paspo/docker-glpi
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: paspo:10.0.10
Branches Tags
paspo:master
paspo:10.0.20 paspo:10.0.18 paspo:10.0.17 paspo:10.0.16 paspo:10.0.15 paspo:10.0.14 paspo:10.0.13 paspo:10.0.12 paspo:10.0.11 paspo:10.0.10 paspo:10.0.9 paspo:10.0.9-ok paspo:10.0.8 paspo:10.0.7
..
compare: paspo:4fd2ca42ddb6aa3e28cdbb2fbdfaefdee41c94e2
Branches Tags
paspo:master
paspo:10.0.20 paspo:10.0.18 paspo:10.0.17 paspo:10.0.16 paspo:10.0.15 paspo:10.0.14 paspo:10.0.13 paspo:10.0.12 paspo:10.0.11 paspo:10.0.10 paspo:10.0.9 paspo:10.0.9-ok paspo:10.0.8 paspo:10.0.7

23 Commits
10.0.10 ... 4fd2ca42dd

Author SHA1 Message Date
paspo
4fd2ca42dd updated glpi
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/tag Build is passing
Details
2025-04-19 08:36:02 +02:00
paspo
46ef5a68a2 update alpine 2025-04-19 08:35:49 +02:00
paspo
e6c28c3b15 fix trivy
All checks were successful
continuous-integration/drone/push Build is passing
Details
Vulnerability Scan / Daily Vulnerability Scan (push) Successful in 2m22s
Details
2025-01-17 08:01:20 +01:00
paspo
d2824d0831 cached trivy db
All checks were successful
continuous-integration/drone/push Build is passing
Details
Vulnerability Scan / Daily Vulnerability Scan (push) Successful in 10m43s
Details
2024-12-02 16:41:18 +01:00
paspo
fb51b8e9da glpi upgrade
Some checks are pending
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
Vulnerability Scan / Daily Vulnerability Scan (push) Has started running
Details
2024-11-06 12:02:03 +01:00
paspo
f21a2ecfbe php upgrade
Some checks failed
continuous-integration/drone/tag Build is passing
Details
continuous-integration/drone/push Build is passing
Details
Vulnerability Scan / Daily Vulnerability Scan (push) Failing after 7s
Details
2024-07-03 12:26:40 +02:00
paspo
d64c4d63f2 alpine update 2024-07-03 11:40:32 +02:00
paspo
47adcd273c glpi upgrade
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2024-07-03 11:30:39 +02:00
paspo
9579efb437 glpi upgrade
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
Vulnerability Scan / Daily Vulnerability Scan (push) Successful in 1m0s
Details
2024-04-26 13:16:01 +02:00
paspo
0174c5fa3c glpi upgrade
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
Vulnerability Scan / Daily Vulnerability Scan (push) Successful in 1m0s
Details
2024-03-14 10:55:54 +01:00
paspo
7c81af35e6 glpi upgrade
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
Vulnerability Scan / Daily Vulnerability Scan (push) Successful in 2m21s
Details
2024-03-13 10:10:37 +01:00
Paolo Asperti
75aa86c758 glpi upgrade
All checks were successful
continuous-integration/drone/tag Build is passing
Details
continuous-integration/drone/push Build is passing
Details
2024-02-01 21:13:49 +01:00
paspo
0692319fbd performance tuning
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2024-01-05 11:39:44 +01:00
paspo
0f89e98902 add cron support 2024-01-05 11:35:26 +01:00
paspo
541641f90c don't expose PHP
All checks were successful
continuous-integration/drone/push Build is passing
Details
2024-01-04 19:11:35 +01:00
paspo
fb1c25a18f updated compose
All checks were successful
continuous-integration/drone/push Build is passing
Details
Vulnerability Scan / Daily Vulnerability Scan (push) Successful in 2m5s
Details
2023-12-13 12:18:31 +01:00
paspo
72b67b640d fix drone
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-12-13 12:04:40 +01:00
paspo
8c786b4594 fix vulnscan
Some checks failed
continuous-integration/drone/push Build encountered an error
Details
2023-12-13 12:00:26 +01:00
paspo
cbc162e79c upgrade alpine+glpi
Some checks failed
continuous-integration/drone/push Build encountered an error
Details
continuous-integration/drone/tag Build encountered an error
Details
2023-12-13 11:39:04 +01:00
paspo
4c0d5f6ef9 test vulnscan action
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-10-30 12:00:11 +01:00
paspo
8473b553f8 test vulnscan action
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-10-30 11:57:51 +01:00
paspo
c3e2fab933 test vulnscan action
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-10-30 11:34:34 +01:00
paspo
e7d24d8843 APK cache removed from image
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-10-30 11:23:44 +01:00
13 changed files with 98 additions and 28 deletions
Expand all files Collapse all files

