Feature/pb 24985

0dayhunter · Jun 15, 2023 · f9019b3 · f9019b3
1 parent d997ae2
commit f9019b3
Show file tree

Hide file tree

Showing 11 changed files with 74 additions and 101 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,42 +1,10 @@
-# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
-# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
-
-# IDE and editor specific files
-/nbproject
-.idea
-
-# mpeltonen/sbt-idea plugin
-.idea_modules/
-
-## File-based project format:
-*.iws
-
-## Plugin-specific files:
-
-# IntelliJ
-/out/
-
-# JIRA plugin
-atlassian-ide-plugin.xml
-
-# Crashlytics plugin (for Android Studio and IntelliJ)
-com_crashlytics_export_strings.xml
-crashlytics.properties
-crashlytics-build.properties
-fabric.properties
-
 # Generated docker files
 conf/*.key
 
-# src directory used for local development
-src
-
-.ruby-version
-
 .bundle
 
 # docker compose specific
 dev/.env
-
-# Vim session files
 *.vim
+vendor
+*subscription_key.txt
diff --git a/.gitlab-ci/Jobs/build_image.yml b/.gitlab-ci/Jobs/build_image.yml
@@ -59,7 +59,7 @@ build-ce-stable-docker:
     DOCKERFILE_PATH: "debian/Dockerfile"
     DOCKER_TAG: "root"
     SUPERCRONIC_ARCH: amd64
-    SUPERCRONIC_SHA1SUM: 2319da694833c7a147976b8e5f337cd83397d6be
+    SUPERCRONIC_SHA1SUM: 642f4f5a2b67f3400b5ea71ff24f18c0a7d77d49
     PLATFORM: "linux/amd64"
 
 build-ce-stable-rootless:
@@ -68,7 +68,7 @@ build-ce-stable-rootless:
     DOCKERFILE_PATH: "debian/Dockerfile.rootless"
     DOCKER_TAG: "rootless"
     SUPERCRONIC_ARCH: amd64
-    SUPERCRONIC_SHA1SUM: 2319da694833c7a147976b8e5f337cd83397d6be
+    SUPERCRONIC_SHA1SUM: 642f4f5a2b67f3400b5ea71ff24f18c0a7d77d49
     PLATFORM: "linux/amd64"
 
 build-pro-stable-docker:
@@ -77,7 +77,7 @@ build-pro-stable-docker:
     DOCKERFILE_PATH: "debian/Dockerfile"
     DOCKER_TAG: "root"
     SUPERCRONIC_ARCH: amd64
-    SUPERCRONIC_SHA1SUM: 2319da694833c7a147976b8e5f337cd83397d6be
+    SUPERCRONIC_SHA1SUM: 642f4f5a2b67f3400b5ea71ff24f18c0a7d77d49
     PLATFORM: "linux/amd64"
 
 build-pro-stable-rootless:
@@ -86,7 +86,7 @@ build-pro-stable-rootless:
     DOCKERFILE_PATH: "debian/Dockerfile.rootless"
     DOCKER_TAG: "rootless"
     SUPERCRONIC_ARCH: amd64
-    SUPERCRONIC_SHA1SUM: 2319da694833c7a147976b8e5f337cd83397d6be
+    SUPERCRONIC_SHA1SUM: 642f4f5a2b67f3400b5ea71ff24f18c0a7d77d49
     PLATFORM: "linux/amd64"
 
 build-ce-stable-docker-arm64-v8:
@@ -98,7 +98,7 @@ build-ce-stable-docker-arm64-v8:
     DOCKER_TAG: "root-arm64-v8"
     PLATFORM: "linux/arm64/v8"
     SUPERCRONIC_ARCH: arm64
-    SUPERCRONIC_SHA1SUM: c7d51b610d96a9a58d5eef0308922acc8be62eac
+    SUPERCRONIC_SHA1SUM: 0b658d66bd54cf10aeccd9bdbd95fc7d9ba84a61
 
 build-ce-stable-rootless-arm64-v8:
   tags:
@@ -109,7 +109,7 @@ build-ce-stable-rootless-arm64-v8:
     DOCKER_TAG: "rootless-arm64-v8"
     PLATFORM: "linux/arm64/v8"
     SUPERCRONIC_ARCH: arm64
-    SUPERCRONIC_SHA1SUM: c7d51b610d96a9a58d5eef0308922acc8be62eac
+    SUPERCRONIC_SHA1SUM: 0b658d66bd54cf10aeccd9bdbd95fc7d9ba84a61
 
 build-pro-stable-docker-arm64-v8:
   tags:
@@ -120,7 +120,7 @@ build-pro-stable-docker-arm64-v8:
     DOCKER_TAG: "root-arm64-v8"
     PLATFORM: "linux/arm64/v8"
     SUPERCRONIC_ARCH: arm64
-    SUPERCRONIC_SHA1SUM: c7d51b610d96a9a58d5eef0308922acc8be62eac
+    SUPERCRONIC_SHA1SUM: 0b658d66bd54cf10aeccd9bdbd95fc7d9ba84a61
 
