- bump to version 3.12.1

Author: gpappsoft

Changelog

@@ -1,4 +1,8 @@
-Version 3.12, 2025-07-03
+Version 3.12.1, 2025-07-03
 
-  Release 3.12
-  
+  Release 3.12.1
+
+- Start using privacyidea github source-tree instead of python package index.
+- Added new webUI preview parameters. See environment/application-prod.env file for more information.
+- Updated resolver.json 
+- Updated to new version.

Dockerfile

@@ -4,45 +4,59 @@
 ###
 FROM cgr.dev/chainguard/wolfi-base AS builder
 
-ARG PYVERSION=3.12
-ARG PI_VERSION=3.12
-ARG PI_REQUIREMENTS=3.12
+ARG PYVERSION=3.13
+ARG PI_VERSION=3.12.1
+ARG PI_REQUIREMENTS=3.12.1
 ARG GUNICORN==23.0.0
 ARG PSYCOPG2==2.9.10
 ARG PYKCS11==1.5.14
+ARG NODEJS_VERSION=22
 
 ENV LANG=C.UTF-8
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1
 ENV PATH="/privacyidea/venv/bin:$PATH"
 
 WORKDIR /privacyidea
-RUN apk add python-${PYVERSION} py${PYVERSION}-pip python3-dev gnupg && \
+RUN apk add python-${PYVERSION} py${PYVERSION}-pip python3-dev gnupg git nodejs-${NODEJS_VERSION} npm  && \
 #RUN apk add python-${PYVERSION} py${PYVERSION}-pip python3-dev build-base krb5-conf krb5-dev swig && \
         chown -R nonroot:nonroot /privacyidea/
 
 USER nonroot
 RUN python -m venv /privacyidea/venv
-RUN pip install -r https://raw.githubusercontent.com/privacyidea/privacyidea/refs/tags/v${PI_REQUIREMENTS}/requirements.txt
+RUN pip install  -r https://raw.githubusercontent.com/privacyidea/privacyidea/refs/tags/v${PI_REQUIREMENTS}/requirements.txt
 RUN pip install psycopg2-binary==${PSYCOPG2} gunicorn==${GUNICORN} gnupg
-RUN pip install privacyIDEA==${PI_VERSION}
+# Install privacyIDEA from GitHub repository
+RUN git clone --branch v${PI_VERSION} --depth 1 https://github.com/privacyidea/privacyidea.git /privacyidea/pi_src \
+        && pip install /privacyidea/pi_src
 #RUN pip install -r https://raw.githubusercontent.com/privacyidea/privacyidea/v${PI_REQUIREMENTS}/requirements-kerberos.txt 
 # Workaroud for https://github.com/privacyidea/privacyidea/issues/4127
 #RUN pip install -r https://raw.githubusercontent.com/privacyidea/privacyidea/v${PI_REQUIREMENTS}/requirements-hsm.txt 
 #RUN pip install pykcs11==${PYKCS11}
 
 ADD https://raw.githubusercontent.com/privacyidea/privacyidea/refs/tags/v${PI_REQUIREMENTS}/deploy/privacyidea/NetKnights.pem /privacyidea/etc/persistent/
 
+
 COPY  conf/pi.cfg /privacyidea/etc/
 COPY  conf/logging.cfg /privacyidea/etc/
 COPY  entrypoint.py /privacyidea/entrypoint.py
 COPY  templates/healthcheck.py /privacyidea/healthcheck.py
 
+# New WebUI
+WORKDIR /privacyidea/pi_src/privacyidea/static_new
+RUN npm ci
+RUN npm run-script ng build
+RUN rm -rf node_modules
+
+WORKDIR /privacyidea/pi_src
+RUN pip install .
+RUN rm -rf /privacyidea/pi_src
+
 ### final stage
 ###
 FROM cgr.dev/chainguard/wolfi-base
 
-ARG PYVERSION=3.12
+ARG PYVERSION=3.13
 ENV PYTHONUNBUFFERED=1
 ENV PATH="/privacyidea/venv/bin:/privacyidea/bin:$PATH"
 ENV PRIVACYIDEA_CONFIGFILE="/privacyidea/etc/pi.cfg"

