Add caching to build (#369)

* Rename publish workflow

* Add caching to v5

* Updated cache buster

.github/workflows/build-image-v5.yml

@@ -0,0 +1,57 @@
+name: Build Container Image
+
+# When its time to do a release do a full cross platform build for all supported
+# architectures and push all of them to Docker Hub.
+# Only trigger on semver shaped tags.
+# Ref: https://github.com/metcalfc/docker-action-examples/blob/main/.github/workflows/release.yml
+on:
+  pull_request:
+    paths:
+      - "alpine/5/**"
+  push:
+    paths:
+      - "alpine/5/**"
+    branches:
+      - master
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+        with:
+          platforms: all
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-5-${{ hashFiles('alpine/5/cache_buster') }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-5-${{ hashFiles('alpine/5/cache_buster') }}
+
+      - name: Build
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: ./alpine/5/
+          build-args: INVOICENINJA_VERSION=5-stable
+          target: prod
+          platforms: linux/amd64,linux/arm64
+          tags: invoiceninja/invoiceninja:cache
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
+
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache

.github/workflows/publish-image.yml

@@ -1,4 +1,4 @@
-name: Publish Releases to Hub
+name: Publish Container Image
 
 # When its time to do a release do a full cross platform build for all supported
 # architectures and push all of them to Docker Hub.
@@ -44,13 +44,13 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@v1
 
-      # - name: Cache Docker layers
-      #   uses: actions/cache@v2
-      #   with:
-      #     path: /tmp/.buildx-cache
-      #     key: ${{ runner.os }}-buildx-${{ github.sha }}
-      #     restore-keys: |
-      #       ${{ runner.os }}-buildx-
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ steps.prep.outputs.major }}-${{ hashFiles('alpine/${{ steps.prep.outputs.major }}/**') }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-${{ steps.prep.outputs.major }}-${{ hashFiles('alpine/${{ steps.prep.outputs.major }}/**') }}
 
       - name: Login to DockerHub
         if: github.event_name != 'pull_request'
@@ -70,8 +70,8 @@ jobs:
           platforms: linux/amd64,linux/arm64
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.prep.outputs.tags }}
-          cache-from: invoiceninja/invoiceninja:${{ steps.prep.outputs.major }}
-          cache-to: type=inline
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
 
       - name: Image digest
         run: echo ${{ steps.docker_build.outputs.digest }}

.github/workflows/release.yaml

@@ -27,6 +27,6 @@ jobs:
           helm repo add bitnami https://charts.bitnami.com/bitnami
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@master
+        uses: helm/chart-releaser-action@v1.2.1
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

Makefile

@@ -17,15 +17,15 @@ VERSION=$(shell echo ${TAG} | sed "s/-.*//")
 
 # Building docker images based on alpine.
 # Assigned tags:
-#   - :alpine
-#   - :alpine-<RELEASE VERSION>
+#   - :4
+#   - :<RELEASE VERSION>
 .PHONY: build-alpine
 build-alpine:
 ifeq ($(IS_V5),)
 	$(info Make: Building "$(VERSION)" tagged images from alpine.)
-	@docker build -t ${HUB_NAMESPACE}/${IMAGE}:alpine-${VERSION} --build-arg INVOICENINJA_VERSION=${VERSION} ./alpine/4/
-	# Tag as alpine-4
-	@docker tag ${HUB_NAMESPACE}/${IMAGE}:alpine-${VERSION} ${HUB_NAMESPACE}/${IMAGE}:alpine-4
+	@docker build -t ${HUB_NAMESPACE}/${IMAGE}:${VERSION} --build-arg INVOICENINJA_VERSION=${VERSION} ./alpine/4/
+	# Tag as 4
+	@docker tag ${HUB_NAMESPACE}/${IMAGE}:alpine-${VERSION} ${HUB_NAMESPACE}/${IMAGE}:4
 	$(info Make: Done.)
 endif
 
