Commit Graph

140 Commits

Author SHA1 Message Date
Darius Kazemi 2aa48f7f09 Merge branch 'lets-bump-hometown-to-mastodon-4.2' of github.com:queer-group/queer.group into hometown-dev-4.2-merge 2023-12-30 19:34:20 -08:00
Renaud Chaput ef8ca2fd72
Change Dockerfile to upgrade packages when building (#26922) 2023-09-14 23:11:36 +02:00
Renaud Chaput e9b528eaee
Use NodeJS v20 by default (#26830) 2023-09-08 13:45:34 +02:00
Michael Stanclift b749de766f
Migrate Dockerfile to Bookworm (#26802) 2023-09-05 18:19:59 +02:00
Claire f39847476c
Change the pre-release versioning scheme and associated environment variables (#26653) 2023-08-25 18:26:44 +02:00
Nick Schonning 99e2e9b81f
Fix minor typos in comments and spec names (#21831) 2023-05-19 17:13:29 +02:00
Tim Campbell ac41a9712e
Fixed mastodon version injection into containers via github actions (#24858) 2023-05-04 21:33:32 +02:00
Renaud Chaput 830e6cefae
Add version suffixes to nightly & edge image builds (#24823) 2023-05-04 13:45:39 +02:00
Nick Schonning 862861069d
Update Node.js to 16.20.0 (#24316) 2023-04-07 14:26:11 +02:00
Nick Schonning 26682d4c22
Remove duplicate ca-certificates Docker install (#24231) 2023-04-07 14:10:12 +02:00
Sai f318f1ef0e
Bump ruby to 3.2.2 due to ReDoS vulnerabilities (#24320) 2023-03-31 18:28:40 +02:00
Nick Schonning e7e189fa44
Use Yarn production install for asset compile (#24232) 2023-03-23 22:49:47 +01:00
Aaron Patterson fb8503e861
Upgrade to Ruby 3.2 (#22928)
Co-authored-by: Matthew Ford <matt@bitzesty.com>
2023-02-15 08:30:27 +01:00
Nick Schonning 841263a548
Update Ruby to 3.0.5 (#23544) 2023-02-13 14:39:24 +01:00
Nick Schonning c6b7e04120
Sync Node.js to 16.19 patch release (#23554) 2023-02-13 04:58:37 +01:00
Nick Schonning a1c0573bc6
Yarn cache cleanup right after install in Docker (#23557) 2023-02-13 04:57:51 +01:00
hjhornbeck d7e2a5c6e7
Dockerfile update (#1270)
While Docker isn't officially supported by Hometown, leaving the
Mastodon 3.5.5 Docker configuration in place with the new 4.0.2 code is
a bad idea. At minimum, you'll have a stale Node install that's months
behind on security updates. There are some minor tweaks to the default
configuration, but they're flagged by comments so they're easy to revert
or modify as necessary.

#  Running Hometown on Docker

I'll by typing up my own longer blog post in due time, but there's no
harm dropping a cheat sheet here. By following this outline, I was able
to upgrade a Hometown 1.0.8 install to 1.1.0 with nothing worse than a
minute or two of downtime.

My configuration uses the GitHub repository as its source, rather than
images drawn from DockerHub. I like to tweak and fiddle with my setup,
especially the themes, and I'm happy to sacrifice some disk space for
the privilege.

## Installing from Scratch

This is by far the easiest approach, you just follow [one
of](https://gist.github.com/TrillCyborg/84939cd4013ace9960031b803a0590c4)
the [existing
guides](https://sleeplessbeastie.eu/2022/05/02/how-to-take-advantage-of-docker-to-install-mastodon/)
for running Mastodon via Docker, pause after you've set up
`.env.production`, add any Hometown-specific features to it [as per the
Wiki](https://github.com/hometown-fork/hometown/wiki), then resume what
the guide says to do.

If you're enabling ElastiSearch, the second of the two guides has some
additional actions you'll need to do, plus be aware of [this
bug](https://github.com/mastodon/mastodon/issues/18625) in Mastodon
which can quietly block ES from working at all.

## Upgrading from Hometown 1.0.8

Here's how I accomplished this. I committed any leftover changes, then
ran these commands from the non-Docker instructions in the root of my
local Hometown repository:

```
git remote update
git checkout v4.0.2+hometown-1.1.0
```

This "wiped out" my customizations, but as I committed them all to a
branch I can reconstruct them later via diffs. I then ran:

```
sudo docker-compose build
```

to build the new image. The old image will continue running in the
background, as per usual. I like adding `2>&1 | less` to the end and
mashing `PgDn`, as if a compilation error happens it almost invariably
requires scrolling back a few screens to find the issue.

