Merge pull request #1 from haiphamhoang/v5

Upgrade to version 5.2.7

Author: haiphamhoang

.env

@@ -0,0 +1,14 @@
+
+# system settings
+TIME_ZONE='Europe/Berlin'
+
+# seatable server url
+SEATABLE_SERVER_HOSTNAME=localhost
+SEATABLE_SERVER_PROTOCOL='http'
+
+# initial web admin
+SEATABLE_ADMIN_EMAIL=dev@localhost.xyz
+SEATABLE_ADMIN_PASSWORD=adminpassword
+
+# database
+SEATABLE_MYSQL_ROOT_PASSWORD=abcrootpassword

.github/workflows/docker-build-publish.yml

@@ -38,26 +38,26 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       # Install the cosign tool except on PR
       # https://github.com/sigstore/cosign-installer
       - name: Install cosign
         if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
+        uses: sigstore/cosign-installer@v3.5.0
         with:
-          cosign-release: 'v1.13.1'
+          cosign-release: 'v2.2.4'
 
 
       # Workaround: https://github.com/docker/build-push-action/issues/461
       - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
+        uses: docker/setup-buildx-action@v3
 
       # Login against a Docker registry except on PR
       # https://github.com/docker/login-action
       - name: Log into registry ${{ env.REGISTRY }}
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -67,18 +67,18 @@ jobs:
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
             type=raw,value=${{ github.event.inputs.seatable_version }}
             type=raw,value=latest
 
-      # Build and push Docker image with Buildx (don't push on PR)
+      # Build and push Docker image with Buildx
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         id: build-and-push
-        uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
+        uses: docker/build-push-action@v5
         with:
           context: .
           build-args: |
@@ -98,7 +98,9 @@ jobs:
       - name: Sign the published Docker image
         if: ${{ github.event_name != 'pull_request' }}
         env:
-          COSIGN_EXPERIMENTAL: "true"
+          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+          TAGS: ${{ steps.meta.outputs.tags }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
         # This step uses the identity token to provision an ephemeral certificate
         # against the sigstore community Fulcio instance.
-        run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}
+        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}

.gitignore

@@ -1 +1 @@
-test/
+seatable-license.txt

Dockerfile

@@ -3,7 +3,6 @@ FROM seatable/seatable-enterprise:${SEATABLE_VERSION}
 
 # Maintainer
 LABEL maintainer="HaiPhamHoang" \
-      version="1.0.0" \
       seatable_version="${SEATABLE_VERSION}" \
       description="Seatable with some custom config." \
       url="https://github.com/haiphamhoang/seatable-enterprise-docker"

README.md

@@ -1,22 +1,29 @@
 # docker-seatable
 
-## Env
+## Addition Enviroments
 
 - REDIS_HOST: `string`
-- MEMCACHED_HOST: `string`
-- SEATABLE_SERVER_URL_FORCE_HTTPS: `bool` 
     - it's useful when use with reverse proxy like traefik.
 - DB_ROOT_PASSWD_FILE: `filepath`
 
 
 
 
-# Dev
+# Develop
 
 ## Upgrade 
 ### Checking new script
 1. Run container with new seatable/seatable-enterprise:latest version, using default [docker-compose.yml](https://manual.seatable.io/docker/Enterprise-Edition/Deploy%20SeaTable-EE%20with%20Docker/#downloading-and-modifying-docker-composeyml)
-2. copy file at `/templates/`
+
+2. Run `docker-compose up -d` to start the container
+
+3. copy file at `/templates/`
+```
+docker cp seatable-server:/templates test/templates
 ```
-docker cp CONTAINER:/templates test/templates
+
+## Test Dockerfile
+
 ```
+docker compose up --build
+```

docker-compose.override.yml

@@ -0,0 +1,7 @@
+services:
+  seatable-server:
+    build:
+      context: .
+      dockerfile: Dockerfile
+      args:
+        SEATABLE_VERSION: ${SEATABLE_VERSION:-5.2.7}

docker-compose.yml

@@ -1,57 +1,100 @@
-version: '3.9'
-services:
-  db:
-    image: mariadb:10.5
-    container_name: seatable-mysql
-    environment:
-      - MYSQL_ROOT_PASSWORD=hellopassword
-      - MYSQL_LOG_CONSOLE=true
-    #volumes:
-      #- /opt/seatable/mysql-data:/var/lib/mysql         # Volume of MySQL (directory for persistent storage) and mount point in container -- can be changed (not advised)
-    networks:
-      - seatable-net
 
-  memcached:
-    image: memcached:1.5.6
-    container_name: seatable-memcached
-    entrypoint: memcached -m 256
-    networks:
-      - seatable-net
+networks:
+  frontend-net:
+    name: frontend-net
+  backend-seatable-net:
+    name: backend-seatable-net
 
