-
-
Notifications
You must be signed in to change notification settings - Fork 20
Expand file tree
/
Copy pathDockerfile
More file actions
361 lines (320 loc) · 14.4 KB
/
Dockerfile
File metadata and controls
361 lines (320 loc) · 14.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
# syntax=docker/dockerfile:1
FROM debian:13-slim AS msmtp-builder
ENV MSMTP_VERSION="1.8.32"
ENV MSMTP_GPG_PUBLIC_KEY="2F61B4828BBA779AECB3F32703A2A4AB1E32FD34"
# Install required packages
RUN DEBIAN_FRONTEND=noninteractive apt-get update \
&& apt-get -q -y install --no-install-recommends \
wget ca-certificates libgnutls28-dev xz-utils \
gpg dirmngr gpg-agent libgsasl-dev libsecret-1-dev \
build-essential automake libtool gettext texinfo pkg-config
RUN wget -O /msmtp.tar.xz -nv https://marlam.de/msmtp/releases/msmtp-${MSMTP_VERSION}.tar.xz \
&& wget -O /msmtp.tar.xz.sig -nv https://marlam.de/msmtp/releases/msmtp-${MSMTP_VERSION}.tar.xz.sig \
&& gpg --keyserver hkps://keyserver.ubuntu.com --keyserver-options timeout=10 --recv-keys ${MSMTP_GPG_PUBLIC_KEY} \
&& gpg --verify /msmtp.tar.xz.sig /msmtp.tar.xz \
&& tar -xf /msmtp.tar.xz \
&& cd /msmtp-${MSMTP_VERSION} \
&& ./configure --sysconfdir=/etc \
&& make \
&& make install
#############################################################################
FROM perl:5.42.2 AS builder
ARG RT_VERSION="6.0.2"
ARG RTIR_VERSION="6.0.1"
ENV RT="${RT_VERSION}"
ENV RTIR="${RTIR_VERSION}"
ENV RT_GPG_PUBLIC_KEY="C49B372F2BF84A19011660270DF0A283FEAC80B2"
ARG ADDITIONAL_CPANM_ARGS=""
ENV PERL_CPANM_OPT="--no-interactive -v --no-man-pages ${ADDITIONAL_CPANM_ARGS}"
# use cpanm for dependencies
ENV RT_FIX_DEPS_CMD="cpanm ${PERL_CPANM_OPT}"
# cpan non interactive mode
ENV PERL_MM_USE_DEFAULT=1
# prevent the creation of "perllocal.pod"
ENV NO_PERLLOCAL=1
# Create RT user
RUN groupadd -g 1000 rt && useradd -u 1000 -g 1000 -m -s /bin/bash -d /home/rt rt
# Install required packages
RUN DEBIAN_FRONTEND=noninteractive apt-get update \
&& apt-get -q -y install --no-install-recommends \
ca-certificates wget gnupg graphviz libssl3 zlib1g \
gpg dirmngr gpg-agent libpq-dev libgd3 libexpat1 \
libpq5 w3m elinks links html2text lynx openssl libgd-dev
# Download and extract RT
RUN mkdir -p /src \
# import RT signing key
&& gpg --keyserver hkps://keyserver.ubuntu.com --keyserver-options timeout=10 --recv-keys ${RT_GPG_PUBLIC_KEY} \
# download and extract RT
&& wget -O /src/rt.tar.gz -nv https://download.bestpractical.com/pub/rt/release/rt-${RT}.tar.gz \
&& wget -O /src/rt.tar.gz.asc -nv https://download.bestpractical.com/pub/rt/release/rt-${RT}.tar.gz.asc \
&& gpg --verify /src/rt.tar.gz.asc /src/rt.tar.gz \
&& mkdir -p /src/rt \
&& tar --strip-components=1 -C /src/rt -xzf /src/rt.tar.gz \
# download and extract RTIR
&& wget -O /src/rtir.tar.gz -nv https://download.bestpractical.com/pub/rt/release/RT-IR-${RTIR}.tar.gz \
&& wget -O /src/rtir.tar.gz.asc -nv https://download.bestpractical.com/pub/rt/release/RT-IR-${RTIR}.tar.gz.asc \
&& gpg --verify /src/rtir.tar.gz.asc /src/rtir.tar.gz \
&& mkdir -p /src/rtir \
&& tar --strip-components=1 -C /src/rtir -xzf /src/rtir.tar.gz
# Configure RT
RUN case "${RT_VERSION}" in \
"6."*) \
cd /src/rt \
&& ./configure --prefix=/opt/rt --with-db-type=Pg --enable-gpg --enable-dashboard-chart-emails --enable-graphviz --enable-smime --enable-externalauth --with-web-user=rt --with-web-group=rt --with-rt-group=rt --with-bin-owner=rt --with-libs-owner=rt \
;; \
# older versions for RT 5.0.x
"5."*) \
cd /src/rt \
