From 2c9df495147a1e28979e0233ce5770e53aebaa92 Mon Sep 17 00:00:00 2001
From: thopic <thopic@gnous.fr>
Date: Sun, 12 Dec 2021 15:03:43 +0100
Subject: [PATCH] [MM] Bump to 6.1.0

+ Don't rely on deprecated official repo to build images anymore
---
 mattermost/Dockerfile         | 50 ++++++++++++++++++++
 mattermost/README.md          |  2 +-
 mattermost/docker-compose.yml | 11 ++---
 mattermost/entrypoint.sh      | 86 +++++++++++++++++++++++++++++++++++
 4 files changed, 140 insertions(+), 9 deletions(-)
 create mode 100644 mattermost/Dockerfile
 create mode 100755 mattermost/entrypoint.sh

diff --git a/mattermost/Dockerfile b/mattermost/Dockerfile
new file mode 100644
index 0000000..c723954
--- /dev/null
+++ b/mattermost/Dockerfile
@@ -0,0 +1,50 @@
+FROM alpine:3.11
+
+# Some ENV variables
+ENV PATH="/mattermost/bin:${PATH}"
+ENV MM_VERSION=6.1.0
+
+# Build argument to set Mattermost edition
+ARG PUID=2000
+ARG PGID=2000
+
+
+# Install some needed packages
+RUN apk add --no-cache \
+	ca-certificates \
+	curl \
+	jq \
+	libc6-compat \
+	libffi-dev \
+	libcap \
+	linux-headers \
+	mailcap \
+	netcat-openbsd \
+	xmlsec-dev \
+	tzdata \
+	postgresql-client \
+	&& rm -rf /tmp/*
+
+# Get Mattermost
+RUN mkdir -p /mattermost/data /mattermost/plugins /mattermost/client/plugins \
+	&& curl https://releases.mattermost.com/$MM_VERSION/mattermost-team-$MM_VERSION-linux-amd64.tar.gz | tar -xvz \
+	&& cp /mattermost/config/config.json /config.json.save \
+	&& rm -rf /mattermost/config/config.json \
+	&& addgroup -g ${PGID} mattermost \
+	&& adduser -D -u ${PUID} -G mattermost -h /mattermost -D mattermost \
+	&& chown -R mattermost:mattermost /mattermost /config.json.save /mattermost/plugins /mattermost/client/plugins \
+	&& setcap cap_net_bind_service=+ep /mattermost/bin/mattermost
+
+# Expose port 8000 of the container
+EXPOSE 8000
+
+#Healthcheck to make sure container is ready
+HEALTHCHECK CMD curl --fail http://localhost:8000/api/v4/system/ping || exit 1
+
+USER mattermost
+
+# Configure entrypoint and command
+COPY entrypoint.sh /
+ENTRYPOINT ["/entrypoint.sh"]
+WORKDIR /mattermost
+CMD ["mattermost"]
diff --git a/mattermost/README.md b/mattermost/README.md
index 2511399..9bc3ca0 100644
--- a/mattermost/README.md
+++ b/mattermost/README.md
@@ -2,4 +2,4 @@
 
 This repository deploys the Mattermost instance for GNOUS.
 
-It is an adaptation of the official docker deployment which you can find [here](https://git.gnous.fr/Gnous/mattermost) because `git submodule` is so scary.
+It is an adaptation of the [official docker deployment](https://github.com/mattermost/mattermost-docker) which became deprecated.
diff --git a/mattermost/docker-compose.yml b/mattermost/docker-compose.yml
index 5a3a72e..9d08862 100644
--- a/mattermost/docker-compose.yml
+++ b/mattermost/docker-compose.yml
@@ -2,9 +2,7 @@ version: "3.8"
 
 services:
   db:
-    build: ./mattermost-docker/db
-    image: mm_db:5.38.2
-    read_only: true
+    image: postgres:12.9-alpine
     restart: unless-stopped
     volumes:
       - ${DATA_PATH}/db/var/lib/postgresql/data:/var/lib/postgresql/data
@@ -13,11 +11,8 @@ services:
     env_file: secrets/db.secrets
 
