Merge branch 'master' into docker-secrets

2026-02-27 20:27:40 +01:00 · 2025-04-24 18:57:28 -04:00
parent dfc3a38db1 dd237ec16e
commit a2ed3534e1
21 changed files with 1079 additions and 1057 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -12,3 +12,10 @@ updates:
    versions:
    - ">= 3.11.a"
    - "< 3.12"
 - package-ecosystem: github-actions
  directory: "/"
  schedule:
    interval: weekly
    time: "04:00"
    timezone: Europe/Paris
  open-pull-requests-limit: 10
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@ -0,0 +1,57 @@
 name: Publish Docker image
 on:
  release:
    types: [published]
 jobs:
  push_to_registries:
    name: Push Docker image to multiple registries
    runs-on: ubuntu-latest
    permissions:
      packages: write
      contents: read
    steps:
      - name: Check out the repo
        uses: actions/checkout@v4
      - name: Log in to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Log in to the Container registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
       # Documentation: https://github.com/docker/setup-qemu-action
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      # Documentation: https://github.com/docker/setup-buildx-action
      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v3
      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: |
            wallabag/wallabag
            ghcr.io/${{ github.repository }}
      - name: Build and push Docker images
        uses: docker/build-push-action@v6
        with:
          context: .
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          # Support for different platforms, see here: 
          # https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#-set-the-target-platforms-for-the-build---platform
          platforms: linux/amd64,linux/arm64,linux/arm/v7
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -25,31 +25,28 @@ jobs:
    steps:
      - name: "Checkout"
-        uses: "actions/checkout@v2"
+        uses: actions/checkout@v4
        with:
          fetch-depth: 2
      - name: Set up Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
        with:
-          python-version: 3.5
+          python-version: 3.11
      - name: "Build image"
-        run: docker-compose -f tests/docker-compose.${{ matrix.database }}.yml build
+        run: docker compose -f tests/docker-compose.${{ matrix.database }}.yml build
      - name: "Run image"
        run: docker-compose -f tests/docker-compose.${{ matrix.database }}.yml up -d
      - name: "Install dependencies"
-        run: |
+        run: pip install pytest pytest-docker requests
          pip install pytest
          pip install requests
      - name: "Check running instance"
        run: docker ps
      - name: "Wait 60s"
        run: sleep 60
      - name: "Run tests"
-        run: py.test tests/
+        run: py.test --database=${{ matrix.database }} tests/
      - name: "Get docker logs"
        if: ${{ always() }}
        run: docker compose -p "wallabag_${{ matrix.database }}" -f tests/docker-compose.${{ matrix.database }}.yml logs wallabag
      - name: "Cleanup environment"
        if: ${{ always() }}
        run: docker compose -p "wallabag_${{ matrix.database }}" -f tests/docker-compose.${{ matrix.database }}.yml down -v
--- a/112
+++ b/112
@ -1,73 +1,91 @@
-FROM alpine:3.12
+ARG COMPOSER_VERSION=2.5.8
-LABEL maintainer "Marvin Steadfast <marvin@xsteadfastx.org>"
+FROM composer:$COMPOSER_VERSION as composer
-ARG WALLABAG_VERSION=2.4.1
+FROM golang:alpine as builder
-RUN apk add gnu-libiconv --update-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community/ --allow-untrusted
+# envsubst from gettext can not replace env vars with default values
-ENV LD_PRELOAD /usr/lib/preloadable_libiconv.so php
+# this package is not available for ARM32 and we have to build it from source code
 # flag -ldflags "-s -w" produces a smaller executable
 RUN go install -ldflags "-s -w" -v github.com/a8m/envsubst/cmd/envsubst@v1.3.0
 FROM alpine:3.18
 COPY --from=builder /go/bin/envsubst /usr/bin/envsubst
 ARG WALLABAG_VERSION=2.6.12
 RUN set -ex \
- && apk update \
+ && apk add --no-cache \
 && apk upgrade --available \
 && apk add \
      ansible \
      curl \
      git \
      libwebp \
      mariadb-client \
      nginx \
      pcre \
-      php7 \
+      php81 \
-      php7-amqp \
+      php81-bcmath \
-      php7-bcmath \
+      php81-ctype \
-      php7-ctype \
+      php81-curl \
-      php7-curl \
+      php81-dom \
-      php7-dom \
+      php81-fpm \
-      php7-fpm \
+      php81-gd \
-      php7-gd \
+      php81-gettext \
-      php7-gettext \
+      php81-iconv \
-      php7-iconv \
+      php81-json \
-      php7-json \
+      php81-mbstring \
-      php7-mbstring \
+      php81-opcache \
