Merge pull request 'upgrade' (#26) from upgrade into main

## Détails

- Mise à jour de :
    * Watchtower en [1.4.0](https://github.com/containrrr/watchtower/releases/tag/v1.4.0)
    * Registry en [2.8.0](https://github.com/distribution/distribution/releases/tag/v2.8.0)
    * Prometheus en [2.33.3](https://github.com/prometheus/prometheus/releases/tag/v2.33.3)
    * Postgres en [14.2](https://www.postgresql.org/docs/release/14.2/)
    * Grafana en [8.3.6](https://github.com/grafana/grafana/releases/tag/v8.3.6)
    * Gitea en [1.16.1](https://github.com/go-gitea/gitea/releases/tag/v1.16.1)
    * Nextcloud en [23.0.0](https://nextcloud.com/changelog/#latest23)
- Ajout des sha256 des images docker

## Pourquoi

- Pour avoir les derniers fix de sécurité
- Pour ajouter de la sécurité lors du téléchargement des images

## Liens

- [ticket](https://tree.taiga.io/project/killiankemps-resilien/us/374)

Reviewed-on: https://git.weko.io/resilien/services/pulls/26
Reviewed-by: killian <developer@killiankemps.fr>
This commit is contained in:
Simon 2022-02-14 14:15:55 +01:00
commit fe99557d1b
16 changed files with 16 additions and 16 deletions

View File

@ -9,7 +9,7 @@ volumes:
services: services:
directus: directus:
container_name: ${DIRECTUS_CONTAINER_NAME:-directus} container_name: ${DIRECTUS_CONTAINER_NAME:-directus}
image: ${DIRECTUS_IMAGE:-directus/directus:9.5.1} image: ${DIRECTUS_IMAGE:-directus/directus:9.5.1@sha256:c21099315f8720a12c65eea30b7450a96845ba17e9313e95a3fd23867b96c289}
restart: always restart: always
volumes: volumes:
- directus:/directus/uploads - directus:/directus/uploads

View File

@ -7,7 +7,7 @@ version: "3.8"
services: services:
drone-runner: drone-runner:
container_name: ${DRONE_RUNNER_CONTAINER_NAME} container_name: ${DRONE_RUNNER_CONTAINER_NAME}
image: ${DRONE_RUNNER_IMAGE:-drone/drone-runner-docker:1.8.0} image: ${DRONE_RUNNER_IMAGE:-drone/drone-runner-docker:1.8.0@sha256:70da970bb76a62567edbea1ac8002d9484664267f4cbb49fbd7c87a753d02260}
restart: always restart: always
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock

View File

@ -9,7 +9,7 @@ volumes:
services: services:
drone-server: drone-server:
container_name: ${DRONE_SERVER_CONTAINER_NAME:-drone-server} container_name: ${DRONE_SERVER_CONTAINER_NAME:-drone-server}
image: ${DRONE_SERVER_IMAGE:-drone/drone:2.9.1} image: ${DRONE_SERVER_IMAGE:-drone/drone:2.9.1@sha256:674e62c62cf41e06773c1b5e89687f1d514d49db6d1bb78678a5ef86927bc479}
restart: always restart: always
environment: environment:
# https://docs.drone.io/server/reference/drone-rpc-secret/ # https://docs.drone.io/server/reference/drone-rpc-secret/

View File

@ -7,7 +7,7 @@ volumes:
services: services:
gitea: gitea:
container_name: ${GITEA_CONTAINER_NAME:-gitea} container_name: ${GITEA_CONTAINER_NAME:-gitea}
image: ${GITEA_IMAGE:-gitea/gitea:1.15.5} image: ${GITEA_IMAGE:-gitea/gitea:1.16.1@sha256:bd36095359861e6970705a70d58ae0536f92f0d3f2d25c18ed663e94380c546a}
restart: always restart: always
environment: environment:
# - USER_UID=1000 # - USER_UID=1000

View File

@ -8,7 +8,7 @@ volumes:
services: services:
grafana: grafana:
container_name: ${GRAFANA_CONTAINER_NAME:-grafana} container_name: ${GRAFANA_CONTAINER_NAME:-grafana}
image: ${GRAFANA_IMAGE:-grafana/grafana:8.3.4} image: ${GRAFANA_IMAGE:-grafana/grafana:8.3.6@sha256:5b71534e0a0329f243994a09340db6625b55a33ae218d71e34ec73f824ec1e48}
restart: always restart: always
volumes: volumes:
- grafana:/var/lib/grafana - grafana:/var/lib/grafana

View File

@ -7,7 +7,7 @@ volumes:
services: services:
hedgedoc: hedgedoc:
container_name: ${HEDGEDOC_CONTAINER_NAME:-hedgedoc} container_name: ${HEDGEDOC_CONTAINER_NAME:-hedgedoc}
image: ${HEDGEDOC_IMAGE:-linuxserver/hedgedoc:1.9.2-ls39} image: ${HEDGEDOC_IMAGE:-linuxserver/hedgedoc:1.9.2-ls44@sha256:e3e0ec428e043104ec626a4c89e09baf61bc8939f8a28979bdadf3a4fa6f513f}
restart: always restart: always
depends_on: depends_on:
- postgres - postgres

View File

@ -9,7 +9,7 @@ volumes:
services: services:
mobilizon: mobilizon:
container_name: ${MOBILIZON_CONTAINER_NAME:-mobilizon} container_name: ${MOBILIZON_CONTAINER_NAME:-mobilizon}
image: ${MOBILIZON_IMAGE:-framasoft/mobilizon:2.0.2} image: ${MOBILIZON_IMAGE:-framasoft/mobilizon:2.0.2@sha256:a703d399c35b3b685be7c154bf2ac74f5acd88d8c28dd42f05f68859d76edfd3}
restart: always restart: always
depends_on: depends_on:
- postgres - postgres