If the build succeeded, we're almost clear to start the dangerous
portion. If you're running on the cloud, now would be a great time to
take a snapshot. Whatever the case, you should back up the existing
database. If you haven't changed the defaults from the Dockerfile, then

```
sudo docker exec -it hometown_db_1 pg_dump -U postgres -Fc postgres > hometown.db.dump
```

should do the trick. If you have changed the defaults, you may need to
use `sudo docker ps` to figure out the name of the PostgreSQL image to
swap in place of "hometown_db_1", then browse through `.env.production`
to extract the username to place after `-U` and the database name to
place after `-Fc`. The Hometown docs don't say how to restore the
database should the process go South, but after reading a manpage or two
I think the magic words are roughly

```
sudo docker exec -it hometown_db_1 pg_restore -U postgres --clean --if-exists -d postgres < hometown.db.dump
```

Now we're ready for the scary "you could destroy everything" part. All
the earlier commands are trivial to roll back, but after this point any
delay could cause data corruption. As per the Hometown docs, run the
pre-deployment database migrations.

```
sudo docker-compose run -e SKIP_POST_DEPLOYMENT_MIGRATIONS=true -e RAILS_ENV=production --rm web bundle exec rails db:migrate
```

where `web` is the name of the webserver image in `docker-compose.yml`.
The docs state you should precompile all assets next, but I'm 95% sure
they were already built when you ran `sudo docker-compose build`. If
you're paranoid and want to be absolutely sure precompilation is done,
then at this stage run:

```
sudo docker-compose run -e RAILS_ENV=production --rm web bundle exec rails assets:precompile
```

Here, the Hometown docs say you should run the post-deployment
migrations. In Docker-ese:

```
sudo docker-compose run -e RAILS_ENV=production --rm web bundle exec rails db:migrate
```

Finally, we need to stop the old images and spin up the new ones. Run:

```
sudo docker-compose up -d
```

and give Docker some time to finish rotating. A quick `sudo docker ps`
should confirm the new images are booting up, and in a short while
(10-15 seconds for the teeny-tiny instance I manage) you should be back
to fully functional.
2023-01-17 14:39:09 -08:00
Moritz Heiber a0813806d6
Add hadolint as Dockerfile linter (#20993)
* Added hadolint as Dockerfile linter in pipeline and resolved remaining hadolint issues in Dockerfile

* Use more specific version of hadolint Action

* Bumpt hadolint Action version to latest version to avoid deprecation notice

* Being _really_ specific now
2022-12-15 15:57:17 +01:00
Nick Schonning 736b4283b0
Update Node 16.18.1 for latest security release (#22019)
* Update Node 16.18.1 for latest security release

* Increase Yarn network timeout for build error
2022-12-11 07:37:00 +01:00
BtbN f343ed42ff
Add missing procps package to Dockerfile (#21028)
The new Debian-Base does not come with this by default, making the ps based health-check in the compose file fail
2022-11-22 05:52:18 +01:00
Effy Elden 231e3ec552
Remove blank line from start of Dockerfile breaking syntax declaration (#20948) 2022-11-17 10:25:07 -05:00
Moritz Heiber 1b5ed32085
Split off Dockerfile components for faster build times (#20933) 2022-11-17 12:56:14 +01:00
Kohei Ota (inductor) 92734e3df1
Use buildx functions for faster build (#20692)
* Use buildx functions for faster build

* move link

* cannot use --link with --chown
2022-11-17 11:01:16 +01:00
Yamagishi Kazutoshi 5cf056fdb0
Install python3 when building with Docker (#18072) 2022-09-29 16:36:14 +02:00
Daniel Jakots 0c99c6c3df
Update Node to 16.17.1 (#19224)
See
https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/
for the details.
2022-09-24 00:11:34 +02:00
zunda 113dd90aa3
Bump Ruby version from 3.0.3 to 3.0.4 (#18028)
https://www.ruby-lang.org/en/news/2022/04/12/ruby-3-0-4-released/
2022-08-15 04:39:58 +02:00
Daniel Jakots 9f61f22a3b
Update node to 16.16.0 (#18790)
See https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
2022-08-15 02:47:33 +02:00
Shlee 602f291da9
Update Dockerfile (#18717) 2022-06-27 09:02:48 +02:00
Daniel Jakots 8ee4fde19b Bump NODE_VER to 16.14.2 (#17825)
See the announcement
https://nodejs.org/en/blog/vulnerability/mar-2022-security-releases/
2022-03-19 09:24:26 +01:00
Yamagishi Kazutoshi 298491a816
Remove protobuf dependencies (#17539) 2022-02-14 16:08:02 +01:00
Daniel Jakots aa45404578
Bump NODE_VER to 16.13.2, to solve security issues (#17399)
Fixes CVE-2021-44532, CVE-2021-44533, and CVE-2022-21824.
See: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
2022-01-31 00:32:03 +01:00
Jeong Arm fad37dd1bc
Save bundle config as local (#17188)
Some bundle options are saved as global user config and not project local.
Specially, `deployment` must be saved as local config to be run on copied environment
2021-12-25 22:52:24 +01:00
zunda 46e62fc4b3
Upgrade Ruby to 3.0.3 (#17038)
https://www.ruby-lang.org/en/news/2021/11/24/ruby-3-0-3-released/
2021-11-24 20:29:05 +01:00
Shlee d647f6ad04
Update Dockerfile (#16939) 2021-11-18 22:00:38 +01:00
Shlee c242c1d87a
Ruby 3.0.2 Upgrade (#16982)
* Update .ruby-version

