From 79cc3bf3f90a12894744c63c12b464a7d84095ba Mon Sep 17 00:00:00 2001 From: Sida Say Date: Fri, 27 Sep 2024 19:56:27 +0700 Subject: [PATCH] feat(pi): upgrade to 3.10 --- .github/workflows/pr.yml | 9 +-- .github/workflows/release.yml | 66 ++----------------- Dockerfile | 4 +- Makefile | 8 +-- README.md | 7 +- rootfs/opt/templates/pi-config.template | 1 + rootfs/usr/local/bin/configure_privacyidea.sh | 28 ++++---- 7 files changed, 32 insertions(+), 91 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 543f667..ca9e832 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -12,11 +12,6 @@ jobs: permissions: pull-requests: write runs-on: ubuntu-latest - strategy: - matrix: - python_version: [ 3.8.19, 3.9.19, 3.10.13 ] - pi_version: [ 3.9.3, 3.9.2, 3.9.1 ] - os_version: [ slim-bookworm, slim-bullseye ] steps: - name: Checkout uses: actions/checkout@v4 @@ -25,5 +20,5 @@ jobs: with: platforms: linux/amd64 push: false - python_base_image: ${{ matrix.python_version }}-${{ matrix.os_version }} - pi_version: ${{ matrix.pi_version }} + python_base_image: 3.12.7-slim-bullseye + pi_version: '3.10' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a8d993c..074b494 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,22 +4,17 @@ on: branches: - 'main' tags: - - 'v3.9.*' + - 'v3.*' workflow_dispatch: jobs: - docker-build-393: - name: Build 3.9.3 + docker-build: + name: Build runs-on: ubuntu-latest - if: ${{ startsWith(github.ref, 'refs/tags/v3.9.3') || github.ref == 'refs/heads/main' }} - strategy: - matrix: - python_version: [ 3.8.19, 3.9.19, 3.10.13 ] - os_version: [ slim-bookworm, slim-bullseye ] steps: - name: Checkout uses: actions/checkout@v4 - - name: 3.9.3 + - name: build image uses: ./.github/actions/docker-common with: docker_hub_token: ${{ secrets.DOCKERHUB_TOKEN }} @@ -27,53 +22,6 @@ jobs: ghcr_token: ${{ secrets.GITHUB_TOKEN }} platforms: linux/amd64,linux/arm64 push: true - python_base_image: ${{ matrix.python_version }}-${{ matrix.os_version }} - pi_version: 3.9.3 - is_default_version: ${{ matrix.python_version == '3.10.13' }} - - docker-build-392: - name: Build 3.9.2 - runs-on: ubuntu-latest - if: ${{ startsWith(github.ref, 'refs/tags/v3.9.2') }} - strategy: - matrix: - python_version: [ 3.8.19, 3.9.19, 3.10.13 ] - os_version: [ slim-bookworm, slim-bullseye ] - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: 3.9.2 - if: ${{ startsWith(github.ref, 'refs/tags/v3.9.2') }} - uses: ./.github/actions/docker-common - with: - docker_hub_token: ${{ secrets.DOCKERHUB_TOKEN }} - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - ghcr_token: ${{ secrets.GITHUB_TOKEN }} - platforms: linux/amd64,linux/arm64 - push: true - python_base_image: ${{ matrix.python_version }}-${{ matrix.os_version }} - pi_version: 3.9.2 - is_default_version: false - - docker-build-391: - name: Build 3.9.1 - runs-on: ubuntu-latest - if: ${{ startsWith(github.ref, 'refs/tags/v3.9.1') }} - strategy: - matrix: - python_version: [ 3.8.19, 3.9.19, 3.10.13 ] - os_version: [ slim-bookworm, slim-bullseye ] - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: 3.9.1 - uses: ./.github/actions/docker-common - with: - docker_hub_token: ${{ secrets.DOCKERHUB_TOKEN }} - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - ghcr_token: ${{ secrets.GITHUB_TOKEN }} - platforms: linux/amd64,linux/arm64 - push: true - python_base_image: ${{ matrix.python_version }}-${{ matrix.os_version }} - pi_version: 3.9.1 - is_default_version: false + python_base_image: 3.12.7-slim-bullseye + pi_version: '3.10' + is_default_version: true diff --git a/Dockerfile b/Dockerfile index ea3d019..2b2680a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ -ARG BASE_IMAGE_TAG=3.8.18-slim-bookworm -ARG PI_VERSION=3.9.3 +ARG BASE_IMAGE_TAG=3.12.7-slim-bullseye +ARG PI_VERSION=3.10 ARG PI_HOME=/opt/privacyidea FROM python:$BASE_IMAGE_TAG AS builder diff --git a/Makefile b/Makefile index b8d4474..59eab58 100644 --- a/Makefile +++ b/Makefile @@ -7,13 +7,13 @@ help: ## Show this help message @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf " %-30s %s\n", $$1, $$2}' | sort build: ## Build image - docker build -t khalibre/privacyidea:dev . + docker build -t kheeklab/privacyidea:dev . push: ## Push image - docker push khalibre/privacyidea:dev + docker push kheeklab/privacyidea:dev run: cleanup create_volume secretkey pipepper ## Run test - docker run -p 8080:8080 -ti --name=privacyidea-dev --env-file=secretkey --env-file=pipepper khalibre/privacyidea:dev + docker run -p 8080:8080 -ti --name=privacyidea-dev --env-file=secretkey --env-file=pipepper kheeklab/privacyidea:dev create_volume: mkdir $(LOCAL_DATA_VOLUME) @@ -32,6 +32,6 @@ cleanup: @if [ -d $(LOCAL_DATA_VOLUME) ]; then sudo rm -rf $(LOCAL_DATA_VOLUME); fi test: - container-structure-test test --image khalibre/privacyidea:dev --config structure-tests.yaml + container-structure-test test --image kheeklab/privacyidea:dev --config structure-tests.yaml .DEFAULT_GOAL := help diff --git a/README.md b/README.md index 8cb2312..645aa38 100644 --- a/README.md +++ b/README.md @@ -28,12 +28,7 @@ The image tags are following privacyIDEA version e.g. `3.9.1` and `latest`. The | Tag | Description | | :-- | :---------- | | `latest` | The latest image build from main branch | -| `3.9.2` `3.9.2-python-3.8.18-slim-bookworm` | The image build from base image python 3.8.18-slim-bookworm | -| `3.9.2-python-3.9.18-slim-bookworm` | The image build from base image python 3.9.18-slim-bookworm | -| `3.9.2-python-3.10.13-slim-bookworm` | The image build from base image python 3.10.13-slim-bookworm | -| `3.9.2-python-3.8.18-slim-bullseye` | The image build from base image python 3.8.18-slim-bullseye | -| `3.9.2-python-3.9.18-slim-bullseye` | The latest image from base image python 3.9.18-slim-bullseye | -| `3.9.2-python-3.10.13-slim-bullseye` | The latest image build from base image python 3.10.13-slim-bullseye | +| `3.10` `3.10-python-3.12.7-bulseye` | The image specified tag | ## Building diff --git a/rootfs/opt/templates/pi-config.template b/rootfs/opt/templates/pi-config.template index cd5057a..935ea0b 100644 --- a/rootfs/opt/templates/pi-config.template +++ b/rootfs/opt/templates/pi-config.template @@ -33,3 +33,4 @@ PI_VASCO_LIBRARY = None PI_ENGINE_REGISTRY_CLASS = os.environ.get("PI_ENGINE_REGISTRY_CLASS", "shared") PI_PAGE_TITLE = os.environ.get("PI_PAGE_TITLE", "privacyIDEA Authentication