build also RT stable and master from GitHub repo

netsandbox · Jan 7, 2025 · d251446 · d251446
1 parent f871075
commit d251446
Show file tree

Hide file tree

Showing 15 changed files with 246 additions and 68 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -29,6 +29,8 @@ jobs:
         version:
           - '4.4'
           - '5.0'
+          - 'stable'
+          - 'master'
 
     steps:
       - name: Checkout repository
@@ -84,7 +86,7 @@ jobs:
         run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push.outputs.digest }}
 
       - name: Update Docker Hub description
-        if: ${{ matrix.version == '5.0' }}
+        if: ${{ matrix.version == 'master' }}
         uses: peter-evans/dockerhub-description@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
@@ -93,7 +95,7 @@ jobs:
           short-description: ${{ github.event.repository.description }}
 
       - uses: actions/delete-package-versions@v5
-        if: ${{ matrix.version == '5.0' }}
+        if: ${{ matrix.version == 'master' }}
         with:
           package-name: request-tracker
           package-type: container

diff --git a/4.4/Dockerfile b/4.4/Dockerfile
@@ -8,19 +8,20 @@ LABEL org.opencontainers.image.authors="Christian Loos <[email protected]>"
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-RUN gpg --keyserver keyserver.ubuntu.com --recv-keys C49B372F2BF84A19011660270DF0A283FEAC80B2 \
-  && gpg --list-keys
-
 WORKDIR /usr/local/src
 
 # hadolint ignore=DL3003,SC2174
-RUN curl -fsSL \
-    -o rt.tar.gz https://download.bestpractical.com/pub/rt/release/rt-4.4.7.tar.gz \
-    -o rt.tar.gz.asc https://download.bestpractical.com/pub/rt/release/rt-4.4.7.tar.gz.asc \
-  && gpg --verify rt.tar.gz.asc rt.tar.gz \
+RUN curl -fsSL -o rt.tar.gz https://download.bestpractical.com/pub/rt/release/rt-4.4.7.tar.gz \
+  && if [[ "https://download.bestpractical.com/pub/rt/release/rt-4.4.7.tar.gz" =~ ^https://download.bestpractical.com/pub/rt/ ]]; then \
+    curl -fsSL -o rt.tar.gz.asc https://download.bestpractical.com/pub/rt/release/rt-4.4.7.tar.gz.asc; \
+    gpg --keyserver keyserver.ubuntu.com --recv-keys C49B372F2BF84A19011660270DF0A283FEAC80B2; \
+    gpg --list-keys; \
+    gpg --verify rt.tar.gz.asc rt.tar.gz; \
+  fi \
   && tar -xzf rt.tar.gz \
-  && cd rt-4.4.7 \
-  && ./configure \
+  && cd rt-* \
+  && ./configure.ac \
+    --prefix=/opt/rt \
     --enable-developer \
     --enable-externalauth \
     --enable-gd \
@@ -30,17 +31,17 @@ RUN curl -fsSL \
     --with-db-type=SQLite \
     --with-web-handler=standalone \
   && make install \
-  && mkdir --mode=0600 --parents /opt/rt4/var/data/{gpg,smime} \
+  && mkdir --mode=0600 --parents /opt/rt/var/data/{gpg,smime} \
   && make initialize-database \
   && cd .. && rm -rf /usr/local/src/*
 
-WORKDIR /opt/rt4
+WORKDIR /opt/rt
 COPY RT_SiteConfig.pm etc/
 
-VOLUME /opt/rt4
+VOLUME /opt/rt
 
 COPY docker-entrypoint.sh /usr/local/bin/
 ENTRYPOINT ["docker-entrypoint.sh"]
 
 EXPOSE 80
-CMD ["/opt/rt4/sbin/rt-server"]
+CMD ["/opt/rt/sbin/rt-server"]
diff --git a/4.4/docker-entrypoint.sh b/4.4/docker-entrypoint.sh
@@ -14,10 +14,10 @@ sed -i \
   -e "s/RT_MAIL_COMMAND/$RT_MAIL_COMMAND/" \
   -e "s/RT_WEB_DOMAIN/$RT_WEB_DOMAIN/" \
   -e "s/RT_WEB_PORT/$RT_WEB_PORT/" \
-  /opt/rt4/etc/RT_SiteConfig.pm
+  /opt/rt/etc/RT_SiteConfig.pm
 
 if [[ -n "${RT_ROOT_PASSWORD}" ]]; then
-  (echo "${RT_ROOT_PASSWORD}" | /opt/rt4/sbin/rt-passwd root) || [[ $? -gt 1 ]] && exit 1
+  (echo "${RT_ROOT_PASSWORD}" | /opt/rt/sbin/rt-passwd root) || [[ $? -gt 1 ]] && exit 1
 fi
 
 exec "$@"
diff --git a/5.0/Dockerfile b/5.0/Dockerfile
@@ -8,19 +8,20 @@ LABEL org.opencontainers.image.authors="Christian Loos <[email protected]>"
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-RUN gpg --keyserver keyserver.ubuntu.com --recv-keys C49B372F2BF84A19011660270DF0A283FEAC80B2 \
-  && gpg --list-keys
-
 WORKDIR /usr/local/src
 
