backend:v0.12.0
+    image: lasuite/drive-backend:v0.19.0
     command: [ "gunicorn", "-c", "/usr/local/etc/gunicorn/drive.py", "drive.wsgi:application" ]
     entrypoint: [ "/abra-entrypoint.sh", "/usr/local/bin/entrypoint" ]
     environment:
@@ -137,7 +140,7 @@ services:
 
   celery:
     user: ${DOCKER_USER:-1000}
-    image: lasuite/drive-backend:v0.12.0
+    image: lasuite/drive-backend:v0.19.0
     networks:
       - backend
     command: [ "celery", "-A", "drive.celery_app", "worker", "-l", "INFO" ]
@@ -159,7 +162,7 @@ services:
 
   celery-beat:
     user: ${DOCKER_USER:-1000}
-    image: lasuite/drive-backend:v0.12.0
+    image: lasuite/drive-backend:v0.19.0
     networks:
       - backend
     command: [ "celery", "-A", "drive.celery_app", "beat", "-l", "INFO", "--schedule", "/tmp/celerybeat-schedule" ]
@@ -206,7 +209,12 @@ services:
       - postgres_p
 
   redis:
-    image: redis:8
+    image: redis:8.8.0
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
     networks:
       - backend
 
@@ -275,23 +283,29 @@ services:
         - "traefik.http.middlewares.${STACK_NAME}_minio-cors.headers.accessControlMaxAge=600"
         - "traefik.http.middlewares.${STACK_NAME}_minio-cors.headers.addVaryHeader=true"
         - "traefik.http.routers.${STACK_NAME}_minio.middlewares=${STACK_NAME}_minio-cors"
+        - "backupbot.backup=${ENABLE_BACKUPS:-true}"
 
   collabora:
-    image: collabora/code:latest
+    image: collabora/code:25.04.9.4.1
-#    healthcheck:
+    entrypoint: >
-#      test: [ "CMD", "curl", "-f", "http://localhost:9980/hosting/discovery" ]
+      sh -c "
-#      interval: 30s
+      export password=\"$$(cat /run/secrets/collabora_p)\" &&
-#      retries: 5
+      exec /start-collabora-online.sh"
-#      start_period: 60s
+    healthcheck:
-#      timeout: 10s
+      test: [ "CMD", "curl", "-f", "http://localhost:9980/hosting/discovery" ]
+      interval: 30s
+      retries: 5
+      start_period: 60s
+      timeout: 10s
     networks:
       - backend
       - proxy
     environment:
       - extra_params=--o:ssl.enable=false --o:ssl.termination=true
-      - username=drive
+      - username=${COLLABORA_ADMIN_USERNAME:-admin}
-      - password=password
       - server_name=${COLLABORA_DOMAIN}
+    secrets:
+      - collabora_p
     deploy:
       labels:
       - "traefik.enable=true"
@@ -310,13 +324,13 @@ services:
       - "traefik.http.routers.${STACK_NAME}_collabora.middlewares=${STACK_NAME}_collabora-cors"
 
   onlyoffice:
-    image: onlyoffice/documentserver-de:9.2
+    image: onlyoffice/documentserver-de:9.3.1.2
-#    healthcheck:
+    healthcheck:
-#      test: [ "CMD", "curl", "-f", "http://localhost/hosting/discovery" ]
+      test: [ "CMD", "curl", "-f", "http://localhost/hosting/discovery" ]
-#      interval: 30s
+      interval: 30s
-#      retries: 5
+      retries: 5
-#      start_period: 60s
+      start_period: 60s
-#      timeout: 10s
+      timeout: 10s
     environment:
       TZ: "Europe/Berlin"
       USE_UNAUTHORIZED_STORAGE: "true"
@@ -349,7 +363,7 @@ services:
 
 
   web:
-    image: nginx:1.29
+    image: nginx:1.31.2
     configs:
       - source: nginx_conf
         target: /etc/nginx/conf.d/default.conf
@@ -414,7 +428,10 @@ secrets:
     name: ${STACK_NAME}_minio_rp_${SECRET_MINIO_RP_VERSION}
   minio_ru:
     external: true
-    name: ${STACK_NAME}_minio_ru_${SECRET_MINIO_RP_VERSION}
+    name: ${STACK_NAME}_minio_ru_${SECRET_MINIO_RU_VERSION}
+  collabora_p:
+    external: true
+    name: ${STACK_NAME}_collabora_p_${SECRET_COLLABORA_P_VERSION}
   email_pass:
     external: true
     name: ${STACK_NAME}_email_pass_${SECRET_EMAIL_PASS_VERSION}

pg_backup.sh

@@ -10,7 +10,7 @@ function backup {
 }
 
 function restore {
-    cd /var/lib/postgresql/data/
+    cd /var/lib/postgresql/data/pgdata
     restore_config(){
         # Restore allowed connections
         cat pg_hba.conf.bak > pg_hba.conf

release/0.7.0+v0.12.0

@@ -0,0 +1,9 @@
+**Breaking change:** The Collabora admin panel password is now a secret (`collabora_p`).
+
+After upgrading, you must generate the new secret for collabora to work:
+
+```
+abra app secret generate <app-domain> collabora_p v1
+abra app config <app-domain>  # set SECRET_COLLABORA_P_VERSION=v1
+```
+