   app:
-    build:
-      context: ./mattermost-docker/app
-      args:
-        - edition=team
-    image: mm_app:5.38.2
+    build: .
+    image: mm_app:6.1.0
     depends_on:
       - db
     restart: unless-stopped
diff --git a/mattermost/entrypoint.sh b/mattermost/entrypoint.sh
new file mode 100755
index 0000000..fbff314
--- /dev/null
+++ b/mattermost/entrypoint.sh
@@ -0,0 +1,86 @@
+#!/bin/sh
+
+# Function to generate a random salt
+generate_salt() {
+  tr -dc 'a-zA-Z0-9' </dev/urandom | fold -w 48 | head -n 1
+}
+
+# Read environment variables or set default values
+DB_HOST=${DB_HOST:-db}
+DB_PORT_NUMBER=${DB_PORT_NUMBER:-5432}
+# see https://www.postgresql.org/docs/current/libpq-ssl.html
+# for usage when database connection requires encryption
+# filenames should be escaped if they contain spaces
+#  i.e. $(printf %s ${MY_ENV_VAR:-''}  | jq -s -R -r @uri)
+# the location of the CA file can be set using environment var PGSSLROOTCERT
+# the location of the CRL file can be set using PGSSLCRL
+# The URL syntax for connection string does not support the parameters
+# sslrootcert and sslcrl reliably, so use these PostgreSQL-specified variables
+# to set names if using a location other than default
+DB_USE_SSL=${DB_USE_SSL:-disable}
+MM_DBNAME=${MM_DBNAME:-mattermost}
+MM_CONFIG=${MM_CONFIG:-/mattermost/config/config.json}
+
+_1=$(echo "$1" | awk '{ s=substr($0, 0, 1); print s; }')
+if [ "$_1" = '-' ]; then
+  set -- mattermost "$@"
+fi
+
+if [ "$1" = 'mattermost' ]; then
+  # Check CLI args for a -config option
+  for ARG in "$@"; do
+    case "$ARG" in
+    -config=*) MM_CONFIG=${ARG#*=} ;;
+    esac
+  done
+
+  if [ ! -f "$MM_CONFIG" ]; then
+    # If there is no configuration file, create it with some default values
+    echo "No configuration file $MM_CONFIG"
+    echo "Creating a new one"
+    # Copy default configuration file
+    cp /config.json.save "$MM_CONFIG"
+    # Substitute some parameters with jq
+    jq '.ServiceSettings.ListenAddress = ":8000"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.LogSettings.EnableConsole = true' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.LogSettings.ConsoleLevel = "ERROR"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.FileSettings.Directory = "/mattermost/data/"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.FileSettings.EnablePublicLink = true' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq ".FileSettings.PublicLinkSalt = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.EmailSettings.SendEmailNotifications = false' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.EmailSettings.FeedbackEmail = ""' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.EmailSettings.SMTPServer = ""' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.EmailSettings.SMTPPort = ""' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq ".EmailSettings.InviteSalt = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq ".EmailSettings.PasswordResetSalt = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.RateLimitSettings.Enable = true' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.SqlSettings.DriverName = "postgres"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq ".SqlSettings.AtRestEncryptKey = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.PluginSettings.Directory = "/mattermost/plugins/"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+  else
+    echo "Using existing config file $MM_CONFIG"
+  fi
+
+  # Configure database access
+  if [ -z "$MM_SQLSETTINGS_DATASOURCE" ] && [ -n "$MM_USERNAME" ] && [ -n "$MM_PASSWORD" ]; then
+    echo "Configure database connection..."
+    # URLEncode the password, allowing for special characters
+    ENCODED_PASSWORD=$(printf %s "$MM_PASSWORD" | jq -s -R -r @uri)
+    export MM_SQLSETTINGS_DATASOURCE="postgres://$MM_USERNAME:$ENCODED_PASSWORD@$DB_HOST:$DB_PORT_NUMBER/$MM_DBNAME?sslmode=$DB_USE_SSL&connect_timeout=10"
+    echo "OK"
+  else
+    echo "Using existing database connection"
+  fi
+
+  # Wait another second for the database to be properly started.
+  # Necessary to avoid "panic: Failed to open sql connection pq: the database system is starting up"
+  until pg_isready -h $DB_HOST -p $DB_PORT_NUMBER -U $MM_USERNAME
+  do
+	  echo "Database is not ready yet. Waiting 5 seconds."
+	  sleep 5
+  done
+
+  echo "Starting mattermost"
+fi
+
+exec "$@"