2
0
mirror of https://github.com/inventree/InvenTree.git synced 2025-10-25 18:37:38 +00:00
Commit Graph

23 Commits

Author SHA1 Message Date
Matthias Mair
f0beb4a426 fix a few docker security holes (#10260)
* fix no-cache statements

* fix possible security escape

* fix possible globbing

* merge statements that belong together

* pin image
2025-09-04 09:02:17 +10:00
Oliver
085381fa70 Debian docker image (#10227)
* Debian docker image

- Swap from alpine to debian slim-trixie
- Refactor Dockerfile
- Optimize image size
- Reduce @vitejs/plugin-react version

* Remove commented-out lines

* Ensure invoke is installed

* Adjust Dockerfile

* Actually build the python libs

* Adjust dockerfile

* Install git in dev image

* Tweaks
2025-09-03 17:05:03 +10:00
Oliver
e9b8c264b1 Update dockerfile (#10225)
* Update dockerfile

Updated dockerfile to provide support for new node LTS

* Tweak plugin-react version

* Fix Dockerfile
2025-08-25 22:50:39 +10:00
Daniil Chudo
669a155467 fix: The function should return early when in Docker environment (#10178)
Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2025-08-18 11:16:28 +10:00
Matthias Mair
8bb03b7afd feat(backend): add oauth2 (#9333)
* feat(backend): add oauth2

* fix import

* Add inventree roles

* refactor to make lookup more efficient

* fix single scope definitions

* cleanup

* fix schema

* reduce auth methods

* fix OAuth validator

* re-enable token and basic auth again

* Add models to role mapping

* change scope args

* add debug step for schema generation

* add oauth config for schema generation

* improve token -> permission mapping

* fix req

* extend checks to ensure normal auth also passes

* fix api version

* fix ignore

* fix rule name

* bump api version

* remove old modelref

* move scope definition

* make test results easier to work with

* add tests to ensure scopes are in sync with rulesets

* fix docstring

* fix various permissions and their mapping to oauth

* refactor

* simplify

* fix permission mapping

* ignore failure cases

* fix unauthenticated access

* flag oAuth2 till it is done

* Add OIDC support

* add RSA key generation and docs

* fix test

* move imports

* update ignore

* feat(backend): Add API Schema stats

* add scope stats

* fix name

* fix scope output

* feat(backend): test custom command

* add warning for unknown scopes

* reduce diff in launch.json

* cleanup  diff

* add error code for ruleset / scope issues

* update structure

* add oauth docs

* add experimetnal feature docs

* simplify metadata endpoint

* add importer model

* refactor(backend): simplify metadata endpoint

* fix imports

* simplify even more

* remove unneeded schema tooling

* fix permission mappings

* fix testing

* fix role calculations

* fix mapping

* remove importer change to unblock this

* remove importer scope everywhere

* fix merge conflict in test

* add missing models

* fix api version

* fix OASToken matcher

* revert permission class change

* reduce size of test log by writing schema

* fix permissions

* fix file path

* extend schema to remove need for TokenMatchesOASRequirements

* cleanup permissions file

* add base object permission
2025-04-18 19:27:32 +10:00
Matthias Mair
2712f30382 fix: ci security issues (#9451)
* fix possible code injection errors

* pin n
2025-04-04 09:04:06 +11:00
Oliver
99ec486b79 [Docker] Update node version (#9383)
* Update node version

* Install nvm

* Use n instead of nvm

* Use same approach in devcontainer

* nvm -> npm

* Split commands

* Fix typo

* Workaround : install bash

* Tweak playwright tests

* Bump number of retries

* Update deps

* Only one worker

* SEcurity fix

* Adjust
2025-03-27 01:25:58 +11:00
Matthias Mair
9bc0d599bc chore: improve ci security (#9384)
* pin docker files

* pin github actions

* enforce hashes that are already present

* run style checks on cicd changes
2025-03-26 13:04:45 +11:00
Oliver
15ad62494f [Docker] Alpine image fix (#9118)
* Revert to alpine3:20 / postgres:16

