b2607979ab
This updates changes how Etherpad is built and how authentication is managed for API requests. This ends up changing a lot of our tooling around etherpad but etherpad itself (other than the auth changes) doesn't seem to change much. In response to this I update our admin docs on common api tasks to use the new process. Then update our testinfra testing as well to cover that to ensure it all continues to work properly after this change. Note the Dockerfile updates are all adapted from upstream. I'm actually not fond of the decisions they have made in this image build, but being in sync is probably more important than fixing the multistage builds and being different. This change jumps us from v1.9.7 to 2.0.3 (covers releases 2.0.0, 2.0.1, and 2.0.2 too). A changelog can be found here: https://github.com/ether/etherpad-lite/blob/v2.0.3/CHANGELOG.md Change-Id: Ia7c4f26d893b4fc4a178262e1a6b9f3fa80d2a5c
185 lines
5.7 KiB
Docker
185 lines
5.7 KiB
Docker
# Copyright (c) 2020 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
# implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Adapted from the upstream Dockerfile because they haven't kept up with
|
|
# recent releases.
|
|
|
|
# Etherpad Lite Dockerfile
|
|
#
|
|
# https://github.com/ether/etherpad-lite
|
|
#
|
|
# Author: muxator
|
|
|
|
# We set defaults here so that we can make use of them in different
|
|
# stages of the multi stage build.
|
|
ARG EP_DIR=/opt/etherpad-lite
|
|
ARG SETTINGS=./settings.json.docker
|
|
ARG ETHERPAD_PLUGINS="ep_headings"
|
|
|
|
FROM node:20-bookworm-slim as adminBuild
|
|
ARG EP_DIR
|
|
WORKDIR "${EP_DIR}"
|
|
|
|
RUN export DEBIAN_FRONTEND=noninteractive; \
|
|
apt-get -qq update && \
|
|
apt-get -qq dist-upgrade && \
|
|
apt-get -qq --no-install-recommends install ca-certificates git && \
|
|
apt-get -qq clean && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
RUN git clone https://github.com/ether/etherpad-lite ${EP_DIR}
|
|
RUN git checkout v2.0.3
|
|
RUN cd ./admin && npm install -g pnpm && pnpm install && pnpm run build --outDir ./dist
|
|
RUN cd ./ui && pnpm install && pnpm run build --outDir ./dist
|
|
|
|
|
|
FROM node:20-bookworm-slim as build
|
|
LABEL maintainer="infra-root@openstack.org"