 build-pro-stable-rootless-arm64-v8:
   tags:
@@ -131,7 +131,7 @@ build-pro-stable-rootless-arm64-v8:
     DOCKER_TAG: "rootless-arm64-v8"
     PLATFORM: "linux/arm64/v8"
     SUPERCRONIC_ARCH: arm64
-    SUPERCRONIC_SHA1SUM: c7d51b610d96a9a58d5eef0308922acc8be62eac
+    SUPERCRONIC_SHA1SUM: 0b658d66bd54cf10aeccd9bdbd95fc7d9ba84a61
 
 build-ce-stable-docker-arm-v5:
   tags:
@@ -142,7 +142,7 @@ build-ce-stable-docker-arm-v5:
     DOCKER_TAG: "root-arm-v5"
     PLATFORM: "linux/arm/v5"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
 
 build-ce-stable-rootless-arm-v5:
   tags:
@@ -153,7 +153,7 @@ build-ce-stable-rootless-arm-v5:
     DOCKER_TAG: "rootless-arm-v5"
     PLATFORM: "linux/arm/v5"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
 
 build-pro-stable-docker-arm-v5:
   tags:
@@ -164,7 +164,7 @@ build-pro-stable-docker-arm-v5:
     DOCKER_TAG: "root-arm-v5"
     PLATFORM: "linux/arm/v5"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
 
 build-pro-stable-rootless-arm-v5:
   tags:
@@ -175,7 +175,7 @@ build-pro-stable-rootless-arm-v5:
     DOCKER_TAG: "rootless-arm-v5"
     PLATFORM: "linux/arm/v5"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
 
 build-ce-stable-docker-arm-v7:
   tags:
@@ -186,7 +186,7 @@ build-ce-stable-docker-arm-v7:
     DOCKER_TAG: "root-arm-v7"
     PLATFORM: "linux/arm/v7"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
 
 build-ce-stable-rootless-arm-v7:
   tags:
@@ -197,7 +197,7 @@ build-ce-stable-rootless-arm-v7:
     DOCKER_TAG: "rootless-arm-v7"
     PLATFORM: "linux/arm/v7"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
 
 build-pro-stable-docker-arm-v7:
   tags:
@@ -208,7 +208,7 @@ build-pro-stable-docker-arm-v7:
     DOCKER_TAG: "root-arm-v7"
     PLATFORM: "linux/arm/v7"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
 
 build-pro-stable-rootless-arm-v7:
   tags:
@@ -219,4 +219,4 @@ build-pro-stable-rootless-arm-v7:
     DOCKER_TAG: "rootless-arm-v7"
     PLATFORM: "linux/arm/v7"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
diff --git a/conf/supervisor/php.conf b/conf/supervisor/php.conf
@@ -1,5 +1,5 @@
 [program:php-fpm]
-command=php-fpm7.4 -F
+command=php-fpm8.2 -F
 autostart=true
 priority=5
 stdout_logfile=/dev/stdout

diff --git a/debian/Dockerfile b/debian/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:bullseye-slim
+FROM debian:bookworm-slim
 
 LABEL maintainer="Passbolt SA <[email protected]>"
 
@@ -9,7 +9,7 @@ ARG PASSBOLT_SERVER_KEY="hkps://keys.mailvelope.com "
 ARG PASSBOLT_REPO_URL="https://download.passbolt.com/$PASSBOLT_FLAVOUR/debian"
 
 ENV PASSBOLT_PKG_KEY=0xDE8B853FC155581D
-ENV PHP_VERSION=7.4
+ENV PHP_VERSION=8.2
 ENV GNUPGHOME=/var/lib/passbolt/.gnupg
 ENV PASSBOLT_FLAVOUR=$PASSBOLT_FLAVOUR
 ENV PASSBOLT_PKG="passbolt-$PASSBOLT_FLAVOUR-server"
@@ -28,7 +28,6 @@ RUN apt-get update \
   curl \
   && rm -f /etc/passbolt/jwt/* \
   && rm /etc/nginx/sites-enabled/default \
-  && mkdir /run/php \
   && cp /usr/share/passbolt/examples/nginx-passbolt-ssl.conf /etc/nginx/snippets/passbolt-ssl.conf \
   && sed -i 's,;clear_env = no,clear_env = no,' /etc/php/$PHP_VERSION/fpm/pool.d/www.conf \
   && sed -i 's,# include __PASSBOLT_SSL__,include /etc/nginx/snippets/passbolt-ssl.conf;,' /etc/nginx/sites-enabled/nginx-passbolt.conf \
@@ -63,4 +62,4 @@ EXPOSE 80 443
 
 WORKDIR /usr/share/php/passbolt
 
-CMD ["//docker-entrypoint.sh"]
+CMD ["/docker-entrypoint.sh"]
diff --git a/debian/Dockerfile.rootless b/debian/Dockerfile.rootless
@@ -1,9 +1,9 @@
-FROM debian:bullseye-slim
+FROM debian:bookworm-slim
 
