diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 2bf855b..acd08d4 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -55,7 +55,6 @@ jobs: fail-fast: false env: GH_ACTION: enable - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} IMAGE_NAMES: docker.io/netboxcommunity/netbox runs-on: ubuntu-latest name: Builds new NetBox Docker Images diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1dd2c3a..3b622ea 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,7 +25,6 @@ jobs: name: Builds new NetBox Docker Images env: GH_ACTION: enable - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} IMAGE_NAMES: docker.io/netboxcommunity/netbox quay.io/netboxcommunity/netbox ghcr.io/netbox-community/netbox steps: - id: source-checkout @@ -33,7 +32,7 @@ jobs: uses: actions/checkout@v3 - id: set-netbox-docker-version name: Get Version of NetBox Docker - run: echo "version=$(cat VERSION)" >>"$GITHUB_OUTPUT" + run: echo "::set-output name=version::$(cat VERSION)" shell: bash - id: qemu-setup name: Set up QEMU diff --git a/README.md b/README.md index ac44d61..18496a8 100644 --- a/README.md +++ b/README.md @@ -40,8 +40,8 @@ services: ports: - 8000:8080 EOF -docker compose pull -docker compose up +docker-compose pull +docker-compose up ``` The whole application will be available after a few minutes. @@ -123,7 +123,7 @@ This project relies only on _Docker_ and _docker-compose_ meeting these requirem * The _containerd version_ must be at least `1.5.6`. * The _docker-compose version_ must be at least `1.28.0`. -To check the version installed on your system run `docker --version` and `docker compose version`. +To check the version installed on your system run `docker --version` and `docker-compose --version`. ## Updating diff --git a/build-functions/gh-functions.sh b/build-functions/gh-functions.sh index 4c04dc0..4928d0d 100644 --- a/build-functions/gh-functions.sh +++ b/build-functions/gh-functions.sh @@ -19,14 +19,3 @@ gh_env() { echo "${@}" >>"${GITHUB_ENV}" fi } - -### -# Prints the output to the file defined in ${GITHUB_OUTPUT}. -# Only executes if ${GH_ACTION} is defined. -# Example Usage: gh_env "FOO_VAR=bar_value" -### -gh_out() { - if [ -n "${GH_ACTION}" ]; then - echo "${@}" >>"$GITHUB_OUTPUT" - fi -} diff --git a/build-latest.sh b/build-latest.sh index 30a0ba6..bcafda4 100755 --- a/build-latest.sh +++ b/build-latest.sh @@ -1,6 +1,5 @@ #!/bin/bash # Builds the latest released version -source ./build-functions/gh-functions.sh echo "▶️ $0 $*" @@ -12,20 +11,16 @@ if ! command -v jq; then exit 1 fi -CURL_ARGS=( - --silent -) - ### -# Checking for the presence of GITHUB_TOKEN +# Checking for the presence of GITHUB_OAUTH_CLIENT_ID +# and GITHUB_OAUTH_CLIENT_SECRET ### -if [ -n "${GITHUB_TOKEN}" ]; then +if [ -n "${GITHUB_OAUTH_CLIENT_ID}" ] && [ -n "${GITHUB_OAUTH_CLIENT_SECRET}" ]; then echo "🗝 Performing authenticated Github API calls." - CURL_ARGS+=( - --header "Authorization: Bearer ${GITHUB_TOKEN}" - ) + GITHUB_OAUTH_PARAMS="client_id=${GITHUB_OAUTH_CLIENT_ID}&client_secret=${GITHUB_OAUTH_CLIENT_SECRET}" else echo "🕶 Performing unauthenticated Github API calls. This might result in lower Github rate limits!" + GITHUB_OAUTH_PARAMS="" fi ### @@ -47,27 +42,31 @@ fi ### ORIGINAL_GITHUB_REPO="netbox-community/netbox" GITHUB_REPO="${GITHUB_REPO-$ORIGINAL_GITHUB_REPO}" -URL_RELEASES="https://api.github.com/repos/${GITHUB_REPO}/releases" +URL_RELEASES="https://api.github.com/repos/${GITHUB_REPO}/releases?${GITHUB_OAUTH_PARAMS}" # Composing the JQ commans to extract the most recent version number JQ_LATEST="group_by(.prerelease) | .[] | sort_by(.published_at) | reverse | .[0] | select(.prerelease==${PRERELEASE-false}) | .tag_name" -CURL="curl" +CURL="curl -sS" # Querying the Github API to fetch the most recent version number -VERSION=$($CURL "${CURL_ARGS[@]}" "${URL_RELEASES}" | jq -r "${JQ_LATEST}" 2>/dev/null) +VERSION=$($CURL "${URL_RELEASES}" | jq -r "${JQ_LATEST}") ### # Check if the prerelease version is actually higher than stable version ### if [ "${PRERELEASE}" == "true" ]; then JQ_STABLE="group_by(.prerelease) | .