&& ./configure --prefix=/opt/rt --with-db-type=Pg --enable-gpg --enable-gd --enable-graphviz --enable-smime --enable-externalauth --with-web-user=rt --with-web-group=rt --with-rt-group=rt --with-bin-owner=rt --with-libs-owner=rt \
;; \
esac
# install https support for cpanm
# also disable tests on net http as the live tests often fail
RUN cpanm -n install Net::HTTP LWP::Protocol::https \
# Install Sever::Starter without tests
# as they constanly fail with timeouts and thus break
# the build
# Also install CSS::Inliner so users can use $EmailDashboardInlineCSS
# The other packages are packages with failing tests
&& cpanm -n install Server::Starter CSS::Inliner Cache::Cache Time::ParseDate XML::Simple \
# https://rt.cpan.org/Ticket/Display.html?id=173881
&& cpanm -n install DBIx::SearchBuilder
# Install dependencies
RUN make -C /src/rt fixdeps \
&& make -C /src/rt testdeps \
&& make -C /src/rt install
# Temp fix for https://github.com/plack/Plack/issues/723
RUN cpanm -n Plack@1.0051
ENV PERL5LIB=/opt/rt/lib/
# install extensions and additional tools
RUN cpanm \
# https://metacpan.org/dist/RT-Extension-MergeUsers
RT::Extension::MergeUsers \
# https://metacpan.org/dist/RT-Extension-TerminalTheme
RT::Extension::TerminalTheme \
# https://metacpan.org/dist/RT-Extension-Announce
RT::Extension::Announce \
# https://metacpan.org/dist/RT-Extension-Assets-Import-CSV
RT::Extension::Assets::Import::CSV \
# https://metacpan.org/dist/RT-Extension-Import-CSV
RT::Extension::Import::CSV \
# https://metacpan.org/dist/RT-Extension-CommandByMail
RT::Extension::CommandByMail \
# https://metacpan.org/dist/RT-Extension-ExtractCustomFieldValues
RT::Extension::ExtractCustomFieldValues \
# https://metacpan.org/dist/RT-Extension-JSGantt
RT::Extension::JSGantt \
# https://metacpan.org/dist/RT-Extension-NonWatcherRecipients
RT::Extension::NonWatcherRecipients \
# https://metacpan.org/dist/RTx-TicketlistTransactions
RTx::TicketlistTransactions \
# https://metacpan.org/dist/RTx-RemoteLinks
RTx::RemoteLinks \
# https://metacpan.org/dist/RT-Extension-TicketLocking
RT::Extension::TicketLocking \
# https://metacpan.org/dist/RT-Extension-DynamicWebPath
RT::Extension::DynamicWebPath \
# https://metacpan.org/dist/RT-Authen-OAuth2
RT::Authen::OAuth2 \
# https://metacpan.org/dist/RT-Extension-RepliesToResolved
RT::Extension::RepliesToResolved \
# https://metacpan.org/dist/RT-Extension-ShowTransactionSquelching
RT::Extension::ShowTransactionSquelching \
# https://metacpan.org/dist/RT-Extension-CommentOnCreate
RT::Extension::CommentOnCreate \
# https://github.com/bestpractical/app-wsgetmail
# https://metacpan.org/dist/App-wsgetmail
App::wsgetmail
# extensions for RT 6.0.x
RUN case "${RT_VERSION}" in \
"6."*) \
# https://metacpan.org/dist/RT-Extension-AutomaticAssignment
# no tests here as it would require a database
cpanm -n RT::Extension::AutomaticAssignment \
&& cpanm \
# https://metacpan.org/dist/RT-Extension-MandatoryOnTransition
RT::Extension::MandatoryOnTransition \
# https://metacpan.org/dist/RT-Extension-ExcelFeed
RT::Extension::ExcelFeed \
# https://metacpan.org/dist/RT-Extension-FormTools
RT::Extension::FormTools \
# https://metacpan.org/dist/RT-Extension-RepeatTicket
RT::Extension::RepeatTicket \
# https://metacpan.org/dist/RTx-Calendar
RTx::Calendar \
# https://metacpan.org/dist/RT-Extension-ActivityReports
RT::Extension::ActivityReports \
# https://metacpan.org/dist/RT-Extension-InlineHelp (only for RT 6.0.x)
RT::Extension::InlineHelp \
# https://metacpan.org/dist/RT-Extension-Tags
RT::Extension::Tags \
# https://metacpan.org/dist/RT-Extension-HelpDesk
RT::Extension::HelpDesk \
# https://metacpan.org/dist/RT-Extension-AI (only for RT 6.0.x)
RT::Extension::AI \