 # hadolint ignore=DL3003,SC2174
-RUN curl -fsSL \
-    -o rt.tar.gz https://download.bestpractical.com/pub/rt/release/rt-5.0.7.tar.gz \
-    -o rt.tar.gz.asc https://download.bestpractical.com/pub/rt/release/rt-5.0.7.tar.gz.asc \
-  && gpg --verify rt.tar.gz.asc rt.tar.gz \
+RUN curl -fsSL -o rt.tar.gz https://download.bestpractical.com/pub/rt/release/rt-5.0.7.tar.gz \
+  && if [[ "https://download.bestpractical.com/pub/rt/release/rt-5.0.7.tar.gz" =~ ^https://download.bestpractical.com/pub/rt/ ]]; then \
+    curl -fsSL -o rt.tar.gz.asc https://download.bestpractical.com/pub/rt/release/rt-5.0.7.tar.gz.asc; \
+    gpg --keyserver keyserver.ubuntu.com --recv-keys C49B372F2BF84A19011660270DF0A283FEAC80B2; \
+    gpg --list-keys; \
+    gpg --verify rt.tar.gz.asc rt.tar.gz; \
+  fi \
   && tar -xzf rt.tar.gz \
-  && cd rt-5.0.7 \
-  && ./configure \
+  && cd rt-* \
+  && ./configure.ac \
+    --prefix=/opt/rt \
     --enable-developer \
     --enable-externalauth \
     --enable-gd \
@@ -30,17 +31,17 @@ RUN curl -fsSL \
     --with-db-type=SQLite \
     --with-web-handler=standalone \
   && make install \
-  && mkdir --mode=0600 --parents /opt/rt5/var/data/{gpg,smime} \
+  && mkdir --mode=0600 --parents /opt/rt/var/data/{gpg,smime} \
   && make initialize-database \
   && cd .. && rm -rf /usr/local/src/*
 
-WORKDIR /opt/rt5
+WORKDIR /opt/rt
 COPY RT_SiteConfig.pm etc/
 
-VOLUME /opt/rt5
+VOLUME /opt/rt
 
 COPY docker-entrypoint.sh /usr/local/bin/
 ENTRYPOINT ["docker-entrypoint.sh"]
 
 EXPOSE 80
-CMD ["/opt/rt5/sbin/rt-server"]
+CMD ["/opt/rt/sbin/rt-server"]
diff --git a/5.0/docker-entrypoint.sh b/5.0/docker-entrypoint.sh
@@ -14,10 +14,10 @@ sed -i \
   -e "s/RT_MAIL_COMMAND/$RT_MAIL_COMMAND/" \
   -e "s/RT_WEB_DOMAIN/$RT_WEB_DOMAIN/" \
   -e "s/RT_WEB_PORT/$RT_WEB_PORT/" \
-  /opt/rt5/etc/RT_SiteConfig.pm
+  /opt/rt/etc/RT_SiteConfig.pm
 
 if [[ -n "${RT_ROOT_PASSWORD}" ]]; then
-  (echo "${RT_ROOT_PASSWORD}" | /opt/rt5/sbin/rt-passwd root) || [[ $? -gt 1 ]] && exit 1
+  (echo "${RT_ROOT_PASSWORD}" | /opt/rt/sbin/rt-passwd root) || [[ $? -gt 1 ]] && exit 1
 fi
 
 exec "$@"
diff --git a/Dockerfile.template b/Dockerfile.template
@@ -8,19 +8,21 @@ LABEL org.opencontainers.image.authors="Christian Loos <[email protected]>"
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-RUN gpg --keyserver keyserver.ubuntu.com --recv-keys C49B372F2BF84A19011660270DF0A283FEAC80B2 \
-  && gpg --list-keys
-
 WORKDIR /usr/local/src
 
