Merge pull request 'upgrade' (#26) from upgrade into main
## Détails - Mise à jour de : * Watchtower en [1.4.0](https://github.com/containrrr/watchtower/releases/tag/v1.4.0) * Registry en [2.8.0](https://github.com/distribution/distribution/releases/tag/v2.8.0) * Prometheus en [2.33.3](https://github.com/prometheus/prometheus/releases/tag/v2.33.3) * Postgres en [14.2](https://www.postgresql.org/docs/release/14.2/) * Grafana en [8.3.6](https://github.com/grafana/grafana/releases/tag/v8.3.6) * Gitea en [1.16.1](https://github.com/go-gitea/gitea/releases/tag/v1.16.1) * Nextcloud en [23.0.0](https://nextcloud.com/changelog/#latest23) - Ajout des sha256 des images docker ## Pourquoi - Pour avoir les derniers fix de sécurité - Pour ajouter de la sécurité lors du téléchargement des images ## Liens - [ticket](https://tree.taiga.io/project/killiankemps-resilien/us/374) Reviewed-on: https://git.weko.io/resilien/services/pulls/26 Reviewed-by: killian <developer@killiankemps.fr>
This commit is contained in:
commit
fe99557d1b
|
@ -9,7 +9,7 @@ volumes:
|
||||||
services:
|
services:
|
||||||
directus:
|
directus:
|
||||||
container_name: ${DIRECTUS_CONTAINER_NAME:-directus}
|
container_name: ${DIRECTUS_CONTAINER_NAME:-directus}
|
||||||
image: ${DIRECTUS_IMAGE:-directus/directus:9.5.1}
|
image: ${DIRECTUS_IMAGE:-directus/directus:9.5.1@sha256:c21099315f8720a12c65eea30b7450a96845ba17e9313e95a3fd23867b96c289}
|
||||||
restart: always
|
restart: always
|
||||||
volumes:
|
volumes:
|
||||||
- directus:/directus/uploads
|
- directus:/directus/uploads
|
||||||
|
|
|
@ -7,7 +7,7 @@ version: "3.8"
|
||||||
services:
|
services:
|
||||||
drone-runner:
|
drone-runner:
|
||||||
container_name: ${DRONE_RUNNER_CONTAINER_NAME}
|
container_name: ${DRONE_RUNNER_CONTAINER_NAME}
|
||||||
image: ${DRONE_RUNNER_IMAGE:-drone/drone-runner-docker:1.8.0}
|
image: ${DRONE_RUNNER_IMAGE:-drone/drone-runner-docker:1.8.0@sha256:70da970bb76a62567edbea1ac8002d9484664267f4cbb49fbd7c87a753d02260}
|
||||||
restart: always
|
restart: always
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
|
|
@ -9,7 +9,7 @@ volumes:
|
||||||
services:
|
services:
|
||||||
drone-server:
|
drone-server:
|
||||||
container_name: ${DRONE_SERVER_CONTAINER_NAME:-drone-server}
|
container_name: ${DRONE_SERVER_CONTAINER_NAME:-drone-server}
|
||||||
image: ${DRONE_SERVER_IMAGE:-drone/drone:2.9.1}
|
image: ${DRONE_SERVER_IMAGE:-drone/drone:2.9.1@sha256:674e62c62cf41e06773c1b5e89687f1d514d49db6d1bb78678a5ef86927bc479}
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# https://docs.drone.io/server/reference/drone-rpc-secret/
|
# https://docs.drone.io/server/reference/drone-rpc-secret/
|
||||||
|
|
|
@ -7,7 +7,7 @@ volumes:
|
||||||
services:
|
services:
|
||||||
gitea:
|
gitea:
|
||||||
container_name: ${GITEA_CONTAINER_NAME:-gitea}
|
container_name: ${GITEA_CONTAINER_NAME:-gitea}
|
||||||
image: ${GITEA_IMAGE:-gitea/gitea:1.15.5}
|
