Commit graph

37 commits

Author SHA1 Message Date
Frédéric Guillot
bd573957e0 Debian packages are failing to build
Error seen on GitHub Actions:

```
-buildmode=pie requires external (cgo) linking, but cgo is not enabled
```
2024-02-07 21:35:06 -08:00
Frédéric Guillot
aa30c35e7e Use numeric UID in Alpine Docker image
Same as PR #2332
2024-02-05 20:49:25 -08:00
Sheogorath
552fb3e4cc Fix non-numeric UID
This patch adjusts the distroless image to use the predefined non-root UID, which uses explicit UID definitions. This allows orchestrators like Kubernetes to validate non-zero UIDs directly by checking the Image metadata.

The previous setup without an explicit `runAsUser` in the securityContext would produce the following error when enabling `runAsNonRoot`:

```
Error: container has runAsNonRoot and image has non-numeric user (nonroot), cannot verify user is non-root (pod: "miniflux-97cc5955f-pt7vf_miniflux(d1c56d29-ea0a-407c-b3f3-9821fbd7ee61)", container: miniflux)
```
2024-02-04 21:32:42 -08:00
Frédéric Guillot
2842017b59 Strip version prefix when building Debian package 2023-10-17 09:26:43 -07:00
Frédéric Guillot
168a870c02 Move internal packages to an internal folder
For reference: https://go.dev/doc/go1.4#internalpackages
2023-08-10 20:29:34 -07:00
Frédéric Guillot
c234903255 Rename Miniflux package name to follow Go module naming convention
For reference: https://go.dev/ref/mod#major-version-suffixes
2023-08-09 22:10:44 -07:00
Frédéric Guillot
c980dfe434 Update RockyLinux image from 8 to 9
Closes #2010
2023-08-09 21:11:38 -07:00
Frédéric Guillot
859b4466ab Upgrade to Go 1.21 2023-08-09 20:02:37 -07:00
Frédéric Guillot
df472254d3 Use RockyLinux to build RPM package 2023-06-23 20:56:53 -07:00
Frédéric Guillot
257ef7e573 Disable CGO when building RPM package 2023-06-22 21:22:44 -07:00
Frédéric Guillot
30288fec8d Disable CGO when building Docker images 2023-06-22 21:19:44 -07:00
George Angelopoulos
79357a527f Use $(...) notation instead of legacy backticked ...
This is based on a shellcheck recommendation.
https://www.shellcheck.net/wiki/SC2006
2022-11-12 20:30:44 -08:00
George Angelopoulos
1e16e19d11 use dirs file for debian package
Instead of running mkdir from debian/rules, the native way to create the
necessary directories is with the dirs file which is read by the
dh_installdirs helper script.

See:
* https://www.debian.org/doc/manuals/maint-guide/dother.en.html#dirs
* dh_installdirs(1) manual page

I am not aware of any specific problems that could arise from doing it
manually instead of using dh_installdirs. But sticking to the native
approach might be a good idea.
2022-11-12 20:30:44 -08:00
Frédéric Guillot
9ba15e9649 Build RPM and Debian packages on GitHub Actions 2022-07-30 20:11:21 -07:00
Frédéric Guillot
79df37ac1e Fix RPM Dockerfile packager 2022-05-27 20:47:14 -07:00
Frédéric Guillot
02e975d3f3 Add distroless Docker image variant 2022-03-15 22:55:31 -07:00
Thiago Perrotta
bab7734582 packaging: add Documentation to systemd service
c.f. https://www.freedesktop.org/software/systemd/man/systemd.directives.html#Documentation=
2022-01-17 13:23:19 -08:00
Ilya Mateyko
527c5f49cb packaging: remove SystemCallFilter from miniflux.service
`SystemCallFilter=@system-service` is not supported on older systemd versions and causes crashes on them.

Fixes #1297.
2021-12-23 17:52:13 -08:00
Ilya Mateyko
47b47cc32c Tighten systemd sandboxing and update comments in miniflux.service 2021-12-16 10:33:09 -08:00
Arsenović Arsen
ec4e8710f2
packaging: add RuntimeDirectory to systemd service 2021-12-15 20:49:02 -08:00
Frédéric Guillot
423e06cbe8 Build RPM and Debian package with PIE mode enabled 2021-09-25 16:16:47 -07:00
Frédéric Guillot
012eb61c52 Tweak watchdog 2021-05-22 20:25:38 -07:00
Frédéric Guillot
c4a56105ca Add Systemd watchdog 2021-05-22 18:46:15 -07:00
Ilya Mateyko
89c1b3b4d8 Systemd readiness notification
This change implements the systemd readiness notification, using
the sd_notify protocol.

See https://www.freedesktop.org/software/systemd/man/sd_notify.html.
2021-03-16 20:14:43 -07:00
Frédéric Guillot
20ec435d6d Move healthcheck from Dockerfile to docker-compose because it's optional 2021-02-22 21:47:30 -08:00
Frédéric Guillot
bbf93430b7 Add more extensive healthcheck support
- Add new cli argument: -healthcheck
- Add HEALTHCHECK instruction to Dockerfile
- Update Docker Compose examples
2021-02-20 12:58:04 -08:00
Frédéric Guillot
6b7ffe0e26 Add Open Containers annotations to Docker image 2021-02-13 16:27:23 -08:00
Dave Marquard
0bece2df7d
Database backed LetsEncrypt certificate cache (#993) 2021-01-29 18:44:40 -08:00
Ilya Mateyko
b45c1cf327 Use systemctl edit for editing systemd config file
This is safer than directly editing the package-supplied version.

See https://wiki.archlinux.org/index.php/Systemd#Editing_provided_units.
2021-01-25 21:23:45 -08:00
Jean Paul Galea
94eaf0e254 Modify systemd service file
Better support to run miniflux with Let's Encrypt, without a reverse proxy.
2020-12-29 21:08:40 -08:00
Frédéric Guillot
eb77fcfb72 systemd: keep /run writeable
Folks using a unix socket could use /run/miniflux/miniflux.sock without permission issue
2020-11-09 21:13:03 -08:00
Frédéric Guillot
5e59fcbd4f debian package: add missing post-install script
The miniflux user is not created on new installations
2020-11-09 20:42:12 -08:00
Mark Woodbridge
1eb239bf88 Reinstate EXPOSE instruction
This ensures that the relevant port is published when using `docker run -P`, Traefik's Docker integration etc
2020-11-04 13:38:45 -08:00
Frédéric Guillot
b539eb8575 Fix auto-generated version (git describe) 2020-11-03 15:14:57 -08:00
Frédéric Guillot
73d73dc61e Move Debian package builder to main repo 2020-10-18 21:28:42 -07:00
Frédéric Guillot
578cd8b24b Move RPM build files to main repository 2020-10-18 16:20:00 -07:00
Frédéric Guillot
6e20d37dda Build multi-platform images with Docker Buildx 2020-10-18 15:09:47 -07:00