 # hadolint ignore=DL3003,SC2174
-RUN curl -fsSL \
-    -o rt.tar.gz https://download.bestpractical.com/pub/rt/%%RT_RELEASE%%/rt-%%RT_VERSION%%.tar.gz \
-    -o rt.tar.gz.asc https://download.bestpractical.com/pub/rt/%%RT_RELEASE%%/rt-%%RT_VERSION%%.tar.gz.asc \
-  && gpg --verify rt.tar.gz.asc rt.tar.gz \
+RUN curl -fsSL -o rt.tar.gz %%RT_URL%% \
+  && if [[ "%%RT_URL%%" =~ ^https://download.bestpractical.com/pub/rt/ ]]; then \
+    curl -fsSL -o rt.tar.gz.asc %%RT_URL%%.asc; \
+    gpg --keyserver keyserver.ubuntu.com --recv-keys C49B372F2BF84A19011660270DF0A283FEAC80B2; \
+    gpg --list-keys; \
+    gpg --verify rt.tar.gz.asc rt.tar.gz; \
+  fi \
   && tar -xzf rt.tar.gz \
-  && cd rt-%%RT_VERSION%% \
-  && ./configure \
+  && cd rt-* \
+  && echo "%%RT_VERSION_TAG%%.$(date -I)" > .tag \
+  && ./configure.ac \
+    --prefix=/opt/rt \
     --enable-developer \
     --enable-externalauth \
     --enable-gd \
@@ -29,18 +31,19 @@ RUN curl -fsSL \
     --enable-smime \
     --with-db-type=SQLite \
     --with-web-handler=standalone \
+  && RT_FIX_DEPS_CMD=cpanm make fixdeps && rm -rf /root/.cpanm \
   && make install \
-  && mkdir --mode=0600 --parents /opt/rt%%RT_VERSION_MAJOR%%/var/data/{gpg,smime} \
+  && mkdir --mode=0600 --parents /opt/rt/var/data/{gpg,smime} \
   && make initialize-database \
   && cd .. && rm -rf /usr/local/src/*
 
-WORKDIR /opt/rt%%RT_VERSION_MAJOR%%
+WORKDIR /opt/rt
 COPY RT_SiteConfig.pm etc/
 
-VOLUME /opt/rt%%RT_VERSION_MAJOR%%
+VOLUME /opt/rt
 
 COPY docker-entrypoint.sh /usr/local/bin/
 ENTRYPOINT ["docker-entrypoint.sh"]
 
 EXPOSE 80
-CMD ["/opt/rt%%RT_VERSION_MAJOR%%/sbin/rt-server"]
+CMD ["/opt/rt/sbin/rt-server"]
diff --git a/README.md b/README.md
@@ -7,6 +7,8 @@
 
 - [`4.4` (4.4/*Dockerfile*)](https://github.com/cloos/docker-rt/blob/main/4.4/Dockerfile)
 - [`5.0`, `latest` (5.0/*Dockerfile*)](https://github.com/cloos/docker-rt/blob/main/5.0/Dockerfile)
+- [`stable` (stable/*Dockerfile*)](https://github.com/cloos/docker-rt/blob/main/stable/Dockerfile)
+- [`master` (master/*Dockerfile*)](https://github.com/cloos/docker-rt/blob/main/master/Dockerfile)
 
 ## Where is this image available?
 
@@ -19,31 +21,27 @@
 <https://hub.docker.com/r/netsandbox/request-tracker>
 
 The images are signed with [cosign](https://github.com/sigstore/cosign).
-To verrify the signature run:
+To verify the signature run the following command with the respective image tag:
 
 ```shell
 cosign verify \
   --certificate-identity-regexp https://github.com/netsandbox/docker-rt/ \
   --certificate-oidc-issuer https://token.actions.githubusercontent.com \
-  netsandbox/request-tracker:latest \
-  netsandbox/request-tracker:5.0 \
-  netsandbox/request-tracker:4.4
+  netsandbox/request-tracker:latest
 ```
 
 ### GitHub Container Registry
 
 <https://github.com/users/netsandbox/packages/container/package/request-tracker>
 
 The images are signed with [cosign](https://github.com/sigstore/cosign).
-To verrify the signature run:
+To verify the signature run the following command with the respective image tag:
 
 ```shell
 cosign verify \
   --certificate-identity-regexp https://github.com/netsandbox/docker-rt/ \
   --certificate-oidc-issuer https://token.actions.githubusercontent.com \
-  ghcr.io/netsandbox/request-tracker:latest \
-  ghcr.io/netsandbox/request-tracker:5.0 \
-  ghcr.io/netsandbox/request-tracker:4.4
+  ghcr.io/netsandbox/request-tracker:latest
 ```
 