@@ -33,8 +33,8 @@ endif
 push-alpine:
 ifeq ($(IS_V5),)
 	$(info Make: Pushing tagged images from alpine.)
-	@docker push ${HUB_NAMESPACE}/${IMAGE}:alpine-${VERSION}
-	@docker push ${HUB_NAMESPACE}/${IMAGE}:alpine-4
+	@docker push ${HUB_NAMESPACE}/${IMAGE}:${VERSION}
+	@docker push ${HUB_NAMESPACE}/${IMAGE}:4
 	$(info Make: Done.)
 endif
 

README.md

@@ -2,6 +2,8 @@
 [![Docker image, latest](https://img.shields.io/docker/image-size/invoiceninja/invoiceninja/latest?label=latest)](https://hub.docker.com/r/invoiceninja/invoiceninja)
 [![Docker image, alpine](https://img.shields.io/docker/image-size/invoiceninja/invoiceninja/alpine?label=alpine)](https://hub.docker.com/r/invoiceninja/invoiceninja)
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/invoiceninja)](https://artifacthub.io/packages/search?repo=invoiceninja)
+[![Pusblish Image](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image.yaml) [![Cache v5 Image](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-v5.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-v5.yaml)
+
 
 
 # Docker for [Invoice Ninja](https://www.invoiceninja.com/)
@@ -31,21 +33,19 @@ git clone https://github.com/invoiceninja/dockerfiles.git
 cd dockerfiles
 ```
 
-Instead of defining our environment variables inside our docker-compose.yml file we now define this in the `env` file, open this file up and insert your `APP_URL` and your `APP_KEY`
+Instead of defining our environment variables inside our docker-compose.yml file we now define this in the `env` file, open this file up and insert your `APP_URL`, `APP_KEY` and update the rest of the variables as required.
 
 ```
 APP_URL=http://in.localhost:8003/
 APP_KEY=<insert your generated key in here>
 APP_DEBUG=true
-MULTI_DB_ENABLED=false
-DB_HOST1=db
-DB_PORT1=3306
-DB_USERNAME1=ninja
-DB_PASSWORD1=ninja
-DB_DATABASE1=ninja
-PHANTOMJS_PDF_GENERATION=false
+REQUIRE_HTTPS=false
+IN_USER_EMAIL=
+IN_PASSWORD=
 ```
 
+If `IN_USER_EMAIL` and `IN_PASSWORD` is not set the default user email and password is "admin@example.com" and "changeme!" respectively. You will use this for the initial login, thereafter, you can delete this two environment variables.
+
 The `APP_KEY` can be generated by running
 
 ```bash

alpine/4/rootfs/usr/local/bin/docker-entrypoint

@@ -83,7 +83,7 @@ fi
 rm -rf "$BAK_PUBLIC_PATH"
 
 # Set permission for web server to create/update files (only <v4)
-chown -R "$INVOICENINJA_USER":www-data /var/www/app/storage /var/www/app/public /var/www/app/bootstrap
+chown -R "$INVOICENINJA_USER":"$INVOICENINJA_USER" /var/www/app/storage /var/www/app/public /var/www/app/bootstrap
 
 # Initialize values that might be stored in a file
 file_env 'APP_KEY'

alpine/5/Dockerfile

@@ -28,7 +28,7 @@ RUN npm install --production \
     && mv /var/www/app/public $BAK_PUBLIC_PATH  
 
 # Prepare php image
-FROM php:${PHP_VERSION}-fpm-alpine as prod
+FROM php:${PHP_VERSION}-fpm-alpine3.13 as prod
 ARG INVOICENINJA_VERSION
 ARG BAK_STORAGE_PATH
 ARG BAK_PUBLIC_PATH

alpine/5/cache_buster

@@ -0,0 +1 @@
+Fri Jul  2 7:33:22 +00 2021

alpine/5/rootfs/docker-entrypoint-init.d/10-init-in.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+php artisan db:seed --force
+
+# Build up array of arguments...
+if [[ ! -z "${IN_USER_EMAIL}" ]]; then
+    email="--email ${IN_USER_EMAIL}"
+fi
+
+if [[ ! -z "${IN_PASSWORD}" ]]; then
+    password="--password ${IN_PASSWORD}"
+fi
+
+php artisan ninja:create-account $email $password

alpine/5/rootfs/usr/local/bin/docker-entrypoint

@@ -27,60 +27,71 @@ file_env() {
     local fileVar="${var}_FILE"
     local def="${2:-}"
 