* Update Gemfile

* Update Gemfile.lock

* Update Dockerfile

* Update check-i18n.yml

* Update config.yml

* Update config.yml
2021-11-18 21:59:57 +01:00
Shlee 03338d1297
[Dockerfile] [Security] Update NodeJS to V16 (LTS) on docker. (#16856)
* [Security] Update NodeJS on docker.

https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/

* Update Dockerfile

* Upgrade npm package

* Update Dockerfile
2021-11-17 07:57:01 +01:00
David Sterry f68772fd6a
add bundle flag to suppress root warning (#16557) 2021-10-14 21:00:38 +02:00
Shlee 12cb6ed461
Update Dockerfile (#16696) 2021-09-13 19:03:14 +02:00
Shlee 229f5d1681
NodeJS 14 support - circleci/docker/.nvmrc (#16163)
* Update config.yml

* Update Dockerfile

* Update .nvmrc

* Update Dockerfile

* NodeJS 10 is EOL.

* Update package.json

* Update README.md

* Update Vagrantfile

* Update Dockerfile

* Update Dockerfile
2021-08-10 22:56:13 +02:00
Daigo 3 Dango 3d5183e99c
Use ruby-2.7.4 (#16481)
Stop using older version of resolv gem as the bug has been fixed.
https://bugs.ruby-lang.org/issues/17781
2021-07-10 01:29:27 +02:00
Claire d95128c99d
Revert default Ruby version to 2.7.2 (#16154)
Ruby 2.7.3 introduced a new bug with Resolv::DNS, which we heavily use within
Mastodon: https://bugs.ruby-lang.org/issues/17781

Ruby 2.7.3 also included security fixes for two CVEs, but those do not seem
to apply to Mastodon:
https://github.com/tootsuite/mastodon/pull/16004#issuecomment-815125025
2021-05-04 23:06:19 +02:00
Daigo 3 Dango 3f8d0de82e
Upgrade Ruby to 2.7.3 (#16004)
* Upgrade Ruby to 2.7.3

https://www.ruby-lang.org/en/news/2021/04/05/ruby-2-7-3-released/
includes security fixes to
- CVE-2021-28965: XML round-trip vulnerability in REXML
- CVE-2021-28966: Path traversal in Tempfile on Windows

* Update rexml to 3.2.5

https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
2021-04-09 02:31:36 +02:00
Mashiro e3f1107975
build: install shared-mime-info in Dockerfile (#15978) 2021-03-30 10:10:04 +02:00
Sandro 46d3d3169e
Docker: Use precompiled jemalloc, format, apply hadolint suggestions (#10823)
* Format, apply hadolint suggestions, little nitpicks

* Use pre compiled jemalloc

* Use tini from package repository
2021-03-20 21:21:57 +01:00
Shlee f56cf6e9d0
Update Dockerfile (#15869) 2021-03-12 05:33:35 +01:00
Daniel Jakots b4281f5a51
Update to Node.js-12.20.1 (#15558)
This is a security release. You can read the announce at
https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
2021-01-28 22:53:56 +01:00
kaiyou 1817f96578
Fix the Dockerfile in case of Kaniko build (#15510)
Kaniko does not support looking up binaries from $PATH, so we
specify the full path to the bash binary.

Co-authored-by: kaiyou <dev@kaiyou.fr>
2021-01-08 07:13:26 +01:00
Shlee b429d33e46
Update Dockerfile (#15232) 2020-11-29 09:20:02 +01:00
Daigo 3 Dango 541b9f8c1c
Use Ruby 2.7.2 (#15150)
thwait and e2mmap are no longer needed in Gemfile.
Gems properly require those.
2020-11-19 17:46:46 +01:00
Kairui Song | 宋恺睿 03b5f09ffc
Minor fix & improvement for the Dockerfile (#14686)
* Dockerfile: Fix building with multiarch

Tested on amd64 and arm64

* Reduce docker image size by clean up some unneeded source file
2020-08-30 16:45:49 +02:00