Merge pull request #1963 from tboerger/refactor-docker-and-build

Refactoring/Restructuring for Docker, Compose and Taskfile

.dockerignore

@@ -0,0 +1,2 @@
+web/node_modules/
+vendor/

.dredd/dredd.dev.yml → .dredd/dredd.docker.yml

@@ -1,8 +1,7 @@
 dry-run: null
 hookfiles: ./.dredd/compiled_hooks
 language: go
-#server: context=dev task dc:up
-server-wait: 240
+server-wait: 5
 init: false
 custom: {}
 names: false
@@ -28,4 +27,4 @@ hooks-worker-handler-host: 0.0.0.0
 hooks-worker-handler-port: 61321
 config: ./.dredd/dredd.yml
 blueprint: api-docs.yml
-endpoint: 'http://semaphore_ci:3000'
+endpoint: 'http://server:3000'

.dredd/dredd.local.yml

@@ -1,8 +1,7 @@
 dry-run: null
 hookfiles: ./.dredd/compiled_hooks
 language: go
-#server: context=dev task dc:up
-server-wait: 240
+server-wait: 5
 init: false
 custom: {}
 names: false

.dredd/dredd.yml → .dredd/dredd.testing.yml

@@ -1,8 +1,8 @@
 dry-run: null
 hookfiles: ./.dredd/compiled_hooks
 language: go
-#server: context=dev task dc:up
-server-wait: 240
+server: ./semaphore server --config .dredd/config.json
+server-wait: 5
 init: false
 custom: {}
 names: false
@@ -28,4 +28,4 @@ hooks-worker-handler-host: 0.0.0.0
 hooks-worker-handler-port: 61321
 config: ./.dredd/dredd.yml
 blueprint: api-docs.yml
-endpoint: 'http://semaphore_ci:3000'
+endpoint: 'http://localhost:3000'

.dredd/dredd.windows.yml

@@ -1,8 +1,7 @@
 dry-run: null
 hookfiles: ./.dredd/compiled_hooks.exe
 language: go
-#server: context=dev task dc:up
-server-wait: 240
+server-wait: 5
 init: false
 custom: {}
 names: false

.github/workflows/beta.yml

@@ -1,75 +1,127 @@
 name: Beta
-on:
+
+'on':
   push:
     tags:
       - v*-beta
 
 jobs:
-  pre-release:
-    runs-on: [ubuntu-latest]
+  prerelease:
+    runs-on: ubuntu-latest
+
     steps:
-      - uses: actions/setup-go@v3
-        with: { go-version: '1.21' }
+      - name: Checkout source
+        uses: actions/checkout@v4
 
-      - uses: actions/setup-node@v3
-        with: { node-version: '16' }
+      - name: Setup golang
+        uses: actions/setup-go@v5
+        with:
+          go-version: '^1.21.0'
 
-      - run: go install github.com/go-task/task/v3/cmd/task@latest
+      - name: Setup nodejs
+        uses: actions/setup-node@v4
+        with:
+          node-version: '16'
+          cache: 'npm'
+          cache-dependency-path: web/package-lock.json
 
-      - run: sudo apt update && sudo apt-get install rpm
+      - name: Install go-task
+        run: |
+          go install github.com/go-task/task/v3/cmd/task@latest
 
-      - uses: actions/checkout@v3
+      - name: Install rpm
+        run: |
+          sudo apt update && sudo apt-get install rpm
 
-      - run: task deps
+      - name: Install deps
+        run: |
+          task deps
 
-      - run: |
-          echo ${{ secrets.GPG_KEY }} | tr " " "\n" | base64 -d | gpg --import --batch
+      - name: Import gnupg
+        run: |
+          echo "${{ secrets.GPG_KEY }}" | tr " " "\n" | base64 -d | gpg --import --batch
           gpg --sign -u "58A7 CC3D 8A9C A2E5 BB5C 141D 4064 23EA F814 63CA" --pinentry-mode loopback --yes --batch --passphrase "${{ secrets.GPG_PASS }}" --output unlock.sig --detach-sign README.md
           rm -f unlock.sig
 
-      - run:  git reset --hard
-
-      - run: GITHUB_TOKEN=${{ secrets.GH_TOKEN }} task release:prod
+      - name: Reset repo
+        run: |
+          git reset --hard
 
+      - name: Run release
+        run: |
+          GITHUB_TOKEN=${{ secrets.GH_TOKEN }} task release:prod
 
   deploy-beta:
-    runs-on: [ubuntu-latest]
-    steps:
-      - uses: actions/setup-go@v3
-        with: { go-version: '1.21' }
-
-      - run: go install github.com/go-task/task/v3/cmd/task@latest
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'semaphoreui'
 
-      - uses: actions/checkout@v3
-
-      - run: context=prod task docker:test
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v4
 
-      - uses: docker/setup-qemu-action@v2
+      - name: Setup qemu
+        id: qemu
+        uses: docker/setup-qemu-action@v3
 
-      - uses: docker/setup-buildx-action@v2
+      - name: Setup buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
 
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
+      - name: Hub login
+        uses: docker/login-action@v3
+        if: github.event_name != 'pull_request'
         with:
           username: ${{ secrets.DOCKER_USER }}
           password: ${{ secrets.DOCKER_PASS }}
 
-      - name: Build and push
-        uses: docker/build-push-action@v3
+      - name: Server meta
+        id: server
+        uses: docker/metadata-action@v5
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          images: |
+            semaphoreui/semaphore
+          labels: |
+            org.opencontainers.image.vendor=SemaphoreUI
+            maintainer=Semaphore UI <support@semui.co>
+          tags: |
+            type=raw,value=${{ github.ref_name }}
+          flavor: |
+            latest=false
+
+      - name: Server build
+        uses: docker/build-push-action@v5
         with:
+          builder: ${{ steps.buildx.outputs.name }}
           context: .
+          file: deployment/docker/server/Dockerfile
           platforms: linux/amd64,linux/arm64
-          file: ./deployment/docker/prod/buildx.Dockerfile
-          push: true
-          tags: semaphoreui/semaphore:beta,semaphoreui/semaphore:${{ github.ref_name }}
+          push: ${{ github.event_name != 'pull_request' }}
+          labels: ${{ steps.server.outputs.labels }}
+          tags: ${{ steps.server.outputs.tags }}
 
-
-
-      - name: Build and push runner
-        uses: docker/build-push-action@v3
+      - name: Runner meta
+        id: runner
+        uses: docker/metadata-action@v5
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          images: |
+            semaphoreui/runner
+          labels: |
+            org.opencontainers.image.vendor=SemaphoreUI
+            maintainer=Semaphore UI <support@semui.co>
+          tags: |
+            type=raw,value=${{ github.ref_name }}
+          flavor: |
+            latest=false
+
+      - name: Runner build
+        uses: docker/build-push-action@v5
         with:
+          builder: ${{ steps.buildx.outputs.name }}
           context: .
+          file: deployment/docker/runner/Dockerfile
           platforms: linux/amd64,linux/arm64
-          file: ./deployment/docker/prod/runner.buildx.Dockerfile
-          push: true
-          tags: semaphoreui/runner:beta,semaphoreui/runner:${{ github.ref_name }}
+          push: ${{ github.event_name != 'pull_request' }}
+          labels: ${{ steps.runner.outputs.labels }}
+          tags: ${{ steps.runner.outputs.tags }}