-    if [ "$(ie_gv ${var})" != "" ] && [ "$(ie_gv ${fileVar})" != "" ]; then
-        in_error "Both $var and $fileVar are set (but are exclusive)"
-    fi
-
-    local val="$def"
     if [ "$(ie_gv ${var})" != "" ]; then
-        val=$(ie_gv ${var})
-    elif [ "$(ie_gv ${fileVar})" != "" ]; then
-        val=$(cat $(ie_gv ${fileVar}))
+        if [ "$(ie_gv ${fileVar})" != "" ]; then
+            in_error "Both $var and $fileVar are set (but are exclusive)"
+        fi
+        unset "$fileVar"
+        return
+    fi
+
+    if [ "$(ie_gv ${fileVar})" != "" ] && [ -f "$(ie_gv ${fileVar})" ]; then
+        export "$var"="$(cat $(ie_gv ${fileVar}))"
+    elif [ ! -z "$def" ]; then
+        export "$var"="$def"
     fi
 
-    export "$var"="$val"
     unset "$fileVar"
 }
 
 # first arg is `-f` or `--some-option`
 if [ "${1#-}" != "$1" ]; then
-    set -- php-fpm "$@"
+    set -- supervisord "$@"
 fi
 
 # create storage volume
-if [ ! -d /var/www/app/storage ] && [ -d "$BAK_STORAGE_PATH" ]; then
-    mv "$BAK_STORAGE_PATH" /var/www/app/storage
-elif [ -d "$BAK_STORAGE_PATH" ]; then
-    # copy missing folders in storage
-    IN_STORAGE_BACKUP="$(ls "$BAK_STORAGE_PATH")"
-    for path in $IN_STORAGE_BACKUP; do
-        if [ ! -e "/var/www/app/storage/$path" ]; then
-            cp -Rp "$BAK_STORAGE_PATH/$path" "/var/www/app/storage/"
-        fi
-    done
+if [ -d "$BAK_STORAGE_PATH" ]; then
+    if [ ! -d /var/www/app/storage ]; then
+        mv "$BAK_STORAGE_PATH" /var/www/app/storage
+    else
+        # copy missing folders in storage
+        IN_STORAGE_BACKUP="$(ls "$BAK_STORAGE_PATH")"
+        for path in $IN_STORAGE_BACKUP; do
+            if [ ! -e "/var/www/app/storage/$path" ]; then
+                cp -Rp "$BAK_STORAGE_PATH/$path" "/var/www/app/storage/"
+            fi
+        done
+    fi
+    rm -rf "$BAK_STORAGE_PATH"
+fi
+
+# prevent init scripts from running when upgrading from IN <= 5.1.62
+if [ -f /var/www/app/public/version ] && [ "$INVOICENINJA_VERSION" != "$(cat /var/www/app/public/version)" ]; then
+    touch /var/www/app/storage/.initialized
 fi
-rm -rf "$BAK_STORAGE_PATH"
 
