glpi upgrade

php upgrade
alpine update
2024-11-06 12:02:03 +01:00 · 2024-07-03 12:26:40 +02:00 · 2024-07-03 11:40:32 +02:00 · 2024-07-03 11:30:39 +02:00 · 2024-04-26 13:16:01 +02:00 · 2024-03-14 10:55:54 +01:00
13 changed files with 75 additions and 28 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,6 +0,0 @@
 db/
 glpi/
 docker-compose.yaml
 .drone.yaml
 .env
 .gitignore
--- a/.drone.star
+++ b/.drone.star
@@ -1,19 +1,20 @@
 def main(ctx):
    archs = ["amd64", "arm64"]   ## arm
-    glpi_version = "10.0.10"
+    glpi_version = "10.0.17"
    alpine_version = "3.20"
    out = []
    for arch in archs:
-        out += onpush(ctx, glpi_version, arch)
+        out += onpush(ctx, glpi_version, alpine_version, arch)
    for arch in archs:
-        out += build_publish(ctx, glpi_version, arch)
+        out += build_publish(ctx, glpi_version, alpine_version, arch)
    out += manifest_publish(ctx, glpi_version, archs)
    return out
-def onpush(ctx, glpi_version, arch):
+def onpush(ctx, glpi_version, alpine_version, arch):
    return [{
        "kind": "pipeline",
        "type": "docker",
@@ -26,12 +27,13 @@ def onpush(ctx, glpi_version, arch):
            "name": "build_on_push",
            "image": "plugins/docker:linux-%s" % (arch),
            "settings": {
-                "context": ".",
+                "context": "src",
-                "dockerfile": "./Dockerfile",
+                "dockerfile": "src/Dockerfile",
                "dry_run": True,
                "repo": "docker.asperti.com/paspo/glpi", 
                "build_args": [
-                    "GLPI_VERSION=%s" % (glpi_version)
+                    "GLPI_VERSION=%s" % (glpi_version),
                    "ALPINE_VERSION=%s" % (alpine_version)
                ],
            },
        }],
@@ -40,7 +42,7 @@ def onpush(ctx, glpi_version, arch):
        }
    }]
-def build_publish(ctx, glpi_version, arch):
+def build_publish(ctx, glpi_version, alpine_version, arch):
    major = glpi_version.partition(".")[0];	
    return [{
        "kind": "pipeline",
@@ -54,10 +56,11 @@ def build_publish(ctx, glpi_version, arch):
            "name": "build_on_push",
            "image": "plugins/docker:linux-%s" % (arch),
            "settings": {
-                "context": ".",
+                "context": "src",
-                "dockerfile": "./Dockerfile",
+                "dockerfile": "src/Dockerfile",
                "build_args": [
-                    "GLPI_VERSION=%s" % (glpi_version)
+                    "GLPI_VERSION=%s" % (glpi_version),
                    "ALPINE_VERSION=%s" % (alpine_version)
                ],
                "username": {
                    "from_secret": "docker_username",
--- a/.gitea/workflows/vulnscan.yaml
+++ b/.gitea/workflows/vulnscan.yaml
@@ -0,0 +1,29 @@
 name: Vulnerability Scan
 on:
  schedule:
    - cron: "0 14 * * *"
  workflow_dispatch:
 jobs:
  scan:
    name: Daily Vulnerability Scan
    runs-on: ubuntu-latest
    container:
      image: catthehacker/ubuntu:act-latest
    steps:
      - name: Pull docker image
        run: docker pull docker.asperti.com/paspo/glpi:latest
      - name: Run Trivy vulnerability scanner
        id: scan
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: "docker.asperti.com/paspo/glpi:latest"
          format: "json"
          output: "trivy-results.json"
      # if some vulnerability is found, we fail
      - name: check output
        run: if [ $(jq '.Results[0].Vulnerabilities|length' trivy-results.json) -ne "0" ] ; then exit 1 ; fi
--- a/README.md
+++ b/README.md
@@ -7,8 +7,8 @@ Web server for GLPI deployment
 ## build
 ```bash
-git submodule update --init --remote
+cd src
-docker build -t docker.asperti.com/paspo/glpi .
