diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 28126b78..078c26f2 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,7 +1,5 @@ Closes # - - #### What has been done to verify that this works as intended? #### Why is this the best possible solution? Were any other approaches considered? @@ -12,4 +10,5 @@ Closes # #### Before submitting this PR, please make sure you have: -- [ ] verified that any code or assets from external sources are properly credited in comments or that everything is internally sourced \ No newline at end of file +- [ ] branched off and targeted the `next` branch OR only changed documentation/infrastructure (`master` is stable and used in production) +- [ ] verified that any code or assets from external sources are properly credited in comments or that everything is internally sourced diff --git a/client b/client index 95326b9a..ab0c8ecb 160000 --- a/client +++ b/client @@ -1 +1 @@ -Subproject commit 95326b9ad66ec31c93bdb68c29f8797975d93fd2 +Subproject commit ab0c8ecbf837c7e433b20c7d7d1d2955cc8df1c6 diff --git a/docker-compose.yml b/docker-compose.yml index 2b176674..d96e68d6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,7 +9,7 @@ services: environment: POSTGRES_USER: odk POSTGRES_PASSWORD: odk - POSTGRES_DATABASE: odk + POSTGRES_DB: odk restart: always postgres: # This service upgrades from postgres 9.6 to 14. @@ -25,9 +25,9 @@ services: PGUSER: odk POSTGRES_INITDB_ARGS: -U odk POSTGRES_PASSWORD: odk - POSTGRES_DATABASE: odk + POSTGRES_DB: odk mail: - image: "ixdotai/smtp:v0.5.1" + image: "ixdotai/smtp:v0.5.2" volumes: - ./files/mail/rsa.private:/etc/exim4/dkim.key.temp:ro environment: @@ -102,7 +102,7 @@ services: options: max-file: "30" pyxform: - image: 'ghcr.io/getodk/pyxform-http:v1.12.2' + image: 'ghcr.io/getodk/pyxform-http:v2.0.0' restart: always secrets: volumes: diff --git a/docs/news.html b/docs/news.html index 20b24355..1ebec575 100644 --- a/docs/news.html +++ b/docs/news.html @@ -6,18 +6,18 @@ +
+ 2023/12/18 + + ODK Central v2023.5 + +
2023/09/25 ODK Central v2023.4
-
- 2023/07/06 - - ODK Central v2023.3.1 - -
diff --git a/enketo.dockerfile b/enketo.dockerfile index fff7884c..3cdd107e 100644 --- a/enketo.dockerfile +++ b/enketo.dockerfile @@ -1,6 +1,6 @@ -FROM ghcr.io/enketo/enketo-express:6.2.2 +FROM ghcr.io/enketo/enketo:7.0.0 -ENV ENKETO_SRC_DIR=/srv/src/enketo_express +ENV ENKETO_SRC_DIR=/srv/src/enketo/packages/enketo-express WORKDIR ${ENKETO_SRC_DIR} # we copy the config template twice. eventually we do want to actually template diff --git a/files/enketo/start-enketo.sh b/files/enketo/start-enketo.sh index f4eff90d..b9a43ac0 100755 --- a/files/enketo/start-enketo.sh +++ b/files/enketo/start-enketo.sh @@ -1,7 +1,7 @@ #!/bin/sh CONFIG_PATH=${ENKETO_SRC_DIR}/config/config.json -echo "generating enketo configuration.." +echo "generating enketo configuration..." BASE_URL=$( [ "${HTTPS_PORT}" = 443 ] && echo https://"${DOMAIN}" || echo https://"${DOMAIN}":"${HTTPS_PORT}" ) \ SECRET=$(cat /etc/secrets/enketo-secret) \ @@ -11,5 +11,5 @@ envsubst '$DOMAIN $BASE_URL $SECRET $LESS_SECRET $API_KEY $SUPPORT_EMAIL' \ < "$CONFIG_PATH.template" \ > "$CONFIG_PATH" -echo "starting pm2/enketo.." -exec pm2-runtime app.js -n enketo +echo "starting enketo..." +exec yarn workspace enketo-express start diff --git a/files/postgres14/start-postgres.sh b/files/postgres14/start-postgres.sh index 9e341e52..972c6147 100755 --- a/files/postgres14/start-postgres.sh +++ b/files/postgres14/start-postgres.sh @@ -16,4 +16,4 @@ fi log "Starting postgres..." # call ENTRYPOINT + CMD from parent Docker image -docker-entrypoint.sh postgres +exec docker-entrypoint.sh postgres diff --git a/nginx.dockerfile b/nginx.dockerfile index cced9345..bc5a7881 100644 --- a/nginx.dockerfile +++ b/nginx.dockerfile @@ -1,13 +1,20 @@ -FROM node:18.17 as intermediate +FROM node:20.10-slim as intermediate + +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + git \ + && rm -rf /var/lib/apt/lists/* COPY ./ ./ RUN files/prebuild/write-version.sh ARG OIDC_ENABLED RUN OIDC_ENABLED="$OIDC_ENABLED" files/prebuild/build-frontend.sh + + # when upgrading, look for upstream changes to redirector.conf # also, confirm setup-odk.sh strips out HTTP-01 ACME challenge location -FROM jonasal/nginx-certbot:4.2.0 +FROM jonasal/nginx-certbot:5.0.0 EXPOSE 80 EXPOSE 443 diff --git a/postgres14.dockerfile b/postgres14.dockerfile index cc214fd0..a227a3f3 100644 --- a/postgres14.dockerfile +++ b/postgres14.dockerfile @@ -1,4 +1,4 @@ -FROM postgres:14.9 +FROM postgres:14.10 COPY files/postgres14/start-postgres.sh /usr/local/bin/ @@ -14,4 +14,4 @@ COPY files/postgres14/start-postgres.sh /usr/local/bin/ ENV PGDATA /var/lib/odk/postgresql/14/data ENTRYPOINT [] -CMD start-postgres.sh +CMD ["start-postgres.sh"] \ No newline at end of file diff --git a/secrets.dockerfile b/secrets.dockerfile index b200d26b..91a3013c 100644 --- a/secrets.dockerfile +++ b/secrets.dockerfile @@ -1,2 +1,3 @@ -FROM node:18.17 +FROM node:20.10-slim + COPY files/enketo/generate-secrets.sh ./ diff --git a/server b/server index 63fdf150..983ec81e 160000 --- a/server +++ b/server @@ -1 +1 @@ -Subproject commit 63fdf150e1ed81e3b1059050f7b1ba323931ab24 +Subproject commit 983ec81e69793fdb589ffdc346a16ef977489be4 diff --git a/service.dockerfile b/service.dockerfile index 11f5e280..8c47e998 100644 --- a/service.dockerfile +++ b/service.dockerfile @@ -1,38 +1,69 @@ -ARG node_version=18.17 -FROM node:${node_version} as intermediate +ARG node_version=20.10 + + +FROM node:${node_version}-slim as pgdg +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gpg \ + && rm -rf /var/lib/apt/lists/* \ + && update-ca-certificates +RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ $(grep -oP 'VERSION_CODENAME=\K\w+' /etc/os-release)-pgdg main" \ + | tee /etc/apt/sources.list.d/pgdg.list \ + && curl https://www.postgresql.org/media/keys/ACCC4CF8.asc \ + | gpg --dearmor > /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg + + + +FROM node:${node_version}-slim as intermediate +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + git \ + && rm -rf /var/lib/apt/lists/* COPY . . RUN mkdir /tmp/sentry-versions RUN git describe --tags --dirty > /tmp/sentry-versions/central -WORKDIR server +WORKDIR /server RUN git describe --tags --dirty > /tmp/sentry-versions/server -WORKDIR ../client +WORKDIR /client RUN git describe --tags --dirty > /tmp/sentry-versions/client -FROM node:${node_version} -WORKDIR /usr/odk -RUN apt-get update && apt-get install wait-for-it && rm -rf /var/lib/apt/lists/* +FROM node:${node_version}-slim -RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ $(grep -oP 'VERSION_CODENAME=\K\w+' /etc/os-release)-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list && \ - curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor > /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg && \ - apt-get update && \ - apt-get install -y cron gettext postgresql-client-14 +ARG node_version +LABEL org.opencontainers.image.source="https://github.com/getodk/central" -COPY files/service/crontab /etc/cron.d/odk +WORKDIR /usr/odk COPY server/package*.json ./ - -RUN npm clean-install --omit=dev --legacy-peer-deps --no-audit --fund=false --update-notifier=false +COPY --from=pgdg /etc/apt/sources.list.d/pgdg.list \ + /etc/apt/sources.list.d/pgdg.list +COPY --from=pgdg /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg \ + /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + gpg \ + cron \ + wait-for-it \ + gettext \ + procps \ + postgresql-client-14 \ + netcat-traditional \ + && rm -rf /var/lib/apt/lists/* \ + && npm clean-install --omit=dev --legacy-peer-deps --no-audit \ + --fund=false --update-notifier=false COPY server/ ./ COPY files/service/scripts/ ./ COPY files/service/config.json.template /usr/share/odk/ +COPY files/service/crontab /etc/cron.d/odk COPY files/service/odk-cmd /usr/bin/ COPY --from=intermediate /tmp/sentry-versions/ ./sentry-versions EXPOSE 8383 -