chore(release): 0.5.37 [skip ci]

## [0.5.37](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.36...v0.5.37) (2023-11-12) ### Bug Fixes * **openproject:** Add bootstrapping of Nextcloud filestore ([1971dfb](1971dfbded))
fix(openproject): Add bootstrapping of Nextcloud filestore
2025-12-06 15:31:38 +01:00 · 2023-11-12 15:54:06 +00:00 · 2023-11-12 15:52:22 +00:00 · 2023-11-10 11:57:05 +00:00 · 2023-11-10 11:54:48 +00:00
12 changed files with 148 additions and 14 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -384,6 +384,18 @@ openproject-deploy:
  variables:
    COMPONENT: "openproject"

+openproject-bootstrap-deploy:
+  stage: "component-deploy-stage-2"
+  extends: ".deploy-common"
+  rules:
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || ($DEPLOY_OPENPROJECT != "no" && $DEPLOY_NEXTCLOUD != "no"))
+      when: "always"
+  variables:
+    COMPONENT: "openproject-bootstrap"
+
 jitsi-deploy:
  stage: "component-deploy-stage-1"
  extends: ".deploy-common"
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,17 @@
+## [0.5.37](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.36...v0.5.37) (2023-11-12)
+
+
+### Bug Fixes
+
+* **openproject:** Add bootstrapping of Nextcloud filestore ([1971dfb](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/1971dfbded21d16909e889ba6d19ff9cf3e4cb20))
+
+## [0.5.36](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.35...v0.5.36) (2023-11-10)
+
+
+### Bug Fixes
+
+* **element:** Update Element and Widgets ([97034a5](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/97034a556f4cdcc447f61003ad9cd036c186bc3b))
+
 ## [0.5.35](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.34...v0.5.35) (2023-11-10)


--- a/helmfile.yaml
+++ b/helmfile.yaml
@@ -20,6 +20,7 @@ helmfiles:
  - path: "helmfile/apps/openproject/helmfile.yaml"
  - path: "helmfile/apps/xwiki/helmfile.yaml"
  - path: "helmfile/apps/provisioning/helmfile.yaml"
+  - path: "helmfile/apps/openproject-bootstrap/helmfile.yaml"

 missingFileHandler: "Error"

--- a/helmfile/apps/element/helmfile.yaml
+++ b/helmfile/apps/element/helmfile.yaml
@@ -87,7 +87,7 @@ releases:

  - name: "matrix-neoboard-widget"
    chart: "opendesk-matrix-widgets-repo/matrix-neoboard-widget"
-    version: "3.1.0"
+    version: "3.2.0"
    values:
      - "values-matrix-neoboard-widget.yaml"
      - "values-matrix-neoboard-widget.gotmpl"
@@ -96,7 +96,7 @@ releases:

  - name: "matrix-neochoice-widget"
    chart: "opendesk-matrix-widgets-repo/matrix-neochoice-widget"
-    version: "3.1.0"
+    version: "3.2.0"
    values:
      - "values-matrix-neochoice-widget.yaml"
      - "values-matrix-neochoice-widget.gotmpl"
@@ -105,7 +105,7 @@ releases:

  - name: "matrix-neodatefix-widget"
    chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-widget"
-    version: "3.1.0"
+    version: "3.2.0"
    values:
      - "values-matrix-neodatefix-widget.yaml"
      - "values-matrix-neodatefix-widget.gotmpl"
@@ -123,7 +123,7 @@ releases:

  - name: "matrix-neodatefix-bot"
    chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-bot"
-    version: "3.1.0"
+    version: "3.2.0"
    values:
      - "values-matrix-neodatefix-bot.yaml"
      - "values-matrix-neodatefix-bot.gotmpl"
--- a/helmfile/apps/element/values-element.gotmpl
+++ b/helmfile/apps/element/values-element.gotmpl
@@ -17,12 +17,16 @@ configuration:

    "net.nordeck.element_web.module.opendesk":
      config:
-        ics_navigation_json_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/navigation.json"
-        ics_silent_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/silent"
-        portal_logo_svg_url: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
-        portal_url: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/"
+        banner:
+          ics_navigation_json_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/navigation.json"
+          ics_silent_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/silent"
+          portal_logo_svg_url: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
+          portal_url: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/"
        custom_css_variables:
          --cpd-color-text-action-accent: {{ .Values.theme.colors.primary | quote }}
+        widget_types:
+          - jitsi
+          - net.nordeck

