chore: publish 0.2.7+v0.11.1 release

.env.sample

@@ -28,8 +28,6 @@ SECRET_MINIO_RU_VERSION=v1
 SECRET_POSTGRES_P_VERSION=v1
 # DJANGO_HOST_EMAIL_PASSWORD
 SECRET_EMAIL_PASS_VERSION=v1
-# COLLABORA_ADMIN_PASSWORD
-SECRET_COLLABORA_P_VERSION=v1
 
 ##############################################################################
 # EMAIL
@@ -67,31 +65,3 @@ OIDC_AUTH_REQUEST_EXTRA_PARAMS='{"acr_values": "eidas1"}'
 LOGGING_LEVEL_HANDLERS_CONSOLE=INFO
 LOGGING_LEVEL_LOGGERS_ROOT=INFO
 LOGGING_LEVEL_LOGGERS_APP=INFO
-
-##############################################################################
-# MIGRATIONS
-##############################################################################
-# Set to false to disable automatic migrations on backend startup
-# AUTO_MIGRATIONS=true
-
-##############################################################################
-# COLLABORA ADMIN PANEL
-##############################################################################
-# Username for the Collabora admin panel (https://COLLABORA_DOMAIN/browser/dist/admin/admin.html)
-# Password is managed via Docker secret 'collabora_p'
-#COLLABORA_ADMIN_USERNAME=admin
-
-##############################################################################
-# BACKUPS
-##############################################################################
-# Set to false to disable backup-bot labels (default: true)
-#ENABLE_BACKUPS=true
-
-##############################################################################
-# WOPI SCHEDULING
-##############################################################################
-# Celery Beat crontab for the WOPI configuration task (default: daily at 3:00 AM)
-#WOPI_CONFIGURATION_CRONTAB_MINUTE=0
-#WOPI_CONFIGURATION_CRONTAB_HOUR=3
-#WOPI_CONFIGURATION_CRONTAB_DAY_OF_MONTH=*
-#WOPI_CONFIGURATION_CRONTAB_MONTH_OF_YEAR=*

README.md

@@ -7,11 +7,11 @@
 * **Category**: Apps
 * **Status**: 2
 * **Image**: [`lasuite/drive`](https://hub.docker.com/r/lasuite/drive), 4, upstream
-* **Healthcheck**: Yes
-* **Backups**: Yes
-* **Email**: Yes
+* **Healthcheck**: No
+* **Backups**: No
+* **Email**: 3
 * **Tests**: No
-* **SSO**: Yes
+* **SSO**: 3
 
 <!-- endmetadata -->
 
@@ -27,12 +27,11 @@ This recipe requires four domains. One domain for drive, and one for minio which
 * `abra app config <app-name>`
      - make sure to set MINIO_DOMAIN, COLLABORA_DOMAIN, ONLY_OFFICE_DOMAIN to the domains you set up for each. 
 * `abra app deploy <app-name>`
+* `abra app cmd <app-name> backend migrate` # creates database tables
+* `abra app restart <app-name> minio-createbuckets` (Note: this will appear to fail, but probably worked! Check `abra app logs <app-name> minio-createbuckets`)
 
 You should then be able to visit the landing page of your app, but not yet to login. To login, you need to deploy and integrate single sign on (described below in the "Configure Authentication" section). 
 
-* Migrations run automatically on backend startup. To trigger manually: `abra app cmd <app-name> backend migrate`
-* Minio buckets are created automatically on first deploy. To manually trigger: `abra app cmd <app-name> minio minio_initialize`
-
 Wopi discovery is supposed to happen automatically, but if collabora/onlyoffice are not connecting, you can try running:
 
 * `abra app cmd <app-name> backend trigger_wopi` # connects only office & collabora (if they stop working, try running this again)
@@ -70,7 +69,7 @@ OIDC_RP_CLIENT_ID=<yourkeycloakclientid>
 then redeploy drive:
 `abra app deploy <app-name> --force`
 
-at this point, when you go to your drive url, you should then be able to click "login" and login with the username and password for the user you created in keycloak.
+at this point, when you go to your drive url, you shoud then be able to click "login" and login with the username and password for the user you created in keycloak.
 
 you can make additional users in keycloak for this "client" and they will all be able to login to drive and collaborate. 
 

