feat(pi): upgrade to 3.10

.github/workflows/pr.yml

@@ -12,11 +12,6 @@ jobs:
     permissions:
       pull-requests: write
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        python_version: [ 3.8.19, 3.9.19, 3.10.13 ]
-        pi_version: [ 3.9.3, 3.9.2, 3.9.1 ]
-        os_version: [ slim-bookworm, slim-bullseye ]
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -25,5 +20,5 @@ jobs:
         with:
           platforms: linux/amd64
           push: false
-          python_base_image: ${{ matrix.python_version }}-${{ matrix.os_version }}
-          pi_version: ${{ matrix.pi_version }}
+          python_base_image: 3.12.7-slim-bullseye
+          pi_version: '3.10'

.github/workflows/release.yml

@@ -4,76 +4,24 @@ on:
     branches:
       - 'main'
     tags:
-      - 'v3.9.*'
+      - 'v3.*'
   workflow_dispatch:
 
 jobs:
-  docker-build-393:
-    name: Build 3.9.3
+  docker-build:
+    name: Build
     runs-on: ubuntu-latest
-    if: ${{ startsWith(github.ref, 'refs/tags/v3.9.3') || github.ref == 'refs/heads/main' }}
-    strategy:
-      matrix:
-        python_version: [ 3.8.19, 3.9.19, 3.10.13 ]
-        os_version: [ slim-bookworm, slim-bullseye ]
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-      - name: 3.9.3
+      - name: build image
         uses: ./.github/actions/docker-common
         with:
           docker_hub_token: ${{ secrets.DOCKERHUB_TOKEN }}
           docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }}
           ghcr_token: ${{ secrets.GITHUB_TOKEN }}
           platforms: linux/amd64,linux/arm64
           push: true
-          python_base_image: ${{ matrix.python_version }}-${{ matrix.os_version }}
-          pi_version: 3.9.3
-          is_default_version: ${{ matrix.python_version == '3.10.13' }}
-
-  docker-build-392:
-    name: Build 3.9.2
-    runs-on: ubuntu-latest
-    if: ${{ startsWith(github.ref, 'refs/tags/v3.9.2') }}
-    strategy:
-      matrix:
-        python_version: [ 3.8.19, 3.9.19, 3.10.13 ]
-        os_version: [ slim-bookworm, slim-bullseye ]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: 3.9.2
-        if: ${{ startsWith(github.ref, 'refs/tags/v3.9.2') }}
-        uses: ./.github/actions/docker-common
-        with:
-          docker_hub_token: ${{ secrets.DOCKERHUB_TOKEN }}
-          docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }}
-          ghcr_token: ${{ secrets.GITHUB_TOKEN }}
-          platforms: linux/amd64,linux/arm64
-          push: true
-          python_base_image: ${{ matrix.python_version }}-${{ matrix.os_version }}
-          pi_version: 3.9.2
-          is_default_version: false
-
-  docker-build-391:
-    name: Build 3.9.1
-    runs-on: ubuntu-latest
-    if: ${{ startsWith(github.ref, 'refs/tags/v3.9.1') }}
-    strategy:
-      matrix:
-        python_version: [ 3.8.19, 3.9.19, 3.10.13 ]
-        os_version: [ slim-bookworm, slim-bullseye ]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: 3.9.1
-        uses: ./.github/actions/docker-common
-        with:
-          docker_hub_token: ${{ secrets.DOCKERHUB_TOKEN }}
-          docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }}
-          ghcr_token: ${{ secrets.GITHUB_TOKEN }}
-          platforms: linux/amd64,linux/arm64
-          push: true
-          python_base_image: ${{ matrix.python_version }}-${{ matrix.os_version }}
-          pi_version: 3.9.1
-          is_default_version: false
+          python_base_image: 3.12.7-slim-bullseye
+          pi_version: '3.10'
+          is_default_version: true

Dockerfile

@@ -1,5 +1,5 @@
-ARG BASE_IMAGE_TAG=3.8.18-slim-bookworm
-ARG PI_VERSION=3.9.3
+ARG BASE_IMAGE_TAG=3.12.7-slim-bullseye
+ARG PI_VERSION=3.10
 ARG PI_HOME=/opt/privacyidea
 
 FROM python:$BASE_IMAGE_TAG AS builder

Makefile

@@ -7,13 +7,13 @@ help: ## Show this help message
 	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "  %-30s %s\n", $$1, $$2}' | sort
 
 build: ## Build image
-	docker build -t khalibre/privacyidea:dev .
+	docker build -t kheeklab/privacyidea:dev .
 
 push: ## Push image
-	docker push khalibre/privacyidea:dev
+	docker push kheeklab/privacyidea:dev
 
 run: cleanup create_volume secretkey pipepper ## Run test
-	docker run -p 8080:8080 -ti --name=privacyidea-dev --env-file=secretkey --env-file=pipepper khalibre/privacyidea:dev
+	docker run -p 8080:8080 -ti --name=privacyidea-dev --env-file=secretkey --env-file=pipepper kheeklab/privacyidea:dev
 
 create_volume:
 	mkdir $(LOCAL_DATA_VOLUME)
@@ -32,6 +32,6 @@ cleanup:
 	@if [ -d $(LOCAL_DATA_VOLUME) ]; then sudo rm -rf $(LOCAL_DATA_VOLUME); fi
 
 test:
-	container-structure-test test --image khalibre/privacyidea:dev --config structure-tests.yaml
+	container-structure-test test --image kheeklab/privacyidea:dev --config structure-tests.yaml
 
