diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 00000000..7c549fe8 --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,14 @@ +version: 2.1 +jobs: + none: + docker: + - image: alpine:3.10 + steps: + - run: + command: echo "Skipping. not implemented" + +workflows: + version: 2 + mainbuild: + jobs: + - none diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100755 index 00000000..4b614781 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,5 @@ +# Code Contribution Guidelines + +Thank you for your interest in contributing! Please see the [Mattermost Contribution Guide](https://developers.mattermost.com/contribute/getting-started/) which describes the process for making code contributions across Mattermost projects and [join our "Contributors" community channel](https://community.mattermost.com/core/channels/tickets) to ask questions from community members and the Mattermost core team. + +When you submit a pull request, it goes through a [code review process outlined here](https://developers.mattermost.com/contribute/getting-started/code-review/). diff --git a/MAINTENANCE.md b/MAINTENANCE.md index d0a0afc2..15da0f9c 100644 --- a/MAINTENANCE.md +++ b/MAINTENANCE.md @@ -18,7 +18,6 @@ The following people help to maintain this open source project: | Current Maintainer(s) | Start Date | |:--------------------------------------|:--------------| -| Kyâne Pichou - @pichouk | Jun 01 2017 | | Carlos Tadeu Panato Junior - @cpanato | Feb 18 2018 | In case something happens where no maintainers are able to complete their responsibilies, the following sponsoring organization can help find a new maintainer: @@ -56,10 +55,11 @@ Maintainer(s) should periodically review pull requests and issues submitted to p PREVIOUS MAINTAINERS -| Maintainer | Start Date | End Date | -|:-----------------------|:--------------|:------------| -| Yi EungJun - @npcode | Nov 26 2015 | Nov 30 2016 | -| Pan Luo - @xcompass | Nov 30 2015 | Feb 21 2019 | +| Maintainer | Start Date | End Date | +|:------------------------|:--------------|:------------| +| Yi EungJun - @npcode | Nov 26 2015 | Nov 30 2016 | +| Pan Luo - @xcompass | Nov 30 2015 | Feb 21 2019 | +| Kyâne Pichou - @pichouk | Jun 01 2017 | Aug 15 2019 | CREATOR diff --git a/README.md b/README.md index fdadcdf9..dd3c2bb0 100644 --- a/README.md +++ b/README.md @@ -23,10 +23,13 @@ The following instructions deploy Mattermost in a production configuration using If you want to install Enterprise Edition, you can skip this section. -To install the team edition, uncomment out these lines in docker-compose.yaml file: +To install the team edition, change `build: app` to `build:` and uncomment out these lines in `app:` services block to make it look like below in docker-compose.yaml file: ```yaml -args: - - edition=team +app: + build: + context: app + args: + - edition=team ``` The `app` Dockerfile will read the `edition` build argument to install Team (`edition = 'team'`) or Enterprise (`edition != team`) edition. @@ -105,6 +108,14 @@ Put your SSL certificate as `./volumes/web/cert/cert.pem` and the private key th no password as `./volumes/web/cert/key-no-password.pem`. If you don't have them you may generate a self-signed SSL certificate. +#### Configure SSO with GitLab +If you are looking for SSO with GitLab and you use self signed certificate you have to add the PKI chain of your authority in app because Alpine doesn't know him. This is required to avoid **Token request failed: certificate signed by unknown authority** + +For that uncomment this line and replace with the correct path of your PKI chain: +``` +# - /pki_chain.pem:/etc/ssl/certs/pki_chain.pem:ro +``` + ### Starting/Stopping Docker #### Start diff --git a/app/Dockerfile b/app/Dockerfile index 2f8b04d4..64595aed 100644 --- a/app/Dockerfile +++ b/app/Dockerfile @@ -1,8 +1,8 @@ -FROM alpine:3.9 +FROM alpine:3.10 # Some ENV variables ENV PATH="/mattermost/bin:${PATH}" -ENV MM_VERSION=5.11.0 +ENV MM_VERSION=5.24.2 # Build argument to set Mattermost