abra-entrypoint.sh

@@ -11,12 +11,5 @@ set -e
 
 # if not in "env" mode, then execute the original entrypoint and command
 if [ ! "$1" = "-e" ]; then
-  # Run WOPI configuration on startup if enabled (celery worker service only).
-  # This ensures WOPI clients are configured immediately after each deploy,
-  # rather than waiting for the next celery-beat cron tick (default: 3 AM).
-  if [ "${RUN_WOPI_ON_STARTUP:-}" = "true" ]; then
-    echo "🐳(entrypoint) running WOPI configuration on startup..."
-    python manage.py trigger_wopi_configuration || echo "⚠ WOPI configuration failed (non-fatal, will retry on schedule)"
-  fi
   exec "$@"
 fi

abra.sh

@@ -1,11 +1,10 @@
 # Set any config versions here
 # Docs: https://docs.coopcloud.tech/maintainers/handbook/#manage-configs
-export ABRA_ENTRYPOINT_VERSION=v11
+export ABRA_ENTRYPOINT_VERSION=v5
 export NGINX_CONF_VERSION=v6
 export ONLYOFFICE_CONF_VERSION=v2
-export PG_BACKUP_VERSION=v4
-export MIGRATE_VERSION=v1
-export MINIO_INITIALIZE_VERSION=v1
+export PG_BACKUP_VERSION=v3
+export SCHEDULE_WOPI_VERSION=v1
 
 environment() {
   # this exports all the secrets as environment variables
@@ -13,11 +12,8 @@ environment() {
 }
 
 migrate() {
-  /migrate.sh
-}
-
-minio_initialize() {
-  /minio-initialize.sh
+  environment
+  python manage.py migrate --noinput
 }
 
 trigger_wopi() {

compose.yml

@@ -27,9 +27,6 @@ x-common-env: &common-env
   DJANGO_EMAIL_USE_SSL:
   DJANGO_EMAIL_USE_TLS:
   DJANGO_EMAIL_FROM:
-  DJANGO_EMAIL_URL_APP:
-  DJANGO_CSRF_TRUSTED_ORIGINS:
-  DATA_UPLOAD_MAX_MEMORY_SIZE:
   # Backend url
   DRIVE_BASE_URL: "https://${DOMAIN}"
   # Media
@@ -69,11 +66,6 @@ x-common-env: &common-env
   WOPI_COLLABORA_DISCOVERY_URL: "https://${COLLABORA_DOMAIN}/hosting/discovery"
   WOPI_ONLYOFFICE_DISCOVERY_URL: "https://${ONLY_OFFICE_DOMAIN}/hosting/discovery"
   WOPI_SRC_BASE_URL: "https://${DOMAIN}"
-  # WOPI scheduling (Celery Beat crontab for WOPI configuration task)
-  WOPI_CONFIGURATION_CRONTAB_MINUTE: ${WOPI_CONFIGURATION_CRONTAB_MINUTE:-0}
-  WOPI_CONFIGURATION_CRONTAB_HOUR: ${WOPI_CONFIGURATION_CRONTAB_HOUR:-3}
-  WOPI_CONFIGURATION_CRONTAB_DAY_OF_MONTH: ${WOPI_CONFIGURATION_CRONTAB_DAY_OF_MONTH:-*}
-  WOPI_CONFIGURATION_CRONTAB_MONTH_OF_YEAR: ${WOPI_CONFIGURATION_CRONTAB_MONTH_OF_YEAR:-*}
 
 x-postgres-env: &postgres-env
   # Postgresql db container configuration
@@ -95,14 +87,14 @@ services:
 
   app:
     user: "${DOCKER_USER:-1000}"
-    image: lasuite/drive-frontend:v0.19.0
+    image: lasuite/drive-frontend:v0.11.1
     networks:
       - backend
     deploy:
       labels:
         - "traefik.enable=false"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
-        - "coop-cloud.${STACK_NAME}.version=0.10.1+v0.19.0"
+        - "coop-cloud.${STACK_NAME}.version=0.2.7+v0.11.1"
     environment:
       <<: [ *common-env ]
     healthcheck:
@@ -116,13 +108,11 @@ services:
 