image: ${GITEA_IMAGE:-gitea/gitea:1.16.1@sha256:bd36095359861e6970705a70d58ae0536f92f0d3f2d25c18ed663e94380c546a}
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# - USER_UID=1000
|
# - USER_UID=1000
|
||||||
|
|
|
@ -8,7 +8,7 @@ volumes:
|
||||||
services:
|
services:
|
||||||
grafana:
|
grafana:
|
||||||
container_name: ${GRAFANA_CONTAINER_NAME:-grafana}
|
container_name: ${GRAFANA_CONTAINER_NAME:-grafana}
|
||||||
image: ${GRAFANA_IMAGE:-grafana/grafana:8.3.4}
|
image: ${GRAFANA_IMAGE:-grafana/grafana:8.3.6@sha256:5b71534e0a0329f243994a09340db6625b55a33ae218d71e34ec73f824ec1e48}
|
||||||
restart: always
|
restart: always
|
||||||
volumes:
|
volumes:
|
||||||
- grafana:/var/lib/grafana
|
- grafana:/var/lib/grafana
|
||||||
|
|
|
@ -7,7 +7,7 @@ volumes:
|
||||||
services:
|
services:
|
||||||
hedgedoc:
|
hedgedoc:
|
||||||
container_name: ${HEDGEDOC_CONTAINER_NAME:-hedgedoc}
|
container_name: ${HEDGEDOC_CONTAINER_NAME:-hedgedoc}
|
||||||
image: ${HEDGEDOC_IMAGE:-linuxserver/hedgedoc:1.9.2-ls39}
|
image: ${HEDGEDOC_IMAGE:-linuxserver/hedgedoc:1.9.2-ls44@sha256:e3e0ec428e043104ec626a4c89e09baf61bc8939f8a28979bdadf3a4fa6f513f}
|
||||||
restart: always
|
restart: always
|
||||||
depends_on:
|
depends_on:
|
||||||
- postgres
|
- postgres
|
||||||
|
|
|
@ -9,7 +9,7 @@ volumes:
|
||||||
services:
|
services:
|
||||||
mobilizon:
|
mobilizon:
|
||||||
container_name: ${MOBILIZON_CONTAINER_NAME:-mobilizon}
|
container_name: ${MOBILIZON_CONTAINER_NAME:-mobilizon}
|
||||||
image: ${MOBILIZON_IMAGE:-framasoft/mobilizon:2.0.2}
|
image: ${MOBILIZON_IMAGE:-framasoft/mobilizon:2.0.2@sha256:a703d399c35b3b685be7c154bf2ac74f5acd88d8c28dd42f05f68859d76edfd3}
|
||||||
restart: always
|
restart: always
|
||||||
depends_on:
|
depends_on:
|
||||||
- postgres
|
- postgres
|
||||||
|
|
|
@ -7,7 +7,7 @@ volumes:
|
||||||
services:
|
services:
|
||||||
nextcloud-fpm:
|
nextcloud-fpm:
|
||||||
container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm
|
container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm
|
||||||
image: ${NEXTCLOUD_IMAGE:-nextcloud:22.2.3-fpm-alpine}
|
image: ${NEXTCLOUD_IMAGE:-nextcloud:23.0.0-fpm-alpine@sha256:b02448c82a7fec3d1d0aacbeab466707929a9acbe7c069db4dca14166878ceb1}
|
||||||
restart: always
|
restart: always
|
||||||
depends_on:
|
depends_on:
|
||||||
- postgres
|
- postgres
|
||||||
|
|
|
@ -7,7 +7,7 @@ volumes:
|
||||||
services:
|
services:
|
||||||
postgres:
|
postgres:
|
||||||
container_name: ${POSTGRES_CONTAINER_NAME:-postgres}
|
container_name: ${POSTGRES_CONTAINER_NAME:-postgres}
|
||||||
image: ${POSTGRES_IMAGE:-postgres:14.1-alpine}
|
image: ${POSTGRES_IMAGE:-postgres:14.2-alpine@sha256:536bc3ad5d53f1b84db958be04013024aae70449c931943ad0a55c56c28f68b3}
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
POSTGRES_USER: ${POSTGRES_USER:?err}
|
POSTGRES_USER: ${POSTGRES_USER:?err}
|
||||||
|
|
|
@ -12,7 +12,7 @@ services:
|
||||||
build:
|
build:
|
||||||
context: .
|
context: .