 LABEL maintainer="Passbolt SA <[email protected]>"
 
 ARG SUPERCRONIC_ARCH=amd64
-ARG SUPERCRONIC_SHA1SUM=2319da694833c7a147976b8e5f337cd83397d6be
+ARG SUPERCRONIC_SHA1SUM=642f4f5a2b67f3400b5ea71ff24f18c0a7d77d49
 
 ARG PASSBOLT_DISTRO="buster"
 ARG PASSBOLT_COMPONENT="stable"
@@ -13,9 +13,9 @@ ARG PASSBOLT_PKG=passbolt-$PASSBOLT_FLAVOUR-server
 ARG PASSBOLT_REPO_URL="https://download.passbolt.com/$PASSBOLT_FLAVOUR/debian"
 
 ENV PASSBOLT_PKG_KEY=0xDE8B853FC155581D
-ENV PHP_VERSION=7.4
+ENV PHP_VERSION=8.2
 ENV GNUPGHOME=/var/lib/passbolt/.gnupg
-ENV SUPERCRONIC_VERSION=0.2.2
+ENV SUPERCRONIC_VERSION=0.2.25
 ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v${SUPERCRONIC_VERSION}/supercronic-linux-${SUPERCRONIC_ARCH} \
     SUPERCRONIC=supercronic-linux-${SUPERCRONIC_ARCH}
 ENV PASSBOLT_FLAVOUR="${PASSBOLT_FLAVOUR}"

diff --git a/docker-compose/docker-compose-ce.yaml b/docker-compose/docker-compose-ce.yaml
@@ -1,7 +1,7 @@
-version: '3.9'
+version: "3.9"
 services:
   db:
-    image: mariadb:10.10
+    image: mariadb:10.11
     restart: unless-stopped
     environment:
       MYSQL_RANDOM_ROOT_PASSWORD: "true"
@@ -27,7 +27,15 @@ services:
     volumes:
       - gpg_volume:/etc/passbolt/gpg
       - jwt_volume:/etc/passbolt/jwt
-    command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"]
+    command:
+      [
+        "/usr/bin/wait-for.sh",
+        "-t",
+        "0",
+        "db:3306",
+        "--",
+        "/docker-entrypoint.sh",
+      ]
     ports:
       - 80:80
       - 443:443

diff --git a/docker-compose/docker-compose-pro.yaml b/docker-compose/docker-compose-pro.yaml
@@ -1,7 +1,7 @@
-version: '3.9'
+version: "3.9"
 services:
   db:
-    image: mariadb:10.10
+    image: mariadb:10.11
     restart: unless-stopped
     environment:
       MYSQL_RANDOM_ROOT_PASSWORD: "true"

diff --git a/spec/docker_image/image_spec.rb b/spec/docker_image/image_spec.rb
@@ -36,7 +36,7 @@
   end
 
   let(:nginx_conf)      { '/etc/nginx/nginx.conf' }
-  let(:php_conf)        { '/etc/php/7.4/fpm/php.ini' }
+  let(:php_conf)        { '/etc/php/8.2/fpm/php.ini' }
   let(:site_conf)       { '/etc/nginx/sites-enabled/nginx-passbolt.conf' }
   let(:supervisor_conf) do
     ['/etc/supervisor/conf.d/nginx.conf',

diff --git a/spec/docker_runtime/runtime_spec.rb b/spec/docker_runtime/runtime_spec.rb
@@ -13,10 +13,10 @@
 
     @mysql = Docker::Container.create(
       'Env' => [
-        'MYSQL_ROOT_PASSWORD=test',
-        'MYSQL_DATABASE=passbolt',
-        'MYSQL_USER=passbolt',
-        'MYSQL_PASSWORD=±!@#$%^&*()_+=-}{|:;<>?'
+        'MARIADB_ROOT_PASSWORD=test',
+        'MARIADB_DATABASE=passbolt',
+        'MARIADB_USER=passbolt',
+        'MARIADB_PASSWORD=±!@#$%^&*()_+=-}{|:;<>?'
       ],
       'Healthcheck' => {
         "Test": [
@@ -87,7 +87,8 @@
 
   let(:rootless_env_setup) do
     # The sed command needs to create a temporary file on the same directory as the destination file (/etc/cron.d).
-    # So when running this tests on the rootless image we have to move the crontab file to tmp, execute the sed on it and copy it back to /etc/cron.d.
+    # So when running this tests on the rootless image we have to move the crontab file to tmp, execute the sed on it
+    # and copy it back to /etc/cron.d.
     @container.exec(['cp', "/etc/cron.d/passbolt-#{ENV['PASSBOLT_FLAVOUR']}-server", '/tmp/passbolt-cron'])
     @container.exec(['cp', "/etc/cron.d/passbolt-#{ENV['PASSBOLT_FLAVOUR']}-server", '/tmp/passbolt-cron-temporary'])
     @container.exec(