.github/workflows/release.yml

@@ -1,75 +1,131 @@
 name: Release
-on:
+
+'on':
   push:
     tags:
       - 'v[0-9]+.[0-9]+.[0-9]+'
 
 jobs:
   release:
-    runs-on: [ubuntu-latest]
+    runs-on: ubuntu-latest
+
     steps:
-      - uses: actions/setup-go@v3
-        with: { go-version: '1.21' }
+      - name: Checkout source
+        uses: actions/checkout@v4
 
-      - uses: actions/setup-node@v3
-        with: { node-version: '16' }
+      - name: Setup golang
+        uses: actions/setup-go@v5
+        with:
+          go-version: '^1.21.0'
 
-      - run: go install github.com/go-task/task/v3/cmd/task@latest
+      - name: Setup nodejs
+        uses: actions/setup-node@v4
+        with:
+          node-version: '16'
+          cache: 'npm'
+          cache-dependency-path: web/package-lock.json
 
-      - run: sudo apt update && sudo apt-get install rpm
+      - name: Install go-task
+        run: |
+          go install github.com/go-task/task/v3/cmd/task@latest
 
-      - uses: actions/checkout@v3
+      - name: Install rpm
+        run: |
+          sudo apt update && sudo apt-get install rpm
 
-      - run: task deps
+      - name: Install deps
+        run: |
+          task deps
 
-      - run: |
-          echo ${{ secrets.GPG_KEY }} | tr " " "\n" | base64 -d | gpg --import --batch
+      - name: Import gnupg
+        run: |
+          echo "${{ secrets.GPG_KEY }}" | tr " " "\n" | base64 -d | gpg --import --batch
           gpg --sign -u "58A7 CC3D 8A9C A2E5 BB5C 141D 4064 23EA F814 63CA" --pinentry-mode loopback --yes --batch --passphrase "${{ secrets.GPG_PASS }}" --output unlock.sig --detach-sign README.md
           rm -f unlock.sig
 
-      - run:  git reset --hard
-
-      - run: GITHUB_TOKEN=${{ secrets.GH_TOKEN }} task release:prod
+      - name: Reset repo
+        run: |
+          git reset --hard
 
+      - name: Run release
+        run: |
+          GITHUB_TOKEN=${{ secrets.GH_TOKEN }} task release:prod
 
   deploy-prod:
-    runs-on: [ubuntu-latest]
-    steps:
-      - uses: actions/setup-go@v3
-        with: { go-version: '1.21' }
-
-      - run: go install github.com/go-task/task/v3/cmd/task@latest
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'semaphoreui'
 
-      - uses: actions/checkout@v3
-
-      - run: context=prod task docker:test
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v4
 
-      - uses: docker/setup-qemu-action@v2
+      - name: Setup qemu
+        id: qemu
+        uses: docker/setup-qemu-action@v3
 
-      - uses: docker/setup-buildx-action@v2
+      - name: Setup buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
 
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
+      - name: Hub login
+        uses: docker/login-action@v3
+        if: github.event_name != 'pull_request'
         with:
           username: ${{ secrets.DOCKER_USER }}
           password: ${{ secrets.DOCKER_PASS }}
 
-      - name: Build and push
-        uses: docker/build-push-action@v3
+      - name: Server meta
+        id: server
+        uses: docker/metadata-action@v5
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          images: |
+            semaphoreui/semaphore
+          labels: |
+            org.opencontainers.image.vendor=SemaphoreUI
+            maintainer=Semaphore UI <support@semui.co>
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+          flavor: |
+            latest=true
+
+      - name: Server build
+        uses: docker/build-push-action@v5
         with:
+          builder: ${{ steps.buildx.outputs.name }}
           context: .
+          file: deployment/docker/server/Dockerfile
           platforms: linux/amd64,linux/arm64
-          file: ./deployment/docker/prod/buildx.Dockerfile
-          push: true
-          tags: semaphoreui/semaphore:latest,semaphoreui/semaphore:${{ github.ref_name }}
+          push: ${{ github.event_name != 'pull_request' }}
+          labels: ${{ steps.server.outputs.labels }}
+          tags: ${{ steps.server.outputs.tags }}
 
-
-
-      - name: Build and push runner
-        uses: docker/build-push-action@v3
+      - name: Runner meta
+        id: runner
+        uses: docker/metadata-action@v5
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          images: |
+            semaphoreui/runner
+          labels: |
+            org.opencontainers.image.vendor=SemaphoreUI
+            maintainer=Semaphore UI <support@semui.co>
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+          flavor: |
+            latest=true
+
+      - name: Runner build
+        uses: docker/build-push-action@v5
         with:
+          builder: ${{ steps.buildx.outputs.name }}
           context: .
+          file: deployment/docker/runner/Dockerfile
           platforms: linux/amd64,linux/arm64
-          file: ./deployment/docker/prod/runner.buildx.Dockerfile
-          push: true
-          tags: semaphoreui/runner:latest,semaphoreui/runner:${{ github.ref_name }}
+          push: ${{ github.event_name != 'pull_request' }}
+          labels: ${{ steps.runner.outputs.labels }}
+          tags: ${{ steps.runner.outputs.tags }}

.gitignore

@@ -18,7 +18,6 @@ node_modules/
 /semaphore.iml
 /bin/
 
-util/version.go
 /vendor/
 /coverage.out
 /public/package-lock.json

.goreleaser.yml

@@ -1,77 +1,67 @@
-# Goreleaser configuration
-# for building binaries and packages for distributions and releasing on github
 dist: bin
 
 before:
   hooks:
-    - task compile
+    - task build:fe
 
 builds:
   - binary: semaphore
     env:
       - CGO_ENABLED=0
     main: ./cli/main.go
+    ldflags: -s -w -X github.com/ansible-semaphore/semaphore/util.Ver={{ .Version }} -X github.com/ansible-semaphore/semaphore/util.Commit={{ .ShortCommit }} -X github.com/ansible-semaphore/semaphore/util.Date={{ .Timestamp }}
+    tags:
+      - netgo
     goos:
       - windows
       - darwin
       - linux
       - freebsd
-      #- openbsd
-      #- netbsd
     goarch:
+      - 386
       - amd64
-      #- 386
       - arm
       - arm64
     ignore:
       - goos: darwin
         goarch: 386
-#    hooks:
-#      pre: task compile
+      - goos: darwin
+        goarch: arm
 
 archives:
-  -
+  - files:
+      - LICENSE
     format_overrides:
       - goos: windows
         format: zip
-    files:
-      - LICENSE
 
 signs:
-  -
-    artifacts: checksum
+  - artifacts: checksum
     args: ["-u", "58A7 CC3D 8A9C A2E5 BB5C 141D 4064 23EA F814 63CA", "--pinentry-mode", "loopback", "--yes", "--batch", "--output", "${signature}", "--detach-sign", "${artifact}"]
 
