ci(diff-on-branch): Merge doublette variables block

.gitlab-ci.yml

@@ -182,6 +182,9 @@ variables:
     options:
       - "yes"
       - "no"
+  DIFF_ON_BRANCH:
+    description: "Provide a branch to run `helmfile diff` for the specified branch."
+    value: ""
   RUN_TESTS:
     description: "Triggers execution of E2E-tests."
     value: "no"
@@ -220,6 +223,9 @@ variables:
   TESTS_PROJECT_URL:
     description: "Project url for e2e-tests (`<domain of gitlab>/api/v4/projects/<id>`)"
     value: "gitlab.opencode.de/api/v4/projects/1506"
+  HELM_IMAGE_PIN:
+    description: "The Helm image tag/checksum."
+    value: "1.3.3@sha256:3e195942e6988b8b93c62349700c0ed8428e3a8fbe2655bd7f5378dc88bc8ccb"
 
 # Declare .environments which is in `opendesk-env` repository. In case it is not available
 # 'cache' is used because job as a dummy key, as the job is not allowed to be empty.
@@ -232,8 +238,7 @@ variables:
   extends: ".environments"
   environment:
     name: "${NAMESPACE}"
-  image: "registry.opencode.de/bmi/opendesk/components/platform-development/images/helm:1.3.2\
+  image: "registry.opencode.de/bmi/opendesk/components/platform-development/images/helm:${HELM_IMAGE_PIN}"
-          @sha256:87358b39af7403c9a536d1b71fd87ee84394310497dc0fbc90f78b75a3057712"
   script:
     - "cd ${CI_PROJECT_DIR}/helmfile/apps/${COMPONENT}"
     # MASTER_PASSWORD_WEB_VAR as precedence for MASTER_PASSWORD
@@ -671,6 +676,34 @@ fetch-administrator-credentials:
     reports:
       dotenv: ".env"
 
+diff-on-branch:
+  stage: "post-execute"
+  cache: {}
+  dependencies: []
+  extends: ".environments"
+  environment:
+    name: "${NAMESPACE}"
+  image: "registry.opencode.de/bmi/opendesk/components/platform-development/images/helm:${HELM_IMAGE_PIN}"
+  rules:
+    - if: "$DIFF_ON_BRANCH"
+  script:
+    - |
+      echo "Downloading branch ${DIFF_ON_BRANCH}"
+      SAFE_BRANCH_NAME=$(echo "$DIFF_ON_BRANCH" | tr '/' '-')
+      BASE_URL="https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/archive"
+      FILE_NAME="opendesk-${SAFE_BRANCH_NAME}.tar.gz"
+      curl -L "${BASE_URL}/${DIFF_ON_BRANCH}/${FILE_NAME}" -o branch.tar.gz
+      mkdir ${DIFF_ON_BRANCH_SUBDIRECTORY} && tar -xzf branch.tar.gz -C ${DIFF_ON_BRANCH_SUBDIRECTORY} --strip-components=1
+      cd ${DIFF_ON_BRANCH_SUBDIRECTORY}
+      helmfile --namespace ${NAMESPACE} diff | grep -v '^ ' || true
+  tags:
+    - "docker"
+    - "kubernetes"
+    - "${CLUSTER}"
+  variables:
+    HELMFILE_ENVIRONMENT: "dev"
+    DIFF_ON_BRANCH_SUBDIRECTORY: "diff-on-branch"
+
 import-default-accounts:
   stage: "post-execute"
   extends: ".environments"

README-EE.md

@@ -86,7 +86,7 @@ repositories:
 
 ## License keys
 
-Some applications require license information for their Enterprise features to be enabled. With the aforementioned registry credentials you will also receive a file called `enterprise.yaml` containing the relevant license keys.
+Some applications require license information for their Enterprise features to be enabled. With the aforementioned registry credentials you will also receive a file called [`enterprise.yaml`](./helmfile/environments/default/enterprise_keys.yaml.gotmpl) containing the relevant license keys.
 
 Please place the file next your other `.yaml.gotmpl` file(s) that configure your deployment.
 