View File

@ -7,7 +7,7 @@ volumes:
services: services:
nextcloud-fpm: nextcloud-fpm:
container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm
image: ${NEXTCLOUD_IMAGE:-nextcloud:22.2.3-fpm-alpine} image: ${NEXTCLOUD_IMAGE:-nextcloud:23.0.0-fpm-alpine@sha256:b02448c82a7fec3d1d0aacbeab466707929a9acbe7c069db4dca14166878ceb1}
restart: always restart: always
depends_on: depends_on:
- postgres - postgres

View File

@ -7,7 +7,7 @@ volumes:
services: services:
postgres: postgres:
container_name: ${POSTGRES_CONTAINER_NAME:-postgres} container_name: ${POSTGRES_CONTAINER_NAME:-postgres}
image: ${POSTGRES_IMAGE:-postgres:14.1-alpine} image: ${POSTGRES_IMAGE:-postgres:14.2-alpine@sha256:536bc3ad5d53f1b84db958be04013024aae70449c931943ad0a55c56c28f68b3}
restart: always restart: always
environment: environment:
POSTGRES_USER: ${POSTGRES_USER:?err} POSTGRES_USER: ${POSTGRES_USER:?err}

View File

@ -12,7 +12,7 @@ services:
build: build:
context: . context: .
args: args:
PROMETHEUS_IMAGE: ${PROMETHEUS_IMAGE:-prom/prometheus:v2.33.1} PROMETHEUS_IMAGE: ${PROMETHEUS_IMAGE:-prom/prometheus:v2.33.3@sha256:20c90b9a99b12b4349150e347811cc44dccdb05c291d385320be63dc12cce73b}
volumes: volumes:
- prometheus:/prometheus - prometheus:/prometheus
restart: always restart: always

View File

@ -2,7 +2,7 @@ version: "3.8"
services: services:
redis: redis:
image: ${REDIS_IMAGE:-redis:6.2.6-alpine} image: ${REDIS_IMAGE:-redis:6.2.6-alpine@sha256:4bed291aa5efb9f0d77b76ff7d4ab71eee410962965d052552db1fb80576431d}
container_name: ${REDIS_CONTAINER_NAME:-redis} container_name: ${REDIS_CONTAINER_NAME:-redis}
restart: always restart: always
environment: environment:

View File

@ -5,7 +5,7 @@ TRAEFIK_NETWORK_NAME=kifeart
## REGISTRY ## REGISTRY
REGISTRY_IMAGE=registry:2.7.1 #REGISTRY_IMAGE=
REGISTRY_CUSTOM_IMAGE=custom/registry REGISTRY_CUSTOM_IMAGE=custom/registry
REGISTRY_DOMAIN=registry.cool.life REGISTRY_DOMAIN=registry.cool.life
REGISTRY_VOLUME_NAME=registry REGISTRY_VOLUME_NAME=registry

View File

@ -7,7 +7,7 @@ volumes:
services: services:
registry: registry:
container_name: ${REGISTRY_CONTAINER_NAME} container_name: ${REGISTRY_CONTAINER_NAME}
image: ${REGISTRY_IMAGE} image: ${REGISTRY_IMAGE:-registry:2.8.0@sha256:c26590bcf53822a542e78fab5c88e1dfbcdee91c1882f4656b7db7b542d91d97}
restart: always restart: always
environment: environment:
REGISTRY_AUTH: htpasswd REGISTRY_AUTH: htpasswd

View File

@ -11,7 +11,7 @@ networks:
services: services:
traefik: traefik:
container_name: ${TRAEFIK_CONTAINER_NAME:-traefik} container_name: ${TRAEFIK_CONTAINER_NAME:-traefik}
image: ${TRAEFIK_IMAGE:-traefik:v2.6.0} image: ${TRAEFIK_IMAGE:-traefik:v2.6.0@sha256:b22bd53ef626cf3667390c3e3651936b08f9c0c9107e3a6faf02e6dc06b3e0c0}
restart: always restart: always
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock

View File

@ -1,5 +1,5 @@
WATCHTOWER_CONTAINER_NAME=watchtower WATCHTOWER_CONTAINER_NAME=watchtower
WATCHTOWER_IMAGE=containrrr/watchtower:1.0.3 #WATCHTOWER_IMAGE=
REGISTRY_DOMAIN=registry.cool.life REGISTRY_DOMAIN=registry.cool.life
REGISTRY_USER=kosssi REGISTRY_USER=kosssi
REGISTRY_PASSWORD=z91PjNYpswd4ai5YoMCw58VoygJSZev7qNJ0cAlPmPBD5pVz9O REGISTRY_PASSWORD=z91PjNYpswd4ai5YoMCw58VoygJSZev7qNJ0cAlPmPBD5pVz9O

View File

@ -3,7 +3,7 @@ version: '3.8'
services: services:
watchtower: watchtower:
container_name: ${WATCHTOWER_CONTAINER_NAME} container_name: ${WATCHTOWER_CONTAINER_NAME}
image: ${WATCHTOWER_IMAGE} image: ${WATCHTOWER_IMAGE:-containrrr/watchtower:1.4.0@sha256:bbf9794a691b59ed2ed3089fec53844f14ada249ee5e372ff0e595b73f4e9ab3}
restart: always restart: always
command: -i 60 --label-enable --cleanup --debug command: -i 60 --label-enable --cleanup --debug
# --debug # --debug