|
|
|
|
# Set these arguments when building the image from behind a proxy
|
|
ARG http_proxy=
|
|
ARG https_proxy=
|
|
ARG no_proxy=
|
|
|
|
ARG TIMEZONE=
|
|
|
|
RUN \
|
|
[ -z "${TIMEZONE}" ] || { \
|
|
ln -sf /usr/share/zoneinfo/"${TIMEZONE#/usr/share/zoneinfo/}" /etc/localtime; \
|
|
dpkg-reconfigure -f noninteractive tzdata; \
|
|
}
|
|
ENV TIMEZONE=${TIMEZONE}
|
|
|
|
# Control the configuration file to be copied into the container.
|
|
# We bind mount over this file
|
|
ARG SETTINGS
|
|
|
|
# plugins to install while building the container. By default no plugins are
|
|
# installed.
|
|
# If given a value, it has to be a space-separated, quoted list of plugin names.
|
|
#
|
|
# EXAMPLE:
|
|
# ETHERPAD_PLUGINS="ep_codepad ep_author_neat"
|
|
ARG ETHERPAD_PLUGINS
|
|
|
|
# local plugins to install while building the container. By default no plugins are
|
|
# installed.
|
|
# If given a value, it has to be a space-separated, quoted list of plugin names.
|
|
#
|
|
# EXAMPLE:
|
|
# ETHERPAD_LOCAL_PLUGINS="../ep_my_plugin ../ep_another_plugin"
|
|
ARG ETHERPAD_LOCAL_PLUGINS=
|
|
|
|
# Control whether abiword will be installed, enabling exports to DOC/PDF/ODT formats.
|
|
# By default, it is not installed.
|
|
# If given any value, abiword will be installed.
|
|
#
|
|
# EXAMPLE:
|
|
# INSTALL_ABIWORD=true
|
|
ARG INSTALL_ABIWORD=
|
|
|
|
# Control whether libreoffice will be installed, enabling exports to DOC/PDF/ODT formats.
|
|
# By default, it is not installed.
|
|
# If given any value, libreoffice will be installed.
|
|
#
|
|
# EXAMPLE:
|
|
# INSTALL_LIBREOFFICE=true
|
|
ARG INSTALL_SOFFICE=
|
|
|
|
# Follow the principle of least privilege: run as unprivileged user.
|
|
#
|
|
# Running as non-root enables running this image in platforms like OpenShift
|
|
# that do not allow images running as root.
|
|
#
|
|
# If any of the following args are set to the empty string, default
|
|
# values will be chosen.
|
|
ARG EP_HOME=
|
|
ARG EP_UID=5001
|
|
ARG EP_GID=0
|
|
ARG EP_SHELL=
|
|
|
|
RUN groupadd --system ${EP_GID:+--gid "${EP_GID}" --non-unique} etherpad && \
|
|
useradd --system ${EP_UID:+--uid "${EP_UID}" --non-unique} --gid etherpad \
|
|
${EP_HOME:+--home-dir "${EP_HOME}"} --create-home \
|
|
${EP_SHELL:+--shell "${EP_SHELL}"} etherpad
|
|
|
|
ARG EP_DIR
|
|
RUN mkdir -p "${EP_DIR}" && chown etherpad:etherpad "${EP_DIR}"
|
|
|
|
# the mkdir is needed for configuration of openjdk-11-jre-headless, see
|
|
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863199
|
|
RUN export DEBIAN_FRONTEND=noninteractive; \
|
|
mkdir -p /usr/share/man/man1 && \
|
|
npm install pnpm -g && \
|
|
apt-get -qq update && \
|
|
apt-get -qq dist-upgrade && \
|
|
apt-get -qq --no-install-recommends install \
|
|
ca-certificates \
|
|
curl \
|
|
git \
|
|
${INSTALL_ABIWORD:+abiword} \
|
|
${INSTALL_SOFFICE:+libreoffice} \
|
|
&& \
|
|
apt-get -qq clean && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
USER etherpad
|
|
|
|
RUN git clone https://github.com/ether/etherpad-lite ${EP_DIR}
|
|
WORKDIR "${EP_DIR}"
|
|
RUN git checkout v2.0.3
|
|
|
|
FROM build as development
|
|
ARG ETHERPAD_PLUGINS
|
|
|
|
COPY --chown=etherpad:etherpad --from=adminBuild /opt/etherpad-lite/admin/dist ./src/templates/admin
|
|
COPY --chown=etherpad:etherpad --from=adminBuild /opt/etherpad-lite/ui/dist ./src/static/oidc
|
|
|
|
RUN bin/installDeps.sh && \
|
|
if [ ! -z "${ETHERPAD_PLUGINS}" ] || [ ! -z "${ETHERPAD_LOCAL_PLUGINS}" ]; then \
|
|
pnpm run install-plugins ${ETHERPAD_PLUGINS} ${ETHERPAD_LOCAL_PLUGINS:+--path ${ETHERPAD_LOCAL_PLUGINS}}; \
|
|
fi
|
|
|
|
|
|
FROM build as production
|
|
ARG EP_DIR
|
|
ARG SETTINGS
|
|
ARG ETHERPAD_PLUGINS
|
|
|
|
ENV NODE_ENV=production
|
|
ENV ETHERPAD_PRODUCTION=true
|
|
|
|
COPY --chown=etherpad:etherpad --from=adminBuild /opt/etherpad-lite/admin/dist ./src/templates/admin
|
|
COPY --chown=etherpad:etherpad --from=adminBuild /opt/etherpad-lite/ui/dist ./src/static/oidc
|
|
|
|
RUN bin/installDeps.sh && rm -rf ~/.npm && rm -rf ~/.local && rm -rf ~/.cache && \
|
|
if [ ! -z "${ETHERPAD_PLUGINS}" ] || [ ! -z "${ETHERPAD_LOCAL_PLUGINS}" ]; then \
|
|
pnpm run install-plugins ${ETHERPAD_PLUGINS} ${ETHERPAD_LOCAL_PLUGINS:+--path ${ETHERPAD_LOCAL_PLUGINS}}; \
|
|
fi
|
|
|
|
|
|
# Copy the configuration file.
|
|
COPY --chown=etherpad:etherpad ${SETTINGS} "${EP_DIR}"/settings.json
|
|
|
|
# Fix group permissions
|
|
RUN chmod -R g=u .
|
|
|
|
USER etherpad
|
|
|
|
HEALTHCHECK --interval=5s --timeout=3s \
|
|
CMD curl --silent http://localhost:9001/health | grep -E "pass|ok|up" > /dev/null || exit 1
|
|
|
|
EXPOSE 9001
|
|
CMD ["pnpm", "run", "prod"]
|