-# Start the snapshot name with a numerical value
-# so it does not need to be force installed
 snapshot:
   name_template: "{{ .Timestamp }}-{{ .ShortCommit }}-SNAPSHOT"
 
 nfpms:
-  -
-    file_name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
-
-    vendor: Castaway Consulting LLC
-    homepage: https://github.com/ansible-semaphore/semaphore
-    maintainer: Castaway Consulting LLC <support@castawaylabs.com>
+  - file_name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
     description: Open Source alternative to Ansible Tower
+    homepage: https://github.com/semaphoreui/semaphore
+    vendor: Semaphore UI
+    maintainer: Semaphore UI <support@semui.co>
     license: MIT
 
     formats:
       - deb
       - rpm
 
-    # Packages your package depends on.
     dependencies:
       - git
 
     suggests:
       - ansible
 
-    # install binary in /usr/bin
     bindir: /usr/bin
 
 release:
-  # Do not auto publish release
   draft: true
   name_template: "{{.Tag}}"

api/router.go

@@ -431,7 +431,7 @@ func serveFile(w http.ResponseWriter, r *http.Request, name string) {
 
 func getSystemInfo(w http.ResponseWriter, r *http.Request) {
 	body := map[string]interface{}{
-		"version": util.Version,
+		"version": util.Version(),
 		"ansible": util.AnsibleVersion(),
 	}
 

cli/cmd/root.go

@@ -2,7 +2,10 @@ package cmd
 
 import (
 	"fmt"
-	log "github.com/sirupsen/logrus"
+	"net/http"
+	"os"
+	"strings"
+
 	"github.com/ansible-semaphore/semaphore/api"
 	"github.com/ansible-semaphore/semaphore/api/sockets"
 	"github.com/ansible-semaphore/semaphore/db"
@@ -12,10 +15,8 @@ import (
 	"github.com/ansible-semaphore/semaphore/util"
 	"github.com/gorilla/context"
 	"github.com/gorilla/handlers"
+	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
-	"net/http"
-	"os"
-	"strings"
 )
 
 var configPath string
@@ -56,7 +57,7 @@ func runService() {
 	}
 
 	fmt.Printf("Tmp Path (projects home) %v\n", util.Config.TmpPath)
-	fmt.Printf("Semaphore %v\n", util.Version)
+	fmt.Printf("Semaphore %v\n", util.Version())
 	fmt.Printf("Interface %v\n", util.Config.Interface)
 	fmt.Printf("Port %v\n", util.Config.Port)
 

cli/cmd/version.go

@@ -2,6 +2,7 @@ package cmd
 
 import (
 	"fmt"
+
 	"github.com/ansible-semaphore/semaphore/util"
 	"github.com/spf13/cobra"
 )
@@ -14,6 +15,6 @@ var versionCmd = &cobra.Command{
 	Use:   "version",
 	Short: "Print the version of Semaphore",
 	Run: func(cmd *cobra.Command, args []string) {
-		fmt.Println(util.Version)
+		fmt.Println(util.Version())
 	},
-}
+}

deployment/compose/README.md

@@ -0,0 +1,131 @@
+# Compose
+
+With the `docker-compose` snippets within this directory you are able to plug
+different setups of Semaphore UI together. Below you can find some example
+combinations.
+
+Some of the snippets define environment variables which could be optionally
+overwritten if needed.
+
+## Server
+
+First of all we need the server definition and we need to decide if we want to
+build the image dynamically or if we just want to use a released image.
+
+### Build
+
+This simply takes the currently cloned source and builds a new image including
+all local changes.
+
+```console
+docker-compose -f deployment/compose/server/base.yml -f deployment/compose/server/build.yml up
+```
+
+### Image
+
+This simply downloads the defined image from DockerHub and starts/configures it
+properly based on the integrated bootstrapping scripts.
+
+```console
+docker-compose -f deployment/compose/server/base.yml -f deployment/compose/server/image.yml up
+```
+
+### Config
+
+If you want to provide a custom `config.json` file to add options which are not
+exposed as environment variables you could add this snippet which sources the
+file from the current working directory.
+
+```console
+docker-compose <server from above> -f deployment/compose/server/config.yml up
+```
+
+## Runner
+
+If you want to try the remote runner functionality of Semaphore you could just
+add this snippet to get a runner up and connected to semaphore. Similar to the
+examples above for the server you got different options like building the runner
+from the source or using our prebuilt images.
+
+### Build
+
+This simply takes the currently cloned source and builds a new image including
+all local changes.
+
+```console
+docker-compose <server from above> -f deployment/compose/runner/base.yml -f deployment/compose/runner/build.yml up
+```
+
+### Image
+
+This simply downloads the defined image from DockerHub and starts/configures it
+properly based on the integrated bootstrapping scripts.
+
+```console
+docker-compose <server from above> -f deployment/compose/runner/base.yml -f deployment/compose/runner/image.yml up
+```
+
+### Config
+
+If you want to provide a custom `config.json` file to add options which are not
+exposed as environment variables you could add this snippet which sources the
+file from the current working directory.
+
+```console
+docker-compose <runner from above> -f deployment/compose/runner/config.yml up
+```
+
+## Database
+
+After deciding the base of it you should choose one of the supported databases.
+Here we got currently the following options so far.
+
+### SQLite
+
+This simply configures a named volume for the SQLite storage used as a database
+backend.
+
+```console
+docker-compose <server/runner from above> -f deployment/compose/store/sqlite.yml up
+```
+
+### BoltDB
+
+This simply configures a named volume for the BoltDB storage used as a database
+backend.
+
+```console
+docker-compose <server/runner from above> -f deployment/compose/store/boltdb.yml up
+```
+
+### MariaDB
+
+This simply starts an additional container for a MariaDB instance used as a
+database backend including the required credentials.
+
+```console
+docker-compose <server/runner from above> -f deployment/compose/store/mariadb.yml up
+```
+
+### MySQL
+
+This simply starts an additional container for a MySQL instance used as a
+database backend including the required credentials.
+
+```console
+docker-compose <server/runner from above> -f deployment/compose/store/mysql.yml up
+```
+
+### PostgreSQL
+
+This simply starts an additional container for a PostgreSQL instance used as a
+database backend including the required credentials.
+
+```console
+docker-compose <server/runner from above> -f deployment/compose/store/postgres.yml up
+```
+
+## Cleanup
+
+After playing with the setup you are able to stop the whole setup by just
+replacing `up` at the end of the command with `down`.