# https://metacpan.org/dist/RT-Extension-ChangeManagement
RT::Extension::ChangeManagement \
# https://metacpan.org/dist/RT-Extension-SwitchUsers
RT::Extension::SwitchUsers \
# https://metacpan.org/dist/RT-Extension-ResetPassword
RT::Extension::ResetPassword \
# https://metacpan.org/dist/RT-Extension-Captcha
RT::Extension::Captcha \
# https://metacpan.org/dist/RT-Extension-QuickCalls
RT::Extension::QuickCalls \
# https://metacpan.org/dist/RT-Extension-PreviewInSearch (only for RT 6.0.x)
RT::Extension::PreviewInSearch \
# https://metacpan.org/dist/RT-Extension-AWS-Assets (only for RT 6.0.x)
RT::Extension::AWS::Assets \
;; \
# older versions for RT 5.0.x
"5."*) \
# https://metacpan.org/dist/RT-Extension-AutomaticAssignment
# no tests here as it would require a database
cpanm -n RT::Extension::AutomaticAssignment~">= 1.0000, < 2.0000" \
&& cpanm \
# https://metacpan.org/dist/RT-Extension-MandatoryOnTransition
RT::Extension::MandatoryOnTransition~">= 0.0000, < 1.0000" \
# https://metacpan.org/dist/RT-Extension-ExcelFeed
RT::Extension::ExcelFeed~">= 0.0000, < 1.0000" \
# https://metacpan.org/dist/RT-Extension-FormTools
RT::Extension::FormTools~">= 1.0000, < 2.0000" \
# https://metacpan.org/dist/RT-Extension-RepeatTicket
RT::Extension::RepeatTicket~">= 2.0000, < 3.0000" \
# https://metacpan.org/dist/RTx-Calendar
RTx::Calendar~">= 1.0000, < 2.0000" \
# https://metacpan.org/dist/RT-Extension-ActivityReports
RT::Extension::ActivityReports~">= 1.0000, < 2.0000" \
# https://metacpan.org/dist/RT-Extension-Tags
RT::Extension::Tags~">= 0.0000, < 1.0000" \
# https://metacpan.org/dist/RT-Extension-HelpDesk
RT::Extension::HelpDesk~">= 0.0000, < 1.0000" \
# https://metacpan.org/dist/RT-Extension-ChangeManagement
RT::Extension::ChangeManagement~">= 0.0000, < 1.0000" \
# https://metacpan.org/dist/RT-Extension-SwitchUsers
RT::Extension::SwitchUsers~">= 0.0000, < 1.0000" \
# https://metacpan.org/dist/RT-Extension-ResetPassword
RT::Extension::ResetPassword~">= 1.0000, < 2.0000" \
# https://metacpan.org/dist/RT-Extension-Captcha
RT::Extension::Captcha~">= 1.0000, < 2.0000" \
# https://metacpan.org/dist/RT-Extension-QuickCalls
RT::Extension::QuickCalls~">= 1.0000, < 2.0000" \
;; \
esac
# Configure RTIR
RUN true \
&& cd /src/rtir \
&& perl -I /src/rtir/lib Makefile.PL --defaultdeps \
&& make install
# Dumb fix for HTMX Bug which rt team refuses to fix
# the main page does not honor WebPath and breaks if RT is not installed
# in the webserver root
# RUN true && \
# case "${RT_VERSION}" in \
# "6."*) \
# sed -i 's/hx-get="<% RT::Interface::Web::RequestENV('"'"'REQUEST_URI'"'"') %>"/hx-get="<%RT->Config->Get('"'"'WebPath'"'"')%><% RT::Interface::Web::RequestENV('"'"'REQUEST_URI'"'"') %>"/' /opt/rt/share/html/Elements/Header \
# ;; \
# esac
#############################################################################
FROM perl:5.42.2-slim
LABEL org.opencontainers.image.authors="firefart <firefart@gmail.com>"
LABEL org.opencontainers.image.title="Request Tracker"
LABEL org.opencontainers.image.source="https://github.com/firefart/rt-docker"
LABEL org.opencontainers.image.description="Request Tracker Docker Setup"
# Install required packages
RUN DEBIAN_FRONTEND=noninteractive apt-get update \
&& apt-get -q -y install --no-install-recommends \
procps spawn-fcgi ca-certificates wget curl gnupg graphviz libssl3 \
zlib1g libgd3 libexpat1 libpq5 w3m elinks links html2text lynx openssl cron bash \
libfcgi-bin libgsasl18 libsecret-1-0 tzdata \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# msmtp - disabled for now to use the newer version