README.md

@@ -35,13 +35,13 @@ openDesk currently features the following functional main components:
 | Function             | Functional Component        | Component<br/>Version                                                                                                         | Upstream Documentation                                                                                                                |
 |----------------------|-----------------------------|-------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|
 | Chat & collaboration | Element ft. Nordeck widgets | [1.11.89](https://github.com/element-hq/element-desktop/releases/tag/v1.11.89)                                                | [For the most recent release](https://element.io/user-guide)                                                                          |
-| Collaborative notes  | Notes (aka Docs)            | [2.4.0](https://github.com/suitenumerique/docs/releases/tag/v2.4.0)                                                           | Online documentation/welcome document available in installed application                                                              |
+| Collaborative notes  | Notes (aka Docs)            | [3.2.1](https://github.com/suitenumerique/docs/releases/tag/v3.2.1)                                                           | Online documentation/welcome document available in installed application                                                              |
 | Diagram editor       | CryptPad ft. diagrams.net   | [2024.9.0](https://github.com/cryptpad/cryptpad/releases/tag/2024.9.0)                                                        | [For the most recent release](https://docs.cryptpad.org/en/)                                                                          |
 | File management      | Nextcloud                   | [30.0.10](https://nextcloud.com/de/changelog/#30-0-10)                                                                          | [Nextcloud 30](https://docs.nextcloud.com/)                                                                                           |
 | Groupware            | OX App Suite                | [8.37](https://documentation.open-xchange.com/appsuite/releases/8.37/)                                                        | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) |
 | Knowledge management | XWiki                       | [16.10.5](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.10.5/)                                              | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                     |
 | Portal & IAM         | Nubus                       | [1.9.1](https://docs.software-univention.de/nubus-kubernetes-release-notes/latest/en/changelog.html#version-1-9-1-2025-05-07) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html)                                             |
-| Project management   | OpenProject                 | [16.0.0](https://www.openproject.org/docs/release-notes/16-0-0/)                                                              | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                           |
+| Project management   | OpenProject                 | [16.0.1](https://www.openproject.org/docs/release-notes/16-0-1/)                                                              | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                           |
 | Videoconferencing    | Jitsi                       | [2.0.9955](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9955)                                         | [For the most recent  release](https://jitsi.github.io/handbook/docs/category/user-guide/)                                            |
 | Weboffice            | Collabora                   | [24.04.13](https://www.collaboraoffice.com/code-24-04-release-notes/)                                                         | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)        |
 

helmfile/apps/notes/values.yaml.gotmpl

@@ -17,6 +17,13 @@ ingress:
   tls:
     enabled: "{{ .Values.ingress.tls.enabled }}"
     secretName: {{ .Values.ingress.tls.secretName | quote }}
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-body-size: "{{ .Values.ingress.parameters.bodySize.notes }}"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "{{ .Values.ingress.parameters.bodyTimeout.notes }}"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "{{ .Values.ingress.parameters.bodyTimeout.notes }}"
+    nginx.org/client-max-body-size: "{{ .Values.ingress.parameters.bodySize.notes }}"
+    nginx.org/proxy-read-timeout: "{{ .Values.ingress.parameters.bodyTimeout.notes }}s"
+    nginx.org/proxy-send-timeout: "{{ .Values.ingress.parameters.bodyTimeout.notes }}s"
 