 ## What is Request Tracker?

diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -14,10 +14,10 @@ sed -i \
   -e "s/RT_MAIL_COMMAND/$RT_MAIL_COMMAND/" \
   -e "s/RT_WEB_DOMAIN/$RT_WEB_DOMAIN/" \
   -e "s/RT_WEB_PORT/$RT_WEB_PORT/" \
-  /opt/rt%%RT_VERSION_MAJOR%%/etc/RT_SiteConfig.pm
+  /opt/rt/etc/RT_SiteConfig.pm
 
 if [[ -n "${RT_ROOT_PASSWORD}" ]]; then
-  (echo "${RT_ROOT_PASSWORD}" | /opt/rt%%RT_VERSION_MAJOR%%/sbin/rt-passwd root) || [[ $? -gt 1 ]] && exit 1
+  (echo "${RT_ROOT_PASSWORD}" | /opt/rt/sbin/rt-passwd root) || [[ $? -gt 1 ]] && exit 1
 fi
 
 exec "$@"
diff --git a/master/Dockerfile b/master/Dockerfile
@@ -0,0 +1,49 @@
+#checkov:skip=CKV_DOCKER_2:Ensure that HEALTHCHECK instructions have been added to container images
+#checkov:skip=CKV_DOCKER_3:Ensure that a user for the container has been created
+ARG IMAGE=netsandbox/request-tracker-base
+ARG TAG=latest
+FROM ${IMAGE}:${TAG}
+
+LABEL org.opencontainers.image.authors="Christian Loos <[email protected]>"
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+WORKDIR /usr/local/src
+
+# hadolint ignore=DL3003,SC2174
+RUN curl -fsSL -o rt.tar.gz https://github.com/bestpractical/rt/archive/refs/heads/master.tar.gz \
+  && if [[ "https://github.com/bestpractical/rt/archive/refs/heads/master.tar.gz" =~ ^https://download.bestpractical.com/pub/rt/ ]]; then \
+    curl -fsSL -o rt.tar.gz.asc https://github.com/bestpractical/rt/archive/refs/heads/master.tar.gz.asc; \
+    gpg --keyserver keyserver.ubuntu.com --recv-keys C49B372F2BF84A19011660270DF0A283FEAC80B2; \
+    gpg --list-keys; \
+    gpg --verify rt.tar.gz.asc rt.tar.gz; \
+  fi \
+  && tar -xzf rt.tar.gz \
+  && cd rt-* \
+  && echo "rt-6.0.master.$(date -I)" > .tag \
+  && ./configure.ac \
+    --prefix=/opt/rt \
+    --enable-developer \
+    --enable-externalauth \
+    --enable-gd \
+    --enable-gpg \
+    --enable-graphviz \
+    --enable-smime \
+    --with-db-type=SQLite \
+    --with-web-handler=standalone \
+  && RT_FIX_DEPS_CMD=cpanm make fixdeps && rm -rf /root/.cpanm \
+  && make install \
+  && mkdir --mode=0600 --parents /opt/rt/var/data/{gpg,smime} \
+  && make initialize-database \
+  && cd .. && rm -rf /usr/local/src/*
+
+WORKDIR /opt/rt
+COPY RT_SiteConfig.pm etc/
+
+VOLUME /opt/rt
+
+COPY docker-entrypoint.sh /usr/local/bin/
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+EXPOSE 80
+CMD ["/opt/rt/sbin/rt-server"]
diff --git a/master/RT_SiteConfig.pm b/master/RT_SiteConfig.pm
@@ -0,0 +1,8 @@
+use utf8;
+
+Set($CanonicalizeRedirectURLs, RT_CANONICALIZE_REDIRECT_URLS);
+Set($MailCommand, "RT_MAIL_COMMAND");
+Set($WebDomain, "RT_WEB_DOMAIN");
+Set($WebPort, RT_WEB_PORT);
+
+1;
diff --git a/master/docker-entrypoint.sh b/master/docker-entrypoint.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+set -euo pipefail
+
+: "${RT_CANONICALIZE_REDIRECT_URLS:=0}"
+: "${RT_MAIL_COMMAND:=testfile}"
+: "${RT_WEB_DOMAIN:=localhost}"
+: "${RT_WEB_PORT:=80}"
+
+: "${RT_ROOT_PASSWORD:=}"
+
+sed -i \
+  -e "s/RT_CANONICALIZE_REDIRECT_URLS/$RT_CANONICALIZE_REDIRECT_URLS/" \
+  -e "s/RT_MAIL_COMMAND/$RT_MAIL_COMMAND/" \
+  -e "s/RT_WEB_DOMAIN/$RT_WEB_DOMAIN/" \
+  -e "s/RT_WEB_PORT/$RT_WEB_PORT/" \
+  /opt/rt/etc/RT_SiteConfig.pm
+
+if [[ -n "${RT_ROOT_PASSWORD}" ]]; then
+  (echo "${RT_ROOT_PASSWORD}" | /opt/rt/sbin/rt-passwd root) || [[ $? -gt 1 ]] && exit 1
+fi
+
+exec "$@"