Update push actions

.github/workflows/docker-hub.yml

@@ -0,0 +1,53 @@
+name: Build and Push to Docker Hub
+
+on:
+  push:
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Calculate Tags
+        env:
+          ref: ${{ github.ref }}
+          repo: ${{ github.repository }}
+        run: |
+          ref=${ref##*/}
+          if [[ $ref == master ]]; then
+            tags=$repo:unstable
+          elif [[ $ref =~ ^([0-9.]+)-((([0-9]+[.])[0-9]+[.])([.][0-9+])*)$ ]]; then
+            upstream=${BASH_REMATCH[1]}
+            minor=${BASH_REMATCH[3]}x
+            major=${BASH_REMATCH[4]}x
+            tags=$repo:latest,$repo:$ref,$repo:$upstream-$minor,$repo:$upstream-$major,$repo:$upstream
+          else
+            echo "Bad tag: $ref"
+            exit 1
+          fi
+
+          echo "$tags"
+          echo "build_tags=$tags" >> $GITHUB_ENV
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Build and push
+        id: build
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          push: true
+          tags: ${{ env.build_tags }}
+
+      - name: Update repo description
+        uses: peter-evans/dockerhub-description@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          repository: ${{ github.repository }}

Dockerfile

@@ -1,4 +1,4 @@
-ARG UPSTREAM=2.2.32
+ARG UPSTREAM=2.3.10
 FROM analogic/poste.io:$UPSTREAM
 RUN apt-get update && apt-get install less  # 'less' is Useful for debugging
 

files/etc/cont-init.d/25-bind-hostname.sh

@@ -37,6 +37,10 @@ bindhost=$(hostname)
 sub 'submission_host = .*:587$' "submission_host = $bindhost:587" /etc/dovecot/conf.d/15-lda.conf
 sub '^host.*' "host $bindhost" /etc/msmtprc
 
+# Admin emails should go to the bindhost as well
+sub "%env(MAILER_DSN)%" "smtp://$bindhost:25?verify_peer=0"        /opt/admin/config/packages/mailer.yaml
+sub "MAILER_DSN=.*" "MAILER_DSN=smtp://$bindhost:25?verify_peer=0" /opt/admin/.env
+
 if [[ "$LISTEN_ON" == host ]]; then
 	# No IPs given, just use the hostname
 	sub '__HOST__'        "$bindhost"                 /etc/nginx/sites-enabled/administration

files/patches

@@ -14,9 +14,10 @@
 # loopback interface.
 
 set -eu  # fail on any errors or undefined variables
+shopt -s nullglob
 
 # A tiny DSL for editing files with sed: `~ edit files...; {{ commands }}`
-edit() { local sed; ::block sed-dsl; sed -i -e "$sed" "$@"; }
+edit() { local sed; ::block sed-dsl; if (($#)); then sed -i -e "$sed" "$@"; fi; }
 sed-dsl()    { sed."$@"; }
 sed.sub()    { sed+="s~$1~$2~${3-}"$'\n'; }
 sed.del()    { sed+="${1+/$1/}d"$'\n'; }
@@ -31,7 +32,8 @@ shopt -q expand_aliases||{ unalias -a;shopt -s expand_aliases;};builtin alias +=
 
 # === Upstream bug fixes ===
 
-~ edit opt/admin/src/AppBundle/Resources/views/Box/edit.html.twig; {{
+# Remove this when 2.3.x is stable
+~ edit opt/admin/src/AppBundle/Resources/views/Box/edit.html[.]twig; {{
   # Fix typo
   - sub "refereneId" "referenceId"
 }}
@@ -55,7 +57,10 @@ shopt -q expand_aliases||{ unalias -a;shopt -s expand_aliases;};builtin alias +=
 }}
 
 
-~ edit /opt/admin/src/AppBundle/CommandInternal/DeliverQuarantineCommand.php; {{
+~ edit \
+    /opt/admin/src/AppBundle/CommandInternal/DeliverQuarantineCommand[.]php \
+    /opt/admin/src/Base/CommandInternal/DeliverQuarantineCommand[.]php ;
+{{
   # Quarantine "deliver" / deliver:quarantine should send to host, not localhost
   - sub "\['msmtp', '-f'.*" "['msmtp', '--host', gethostname(), '-f', \$meta['from']];"
 }}
@@ -112,7 +117,7 @@ haraka_sub_web=$sockdir/haraka/web-11381.sock
 
 # The rspamc command needs to reference the web socket explicitly
 
-~ edit /opt/admin/src/AppBundle/Server/System.php; {{
+~ edit /opt/admin/src/AppBundle/Server/System[.]php /opt/admin/src/Base/Server/System[.]php; {{
   - sub "rspamc stat" \
         "rspamc -h $rspam_web stat"
 }}
@@ -136,6 +141,12 @@ haraka_sub_web=$sockdir/haraka/web-11381.sock
         "socket.connect('$quota');"
 }}
 
+# Haraka logs should show the redis socket
+~ edit /usr/lib/node_modules/Haraka/node_modules/haraka-plugin-redis/index.js; {{
+  - sub 'redis://\${opts.host}:\${opts.port}' \
+        'redis://${opts.path}'
+}}
+
 # Haraka web servers need to listen on unix sockets
 
 ~ edit /opt/haraka-smtp/config/http.ini; {{
@@ -156,7 +167,7 @@ haraka_sub_web=$sockdir/haraka/web-11381.sock
 
 ~ edit /etc/redis/redis.conf; {{
   - sub "^port 6379" "port 0"  # disable the localhost port
-  - append "" "unixsocket $redis" "unixsocketperm 777"
+  - append "" "unixsocket $redis" "unixsocketperm 777"  # can be removed as of 2.3.7
 }}
 
 ~ edit /etc/rspamd/local.d/{redis,statistic}.conf; {{
@@ -168,7 +179,7 @@ haraka_sub_web=$sockdir/haraka/web-11381.sock
   - sub '-h "127.0.0.1"' "-s '$redis'";
 }}
 
-~ edit /bin/clear-idle-connections; {{
+~ edit /bin/clear[-]idle-connections; {{  # can be removed as of 2.3.7
   - sub "redis-cli'" "redis-cli', '-s', '$redis'"
 }}
 
@@ -176,7 +187,7 @@ haraka_sub_web=$sockdir/haraka/web-11381.sock
   - sub "redis-cli" "redis-cli -s '$redis'"
 }}
 
-~ edit /opt/admin/src/AppBundle/Resources/config/services.yml; {{
+~ edit /opt/admin/src/AppBundle/Resources/config/services[.]yml /opt/admin/config/services_base[.]yaml; {{
   - sub '^  Predis\\Client: .*$' \
          '  Predis\\Client: { arguments: [ "unix:'"$redis"'" ] }'
 
@@ -187,8 +198,10 @@ haraka_sub_web=$sockdir/haraka/web-11381.sock
 # === Support Roundcube plugins and persistent encryption key
 
 # Load 48-digit hex des_key from DES_KEY
-~ edit /etc/cont-init.d/20-apply-server-config; {{
-  - sub '[$]key = bin2hex' '$key = getenv("DES_KEY") ?: bin2hex'
+~ edit /etc/cont-init.d/{20-apply-server-config,97[-]randoms}; {{
+  + range 'roundcube' 'preg_replace'; {{
+    - sub '[$]key = bin2hex' '$key = getenv("DES_KEY") ?: bin2hex'
+  }}
 }}
 
 # Autoload roundcube plugins from /data/roundcube/installed-plugins