 ingressCollaborationWS:
   enabled: {{ .Values.ingress.enabled }}
@@ -27,12 +34,12 @@ ingressCollaborationWS:
     enabled: "{{ .Values.ingress.tls.enabled }}"
     secretName: {{ .Values.ingress.tls.secretName | quote }}
   annotations:
-    nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Can-Edit, X-User-Id"
-    nginx.ingress.kubernetes.io/auth-url: https://{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}/api/v1.0/documents/collaboration-auth/
     nginx.ingress.kubernetes.io/enable-websocket: "true"
     nginx.ingress.kubernetes.io/proxy-read-timeout: "86400"
     nginx.ingress.kubernetes.io/proxy-send-timeout: "86400"
     nginx.ingress.kubernetes.io/upstream-hash-by: $arg_room
+    nginx.ingress.kubernetes.io/auth-response-headers: null
+    nginx.ingress.kubernetes.io/auth-url: null
     {{- with .Values.annotations.notes.ingressCollaborationWS }}
     {{ . | toYaml | nindent 4 }}
     {{- end }}
@@ -91,7 +98,6 @@ frontend:
   envVars:
     PORT: 8080
     NEXT_PUBLIC_API_ORIGIN: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
-    NEXT_PUBLIC_Y_PROVIDER_URL: {{ printf "wss://%s.%s/ws" .Values.global.hosts.notes .Values.global.domain | quote }}
     NEXT_PUBLIC_MEDIA_URL: {{ printf "https://%s" (.Values.objectstores.notes.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }}
   runtimeEnvs:
     ICS_BASE_URL: {{ printf "https://%s.%s" .Values.global.hosts.intercomService .Values.global.domain | quote }}
@@ -144,6 +150,7 @@ yProvider:
     seLinuxOptions:
       {{ .Values.seLinuxOptions.notesBackend | toYaml | nindent 6 }}
   envVars:
+    COLLABORATION_BACKEND_BASE_URL: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
     COLLABORATION_LOGGING: {{ if .Values.debug.enabled }}"true"{{ else }}"false"{{ end }}
     COLLABORATION_SERVER_ORIGIN: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
     COLLABORATION_SERVER_SECRET: {{ .Values.secrets.notes.collaborationSecret | quote }}
@@ -214,8 +221,8 @@ backend:
     OIDC_OP_LOGOUT_ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout"
     OIDC_RP_SIGN_ALGO: RS256
     OIDC_RP_SCOPES: "openid opendesk-notes-scope"
-    USER_OIDC_FIELD_TO_SHORTNAME: "given_name"
+    OIDC_USERINFO_SHORTNAME_FIELD: "given_name"
-    USER_OIDC_FIELDS_TO_FULLNAME: "given_name,family_name"
+    OIDC_USERINFO_FULLNAME_FIELDS: "given_name,family_name"
     USER_OIDC_ESSENTIAL_CLAIMS: "email"
     OIDC_REDIRECT_ALLOWED_HOSTS: {{ printf "https://%s.%s/*" .Values.global.hosts.notes .Values.global.domain | quote }}
     OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{}"
@@ -232,6 +239,8 @@ backend:
     COLLABORATION_SERVER_ORIGIN: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
     COLLABORATION_SERVER_SECRET: {{ .Values.secrets.notes.collaborationSecret | quote }}
     COLLABORATION_WS_URL:  {{ printf "wss://%s.%s/collaboration/ws/" .Values.global.hosts.notes .Values.global.domain | quote }}
+    FRONTEND_HOMEPAGE_FEATURE_ENABLED: False
+    FRONTEND_FOOTER_FEATURE_ENABLED: False
   migrate:
     command:
       - "/bin/sh"

helmfile/apps/nubus/values-nubus.yaml.gotmpl

@@ -706,6 +706,17 @@ nubusKeycloakExtensions:
     resources:
       {{ .Values.resources.umsKeycloakExtensionProxy | toYaml | nindent 6 }}
     securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+          - "ALL"
+      enabled: true
+      runAsUser: 1000
+      runAsGroup: 1000
+      seccompProfile:
+        type: "RuntimeDefault"
+      readOnlyRootFilesystem: true
+      runAsNonRoot: true
       seccompProfile:
         type: "RuntimeDefault"
       seLinuxOptions:
@@ -1485,6 +1496,7 @@ nubusStackDataUms:
       {{ .Values.annotations.nubusStackDataUms.serviceAccount | toYaml | nindent 6 }}
   templateContext:
     initialPasswordAdministrator: {{ .Values.secrets.nubus.systemAccounts.administratorPassword | quote }}
+    additionalMailDomains: {{ .Values.global.additionalMailDomains | toYaml | nindent 6 }}
     apps: {{ .Values.apps | toYaml | nindent 6 }}
     defaultGroupOtherObjects: "cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}"
     opendeskEnterprise: {{ env "OPENDESK_ENTERPRISE" }}
@@ -1765,7 +1777,7 @@ nubusKeycloakBootstrap:
     capabilities:
       drop:
         - "ALL"
-    readOnlyRootFilesystem: false
+    readOnlyRootFilesystem: true
     runAsGroup: 1000
     runAsNonRoot: true
     runAsUser: 1000