# Create RT user
RUN useradd -u 1000 -s /bin/bash -d /home/rt -m rt
# copy msmtp
COPY --from=msmtp-builder /usr/local/bin/msmtp /usr/bin/msmtp
COPY --from=msmtp-builder /usr/local/share/locale /usr/local/share/locale
# copy all needed stuff from the builder image
COPY --from=builder /usr/local/lib/perl5 /usr/local/lib/perl5
COPY --chown=rt:rt --from=builder /opt/rt /opt/rt
# run a final dependency check if we copied all
RUN perl /opt/rt/sbin/rt-test-dependencies --with-pg --with-fastcgi --with-gpg --with-graphviz --with-gd
# uv and uvx (needed for getmail6)
COPY --from=docker.io/astral/uv:latest /uv /uvx /bin/
RUN true \
# msmtp config
&& mkdir -p /msmtp \
&& chown rt:rt /msmtp \
# also fake sendmail for cronjobs
&& ln -s /usr/bin/msmtp /usr/sbin/sendmail \
# getmail
&& mkdir -p /getmail \
&& chown rt:rt /getmail \
# gpg
&& mkdir -p /opt/rt/var/data/gpg \
&& chown rt:rt /opt/rt/var/data/gpg \
# smime
&& mkdir -p /opt/rt/var/data/smime \
&& chown rt:rt /opt/rt/var/data/smime \
# shredder dir
&& mkdir -p /opt/rt/var/data/RT-Shredder \
&& chown rt:rt /opt/rt/var/data/RT-Shredder \
# gpg dirmngr dirs
&& mkdir -p /home/rt/.gnupg \
&& mkdir -p /home/rt/.gnupg/crls.d \
&& chown -R rt:rt /home/rt/.gnupg \
&& chmod 700 /home/rt/.gnupg
# RTIR Database stuff for setup
COPY --chown=rt:rt --from=builder /src/rtir/etc /opt/rtir
# wsgetmail
COPY --chown=rt:rt --from=builder /usr/local/bin/wsgetmail /usr/local/bin/wsgetmail
# remove default cron jobs
RUN rm -f /etc/cron.d/* \
&& rm -f /etc/cron.daily/* \
&& rm -f /etc/cron.hourly/* \
&& rm -f /etc/cron.monthly/* \
&& rm -f /etc/cron.weekly/* \
&& rm -f /var/spool/cron/crontabs/*
COPY --chown=root:root --chmod=0700 cron_entrypoint.sh /root/cron_entrypoint.sh
EXPOSE 9000
# install getmail as the rt user
USER rt
RUN uv tool install getmail6 \
&& uv cache clean
USER root
# link getmail to /usr/bin for backwards compatibility
RUN ln -s /home/rt/.local/bin/getmail /usr/bin/getmail
USER rt
# update PATH
ENV PATH="${PATH}:/opt/rt/sbin:/opt/rt/bin:/home/rt/.local/bin"
WORKDIR /opt/rt/
# spawn-fcgi v1.6.4 (ipv6) - spawns FastCGI processes
# Options:
# -f <path> filename of the fcgi-application (deprecated; ignored if
# <fcgiapp> is given; needs /bin/sh)
# -d <directory> chdir to directory before spawning
# -a <address> bind to IPv4/IPv6 address (defaults to 0.0.0.0)
# -p <port> bind to TCP-port
# -s <path> bind to Unix domain socket
# -M <mode> change Unix domain socket mode (octal integer, default: allow
# read+write for user and group as far as umask allows it)
# -C <children> (PHP only) numbers of childs to spawn (default: not setting
# the PHP_FCGI_CHILDREN environment variable - PHP defaults to 0)
# -F <children> number of children to fork (default 1)
# -b <backlog> backlog to allow on the socket (default 1024)
# -P <path> name of PID-file for spawned process (ignored in no-fork mode)
# -n no fork (for daemontools)
# -v show version
# -?, -h show this help
# (root only)
# -c <directory> chroot to directory
# -S create socket before chroot() (default is to create the socket
# in the chroot)
# -u <user> change to user-id
# -g <group> change to group-id (default: primary group of user if -u
# is given)
# -U <user> change Unix domain socket owner to user-id
# -G <group> change Unix domain socket group to group-id
CMD [ "/usr/bin/spawn-fcgi", "-d", "/opt/rt/", "-p" ,"9000", "-a","0.0.0.0", "-u", "1000", "-n", "--", "/opt/rt/sbin/rt-server.fcgi" ]
HEALTHCHECK --interval=10s --timeout=3s --start-period=10s --retries=3 CMD REQUEST_METHOD=GET REQUEST_URI=/ SCRIPT_NAME=/ cgi-fcgi -connect localhost:9000 -bind || exit 1