2450: Introduce TLS_PERMISSIVE for port 25 r=mergify[bot] a=nextgens
## What type of PR?
Feature
## What does this PR do?
This new advanced setting to harden cipher configuration on port 25. Changing the default is strongly discouraged, please read the documentation before doing so.
This specific feature has been requested numerous times... and while it's a terrible idea, I'm getting tired of explaining why every time. Those that would rather go through the fun of tracing missing emails tomorrow than picking a fight with their auditor today can enable it.
### Related issue(s)
- close#2449
- close#1945
- #1617
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
This new advanced setting to harden cipher configuration on port 25. Changing the default is strongly discouraged, please read the documentation before doing so.
2444: Remove POD_ADDRESS_RANGE r=mergify[bot] a=DjVinnii
## What type of PR?
Removal
## What does this PR do?
As discussed in #1209 `POD_ADDRESS_RANGE` should be removed in favor of `SUBNET`. This PR removes the few references that are still left.
### Related issue(s)
- closes#1258
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Vincent Kling <v.kling@vinniict.nl>
2443: Use RUNNER_TEMP for storing cache files. r=mergify[bot] a=Diman0
## What type of PR?
enhancement
## What does this PR do?
Use RUNNER_TEMP for storing cache files in workflow. This should prevent issues on the self-hosted arm runner. Each runner will store cache files in a runner unique temp folder. This temp folders is cleared at the beginning and the end of the job.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2441: Switch to ARM64 self-hosted for ARM build r=mergify[bot] a=Diman0
## What type of PR?
enhancement
## What does this PR do?
Switch to ARM64 self-hosted runner for building ARM/v7 and ARM64 images. Depending on the performance we could introduce tests as well in a new PR.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2440: The ARM wheels don't work r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Remove piwheels to ensure we always rebuild on ARM
### Related issue(s)
- closes#2439
- #1200
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2437: Fix mysql r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
In #2422 we have switched from mysqlclient to mysql-connector ... and apparently SQLalchemy needs to be told explicitly.
This hasn't been tested.
### Related issue(s)
- close#2435
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2430: Prevent signups for accounts where an alias exists r=mergify[bot] a=nextgens
## What type of PR?
Feature
## What does this PR do?
This prevent signups for accounts where an SQL like alias exists; we already do it for non-SQL like aliases
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2426: Update docs to mention .inc.php for roundcube r=nextgens a=DannyDaemonic
My recent patch updated the roundcube overrides to use .inc.php vs .inc (as is done in roundcube and as suggested by roundcube plugin docs). I updated the overrides section in the docs but a page that links to the overrides section still had the old ".inc" file name. This fixes that oversight. Sorry about that.
## What type of PR?
documentation
## What does this PR do?
Updates configuration.rst to also reflect the new extension.
## Prerequisites
This patch neither adds features nor requires a towncrier.
Co-authored-by: Danny Daemonic <DannyDaemonic@gmail.com>
2427: Switch ci/cd workflow to use local build cache for buildx r=mergify[bot] a=Diman0
## What type of PR?
enhancement
## What does this PR do?
Switch to local build cache, cached via actions/cache@v3
The previous method of using gha cache via buildx proved to be unreliable. Using a local cache via actions/cache@v3 is much more reliable. The build job will re-use cache from previous workflow runs.
The total workflow time is still similar ~12 minutes.
If the cache action does intermittently seem to have issues with slow download, we can configure a lower timeout. It is now set on the default 60 minutes.
Some important tidbits:
Cache fragment in build step:
```
- name: Configure actions/cache@v3 action for storing build cache in the /tmp/cache folder
uses: actions/cache@v3
with:
path: /tmp/cache/${{ matrix.target }}
key: ${{ github.ref }}-${{ inputs.mailu_version }}-${{ matrix.target }}-${{ github.run_id }}
restore-keys: |
${{ github.ref }}-${{ inputs.mailu_version }}-${{ matrix.target }}
```
- actions/cache will never update a cache. So on cache-hit (key is found), the cache will not be updated.