-      php7-openssl \
+      php81-openssl \
-      php7-pdo_mysql \
+      php81-pecl-amqp \
-      php7-pdo_pgsql \
+      php81-pecl-imagick \
-      php7-pdo_sqlite \
+      php81-pdo_mysql \
-      php7-phar \
+      php81-pdo_pgsql \
-      php7-session \
+      php81-pdo_sqlite \
-      php7-simplexml \
+      php81-phar \
-      php7-tokenizer \
+      php81-session \
-      php7-xml \
+      php81-simplexml \
-      php7-zlib \
+      php81-tokenizer \
-      php7-sockets \
+      php81-xml \
-      php7-xmlreader \
+      php81-zlib \
-      php7-tidy \
+      php81-sockets \
-      php7-intl \
+      php81-xmlreader \
-      py3-mysqlclient \
+      php81-tidy \
-      py3-psycopg2 \
+      php81-intl \
-      py-simplejson \
+      php81-sodium \
      mariadb-client \
      postgresql14-client \
      rabbitmq-c \
      s6 \
      tar \
      tzdata \
-      make \
+ && ln -sf /usr/bin/php81 /usr/bin/php \
-      bash \
+ && ln -sf /usr/sbin/php-fpm81 /usr/sbin/php-fpm \
 && rm -rf /var/cache/apk/* \
 && ln -sf /dev/stdout /var/log/nginx/access.log \
- && ln -sf /dev/stderr /var/log/nginx/error.log \
+ && ln -sf /dev/stderr /var/log/nginx/error.log
- && curl -s https://getcomposer.org/installer | php \
+
- && mv composer.phar /usr/local/bin/composer \
+COPY --from=composer /usr/bin/composer /usr/local/bin/composer
 && composer selfupdate --1 \
 && git clone --branch $WALLABAG_VERSION --depth 1 https://github.com/wallabag/wallabag.git /var/www/wallabag
 COPY root /
 RUN set -ex \
 && curl -L -o /tmp/wallabag.tar.gz https://github.com/wallabag/wallabag/releases/download/$WALLABAG_VERSION/wallabag-$WALLABAG_VERSION.tar.gz \
 && tar xvf /tmp/wallabag.tar.gz -C /tmp \
 && mkdir /var/www/wallabag \
 && mv /tmp/wallabag-*/* /var/www/wallabag/ \
 && rm -rf /tmp/wallabag* \
 && cd /var/www/wallabag \
 && mkdir data/assets \
 && envsubst < /etc/wallabag/parameters.template.yml > app/config/parameters.yml \
 && SYMFONY_ENV=prod composer install --no-dev -o --prefer-dist --no-progress \
 && rm -rf /root/.composer/* /var/www/wallabag/var/cache/* /var/www/wallabag/var/logs/* /var/www/wallabag/var/sessions/* \
 && chown -R nobody:nobody /var/www/wallabag
 ENV PATH="${PATH}:/var/www/wallabag/bin"
 # Set console entry path
 WORKDIR /var/www/wallabag
 HEALTHCHECK CMD curl --fail --silent --show-error --user-agent healthcheck http://localhost/api/info || exit 1
 EXPOSE 80
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["wallabag"]
--- a/README.md
+++ b/README.md
@ -24,17 +24,15 @@ Default login is `wallabag:wallabag`.
 - `-e SYMFONY__ENV__DATABASE_USER=...` (defaults to "root", this is the name of the database user to use)
 - `-e SYMFONY__ENV__DATABASE_PASSWORD=...` (defaults to "~", this is the password of the database user to use)
 - `-e SYMFONY__ENV__DATABASE_CHARSET=...` (defaults to utf8, this is the database charset to use)
 - `-e SYMFONY__ENV__DATABASE_TABLE_PREFIX=...` (defaults to "wallabag_". Specifies the prefix for each database table)
 - `-e SYMFONY__ENV__SECRET=...` (defaults to "ovmpmAWXRCabNlMgzlzFXDYmCFfzGv")
 - `-e SYMFONY__ENV__LOCALE=...` (default to en)
- `-e SYMFONY__ENV__MAILER_HOST=...`  (defaults to "127.0.0.1", the SMTP host)
+- `-e SYMFONY__ENV__MAILER_DSN=...`  (defaults to "smtp://127.0.0.1")
 - `-e SYMFONY__ENV__MAILER_USER=...` (defaults to "~", the SMTP user)
 - `-e SYMFONY__ENV__MAILER_PASSWORD=...`(defaults to "~", the SMTP password)
 - `-e SYMFONY__ENV__FROM_EMAIL=...`(defaults to "`wallabag@example.com`", the address wallabag uses for outgoing emails)
 - `-e SYMFONY__ENV__TWOFACTOR_AUTH=...` (defaults to "true", enable or disable two-factor authentication)
 - `-e SYMFONY__ENV__TWOFACTOR_SENDER=...` (defaults to "`no-reply@wallabag.org`", the address wallabag uses for two-factor emails)
- `-e SYMFONY__ENV__FOSUSER_REGISTRATION=...`(defaults to "true", enable or disable public user registration)
+- `-e SYMFONY__ENV__FOSUSER_REGISTRATION=...`(defaults to "false", enable or disable public user registration)
 - `-e SYMFONY__ENV__FOSUSER_CONFIRMATION=...`(defaults to "true", enable or disable registration confirmation)
- `-e SYMFONY__ENV__DOMAIN_NAME=...`  defaults to "`https://your-wallabag-url-instance.com`", the URL of your wallabag instance)
+- `-e SYMFONY__ENV__DOMAIN_NAME=...`  defaults to "`https://your-wallabag-instance.wallabag.org`", the URL of your wallabag instance)
 - `-e SYMFONY__ENV__REDIS_SCHEME=...` (defaults to "tcp", protocol to use to communicate with the target server (tcp, unix, or http))
 - `-e SYMFONY__ENV__REDIS_HOST=...` (defaults to "redis", IP or hostname of the target server)
 - `-e SYMFONY__ENV__REDIS_PORT=...` (defaults to "6379", port of the target host)
@ -43,6 +41,7 @@ Default login is `wallabag:wallabag`.