|
||||||
args:
|
args:
|
||||||
PROMETHEUS_IMAGE: ${PROMETHEUS_IMAGE:-prom/prometheus:v2.33.1}
|
PROMETHEUS_IMAGE: ${PROMETHEUS_IMAGE:-prom/prometheus:v2.33.3@sha256:20c90b9a99b12b4349150e347811cc44dccdb05c291d385320be63dc12cce73b}
|
||||||
volumes:
|
volumes:
|
||||||
- prometheus:/prometheus
|
- prometheus:/prometheus
|
||||||
restart: always
|
restart: always
|
||||||
|
|
|
@ -2,7 +2,7 @@ version: "3.8"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
redis:
|
redis:
|
||||||
image: ${REDIS_IMAGE:-redis:6.2.6-alpine}
|
image: ${REDIS_IMAGE:-redis:6.2.6-alpine@sha256:4bed291aa5efb9f0d77b76ff7d4ab71eee410962965d052552db1fb80576431d}
|
||||||
container_name: ${REDIS_CONTAINER_NAME:-redis}
|
container_name: ${REDIS_CONTAINER_NAME:-redis}
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
|
|
|
@ -5,7 +5,7 @@ TRAEFIK_NETWORK_NAME=kifeart
|
||||||
|
|
||||||
## REGISTRY
|
## REGISTRY
|
||||||
|
|
||||||
REGISTRY_IMAGE=registry:2.7.1
|
#REGISTRY_IMAGE=
|
||||||
REGISTRY_CUSTOM_IMAGE=custom/registry
|
REGISTRY_CUSTOM_IMAGE=custom/registry
|
||||||
REGISTRY_DOMAIN=registry.cool.life
|
REGISTRY_DOMAIN=registry.cool.life
|
||||||
REGISTRY_VOLUME_NAME=registry
|
REGISTRY_VOLUME_NAME=registry
|
||||||
|
|
|
@ -7,7 +7,7 @@ volumes:
|
||||||
services:
|
services:
|
||||||
registry:
|
registry:
|
||||||
container_name: ${REGISTRY_CONTAINER_NAME}
|
container_name: ${REGISTRY_CONTAINER_NAME}
|
||||||
image: ${REGISTRY_IMAGE}
|
image: ${REGISTRY_IMAGE:-registry:2.8.0@sha256:c26590bcf53822a542e78fab5c88e1dfbcdee91c1882f4656b7db7b542d91d97}
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
REGISTRY_AUTH: htpasswd
|
REGISTRY_AUTH: htpasswd
|
||||||
|
|
|
@ -11,7 +11,7 @@ networks:
|
||||||
services:
|
services:
|
||||||
traefik:
|
traefik:
|
||||||
container_name: ${TRAEFIK_CONTAINER_NAME:-traefik}
|
container_name: ${TRAEFIK_CONTAINER_NAME:-traefik}
|
||||||
image: ${TRAEFIK_IMAGE:-traefik:v2.6.0}
|
image: ${TRAEFIK_IMAGE:-traefik:v2.6.0@sha256:b22bd53ef626cf3667390c3e3651936b08f9c0c9107e3a6faf02e6dc06b3e0c0}
|
||||||
restart: always
|
restart: always
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
WATCHTOWER_CONTAINER_NAME=watchtower
|
WATCHTOWER_CONTAINER_NAME=watchtower
|
||||||
WATCHTOWER_IMAGE=containrrr/watchtower:1.0.3
|
#WATCHTOWER_IMAGE=
|
||||||
REGISTRY_DOMAIN=registry.cool.life
|
REGISTRY_DOMAIN=registry.cool.life
|
||||||
REGISTRY_USER=kosssi
|
REGISTRY_USER=kosssi
|
||||||
REGISTRY_PASSWORD=z91PjNYpswd4ai5YoMCw58VoygJSZev7qNJ0cAlPmPBD5pVz9O
|
REGISTRY_PASSWORD=z91PjNYpswd4ai5YoMCw58VoygJSZev7qNJ0cAlPmPBD5pVz9O
|
||||||
|
|
|
@ -3,7 +3,7 @@ version: '3.8'
|
||||||
services:
|
services:
|
||||||
watchtower:
|
watchtower:
|
||||||
container_name: ${WATCHTOWER_CONTAINER_NAME}
|
container_name: ${WATCHTOWER_CONTAINER_NAME}
|
||||||
image: ${WATCHTOWER_IMAGE}
|
image: ${WATCHTOWER_IMAGE:-containrrr/watchtower:1.4.0@sha256:bbf9794a691b59ed2ed3089fec53844f14ada249ee5e372ff0e595b73f4e9ab3}
|
||||||
restart: always
|
restart: always
|
||||||
command: -i 60 --label-enable --cleanup --debug
|
command: -i 60 --label-enable --cleanup --debug
|
||||||
# --debug
|
# --debug
|
||||||
|
|
Loading…
Reference in New Issue