* Remove old hack

- No longer needed as we are using python 3.11

* Update package requirements for devcontainer

Also fixes some docker warnings from the alpine Dockerfile

* Specify SITE_URL

* Reduce log output during docker image testing
2025-02-21 18:02:39 +11:00
Oliver
6f939931ca Docker postgres fix (#9041)
* Update docker image

- Move from alpine 3.19 to alpine 3.21
- Move from postgres13_client to postgres17_client

* Update docker-compose file

- Move from postgres:13 to postgres:16
- Move from redis:7.0 to redis:7-alpine

* Update docs

* Update docker docs

* Separate Dockerfile for devcontainer

- Debian based (python3.11-bookworm)
- Install essential system packages

* Instal postgres client

* Further devcontainer updates

- Bump postgresql image from 13 to 15
- Store psql data in the dev/psql directory
- Install required frontend packages

* Use --host mode for frontend server

* Tweak devcontainer docs

* Bump pre commit config file

* Revert "Bump pre commit config file"

This reverts commit bbfd875ac8.
2025-02-15 08:00:12 +11:00
Oliver
0614f01247 Docker fix (#8835)
* Fix server command in Dockerfile

* Ensure invoke is installed into the venv

* Run extra check in docker build step

* Improve documentation

* Intercept ModuleNotFoundError

- Clear error message

* Docs updates

* Add extra check to dev docker build

* Cleanup tasks.py

* Prevent double activation of venv

* Change order of operations

---------

Co-authored-by: Matthias Mair <code@mjmair.com>
2025-01-06 09:46:16 +11:00
Matthias Mair
e3205184be Add namespaces to tasks (#7904)
* Namespaces for invoke tasks
Fixes #7852

* adjust various places that call re-namespaced tasks

* use full invoke command
easier for future refactors

* fix call name

* move worker to int

* adapt calls in tasks

* fix changed path

* ignore localhost links

* Avoid using internal names
2024-09-05 13:04:57 +10:00
Oliver
70a52c9385 Update default fonts for docker image (#7881)
* Update default fonts for docker image

Ref: https://github.com/inventree/InvenTree/issues/7737

* Remove extra fonts from Dockerfile
2024-08-14 21:16:07 +10:00
Matthias Mair
41f6dd69b8 Adjust docker labels to modern OCI schema (#7773)
* adapt namespace

* add new labels

* make baseimage available for labels

* remove unneeded ending

* ensure image name is correct for ghcrio

* ensure the right outputs are used

* fix reference

* fix assigment

* only push docker reg image if authd

* swith back to env

this gets provided by the version ci script

* make repo targets changeable

* make readable

* revert ghcr.io change
2024-08-11 11:03:18 +10:00
Oliver
d5afc37264 Revert postgres version to 13 (#7717)
* Adjust playwright test

* Update docker compose for devcontainer

* Revert docker container changes

* Update notes

* Revert base alpine version
2024-07-24 11:02:25 +10:00
Matthias Mair
0effb44402 Bump docker image alpine base from 3.18 to 3.20 (#7699)
* bump docker image from 3.18 to 3.20

* bump postgres from 13 to 14
2024-07-22 07:46:41 +10:00
Oliver
2265055785 Docker fix (#7228)
* Copy requirements file

* Test more files when building docker image

* Refactor install task

* Raise exception

* Run install task

* Fix typos

- The tests work!
2024-05-15 09:19:35 +10:00
Matthias Mair
83191d3fbf Improve reproduciblity of image (#7120)
* hard-pin doc requirements

* update docs and commands

* hard pin container requirements

* check hashes in image build

* remove seperate uv install (is in base_requirements)

* containers already ships 3.11 - adjust packaging

* move build deps to general ci requirements

* install yarn using native tools

Closes https://github.com/inventree/InvenTree/security/code-scanning/95
Closes https://github.com/inventree/InvenTree/security/code-scanning/96

* merge install steps

* adapt install command args to be similar

* adapt docs to suggest safer install arg

* fix install path

* update dependabot settings
2024-04-29 11:04:45 +10:00
Matthias Mair
938c724395 Pin hashes in requirements (#7081)
* use global pin for requests