   backend:
     user: ${DOCKER_USER:-1000}
-    image: lasuite/drive-backend:v0.19.0
+    image: lasuite/drive-backend:v0.11.1
     command: [ "gunicorn", "-c", "/usr/local/etc/gunicorn/drive.py", "drive.wsgi:application" ]
-    entrypoint: >
-      sh -c "if [ \"$$AUTO_MIGRATIONS\" = \"true\" ]; then /migrate.sh; fi && exec /abra-entrypoint.sh /usr/local/bin/entrypoint \"$$@\"" --
+    entrypoint: [ "/abra-entrypoint.sh", "/usr/local/bin/entrypoint" ]
     environment:
       <<: [ *common-env, *postgres-env ]
-      AUTO_MIGRATIONS: "${AUTO_MIGRATIONS:-true}"
     networks:
       - backend
     depends_on:
@@ -131,9 +121,6 @@ services:
       - source: abra_entrypoint
         target: /abra-entrypoint.sh
         mode: 0555
-      - source: migrate
-        target: /migrate.sh
-        mode: 0555
     secrets:
       - django_sk
       - django_sp
@@ -143,20 +130,26 @@ services:
       - postgres_p
       - email_pass
 
-  celery:
+  # this may be unecessary once the PR is merged to use celery beat
+  # but this is a workaround for now https://github.com/suitenumerique/drive/issues/484
+  scheduler:
+    image: lasuite/drive-backend:v0.11.1
     user: ${DOCKER_USER:-1000}
-    image: lasuite/drive-backend:v0.19.0
     networks:
       - backend
-    command: [ "celery", "-A", "drive.celery_app", "worker", "-l", "INFO" ]
-    entrypoint: ["/abra-entrypoint.sh", "/usr/local/bin/entrypoint"]
+    depends_on:
+      - db
+      - redis
     environment:
-      <<: [*common-env, *postgres-env]
-      RUN_WOPI_ON_STARTUP: "true"
+      <<: [ *common-env, *postgres-env ]
     configs:
+      - source: schedule_wopi
+        target: /app/schedule_wopi.sh
+        mode: 0755
       - source: abra_entrypoint
         target: /abra-entrypoint.sh
         mode: 0555
+    entrypoint: ["/app/schedule_wopi.sh"]
     secrets:
       - django_sk
       - django_sp
@@ -165,12 +158,12 @@ services:
       - postgres_p
       - email_pass
 
-  celery-beat:
+  celery:
     user: ${DOCKER_USER:-1000}
-    image: lasuite/drive-backend:v0.19.0
+    image: lasuite/drive-backend:v0.11.1
     networks:
       - backend
-    command: [ "celery", "-A", "drive.celery_app", "beat", "-l", "INFO", "--schedule", "/tmp/celerybeat-schedule" ]
+    command: [ "celery", "-A", "drive.celery_app", "worker", "-l", "INFO" ]
     entrypoint: ["/abra-entrypoint.sh", "/usr/local/bin/entrypoint"]
     environment:
       <<: [*common-env, *postgres-env]
@@ -187,17 +180,17 @@ services:
       - email_pass
 
   db:
-    image: pgautoupgrade/pgautoupgrade:18-debian
+    image: postgres:16
     networks:
       - backend 
     healthcheck:
-      test: ["CMD", "pg_isready", "-q", "-U", "drive", "-d", "drive"]
+      test: ["CMD", "pg_isready", "-q", "-U", "docs", "-d", "docs"]
       interval: 1s
       timeout: 2s
       retries: 300
     environment:
       <<: *postgres-env
-      PGDATA: /var/lib/postgresql/data/pgdata
+      PGDATA: var/lib/postgresql/data/pgdata
     volumes:
       - postgres:/var/lib/postgresql/data/pgdata
     deploy:
@@ -214,20 +207,37 @@ services:
       - postgres_p
 
   redis:
-    image: redis:8.8.0
-    healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
+    image: redis:5
     networks:
-      - backend
+      - backend 
 
   mailcatcher:
     image: sj26/mailcatcher:v0.10.0
     networks:
       - backend
 