deployment/compose/dredd/base.yml

@@ -0,0 +1,25 @@
+version: "3.4"
+
+volumes:
+  dredd:
+
+services:
+  server:
+    environment:
+      SEMAPHORE_ADMIN_PASSWORD: password
+      SEMAPHORE_ADMIN_NAME: Developer
+      SEMAPHORE_ADMIN_EMAIL: admin@localhost
+      SEMAPHORE_ADMIN: admin
+      SEMAPHORE_WEB_ROOT: http://0.0.0.0:3000
+
+  dredd:
+    build:
+      context: ../../../
+      dockerfile: deployment/docker/dredd/Dockerfile
+    command:
+      - --config
+      - .dredd/dredd.docker.yml
+    environment:
+      SEMAPHORE_ACCESS_KEY_ENCRYPTION: ${SEMAPHORE_ACCESS_KEY_ENCRYPTION:-IlRqgrrO5Gp27MlWakDX1xVrPv4jhoUx+ARY+qGyDxQ=}
+    volumes:
+      - dredd:/data

deployment/compose/dredd/boltdb.yml

@@ -0,0 +1,9 @@
+version: "3.4"
+
+services:
+  dredd:
+    environment:
+      SEMAPHORE_DB_DIALECT: bolt
+      SEMAPHORE_DB_CONFIG: '{"host": "/data/database.boltdb"}'
+    depends_on:
+      - server

deployment/compose/dredd/mariadb.yml

@@ -0,0 +1,10 @@
+version: "3.4"
+
+services:
+  dredd:
+    environment:
+      SEMAPHORE_DB_DIALECT: mysql
+      SEMAPHORE_DB_CONFIG: '{"host": "db:3306","user": "semaphore","pass": "semaphore","name": "semaphore"}'
+    depends_on:
+      - server
+      - db

deployment/compose/dredd/mysql.yml

@@ -0,0 +1,10 @@
+version: "3.4"
+
+services:
+  dredd:
+    environment:
+      SEMAPHORE_DB_DIALECT: mysql
+      SEMAPHORE_DB_CONFIG: '{"host": "db:3306","user": "semaphore","pass": "semaphore","name": "semaphore"}'
+    depends_on:
+      - server
+      - db

deployment/compose/dredd/postgres.yml

@@ -0,0 +1,10 @@
+version: "3.4"
+
+services:
+  dredd:
+    environment:
+      SEMAPHORE_DB_DIALECT: postgres
+      SEMAPHORE_DB_CONFIG: '{"host": "db:5432","user": "semaphore","pass": "semaphore","name": "semaphore","options": {"sslmode": "disable"}}'
+    depends_on:
+      - server
+      - db

deployment/compose/dredd/sqlite.yml

@@ -0,0 +1,9 @@
+version: "3.4"
+
+services:
+  dredd:
+    environment:
+      SEMAPHORE_DB_DIALECT: sqlite
+      SEMAPHORE_DB_CONFIG: '{"host": "/data/database.sqlite3"}'
+    depends_on:
+      - server

deployment/compose/runner/base.yml

@@ -0,0 +1,13 @@
+version: "3.4"
+
+services:
+  runner:
+    image: docker.io/semaphoreui/runner:${SEMAPHORE_VERSION:-latest}
+    restart: always
+    environment:
+      SEMAPHORE_RUNNER_API_URL: ${SEMAPHORE_RUNNER_API_URL:-http://server:3000/api}
+      SEMAPHORE_RUNNER_REGISTRATION_TOKEN: ${SEMAPHORE_RUNNER_REGISTRATION_TOKEN:-H1wDyorbg6gTSwJlVwle2Fne}
+
+  server:
+    environment:
+      SEMAPHORE_RUNNER_REGISTRATION_TOKEN: ${SEMAPHORE_RUNNER_REGISTRATION_TOKEN:-H1wDyorbg6gTSwJlVwle2Fne}

deployment/compose/runner/build.yml

@@ -0,0 +1,7 @@
+version: "3.4"
+
+services:
+  runner:
+    build:
+      context: ../../../
+      dockerfile: deployment/docker/runner/Dockerfile

deployment/compose/runner/config.yml

@@ -0,0 +1,6 @@
+version: "3.4"
+
+services:
+  runner:
+    volumes:
+      - ${SEMAPHORE_RUNNER_LOCAL_CONFIG:-runner.json}:/etc/semaphore/config.json:Z

deployment/compose/server/base.yml

@@ -0,0 +1,20 @@
+version: "3.4"
+
+volumes:
+  server:
+
+services:
+  server:
+    image: docker.io/semaphoreui/semaphore:${SEMAPHORE_VERSION:-latest}
+    restart: always
+    environment:
+      SEMAPHORE_ADMIN_NAME: ${SEMAPHORE_ADMIN_NAME:-Admin}
+      SEMAPHORE_ADMIN: ${SEMAPHORE_ADMIN_USERNAME:-admin}
+      SEMAPHORE_ADMIN_PASSWORD: ${SEMAPHORE_ADMIN_PASSWORD:-p455w0rd}
+      SEMAPHORE_ADMIN_EMAIL: ${SEMAPHORE_ADMIN_EMAIL:-admin@localhost}
+      SEMAPHORE_WEB_ROOT: ${SEMAPHORE_WEB_ROOT:-http://0.0.0.0:3000}
+      SEMAPHORE_ACCESS_KEY_ENCRYPTION: ${SEMAPHORE_ACCESS_KEY_ENCRYPTION:-IlRqgrrO5Gp27MlWakDX1xVrPv4jhoUx+ARY+qGyDxQ=}
+    volumes:
+      - server:/var/lib/semaphore
+    ports:
+      - "3000:3000"

deployment/compose/server/build.yml

@@ -0,0 +1,7 @@
+version: "3.4"
+
+services:
+  server:
+    build:
+      context: ../../../
+      dockerfile: deployment/docker/server/Dockerfile

deployment/compose/server/config.yml

@@ -0,0 +1,6 @@
+version: "3.4"
+
+services:
+  server:
+    volumes:
+      - ${SEMAPHORE_RUNNER_LOCAL_CONFIG:-config.json}:/etc/semaphore/config.json:Z

deployment/compose/store/boltdb.yml

@@ -0,0 +1,12 @@
+version: "3.4"
+
+volumes:
+  boltdb:
+
+services:
+  server:
+    environment:
+      SEMAPHORE_DB_DIALECT: bolt
+      SEMAPHORE_DB_PATH: /var/lib/database
+    volumes:
+      - boltdb:/var/lib/database

deployment/compose/store/local.yml

@@ -0,0 +1,31 @@
+version: "3.4"
+
+volumes:
+  mariadb:
+  postgres:
+
+services:
+  mariadb:
+    image: mariadb:10.8
+    restart: always
+    environment:
+      MARIADB_ROOT_PASSWORD: root
+      MARIADB_USER: semaphore
+      MARIADB_PASSWORD: semaphore
+      MARIADB_DATABASE: semaphore
+    volumes:
+      - mariadb:/var/lib/mysql
+    ports:
+      - 3306:3306
+
+  postgres:
+    image: postgres:14.3
+    restart: always
+    environment:
+      POSTGRES_USER: semaphore
+      POSTGRES_PASSWORD: semaphore
+      POSTGRES_DB: semaphore
+    volumes:
+      - postgres:/var/lib/postgresql
+    ports:
+      - 5432:5432