+docker build -t docker.asperti.com/paspo/glpi --build-arg "ALPINE_VERSION=3.19" --build-arg "GLPI_VERSION=10.0.11" .
 ```
 ## run
@@ -20,3 +20,9 @@ see [docker-compose.yaml](docker-compose.yaml)
 ```sh
 drone starlark --format --stdout 
 ```
 ## run vulnscan locally
 ```bash
 act -W .gitea/workflows/vulnscan.yaml -j scan
 ```
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -10,9 +10,16 @@ services:
      - MARIADB_DATABASE=${MARIADB_DATABASE}
      - MARIADB_USER=${MARIADB_USER}
      - MARIADB_PASSWORD=${MARIADB_PASSWORD}
      - MARIADB_AUTO_UPGRADE=1
    logging:
      options:
        max-size: 10m
  redis:
-    image: redis:latest
+    image: redis:alpine
    logging:
      options:
        max-size: 10m
  glpi:
    build: .
@@ -29,3 +36,6 @@ services:
      - ./glpi/files:/files
      - ./glpi/marketplace:/marketplace
      - ./glpi/plugins:/var/www/glpi/plugins
    logging:
      options:
        max-size: 10m      
--- a/src/Dockerfile
+++ b/src/Dockerfile
@@ -1,16 +1,16 @@
-FROM alpine:3.18
+ARG ALPINE_VERSION
 FROM alpine:${ALPINE_VERSION}
 ARG GLPI_VERSION
 RUN \
  mkdir -p /logs /config /files /marketplace && \
  apk -U upgrade && \
-  apk add curl nginx php82 php82-bz2 php82-ctype php82-curl php82-dom php82-exif \
+  apk add --no-cache curl nginx php83 php83-bz2 php83-ctype php83-curl php83-dom php83-exif \
-    php82-fileinfo php82-fpm php82-gd php82-iconv php82-intl php82-ldap php82-mysqli \
+    php83-fileinfo php83-fpm php83-gd php83-iconv php83-intl php83-ldap php83-mysqli \
-    php82-opcache php82-openssl php82-pecl-apcu php82-pecl-redis php82-phar php82-session \
+    php83-opcache php83-openssl php83-pecl-apcu php83-pecl-redis php83-phar php83-session \
-    php82-simplexml php82-sodium php82-tokenizer php82-xml php82-zip php82-xmlreader php82-xmlwriter && \
+    php83-simplexml php83-sodium php83-tokenizer php83-xml php83-zip php83-xmlreader php83-xmlwriter && \
  wget -O /usr/local/bin/composer https://getcomposer.org/download/2.5.8/composer.phar && \
  chmod +x /usr/local/bin/composer && \
  ln -s /usr/bin/php82 /usr/bin/php && \ 
  wget -O - https://github.com/glpi-project/glpi/releases/download/${GLPI_VERSION}/glpi-${GLPI_VERSION}.tgz | tar xz -C /var/www
 # this are needed if you want to manually install GLPI from git
--- a/src/rootfs/etc/crontabs/nginx
+++ b/src/rootfs/etc/crontabs/nginx
@@ -0,0 +1,2 @@
 # min	hour	day	month	weekday	command
 *	*	*	*	*	/usr/bin/php /var/www/glpi/front/cron.php 
--- a/src/rootfs/etc/nginx/conf.d/glpi.conf
+++ b/src/rootfs/etc/nginx/conf.d/glpi.conf
--- a/src/rootfs/etc/nginx/http.d/default.conf
+++ b/src/rootfs/etc/nginx/http.d/default.conf
--- a/src/rootfs/etc/php83/conf.d/php.ini
+++ b/src/rootfs/etc/php83/conf.d/php.ini
@@ -1,6 +1,8 @@
 session.cookie_httponly = on
-memory_limit = 256M
+memory_limit = 512M
 file_uploads = on
 max_execution_time = 600
 session.auto_start = off
 session.use_trans_sid = 0
 expose_php = Off
 opcache.memory_consumption = 256
--- a/src/rootfs/etc/php83/php-fpm.d/www.conf
+++ b/src/rootfs/etc/php83/php-fpm.d/www.conf
--- a/src/rootfs/start.sh
+++ b/src/rootfs/start.sh
@@ -9,5 +9,6 @@ if [ "$INSTALL_OK" = "1" ] ; then
  fi
 fi
 /usr/sbin/crond -b
 /usr/sbin/php-fpm*
 /usr/sbin/nginx
--- a/src/rootfs/var/www/glpi/inc/downstream.php
+++ b/src/rootfs/var/www/glpi/inc/downstream.php