 - `-e SYMFONY__ENV__SENTRY_DSN=...` (defaults to "~", this is the data source name for sentry)
 - `-e POPULATE_DATABASE=...`(defaults to "True". Does the DB has to be populated or is it an existing one)
 - `-e SYMFONY__ENV__SERVER_NAME=...` (defaults to "Your wallabag instance". Specifies a user-friendly name for the 2FA issuer)
 - `-e PHP_MEMORY_LIMIT=...` (allows you to change the PHP `memory_limit` value. defaults to 128M, and should be a number and unit, eg. 512K, 128M, 2G, or a number of bytes)
 To set any of these environment variables from a file (for instance a Docker Secret), append `__FILE` to the name of the environment variable.
@ -109,13 +108,13 @@ $ docker exec -t NAME_OR_ID_OF_YOUR_WALLABAG_CONTAINER /var/www/wallabag/bin/con
 ## docker-compose
-It's a good way to use [docker-compose](https://docs.docker.com/compose/). Example:
+An example [docker-compose](https://docs.docker.com/compose/) file can be seen below:
 ```
 version: '3'
 services:
  wallabag:
    image: wallabag/wallabag
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=wallaroot
      - SYMFONY__ENV__DATABASE_DRIVER=pdo_mysql
@ -125,24 +124,36 @@ services:
      - SYMFONY__ENV__DATABASE_USER=wallabag
      - SYMFONY__ENV__DATABASE_PASSWORD=wallapass
      - SYMFONY__ENV__DATABASE_CHARSET=utf8mb4
-      - SYMFONY__ENV__MAILER_HOST=127.0.0.1
+      - SYMFONY__ENV__DATABASE_TABLE_PREFIX="wallabag_"
-      - SYMFONY__ENV__MAILER_USER=~
+      - SYMFONY__ENV__MAILER_DSN=smtp://127.0.0.1
      - SYMFONY__ENV__MAILER_PASSWORD=~
      - SYMFONY__ENV__FROM_EMAIL=wallabag@example.com
-      - SYMFONY__ENV__DOMAIN_NAME=https://your-wallabag-url-instance.com
+      - SYMFONY__ENV__DOMAIN_NAME=https://your-wallabag-instance.wallabag.org
      - SYMFONY__ENV__SERVER_NAME="Your wallabag instance"
    ports:
      - "80"
    volumes:
      - /opt/wallabag/images:/var/www/wallabag/web/assets/images
    depends_on:
      - db
      - redis
  db:
    image: mariadb
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=wallaroot
    volumes:
      - /opt/wallabag/data:/var/lib/mysql
    healthcheck:
      test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"]
      interval: 20s
      timeout: 3s
  redis:
    image: redis:alpine
    restart: unless-stopped    
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 20s
      timeout: 3s
 ```
 Note that you must fill out the mail related variables according to your mail config.
--- a/conftest.py
+++ b/conftest.py
@ -0,0 +1,4 @@
 import pytest
 def pytest_addoption(parser):
    parser.addoption("--database", action="store", default="default")
--- a/root/entrypoint.sh
+++ b/root/entrypoint.sh
@ -1,4 +1,6 @@
 #!/bin/sh
 # Exit when any command fails
 set -e
 FILE_ENV_VARS="$(env | grep '__FILE=')"
 for env_var in $FILE_ENV_VARS; do
@ -10,28 +12,115 @@ for env_var in $FILE_ENV_VARS; do
    export $(echo $new_var | xargs)
 done
-provisioner () {
+COMMAND_ARG1="$1"
-    echo "Starting provisioner..."
+COMMAND_ARG2="$2"
-    if ! out=`ansible-playbook -i /etc/ansible/hosts /etc/ansible/entrypoint.yml -c local "$@"`;then
+
-        echo $out;
+cd /var/www/wallabag || exit
-    fi
+
-    echo "Provisioner finished."
+wait_for_database() {
    timeout 60s /bin/sh -c "$(cat << EOF
        until echo 'Waiting for database ...' \
            && nc -z ${SYMFONY__ENV__DATABASE_HOST} ${SYMFONY__ENV__DATABASE_PORT} < /dev/null > /dev/null 2>&1 ; \
        do sleep 1 ; done
 EOF
 )"
 }
-if [ "$1" = "wallabag" ];then
+install_wallabag() {
    su -c "php bin/console wallabag:install --env=prod -n" -s /bin/sh nobody
 }
 provisioner() {
    SYMFONY__ENV__DATABASE_DRIVER=${SYMFONY__ENV__DATABASE_DRIVER:-pdo_sqlite}
    POPULATE_DATABASE=${POPULATE_DATABASE:-True}
    SQLITE_DB_DIR="/var/www/wallabag/data/db"
    SQLITE_DB_FILEPATH="$SQLITE_DB_DIR/wallabag.sqlite"
    # Replace environment variables
    envsubst < /etc/wallabag/parameters.template.yml > app/config/parameters.yml
    envsubst < /etc/wallabag/php-wallabag.template.ini > /etc/php81/conf.d/50_wallabag.ini
    # Wait for external database
    if [ "$SYMFONY__ENV__DATABASE_DRIVER" = "pdo_mysql" ] || [ "$SYMFONY__ENV__DATABASE_DRIVER" = "pdo_pgsql" ] ; then
        wait_for_database
    fi
    # Configure SQLite database
    if [ "$SYMFONY__ENV__DATABASE_DRIVER" = "pdo_sqlite" ]; then
        # mkdir and chown are mandatory for local folder binding
        if [ ! -f "$SQLITE_DB_FILEPATH" ]; then
            mkdir -p "$SQLITE_DB_DIR"
            chown nobody: "$SQLITE_DB_DIR"
        fi
        if [ ! -s "$SQLITE_DB_FILEPATH" ]; then
            echo "Configuring the SQLite database ..."