deployment/compose/store/mariadb.yml

@@ -0,0 +1,27 @@
+version: "3.4"
+
+volumes:
+  mariadb:
+
+services:
+  server:
+    environment:
+      SEMAPHORE_DB_DIALECT: mysql
+      SEMAPHORE_DB_HOST: db
+      SEMAPHORE_DB_PORT: 3306
+      SEMAPHORE_DB_USER: ${MARIADB_USERNAME:-semaphore}
+      SEMAPHORE_DB_PASS: ${MARIADB_PASSWORD:-semaphore}
+      SEMAPHORE_DB: ${MARIADB_DATABASE:-semaphore}
+    depends_on:
+      - db
+
+  db:
+    image: mariadb:10.8
+    restart: always
+    environment:
+      MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT:-root}
+      MARIADB_USER: ${MARIADB_USERNAME:-semaphore}
+      MARIADB_PASSWORD: ${MARIADB_PASSWORD:-semaphore}
+      MARIADB_DATABASE: ${MARIADB_DATABASE:-semaphore}
+    volumes:
+      - mariadb:/var/lib/mysql

deployment/compose/store/mysql.yml

@@ -0,0 +1,27 @@
+version: "3.4"
+
+volumes:
+  mysql:
+
+services:
+  server:
+    environment:
+      SEMAPHORE_DB_DIALECT: mysql
+      SEMAPHORE_DB_HOST: db
+      SEMAPHORE_DB_PORT: 3306
+      SEMAPHORE_DB_USER: ${MYSQL_USERNAME:-semaphore}
+      SEMAPHORE_DB_PASS: ${MYSQL_PASSWORD:-semaphore}
+      SEMAPHORE_DB: ${MYSQL_DATABASE:-semaphore}
+    depends_on:
+      - db
+
+  db:
+    image: mysql:8.0
+    restart: always
+    environment:
+      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT:-root}
+      MYSQL_USER: ${MYSQL_USERNAME:-semaphore}
+      MYSQL_PASSWORD: ${MYSQL_PASSWORD:-semaphore}
+      MYSQL_DATABASE: ${MYSQL_DATABASE:-semaphore}
+    volumes:
+      - mysql:/var/lib/mysql

deployment/compose/store/postgres.yml

@@ -0,0 +1,26 @@
+version: "3.4"
+
+volumes:
+  postgres:
+
+services:
+  server:
+    environment:
+      SEMAPHORE_DB_DIALECT: postgres
+      SEMAPHORE_DB_HOST: db
+      SEMAPHORE_DB_PORT: 5432
+      SEMAPHORE_DB_USER: ${POSTGRES_USERNAME:-semaphore}
+      SEMAPHORE_DB_PASS: ${POSTGRES_PASSWORD:-semaphore}
+      SEMAPHORE_DB: ${POSTGRES_DATABASE:-semaphore}
+    depends_on:
+      - db
+
+  db:
+    image: postgres:14.3
+    restart: always
+    environment:
+      POSTGRES_USER: ${POSTGRES_USERNAME:-semaphore}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-semaphore}
+      POSTGRES_DB: ${POSTGRES_DATABASE:-semaphore}
+    volumes:
+      - postgres:/var/lib/postgresql

deployment/compose/store/sqlite.yml

@@ -0,0 +1,12 @@
+version: "3.4"
+
+volumes:
+  sqlite:
+
+services:
+  server:
+    environment:
+      SEMAPHORE_DB_DIALECT: sqlite
+      SEMAPHORE_DB_PATH: /var/lib/database
+    volumes:
+      - sqlite:/var/lib/database

deployment/docker/README.md

@@ -0,0 +1,60 @@
+# Docker
+
+Generally we are building production-grade images for each tag, latest and even
+for the development branch which will be pushed to [DockerHub][dockerhub]. If
+you still need to build your own image you can easily do that, you just need
+install [Docker][docker] and [Task][gotask] on your system.
+
+If you just want to use our pre-built images please follow the instructions on
+our [documentation][documentation].
+
+If you want to use [docker-compose][dockercompose] to start Semaphore you could
+also read about it on our [documentation][documentation] or take a look at our
+collection of [snippets][snippets] within this repository.
+
+## Build
+
+We have prepared multiple tasks to build an publish container images, including
+tasks to verify the image contains all required tools:
+
+```console
+task docker:build
+task docker:push
+```
+
+If you want to customize the image names or if you want to use [Podman][podman]
+instead of [Docker][docker] you are able to provide some set of environment
+variables to the [Task][gotask] command:
+
+* `DOCKER_ORG`: Define a custom organization for the image, defaults to `semaphoreui`
+* `DOCKER_SERVER`: Define a different name for the server image, defaults to `semaphore`
+* `DOCKER_RUNNER`: Define a different name for the runner image, defaults to `runner`
+* `DOCKER_CMD`: Use another command to build the image, defaults to `docker`
+
+## Test
+
+We defined tasks to handle some linting and to verify the images contain the
+tools and binaries that are required to run Semaphore. Here we are using
+[Hadolint][hadolint] to ensure we are mostly following best-practices and
+[Goss][goss] which is using a configuration file to define the requirements.
+
+To install the required tools you also need to install [Golang][golang] on your
+system, the installation of [Golang][golang] is not covered by us.
+
+The installation of the dependencies can be customized by providing environment
+variables for `INSTALL_PATH` (`/usr/local/bin`) and `REQUIRE_SUDO` (true).
+
+```console
+task docker:test
+```
+
+[dockerhub]: https://hub.docker.com/r/semaphoreui/semaphore
+[docker]: https://docs.docker.com/engine/install/
+[podman]: https://podman.io/docs/installation
+[gotask]: https://taskfile.dev/installation/
+[dockercompose]: https://docs.docker.com/compose/
+[golang]: https://go.dev/doc/install
+[hadolint]: https://github.com/hadolint/hadolint
+[goss]: https://github.com/goss-org/goss
+[snippets]: ../compose/README.md
+[documentation]: https://docs.semui.co/administration-guide/installation

deployment/docker/dredd/Dockerfile

@@ -0,0 +1,34 @@
+FROM golang:1.22-alpine3.19 as golang
+
+RUN apk add --no-cache -U \
+    curl git
+
+WORKDIR /usr/local
+# hadolint ignore=DL4006
+RUN curl -sL https://taskfile.dev/install.sh | sh
+
+WORKDIR /go/src/semaphore
+COPY go.mod go.sum /go/src/semaphore/
+
+RUN --mount=type=cache,target=/go/pkg \
+    go mod download -x
+
+COPY . /go/src/semaphore
+
+RUN --mount=type=cache,target=/go/pkg --mount=type=cache,target=/root/.cache/go-build \
+    task deps:tools && \
+    task deps:be && \
+    task e2e:goodman && \
+    task e2e:hooks
+
+FROM apiaryio/dredd:13.0.0
+
+RUN apk add --no-cache -U \
+    bash git go
+
+COPY --from=golang /go/bin/goodman /root/go/bin/goodman
+COPY --from=golang /go/src/semaphore /semaphore
+WORKDIR /semaphore
+
+COPY deployment/docker/dredd/entrypoint /usr/local/bin
+ENTRYPOINT ["/usr/local/bin/entrypoint"]

deployment/docker/dredd/entrypoint

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+set -eo pipefail
+
+echo "---> Gen semaphore config"
+cat << EOF > /semaphore/.dredd/config.json
+{
+  "dialect": "${SEMAPHORE_DB_DIALECT}",
+  "${SEMAPHORE_DB_DIALECT}": ${SEMAPHORE_DB_CONFIG},
+  "access_key_encryption": "${SEMAPHORE_ACCESS_KEY_ENCRYPTION}"
+}
+EOF
+
+echo "---> Waiting for semaphore"
+while ! nc -z server 3000; do
+  sleep 1
+done
+
+echo "---> Start dredd server"
+sleep 5
+dredd $@