-  redis:
-    image: redis:5.0.7
-    container_name: seatable-redis
-    networks:
-      - seatable-net
 
-  seatable:
-    #image: seatable/seatable-enterprise:latest
-    build:
-      context: .
-      args:
-        SEATABLE_VERSION: '3.1.13'
-    container_name: seatable
-    ports:
-      - "80:80"                                         # HTTP port on the Docker host and the port in the container -- must be changed if port 80 is already in use on Docker host
-    #   - "443:443"                                       # HTTPS port on the Docker host and the port in the container -- must be changed if port 443 is already in use on Docker host
+services:
+  seatable-server:
+    image: ${SEATABLE_IMAGE:-seatable/seatable-enterprise:5.2.7}
+    container_name: seatable-server
     volumes:
-      - /opt/seatable/seatable-data:/shared             # Volume of SeaTable (directory for persistent storage) and mount point in container -- can be changed (not advised)
+      - type: bind
+        source: "./seatable-license.txt"
+        target: "/shared/seatable/seatable-license.txt"
+        read_only: ${SEATABLE_LICENSE_FORCE_READ_ONLY:-false}
+    ports:
+      - "80:80"
     environment:
-      - DB_HOST=seatable-mysql
-      #- DB_ROOT_PASSWD=hellopassword                         # Root password of MySQL -- must be changed to the value set above
-      - DB_ROOT_PASSWD_FILE=/run/secrets/shared_mysql_root_password
-      - REDIS_HOST=seatable-redis
-      - MEMCACHED_HOST=seatable-memcached
-      - SEATABLE_SERVER_URL_FORCE_HTTPS=True
-      - SEATABLE_SERVER_LETSENCRYPT=False               # Decision on whether or not to use Let's Encrypt for HTTPS, default is False -- must be changed to True if a Let's Encrypt SSL certificate is to be used
-      - SEATABLE_SERVER_HOSTNAME=seatable.example.com   # Host name -- must be changed
-      - TIME_ZONE=Etc/UTC                               # Optional, default is UTC. Example: Europe/Berlin. Choices can be found here: http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
+      - DB_HOST=mariadb
+      - DB_ROOT_PASSWD=${SEATABLE_MYSQL_ROOT_PASSWORD:?Variable is not set or empty}
+      - SEATABLE_SERVER_HOSTNAME=${SEATABLE_SERVER_HOSTNAME:?Variable is not set or empty}
+      - SEATABLE_SERVER_PROTOCOL=${SEATABLE_SERVER_PROTOCOL:-https}
+      - SEATABLE_ADMIN_EMAIL=${SEATABLE_ADMIN_EMAIL:?Variable is not set or empty}
+      - SEATABLE_ADMIN_PASSWORD=${SEATABLE_ADMIN_PASSWORD:?Variable is not set or empty}
+      - TIME_ZONE=${TIME_ZONE}
+      - PYTHON_SCHEDULER_URL=${PYTHON_SCHEDULER_URL:-http://python-scheduler}
+      - PYTHON_SCHEDULER_AUTH_TOKEN=${PYTHON_SCHEDULER_AUTH_TOKEN:-}
+      - REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
+      - SEATABLE_EMAIL_USE_TLS=${SEATABLE_EMAIL_USE_TLS:-}
+      - SEATABLE_EMAIL_HOST=${SEATABLE_EMAIL_HOST:-}
+      - SEATABLE_EMAIL_HOST_USER=${SEATABLE_EMAIL_HOST_USER:-}
+      - SEATABLE_EMAIL_HOST_PASSWORD=${SEATABLE_EMAIL_HOST_PASSWORD:-}
+      - SEATABLE_EMAIL_PORT=${SEATABLE_EMAIL_PORT:-}
+      - SEATABLE_DEFAULT_FROM_EMAIL=${SEATABLE_DEFAULT_FROM_EMAIL:-}
+      - SEATABLE_SERVER_EMAIL=${SEATABLE_SERVER_EMAIL:-}
+      - SEATABLE_SHOW_TEMPLATES_LINK=${SEATABLE_SHOW_TEMPLATES_LINK:-}
+      - SEATABLE_TEMPLATE_BASE_API_TOKEN=${SEATABLE_TEMPLATE_BASE_API_TOKEN:-}
+      - SEATABLE_TEMPLATE_TABLE_NAME=${SEATABLE_TEMPLATE_TABLE_NAME:-}
+      - SEATABLE_ENABLE_CREATE_BASE_FROM_TEMPLATE=${SEATABLE_ENABLE_CREATE_BASE_FROM_TEMPLATE:-}
+      - SEATABLE_HELP_LINK=${SEATABLE_HELP_LINK:-https://docs.seatable.io}
+      - SEATABLE_LOG_LEVEL=${SEATABLE_LOG_LEVEL:-INFO}
+    
+
     depends_on:
-      - db
-      - memcached
-      - redis
+      mariadb:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
     networks:
-      - seatable-net
+      - frontend-net
+      - backend-seatable-net
+    # healthcheck specifically for dtable-web
+    healthcheck:
+      test: ["CMD-SHELL", "curl --fail http://localhost:8000 || exit 1"]
+      interval: 20s
+      retries: 3
+      start_period: 30s
+      timeout: 10s
 