Author	SHA1	Message	Date
paspo	fb51b8e9da	glpi upgrade Some checks are pending continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details Vulnerability Scan / Daily Vulnerability Scan (push) Has started running Details	2024-11-06 12:02:03 +01:00
paspo	f21a2ecfbe	php upgrade Some checks failed continuous-integration/drone/tag Build is passing Details continuous-integration/drone/push Build is passing Details Vulnerability Scan / Daily Vulnerability Scan (push) Failing after 7s Details	2024-07-03 12:26:40 +02:00
paspo	d64c4d63f2	alpine update	2024-07-03 11:40:32 +02:00
paspo	47adcd273c	glpi upgrade All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details	2024-07-03 11:30:39 +02:00
paspo	9579efb437	glpi upgrade All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details Vulnerability Scan / Daily Vulnerability Scan (push) Successful in 1m0s Details	2024-04-26 13:16:01 +02:00
paspo	0174c5fa3c	glpi upgrade All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details Vulnerability Scan / Daily Vulnerability Scan (push) Successful in 1m0s Details	2024-03-14 10:55:54 +01:00
paspo	7c81af35e6	glpi upgrade All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details Vulnerability Scan / Daily Vulnerability Scan (push) Successful in 2m21s Details	2024-03-13 10:10:37 +01:00
Paolo Asperti	75aa86c758	glpi upgrade All checks were successful continuous-integration/drone/tag Build is passing Details continuous-integration/drone/push Build is passing Details	2024-02-01 21:13:49 +01:00
paspo	0692319fbd	performance tuning All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details	2024-01-05 11:39:44 +01:00
paspo	0f89e98902	add cron support	2024-01-05 11:35:26 +01:00
paspo	541641f90c	don't expose PHP All checks were successful continuous-integration/drone/push Build is passing Details	2024-01-04 19:11:35 +01:00
paspo	fb1c25a18f	updated compose All checks were successful continuous-integration/drone/push Build is passing Details Vulnerability Scan / Daily Vulnerability Scan (push) Successful in 2m5s Details	2023-12-13 12:18:31 +01:00
paspo	72b67b640d	fix drone All checks were successful continuous-integration/drone/push Build is passing Details	2023-12-13 12:04:40 +01:00
paspo	8c786b4594	fix vulnscan Some checks failed continuous-integration/drone/push Build encountered an error Details	2023-12-13 12:00:26 +01:00
paspo	cbc162e79c	upgrade alpine+glpi Some checks failed continuous-integration/drone/push Build encountered an error Details continuous-integration/drone/tag Build encountered an error Details	2023-12-13 11:39:04 +01:00
paspo	4c0d5f6ef9	test vulnscan action All checks were successful continuous-integration/drone/push Build is passing Details	2023-10-30 12:00:11 +01:00
paspo	8473b553f8	test vulnscan action All checks were successful continuous-integration/drone/push Build is passing Details	2023-10-30 11:57:51 +01:00
paspo	c3e2fab933	test vulnscan action All checks were successful continuous-integration/drone/push Build is passing Details	2023-10-30 11:34:34 +01:00
paspo	e7d24d8843	APK cache removed from image All checks were successful continuous-integration/drone/push Build is passing Details	2023-10-30 11:23:44 +01:00
		`@@ -0,0 +1,2 @@`
							`# min hour day month weekday command`
							`* * * * * /usr/bin/php /var/www/glpi/front/cron.php`