deployment/docker/runner/Dockerfile

@@ -0,0 +1,63 @@
+FROM --platform=$BUILDPLATFORM golang:1.22-alpine3.19 as builder
+
+RUN apk add --no-cache -U \
+    libc-dev curl nodejs npm git gcc zip unzip tar
+
+WORKDIR /usr/local
+# hadolint ignore=DL4006
+RUN curl -sL https://taskfile.dev/install.sh | sh
+
+WORKDIR /go/src/semaphore
+COPY go.mod go.sum /go/src/semaphore/
+
+RUN --mount=type=cache,target=/go/pkg \
+    go mod download -x
+
+COPY . /go/src/semaphore
+
+ARG TARGETOS
+ARG TARGETARCH
+
+RUN --mount=type=cache,target=/go/src/semaphore/web/node_modules \
+    --mount=type=cache,target=/go/pkg \
+    --mount=type=cache,target=/root/.cache/go-build \
+    task deps && \
+    task build GOOS=${TARGETOS} GOARCH=${TARGETARCH}
+
+FROM alpine:3.19
+
+RUN apk add --no-cache -U \
+    bash curl git gnupg mysql-client openssh-client-default python3 python3-dev py3-pip rsync sshpass tar tini tzdata unzip wget zip build-base openssl-dev libffi-dev cargo && \
+    rm -rf /var/cache/apk/* && \
+    adduser -D -u 1001 -G root semaphore && \
+    mkdir -p /tmp/semaphore && \
+    mkdir -p /etc/semaphore && \
+    mkdir -p /var/lib/semaphore && \
+    chown -R semaphore:0 /tmp/semaphore && \
+    chown -R semaphore:0 /etc/semaphore && \
+    chown -R semaphore:0 /var/lib/semaphore
+
+COPY --chown=1001:0 ./deployment/docker/runner/ansible.cfg /tmp/semaphore/ansible.cfg
+COPY --from=builder /go/src/semaphore/deployment/docker/runner/runner-wrapper /usr/local/bin/
+COPY --from=builder /go/src/semaphore/bin/semaphore /usr/local/bin/
+
+RUN chown -R semaphore:0 /usr/local/bin/runner-wrapper && \
+    chmod +x /usr/local/bin/runner-wrapper && \
+    chown -R semaphore:0 /usr/local/bin/semaphore && \
+    chmod +x /usr/local/bin/semaphore
+
+WORKDIR /home/semaphore
+USER 1001
+
+# renovate: datasource=pypi depName=ansible
+ENV ANSIBLE_VERSION 9.4.0
+
+ENV PATH /home/semaphore/.local/bin:$PATH
+
+# hadolint ignore=DL3013
+RUN pip3 install -U --break-system-packages --no-cache-dir \
+    ansible==${ANSIBLE_VERSION} \
+    boto3 botocore requests netaddr
+
+ENTRYPOINT ["/sbin/tini", "--"]
+CMD [ "/usr/local/bin/runner-wrapper"]

deployment/docker/runner/ansible.cfg

@@ -0,0 +1,4 @@
+[defaults]
+host_key_checking = False
+bin_ansible_callbacks = True
+stdout_callback = yaml

deployment/docker/prod/goss.yaml → deployment/docker/runner/goss.yaml

@@ -1,5 +1,5 @@
 file:
-  /usr/local/bin/semaphore-wrapper:
+  /usr/local/bin/runner-wrapper:
     exists: true
     owner: semaphore
     group: root
@@ -9,31 +9,51 @@ file:
     owner: semaphore
     group: root
     filetype: file
+
 package:
-  ansible:
-    installed: true
-  curl:
-    installed: true
-  git:
-    installed: true
   go:
     installed: false
   libc-dev:
     installed: false
-  mysql-client:
-    installed: true
   nodejs:
     installed: false
+
+  curl:
+    installed: true
+  git:
+    installed: true
+  mysql-client:
+    installed: true
   openssh-client-default:
     installed: true
+  python3:
+    installed: true
+  py3-pip:
+    installed: true
+  rsync:
+    installed: true
+  sshpass:
+    installed: true
+  tar:
+    installed: true
   tini:
     installed: true
+  tzdata:
+    installed: true
+  unzip:
+    installed: true
+  wget:
+    installed: true
+  zip:
+    installed: true
+
 user:
   semaphore:
     exists: true
     uid: 1001
     gid: 0
     home: /home/semaphore
+
 command:
   semaphore:
     exit-status: 0

deployment/docker/runner/runner-wrapper

@@ -0,0 +1,30 @@
+#!/bin/sh
+set -e
+echoerr() { printf "%s\n" "$*" >&2; }
+
+export SEMAPHORE_CONFIG_PATH="${SEMAPHORE_CONFIG_PATH:-/etc/semaphore}"
+export SEMAPHORE_TMP_PATH="${SEMAPHORE_TMP_PATH:-/tmp/semaphore}"
+export ANSIBLE_CONFIG="${ANSIBLE_CONFIG:-${SEMAPHORE_TMP_PATH}/ansible.cfg}"
+
+if test -f "${SEMAPHORE_CONFIG_PATH}/packages.txt"; then
+    echoerr "Installing additional system dependencies"
+    apk add --no-cache --upgrade \
+        $(cat "${SEMAPHORE_CONFIG_PATH}/packages.txt" | xargs)
+else
+    echoerr "No additional system dependencies to install"
+fi
+
+if test -f "${SEMAPHORE_CONFIG_PATH}/requirements.txt"; then
+    echoerr "Installing additional python dependencies"
+    pip3 install --upgrade --user \
+        -r "${SEMAPHORE_CONFIG_PATH}/requirements.txt"
+else
+    echoerr "No additional python dependencies to install"
+fi
+
+echoerr "Starting semaphore runner"
+if test "$#" -ne 1; then
+    exec /usr/local/bin/semaphore runner start --config "${SEMAPHORE_CONFIG_PATH}/config.json"
+else
+    exec "$@"
+fi