-networks:
-  seatable-net:
+  mariadb:
+    image: ${SEATABLE_DB_IMAGE:-mariadb:11.4.3-noble}
+    restart: unless-stopped
+    container_name: mariadb
+    environment:
+      - MYSQL_ROOT_PASSWORD=${SEATABLE_MYSQL_ROOT_PASSWORD:?Variable is not set or empty}
+      - MYSQL_LOG_CONSOLE=true
+      - MARIADB_AUTO_UPGRADE=1
+      - TZ=${TIME_ZONE}
+    networks:
+      - backend-seatable-net
+    healthcheck:
+      test:
+        [
+          "CMD",
+          "/usr/local/bin/healthcheck.sh",
+          "--connect",
+          "--mariadbupgrade",
+          "--innodb_initialized",
+        ]
+      interval: 20s
+      retries: 3
+      start_period: 30s
+      timeout: 10s
+      # On older database containers without healthcheck users present you might need to create them manually,
+      # otherwise the container stays unhealthy.
+      # more info at https://admin.seatable.io/upgrade/extra-upgrade-notice/
+
+  redis:
+    image: ${SEATABLE_REDIS_IMAGE:-redis:7.2.7-bookworm}
+    restart: unless-stopped
+    container_name: redis
+    networks:
+      - backend-seatable-net
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 20s
+      retries: 3
+      timeout: 5s

templates/enterpoint.sh

@@ -8,14 +8,13 @@ function log() {
 }
 
 
-# load env function
-function load_env() {
-    log "Load custom env"
+# load additional DB_ROOT_PASSWD_FILE variables
+function load_additional_filepath_env() {
+    log "Load additional filepath env"
     env_var="DB_ROOT_PASSWD"
     file_env_var="${env_var}_FILE"
     if [[ -n "${!file_env_var:-}" ]]; then
         if [[ -r "${!file_env_var:-}" ]]; then
-            export "ok=abcd"
             export "${env_var}=$(< "${!file_env_var}")"
             unset "${file_env_var}"
         else
@@ -24,11 +23,15 @@ function load_env() {
     fi
 }
 
+is_first_start=0
 # init config
 if [ "`ls -A /opt/seatable/conf`" = "" ]; then
     log "Start init"
-    load_env
-    
+
+    is_first_start=1
+
+    load_additional_filepath_env
+
     /templates/seatable.sh init-sql &>> /opt/seatable/logs/init.log
 
     /templates/seatable.sh init &>> /opt/seatable/logs/init.log
@@ -90,6 +93,11 @@ if [[ -f /shared/ssl/renew_cert ]]; then
 fi
 
 
+# update truststore
+log "Updating CA certificates..."
+update-ca-certificates --verbose &>> /opt/seatable/logs/init.log
+
+
 # logrotate
 if [[ -f /var/spool/cron/crontabs/root ]]; then
     cat /templates/logrotate-conf/logrotate-cron >> /var/spool/cron/crontabs/root
@@ -100,8 +108,35 @@ else
 fi
 
 
+# auto start
+if [[ $SEATABLE_START_MODE = "cluster" ]] || [[ -f /opt/seatable/conf/seatable-controller.conf ]] ;then
+    # cluster mode
+    log "Start cluster server"
+    /templates/seatable.sh start
+
+else
+    # auto upgrade sql
+    /templates/seatable.sh python-env /templates/upgrade_sql.py &>> /opt/seatable/logs/init.log
+    sleep 5
+
+    # auto start
+    log "Start server"
+    /templates/seatable.sh start
+
+    # init superuser
+    if [[ ${is_first_start} -eq 1 ]]; then
+        sleep 5
+        log "Auto create superuser"
+        /templates/seatable.sh auto-create-superuser ${is_first_start} &>> /opt/seatable/logs/init.log &
+    fi
+
+fi
+
+log "For more startup information, please check the /opt/seatable/logs/init.log"
+
+
 #
-log "This is an idle script (infinite loop) to keep container running."
+log "This is an idle script (infinite loop) to keep the container running."
 
 function cleanup() {
     kill -s SIGTERM $!