6
.dockerignore
View File

@@ -1,6 +0,0 @@
db/
glpi/
docker-compose.yaml
.drone.yaml
.env
.gitignore

25
.drone.star
View File

@@ -1,19 +1,20 @@
def main(ctx):
archs = ["amd64", "arm64"] ## arm
glpi_version = "10.0.10"
glpi_version = "10.0.18"
alpine_version = "3.21"
out = []
for arch in archs:
out += onpush(ctx, glpi_version, arch)
out += onpush(ctx, glpi_version, alpine_version, arch)
for arch in archs:
out += build_publish(ctx, glpi_version, arch)
out += build_publish(ctx, glpi_version, alpine_version, arch)
out += manifest_publish(ctx, glpi_version, archs)
return out
def onpush(ctx, glpi_version, arch):
def onpush(ctx, glpi_version, alpine_version, arch):
return [{
"kind": "pipeline",
"type": "docker",
@@ -26,12 +27,13 @@ def onpush(ctx, glpi_version, arch):
"name": "build_on_push",
"image": "plugins/docker:linux-%s" % (arch),
"settings": {
"context": ".",
"dockerfile": "./Dockerfile",
"context": "src",
"dockerfile": "src/Dockerfile",
"dry_run": True,
"repo": "docker.asperti.com/paspo/glpi",
"build_args": [
"GLPI_VERSION=%s" % (glpi_version)
"GLPI_VERSION=%s" % (glpi_version),
"ALPINE_VERSION=%s" % (alpine_version)
],
},
}],
@@ -40,7 +42,7 @@ def onpush(ctx, glpi_version, arch):
}
}]
def build_publish(ctx, glpi_version, arch):
def build_publish(ctx, glpi_version, alpine_version, arch):
major = glpi_version.partition(".")[0];
return [{
"kind": "pipeline",
@@ -54,10 +56,11 @@ def build_publish(ctx, glpi_version, arch):
"name": "build_on_push",
"image": "plugins/docker:linux-%s" % (arch),
"settings": {
"context": ".",
"dockerfile": "./Dockerfile",
"context": "src",
"dockerfile": "src/Dockerfile",
"build_args": [
"GLPI_VERSION=%s" % (glpi_version)
"GLPI_VERSION=%s" % (glpi_version),
"ALPINE_VERSION=%s" % (alpine_version)
],
"username": {
"from_secret": "docker_username",

52
.gitea/workflows/vulnscan.yaml Normal file
View File

@@ -0,0 +1,52 @@
---
name: Vulnerability Scan
on:
schedule:
- cron: "0 14 * * *"
workflow_dispatch:
jobs:
scan:
name: Daily Vulnerability Scan
runs-on: ubuntu-latest
container:
image: catthehacker/ubuntu:act-latest
steps:
- name: Pull docker image
run: docker pull docker.asperti.com/paspo/glpi:latest
- name: Setup trivy
run: |
echo "Installing Trivy for arch: $(uname -m)"
case $(uname -m) in
x86_64)
wget -O /tmp/trivy.deb https://github.com/aquasecurity/trivy/releases/download/v0.58.2/trivy_0.58.2_Linux-64bit.deb ;;
aarch64)
wget -O /tmp/trivy.deb https://github.com/aquasecurity/trivy/releases/download/v0.58.2/trivy_0.58.2_Linux-ARM64.deb ;;
*) exit 1 ;;
esac
dpkg -i /tmp/trivy.deb
- name: Run Trivy vulnerability scanner
id: scan
run: |
trivy --server ${{ secrets.TRIVY_SERVER }} --token ${{ secrets.TRIVY_TOKEN }} image --format json docker.asperti.com/paspo/glpi:latest > trivy-results.json
# if some vulnerability is found, we fail
- name: check output
id: vulncount
run: |
echo "VULNCOUNT=$(jq '.Results[0].Vulnerabilities|length' trivy-results.json)" >> ${GITHUB_OUTPUT}
if [ $(jq '.Results[0].Vulnerabilities|length' trivy-results.json) -ne "0" ] ; then exit 1 ; fi
- name: send telegram notification
if: failure()
uses: appleboy/telegram-action@master
with:
to: ${{ secrets.TELEGRAM_TO }}
token: ${{ secrets.TELEGRAM_TOKEN }}
format: markdown
message: |
Found **${{ steps.vulncount.outputs.VULNCOUNT }}** vulnerabilities in `${{ github.repository }}`