Makefile

@@ -1,5 +1,5 @@
-PI_VERSION := "3.12"
-PI_VERSION_BUILD := "3.12"
+PI_VERSION := "3.12.1"
+PI_VERSION_BUILD := "3.12.1"
 IMAGE_NAME := privacyidea-docker:${PI_VERSION}
 
 BUILDER := docker build
@@ -54,8 +54,12 @@ fullstack:
 resolver:
 	${CONTAINER_ENGINE} cp templates/resolver.json prod-privacyidea-1:/privacyidea/etc/resolver.json
 	${CONTAINER_ENGINE} exec -ti prod-privacyidea-1 /privacyidea/venv/bin/pi-manage config import -i /privacyidea/etc/resolver.json
-	@echo resolvers and realm created
-	
+	@echo resolvers and realm created.
+	@echo "############################################################################"
+	@echo "admin login with: admin@admin / admin "
+	@echo "helpdesk login with: helpdesk@helpdesk / helpdesk "
+	@echo "user login with: HadiPac / hadi "
+	@echo "############################################################################"
 run:
 	@${CONTAINER_ENGINE} run -d --name ${TAG}-privacyidea \
 			-e PI_PASSWORD=admin \

README.md

@@ -77,7 +77,7 @@ Sample images from this project can be found here:
 | [ghcr.io](https://github.com/gpappsoft/privacyidea-docker/pkgs/container/privacyidea-docker)| ```docker pull ghcr.io/gpappsoft/privacyidea-docker:latest```|
 
 > [!Note] 
-> ```latest``` tagged image is maybe a pre- or development-release. Please use always a release number (like ```3.12```) 
+> ```latest``` tagged image is maybe a pre- or development-release. Please use always a release number (like ```3.12.1```) 
 
 ## Quickstart
 
@@ -130,7 +130,7 @@ You can use *Makefile* targets to build different images with different privacyI
 
 #### Build a specific privacyIDEA version
 ```
-make build PI_VERSION=3.12 PI_VERSION_BUILD=3.12
+make build PI_VERSION=3.12.1 PI_VERSION_BUILD=3.12.1
 ```
 
 #### Push to a registry
@@ -157,7 +157,7 @@ make distclean
 
 | target | optional ARGS | description | example
 ---------|----------|---|---------
-| ```build ``` | ```PI_VERSION```<br> ```IMAGE_NAME```|Build an image. Optional: specify the version, requirements version and image name| ```make build PI_VERSION=3.12 PI_VERSION_BUILD=3.12```|
+| ```build ``` | ```PI_VERSION```<br> ```IMAGE_NAME```|Build an image. Optional: specify the version, requirements version and image name| ```make build PI_VERSION=3.12.1 PI_VERSION_BUILD=3.12.1```|
 | ```push``` | ```REGISTRY```|Tag and push the image to the registry. Optional: specify the registry URI. Defaults to *localhost:5000*| ```make push REGISTRY=docker.io/gpappsoft/privacyidea-docker```|
 | ```run``` |  ```PORT``` <br> ```TAG```  |Run a standalone container with gunicorn and sqlite. Optional: specify the prefix tag of the container name and listen port. Defaults to *pi* and port *8080*| ```make run TAG=prod PORT=8888```|
 | ```secret``` | |Generate secrets to use in an environment file | ```make secret```|
@@ -282,7 +282,7 @@ You can start the stack in the background with console detached using the **-d**
 
 Full example including build with  ```make```targets:
 ```
-make cert build push stack PI_VERSION=3.12 PI_VERSION_BUILD=3.12 TAG=pidev
+make cert build push stack PI_VERSION=3.12.1 PI_VERSION_BUILD=3.12.1 TAG=pidev
 ```
 ---
 Now you can deploy additional containers like OpenLDAP for user realms or Owncloud as a client to test 2FA authentication. 

entrypoint.py

@@ -13,7 +13,7 @@
 
 app = create_app(config_name='production',config_file='/privacyidea/etc/pi.cfg')
 
-os.chdir('/privacyidea/venv/lib/python3.12/site-packages/privacyidea')
+os.chdir('/privacyidea/')
 
 # Update database schema, if set
 PI_UPDATE = os.environ.get('PI_UPDATE', False)

environment/application-dev.env

@@ -1,18 +1,28 @@
-ENVIRONMENT="environment/application-dev.env"
+ENVIRONMENT="environment/application-prod.env"
 