edition ARG edition=enterprise @@ -18,6 +18,7 @@ RUN apk add --no-cache \ jq \ libc6-compat \ libffi-dev \ + libcap \ linux-headers \ mailcap \ netcat-openbsd \ @@ -28,13 +29,14 @@ RUN apk add --no-cache \ # Get Mattermost RUN mkdir -p /mattermost/data /mattermost/plugins /mattermost/client/plugins \ && if [ ! -z "$MM_BINARY" ]; then curl $MM_BINARY | tar -xvz ; \ - elif [ "$edition" = "team" ] ; then curl https://releases.mattermost.com/$MM_VERSION/mattermost-team-$MM_VERSION-linux-amd64.tar.gz | tar -xvz ; \ - else curl https://releases.mattermost.com/$MM_VERSION/mattermost-$MM_VERSION-linux-amd64.tar.gz | tar -xvz ; fi \ + elif [ "$edition" = "team" ] ; then curl https://releases.mattermost.com/$MM_VERSION/mattermost-team-$MM_VERSION-linux-amd64.tar.gz?src=docker-app | tar -xvz ; \ + else curl https://releases.mattermost.com/$MM_VERSION/mattermost-$MM_VERSION-linux-amd64.tar.gz?src=docker-app | tar -xvz ; fi \ && cp /mattermost/config/config.json /config.json.save \ && rm -rf /mattermost/config/config.json \ && addgroup -g ${PGID} mattermost \ && adduser -D -u ${PUID} -G mattermost -h /mattermost -D mattermost \ - && chown -R mattermost:mattermost /mattermost /config.json.save /mattermost/plugins /mattermost/client/plugins + && chown -R mattermost:mattermost /mattermost /config.json.save /mattermost/plugins /mattermost/client/plugins \ + && setcap cap_net_bind_service=+ep /mattermost/bin/mattermost USER mattermost diff --git a/contrib/kubernetes/README.md b/contrib/kubernetes/README.md index ca5a2f98..62f7c943 100644 --- a/contrib/kubernetes/README.md +++ b/contrib/kubernetes/README.md @@ -76,7 +76,7 @@ Type: NodePort IP: 10.0.0.194 Port: http 80/TCP NodePort: http 32283/TCP -Endpoints: 172.17.0.4:80 +Endpoints: 172.17.0.4:8000 Session Affinity: None No events. ``` @@ -90,7 +90,7 @@ curl -L http://192.168.99.100:32283 ### Optional steps - * If you want your data to be persistent you will need to make persistent volumes for Mattermost and Postgres. + * If you want your data to be persistent you will need to make persistent volumes for Mattermost and Postgres. This requires adding a [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#discussion) to the deployment to set `runAsUser: 2000`, `runAsGroup: 2000` and `fsGroup: 2000`. * If you want to change advanced settings for the mattermost container you can make a [configMap](http://blog.kubernetes.io/2016/04/configuration-management-with-containers.html) for the /mattermost/config/config.json file * If you want the application exposed on port 80 you can either specify the port in the service manifest or use an [ingress controller](http://kubernetes.io/docs/user-guide/ingress/#ingress-controllers) and an ingress map for the mattermost service. A sample ingress map would be ``` diff --git a/contrib/kubernetes/mattermost.deployment.yaml b/contrib/kubernetes/mattermost.deployment.yaml index 138105f8..8c143903 100644 --- a/contrib/kubernetes/mattermost.deployment.yaml +++ b/contrib/kubernetes/mattermost.deployment.yaml @@ -17,14 +17,14 @@ spec: spec: containers: - name: mattermost-app - image: "mattermost/mattermost-prod-app:5.11.0" + image: "mattermost/mattermost-prod-app:5.14.1" env: - name: DB_HOST valueFrom: secretKeyRef: name: mattermost.env key: db-host - - name: DB_PORT + - name: DB_PORT_NUMBER valueFrom: secretKeyRef: name: mattermost.env diff --git a/contrib/kubernetes/mattermost.svc.yaml b/contrib/kubernetes/mattermost.svc.yaml index b5e3fdcb..ef47b75a 100644 --- a/contrib/kubernetes/mattermost.svc.yaml +++ b/contrib/kubernetes/mattermost.svc.yaml @@ -7,7 +7,7 @@ spec: type: NodePort ports: - port: 80 - targetPort: 80 + targetPort: 8000 protocol: TCP name: http selector: diff --git a/contrib/swarm/docker-stack-traefik.yml b/contrib/swarm/docker-stack-traefik.yml index c7089928..1a77af53 100644 --- a/contrib/swarm/docker-stack-traefik.yml +++ b/contrib/swarm/docker-stack-traefik.yml @@ -59,7 +59,7 @@ services: condition: on-failure app: # use official mattermost prod-app