            install_wallabag
        fi
    fi
    # Configure MySQL / MariaDB database
    if [ "$SYMFONY__ENV__DATABASE_DRIVER" = "pdo_mysql" ] && [ "$POPULATE_DATABASE" = "True" ] && [ "$MYSQL_ROOT_PASSWORD" != "" ] ; then
        DATABASE_EXISTS="$(mysql -h "${SYMFONY__ENV__DATABASE_HOST}" --port "${SYMFONY__ENV__DATABASE_PORT}" -uroot -p"${MYSQL_ROOT_PASSWORD}" \
            -sse "SELECT EXISTS(SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = '$SYMFONY__ENV__DATABASE_NAME')")"
        if [ "$DATABASE_EXISTS" != "1" ]; then
            echo "Configuring the MySQL database ..."
            mysql -h "${SYMFONY__ENV__DATABASE_HOST}" --port "${SYMFONY__ENV__DATABASE_PORT}" -uroot -p"${MYSQL_ROOT_PASSWORD}" \
                -e "CREATE DATABASE IF NOT EXISTS ${SYMFONY__ENV__DATABASE_NAME} CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
            USER_EXISTS="$(mysql -h "${SYMFONY__ENV__DATABASE_HOST}" --port "${SYMFONY__ENV__DATABASE_PORT}" -uroot -p"${MYSQL_ROOT_PASSWORD}" \
                -sse "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = '$SYMFONY__ENV__DATABASE_USER')")"
            if [ "$USER_EXISTS" != "1" ]; then
                mysql -h "${SYMFONY__ENV__DATABASE_HOST}" --port "${SYMFONY__ENV__DATABASE_PORT}" -uroot -p"${MYSQL_ROOT_PASSWORD}" \
                    -e "CREATE USER IF NOT EXISTS '${SYMFONY__ENV__DATABASE_USER}'@'%' IDENTIFIED BY '${SYMFONY__ENV__DATABASE_PASSWORD}';"
                mysql -h "${SYMFONY__ENV__DATABASE_HOST}" --port "${SYMFONY__ENV__DATABASE_PORT}" -uroot -p"${MYSQL_ROOT_PASSWORD}" \
                    -e "GRANT ALL PRIVILEGES ON ${SYMFONY__ENV__DATABASE_NAME}.* TO '${SYMFONY__ENV__DATABASE_USER}'@'%';"
            fi
            install_wallabag
        else
            echo "WARN: MySQL database is already configured. Remove the environment variable with root password."
        fi
    fi
    # Configure Postgres database
    if [ "$SYMFONY__ENV__DATABASE_DRIVER" = "pdo_pgsql" ] && [ "$POPULATE_DATABASE" = "True" ] && [ "$POSTGRES_PASSWORD" != "" ] ; then
        export PGPASSWORD="${POSTGRES_PASSWORD}"
        DATABASE_EXISTS="$(psql -qAt -h "${SYMFONY__ENV__DATABASE_HOST}" -p "${SYMFONY__ENV__DATABASE_PORT}" -U "${POSTGRES_USER}" \
            -c "SELECT 1 FROM pg_catalog.pg_database WHERE datname = '${SYMFONY__ENV__DATABASE_NAME}';")"
        if [ "$DATABASE_EXISTS" != "1" ]; then
            echo "Configuring the Postgres database ..."
            psql -q -h "${SYMFONY__ENV__DATABASE_HOST}" -p "${SYMFONY__ENV__DATABASE_PORT}" -U "${POSTGRES_USER}" \
                -c "CREATE DATABASE ${SYMFONY__ENV__DATABASE_NAME};"
            USER_EXISTS="$(psql -qAt -h "${SYMFONY__ENV__DATABASE_HOST}" -p "${SYMFONY__ENV__DATABASE_PORT}" -U "${POSTGRES_USER}" \
                -c "SELECT 1 FROM pg_roles WHERE rolname = '${SYMFONY__ENV__DATABASE_USER}';")"
            if [ "$USER_EXISTS" != "1" ]; then
                psql -q -h "${SYMFONY__ENV__DATABASE_HOST}" -p "${SYMFONY__ENV__DATABASE_PORT}" -U "${POSTGRES_USER}" \
                    -c "CREATE ROLE ${SYMFONY__ENV__DATABASE_USER} with PASSWORD '${SYMFONY__ENV__DATABASE_PASSWORD}' LOGIN;"
            fi
            install_wallabag
        else
            echo "WARN: Postgres database is already configured. Remove the environment variable with root password."
        fi
    fi
    # Remove cache and install Wallabag
    rm -f -r /var/www/wallabag/var/cache
    su -c "SYMFONY_ENV=prod composer install --no-dev -o --prefer-dist" -s /bin/sh nobody
 }
 if [ "$COMMAND_ARG1" = "wallabag" ]; then
    echo "Starting wallabag ..."
    provisioner
    echo "wallabag is ready!"
