diff --git a/Dockerfile b/Dockerfile index 75cf4a0..b857428 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine:3.20 AS buildstage +FROM ghcr.io/linuxserver/baseimage-alpine:3.21 AS buildstage # set version label ARG PLANKA_RELEASE @@ -46,7 +46,7 @@ RUN \ $HOME/.npm \ /tmp/* -FROM ghcr.io/linuxserver/baseimage-alpine:3.20 +FROM ghcr.io/linuxserver/baseimage-alpine:3.21 ARG BUILD_DATE ARG VERSION @@ -54,17 +54,22 @@ ARG PLANKA_RELEASE LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}" LABEL maintainer="thespad" -RUN \ - apk add --no-cache \ - nodejs \ - postgresql16-client && \ - printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version - COPY --from=buildstage /build/server/ /app COPY --from=buildstage /build/server/.env.sample /app/.env COPY --from=buildstage /build/client/build /app/public/ COPY --from=buildstage /build/client/build/index.html /app/views/index.ejs +RUN \ + apk add --no-cache \ + nodejs \ + postgresql16-client && \ + printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \ + echo "**** create symlinks ****" && \ + /bin/bash -c \ + 'dst=(user-avatars project-background-images attachments logs); \ + src=(public/user-avatars public/project-background-images private/attachments logs); \ + for i in "${!src[@]}"; do rm -rf /app/"${src[i]}" && ln -s /config/"${dst[i]}" /app/"${src[i]}"; done' + # copy local files COPY root/ / diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 837379e..15fd0be 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.20 AS buildstage +FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.21 AS buildstage # set version label ARG PLANKA_RELEASE @@ -46,7 +46,7 @@ RUN \ $HOME/.npm \ /tmp/* -FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.20 +FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.21 ARG BUILD_DATE ARG VERSION @@ -54,17 +54,22 @@ ARG PLANKA_RELEASE LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}" LABEL maintainer="thespad" -RUN \ - apk add --no-cache \ - nodejs \ - postgresql16-client && \ - printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version - COPY --from=buildstage /build/server/ /app COPY --from=buildstage /build/server/.env.sample /app/.env COPY --from=buildstage /build/client/build /app/public/ COPY --from=buildstage /build/client/build/index.html /app/views/index.ejs +RUN \ + apk add --no-cache \ + nodejs \ + postgresql16-client && \ + printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \ + echo "**** create symlinks ****" && \ + /bin/bash -c \ + 'dst=(user-avatars project-background-images attachments logs); \ + src=(public/user-avatars public/project-background-images private/attachments logs); \ + for i in "${!src[@]}"; do rm -rf /app/"${src[i]}" && ln -s /config/"${dst[i]}" /app/"${src[i]}"; done' + # copy local files COPY root/ / diff --git a/README.md b/README.md index b997e7d..94b8610 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,14 @@ Copy your `user-avatars`, `project-background-images`, and `attachments` folders └── user-avatars ``` +## Read-Only Operation + +This image can be run with a read-only container filesystem. For details please [read the docs](https://docs.linuxserver.io/misc/read-only/). + +## Non-Root Operation + +This image can be run with a non-root user. For details please [read the docs](https://docs.linuxserver.io/misc/non-root/). + ## Usage To help you get started creating a container from this image you can either use docker-compose or the docker cli. @@ -148,6 +156,8 @@ Containers are configured using parameters passed at runtime (such as those abov | `-e SECRET_KEY=notasecretkey` | Session encryption key, recommended 32-64 character alphanumeric. | | `-e TRUST_PROXY=0` | Set to `1` to trust upstream proxies if reverse proxying. | | `-v /config` | Local path for planka config