From 1a05101f5031bcda864bc9e10d49cc52d26de2e5 Mon Sep 17 00:00:00 2001 From: Niklas Meyer <62480600+DerLinkman@users.noreply.github.com> Date: Fri, 8 Jul 2022 21:39:22 +0200 Subject: [PATCH 1/5] Create tweet-trigger-publish-release,yml --- .../workflows/tweet-trigger-publish-release,yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 .github/workflows/tweet-trigger-publish-release,yml diff --git a/.github/workflows/tweet-trigger-publish-release,yml b/.github/workflows/tweet-trigger-publish-release,yml new file mode 100644 index 000000000..a8f407773 --- /dev/null +++ b/.github/workflows/tweet-trigger-publish-release,yml @@ -0,0 +1,17 @@ +name: "tweet-trigger-release" +on: + release: + types: [published] + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Tweet-trigger-publish-release + uses: mugi111/tweet-trigger-release@v1.1 + with: + consumer_key: ${{ secrets.TWITTER_CONSUMER_KEY }} + consumer_secret: ${{ secrets.TWITTER_CONSUMER_SECRET }} + access_token_key: ${{ secrets.TWITTER_ACCESS_TOKEN_KEY }} + access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }} + tweet_body: 'A new mailcow-dockerized Release has been Released on GitHub! Checkout our GitHub Page for the latest Release: github.com/mailcow/mailcow-dockerized/releases/latest' From c62daa0c59f9431a785c46c52b70baf9b0dbccde Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Fri, 8 Jul 2022 21:41:48 +0200 Subject: [PATCH 2/5] Corrected , to . for new workflow --- ...gger-publish-release,yml => tweet-trigger-publish-release.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{tweet-trigger-publish-release,yml => tweet-trigger-publish-release.yml} (100%) diff --git a/.github/workflows/tweet-trigger-publish-release,yml b/.github/workflows/tweet-trigger-publish-release.yml similarity index 100% rename from .github/workflows/tweet-trigger-publish-release,yml rename to .github/workflows/tweet-trigger-publish-release.yml From 1c0eab989342825b6af08e1b095ecebede2784b8 Mon Sep 17 00:00:00 2001 From: ntimo Date: Mon, 11 Jul 2022 15:41:16 +0000 Subject: [PATCH 3/5] [CI] Added Mailcow tests & image builds --- .github/workflows/image_builds.yml | 41 +++++++++++++ .github/workflows/integration_tests.yml | 60 +++++++++++++++++++ .../tweet-trigger-publish-release.yml | 2 +- 3 files changed, 102 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/image_builds.yml create mode 100644 .github/workflows/integration_tests.yml diff --git a/.github/workflows/image_builds.yml b/.github/workflows/image_builds.yml new file mode 100644 index 000000000..34d05717a --- /dev/null +++ b/.github/workflows/image_builds.yml @@ -0,0 +1,41 @@ +name: Build Mailcow Docker Images + +on: + push: + branches: [ "master", "staging" ] + workflow_dispatch: + +jobs: + docker_image_builds: + strategy: + matrix: + images: ["acme-mailcow", + "clamd-mailcow", + "dockerapi-mailcow", + "dovecot-mailcow", + "netfilter-mailcow", + "olefy-mailcow", + "php-fpm-mailcow", + "postfix-mailcow", + "rspamd-mailcow", + "sogo-mailcow", + "solr-mailcow", + "unbound-mailcow", + "watchdog-mailcow"] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Setup Docker + run: | + curl -sSL https://get.docker.com/ | CHANNEL=stable sudo sh + sudo service docker start + sudo curl -L https://github.com/docker/compose/releases/download/v$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose + sudo chmod +x /usr/local/bin/docker-compose + - name: Prepair Image Builds + run: | + cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml + - name: Build Docker Images + run: | + docker-compose build ${image} + env: + image: ${{ matrix.images }} diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml new file mode 100644 index 000000000..c31a1a624 --- /dev/null +++ b/.github/workflows/integration_tests.yml @@ -0,0 +1,60 @@ +name: Mailcow Integration Tests + +on: + push: + branches: [ "master", "staging" ] + workflow_dispatch: + +jobs: + integration_tests: + runs-on: ubuntu-latest + steps: + - name: Setup Ansible + run: | + export DEBIAN_FRONTEND=noninteractive + sudo apt-get update + sudo apt-get install python3 python3-pip git + sudo pip3 install ansible + - name: Prepair Test Environment + run: | + git clone https://github.com/mailcow/mailcow-integration-tests.git --branch $(curl -sL https://api.github.com/repos/mailcow/mailcow-integration-tests/releases/latest | jq -r '.tag_name') --single-branch . + ./fork_check.sh + ./ci.sh + ./ci-pip-requirements.sh + env: + VAULT_PW: ${{ secrets.MAILCOW_TESTS_VAULT_PW }} + VAULT_FILE: ${{ secrets.MAILCOW_TESTS_VAULT_FILE }} + - name: Start Integration Test Server + run: | + ./fork_check.sh + ansible-playbook mailcow-start-server.yml --diff + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + ANSIBLE_HOST_KEY_CHECKING: 'false' + - name: Setup Integration Test Server + run: | + ./fork_check.sh + sleep 30 + ansible-playbook mailcow-setup-server.yml --private-key id_ssh_rsa --diff + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + ANSIBLE_HOST_KEY_CHECKING: 'false' + - name: Run Integration Tests + run: | + ./fork_check.sh + ansible-playbook mailcow-integration-tests.yml --private-key id_ssh_rsa --diff + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + ANSIBLE_HOST_KEY_CHECKING: 'false' + - name: Delete Integration Test Server + if: always() + run: | + ./fork_check.sh + ansible-playbook mailcow-delete-server.yml --diff + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + ANSIBLE_HOST_KEY_CHECKING: 'false' diff --git a/.github/workflows/tweet-trigger-publish-release.yml b/.github/workflows/tweet-trigger-publish-release.yml index a8f407773..13f7dd764 100644 --- a/.github/workflows/tweet-trigger-publish-release.yml +++ b/.github/workflows/tweet-trigger-publish-release.yml @@ -1,4 +1,4 @@ -name: "tweet-trigger-release" +name: "Tweet trigger release" on: release: types: [published] From 8b314acfcf183ae2f0c566aaf35d0e9a9488d3da Mon Sep 17 00:00:00 2001 From: Peter Date: Mon, 11 Jul 2022 21:06:23 +0200 Subject: [PATCH 4/5] Create SECURITY.md --- SECURITY.md | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..de63ca3eb --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,42 @@ +# Security Policies and Procedures + +This document outlines security procedures and general policies for the _mailcow: dockerized_ project as found on [mailcow-dockerized](https://github.com/mailcow/mailcow-dockerized). + + * [Reporting a Vulnerability](#reporting-a-vulnerability) + * [Disclosure Policy](#disclosure-policy) + * [Comments on this Policy](#comments-on-this-policy) + +## Reporting a Vulnerability + +The mailcow team and community take all security vulnerabilities +seriously. Thank you for improving the security of our open source +software. We appreciate your efforts and responsible disclosure and will +make every effort to acknowledge your contributions. + +Report security vulnerabilities by emailing the mailcow team at: + + info at servercow.de + +mailcow team will acknowledge your email as soon as possible, and will +send a more detailed response afterwards indicating the next steps in +handling your report. After the initial reply to your report, the mailcow +team will endeavor to keep you informed of the progress towards a fix and +full announcement, and may ask for additional information or guidance. + +Report security vulnerabilities in third-party modules to the person or +team maintaining the module. + +## Disclosure Policy + +When the mailcow team receives a security bug report, they will assign it +to a primary handler. This person will coordinate the fix and release +process, involving the following steps: + + * Confirm the problem and determine the affected versions. + * Audit code to find any potential similar problems. + * Prepare fixes for all releases still under maintenance. + +## Comments on this Policy + +If you have suggestions on how this process could be improved please submit a +pull request. From 94f4ec8b966db57e6623b37ea4a62cc18e113c53 Mon Sep 17 00:00:00 2001 From: Niklas Meyer <62480600+DerLinkman@users.noreply.github.com> Date: Fri, 15 Jul 2022 10:53:51 +0200 Subject: [PATCH 5/5] Update tweet-trigger-publish-release.yml --- .github/workflows/tweet-trigger-publish-release.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/tweet-trigger-publish-release.yml b/.github/workflows/tweet-trigger-publish-release.yml index 13f7dd764..82f1dc3a8 100644 --- a/.github/workflows/tweet-trigger-publish-release.yml +++ b/.github/workflows/tweet-trigger-publish-release.yml @@ -10,8 +10,8 @@ jobs: - name: Tweet-trigger-publish-release uses: mugi111/tweet-trigger-release@v1.1 with: - consumer_key: ${{ secrets.TWITTER_CONSUMER_KEY }} - consumer_secret: ${{ secrets.TWITTER_CONSUMER_SECRET }} - access_token_key: ${{ secrets.TWITTER_ACCESS_TOKEN_KEY }} - access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }} + consumer_key: ${{ secrets.CONSUMER_KEY }} + consumer_secret: ${{ secrets.CONSUMER_SECRET }} + access_token_key: ${{ secrets.ACCESS_TOKEN_KEY }} + access_token_secret: ${{ secrets.ACCESS_TOKEN_SECRET }} tweet_body: 'A new mailcow-dockerized Release has been Released on GitHub! Checkout our GitHub Page for the latest Release: github.com/mailcow/mailcow-dockerized/releases/latest'