[] | sort_by(.published_at) | reverse | .[0] | select(.prerelease==false) | .tag_name" - STABLE_VERSION=$($CURL "${CURL_ARGS[@]}" "${URL_RELEASES}" | jq -r "${JQ_STABLE}" 2>/dev/null) + STABLE_VERSION=$($CURL "${URL_RELEASES}" | jq -r "${JQ_STABLE}") - MAJOR_STABLE=$(expr "${STABLE_VERSION}" : 'v\([0-9]\+\)') - MINOR_STABLE=$(expr "${STABLE_VERSION}" : 'v[0-9]\+\.\([0-9]\+\)') - MAJOR_UNSTABLE=$(expr "${VERSION}" : 'v\([0-9]\+\)') - MINOR_UNSTABLE=$(expr "${VERSION}" : 'v[0-9]\+\.\([0-9]\+\)') + # shellcheck disable=SC2003 + MAJOR_STABLE=$(expr match "${STABLE_VERSION}" 'v\([0-9]\+\)') + # shellcheck disable=SC2003 + MINOR_STABLE=$(expr match "${STABLE_VERSION}" 'v[0-9]\+\.\([0-9]\+\)') + # shellcheck disable=SC2003 + MAJOR_UNSTABLE=$(expr match "${VERSION}" 'v\([0-9]\+\)') + # shellcheck disable=SC2003 + MINOR_UNSTABLE=$(expr match "${VERSION}" 'v[0-9]\+\.\([0-9]\+\)') if { [ "${MAJOR_STABLE}" -eq "${MAJOR_UNSTABLE}" ] && @@ -76,7 +75,10 @@ if [ "${PRERELEASE}" == "true" ]; then echo "❎ Latest unstable version '${VERSION}' is not higher than the latest stable version '$STABLE_VERSION'." if [ -z "$DEBUG" ]; then - gh_out "skipped=true" + if [ -n "${GH_ACTION}" ]; then + echo "::set-output name=skipped::true" + fi + exit 0 else echo "⚠️ Would exit here with code '0', but DEBUG is enabled." diff --git a/build.sh b/build.sh index cc265f9..f892e8b 100755 --- a/build.sh +++ b/build.sh @@ -170,7 +170,7 @@ if [ "${2}" != "--push-only" ] && [ -z "${SKIP_GIT}" ]; then REMOTE_EXISTS=$(git ls-remote --heads --tags "${URL}" "${NETBOX_BRANCH}" | wc -l) if [ "${REMOTE_EXISTS}" == "0" ]; then echo "❌ Remote branch '${NETBOX_BRANCH}' not found in '${URL}'; Nothing to do" - gh_out "skipped=true" + gh_echo "::set-output name=skipped::true" exit 0 fi echo "🌐 Checking out '${NETBOX_BRANCH}' of NetBox from the url '${URL}' into '${NETBOX_PATH}'" @@ -349,10 +349,10 @@ fi if [ "${SHOULD_BUILD}" != "true" ]; then echo "Build skipped because sources didn't change" - gh_out "skipped=true" + echo "::set-output name=skipped::true" exit 0 # Nothing to do -> exit else - gh_out "skipped=false" + gh_echo "::set-output name=skipped::false" fi gh_echo "::endgroup::" diff --git a/configuration/configuration.py b/configuration/configuration.py index 18bfd01..8d19fd9 100644 --- a/configuration/configuration.py +++ b/configuration/configuration.py @@ -58,9 +58,6 @@ _BASE_DIR = dirname(dirname(abspath(__file__))) # # Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local'] ALLOWED_HOSTS = environ.get('ALLOWED_HOSTS', '*').split(' ') -# ensure that '*' or 'localhost' is always in ALLOWED_HOSTS (needed for health checks) -if '*' not in ALLOWED_HOSTS and 'localhost' not in ALLOWED_HOSTS: - ALLOWED_HOSTS.append('localhost') # PostgreSQL database configuration. See the Django documentation for a complete list of available parameters: # https://docs.djangoproject.com/en/stable/ref/settings/#databases @@ -86,7 +83,6 @@ REDIS = { 'tasks': { 'HOST': environ.get('REDIS_HOST', 'localhost'), 'PORT': _environ_get_and_map('REDIS_PORT', 6379, _AS_INT), - 'USERNAME': environ.get('REDIS_USERNAME', ''), 'PASSWORD': _read_secret('redis_password', environ.get('REDIS_PASSWORD', '')), 'DATABASE': _environ_get_and_map('REDIS_DATABASE', 0, _AS_INT), 'SSL': _environ_get_and_map('REDIS_SSL', 'False', _AS_BOOL), @@ -95,7 +91,6 @@ REDIS = { 'caching': { 'HOST': environ.get('REDIS_CACHE_HOST', environ.get('REDIS_HOST', 'localhost')), 'PORT': _environ_get_and_map('REDIS_CACHE_PORT', environ.get('REDIS_PORT', '6379'), _AS_INT), - 'USERNAME': environ.get('REDIS_CACHE_USERNAME', environ.get('REDIS_USERNAME', '')), 'PASSWORD': _read_secret('redis_cache_password', environ.get('REDIS_CACHE_PASSWORD', environ.get('REDIS_PASSWORD', ''))), 