 .DEFAULT_GOAL := help

README.md

@@ -28,12 +28,7 @@ The image tags are following privacyIDEA version e.g. `3.9.1` and `latest`. The
 | Tag | Description |
 | :-- | :---------- |
 | `latest` | The latest image build from main branch |
-| `3.9.2` `3.9.2-python-3.8.18-slim-bookworm`   | The image build from base image python 3.8.18-slim-bookworm |
-| `3.9.2-python-3.9.18-slim-bookworm`   | The image build from base image python 3.9.18-slim-bookworm |
-| `3.9.2-python-3.10.13-slim-bookworm`  | The image build from base image python 3.10.13-slim-bookworm |
-| `3.9.2-python-3.8.18-slim-bullseye`   | The image build from base image python 3.8.18-slim-bullseye |
-| `3.9.2-python-3.9.18-slim-bullseye`   | The latest image from base image python 3.9.18-slim-bullseye |
-| `3.9.2-python-3.10.13-slim-bullseye`  | The latest image build from base image python 3.10.13-slim-bullseye |
+| `3.10` `3.10-python-3.12.7-bulseye`   | The image specified tag |
 
 ## Building
 

rootfs/opt/templates/pi-config.template

@@ -33,3 +33,4 @@ PI_VASCO_LIBRARY = None
 PI_ENGINE_REGISTRY_CLASS = os.environ.get("PI_ENGINE_REGISTRY_CLASS", "shared")
 PI_PAGE_TITLE = os.environ.get("PI_PAGE_TITLE", "privacyIDEA Authentication System")
 PI_AUDIT_SQL_TRUNCATE = True
+PI_NODE_UUID= os.environ.get("PI_NODE_UUID", "8e4272a9-9037-40df-8aa3-976e4a04b5a9")

rootfs/usr/local/bin/configure_privacyidea.sh

@@ -52,11 +52,10 @@ function generate_pi_config {
 
     if [ -z "$SQLALCHEMY_DATABASE_URI" ]; then
         # Check the selected database vendor
-        check_and_set_defaults
         case $PI_DB_VENDOR in
             "mariadb" | "mysql")
                 echo "[INFO] Using $PI_DB_VENDOR ..."
-
+                check_and_set_defaults
                 # Define the SQLAlchemy database URI using the necessary variables
                 if [ -z "$PI_DB_ARGS" ]; then
                     export SQLALCHEMY_DATABASE_URI="${PI_DB_VENDOR}+pymysql://${PI_DB_USER}:${encoded_password}@${PI_DB_HOST}:${PI_DB_PORT:-3306}/${PI_DB_NAME}"
@@ -69,7 +68,7 @@ function generate_pi_config {
 
             "postgresql")
                 echo "[INFO] Using $PI_DB_VENDOR..."
-
+                check_and_set_defaults
                 # Define the SQLAlchemy database URI using the necessary variables
                 if [ -z "$PI_DB_ARGS" ]; then
                     export SQLALCHEMY_DATABASE_URI="${PI_DB_VENDOR}+psycopg2://${PI_DB_USER}:${encoded_password}@/${PI_DB_NAME}?host=${PI_DB_HOST}&port=${PI_DB_PORT:-5432}"
@@ -108,7 +107,9 @@ function generate_pi_config {
 function prestart_privacyidea {
     # Copy files from mounted directory to PI_HOME
     PI_HOME=${PI_HOME:-/opt/privacyidea}
+
     export PI_HOME
+
     if [ -d "${PI_MOUNT_DIR}/files" ] && [ "$(ls -A "${PI_MOUNT_DIR}/files")" ]; then
         echo ""
         echo "[privacyIDEA] Copying files from ${PI_MOUNT_DIR}/files:"
@@ -135,6 +136,13 @@ function prestart_privacyidea {
 
     # Generate keys, create tables, and admin user
     if [ "${PI_SKIP_BOOTSTRAP}" = false ]; then
+
+        # Create database tables
+        echo ""
+        echo "[INFO] Generating privacyIDEA database tables..."
+        echo ""
+        pi-manage setup create_tables
+
         # Create keys directory if not exists
         if [ ! -d ${PI_DATA_DIR}/keys ]; then
             echo ""
@@ -148,34 +156,28 @@ function prestart_privacyidea {
             echo ""
             echo "[INFO] Encryption key file not found, creating a new one..."
             echo ""
-            pi-manage create_enckey
+            pi-manage setup create_enckey
         fi
 
         # Create audit keys if not exists
         if [ ! -f ${PI_DATA_DIR}/keys/private.pem ]; then
             echo ""
             echo "[INFO] Creating audit keys..."
             echo ""
-            pi-manage create_audit_keys
+            pi-manage setup create_audit_keys
         fi
 
-        # Create database tables
-        echo ""
-        echo "[INFO] Generating privacyIDEA database tables..."
-        echo ""
-        pi-manage create_tables
-
         # Create admin user if not specified through environment variables
         if [ -z "${PI_ADMIN_USER}" ] || [ -z "${PI_ADMIN_PASSWORD}" ]; then
             echo ""
             echo "[INFO] Creating default admin user. [WARNING]: This is not recommended for production environments. Please set PI_ADMIN_USER and PI_ADMIN_PASSWORD environment variables to specify the admin user in production."
             echo ""
-            pi-manage admin add admin -p privacyidea
+            pi-manage admin add admin --password privacyidea
         else
             echo ""
             echo "[INFO] Creating admin user from specified environment variables..."
             echo ""
-            pi-manage admin add "${PI_ADMIN_USER}" -p "${PI_ADMIN_PASSWORD}"
+            pi-manage admin add "${PI_ADMIN_USER}" --password "${PI_ADMIN_PASSWORD}"
         fi
     else
         echo ""