helmfile/apps/open-xchange/values-dovecot-enterprise.yaml.gotmpl

@@ -28,7 +28,7 @@ dovecot:
       value: {{ .Values.secrets.cassandra.dovecotDictmapUser | quote }}
     keyspace: {{ .Values.databases.dovecotDictmap.name | quote }}
   sharedMailboxes:
-    enabled: false
+    enabled: true
     host: {{ .Values.databases.dovecotACL.host | quote }}
     port: {{ .Values.databases.dovecotACL.port }}
     username: {{ .Values.databases.dovecotACL.username | quote }}

helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl

@@ -339,12 +339,21 @@ appsuite:
       com.openexchange.oauth.provider.userLookupClaim: "opendesk_username"
       # MAIL
       com.openexchange.mail.authType: "xoauth2"
-      com.openexchange.mail.loginSource: "mail"
+      com.openexchange.mail.loginSource: "name"
       com.openexchange.mail.mailServer: "dovecot"
       com.openexchange.mail.mailServerSource: "global"
       com.openexchange.mail.transport.authType: "xoauth2"
       com.openexchange.mail.transportServer: "postfix-ox"
       com.openexchange.mail.transportServerSource: "global"
+      # Mail Login Resolver
+      com.openexchange.mail.login.resolver.enabled: "true"
+      com.openexchange.mail.login.resolver.ldap.enabled: "true"
+      com.openexchange.mail.login.resolver.ldap.clientId: "contactsLdapClient"
+      com.openexchange.mail.login.resolver.ldap.mailLoginSearchFilter: "(entryUUID=[mailLogin])"
+      com.openexchange.mail.login.resolver.ldap.userNameAttribute: "uid"
+      com.openexchange.mail.login.resolver.ldap.contextNameAttribute: "oxContextIDNum"
+      com.openexchange.mail.login.resolver.ldap.entitySearchFilter: "(&(oxContextIDNum=[cid])(uid=[uname]))"
+      com.openexchange.mail.login.resolver.ldap.mailLoginAttribute: "entryUUID"
       # Requirements for OX-Connector
       com.openexchange.user.enforceUniqueDisplayName: "false"
       com.openexchange.folderstorage.database.preferDisplayName: "false"

helmfile/environments/default-enterprise-overrides/charts.yaml.gotmpl

@@ -6,12 +6,11 @@ charts:
     registry: "registry.opencode.de"
     repository: "zendis/opendesk-enterprise/components/product-development/charts/opendesk-dovecot-pro"
     name: "dovecot"
-    version: "3.0.0"
+    version: "3.1.1"
     verify: true
   oxAppSuite:
     registry: "registry.opencode.de"
     repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/charts-mirror"
     name: "appsuite-public-sector-pro-chart"
-    version: "1.15.236"
+    version: "1.17.292"
     verify: false
-...

helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl

@@ -9,7 +9,7 @@ images:
   dovecot:
     registry: "registry.opencode.de"
     repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/dovecot-pro"
-    tag: "3.0.1-rev3@sha256:b87f16562dd486c0f97e8147a797af16a54f25f1ac64826f4f53bd8177ec9a33"
+    tag: "3.0.2-rev7@sha256:4330240bfeda4dd8b6aa32a6b7f03382126d47caf4f37a5578ad17746101c88b"
   nextcloud:
     registry: "registry.opencode.de"
     repository: "zendis/opendesk-enterprise/components/supplier/nextcloud/images/opendesk-nextcloud"
@@ -17,5 +17,5 @@ images:
   openxchangeCoreMW:
     registry: "registry.opencode.de"
     repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/middleware-public-sector-pro"
-    tag: "8.35.85@sha256:54d01a16ea29a3ae8f1857e5bdf6d2e34046b8a3fa3d6179bb3ad3d047e1318f"
+    tag: "8.37.69@sha256:40908484e71bc45ad23598685b0519d82fc9e3cf372e00fe38befe9196cf84e2"
 ...

