diff --git a/.github/workflows/ocis-full-smoke.yml b/.github/workflows/ocis-full-smoke.yml new file mode 100644 index 00000000000..a0f3137518b --- /dev/null +++ b/.github/workflows/ocis-full-smoke.yml @@ -0,0 +1,45 @@ +name: oCIS Full Smoke + +on: + pull_request: + paths: + - "deployments/examples/ocis_full/**" + push: + branches: + - master + paths: + - "deployments/examples/ocis_full/**" + schedule: + - cron: "0 3 * * *" + +jobs: + smoke: + runs-on: ubuntu-latest + timeout-minutes: 20 + defaults: + run: + working-directory: deployments/examples/ocis_full + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Validate compose config + run: docker compose --env-file .env config >/dev/null + + - name: Start default stack + run: docker compose --env-file .env up -d + + - name: Wait for startup + run: sleep 45 + + - name: Show compose status + if: always() + run: docker compose --env-file .env ps + + - name: Show recent compose logs + if: always() + run: docker compose --env-file .env logs --tail 200 + + - name: Tear down stack + if: always() + run: docker compose --env-file .env down -v --remove-orphans diff --git a/.gitignore b/.gitignore index 778edd15ff2..5ea3f3df1d2 100644 --- a/.gitignore +++ b/.gitignore @@ -64,3 +64,5 @@ go.work.sum .envrc CLAUDE.md .claude/ + +.DS_Store diff --git a/deployments/examples/ocis_full/.env b/deployments/examples/ocis_full/.env index 64ff8cdedcb..ce83aff1824 100644 --- a/deployments/examples/ocis_full/.env +++ b/deployments/examples/ocis_full/.env @@ -5,14 +5,15 @@ LOG_DRIVER= # If you're on an internet facing server, comment out following line. # It skips certificate validation for various parts of Infinite Scale and is # needed when self signed certificates are used. -INSECURE=true +INSECURE=false ## Traefik Settings ## # Note: Traefik is always enabled and can't be disabled. # The recommended (and tested) version to pull. If no version is used, it pulls "latest" +# Documentation/manual override only: default compose pins a tag+digest in docker-compose.yml. # release notes: https://github.com/traefik/traefik/releases -TRAEFIK_DOCKER_TAG=v3.6.7 +TRAEFIK_DOCKER_TAG= # Serve Traefik dashboard. # Defaults to "false". TRAEFIK_DASHBOARD= @@ -42,6 +43,7 @@ OCIS=:ocis.yml # For production releases: "owncloud/ocis" # For rolling releases: "owncloud/ocis-rolling" # Defaults to production if not set otherwise +# Documentation/manual override only: default compose pins a tag+digest in ocis*.yml. OCIS_DOCKER_IMAGE=owncloud/ocis # The oCIS container version. # Defaults to "latest" and points to the latest stable tag. @@ -155,6 +157,7 @@ START_ADDITIONAL_SERVICES="notifications" # The importer needs additional COMPANION config, see the following lines for more details. ## The docker image to be used for uppy companion. # owncloud has built a container with public link import support. +# Documentation/manual override only: default compose pins a tag+digest in web_extensions/importer.yml. COMPANION_IMAGE= # Domain of Uppy Companion. Defaults to "companion.owncloud.test". COMPANION_DOMAIN= @@ -172,6 +175,7 @@ COMPANION_ONEDRIVE_SECRET= TIKA=:tika.yml # Set the desired docker image tag or digest. # Defaults to "latest" +# Documentation/manual override only: default compose pins a tag+digest in tika.yml. TIKA_IMAGE= ### IMPORTANT Note for Online Office Apps ### @@ -184,8 +188,9 @@ TIKA_IMAGE= # Note: the leading colon is required to enable the service. COLLABORA=:collabora.yml # The recommended (and tested) version to pull. If no version is used, it pulls "latest" +# Documentation/manual override only: default compose pins a tag+digest in collabora.yml. # release notes: https://www.collaboraonline.com/release-notes/ -COLLABORA_DOCKER_TAG=25.04.8.1.1 +COLLABORA_DOCKER_TAG= # Domain of Collabora, where you can find the frontend. # Defaults to "collabora.owncloud.test" COLLABORA_DOMAIN= @@ -217,6 +222,7 @@ COLLABORA_SSL_VERIFICATION=false #CLAMAV=:clamav.yml # Image version of the ClamAV container. # Defaults to "latest" +# Documentation/manual override only: default compose pins a tag+digest in clamav.yml. CLAMAV_DOCKER_TAG= @@ -227,10 +233,11 @@ CLAMAV_DOCKER_TAG= # For community releases: "onlyoffice/documentserver" # For enterprise releases: "onlyoffice/documentserver-ee" # Defaults to community if not set otherwise +# Documentation/manual override only: default compose pins a tag+digest in onlyoffice.yml. ONLYOFFICE_IMAGE=onlyoffice/documentserver # The recommended (and tested) version to pull. If no version is used, it pulls "latest" # release notes: https://github.com/ONLYOFFICE/DocumentServer/releases -ONLYOFFICE_DOCKER_TAG=9.2.1.1 +ONLYOFFICE_DOCKER_TAG= # EE only: the path to your license file on the host. # To activate a license file, comment ONLYOFFICE_DEACTIVATE_LICENSE. Otherwise, it stay uncommented. @@ -256,8 +263,9 @@ ONLYOFFICE_DOMAIN= # Domain for mail server. Defaults to "mail.owncloud.test". MAIL_SERVER_DOMAIN= # The recommended (and tested) version to pull. If no version is used, it pulls "latest" +# Documentation/manual override only: default compose pins a tag+digest in mailserver.yml. # release notes: https://github.com/axllent/mailpit/releases -MAIL_SERVER_DOCKER_TAG=v1.28.0 +MAIL_SERVER_DOCKER_TAG= ### Debugging - Monitoring ### diff --git a/deployments/examples/ocis_full/clamav.yml b/deployments/examples/ocis_full/clamav.yml index ff577fa1b5f..d7c16f602b2 100644 --- a/deployments/examples/ocis_full/clamav.yml +++ b/deployments/examples/ocis_full/clamav.yml @@ -13,7 +13,8 @@ services: - "clamav-socket:/var/run/clamav" clamav: - image: clamav/clamav:${CLAMAV_DOCKER_TAG:-latest} + image: clamav/clamav:1.5.1@sha256:e4f5060e4ef3f066a4c1234fbe45d8d876635f03b13e41aa679f89792968bc6c + platform: linux/${IMAGE_ARCH:-amd64} # release notes: https://blog.clamav.net networks: ocis-net: diff --git a/deployments/examples/ocis_full/collabora.yml b/deployments/examples/ocis_full/collabora.yml index 7e2c065323f..a486945ce80 100644 --- a/deployments/examples/ocis_full/collabora.yml +++ b/deployments/examples/ocis_full/collabora.yml @@ -12,7 +12,8 @@ services: GRAPH_AVAILABLE_ROLES: "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6" collaboration: - image: ${OCIS_DOCKER_IMAGE:-owncloud/ocis}:${OCIS_DOCKER_TAG:-latest} + image: owncloud/ocis:8.0.0@sha256:41e6d78f43507015e0c34b87bff49ae0744f261a92916f044e47d32067ff18ce + platform: linux/${IMAGE_ARCH:-amd64} networks: ocis-net: depends_on: @@ -49,7 +50,8 @@ services: restart: always collabora: - image: collabora/code:${COLLABORA_DOCKER_TAG:-latest} + image: collabora/code:25.04.8.1.1@sha256:3c58d0e9bae75e4647467d0c7d91cb66f261d3e814709aed590b5c334a04db26 + platform: linux/${IMAGE_ARCH:-amd64} networks: ocis-net: environment: diff --git a/deployments/examples/ocis_full/docker-compose.yml b/deployments/examples/ocis_full/docker-compose.yml index 551b0be9a38..01376890644 100644 --- a/deployments/examples/ocis_full/docker-compose.yml +++ b/deployments/examples/ocis_full/docker-compose.yml @@ -1,7 +1,7 @@ --- services: traefik: - image: traefik:${TRAEFIK_DOCKER_TAG:-latest} + image: traefik:v3.6.7@sha256:a9890c898f379c1905ee5b28342f6b408dc863f08db2dab20e46c267d1ff463a networks: ocis-net: command: diff --git a/deployments/examples/ocis_full/mailserver.yml b/deployments/examples/ocis_full/mailserver.yml index bc2d7397a6f..3db6b57cc15 100644 --- a/deployments/examples/ocis_full/mailserver.yml +++ b/deployments/examples/ocis_full/mailserver.yml @@ -8,7 +8,8 @@ services: NOTIFICATIONS_SMTP_INSECURE: "true" mailserver: - image: axllent/mailpit:${MAIL_SERVER_DOCKER_TAG:-latest} + image: axllent/mailpit:v1.28.0@sha256:c076638db1e15662150be4fb62b8a6e96ef6ba5bde90c838a0239225854830f7 + platform: linux/${IMAGE_ARCH:-amd64} networks: - ocis-net ports: diff --git a/deployments/examples/ocis_full/minio.yml b/deployments/examples/ocis_full/minio.yml index fb650aba935..67386825a2f 100644 --- a/deployments/examples/ocis_full/minio.yml +++ b/deployments/examples/ocis_full/minio.yml @@ -1,7 +1,7 @@ --- services: minio: - image: minio/minio:latest + image: minio/minio:RELEASE.2025-09-07T16-13-09Z@sha256:14cea493d9a34af32f524e538b8346cf79f3321eff8e708c1e2960462bd8936e # release notes: https://github.com/minio/minio/releases networks: ocis-net: diff --git a/deployments/examples/ocis_full/ocis.yml b/deployments/examples/ocis_full/ocis.yml index e22fe6f516a..c1866de7c1a 100644 --- a/deployments/examples/ocis_full/ocis.yml +++ b/deployments/examples/ocis_full/ocis.yml @@ -6,7 +6,7 @@ services: aliases: - ${OCIS_DOMAIN:-ocis.owncloud.test} ocis: - image: ${OCIS_DOCKER_IMAGE:-owncloud/ocis}:${OCIS_DOCKER_TAG:-latest} + image: owncloud/ocis:8.0.0@sha256:41e6d78f43507015e0c34b87bff49ae0744f261a92916f044e47d32067ff18ce # changelog: https://github.com/owncloud/ocis/tree/master/changelog # release notes: https://doc.owncloud.com/ocis_release_notes.html networks: diff --git a/deployments/examples/ocis_full/onlyoffice.yml b/deployments/examples/ocis_full/onlyoffice.yml index 3986c416c2c..980ecd23c6b 100644 --- a/deployments/examples/ocis_full/onlyoffice.yml +++ b/deployments/examples/ocis_full/onlyoffice.yml @@ -7,7 +7,7 @@ services: - ${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} collaboration-oo: - image: ${OCIS_DOCKER_IMAGE:-owncloud/ocis}:${OCIS_DOCKER_TAG:-latest} + image: owncloud/ocis:8.0.0@sha256:41e6d78f43507015e0c34b87bff49ae0744f261a92916f044e47d32067ff18ce networks: ocis-net: depends_on: @@ -45,7 +45,7 @@ services: onlyoffice: # note, you also need to add a volume when using the enterprise version, see below - image: ${ONLYOFFICE_IMAGE:-onlyoffice/documentserver}:${ONLYOFFICE_DOCKER_TAG:-latest} + image: onlyoffice/documentserver:9.2.1.1@sha256:fd00acbbbde3d8b1ead9b933aafa7c2df77e62c48b1b171886e6bef343c13882 networks: ocis-net: entrypoint: diff --git a/deployments/examples/ocis_full/tika.yml b/deployments/examples/ocis_full/tika.yml index 70206a3f020..77406d6eb1f 100644 --- a/deployments/examples/ocis_full/tika.yml +++ b/deployments/examples/ocis_full/tika.yml @@ -1,7 +1,7 @@ --- services: tika: - image: ${TIKA_IMAGE:-apache/tika:latest-full} + image: apache/tika:3.2.3.0-full@sha256:21d8052de04e491ccf66e8680ade4da6f3d453a56d59f740b4167e54167219b7 # release notes: https://tika.apache.org networks: ocis-net: diff --git a/deployments/examples/ocis_full/web_extensions/drawio.yml b/deployments/examples/ocis_full/web_extensions/drawio.yml index 9ae2586735c..6b6c1a7b93d 100644 --- a/deployments/examples/ocis_full/web_extensions/drawio.yml +++ b/deployments/examples/ocis_full/web_extensions/drawio.yml @@ -6,7 +6,7 @@ services: condition: service_completed_successfully drawio-init: - image: owncloud/web-extensions:draw-io-0.3.3 + image: owncloud/web-extensions:draw-io-0.3.3@sha256:57ef8c26e4e811f92e6e2ac784c42969f50ef0ac9e4384dbbf13b12f2a4c1ae4 user: root volumes: - ocis-apps:/apps diff --git a/deployments/examples/ocis_full/web_extensions/externalsites.yml b/deployments/examples/ocis_full/web_extensions/externalsites.yml index 0bc5b050839..6dde661ba65 100644 --- a/deployments/examples/ocis_full/web_extensions/externalsites.yml +++ b/deployments/examples/ocis_full/web_extensions/externalsites.yml @@ -8,7 +8,7 @@ services: condition: service_completed_successfully externalsites-init: - image: owncloud/web-extensions:external-sites-0.3.3 + image: owncloud/web-extensions:external-sites-0.3.3@sha256:88bbc188996ef4d42dbb530da938206e610237e117a5a76d54321437072acb42 user: root volumes: - ocis-apps:/apps diff --git a/deployments/examples/ocis_full/web_extensions/importer.yml b/deployments/examples/ocis_full/web_extensions/importer.yml index a7cdc4b7d36..18fd6688b1e 100644 --- a/deployments/examples/ocis_full/web_extensions/importer.yml +++ b/deployments/examples/ocis_full/web_extensions/importer.yml @@ -14,7 +14,7 @@ services: condition: service_completed_successfully importer-init: - image: owncloud/web-extensions:importer-0.3.2 + image: owncloud/web-extensions:importer-0.3.2@sha256:a813d0678b69473d3bfe127fa1649c5cdaed89cf57619c1b55aa3245e695e003 user: root volumes: - ocis-apps:/apps @@ -23,7 +23,7 @@ services: command: [ "-c", "cp -R /var/lib/nginx/html/importer/ /apps" ] companion: - image: ${COMPANION_IMAGE:-transloadit/companion:5.8.0} + image: ${COMPANION_IMAGE:-transloadit/companion:5.8.0@sha256:65052a640897deb14fdf449fa88a121b8648f0fb06c52a1503fa4b3bb1d2564f} networks: - ocis-net environment: diff --git a/deployments/examples/ocis_full/web_extensions/jsonviewer.yml b/deployments/examples/ocis_full/web_extensions/jsonviewer.yml index 379f508422f..a0d1cf34c7f 100644 --- a/deployments/examples/ocis_full/web_extensions/jsonviewer.yml +++ b/deployments/examples/ocis_full/web_extensions/jsonviewer.yml @@ -6,7 +6,7 @@ services: condition: service_completed_successfully jsonviewer-init: - image: owncloud/web-extensions:json-viewer-0.3.3 + image: owncloud/web-extensions:json-viewer-0.3.3@sha256:1a609676de54153b4d7618413904b12078119a55ca3379ec75cedd1f84544cea user: root volumes: - ocis-apps:/apps diff --git a/deployments/examples/ocis_full/web_extensions/progressbars.yml b/deployments/examples/ocis_full/web_extensions/progressbars.yml index 2c45a9addd3..850c54f1120 100644 --- a/deployments/examples/ocis_full/web_extensions/progressbars.yml +++ b/deployments/examples/ocis_full/web_extensions/progressbars.yml @@ -6,7 +6,7 @@ services: condition: service_completed_successfully progressbars-init: - image: owncloud/web-extensions:progress-bars-0.3.3 + image: owncloud/web-extensions:progress-bars-0.3.3@sha256:8faf230c3c601fb4d212720a0edd86073e292893b032021f951512e78e215390 user: root volumes: - ocis-apps:/apps diff --git a/deployments/examples/ocis_full/web_extensions/unzip.yml b/deployments/examples/ocis_full/web_extensions/unzip.yml index f00d8d10a67..36d6da30e11 100644 --- a/deployments/examples/ocis_full/web_extensions/unzip.yml +++ b/deployments/examples/ocis_full/web_extensions/unzip.yml @@ -6,12 +6,10 @@ services: condition: service_completed_successfully unzip-init: - image: owncloud/web-extensions:unzip-0.4.3 + image: owncloud/web-extensions:unzip-0.4.3@sha256:9fc726645749514c98c6b9b5a7e6315295897ff5c62a538a3ff383a49272160b user: root volumes: - ocis-apps:/apps entrypoint: - /bin/sh command: ["-c", "cp -R /var/lib/nginx/html/unzip/ /apps"] - - diff --git a/renovate.json b/renovate.json new file mode 100644 index 00000000000..32839f6b495 --- /dev/null +++ b/renovate.json @@ -0,0 +1,19 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": ["config:base", "docker:pinDigests"], + "labels": ["dependencies", "docker", "ocis_full"], + "reviewers": ["owncloud/qa"], + "assignees": ["owncloud/qa"], + "timezone": "Europe/Berlin", + "schedule": ["every weekend"], + "prConcurrentLimit": 10, + "packageRules": [ + { + "matchManagers": ["docker-compose"], + "matchFileNames": [ + "^deployments/examples/ocis_full/.*\\.ya?ml$" + ], + "groupName": "ocis_full image updates (tags+digests)" + } + ] +}