files. | +| `--read-only=true` | Run container with a read-only filesystem. Please [read the docs](https://docs.linuxserver.io/misc/read-only/). | +| `--user=1000:1000` | Run container with a non-root user. Please [read the docs](https://docs.linuxserver.io/misc/non-root/). | ## Environment variables from files (Docker secrets) @@ -311,5 +321,6 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **12.01.25:** - Update default user docs. * **18.09.24:** - Update default user docs. * **12.09.24:** - Initial Release. diff --git a/readme-vars.yml b/readme-vars.yml index beb6426..a0ce065 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -29,6 +29,8 @@ param_volumes: param_usage_include_ports: true param_ports: - {external_port: "1337", internal_port: "1337", port_desc: "Planka web UI."} +readonly_supported: true +nonroot_supported: true # application setup block app_setup_block_enabled: true app_setup_block: | @@ -91,5 +93,6 @@ init_diagram: | "planka:latest" <- Base Images # changelog changelogs: + - {date: "12.01.25:", desc: "Update default user docs."} - {date: "18.09.24:", desc: "Update default user docs."} - {date: "12.09.24:", desc: "Initial Release."} diff --git a/root/etc/s6-overlay/s6-rc.d/init-planka-config/run b/root/etc/s6-overlay/s6-rc.d/init-planka-config/run index 8ffc4ec..1c557a4 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-planka-config/run +++ b/root/etc/s6-overlay/s6-rc.d/init-planka-config/run @@ -3,18 +3,21 @@ cd /app || exit 1 +mkdir -p /config/logs + if [[ -n ${DATABASE_URL} ]]; then DB_HOST=$(echo "${DATABASE_URL}" | awk -F '@' '{print $NF}' | awk -F ':' '{print $1}' | awk -F '/' '{print $1}') DB_PORT=$(echo "${DATABASE_URL}" | awk -F '@' '{print $NF}' | awk -F ':' '{print $2}' | awk -F '/' '{print $1}') + DB_USER=$(echo "${DATABASE_URL}" | awk -F '@' '{print $1}' | awk -F '//' '{print $2}' | awk -F ':' '{print $1}') if [[ ! ${DB_PORT} =~ [0-9]+ ]]; then DB_PORT="5432"; fi echo "Waiting for DB ${DB_HOST} to become available on port ${DB_PORT}..." END=$((SECONDS + 30)) while [[ ${SECONDS} -lt ${END} ]] && [[ -n "${DB_HOST+x}" ]]; do - if pg_isready -h "${DB_HOST}" -p "${DB_PORT}" -q; then - if [[ ! -f /dbwait.lock ]]; then + if pg_isready -h "${DB_HOST}" -p "${DB_PORT}" -U "${DB_USER}" -q; then + if [[ ! -f /run/dbwait.lock ]]; then sleep 5 fi - touch /dbwait.lock + touch /run/dbwait.lock break else sleep 1 @@ -25,27 +28,13 @@ else sleep infinity fi -TZ=UTC s6-setuidgid abc node db/init.js - -symlinks=( - /app/public/user-avatars - /app/public/project-background-images - /app/private/attachments -) - -shopt -s globstar dotglob - -for i in "${symlinks[@]}"; do - if [[ ! -L "$i" ]]; then - mkdir -p /config/"$(basename "$i")" - rm -rf "$i" - ln -s /config/"$(basename "$i")" "$i" - fi -done - -shopt -u globstar dotglob - -# permissions -lsiown -R abc:abc \ - /config +echo "Migrating database..." +if [[ -z ${LSIO_NON_ROOT_USER} ]]; then + TZ=UTC s6-setuidgid abc node db/init.js + # permissions + lsiown -R abc:abc \ + /config +else + TZ=UTC node db/init.js +fi diff --git a/root/etc/s6-overlay/s6-rc.d/svc-planka/run b/root/etc/s6-overlay/s6-rc.d/svc-planka/run index 46dc000..8062318 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-planka/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-planka/run @@ -6,6 +6,12 @@ export NODE_ENV=production # See https://github.com/plankanban/planka/issues/253 export TZ=UTC -HOME=/config exec \ - s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 1337" \ - cd /app s6-setuidgid abc node app.js --prod +if [[ -z ${LSIO_NON_ROOT_USER} ]]; then + HOME=/config exec \ + s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 1337" \ + cd /app s6-setuidgid abc node app.js --prod +else + HOME=/config exec \ + s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 1337" \ + cd /app node app.js --prod +fi