Merge branch 'main' of ssh://kolaente.dev:9022/vlasov-y/api

Added tini

Dockerfile

@@ -1,51 +1,39 @@
+# syntax=docker/dockerfile:1
+#  ┬─┐┬ ┐o┬  ┬─┐
+#  │─││ │││  │ │
+#  ┘─┘┘─┘┘┘─┘┘─┘
 
-##############
-# Build stage
-FROM --platform=$BUILDPLATFORM techknowlogick/xgo:go-1.19.2 AS build-env
+FROM techknowlogick/xgo:go-1.19.2 AS builder
 
-RUN \
-  go install github.com/magefile/mage@latest && \
-  mv /go/bin/mage /usr/local/go/bin
+RUN go install github.com/magefile/mage@latest && \
+    mv /go/bin/mage /usr/local/go/bin
 
-ARG VIKUNJA_VERSION
-
-# Setup repo
-COPY . /go/src/code.vikunja.io/api
 WORKDIR /go/src/code.vikunja.io/api
+COPY . ./
 
 ARG TARGETOS TARGETARCH TARGETVARIANT
-# Checkout version if set
-RUN if [ -n "${VIKUNJA_VERSION}" ]; then git checkout "${VIKUNJA_VERSION}"; fi && \
-  mage build:clean && \
-  mage release:xgo $TARGETOS/$TARGETARCH/$TARGETVARIANT
 
-###################
+RUN mage build:clean && \
+    mage release:xgo "${TARGETOS}/${TARGETARCH}/${TARGETVARIANT}"
+
+#  ┬─┐┬ ┐┌┐┐┌┐┐┬─┐┬─┐
+#  │┬┘│ │││││││├─ │┬┘
+#  ┘└┘┘─┘┘└┘┘└┘┴─┘┘└┘
+
 # The actual image
 # Note: I wanted to use the scratch image here, but unfortunatly the go-sqlite bindings require cgo and
 # because of this, the container would not start when I compiled the image without cgo.
-FROM alpine:3.16
+FROM alpine:3.16 AS runner
 LABEL maintainer="maintainers@vikunja.io"
+WORKDIR /app/vikunja
+ENTRYPOINT [ "/sbin/tini", "-g", "--", "/entrypoint.sh" ]
 
-WORKDIR /app/vikunja/
-COPY --from=build-env /build/vikunja-* vikunja
 ENV VIKUNJA_SERVICE_ROOTPATH=/app/vikunja/
-
-# Dynamic permission changing stuff
 ENV PUID 1000
 ENV PGID 1000
-RUN apk --no-cache add shadow && \
-  addgroup -g ${PGID} vikunja && \
-  adduser -s /bin/sh -D -G vikunja -u ${PUID} vikunja -h /app/vikunja -H && \
-  chown vikunja -R /app/vikunja
-COPY run.sh /run.sh
 
-# Add time zone data
-RUN apk --no-cache add tzdata
+RUN apk --update --no-cache add tzdata tini
+COPY docker/entrypoint.sh /entrypoint.sh
+RUN chmod 0755 /entrypoint.sh && mkdir files
 
-# Files permissions
-RUN mkdir /app/vikunja/files && \
-  chown -R vikunja /app/vikunja/files
-VOLUME /app/vikunja/files
-
-CMD ["/run.sh"]
-EXPOSE 3456
+COPY --from=builder /build/vikunja-* vikunja

docker/entrypoint.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env sh
+set -e
+
+if [ -n "$PUID" ] && [ "$PUID" -ne 0 ] && \
+   [ -n "$PGID" ] && [ "$PGID" -ne 0 ] ; then
+  echo "info: creating the new user vikunja with $PUID:$PGID"
+  addgroup -g "$PGID" vikunja
+  adduser -s /bin/sh -D -G vikunja -u "$PUID" vikunja -h /app/vikunja -H
+  chown -R vikunja:vikunja ./
+  su -pc /app/vikunja/vikunja - vikunja "$@"
+else
+  echo "info: creation of non-root user is skipped"
+  exec /app/vikunja/vikunja "$@"
+fi
+

docs/content/doc/setup/install-frontend.md

@@ -47,10 +47,7 @@ which will run the docker image and expose port 80 on the host.
 
 See [full docker example]({{< ref "full-docker-example.md">}}) for more varations of this config.
 
-### Setting user and group id of the user running vikunja
-
-You can set the user and group id of the user running vikunja with the `PUID` and `PGID` evironment variables.
-This follows the pattern used by [the linuxserver.io](https://docs.linuxserver.io/general/understanding-puid-and-pgid) docker images.
+The docker container runs as an unprivileged user and does not mount anything.
 
 ### API URL configuration in docker
 

pkg/db/test.go

@@ -20,12 +20,12 @@ import (
 	"fmt"
 	"os"
 	"testing"
-	"xorm.io/builder"
 
 	"code.vikunja.io/api/pkg/config"
 	"code.vikunja.io/api/pkg/log"
 
 	"github.com/stretchr/testify/assert"
+	"xorm.io/builder"
 	"xorm.io/xorm"
 	"xorm.io/xorm/names"
 )

pkg/models/tasks_test.go

@@ -19,13 +19,13 @@ package models
 import (
 	"testing"
 	"time"
-	"xorm.io/builder"
 
 	"code.vikunja.io/api/pkg/db"
 	"code.vikunja.io/api/pkg/events"
 	"code.vikunja.io/api/pkg/user"
 
 	"github.com/stretchr/testify/assert"
+	"xorm.io/builder"
 )
 
 func TestTask_Create(t *testing.T) {

pkg/modules/background/handler/background.go

@@ -295,6 +295,11 @@ func GetListBackground(c echo.Context) error {
 		_ = s.Rollback()
 		return handler.HandleHTTPError(err, c)
 	}
+	stat, err := bgFile.File.Stat()
+	if err != nil {
+		_ = s.Rollback()
+		return handler.HandleHTTPError(err, c)
+	}
 
 	// Unsplash requires pingbacks as per their api usage guidelines.
 	// To do this in a privacy-preserving manner, we do the ping from inside of Vikunja to not expose any user details.
@@ -306,6 +311,11 @@ func GetListBackground(c echo.Context) error {
 		return handler.HandleHTTPError(err, c)
 	}
 
+	// Set Last-Modified header if we have the file stat, so clients can decide whether to use cached files
+	if stat != nil {
+		c.Response().Header().Set(echo.HeaderLastModified, stat.ModTime().UTC().Format(http.TimeFormat))
+	}
+
 	// Serve the file
 	return c.Stream(http.StatusOK, "image/jpg", bgFile.File)
 }

run.sh

@@ -1,7 +0,0 @@
-#!/bin/sh
-
-# Set the uid and gid of the vikunja run user
-usermod --non-unique --uid ${PUID} vikunja
-groupmod --non-unique --gid ${PGID} vikunja
-
-exec su vikunja -c '/app/vikunja/vikunja'