10
README.md
View File

@@ -7,8 +7,8 @@ Web server for GLPI deployment
## build
```bash
git submodule update --init --remote
docker build -t docker.asperti.com/paspo/glpi .
cd src
docker build -t docker.asperti.com/paspo/glpi --build-arg "ALPINE_VERSION=3.19" --build-arg "GLPI_VERSION=10.0.11" .
```
## run
@@ -20,3 +20,9 @@ see [docker-compose.yaml](docker-compose.yaml)
```sh
drone starlark --format --stdout
```
## run vulnscan locally
```bash
act -W .gitea/workflows/vulnscan.yaml -j scan
```

12
docker-compose.yaml
View File

@@ -10,9 +10,16 @@ services:
- MARIADB_DATABASE=${MARIADB_DATABASE}
- MARIADB_USER=${MARIADB_USER}
- MARIADB_PASSWORD=${MARIADB_PASSWORD}
- MARIADB_AUTO_UPGRADE=1
logging:
options:
max-size: 10m
redis:
image: redis:latest
image: redis:alpine
logging:
options:
max-size: 10m
glpi:
build: .
@@ -29,3 +36,6 @@ services:
- ./glpi/files:/files
- ./glpi/marketplace:/marketplace
- ./glpi/plugins:/var/www/glpi/plugins
logging:
options:
max-size: 10m

12
Dockerfile → src/Dockerfile
View File

@@ -1,16 +1,16 @@
FROM alpine:3.18
ARG ALPINE_VERSION
FROM alpine:${ALPINE_VERSION}
ARG GLPI_VERSION
RUN \
mkdir -p /logs /config /files /marketplace && \
apk -U upgrade && \
apk add curl nginx php82 php82-bz2 php82-ctype php82-curl php82-dom php82-exif \
php82-fileinfo php82-fpm php82-gd php82-iconv php82-intl php82-ldap php82-mysqli \
php82-opcache php82-openssl php82-pecl-apcu php82-pecl-redis php82-phar php82-session \
php82-simplexml php82-sodium php82-tokenizer php82-xml php82-zip php82-xmlreader php82-xmlwriter && \
apk add --no-cache curl nginx php83 php83-bz2 php83-ctype php83-curl php83-dom php83-exif \
php83-fileinfo php83-fpm php83-gd php83-iconv php83-intl php83-ldap php83-mysqli \
php83-opcache php83-openssl php83-pecl-apcu php83-pecl-redis php83-phar php83-session \
php83-simplexml php83-sodium php83-tokenizer php83-xml php83-zip php83-xmlreader php83-xmlwriter && \
wget -O /usr/local/bin/composer https://getcomposer.org/download/2.5.8/composer.phar && \
chmod +x /usr/local/bin/composer && \
ln -s /usr/bin/php82 /usr/bin/php && \
wget -O - https://github.com/glpi-project/glpi/releases/download/${GLPI_VERSION}/glpi-${GLPI_VERSION}.tgz | tar xz -C /var/www
# this are needed if you want to manually install GLPI from git

2
src/rootfs/etc/crontabs/nginx Normal file
View File

@@ -0,0 +1,2 @@
# min hour day month weekday command
* * * * * /usr/bin/php /var/www/glpi/front/cron.php

0
rootfs/etc/nginx/conf.d/glpi.conf → src/rootfs/etc/nginx/conf.d/glpi.conf
View File

0
rootfs/etc/nginx/http.d/default.conf → src/rootfs/etc/nginx/http.d/default.conf
View File

4
rootfs/etc/php82/conf.d/php.ini → src/rootfs/etc/php83/conf.d/php.ini
View File

@@ -1,6 +1,8 @@
session.cookie_httponly = on
memory_limit = 256M
memory_limit = 512M
file_uploads = on
max_execution_time = 600
session.auto_start = off
session.use_trans_sid = 0
expose_php = Off
opcache.memory_consumption = 256

0
rootfs/etc/php82/php-fpm.d/www.conf → src/rootfs/etc/php83/php-fpm.d/www.conf
View File

1
rootfs/start.sh → src/rootfs/start.sh
View File

@@ -9,5 +9,6 @@ if [ "$INSTALL_OK" = "1" ] ; then
fi
fi
/usr/sbin/crond -b
/usr/sbin/php-fpm*
/usr/sbin/nginx

0
rootfs/var/www/glpi/inc/downstream.php → src/rootfs/var/www/glpi/inc/downstream.php
View File