* unify on yaml for workflo files

* format workflow files

* pin action versions

* fix pinned version

* use system venv

* switch args

* remove uv for now and add setting for pyyaml

* use requirements file

* also switch on docker flow

* generate hashes

* added hashes to reqs

* add hashes for CI too

* add hash checking

* require hashes everywhere possible

* require hashes where possible in docker
2024-04-23 17:15:52 +10:00
Oliver
cdeaa81295 Fix CMD for production docker image (#6960) 2024-04-05 11:30:45 +11:00
Oliver
6730cdbccf [Docker] Fix broken production image (#6953)
* Check for presense of manage.py

* Fix directory copying
2024-04-04 23:55:55 +11:00
Matthias Mair
85e672831b Some small style fixes (#6916)
* fix dockerfile syntax

* remove unused import

* Merge unnecessary if statements

* fix PUI package name

* remove unused vars

* Remove unneeded pass

* merge if to reduce likelyhood of future errors

* add ignroe script to secure against shell scripts

* fix possible collisions

* export strings

* fix types
2024-04-03 19:26:03 +11:00
Matthias Mair
0bace3f3af Code structure refactor (#5582)
* moved docker files to /contrib/container

* changed code owners to make more precise

* updated CI to use new subdirs

* added manual trigger for testing

* moved ci files

* moved assets into subdir

* moved deploy template file to contrib

* moved django files to src/backend

* updated paths in scripts etc

* updated reqs path

* fixed version file path

* fixed flake8 path

* fixed path to node ressources

* fixed task paths

* added dep path for node

* removed unused yarn lockfile

* removed unused ci script

* updated internal backend paths for tasks

* updated translation stats path

* fixed source path for coverage

* fixed main commit repo path

* fit in changes from testing

* gather packager improvements (#149)

* Matmair/issue5578 (#143)

* moved docker files to /contrib/container

* changed code owners to make more precise

* updated CI to use new subdirs

* added manual trigger for testing

* moved ci files

* moved assets into subdir

* moved deploy template file to contrib

* moved django files to src/backend

* updated paths in scripts etc

* updated reqs path

* fixed version file path

* fixed flake8 path

* fixed path to node ressources

* fixed task paths

* added dep path for node

* removed unused yarn lockfile

* removed unused ci script

* updated internal backend paths for tasks

* updated translation stats path

* fixed source path for coverage

* fixed main commit repo path

* fix docker path

* use project dir

* move project dir command

* fixed docker paths

* another fix?

* seperate tasks out

* remove tasks

* some debugging

* ci: add .deepsource.toml

* Update .deepsource.toml

* also ignore migrations

* more debugging

* fix path issues

* remove debug script

* fix style

* change locale path

* Fixed paths for requirements

* Added dummy requirements to fool packager

* fixed exec path

* remove deepsource

---------

Co-authored-by: deepsource-io[bot] <42547082+deepsource-io[bot]@users.noreply.github.com>

* Added docs for file structure

* Fixed style errors

* updated deepsource paths

* fix deepsource paths

* fixed reqs

* merge fixes

* move newly added dirs too

* fix reqs files

* another dep fix

* merge upstream/master

* revert removal of tags

* merge upstream

* enabled detection of old config files

* adapt coverage src

* also detect and support old location for plugins.txt

* style fix

* fix ~/init.sh location

* fix requirements path

* fix config to current master

* move new folders

* fix import order

* fix paths for qc_check

* fix docs build

* fix fix path

* set docker project dir

* just use a cd

* set image path?

* set file correct

* fix copy path

* fix tasks dir

* fix init path

* fix copy path

* set prject dir

* fix paths

* remove old prod files

* fix dev env path

* set docker file

* Fix devcontainer docker compose file

* fix login attempt values

* fix init.sh path

* Fix pathing for Docker

* Docker build fix

- Set INVENTREE_BACKEND_DIR separately

* Update init.sh

* Fix path

* Update requirements.txt

* merge

* fix rq merge

* fix docker compose usage

---------

Co-authored-by: deepsource-io[bot] <42547082+deepsource-io[bot]@users.noreply.github.com>
Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
2024-04-03 12:16:59 +11:00