- To workaround this, it is possible to use a key that will not have a cache hit. And use restore-keys to lookup and load an existing cache. `${{ github.ref }}-${{ inputs.mailu_version }}-${{ matrix.target }}` matches with `${{ github.ref }}-${{ inputs.mailu_version }}-${{ matrix.target }}-${{ github.run_id }}`.
- So this will result the cache being loaded from a previous workflow. For more info see https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#example-using-multiple-restore-keys
- Two jobs cannot write to the same cache simultaneously. If two jobs (in the same workflow or between workflows) access the same cache (key), then only one of the two workflows can update the cache. For this reason the cache key used in the build step must be unique.
- ${{ inputs.mailu_version }} is used to make sure x64 and arm do not access each others build cache.
Unfortunately it is not possible to use a for loop to loop through steps. For this reason it is not possible possible to shorten the amount of action/Cache@v3 steps. The only possibility is to create our own [composite action](https://docs.github.com/en/actions/creating-actions/creating-a-composite-action). But this makes it maybe to complex. Then the action.yml of the composite action must be maintained as well.
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [n/a] In case of feature or enhancement: documentation updated accordingly
- [n/a] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
The previous method of using gha cache via buildx proved to be
unreliable. Using local cache via actions/cache@v3 is much more
reliable.
The build job will re-use cache from previous workflow runs.
The total workflow time is still similar ~12 minutes.
A recent patch updated the roundcube overrides to use .inc.php vs .inc,
as it's done in roundcube (and as suggested by roundcube plugin docs).
It corrected the overrides and fixed it's section in the faq, but missed
a section in the configuration docs that to the overrides. This fixes
that oversight.
2423: Correct the extension of files used for Roundcube overrides r=mergify[bot] a=DannyDaemonic
This adds ".inc.php" files to the included overrides while maintaining support for existing ".inc" files previously included via overrides. It also updates the corresponding documentation.
Roundcube itself uses "inc.php" files and these overrides are expected to match that format. Switching to "inc.php" both tells the user that these need to be proper php files and conveys they are used for changing the same settings that Roundcube's inc.php files modify.
## What type of PR?
bug-fix, documentation
## What does this PR do?
- Adds ".inc.php" to the list of include files being built in roundcube's start.py
- Updates override information in the faq section: [How can I override settings?](https://github.com/Mailu/Mailu/blob/master/docs/faq.rst#how-can-i-override-settings)
- Includes changelog recommends using .inc.php moving forward
## Related issue(s)
- This addresses confusion seen in issues like: #2388
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Danny Daemonic <DannyDaemonic@gmail.com>
2425: Hotfix for workflow. For build step do not build from cache. r=mergify[bot] a=Diman0
Hotfix for workflow. For build step do not build from cache.
Make sure cache layers are unique by using ${{ github.ref }}
The build job uses the cache-from. This is not required. Due to non-unique cache keys it also resulted the build step building from cache.
As a precaution the ${{ github.ref }} and ${{ github.run_id }} are appended to the cache key for the build cache layers. This should make sure the cache keys are unique among workflow runs
## What type of PR?
bug-fix
## What does this PR do?
### Related issue(s)
n/a
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [n/a] In case of feature or enhancement: documentation updated accordingly
- [n/a ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2424: Switch to mode=min for GHA cache for docker buildx r=mergify[bot] a=Diman0
Switch to mode=min for GHA cache for docker buildx to prevent rate limiting in GHA workflow.
It has hardly any influence on build times.
See https://github.com/Diman0/Mailu_Fork/actions/runs/2893811188
It is still ~12 minutes.
For example search for SHA256 in the logs of https://github.com/Mailu/Mailu/runs/7923068540?check_suite_focus=true:
- 304 hits!
- With 6 tests that is 1824 cache hits
Search for SHA256 in the logs of https://github.com/Diman0/Mailu_Fork/runs/7929824199?check_suite_focus=true
- 186 hits
- With 6 tests that is 1116 cache hits
That is better. I hope this will prevent rate limiting issues.