    "net.nordeck.element_web.module.widget_lifecycle":
      widget_permissions:
--- a/helmfile/apps/openproject-bootstrap/helmfile.yaml
+++ b/helmfile/apps/openproject-bootstrap/helmfile.yaml
@@ -0,0 +1,36 @@
+# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+bases:
+  - "../../bases/environments.yaml"
+
+---
+repositories:
+  # openDesk OpenProject Bootstrap
+  # Source: Set when repo is managed on Open CoDE
+  - name: "opendesk-openproject-bootstrap-repo"
+    oci: true
+    # yamllint disable rule:line-length
+    url: >-
+      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
+         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/opendesk-openproject-bootstrap" }}
+    # yamllint enable rule:line-length
+    verify: true
+    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+
+releases:
+  - name: "opendesk-openproject-bootstrap"
+    chart: "opendesk-openproject-bootstrap-repo/opendesk-openproject-bootstrap"
+    version: "1.2.1"
+    wait: true
+    waitForJobs: true
+    values:
+      - "values.yaml"
+      - "values.gotmpl"
+    installed: {{ .Values.openproject.enabled }}
+    timeout: 900
+
+commonLabels:
+  deploy-stage: "component-2"
+  component: "opendesk-openproject-bootstrap"
+...
--- a/helmfile/apps/openproject-bootstrap/values.gotmpl
+++ b/helmfile/apps/openproject-bootstrap/values.gotmpl
@@ -0,0 +1,34 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+global:
+  domain: "{{ .Values.global.domain }}"
+  hosts:
+    {{ .Values.global.hosts | toYaml | nindent 4 }}
+  registry: "{{ .Values.global.imageRegistry }}"
+  imagePullSecrets:
+    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
+
+image:
+  registry: {{ .Values.global.imageRegistry }}
+  repository: "{{ .Values.images.openprojectBootstrap.repository }}"
+  tag: "{{ .Values.images.openprojectBootstrap.tag }}"
+  imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
+
+cleanup:
+  deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
+  keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }}
+
+config:
+  openproject:
+    fileshareName: "Nextcloud at {{ .Values.global.domain }}"
+    admin:
+      username: {{ .Values.secrets.openproject.apiAdminUsername | quote }}
+      password: {{ .Values.secrets.openproject.apiAdminPassword | quote }}
+  nextcloud:
+    admin:
+      username: "nextcloud"
+      password: {{ .Values.secrets.nextcloud.adminPassword | quote }}
+...
--- a/helmfile/apps/openproject-bootstrap/values.yaml
+++ b/helmfile/apps/openproject-bootstrap/values.yaml
@@ -0,0 +1,25 @@
+# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+containerSecurityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - "ALL"
+  enabled: true
+  privileged: false
+  runAsUser: 1000
+  runAsGroup: 1000
+  seccompProfile:
+    type: "RuntimeDefault"
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+
+job:
+  enabled: true
+
+podSecurityContext:
+  enabled: true
+  fsGroup: 1000
+  fsGroupChangePolicy: "OnRootMismatch"
+...
--- a/helmfile/apps/openproject/values.gotmpl
+++ b/helmfile/apps/openproject/values.gotmpl
@@ -57,6 +57,8 @@ ingress:

 environment:
  OPENPROJECT_OPENID__CONNECT_KEYCLOAK_SECRET: {{ .Values.secrets.keycloak.clientSecret.openproject | quote }}
+  OPENPROJECT_AUTHENTICATION_GLOBAL__BASIC__AUTH_USER: {{ .Values.secrets.openproject.apiAdminUsername | quote }}
+  OPENPROJECT_AUTHENTICATION_GLOBAL__BASIC__AUTH_PASSWORD: {{ .Values.secrets.openproject.apiAdminPassword | quote }}
  OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ISSUER: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
  OPENPROJECT_OPENID__CONNECT_KEYCLOAK_POST__LOGOUT__REDIRECT__URI: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/"
  OPENPROJECT_OPENID__CONNECT_KEYCLOAK_HOST: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
--- a/helmfile/environments/default/images.yaml
+++ b/helmfile/environments/default/images.yaml
@@ -20,7 +20,7 @@ images:
    # @supplier: "Open-Xchange"
  element:
    repository: "souvap/tooling/images/element-web"
-    tag: "1.5.0@sha256:d690c485c971f52ba2ab8e1011aa039a2e32ec1ffb504826f4fa050aa989067a"
+    tag: "1.6.0@sha256:a71cbd75ee88471e3df59f26a2a37b9b8ff83d2f71f726053acd381ecd87e234"
    # @supplier: "Element"
  freshclam:
    repository: "clamav/clamav"
@@ -70,7 +70,7 @@ images:
  keycloakBootstrap:
    repository: "souvap/tooling/images/ansible"
    tag: "4.10.0@sha256:89d8212c20e03b0fd079e08afaf3247c1b96b380c4db1b572d68d0b4a6abc0ac"
-    # @supplier: "Univention"
+    # @supplier: "openDesk DevSecOps"
  keycloakExtensionHandler:
    repository: "souvap/tooling/images/keycloak-extensions/keycloak-handler"
    tag: "latest@sha256:e67bdfc655e43b7fb83b025e13f949b04fdd98e089b33401275d03e340e03e2e"
@@ -90,7 +90,7 @@ images:
    # @supplier: "Nordeck"
  matrixNeoChoiceWidget:
    repository: "nordeck/matrix-poll-widget"
-    tag: "1.2.0@sha256:0abcf7c368c91721413c96deaa1e87f095b6afbe864ea5f042c9a370c38fb07b"
+    tag: "1.3.0@sha256:19d2c8c7a15fe7d12c4a83a89310831da12323fd45ff0280cce808f1be0c7e0b"
    # @supplier: "Nordeck"
  matrixNeoDateFixBot:
    repository: "nordeck/matrix-meetings-bot"
@@ -98,7 +98,7 @@ images:
    # @supplier: "Nordeck"
  matrixNeoDateFixWidget:
    repository: "nordeck/matrix-meetings-widget"
-    tag: "1.5.2@sha256:cc9e2592c9159cc8f6bed96dae0be6e6fe599977dbef64cbdb1c1b84db85a2bb"
+    tag: "1.5.3@sha256:918b1eb28cefb08bfdaae57607f0889b454111f2ba80b5ec9bb3c750f8599913"
    # @supplier: "Nordeck"
  matrixUserVerificationService:
    repository: "matrixdotorg/matrix-user-verification-service"
@@ -122,12 +122,16 @@ images:
    # @supplier: "Nextcloud Community"
  openproject:
    repository: "openproject/open_desk"
-    tag: "dev@sha256:ca5b843fd7f0687617ce3038a52fd6ac73fb4e9db7b762b8ac7d5090f168f0b1"
+    tag: "dev@sha256:732b5d0efe9fc64fe411c9d8143ec3f4a3c731d03c0caddb5fa4c614ff426e8d"
    # @supplier: "OpenProject"
  openprojectInitDb:
    repository: "postgres"
    tag: "13@sha256:ced3ba927f4cf06e03eac7760f426a95367076fb31fe4e31b679f82d119a3519"
    # @supplier: "OpenProject"
+  openprojectBootstrap:
+    repository: "souvap/tooling/images/opendesk-openproject-bootstrap"
+    tag: "1.1.1@sha256:09da76a9b645b3dbe5c181061f7829f82f239e7d17f7e115218a32870f7a955e"
+    # @supplier: "openDesk DevSecOps"
  openxchangeBootstrap:
    repository: "alpine/k8s"
    tag: "1.26.8@sha256:acde24d2a8ebaafda76f464591a5ddc7d0acd08bb38b12560961c1b1c4fc85ec"
--- a/helmfile/environments/default/persistence.yaml
+++ b/helmfile/environments/default/persistence.yaml
@@ -12,7 +12,7 @@ persistence:
    matrixNeoDateFixBot: "1Gi"
    minio: "1Gi"
    nextcloud:
-      main: "1.2Gi"
+      main: "2Gi"
      data: "10Gi"
    postfix: "1Gi"
    postgresql: "1Gi"
--- a/helmfile/environments/default/secrets.gotmpl
+++ b/helmfile/environments/default/secrets.gotmpl
@@ -63,6 +63,8 @@ secrets:
    metricsToken: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nextcloud" "metricsToken" | sha1sum | quote }}
  openproject:
    adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "openproject" "openproject_admin_user" | sha1sum | quote }}
+    apiAdminUsername: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "openproject" "openproject_api_admin_username" | sha1sum | quote }}
+    apiAdminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "openproject" "openproject_api_admin_password" | sha1sum | quote }}
  collabora:
    adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "collabora" "collabora_admin_user" | sha1sum | quote }}
  jitsi:
Author	SHA1	Message	Date
openDesk	3f7faf88fb	chore(release): 0.5.37 [skip ci] ## [0.5.37](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.36...v0.5.37) (2023-11-12) ### Bug Fixes * openproject: Add bootstrapping of Nextcloud filestore ([`1971dfb`](`1971dfbded`))	2023-11-12 15:54:06 +00:00
Thorsten Rossner	1971dfbded	fix(openproject): Add bootstrapping of Nextcloud filestore	2023-11-12 15:52:22 +00:00
openDesk	b50e5c982b	chore(release): 0.5.36 [skip ci] ## [0.5.36](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.35...v0.5.36) (2023-11-10) ### Bug Fixes * element: Update Element and Widgets ([`97034a5`](`97034a556f`))	2023-11-10 11:57:05 +00:00
Milton Moura	97034a556f	fix(element): Update Element and Widgets	2023-11-10 11:54:48 +00:00