+  minio-createbuckets:
+    image: minio/minio:RELEASE.2025-09-07T16-13-09Z
+    environment: *minio-env
+    entrypoint: >
+      sh -c "
+      MINIO_ROOT_USER=\"\$$(cat /run/secrets/minio_ru)\" &&   
+      MINIO_ROOT_PASSWORD=\"\$$(cat /run/secrets/minio_rp)\" &&   
+      /usr/bin/mc alias set drive http://minio:9000 \$${MINIO_ROOT_USER} \"\$${MINIO_ROOT_PASSWORD}\" && \
+      /usr/bin/mc mb drive/drive-media-storage && \
+      /usr/bin/mc version enable drive/drive-media-storage && \
+      exit 0;"
+    deploy:
+      mode: replicated
+      replicas: 0
+      restart_policy:
+        condition: none
+    secrets:
+      - minio_rp
+      - minio_ru
+    networks:
+      - backend
+
   minio:
     image: minio/minio:RELEASE.2025-09-07T16-13-09Z
     environment: *minio-env
@@ -240,17 +250,13 @@ services:
       - backend
       - proxy
     command: minio server /data
-    entrypoint: >
-      sh -c "/minio-initialize.sh & exec /usr/bin/docker-entrypoint.sh \"$$@\"" --
+    entrypoint: ["/usr/bin/docker-entrypoint.sh"]
     volumes:
       - minio:/data
     configs:
       - source: abra_entrypoint
         target: /abra-entrypoint.sh
         mode: 0555
-      - source: minio_initialize
-        target: /minio-initialize.sh
-        mode: 0555
     secrets:
       - minio_rp
       - minio_ru
@@ -270,29 +276,23 @@ services:
         - "traefik.http.middlewares.${STACK_NAME}_minio-cors.headers.accessControlMaxAge=600"
         - "traefik.http.middlewares.${STACK_NAME}_minio-cors.headers.addVaryHeader=true"
         - "traefik.http.routers.${STACK_NAME}_minio.middlewares=${STACK_NAME}_minio-cors"
-        - "backupbot.backup=${ENABLE_BACKUPS:-true}"
 
   collabora:
-    image: collabora/code:25.04.9.4.1
-    entrypoint: >
-      sh -c "
-      export password=\"$$(cat /run/secrets/collabora_p)\" &&
-      exec /start-collabora-online.sh"
-    healthcheck:
-      test: [ "CMD", "curl", "-f", "http://localhost:9980/hosting/discovery" ]
-      interval: 30s
-      retries: 5
-      start_period: 60s
-      timeout: 10s
+    image: collabora/code:latest
+#    healthcheck:
+#      test: [ "CMD", "curl", "-f", "http://localhost:9980/hosting/discovery" ]
+#      interval: 30s
+#      retries: 5
+#      start_period: 60s
+#      timeout: 10s
     networks:
       - backend
       - proxy
     environment:
       - extra_params=--o:ssl.enable=false --o:ssl.termination=true
-      - username=${COLLABORA_ADMIN_USERNAME:-admin}
+      - username=drive
+      - password=password
       - server_name=${COLLABORA_DOMAIN}
-    secrets:
-      - collabora_p
     deploy:
       labels:
       - "traefik.enable=true"
@@ -311,13 +311,13 @@ services:
       - "traefik.http.routers.${STACK_NAME}_collabora.middlewares=${STACK_NAME}_collabora-cors"
 
   onlyoffice:
-    image: onlyoffice/documentserver-de:9.3.1.2
-    healthcheck:
-      test: [ "CMD", "curl", "-f", "http://localhost/hosting/discovery" ]
-      interval: 30s
-      retries: 5
-      start_period: 60s
-      timeout: 10s
+    image: onlyoffice/documentserver-de:9.2
+#    healthcheck:
+#      test: [ "CMD", "curl", "-f", "http://localhost/hosting/discovery" ]
+#      interval: 30s
+#      retries: 5
+#      start_period: 60s
+#      timeout: 10s
     environment:
       TZ: "Europe/Berlin"
       USE_UNAUTHORIZED_STORAGE: "true"
@@ -350,7 +350,7 @@ services:
 