    exec s6-svscan /etc/s6/
 fi
-if [ "$1" = "import" ];then
+if [ "$COMMAND_ARG1" = "import" ]; then
-    provisioner --skip-tags=firstrun
+    provisioner
-    cd /var/www/wallabag/
+    exec su -c "bin/console wallabag:import:redis-worker --env=prod $COMMAND_ARG2 -vv" -s /bin/sh nobody
    exec su -c "bin/console wallabag:import:redis-worker --env=prod $2 -vv" -s /bin/sh nobody
 fi
-if [ "$1" = "migrate" ];then
+if [ "$COMMAND_ARG1" = "migrate" ]; then
    provisioner
    cd /var/www/wallabag/
    exec su -c "bin/console doctrine:migrations:migrate --env=prod --no-interaction" -s /bin/sh nobody
 fi
--- a/root/etc/ansible/entrypoint.yml
+++ b/root/etc/ansible/entrypoint.yml
@ -1,170 +0,0 @@
 ---
 - hosts: localhost
  remote_user: root
  vars:
    database_driver: "{{ lookup('env', 'SYMFONY__ENV__DATABASE_DRIVER')|default('pdo_sqlite', true) }}"
    database_host: "{{ lookup('env', 'SYMFONY__ENV__DATABASE_HOST')|default('127.0.0.1', true) }}"
    database_name: "{{ lookup('env', 'SYMFONY__ENV__DATABASE_NAME')|default('symfony', true) }}"
    database_password: "{{ lookup('env', 'SYMFONY__ENV__DATABASE_PASSWORD')|default('~', true) }}"
    database_port: "{{ lookup('env', 'SYMFONY__ENV__DATABASE_PORT')|default('~', true) }}"
    database_root_password_mariadb: "{{ lookup('env', 'MYSQL_ROOT_PASSWORD') }}"
    database_root_user_postgres: "{{ lookup('env', 'POSTGRES_USER') }}"
    database_root_password_postgres: "{{ lookup('env', 'POSTGRES_PASSWORD') }}"
    database_user: "{{ lookup('env', 'SYMFONY__ENV__DATABASE_USER')|default('root', true) }}"
    database_charset: "{{ lookup('env', 'SYMFONY__ENV__DATABASE_CHARSET')|default('utf8', true) }}"
    populate_database: "{{ lookup('env', 'POPULATE_DATABASE')|default(True, true) }}"
    locale: "{{ lookup('env', 'SYMFONY__ENV__LOCALE')|default('en', true) }}"
    secret: "{{ lookup('env', 'SYMFONY__ENV__SECRET')|default('ovmpmAWXRCabNlMgzlzFXDYmCFfzGv', true) }}"
    mailer_transport: "{{ lookup('env', 'SYMFONY__ENV__MAILER_TRANSPORT')|default('smtp', true) }}"
    mailer_host: "{{ lookup('env', 'SYMFONY__ENV__MAILER_HOST')|default('127.0.0.1', true) }}"
    mailer_user: "{{ lookup('env', 'SYMFONY__ENV__MAILER_USER')|default('~', true) }}"
    mailer_password: "{{ lookup('env', 'SYMFONY__ENV__MAILER_PASSWORD')|default('~', true) }}"
    mailer_port: "{{ lookup('env', 'SYMFONY__ENV__MAILER_PORT')|default('25', true) }}"
    mailer_encryption: "{{ lookup('env', 'SYMFONY__ENV__MAILER_ENCRYPTION')|default('~', true) }}"
    mailer_auth_mode: "{{ lookup('env', 'SYMFONY__ENV__MAILER_AUTH_MODE')|default('~', true) }}"
    from_email: "{{ lookup('env', 'SYMFONY__ENV__FROM_EMAIL')|default('wallabag@example.com', true) }}"
    twofactor_auth: "{{ lookup('env', 'SYMFONY__ENV__TWOFACTOR_AUTH')|default('true', true) }}"
    twofactor_sender: "{{ lookup('env', 'SYMFONY__ENV__TWOFACTOR_SENDER')|default('no-reply@wallabag.org', true) }}"
    registration: "{{ lookup('env', 'SYMFONY__ENV__FOSUSER_REGISTRATION')|default('true', true) }}"
    registration_mail_confirmation: "{{ lookup('env', 'SYMFONY__ENV__FOSUSER_CONFIRMATION')|default('true', true) }}"
    domain_name: "{{ lookup('env', 'SYMFONY__ENV__DOMAIN_NAME')|default('https://your-wallabag-url-instance.com', true) }}"
    redis_scheme: "{{ lookup('env', 'SYMFONY__ENV__REDIS_SCHEME')|default('tcp', true) }}"
    redis_host: "{{ lookup('env', 'SYMFONY__ENV__REDIS_HOST')|default('redis', true) }}"
    redis_port: "{{ lookup('env', 'SYMFONY__ENV__REDIS_PORT')|default('6379', true) }}"
    redis_path: "{{ lookup('env', 'SYMFONY__ENV__REDIS_PATH')|default('~', true) }}"
    redis_password: "{{ lookup('env', 'SYMFONY__ENV__REDIS_PASSWORD')|default('~', true) }}"
    sentry_dsn: "{{ lookup('env', 'SYMFONY__ENV__SENTRY_DSN')|default('~', true) }}"
    server_name: "{{ lookup('env', 'SYMFONY__ENV__SERVER_NAME')|default('Your wallabag instance', true) }}"
  tasks:
    - name: needed dirs
      file:
        path={{ item }}
        state=directory
      with_items:
        - /var/www/wallabag/app
        - /var/www/wallabag/app/config
        - /var/www/wallabag/data
        - /var/www/wallabag/data/assets
        - /var/www/wallabag/data/db
      notify: chown dir
      tags:
        - firstrun
    - name: write parameters.yml
      template:
        src=templates/parameters.yml.j2
        dest=/var/www/wallabag/app/config/parameters.yml
    - stat:
        path=/var/www/wallabag/data/db/wallabag.sqlite
      register: wallabag_sqlite_db
      when: database_driver == 'pdo_sqlite'
    - name: notify install for sqlite
      debug:
        msg='notify installation script if sqlite db does not exist'
      changed_when: true
      notify: run install
      when: (database_driver == 'pdo_sqlite') and
            (wallabag_sqlite_db.stat.exists == False)
    - name: wait for db container
      wait_for:
        host="{{ database_host }}"
        port="{{ database_port }}"
      when: (database_driver == 'pdo_mysql') or
            (database_driver == 'pdo_pgsql')
    - name: add mariadb db
      mysql_db:
        name="{{ database_name }}"
        state=present
        login_host="{{ database_host }}"
        login_port={{ database_port }}
        login_user=root
        login_password="{{ database_root_password_mariadb }}"
        encoding="utf8mb4"
      notify: run install