deployment/docker/server/Dockerfile

@@ -0,0 +1,63 @@
+FROM --platform=$BUILDPLATFORM golang:1.22-alpine3.19 as builder
+
+RUN apk add --no-cache -U \
+    libc-dev curl nodejs npm git gcc zip unzip tar
+
+WORKDIR /usr/local
+# hadolint ignore=DL4006
+RUN curl -sL https://taskfile.dev/install.sh | sh
+
+WORKDIR /go/src/semaphore
+COPY go.mod go.sum /go/src/semaphore/
+
+RUN --mount=type=cache,target=/go/pkg \
+    go mod download -x
+
+COPY . /go/src/semaphore
+
+ARG TARGETOS
+ARG TARGETARCH
+
+RUN --mount=type=cache,target=/go/src/semaphore/web/node_modules \
+    --mount=type=cache,target=/go/pkg \
+    --mount=type=cache,target=/root/.cache/go-build \
+    task deps && \
+    task build GOOS=${TARGETOS} GOARCH=${TARGETARCH}
+
+FROM alpine:3.19
+
+RUN apk add --no-cache -U \
+bash curl git gnupg mysql-client openssh-client-default python3 python3-dev py3-pip rsync sshpass tar tini tzdata unzip wget zip build-base openssl-dev libffi-dev cargo && \
+    rm -rf /var/cache/apk/* && \
+    adduser -D -u 1001 -G root semaphore && \
+    mkdir -p /tmp/semaphore && \
+    mkdir -p /etc/semaphore && \
+    mkdir -p /var/lib/semaphore && \
+    chown -R semaphore:0 /tmp/semaphore && \
+    chown -R semaphore:0 /etc/semaphore && \
+    chown -R semaphore:0 /var/lib/semaphore
+
+COPY --chown=1001:0 ./deployment/docker/server/ansible.cfg /tmp/semaphore/ansible.cfg
+COPY --from=builder /go/src/semaphore/deployment/docker/server/server-wrapper /usr/local/bin/
+COPY --from=builder /go/src/semaphore/bin/semaphore /usr/local/bin/
+
+RUN chown -R semaphore:0 /usr/local/bin/server-wrapper && \
+    chmod +x /usr/local/bin/server-wrapper && \
+    chown -R semaphore:0 /usr/local/bin/semaphore && \
+    chmod +x /usr/local/bin/semaphore
+
+WORKDIR /home/semaphore
+USER 1001
+
+# renovate: datasource=pypi depName=ansible
+ENV ANSIBLE_VERSION 9.4.0
+
+ENV PATH /home/semaphore/.local/bin:$PATH
+
+# hadolint ignore=DL3013
+RUN pip3 install -U --break-system-packages --no-cache-dir \
+    ansible==${ANSIBLE_VERSION} \
+    boto3 botocore requests netaddr
+
+ENTRYPOINT ["/sbin/tini", "--"]
+CMD [ "/usr/local/bin/server-wrapper"]

deployment/docker/server/ansible.cfg

@@ -0,0 +1,4 @@
+[defaults]
+host_key_checking = False
+bin_ansible_callbacks = True
+stdout_callback = yaml

deployment/docker/server/goss.yaml

@@ -0,0 +1,60 @@
+file:
+  /usr/local/bin/server-wrapper:
+    exists: true
+    owner: semaphore
+    group: root
+    filetype: file
+  /usr/local/bin/semaphore:
+    exists: true
+    owner: semaphore
+    group: root
+    filetype: file
+
+package:
+  go:
+    installed: false
+  libc-dev:
+    installed: false
+  nodejs:
+    installed: false
+
+  curl:
+    installed: true
+  git:
+    installed: true
+  mysql-client:
+    installed: true
+  openssh-client-default:
+    installed: true
+  python3:
+    installed: true
+  py3-pip:
+    installed: true
+  rsync:
+    installed: true
+  sshpass:
+    installed: true
+  tar:
+    installed: true
+  tini:
+    installed: true
+  tzdata:
+    installed: true
+  unzip:
+    installed: true
+  wget:
+    installed: true
+  zip:
+    installed: true
+
+user:
+  semaphore:
+    exists: true
+    uid: 1001
+    gid: 0
+    home: /home/semaphore
+
+command:
+  semaphore:
+    exit-status: 0
+    timeout: 10000