 
   web:
-    image: nginx:1.31.2
+    image: nginx:1.25
     configs:
       - source: nginx_conf
         target: /etc/nginx/conf.d/default.conf
@@ -389,15 +389,13 @@ configs:
   pg_backup:
     name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
     file: pg_backup.sh
+  schedule_wopi:
+    name: ${STACK_NAME}_schedule_wopi_${SCHEDULE_WOPI_VERSION}
+    file: schedule_wopi.sh
+    template_driver: golang
   abra_entrypoint:
     name: ${STACK_NAME}_entrypoint_${ABRA_ENTRYPOINT_VERSION}
     file: abra-entrypoint.sh
-  migrate:
-    name: ${STACK_NAME}_migrate_${MIGRATE_VERSION}
-    file: migrate.sh
-  minio_initialize:
-    name: ${STACK_NAME}_minio_initialize_${MINIO_INITIALIZE_VERSION}
-    file: minio-initialize.sh
   onlyoffice_conf:
     name: ${STACK_NAME}_onlyoffice_conf_${ONLYOFFICE_CONF_VERSION}
     file: onlyoffice-config.json.tmpl
@@ -421,10 +419,7 @@ secrets:
     name: ${STACK_NAME}_minio_rp_${SECRET_MINIO_RP_VERSION}
   minio_ru:
     external: true
-    name: ${STACK_NAME}_minio_ru_${SECRET_MINIO_RU_VERSION}
-  collabora_p:
-    external: true
-    name: ${STACK_NAME}_collabora_p_${SECRET_COLLABORA_P_VERSION}
+    name: ${STACK_NAME}_minio_ru_${SECRET_MINIO_RP_VERSION}
   email_pass:
     external: true
     name: ${STACK_NAME}_email_pass_${SECRET_EMAIL_PASS_VERSION}

migrate.sh

@@ -1,26 +0,0 @@
-#!/bin/sh
-set -e
-
-# Load secrets into environment
-source /abra-entrypoint.sh -e
-
-# Wait for database to be ready (up to 30 seconds)
-i=0
-while ! python manage.py check --database default 2>/dev/null; do
-  i=$((i+1))
-  if [ "$i" -ge 30 ]; then
-    echo "migrate: timed out waiting for database" >&2
-    exit 1
-  fi
-  sleep 1
-done
-
-# Idempotent: skip if no pending migrations
-if python manage.py migrate --check > /dev/null 2>&1; then
-  echo "migrate: no pending migrations, skipping"
-  exit 0
-fi
-
-echo "migrate: applying pending migrations..."
-python manage.py migrate --noinput
-echo "migrate: done"

minio-initialize.sh

@@ -1,29 +0,0 @@
-#!/bin/sh
-set -e
-
-# Wait for minio to be ready (up to 60 seconds)
-i=0
-while ! mc ready local 2>/dev/null; do
-  i=$((i+1))
-  if [ "$i" -ge 60 ]; then
-    echo "minio-initialize: timed out waiting for minio to be ready" >&2
-    exit 1
-  fi
-  sleep 1
-done
-
-MINIO_ROOT_USER="$(cat /run/secrets/minio_ru)"
-MINIO_ROOT_PASSWORD="$(cat /run/secrets/minio_rp)"
-
-mc alias set drive http://localhost:9000 "${MINIO_ROOT_USER}" "${MINIO_ROOT_PASSWORD}"
-
-# Idempotent: skip if bucket already exists
-if mc ls drive/drive-media-storage > /dev/null 2>&1; then
-  echo "minio-initialize: bucket 'drive-media-storage' already exists, skipping"
-  exit 0
-fi
-
-echo "minio-initialize: creating bucket 'drive-media-storage'..."
-mc mb drive/drive-media-storage
-mc version enable drive/drive-media-storage
-echo "minio-initialize: done"

pg_backup.sh

@@ -10,7 +10,7 @@ function backup {
 }
 
 function restore {
-    cd /var/lib/postgresql/data/pgdata
+    cd /var/lib/postgresql/data/
     restore_config(){
         # Restore allowed connections
         cat pg_hba.conf.bak > pg_hba.conf

release/0.3.0+v0.11.1

@@ -1 +0,0 @@
-Switched the database image from postgres:16 to pgautoupgrade/pgautoupgrade:18-debian. This enables automatic PostgreSQL major version upgrades. No action required from the operator — the upgrade from PostgreSQL 16 to 18 is handled automatically by the pgautoupgrade image on first start.

release/0.7.0+v0.12.0

@@ -1,9 +0,0 @@
-**Breaking change:** The Collabora admin panel password is now a secret (`collabora_p`).
-
-After upgrading, you must generate the new secret for collabora to work:
-
-```
-abra app secret generate <app-domain> collabora_p v1
-abra app config <app-domain>  # set SECRET_COLLABORA_P_VERSION=v1
-```
-

schedule_wopi.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+set -e
+
+while true; do
+    echo "Running WOPI job at $(date)"
+    # source env
+    . /abra-entrypoint.sh -e
+    # run python command
+    python manage.py trigger_wopi_configuration
+    echo "++ completed wopi trigger. now sleeping."
+    # wait before next run
+    sleep 1800  # 1800 seconds = 30 minutes
+done