      when: (database_driver == 'pdo_mysql') and
            (populate_database == True)
      tags:
        - firstrun
    - name: add mariadb user
      mysql_user:
        name="{{ database_user }}"
        host=%
        password="{{ database_password }}"
        priv={{ database_name }}.*:ALL
        login_host="{{ database_host }}"
        login_port={{ database_port }}
        login_user=root
        login_password="{{ database_root_password_mariadb }}"
        state=present
      when: (database_driver == 'pdo_mysql') and
            (database_user != 'root') and
            (populate_database == True)
      tags:
        - firstrun
    - name: postgresql db
      postgresql_db:
        name="{{ database_name }}"
        state=present
        login_host="{{ database_host }}"
        port={{ database_port }}
        login_user="{{ database_root_user_postgres }}"
        login_password="{{ database_root_password_postgres }}"
      notify: run install
      when: (database_driver == 'pdo_pgsql') and
            (populate_database == True)
      tags:
        - firstrun
    - name: add postgresql user
      postgresql_user:
        name="{{ database_user }}"
        password="{{ database_password }}"
        encrypted=true
        db={{ database_name }}
        priv=ALL
        login_host="{{ database_host }}"
        port={{ database_port }}
        login_user="{{ database_root_user_postgres }}"
        login_password="{{ database_root_password_postgres }}"
        state=present
      when: (database_driver == 'pdo_pgsql') and
            (database_user != 'postgres') and
            (populate_database == True)
      tags:
        - firstrun
    - name: remove cache
      file:
        path=/var/www/wallabag/var/cache
        state=absent
    - name: run composer
      shell: SYMFONY_ENV=prod composer install --no-dev -o --prefer-dist
      args:
        chdir: /var/www/wallabag
      notify: chown dir
  handlers:
    - name: run install
      shell: php bin/console wallabag:install --env=prod -n
      args:
        chdir: /var/www/wallabag
      notify: chown dir
    - name: chown dir
      file:
        path=/var/www/wallabag
        recurse=yes
        owner=nobody
        group=nobody
--- a/root/etc/ansible/hosts
+++ b/root/etc/ansible/hosts
@ -1,2 +0,0 @@
 [localhost]
 localhost
--- a/root/etc/ansible/templates/parameters.yml.j2
+++ b/root/etc/ansible/templates/parameters.yml.j2
@ -1,63 +0,0 @@
 parameters:
    database_driver: {{ database_driver }}
    database_host: {{ database_host }}
    database_port: {{ database_port }}
    database_name: {{ database_name }}
    database_user: {{ database_user }}
    database_password: {{ database_password }}
    database_path: "%kernel.root_dir%/../data/db/wallabag.sqlite"
    database_table_prefix: wallabag_
    database_socket: null
    database_charset: {{ database_charset }}
    domain_name: {{ domain_name }}
    mailer_transport:  {{ mailer_transport }}
    mailer_user:       {{ mailer_user }}
    mailer_password:   {{ mailer_password }}
    mailer_host:       {{ mailer_host }}
    mailer_port:       {{ mailer_port }}
    mailer_encryption: {{ mailer_encryption }}
    mailer_auth_mode:  {{ mailer_auth_mode }}
    locale:            {{ locale }}
    # A secret key that's used to generate certain security-related tokens
    secret: {{ secret }}
    # two factor stuff
    twofactor_auth: {{ twofactor_auth }}
    twofactor_sender: {{ twofactor_sender }}
    # fosuser stuff
    fosuser_registration: {{ registration }}
    fosuser_confirmation: {{ registration_mail_confirmation }}
    # how long the access token should live in seconds for the API
    fos_oauth_server_access_token_lifetime: 3600
    # how long the refresh token should life in seconds for the API
    fos_oauth_server_refresh_token_lifetime: 1209600
    from_email: {{ from_email }}
    rss_limit: 50
    # RabbitMQ processing
    rabbitmq_host: localhost
    rabbitmq_port: 5672
    rabbitmq_user: guest
    rabbitmq_password: guest
    rabbitmq_prefetch_count: 10
    # Redis processing
    redis_scheme: {{ redis_scheme }}
    redis_host: {{ redis_host }}
    redis_port: {{ redis_port }}
    redis_path: {{ redis_path }}
    redis_password: {{ redis_password }}
    # sentry logging
    sentry_dsn: {{ sentry_dsn }}
    # User-friendly name of your instance for 2FA issuer
    server_name: {{ server_name }}
--- a/root/etc/nginx/fastcgi_params
+++ b/root/etc/nginx/fastcgi_params
@ -10,7 +10,7 @@ fastcgi_param  DOCUMENT_URI       $document_uri;
 fastcgi_param  DOCUMENT_ROOT      $document_root;
 fastcgi_param  SERVER_PROTOCOL    $server_protocol;
 fastcgi_param  REQUEST_SCHEME     $scheme;
-fastcgi_param  HTTPS              $https if_not_empty;
+fastcgi_param  HTTPS              $fe_https;
 fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
 fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
--- a/root/etc/nginx/nginx.conf
+++ b/root/etc/nginx/nginx.conf
@ -25,6 +25,10 @@ http {
    open_file_cache max=100;
    client_max_body_size 100M;
    map $http_x_forwarded_proto $fe_https {
        default $https;
        https on;
    }
    upstream php-upstream {
        server 127.0.0.1:9000;
@ -32,6 +36,7 @@ http {
    server {
        listen 80;
        listen [::0]:80;
        server_name _;
        root /var/www/wallabag/web;