deployment/docker/server/server-wrapper

@@ -0,0 +1,194 @@
+#!/bin/sh
+set -e
+echoerr() { printf "%s\n" "$*" >&2; }
+
+file_env() {
+    local var=""
+    local fileVar=""
+
+    eval var="\$${1}"
+    eval fileVar="\$${1}_FILE"
+
+    local def="${2:-}"
+
+    if [ -n "${var:-}" ] && [ -n "${fileVar:-}" ]; then
+        echo >&2 "error: both ${1} and ${1}_FILE are set (but are exclusive)"
+        exit 1
+    fi
+
+    local val="$def"
+
+    if [ -n "${var:-}" ]; then
+        val="${var}"
+    elif [ -n "${fileVar:-}" ]; then
+        val="$(cat "${fileVar}")"
+    fi
+
+    export "${1}"="$val"
+    unset "${1}_FILE"
+}
+
+export SEMAPHORE_CONFIG_PATH="${SEMAPHORE_CONFIG_PATH:-/etc/semaphore}"
+export SEMAPHORE_TMP_PATH="${SEMAPHORE_TMP_PATH:-/tmp/semaphore}"
+export ANSIBLE_CONFIG="${ANSIBLE_CONFIG:-${SEMAPHORE_TMP_PATH}/ansible.cfg}"
+export SEMAPHORE_DB_DIALECT="${SEMAPHORE_DB_DIALECT:-mysql}"
+export SEMAPHORE_DB_HOST="${SEMAPHORE_DB_HOST:-0.0.0.0}"
+export SEMAPHORE_DB_PATH="${SEMAPHORE_DB_PATH:-/var/lib/semaphore}"
+export SEMAPHORE_DB_PORT="${SEMAPHORE_DB_PORT:-}"
+export SEMAPHORE_DB="${SEMAPHORE_DB:-semaphore}"
+file_env 'SEMAPHORE_DB_USER' 'semaphore'
+file_env 'SEMAPHORE_DB_PASS' 'semaphore'
+export SEMAPHORE_WEB_ROOT="${SEMAPHORE_WEB_ROOT:-}"
+file_env 'SEMAPHORE_ADMIN' 'admin'
+export SEMAPHORE_ADMIN_EMAIL="${SEMAPHORE_ADMIN_EMAIL:-admin@localhost}"
+export SEMAPHORE_ADMIN_NAME="${SEMAPHORE_ADMIN_NAME:-Semaphore Admin}"
+file_env 'SEMAPHORE_ADMIN_PASSWORD' 'semaphorepassword'
+export SEMAPHORE_LDAP_ACTIVATED="${SEMAPHORE_LDAP_ACTIVATED:-no}"
+export SEMAPHORE_LDAP_HOST="${SEMAPHORE_LDAP_HOST:-}"
+export SEMAPHORE_LDAP_PORT="${SEMAPHORE_LDAP_PORT:-}"
+export SEMAPHORE_LDAP_NEEDTLS="${SEMAPHORE_LDAP_NEEDTLS:-no}"
+export SEMAPHORE_LDAP_DN_BIND="${SEMAPHORE_LDAP_DN_BIND:-}"
+file_env 'SEMAPHORE_LDAP_PASSWORD'
+export SEMAPHORE_LDAP_DN_SEARCH="${SEMAPHORE_LDAP_DN_SEARCH:-}"
+export SEMAPHORE_LDAP_SEARCH_FILTER="${SEMAPHORE_LDAP_SEARCH_FILTER:-(uid=%s)}"
+export SEMAPHORE_LDAP_MAPPING_DN="${SEMAPHORE_LDAP_MAPPING_DN:-dn}"
+export SEMAPHORE_LDAP_MAPPING_USERNAME="${SEMAPHORE_LDAP_MAPPING_USERNAME:-uid}"
+export SEMAPHORE_LDAP_MAPPING_FULLNAME="${SEMAPHORE_LDAP_MAPPING_FULLNAME:-cn}"
+export SEMAPHORE_LDAP_MAPPING_EMAIL="${SEMAPHORE_LDAP_MAPPING_EMAIL:-mail}"
+file_env 'SEMAPHORE_ACCESS_KEY_ENCRYPTION'
+
+[ -d "${SEMAPHORE_TMP_PATH}" ] || mkdir -p "${SEMAPHORE_TMP_PATH}" || {
+    echo "Can't create Semaphore tmp path ${SEMAPHORE_TMP_PATH}."
+    exit 1
+}
+
+[ -d "${SEMAPHORE_CONFIG_PATH}" ] || mkdir -p "${SEMAPHORE_CONFIG_PATH}" || {
+    echo "Can't create Semaphore config path ${SEMAPHORE_CONFIG_PATH}."
+    exit 1
+}
+
+[ -d "${SEMAPHORE_DB_PATH}" ] || mkdir -p "${SEMAPHORE_DB_PATH}" || {
+    echo "Can't create Semaphore data path ${SEMAPHORE_DB_PATH}."
+    exit 1
+}
+
+if [ "${SEMAPHORE_DB_DIALECT}" != 'bolt' ]; then
+  echoerr "Attempting to connect to database ${SEMAPHORE_DB} on ${SEMAPHORE_DB_HOST}:${SEMAPHORE_DB_PORT} with user ${SEMAPHORE_DB_USER} ..."
+  TIMEOUT=30
+
+  while ! $(nc -z "$SEMAPHORE_DB_HOST" "$SEMAPHORE_DB_PORT") >/dev/null 2>&1; do
+      TIMEOUT=$(expr $TIMEOUT - 1)
+
+      if [ $TIMEOUT -eq 0 ]; then
+          echoerr "Could not connect to database server. Exiting."
+          exit 1
+      fi
+
+      echo -n "."
+      sleep 1
+  done
+fi
+
+if [ -n "${SEMAPHORE_DB_PORT}" ]; then
+    SEMAPHORE_DB_HOST="${SEMAPHORE_DB_HOST}:${SEMAPHORE_DB_PORT}"
+fi
+
+case ${SEMAPHORE_DB_DIALECT} in
+    mysql)
+        SEMAPHORE_DB_DIALECT_ID=1
+        ;;
+    bolt)
+        SEMAPHORE_DB_DIALECT_ID=2
+        ;;
+    postgres)
+        SEMAPHORE_DB_DIALECT_ID=3
+        ;;
+    *)
+        echoerr "Unknown database dialect: ${SEMAPHORE_DB_DIALECT}"
+        exit 1
+        ;;
+esac
+
+if [ ! -f "${SEMAPHORE_CONFIG_PATH}/config.json" ]; then
+    echoerr "Generating ${SEMAPHORE_TMP_PATH}/config.stdin ..."
+    cat << EOF > "${SEMAPHORE_TMP_PATH}/config.stdin"
+${SEMAPHORE_DB_DIALECT_ID}
+EOF
+
+    if [ "${SEMAPHORE_DB_DIALECT}" = "bolt" ]; then
+        cat << EOF >> "${SEMAPHORE_TMP_PATH}/config.stdin"
+${SEMAPHORE_DB_PATH}/database.boltdb
+EOF
+    else
+        cat << EOF >> "${SEMAPHORE_TMP_PATH}/config.stdin"
+${SEMAPHORE_DB_HOST}
+${SEMAPHORE_DB_USER}
+${SEMAPHORE_DB_PASS}
+${SEMAPHORE_DB}
+EOF
+    fi
+
+    cat << EOF >> "${SEMAPHORE_TMP_PATH}/config.stdin"
+${SEMAPHORE_TMP_PATH}
+${SEMAPHORE_WEB_ROOT}
+no
+no
+no
+no
+no
+${SEMAPHORE_LDAP_ACTIVATED}
+EOF
+
+    if [ "${SEMAPHORE_LDAP_ACTIVATED}" = "yes" ]; then
+        cat << EOF >> "${SEMAPHORE_TMP_PATH}/config.stdin"
+${SEMAPHORE_LDAP_HOST}:${SEMAPHORE_LDAP_PORT}
+${SEMAPHORE_LDAP_NEEDTLS}
+${SEMAPHORE_LDAP_DN_BIND}
+${SEMAPHORE_LDAP_PASSWORD}
+${SEMAPHORE_LDAP_DN_SEARCH}
+${SEMAPHORE_LDAP_SEARCH_FILTER}
+${SEMAPHORE_LDAP_MAPPING_DN}
+${SEMAPHORE_LDAP_MAPPING_USERNAME}
+${SEMAPHORE_LDAP_MAPPING_FULLNAME}
+${SEMAPHORE_LDAP_MAPPING_EMAIL}
+EOF
+    fi;
+
+    cat << EOF >> "${SEMAPHORE_TMP_PATH}/config.stdin"
+${SEMAPHORE_CONFIG_PATH}
+${SEMAPHORE_ADMIN}
+${SEMAPHORE_ADMIN_EMAIL}
+${SEMAPHORE_ADMIN_NAME}
+${SEMAPHORE_ADMIN_PASSWORD}
+EOF
+
+    echoerr "Executing semaphore setup"
+    if test "$#" -ne 1; then
+        /usr/local/bin/semaphore setup - < "${SEMAPHORE_TMP_PATH}/config.stdin"
+    else
+        "$1" setup - < "${SEMAPHORE_TMP_PATH}/config.stdin"
+    fi
+fi
+
+if test -f "${SEMAPHORE_CONFIG_PATH}/packages.txt"; then
+    echoerr "Installing additional system dependencies"
+    apk add --no-cache --upgrade \
+        $(cat "${SEMAPHORE_CONFIG_PATH}/packages.txt" | xargs)
+else
+    echoerr "No additional system dependencies to install"
+fi
+
+if test -f "${SEMAPHORE_CONFIG_PATH}/requirements.txt"; then
+    echoerr "Installing additional python dependencies"
+    pip3 install --upgrade --user \
+        -r "${SEMAPHORE_CONFIG_PATH}/requirements.txt"
+else
+    echoerr "No additional python dependencies to install"
+fi
+
+echoerr "Starting semaphore server"
+if test "$#" -ne 1; then
+    exec /usr/local/bin/semaphore server  --config "${SEMAPHORE_CONFIG_PATH}/config.json"
+else
+    exec "$@"
+fi

util/config.go

@@ -598,7 +598,7 @@ func CheckUpdate() (updateAvailable *github.RepositoryRelease, err error) {
 	}
 
 	updateAvailable = nil
-	if (*releases[0].TagName)[1:] != Version {
+	if (*releases[0].TagName)[1:] != Version() {
 		updateAvailable = releases[0]
 	}
 

util/version.go

@@ -0,0 +1,19 @@
+package util
+
+import (
+	"strings"
+)
+
+var (
+	Ver    = "undefined"
+	Commit = "00000000"
+	Date   = ""
+)
+
+func Version() string {
+	return strings.Join([]string{
+		Ver,
+		Commit,
+		Date,
+	}, "-")
+}