 # create public volume
-if [ ! -d /var/www/app/public ] && [ -d "$BAK_PUBLIC_PATH" ]; then
-    mv "$BAK_PUBLIC_PATH" /var/www/app/public
-elif [ ! -e /var/www/app/public/version ] || [ "$INVOICENINJA_VERSION" != "$(cat /var/www/app/public/version)" ]; then
-    # version mismatch, update all
-    cp -au "$BAK_PUBLIC_PATH/"* /var/www/app/public
-    echo "$INVOICENINJA_VERSION" >/var/www/app/public/version
-elif [ ! -d /var/www/app/public/logo ] && [ -d "$BAK_PUBLIC_PATH/logo" ]; then
-    # missing logo folder only, copy folder
-    cp -a "$BAK_PUBLIC_PATH/logo" /var/www/app/public/logo
-elif [ -d "$BAK_PUBLIC_PATH/logo" ]; then
-    # copy missing folders in logo
-    IN_LOGO_BACKUP="$(ls "$BAK_PUBLIC_PATH/logo")"
-    for path in $IN_LOGO_BACKUP; do
-        if [ ! -e "/var/www/app/public/logo/$path" ]; then
-            cp -a "$BAK_PUBLIC_PATH/logo/$path" "/var/www/app/public/logo/"
-        fi
-    done
+if [ -d "$BAK_PUBLIC_PATH" ]; then
+    if [ ! -d /var/www/app/public ]; then
+        mv "$BAK_PUBLIC_PATH" /var/www/app/public
+    elif [ ! -f /var/www/app/public/version ] || [ "$INVOICENINJA_VERSION" != "$(cat /var/www/app/public/version)" ]; then
+        # version mismatch, update all
+        cp -au "$BAK_PUBLIC_PATH/"* /var/www/app/public
+        echo "$INVOICENINJA_VERSION" >/var/www/app/public/version
+    elif [ ! -d /var/www/app/public/logo ] && [ -d "$BAK_PUBLIC_PATH/logo" ]; then
+        # missing logo folder only, copy folder
+        cp -a "$BAK_PUBLIC_PATH/logo" /var/www/app/public/logo
+    elif [ -d "$BAK_PUBLIC_PATH/logo" ]; then
+        # copy missing folders in logo
+        IN_LOGO_BACKUP="$(ls "$BAK_PUBLIC_PATH/logo")"
+        for path in $IN_LOGO_BACKUP; do
+            if [ ! -e "/var/www/app/public/logo/$path" ]; then
+                cp -a "$BAK_PUBLIC_PATH/logo/$path" "/var/www/app/public/logo/"
+            fi
+        done
+    fi
+    rm -rf "$BAK_PUBLIC_PATH"
 fi
-rm -rf "$BAK_PUBLIC_PATH"
 
 # Initialize values that might be stored in a file
 file_env 'APP_KEY'
@@ -98,10 +109,10 @@ file_env 'MAILGUN_SECRET'
 file_env 'S3_KEY'
 file_env 'S3_SECRET'
 
-# Run Laravel stuff
+# Run IN/Laravel stuff
 if [[ "$1" == "supervisord" ]] || [[ "$1" == "php-fpm" ]]; then
-    echo "Initialising Laravel..."
-    . laravel-init.sh
+    in_log INFO "Initialising Invoice Ninja..."
+    . invoiceninja-init.sh
 fi
 
 exec docker-php-entrypoint "$@"

alpine/5/rootfs/usr/local/bin/invoiceninja-init.sh

@@ -0,0 +1,44 @@
+#!/bin/sh
+
+# usage: docker_process_init_files [file [file [...]]]
+#    ie: docker_process_init_files /always-initdb.d/*
+# process initializer files, based on file extensions
+docker_process_init_files() {
+    echo
+    local f
+    for f; do
+        case "$f" in
+        *.sh)
+            # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
+            # https://github.com/docker-library/postgres/pull/452
+            if [ -x "$f" ]; then
+                in_log INFO "$0: running $f"
+                "$f"
+            else
+                in_log INFO "$0: sourcing $f"
+                . "$f"
+            fi
+            ;;
+        *) in_log INFO "$0: ignoring $f" ;;
+        esac
+        echo
+    done
+}
+
+php artisan config:cache
+php artisan optimize
+
+# Check if DB works, if not crash the app.
+DB_READY=$(php artisan tinker --execute='echo app()->call("App\Utils\SystemHealth@dbCheck")["success"];')
+if [ "$DB_READY" != "1" ]; then
+    php artisan migrate:status # Print verbose error
+    in_error "Error connecting to DB"
+fi
+
+php artisan migrate --force
+
+# If first IN run, it needs to be initialized
+if [ ! -f /var/www/app/storage/.initialized ]; then
+    docker_process_init_files /docker-entrypoint-init.d/*
+    touch /var/www/app/storage/.initialized
+fi

alpine/5/rootfs/usr/local/bin/laravel-init.sh

@@ -1,5 +0,0 @@
-#!/bin/sh
-
-php artisan config:cache
-php artisan optimize
-php artisan migrate --force