@ -53,6 +58,7 @@ http {
            # for more information).
            fastcgi_param  SCRIPT_FILENAME  $realpath_root$fastcgi_script_name;
            fastcgi_param DOCUMENT_ROOT $realpath_root;
            fastcgi_read_timeout 300s;
            # Prevents URIs that include the front controller. This will 404:
            # http://domain.tld/app.php/some-path
            # Remove the internal directive to allow URIs like this
--- a/root/etc/php81/php-fpm.conf
+++ b/root/etc/php81/php-fpm.conf
--- a/root/etc/php81/php.ini
+++ b/root/etc/php81/php.ini
--- a/root/etc/s6/php-fpm/run
+++ b/root/etc/s6/php-fpm/run
@ -1,3 +1,3 @@
 #!/bin/sh
-exec php-fpm7 -F
+exec php-fpm -F
--- a/root/etc/wallabag/parameters.template.yml
+++ b/root/etc/wallabag/parameters.template.yml
@ -0,0 +1,56 @@
 parameters:
    database_driver: ${SYMFONY__ENV__DATABASE_DRIVER:-pdo_sqlite}
    database_host: ${SYMFONY__ENV__DATABASE_HOST:-127.0.0.1}
    database_port: ${SYMFONY__ENV__DATABASE_PORT:-~}
    database_name: ${SYMFONY__ENV__DATABASE_NAME:-symfony}
    database_user: ${SYMFONY__ENV__DATABASE_USER:-root}
    database_password: ${SYMFONY__ENV__DATABASE_PASSWORD:-~}
    database_path: "%kernel.project_dir%/data/db/wallabag.sqlite"
    database_table_prefix: ${SYMFONY__ENV__DATABASE_TABLE_PREFIX:-wallabag_}
    database_socket: null
    database_charset: ${SYMFONY__ENV__DATABASE_CHARSET:-utf8}
    domain_name: ${SYMFONY__ENV__DOMAIN_NAME:-https://your-wallabag-instance.wallabag.org}
    mailer_dsn: ${SYMFONY__ENV__MAILER_DSN:-smtp://127.0.0.1}
    locale: ${SYMFONY__ENV__LOCALE:-en}
    # A secret key that's used to generate certain security-related tokens
    secret: ${SYMFONY__ENV__SECRET:-ovmpmAWXRCabNlMgzlzFXDYmCFfzGv}
    # two factor stuff
    twofactor_sender: ${SYMFONY__ENV__TWOFACTOR_SENDER:-no-reply@wallabag.org}
    # fosuser stuff
    fosuser_registration: ${SYMFONY__ENV__FOSUSER_REGISTRATION:-false}
    fosuser_confirmation: ${SYMFONY__ENV__FOSUSER_CONFIRMATION:-true}
    # how long the access token should live in seconds for the API
    fos_oauth_server_access_token_lifetime: 3600
    # how long the refresh token should life in seconds for the API
    fos_oauth_server_refresh_token_lifetime: 1209600
    from_email: ${SYMFONY__ENV__FROM_EMAIL:-no-reply@wallabag.org}
    rss_limit: 50
    # RabbitMQ processing
    rabbitmq_host: localhost
    rabbitmq_port: 5672
    rabbitmq_user: guest
    rabbitmq_password: guest
    rabbitmq_prefetch_count: 10
    # Redis processing
    redis_scheme: ${SYMFONY__ENV__REDIS_SCHEME:-tcp}
    redis_host: ${SYMFONY__ENV__REDIS_HOST:-redis}
    redis_port: ${SYMFONY__ENV__REDIS_PORT:-6379}
    redis_path: ${SYMFONY__ENV__REDIS_PATH:-~}
    redis_password: ${SYMFONY__ENV__REDIS_PASSWORD:-~}
    # Sentry
    sentry_dsn: ${SYMFONY__ENV__SENTRY_DSN:-~}
    # User-friendly name of your instance for 2FA issuer
    server_name: ${SYMFONY__ENV__SERVER_NAME:-"Your wallabag instance"}
--- a/root/etc/wallabag/php-wallabag.template.ini
+++ b/root/etc/wallabag/php-wallabag.template.ini
@ -0,0 +1 @@
 memory_limit = ${PHP_MEMORY_LIMIT:-128M}
--- a/root/var/www/wallabag/app/config/parameters.yml
+++ b/root/var/www/wallabag/app/config/parameters.yml
@ -1,63 +0,0 @@
 parameters:
    database_driver: pdo_sqlite
    database_host: 127.0.0.1
    database_port: ~
    database_name: symfony
    database_user: root
    database_password: ~
    database_path: "%kernel.root_dir%/../data/db/wallabag.sqlite"
    database_table_prefix: wallabag_
    database_socket: null
    database_charset: utf8
    domain_name: https://your-wallabag-url-instance.com
    mailer_transport:  smtp
    mailer_user:       ~
    mailer_password:   ~
    mailer_host:       127.0.0.1
    mailer_port:       false
    mailer_encryption: ~
    mailer_auth_mode:  ~
    locale:            en
    # A secret key that's used to generate certain security-related tokens
    secret: ovmpmAWXRCabNlMgzlzFXDYmCFfzGv
    # two factor stuff
    twofactor_auth: true
    twofactor_sender: no-reply@wallabag.org
    # fosuser stuff
    fosuser_registration: true
