diff --git a/.github/workflows/image_builds.yml b/.github/workflows/image_builds.yml new file mode 100644 index 000000000..34d05717a --- /dev/null +++ b/.github/workflows/image_builds.yml @@ -0,0 +1,41 @@ +name: Build Mailcow Docker Images + +on: + push: + branches: [ "master", "staging" ] + workflow_dispatch: + +jobs: + docker_image_builds: + strategy: + matrix: + images: ["acme-mailcow", + "clamd-mailcow", + "dockerapi-mailcow", + "dovecot-mailcow", + "netfilter-mailcow", + "olefy-mailcow", + "php-fpm-mailcow", + "postfix-mailcow", + "rspamd-mailcow", + "sogo-mailcow", + "solr-mailcow", + "unbound-mailcow", + "watchdog-mailcow"] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Setup Docker + run: | + curl -sSL https://get.docker.com/ | CHANNEL=stable sudo sh + sudo service docker start + sudo curl -L https://github.com/docker/compose/releases/download/v$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose + sudo chmod +x /usr/local/bin/docker-compose + - name: Prepair Image Builds + run: | + cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml + - name: Build Docker Images + run: | + docker-compose build ${image} + env: + image: ${{ matrix.images }} diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml new file mode 100644 index 000000000..c31a1a624 --- /dev/null +++ b/.github/workflows/integration_tests.yml @@ -0,0 +1,60 @@ +name: Mailcow Integration Tests + +on: + push: + branches: [ "master", "staging" ] + workflow_dispatch: + +jobs: + integration_tests: + runs-on: ubuntu-latest + steps: + - name: Setup Ansible + run: | + export DEBIAN_FRONTEND=noninteractive + sudo apt-get update + sudo apt-get install python3 python3-pip git + sudo pip3 install ansible + - name: Prepair Test Environment + run: | + git clone https://github.com/mailcow/mailcow-integration-tests.git --branch $(curl -sL https://api.github.com/repos/mailcow/mailcow-integration-tests/releases/latest | jq -r '.tag_name') --single-branch . + ./fork_check.sh + ./ci.sh + ./ci-pip-requirements.sh + env: + VAULT_PW: ${{ secrets.MAILCOW_TESTS_VAULT_PW }} + VAULT_FILE: ${{ secrets.MAILCOW_TESTS_VAULT_FILE }} + - name: Start Integration Test Server + run: | + ./fork_check.sh + ansible-playbook mailcow-start-server.yml --diff + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + ANSIBLE_HOST_KEY_CHECKING: 'false' + - name: Setup Integration Test Server + run: | + ./fork_check.sh + sleep 30 + ansible-playbook mailcow-setup-server.yml --private-key id_ssh_rsa --diff + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + ANSIBLE_HOST_KEY_CHECKING: 'false' + - name: Run Integration Tests + run: | + ./fork_check.sh + ansible-playbook mailcow-integration-tests.yml --private-key id_ssh_rsa --diff + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + ANSIBLE_HOST_KEY_CHECKING: 'false' + - name: Delete Integration Test Server + if: always() + run: | + ./fork_check.sh + ansible-playbook mailcow-delete-server.yml --diff + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + ANSIBLE_HOST_KEY_CHECKING: 'false' diff --git a/.github/workflows/tweet-trigger-publish-release.yml b/.github/workflows/tweet-trigger-publish-release.yml new file mode 100644 index 000000000..82f1dc3a8 --- /dev/null +++ b/.github/workflows/tweet-trigger-publish-release.yml @@ -0,0 +1,17 @@ +name: "Tweet trigger release" +on: + release: + types: [published] + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Tweet-trigger-publish-release + uses: mugi111/tweet-trigger-release@v1.1 + with: + consumer_key: ${{ secrets.CONSUMER_KEY }} + consumer_secret: ${{ secrets.CONSUMER_SECRET }} + access_token_key: ${{ secrets.ACCESS_TOKEN_KEY }} + access_token_secret: ${{ secrets.ACCESS_TOKEN_SECRET }} + tweet_body: 'A new mailcow-dockerized Release has been Released on GitHub! Checkout our GitHub Page for the latest Release: github.com/mailcow/mailcow-dockerized/releases/latest' diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..de63ca3eb --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,42 @@ +# Security Policies and Procedures + +This document outlines security procedures and general policies for the _mailcow: dockerized_ project as found on [mailcow-dockerized](https://github.com/mailcow/mailcow-dockerized). + + * [Reporting a Vulnerability](#reporting-a-vulnerability) + * [Disclosure Policy](#disclosure-policy) + * [Comments on this Policy](#comments-on-this-policy) + +## Reporting a Vulnerability + +The mailcow team and community take all security vulnerabilities +seriously. Thank you for improving the security of our open source +software. We appreciate your efforts and responsible disclosure and will +make every effort to acknowledge your contributions. + +Report security vulnerabilities by emailing the mailcow team at: + + info at servercow.de + +mailcow team will acknowledge your email as soon as possible, and will +send a more detailed response afterwards indicating the next steps in +handling your report. After the initial reply to your report, the mailcow +team will endeavor to keep you informed of the progress towards a fix and +full announcement, and may ask for additional information or guidance. + +Report security vulnerabilities in third-party modules to the person or +team maintaining the module. + +## Disclosure Policy + +When the mailcow team receives a security bug report, they will assign it +to a primary handler. This person will coordinate the fix and release +process, involving the following steps: + + * Confirm the problem and determine the affected versions. + * Audit code to find any potential similar problems. + * Prepare fixes for all releases still under maintenance. + +## Comments on this Policy + +If you have suggestions on how this process could be improved please submit a +pull request.