helmfile/environments/default/charts.yaml.gotmpl

@@ -99,7 +99,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-dovecot"
     name: "dovecot"
-    version: "3.0.0"
+    version: "3.1.1"
     verify: true
   element:
     # providerCategory: "Platform"
@@ -355,7 +355,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/openproject/charts-mirror"
     name: "openproject"
-    version: "10.0.1"
+    version: "10.0.3"
     verify: true
   openprojectBootstrap:
     # providerCategory: "Platform"
@@ -387,7 +387,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/open-xchange/charts-mirror"
     name: "appsuite-public-sector"
-    version: "2.19.254"
+    version: "2.19.262"
     verify: false
   oxAppSuiteBootstrap:
     # providerCategory: "Platform"

helmfile/environments/default/images.yaml.gotmpl

@@ -20,7 +20,7 @@ images:
     # upstreamRepository: "bitnami/cassandra"
     registry: "registry-1.docker.io"
     repository: "bitnami/cassandra"
-    tag: "5.0.4-debian-12-r3@sha256:af57aa07f866673d4f605bc555e2699dfa7615de216d6a2d0cc607c81831ec2f"
+    tag: "5.0.4-debian-12-r4@sha256:9d909ebe10802dae2fb99ef7c8e9e0dbc496c8d30366e2f7abbe0713b945fa7d"
   cassandraExporter:
     # providerCategory: "Community"
     # providerResponsible: "openDesk"
@@ -84,7 +84,7 @@ images:
     # upstreamRepository: "alpine/k8s"
     registry: "registry-1.docker.io"
     repository: "alpine/k8s"
-    tag: "1.33.0@sha256:60333a52c38e9a8df0a9b93a5a24a4870f0db2c7ea3266b185386bd0a500d7dc"
+    tag: "1.33.1@sha256:7f8133af0dd210cb5b168f889c5bc77dd65ecc935f3e3cb72d1b98ff96bfed40"
   element:
     # providerCategory: "Supplier"
     # providerResponsible: "Element"
@@ -128,7 +128,7 @@ images:
     # providerResponsible: "Element"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-element-syncadmins"
-    tag: "1.0.3@sha256:1dea24d5f65a6f9ac63b402c772dd81dcd07a847d24845901c8a039461043097"
+    tag: "1.0.5@sha256:ae0e18eadea762e11f8edacc52285742a5c4ed6e2e92bfa32ec5638e377e7b7b"
   freshclam:
     # providerCategory: "Community"
     # providerResponsible: "openDesk"
@@ -328,7 +328,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-exporter"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-exporter"
-    tag: "1.0.1@sha256:63e63c7420e37d3989fa0ffdbcf18a07b2a603ab9b2a849c2e7e44342dd82af0"
+    tag: "1.0.3@sha256:d38f211a3cdc8397deccd0243061e20972a8a796eeb9bb552fe4ddec5d56c829"
   nginxS3Gateway:
     # providerCategory: "Community"
     # providerResponsible: "openDesk"
@@ -344,7 +344,7 @@ images:
     # upstreamRepository: "lasuite/impress-backend"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-notes"
-    tag: "1.7.0-docs-v2.4.0-backend@sha256:837e09dfcb4014de97b5254956dda899e586170276d1d0b0f94cca0685f3d2ef"
+    tag: "1.9.0-docs-v3.2.1-backend@sha256:17c16e4e00b15e4637d01553d56e7eecb7a477bec48677d1e7fb07b04c48d2b8"
   notesFrontend:
     # providerCategory: "Supplier"
     # providerResponsible: "DINUM"
@@ -352,7 +352,7 @@ images:
     # upstreamRepository: "lasuite/impress-frontend"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-notes"
-    tag: "1.7.0-docs-v2.4.0-frontend@sha256:98fb87ad877eb5658c6bef1c09adf4e03f816dce61867bc099838aca15890887"
+    tag: "1.9.0-docs-v3.2.1-frontend@sha256:328d5a8bf41875eb5945229adfc4a52eb2fef109e25d980910ee77edd4bc1887"
   notesYProvider:
     # providerCategory: "Supplier"
     # providerResponsible: "DINUM"
@@ -360,7 +360,7 @@ images:
     # upstreamRepository: "lasuite/impress-y-provider"
     registry: "registry-1.docker.io"
     repository: "lasuite/impress-y-provider"