-# PrivacyIDEA
-PI_VERSION=3.12
+## PrivacyIDEA
+PI_VERSION=3.12.1
 PI_ADMIN=admin
 PI_ADMIN_PASS=admin
-PI_PORT=8080
+PI_ADDRESS=0.0.0.0 
+PI_PORT=8081
 PI_LOGLEVEL=INFO
 PI_PEPPER=changeMe
 PI_SECRET=changeMe
-PI_ENCKEY=9KraeeWGbIANYFHS+4L4YY2uRE/xP3pdeMZ5hrHYagmFo5vbYxNcruv4mh2P/pX6xUp+Px/AKLPANzi1s3N4O2vWEC7a2yzk3o4LcWKupFAbW/Jl1kM16EvCyCQ9hpKe
-
+#PI_ENCKEY=9KraeeWGbIANYFHS+4L4YY2uRE/xP3pdeMZ5hrHYagmFo5vbYxNcruv4mh2P/pX6xUp+Px/AKLPANzi1s3N4O2vWEC7a2yzk3o4LcWKupFAbW/Jl1kM16EvCyCQ9hpKe
 SUPERUSER_REALM="admin,helpdesk"
+SQLALCHEMY_ENGINE_OPTIONS=False
+#PI_AUDIT_NO_SIGN=False
+#PI_AUDIT_SQL_URI=
+PI_AUDIT_KEY_PRIVATE="/privacyidea/etc/persistent/private.pem"
+PI_AUDIT_KEY_PUBLIC="/privacyidea/etc/persistent/public.pem"
+
+## uncomment two lines below for new UI preview
+#PI_STATIC_FOLDER="static_new/"
+#PI_TEMPLATE_FOLDER="static_new/dist/privacyidea-webui/browser/"
+
 
-# DB connection parameters
+## DB connection parameters
 DB_HOST=db
 DB_PORT=3306
 DB_NAME=pi
@@ -21,13 +31,13 @@ DB_PASSWORD=superSecret
 DB_API=mysql+pymysql
 DB_EXTRA_PARAMS="?charset=utf8"
 
-# reverse proxy port
+## reverse proxy port
 PROXY_PORT=8444
 PROXY_SERVERNAME=localhost
 
-# External RADIUS ports
+## External RADIUS ports
 RADIUS_PORT=1814
 RADIUS_PORT_INC=1815
 
-# External LDAP port
-LDAP_PORT=1689
+## External LDAP port
+LDAP_PORT=1398

environment/application-prod.env

@@ -1,7 +1,7 @@
 ENVIRONMENT="environment/application-prod.env"
 
-# PrivacyIDEA
-PI_VERSION=3.12
+## PrivacyIDEA
+PI_VERSION=3.12.1
 PI_ADMIN=admin
 PI_ADMIN_PASS=admin
 PI_ADDRESS=0.0.0.0 
@@ -16,7 +16,13 @@ SQLALCHEMY_ENGINE_OPTIONS=False
 #PI_AUDIT_SQL_URI=
 PI_AUDIT_KEY_PRIVATE="/privacyidea/etc/persistent/private.pem"
 PI_AUDIT_KEY_PUBLIC="/privacyidea/etc/persistent/public.pem"
-# DB connection parameters
+
+## uncomment two lines below for new UI preview
+#PI_STATIC_FOLDER="static_new/"
+#PI_TEMPLATE_FOLDER="static_new/dist/privacyidea-webui/browser/"
+
+
+## DB connection parameters
 DB_HOST=db
 DB_PORT=3306
 DB_NAME=pi
@@ -25,13 +31,13 @@ DB_PASSWORD=superSecret
 DB_API=mysql+pymysql
 DB_EXTRA_PARAMS="?charset=utf8"
 
-# reverse proxy port
+## reverse proxy port
 PROXY_PORT=8443
 PROXY_SERVERNAME=localhost
 
-# External RADIUS ports
+## External RADIUS ports
 RADIUS_PORT=1812
 RADIUS_PORT_INC=1813
 
-# External LDAP port
+## External LDAP port
 LDAP_PORT=1389