charts/invoiceninja/Chart.lock

@@ -1,15 +1,15 @@
 dependencies:
 - name: common
   repository: https://charts.bitnami.com/bitnami
-  version: 1.4.2
+  version: 1.4.3
 - name: nginx
   repository: https://charts.bitnami.com/bitnami
-  version: 8.8.1
+  version: 8.8.5
 - name: mariadb
   repository: https://charts.bitnami.com/bitnami
-  version: 9.3.6
+  version: 9.3.11
 - name: redis
   repository: https://charts.bitnami.com/bitnami
   version: 12.9.2
-digest: sha256:fd3577637e412f553b3300f0c174ea7282073e0971da621d2f5c0e43b8f2fdfc
-generated: "2021-04-07T20:59:19.568334+08:00"
+digest: sha256:4255a558312b033e820635f491b0960bd4ec8e716164025212af06adafbd4cb9
+generated: "2021-05-11T09:31:45.433+08:00"

charts/invoiceninja/Chart.yaml

@@ -13,11 +13,11 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.2
+version: 0.5.1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 5.1.41
+appVersion: 5.1.64
 keywords:
   - invoiceninja
 home: https://invoiceninja.github.io/dockerfiles

charts/invoiceninja/README.md

@@ -1,6 +1,6 @@
 # Invoice Ninja Helm Chart
 
-This helm chart installs a Invoice Ninja and its dependencies into a running
+This helm chart installs Invoice Ninja (IN) and its dependencies into a running
 Kubernetes cluster.
 
 The chart installs the [Invoice Ninja](https://hub.docker.com/r/invoiceninja/invoiceninja) docker image.
@@ -81,15 +81,20 @@ The following table shows the configuration options for the Invoice Ninja helm c
 | `serviceAccountName` | Name of a service account for the Invoice Ninja pods             | `default`                                               |
 | `debug`              | Turn on debug mode on Invoice Ninja                              | `false`                                                 |
 | `appKey`             | Laravel Application Key                                          | _random 32 character alphanumeric string_               |
+| `userEmail`          | Initial user email address                                       | `admin@example.com`                                     |
+| `userPassword`       | Initial user password                                            | `changeme!`                                             |
 | `logChannel`         | Name of log channel to use                                       | `nil`                                                   |
 | `broadcastDriver`    | Name of broadcast driver to use                                  | `nil`                                                   |
 | `cacheDriver`        | Name of cache driver to use                                      | `nil`                                                   |
 | `sessionDriver`      | Name of session driver to use                                    | `nil`                                                   |
 | `queueConnection`    | Name of queue connection to use                                  | `nil`                                                   |
 | `snappdf`            | Use snappdf instead of Phantom JS PDF generation                 | `true`                                                  |
+| `mailer`             | Name of the mailer to use (log, smtp, etc.)                      | `log`                                                   |
+| `requireHttps`       | Force HTTPS for internal connections to Invoice Ninja (see #349) | `false`                                                 |
 | `extraEnvVars`       | Extra environment variables to be set on Invoice Ninja container | `{}`                                                    |
 | `extraEnvVarsCM`     | Name of existing ConfigMap containing extra env vars             | `nil`                                                   |
 | `extraEnvVarsSecret` | Name of existing Secret containing extra env vars                | `nil`                                                   |
+| `trustedProxy`       | List of trusted proxies for Invoice Ninja to communicate with the nginx proxy | `'*'`                                                   |
 
 ### Invoice Ninja deployment parameters
 
@@ -115,6 +120,18 @@ The following table shows the configuration options for the Invoice Ninja helm c
 | `extraVolumeMounts`         | Additional volume mounts                                                                  | `[]`                           |
 | `extraVolumes`              | Additional volumes                                                                        | `[]`                           |
 
+### Volume Permissions parameters
+
+| Parameter                             | Description                                                                                                          | Default                                                 |
+| ------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------- |
+| `volumePermissions.enabled`           | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false`                                                 |
+| `volumePermissions.image.registry`    | Init container volume-permissions image registry                                                                     | `docker.io`                                             |
+| `volumePermissions.image.repository`  | Init container volume-permissions image name                                                                         | `bitnami/bitnami-shell`                                 |
+| `volumePermissions.image.tag`         | Init container volume-permissions image tag                                                                          | `"10"`                                                  |
+| `volumePermissions.image.pullPolicy`  | Init container volume-permissions image pull policy                                                                  | `Always`                                                |
+| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array                                                                     | `[]` (does not add image pull secrets to deployed pods) |
+| `volumePermissions.resources`         | Init container volume-permissions resource                                                                           | `{}`                                                    |
+
 ### Exposure parameters
 
 | Parameter                          | Description                                                                | Default                        |
@@ -224,10 +241,49 @@ The above command sets the number of replicas to 3 for a highly available (HA) s
 