image - image: mattermost/mattermost-prod-app:5.11.0 + image: mattermost/mattermost-prod-app:5.13.0 networks: - mm-in - mm-out diff --git a/contrib/swarm/docker-stack.yml b/contrib/swarm/docker-stack.yml index f0bf3308..64da6ad7 100644 --- a/contrib/swarm/docker-stack.yml +++ b/contrib/swarm/docker-stack.yml @@ -58,7 +58,7 @@ services: condition: on-failure app: # use official mattermost prod-app image - image: mattermost/mattermost-prod-app:5.11.0 + image: mattermost/mattermost-prod-app:5.13.0 networks: - mm-in - mm-out diff --git a/db/Dockerfile b/db/Dockerfile index dc988d14..d261fd27 100644 --- a/db/Dockerfile +++ b/db/Dockerfile @@ -3,6 +3,7 @@ FROM postgres:9.4-alpine ENV DEFAULT_TIMEZONE UTC # Install some packages to use WAL +RUN echo "azure<5.0.0" > pip-constraints.txt RUN apk add --no-cache \ build-base \ curl \ @@ -12,7 +13,10 @@ RUN apk add --no-cache \ python-dev \ py-pip \ py-cryptography \ - && pip --no-cache-dir install 'wal-e<1.0.0' envdir \ + pv \ + libressl-dev \ + && pip install --upgrade pip \ + && pip --no-cache-dir install -c pip-constraints.txt 'wal-e<1.0.0' envdir \ && rm -rf /var/cache/apk/* /tmp/* /var/tmp/* # Add wale script diff --git a/db/entrypoint.sh b/db/entrypoint.sh index 5d4dd349..ce0facc0 100755 --- a/db/entrypoint.sh +++ b/db/entrypoint.sh @@ -58,5 +58,5 @@ if [ "$1" = 'postgres' ]; then update_conf $wal_enable # Run the postgresql entrypoint - . /docker-entrypoint.sh + docker-entrypoint.sh postgres fi diff --git a/docker-compose.yml b/docker-compose.yml old mode 100644 new mode 100755 index 42c06768..9a65a332 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,4 +1,4 @@ -version: "2" +version: "3" services: @@ -37,11 +37,19 @@ services: - ./volumes/app/mattermost/plugins:/mattermost/plugins:rw - ./volumes/app/mattermost/client-plugins:/mattermost/client/plugins:rw - /etc/localtime:/etc/localtime:ro + # When you want to use SSO with GitLab, you have to add the cert pki chain of GitLab inside Alpine + # to avoid Token request failed: certificate signed by unknown authority (link: https://github.com/mattermost/mattermost-server/issues/13059) + # - /pki_chain.pem:/etc/ssl/certs/pki_chain.pem:ro environment: # set same as db credentials and dbname - MM_USERNAME=mmuser - MM_PASSWORD=mmuser_password - MM_DBNAME=mattermost + + # use the credentials you've set above, in the format: + # MM_SQLSETTINGS_DATASOURCE=postgres://${MM_USERNAME}:${MM_PASSWORD}@db:5432/${MM_DBNAME}?sslmode=disable&connect_timeout=10 + - MM_SQLSETTINGS_DATASOURCE=postgres://mmuser:mmuser_password@db:5432/mattermost?sslmode=disable&connect_timeout=10 + # in case your config is not in default location #- MM_CONFIG=/mattermost/config/config.json @@ -57,6 +65,3 @@ services: # This directory must have cert files if you want to enable SSL - ./volumes/web/cert:/cert:ro - /etc/localtime:/etc/localtime:ro - # Uncomment for SSL - # environment: - # - MATTERMOST_ENABLE_SSL=true diff --git a/web/entrypoint.sh b/web/entrypoint.sh index 5215631e..6a7d9bca 100755 --- a/web/entrypoint.sh +++ b/web/entrypoint.sh @@ -11,8 +11,10 @@ if [ -f "/cert/cert.pem" -a -f "/cert/key-no-password.pem" ]; then else echo "linking plain config" fi +# Ensure that the configuration file is not present before linking. +test -w /etc/nginx/conf.d/mattermost.conf && rm /etc/nginx/conf.d/mattermost.conf # Linking Nginx configuration file -ln -s /etc/nginx/sites-available/mattermost$ssl /etc/nginx/conf.d/mattermost.conf +ln -s -f /etc/nginx/sites-available/mattermost$ssl /etc/nginx/conf.d/mattermost.conf # Setup app host and port on configuration file sed -i "s/{%APP_HOST%}/${APP_HOST}/g" /etc/nginx/conf.d/mattermost.conf diff --git a/web/mattermost-ssl b/web/mattermost-ssl index 89d48aab..75ba4a0a 100644 --- a/web/mattermost-ssl +++ b/web/mattermost-ssl @@ -12,7 +12,6 @@ map $http_x_forwarded_proto $proxy_x_forwarded_proto { server { listen 443 ssl http2; - ssl on; ssl_certificate /cert/cert.pem; ssl_certificate_key /cert/key-no-password.pem; ssl_session_timeout 5m;