System") PI_AUDIT_SQL_TRUNCATE = True +PI_NODE_UUID= os.environ.get("PI_NODE_UUID", "8e4272a9-9037-40df-8aa3-976e4a04b5a9") diff --git a/rootfs/usr/local/bin/configure_privacyidea.sh b/rootfs/usr/local/bin/configure_privacyidea.sh index 978dbbd..a38c005 100755 --- a/rootfs/usr/local/bin/configure_privacyidea.sh +++ b/rootfs/usr/local/bin/configure_privacyidea.sh @@ -52,11 +52,10 @@ function generate_pi_config { if [ -z "$SQLALCHEMY_DATABASE_URI" ]; then # Check the selected database vendor - check_and_set_defaults case $PI_DB_VENDOR in "mariadb" | "mysql") echo "[INFO] Using $PI_DB_VENDOR ..." - + check_and_set_defaults # Define the SQLAlchemy database URI using the necessary variables if [ -z "$PI_DB_ARGS" ]; then export SQLALCHEMY_DATABASE_URI="${PI_DB_VENDOR}+pymysql://${PI_DB_USER}:${encoded_password}@${PI_DB_HOST}:${PI_DB_PORT:-3306}/${PI_DB_NAME}" @@ -69,7 +68,7 @@ function generate_pi_config { "postgresql") echo "[INFO] Using $PI_DB_VENDOR..." - + check_and_set_defaults # Define the SQLAlchemy database URI using the necessary variables if [ -z "$PI_DB_ARGS" ]; then export SQLALCHEMY_DATABASE_URI="${PI_DB_VENDOR}+psycopg2://${PI_DB_USER}:${encoded_password}@/${PI_DB_NAME}?host=${PI_DB_HOST}&port=${PI_DB_PORT:-5432}" @@ -108,7 +107,9 @@ function generate_pi_config { function prestart_privacyidea { # Copy files from mounted directory to PI_HOME PI_HOME=${PI_HOME:-/opt/privacyidea} + export PI_HOME + if [ -d "${PI_MOUNT_DIR}/files" ] && [ "$(ls -A "${PI_MOUNT_DIR}/files")" ]; then echo "" echo "[privacyIDEA] Copying files from ${PI_MOUNT_DIR}/files:" @@ -135,6 +136,13 @@ function prestart_privacyidea { # Generate keys, create tables, and admin user if [ "${PI_SKIP_BOOTSTRAP}" = false ]; then + + # Create database tables + echo "" + echo "[INFO] Generating privacyIDEA database tables..." + echo "" + pi-manage setup create_tables + # Create keys directory if not exists if [ ! -d ${PI_DATA_DIR}/keys ]; then echo "" @@ -148,7 +156,7 @@ function prestart_privacyidea { echo "" echo "[INFO] Encryption key file not found, creating a new one..." echo "" - pi-manage create_enckey + pi-manage setup create_enckey fi # Create audit keys if not exists @@ -156,26 +164,20 @@ function prestart_privacyidea { echo "" echo "[INFO] Creating audit keys..." echo "" - pi-manage create_audit_keys + pi-manage setup create_audit_keys fi - # Create database tables - echo "" - echo "[INFO] Generating privacyIDEA database tables..." - echo "" - pi-manage create_tables - # Create admin user if not specified through environment variables if [ -z "${PI_ADMIN_USER}" ] || [ -z "${PI_ADMIN_PASSWORD}" ]; then echo "" echo "[INFO] Creating default admin user. [WARNING]: This is not recommended for production environments. Please set PI_ADMIN_USER and PI_ADMIN_PASSWORD environment variables to specify the admin user in production." echo "" - pi-manage admin add admin -p privacyidea + pi-manage admin add admin --password privacyidea else echo "" echo "[INFO] Creating admin user from specified environment variables..." echo "" - pi-manage admin add "${PI_ADMIN_USER}" -p "${PI_ADMIN_PASSWORD}" + pi-manage admin add "${PI_ADMIN_USER}" --password "${PI_ADMIN_PASSWORD}" fi else echo ""