 Alternatively, a YAML file that specifies the values for the parameters can be provided while [installing](https://helm.sh/docs/helm/helm_install/) the chart. For example,
 
+```yaml
+# values.yaml
+appKey: changeit
+replicaCount: 3
+nginx:
+  replicaCount: 3
+redis:
+  cluster:
+    slaveCount: 3
+  password: changeit
+mariadb:
+  auth:
+    rootPassword: changeit
+    password: changeit
+```
+
 ```bash
 helm install invoiceninja -f values.yaml invoiceninja/invoiceninja
 ```
 
+## Setting Environment Variables
+
+Should you need to inject any environment variables such as those in [here](https://github.com/invoiceninja/dockerfiles/blob/master/env) into the `invoiceninja` container, you can use the `extraEnvVars` option:
+
+```yaml
+# ... values.yaml file
+# In this example, we are setting the SMTP MAIL_HOST to be 'smtp.mailtrap.io'
+extraEnvVars:
+  - name: MAIL_HOST
+    value: 'smtp.mailtrap.io' # all values must be strings, so other types must be surrounded in quotes
+```
+
+Alternatively you can provide the name of an existing `configmap` or `secret` object:
+
+```bash
+kubectl create configmap examplemap --from-literal=MAIL_HOST='smtp.mailtrap.io'
+```
+
+```yaml
+# ... values.yaml file
+extraEnvVarsCM: examplemap
+```
+
 ## Upgrading
 
 Nothing yet.

charts/invoiceninja/templates/_helpers.tpl

@@ -9,7 +9,14 @@ Return the proper image name
 Return the proper Docker Image Registry Secret Names
 */}}
 {{- define "invoiceninja.imagePullSecrets" -}}
-{{- include "common.images.pullSecrets" (dict "images" (list .Values.image ) "global" .Values.global) -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "invoiceninja.volumePermissions.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
 {{- end -}}
 
 {{/*
@@ -52,14 +59,14 @@ Create the name of the service account to use
 Return the proper Storage Class
 */}}
 {{- define "invoiceninja.public.storageClass" -}}
-{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}}
+{{- include "common.storage.class" (dict "persistence" .Values.persistence.public "global" .Values.global) -}}
 {{- end -}}
 
 {{/*
 Return the proper Storage Class
 */}}
 {{- define "invoiceninja.storage.storageClass" -}}
-{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}}
+{{- include "common.storage.class" (dict "persistence" .Values.persistence.storage "global" .Values.global) -}}
 {{- end -}}
 