## What type of PR?
enhancement
## What does this PR do?
### Related issue(s)
None
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [n/a] In case of feature or enhancement: documentation updated accordingly
- [n/a] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2422: Build wheels only if we have to. r=mergify[bot] a=nextgens
## What type of PR?
enhancement
## What does this PR do?
This massively speeds the CI up; We don't need to install a compiler and rebuild when we have wheels available... with this admin builds 4 times faster.
### Related issue(s)
- #1830
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
This adds ".inc.php" files to the included overrides while maintaining
support for existing ".inc" files previously included via overrides.
Roundcube itself uses "inc.php" files and these overrides are expected
to match that format. Switching to "inc.php" both tells the user that
these need to be proper php files and conveys they are used for changing
the same settings that Roundcube's inc.php files modify.
2421: Put ipv6 resolver address in square brackets r=mergify[bot] a=ghostwheel42
## What type of PR?
bug-fix
## What does this PR do?
NGINX front container currently does not handle IPv6 resolver addresses correctly, this PR fixes this.
Replaces #2382
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2403: Feature: switch CI/CD from build to buildx r=mergify[bot] a=Diman0
## What type of PR?
Feature and enhancement
## What does this PR do?
Switch from docker build to buildx for CI/CD.
- The main workflow file has been optimised and simplified.
- Images are built in parallel when building locally resulting in much faster build times.
- The github action workflow is about 50% faster.
- Arm images are built as well. These images are not tested due to restrictions of github actions (no arm runners). The tags of the images have -arm appended to it. The arm images are built on merge on master and release branch (x.y). They do not influence the normal CI/CD workflow used for bors (for PR) and real releases (merge on master and branch x.y for x86_64).
- Arm images (and normal x86_64 images) can also be built locally.
- Reusable workflow is introduced for building, testing and deploying the images. This allows the workflow to be reused for other purposes in the future.
- Workflow can be manually triggered. This allows forked Mailu projects to also use the workflow for building images.
The main workflow makes use of github actions cache to store the cache layer. This layer is used to quickly rebuilt the images in the testing step and deploy step.
Unfortunately the building the arm images fails sometimes due to timeouts. Sometimes the connection to github actions cache is very slow. Restarting the workflow from the last failed step resolves this. I have not observed this with the normal build.
Just as previous time, you can use a forked project for testing the changes (https://github.com/Diman0/Mailu_Fork). You should still have owner access. I have created branch 1.11 for testing. You can see I already push 4 times to branch 1.11 (current version is 1.11.3).
### Related issue(s)
- Mention an issue like: #001
- closes#2383
- closes#1830
- closes#1200
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2221: Add support for custom NGINX config r=mergify[bot] a=easybe
## What type of PR?
enhancement
## What does this PR do?
Add support for custom NGINX config. Including *.conf files in /etc/nginx/conf.d same as the default NGINX configuration gives the user more flexibility.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Ezra Buehler <ezra@easyb.ch>
2357: Switch to ffdhe3072 to enable RFC 7919 r=mergify[bot] a=nextgens
## What type of PR?
enhancement
## What does this PR do?
The idea being:
- it's a "nothing up my sleeves" group
- it may help shave off some bytes of the SSL handshake; That being said, I doubt that clients that are modern enough to support this RFC won't offer an EC kex
https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe3072.pem
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2415: Update roundcube to 1.5.3 and rcmcarddav plugin r=mergify[bot] a=willofr
## What type of PR?
Bugfix
## What does this PR do?
Updates:
- roundcube to 1.5.3: https://github.com/roundcube/roundcubemail/releases/tag/1.5.3
- rcmcarddav plugin to 4.4.2
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Will <will@packer-output-c8fcfb40-3d93-4475-8f87-e14a9dd683b6>
Co-authored-by: willofr <willofr@users.noreply.github.com>