'DATABASE': _environ_get_and_map('REDIS_CACHE_DATABASE', '1', _AS_INT), 'SSL': _environ_get_and_map('REDIS_CACHE_SSL', environ.get('REDIS_SSL', 'False'), _AS_BOOL), diff --git a/configuration/ldap/ldap_config.py b/configuration/ldap/ldap_config.py index 82fad72..8aa3ecb 100644 --- a/configuration/ldap/ldap_config.py +++ b/configuration/ldap/ldap_config.py @@ -61,26 +61,18 @@ LDAP_CA_CERT_FILE = environ.get('LDAP_CA_CERT_FILE', None) AUTH_LDAP_USER_SEARCH_BASEDN = environ.get('AUTH_LDAP_USER_SEARCH_BASEDN', '') AUTH_LDAP_USER_SEARCH_ATTR = environ.get('AUTH_LDAP_USER_SEARCH_ATTR', 'sAMAccountName') -AUTH_LDAP_USER_SEARCH_FILTER: str = environ.get( - 'AUTH_LDAP_USER_SEARCH_FILTER', f'({AUTH_LDAP_USER_SEARCH_ATTR}=%(user)s)' -) - AUTH_LDAP_USER_SEARCH = LDAPSearch( - AUTH_LDAP_USER_SEARCH_BASEDN, ldap.SCOPE_SUBTREE, AUTH_LDAP_USER_SEARCH_FILTER + AUTH_LDAP_USER_SEARCH_BASEDN, + ldap.SCOPE_SUBTREE, + "(" + AUTH_LDAP_USER_SEARCH_ATTR + "=%(user)s)" ) # This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group # heirarchy. - AUTH_LDAP_GROUP_SEARCH_BASEDN = environ.get('AUTH_LDAP_GROUP_SEARCH_BASEDN', '') AUTH_LDAP_GROUP_SEARCH_CLASS = environ.get('AUTH_LDAP_GROUP_SEARCH_CLASS', 'group') - -AUTH_LDAP_GROUP_SEARCH_FILTER: str = environ.get( - 'AUTH_LDAP_GROUP_SEARCH_FILTER', f'(objectclass={AUTH_LDAP_GROUP_SEARCH_CLASS})' -) -AUTH_LDAP_GROUP_SEARCH = LDAPSearch( - AUTH_LDAP_GROUP_SEARCH_BASEDN, ldap.SCOPE_SUBTREE, AUTH_LDAP_GROUP_SEARCH_FILTER -) +AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_BASEDN, ldap.SCOPE_SUBTREE, + "(objectClass=" + AUTH_LDAP_GROUP_SEARCH_CLASS + ")") AUTH_LDAP_GROUP_TYPE = _import_group_type(environ.get('AUTH_LDAP_GROUP_TYPE', 'GroupOfNamesType')) # Define a group required to login. diff --git a/docker-compose.override.yml b/docker-compose.override.yml new file mode 100644 index 0000000..dbbc766 --- /dev/null +++ b/docker-compose.override.yml @@ -0,0 +1,5 @@ +version: '3.4' +services: + netbox: + ports: + - 127.0.0.1:44156:8080 \ No newline at end of file diff --git a/docker-compose.override.yml.example b/docker-compose.override.yml.example index 1b936f6..f08d6c0 100644 --- a/docker-compose.override.yml.example +++ b/docker-compose.override.yml.example @@ -3,11 +3,3 @@ services: netbox: ports: - 8000:8080 - healthcheck: - # Time for which the health check can fail after the container is started. - # This depends mostly on the performance of your database. On the first start, - # when all tables need to be created the start_period should be higher than on - # subsequent starts. For the first start after major version upgrades of NetBox - # the start_period might also need to be set higher. - # Default value in our docker-compose.yml is 60s - start_period: 90s diff --git a/docker-compose.yml b/docker-compose.yml index a8f3b54..d3e8234 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,7 @@ version: '3.4' services: netbox: &netbox - image: docker.io/netboxcommunity/netbox:${VERSION-v3.4-2.4.0} + image: netboxcommunity/netbox:${VERSION-v3.4-2.4.0} depends_on: - postgres - redis @@ -47,14 +47,14 @@ services: # postgres postgres: - image: docker.io/postgres:15-alpine + image: postgres:15-alpine env_file: env/postgres.env volumes: - netbox-postgres-data:/var/lib/postgresql/data # redis redis: - image: docker.io/redis:7-alpine + image: redis:7-alpine command: - sh - -c # this is to evaluate the $REDIS_PASSWORD from the env diff --git a/requirements-container.txt b/requirements-container.txt index f1ccb53..96f3aa3 100644 --- a/requirements-container.txt +++ b/requirements-container.txt @@ -1,6 +1,6 @@ django-auth-ldap==4.1.0 -django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.13.2 +django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.13.1 napalm==4.0.0 psycopg2==2.9.5 -python3-saml==1.15.0 +python3-saml==1.14.0 social-auth-core[all]==4.3.0