 {{/*

charts/invoiceninja/templates/configmap.yaml

@@ -13,20 +13,25 @@ metadata:
   {{- end }}
 data:
   {{- if .Values.nginx.ingress.enabled }}
+  {{- if .Values.nginx.ingress.tls }}
+  APP_URL: "https://{{ .Values.nginx.ingress.hostname }}"
+  {{- else }}
   APP_URL: "http://{{ .Values.nginx.ingress.hostname }}"
+  {{- end }}
   {{- else }}
   APP_URL: "http://{{ include "common.names.fullname" . }}"
   {{- end }}
   APP_DEBUG: {{ .Values.debug | quote }}
-  DB_HOST1: {{ include "invoiceninja.databaseHost" . | quote }}
-  DB_PORT1: {{ include "invoiceninja.databasePort" . | quote }}
-  DB_USERNAME1: {{ include "invoiceninja.databaseUser" . | quote }}
-  DB_DATABASE1: {{ include "invoiceninja.databaseName" . | quote }}
+  DB_HOST: {{ include "invoiceninja.databaseHost" . | quote }}
+  DB_PORT: {{ include "invoiceninja.databasePort" . | quote }}
+  DB_USERNAME: {{ include "invoiceninja.databaseUser" . | quote }}
+  DB_DATABASE: {{ include "invoiceninja.databaseName" . | quote }}
   {{- if .Values.logChannel }}
   LOG_CHANNEL: {{ .Values.logChannel | quote }}
   {{- else }}
   LOG_CHANNEL: stderr
   {{- end }}
+  MAIL_MAILER: {{ .Values.mailer | quote }}
   {{- if .Values.broadcastDriver }}
   BROADCAST_DRIVER: {{ .Values.broadcastDriver | quote }}
   {{- else if or .Values.redis.enabled .Values.externalRedis.host }}
@@ -56,3 +61,5 @@ data:
   REDIS_CACHE_CONNECTION: {{ include "invoiceninja.redisCacheConnection" . | quote }}
   REDIS_QUEUE_CONNECTION: {{ include "invoiceninja.redisQueueConnection" . | quote }}
   SESSION_CONNECTION: {{ include "invoiceninja.redisSessionConnection" . | quote }}
+  REQUIRE_HTTPS: {{ .Values.requireHttps | quote }}
+  TRUSTED_PROXIES: {{ .Values.trustedProxies | quote }}

charts/invoiceninja/templates/deployment.yaml

@@ -63,12 +63,14 @@ spec:
             - -cx
             - |
               COUNTER=0;
-              while [  $COUNTER -lt 120 ]; do
-                if mysqladmin ping -h "$DB_HOST1" -P $DB_PORT1 --silent; then
+              [[ -z "${DB_HOST1}" ]] || DB_HOST="${DB_HOST1}";
+              [[ -z "${DB_PORT1}" ]] || DB_PORT="${DB_PORT1}";
+              while [ $COUNTER -lt 120 ]; do
+                if mysqladmin ping -h "$DB_HOST" -P $DB_PORT --silent; then
                   exit 0;
                 fi;
                 let COUNTER=COUNTER+1;
-                echo "Waiting for DB ($DB_HOST1:$DB_PORT1)"
+                echo "Waiting for DB... Trying again in 2s";
                 sleep 2;
               done;
               echo "Did NOT see a database after 240 secs!";
@@ -81,6 +83,38 @@ spec:
           envFrom:
             - configMapRef:
                 name: {{ include "common.names.fullname" . }}
+            {{- if .Values.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
+            {{- end }}
+            {{- if .Values.extraEnvVarsSecret }}
+            - secretRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
+            {{- end }}
+          env:
+            {{- if .Values.extraEnvVars }}
+              {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+        {{- if and .Values.podSecurityContext .Values.volumePermissions.enabled (or .Values.persistence.public.enabled .Values.persistence.storage.enabled) }}
+        - name: volume-permissions
+          image: {{ include "invoiceninja.volumePermissions.image" . }}
+          imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+          command:
+            - /bin/bash
+            - -ec
+            - |
+              chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} /var/www/app/{public,storage}
+          securityContext:
+            runAsUser: 0
+          {{- if .Values.volumePermissions.resources }}
+          resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - mountPath: /var/www/app/public
+              name: public
+            - mountPath: /var/www/app/storage
+              name: storage
+        {{- end }}
         {{- if .Values.initContainers }}
           {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
         {{- end }}
@@ -128,7 +162,7 @@ spec:
                 name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
             {{- end }}
           env:
-            - name: DB_PASSWORD1
+            - name: DB_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: {{ include "invoiceninja.databaseSecretName" . }}
@@ -140,6 +174,10 @@ spec:
                   name: {{ include "invoiceninja.redisSecretName" . }}
                   key: redis-password
             {{- end }}
+            {{- if .Values.userEmail }}
+            - name: IN_USER_EMAIL
+              value: {{ .Values.userEmail | quote }}
+            {{- end }}
             {{- if .Values.extraEnvVars }}
               {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
             {{- end }}

charts/invoiceninja/templates/secret.yaml

@@ -57,4 +57,7 @@ data:
   APP_KEY: {{ .Values.appKey | b64enc | quote }}
   {{- else }}
   APP_KEY: {{ randAlphaNum 32 | b64enc | quote }}
-  {{- end }}
+  {{- end }}
+  {{- if .Values.userPassword }}
+  IN_PASSWORD: {{ .Values.userPassword | b64enc | quote }}
+  {{- end }}

charts/invoiceninja/values.yaml

@@ -18,7 +18,7 @@
 image:
   registry: docker.io
   repository: invoiceninja/invoiceninja
-  tag: 5.1.42
+  tag: 5.1.64
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
   ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
   ##
@@ -38,6 +38,16 @@ debug: false
 ##
 appKey: ""
 