-    tag: "v2.4.0@sha256:329d47f5cda80941a7f0812969c3194ba68da3e7e1ef38e3d08c266fc97555c1"
+    tag: "v3.2.1@sha256:9dd7068336c02fe71806bc3576e7dc8636d7ccb139667c6303f0753e18d3ab7e"
   nubusDataLoader:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -530,7 +530,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
-    tag: "1.14.0@sha256:66ee00b6e44276f5f1e9d7a8066352fd5772820c50c10381acfd48c97f0acf4a"
+    tag: "1.14.4@sha256:cf0e22c1eef138a413a90a60c5405126dc769195dd4dd37229a27afaa82ef3b3"
   nubusOpendeskExtensionA2gMapper:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"
@@ -730,7 +730,7 @@ images:
     # upstreamMirrorStartFrom: ["13", "1", "1"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/openproject/images-mirror/open_desk"
-    tag: "16.0.0@sha256:7a5dc15294834e96c9a7ae48ada3aedee4b5de517dd82e953861daf861430fd7"
+    tag: "16.0.1@sha256:c5b1172aed7e5e5ae21cca915e3349cc67fdf1366c9ded3c94db1ae5084e3841"
   openprojectBootstrap:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"
@@ -764,7 +764,7 @@ images:
     # upstreamMirrorStartFrom: ["8", "6", "0"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-guidedtours"
-    tag: "8.6.15@sha256:f8ea7b3f4003b518c43b12118980d26d1258396f55848af6a64e7a3e7e103c1d"
+    tag: "8.6.17@sha256:27178fc42f2334385f1d206e4e7991d4953a102f114729d186b61c0d40babb4f"
   openxchangeCoreMW:
     # providerCategory: "Supplier"
     # providerResponsible: "Open-Xchange"
@@ -774,7 +774,7 @@ images:
     # upstreamMirrorStartFrom: ["8", "20", "51"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/middleware-public-sector"
-    tag: "8.37.62@sha256:2eb5f4a472c329cbf170b6e7fba5790756dcc3f6360d5d36dfff5eb06b09f8c3"
+    tag: "8.37.69@sha256:dc06c7d9880505ad44ec7892ddf8f379fcd5f106ba1508436501c8f6e94dddb3"
   openxchangeCoreUI:
     # providerCategory: "Supplier"
     # providerResponsible: "Open-Xchange"
@@ -814,7 +814,7 @@ images:
     # upstreamMirrorStartFrom: ["8", "20", "50"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/documentconverter"
-    tag: "8.37.1751@sha256:c1bbe271d6c0ba9ecc1bbb4ba2a944099f0ba90133dd4e6d3aecd0ea51b2e5bd"
+    tag: "8.37.1818@sha256:d9dc76ac6b24987c1fc0d95ffd81b3d594f7f34aa38a687b98c738bdcd110928"
   openxchangeGotenberg:
     # providerCategory: "Supplier"
     # providerResponsible: "Open-Xchange"
@@ -882,7 +882,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/postfix"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/postfix"
-    tag: "3.0.2@sha256:e65c6a70d2095a839c4337ef5dacefd42781641b7ac4dc202ff111881dae3716"
+    tag: "3.0.3@sha256:12bcebf57ddb53258c48eaa60e9c25b441f4319ee1b94b363c652ad0a992a875"
   postfixBootstrap:
     # providerCategory: "Community"
     # providerResponsible: "openDesk"

helmfile/environments/default/ingress.yaml.gotmpl

@@ -12,6 +12,7 @@ ingress:
       collabora: "100M"
       element: "100M"
       nextcloud: "100M"
+      notes: "100M"
       openproject: "100M"
       oxAppSuite: "100M"
       xwiki: "100M"
@@ -19,6 +20,7 @@ ingress:
       collabora: 600
       element: 60
       nextcloud: 600
+      notes: 60
       openproject: 60
       oxAppSuite: 60
       xwiki: 60

helmfile/files/theme/portal/stylesheet.css

@@ -145,6 +145,13 @@
   color: var(--color-opendesk-white) !important;
 }
 
+#social-sso-federation-idp {
+    margin: 0;
+    color: var(--color-opendesk-white);
+    background-color: var(--pf-c-button--m-primary--BackgroundColor);
+    border-radius: var(--border-radius-interactable, 0.25rem);
+}
+
 #kc-login:hover,
 #kc-logout:hover,
 #saveTOTPBtn:hover,