    fosuser_confirmation: true
    # how long the access token should live in seconds for the API
    fos_oauth_server_access_token_lifetime: 3600
    # how long the refresh token should life in seconds for the API
    fos_oauth_server_refresh_token_lifetime: 1209600
    from_email: no-reply@wallabag.org
    rss_limit: 50
    # RabbitMQ processing
    rabbitmq_host: localhost
    rabbitmq_port: 5672
    rabbitmq_user: guest
    rabbitmq_password: guest
    rabbitmq_prefetch_count: 10
    # Redis processing
    redis_scheme: tcp
    redis_host: localhost
    redis_port: 6379
    redis_path: null
    redis_password: null
    # sentry logging
    sentry_dsn: ~
    # User-friendly name of your instance for 2FA issuer
    server_name: Your wallabag instance
--- a/tests/docker-compose.mariadb.yml
+++ b/tests/docker-compose.mariadb.yml
@ -18,6 +18,6 @@ services:
      - "127.0.0.1:80:80"
  db:
    image: mariadb
-    command: mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --character-set-client-handshake=FALSE
+    command: mariadbd --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --character-set-client-handshake=FALSE
    environment:
      - MYSQL_ROOT_PASSWORD=wallaroot
--- a/tests/docker-compose.sqlite.yml
+++ b/tests/docker-compose.sqlite.yml
@ -11,7 +11,7 @@ services:
      - SYMFONY__ENV__DATABASE_PORT=~
      - SYMFONY__ENV__DATABASE_NAME=symfony
      - SYMFONY__ENV__DATABASE_USER=root
-      - SYMFONY__ENV_DATABASE_PASSWORD=~
+      - SYMFONY__ENV__DATABASE_PASSWORD=~
      - SYMFONY__ENV__SECRET=F00B4R
    ports:
      - "127.0.0.1:80:80"
--- a/tests/test_login.py
+++ b/tests/test_login.py
@ -1,24 +1,63 @@
 import pytest
 import re
 import requests
 import os
 from requests.exceptions import ConnectionError
-URL = 'http://127.0.0.1:80'
+@pytest.fixture(scope="session")
 def database(pytestconfig):
    return pytestconfig.getoption("database")
 def is_responsive(url):
    try:
        response = requests.get(url)
        if response.status_code == 200:
            return True
    except ConnectionError:
        return False
-def test_accessing_login_page():
+@pytest.fixture(scope="session")
-    r = requests.get(URL, allow_redirects=True)
+def docker_compose_project_name(database):
    return "wallabag_{}".format(database)
@pytest.fixture(scope="session")
 def docker_cleanup():
    """Disable docker cleanup at the end of tests to get logs outside of pytest"""
    return False
@pytest.fixture(scope="session")
 def docker_compose_command() -> str:
    return "docker compose"
@pytest.fixture(scope="session")
 def docker_compose_file(pytestconfig, database):
    return os.path.join(str(pytestconfig.rootdir), "tests/", "docker-compose.{}.yml".format(database))
@pytest.fixture(scope="session")
 def wallabag_service(docker_ip, docker_services):
    """Ensure that wallabag service is up and responsive"""
    # `port_for` takes a container port and returns the corresponding host port
    port = docker_services.port_for("wallabag", 80)
    url = "http://{}:{}".format(docker_ip, port)
    docker_services.wait_until_responsive(
            timeout=60.0, pause=0.5, check=lambda: is_responsive(url)
    )
    return url
 def test_accessing_login_page(wallabag_service):
    r = requests.get(wallabag_service, allow_redirects=True)
    assert r.status_code == 200
    assert 'Log in' in r.text
    assert 'Password' in r.text
    assert 'Register' in r.text
    assert 'Username' in r.text
-def test_logging_in():
+def test_logging_in(wallabag_service):
    client = requests.session()
-    r = client.get(URL, allow_redirects=True)
+    r = client.get(wallabag_service, allow_redirects=True)
    jar = r.cookies
    # get csrf token
@ -39,7 +78,7 @@ def test_logging_in():
        '_csrf_token': csrf
    }
-    r = client.post(URL + '/login_check', cookies=jar, data=data)
+    r = client.post(wallabag_service + '/login_check', cookies=jar, data=data)
    assert r.status_code == 200
    assert '/unread/list' in r.text
    assert '/starred/list' in r.text
`@ -1,3 +1,3 @@`
	`#!/bin/sh`	`#!/bin/sh`

	`exec php-fpm7 -F`	`exec php-fpm -F`