+## Email of user to create first run
+## If not specified, default user email will be "admin@example.com"
+##
+userEmail: ""
+
+## Password of user to create on first run
+## If not specified, default user password will be "changeme!"
+##
+userPassword: ""
+
 ## Name of log channel to use
 ##
 logChannel: ""
@@ -58,10 +68,24 @@ sessionDriver: ""
 ##
 queueConnection: ""
 
+## List of trusted proxies for Invoice Ninja to communicate with the nginx proxy
+##
+trustedProxies: "*"
+
 ## Use local or Phantom JS PDF generation
 ##
 snappdf: true
 
+## Name of queue connection to use (use "log" for debug)
+## Please check the ref below for any other env you may need to define
+## ref: https://github.com/invoiceninja/invoiceninja/blob/v5-stable/config/mail.php
+##
+mailer: log
+
+## Force HTTPS for all connections to Invoice Ninja
+##
+requireHttps: false
+
 ## String to partially override fullname template (will maintain the release name)
 ##
 # nameOverride:
@@ -165,6 +189,24 @@ containerSecurityContext:
   #   - ALL
   # readOnlyRootFilesystem: true
 
+## Init containers parameters:
+## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
+##
+volumePermissions:
+  enabled: false
+  image:
+    registry: docker.io
+    repository: bitnami/bitnami-shell
+    tag: "10"
+    pullPolicy: Always
+    ## Optionally specify an array of imagePullSecrets.
+    ## Secrets must be manually created in the namespace.
+    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+    ##
+    # pullSecrets:
+    #   - myRegistryKeySecretName
+  resources: {}
+
 ## Number of replicas (requires ReadWriteMany PVC support)
 ##
 replicaCount: 1

env

@@ -1,26 +1,41 @@
-APP_URL=http://in.localhost:8003/
+# IN application vars
+APP_URL=http://in.localhost:8003
 APP_KEY=<insert your generated key in here>
 APP_DEBUG=true
-MULTI_DB_ENABLED=false
-DB_HOST1=db
-DB_PORT1=3306
-DB_USERNAME1=ninja
-DB_PASSWORD1=ninja
-DB_DATABASE1=ninja
+REQUIRE_HTTPS=false
+PHANTOMJS_PDF_GENERATION=false
+QUEUE_CONNECTION=database
+
+# DB connection
+DB_HOST=db
+DB_PORT=3306
+DB_DATABASE=ninja
+DB_USERNAME=ninja
+DB_PASSWORD=ninja
+
+# Create initial user
+# Default to these values if empty
+# IN_USER_EMAIL=admin@example.com
+# IN_PASSWORD=changeme!
+IN_USER_EMAIL=
+IN_PASSWORD=
+
+# Mail options
+MAIL_MAILER=log
+MAIL_HOST=smtp.mailtrap.io
+MAIL_PORT=2525
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
+MAIL_FROM_ADDRESS='user@example.com'
+MAIL_FROM_NAME='Self Hosted User'
+
+# MySQL
 MYSQL_ROOT_PASSWORD=ninjaAdm1nPassword
 MYSQL_USER=ninja
 MYSQL_PASSWORD=ninja
 MYSQL_DATABASE=ninja
 
-#this is a system variable please do not remove
-IS_DOCKER=true
-
-PHANTOMJS_PDF_GENERATION=false
-
-#V4 env vars
-DB_STRICT=false
-DB_HOST=db
-DB_DATABASE=ninja
-DB_USERNAME=ninja
-DB_PASSWORD=ninja
-APP_CIPHER=AES-256-CBC
+# V4 env vars
+# DB_STRICT=false
+# APP_CIPHER=AES-256-CBC