sr2/link-stack
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Continue Proofmode integration

Browse source
This commit is contained in:
Darren Clarke 2026-02-15 19:34:12 +01:00
parent 1eb4a508c1
commit 4f7a12547e
10 changed files with 2713 additions and 199 deletions
Download patch file Download diff file Expand all files Collapse all files

13
.dockerignore
View file

@ -4,16 +4,3 @@ signald
docker-compose.yml
README.md
.git
.aidocs/zammad/.git
.aidocs/zammad/node_modules
.aidocs/zammad/spec
.aidocs/zammad/test
.aidocs/zammad/.github
.aidocs/zammad/.gitlab
.aidocs/zammad/.dev
.aidocs/zammad/.devcontainer
apps/
packages/
.turbo
*.tsbuildinfo
coverage

25
.gitlab-ci.yml
View file

@ -172,33 +172,10 @@ zammad-docker-build:
- pnpm install --frozen-lockfile
- turbo build --force --filter @link-stack/zammad-addon-*
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- DOCKER_BUILDKIT=1 docker build --build-arg EMBEDDED=true --pull --no-cache -t ${DOCKER_NS}:${DOCKER_TAG} -f ${DOCKERFILE_PATH} ${BUILD_CONTEXT}
- DOCKER_BUILDKIT=1 docker build --pull --no-cache -t ${DOCKER_NS}:${DOCKER_TAG} -f ${DOCKERFILE_PATH} ${BUILD_CONTEXT}
- docker push ${DOCKER_NS}:${DOCKER_TAG}
zammad-docker-release:
extends: .docker-release
variables:
DOCKER_NS: ${CI_REGISTRY}/digiresilience/link/link-stack/zammad
zammad-standalone-docker-build:
extends: .docker-build
variables:
DOCKER_NS: ${CI_REGISTRY}/digiresilience/link/link-stack/zammad-standalone
DOCKERFILE_PATH: ./docker/zammad/Dockerfile
BUILD_CONTEXT: ./docker/zammad
PNPM_HOME: "/pnpm"
before_script:
- export PATH="$PNPM_HOME:$PATH"
- corepack enable && corepack prepare pnpm@9.15.4 --activate
script:
- pnpm add -g turbo
- pnpm install --frozen-lockfile
- turbo build --force --filter @link-stack/zammad-addon-*
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- DOCKER_BUILDKIT=1 docker build --pull --no-cache -t ${DOCKER_NS}:${DOCKER_TAG} -f ${DOCKERFILE_PATH} ${BUILD_CONTEXT}
- docker push ${DOCKER_NS}:${DOCKER_TAG}
zammad-standalone-docker-release:
extends: .docker-release
variables:
DOCKER_NS: ${CI_REGISTRY}/digiresilience/link/link-stack/zammad-standalone

9
apps/bridge-signal/Dockerfile
View file

@ -34,11 +34,10 @@ ENV PATH="$PNPM_HOME:$PATH"
RUN mkdir -p ${APP_DIR}/
RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
apt-get install -y --no-install-recommends \
dumb-init curl && \
ARCH=$(dpkg --print-architecture) && \
curl -L "https://github.com/AsamK/signal-cli/releases/download/v${SIGNAL_CLI_VERSION}/signal-cli-native-linux-${ARCH}-${SIGNAL_CLI_VERSION}.tar.gz" \
| tar xz -C /opt && \
ln -s /opt/signal-cli-native-linux-*/bin/signal-cli-native /usr/local/bin/signal-cli && \
dumb-init curl ca-certificates && \
curl -L "https://github.com/AsamK/signal-cli/releases/download/v${SIGNAL_CLI_VERSION}/signal-cli-${SIGNAL_CLI_VERSION}-Linux-native.tar.gz" \
| tar xz -C /usr/local/bin && \
chmod +x /usr/local/bin/signal-cli && \
apt-get remove -y curl && apt-get autoremove -y && rm -rf /var/lib/apt/lists/*
RUN corepack enable && corepack prepare pnpm@9.15.4 --activate
WORKDIR ${APP_DIR}

1
docker/compose/bridge-signal.yml
View file

@ -1,6 +1,7 @@
services:
bridge-signal:
container_name: bridge-signal
platform: linux/amd64
build:
context: ../../
dockerfile: ./apps/bridge-signal/Dockerfile

29
docker/compose/zammad.yml
View file

@ -19,10 +19,6 @@ x-zammad-vars: &common-zammad-variables
BRIDGE_WHATSAPP_URL: "http://bridge-whatsapp:5000"
FORMSTACK_FIELD_MAPPING: ${FORMSTACK_FIELD_MAPPING}
x-zammad-args: &common-zammad-args
EMBEDDED: "true"
LINK_HOST: ${LINK_HOST}
services:
zammad-init:
container_name: zammad-init
@ -34,10 +30,7 @@ services:
POSTGRESQL_USER: zammad
POSTGRESQL_PASS: ${ZAMMAD_DATABASE_PASSWORD}
build:
context: ../../
dockerfile: docker/zammad/Dockerfile
args:
<<: *common-zammad-args
context: ../zammad
image: registry.gitlab.com/digiresilience/link/link-stack/zammad:${LINK_STACK_VERSION}
restart: on-failure
user: 0:0
@ -64,10 +57,7 @@ services:
depends_on:
- zammad-railsserver
build:
context: ../../
dockerfile: docker/zammad/Dockerfile
args:
<<: *common-zammad-args
context: ../zammad
image: registry.gitlab.com/digiresilience/link/link-stack/zammad:${LINK_STACK_VERSION}
restart: ${RESTART}
environment:
@ -89,10 +79,7 @@ services:
environment:
<<: [*common-global-variables, *common-zammad-variables]
build:
context: ../../
dockerfile: docker/zammad/Dockerfile
args:
<<: *common-zammad-args
context: ../zammad
image: registry.gitlab.com/digiresilience/link/link-stack/zammad:${LINK_STACK_VERSION}
restart: ${RESTART}
volumes:
@ -119,10 +106,7 @@ services:
environment:
<<: [*common-global-variables, *common-zammad-variables]
build:
context: ../../
dockerfile: docker/zammad/Dockerfile
args:
<<: *common-zammad-args
context: ../zammad
image: registry.gitlab.com/digiresilience/link/link-stack/zammad:${LINK_STACK_VERSION}
restart: ${RESTART}
volumes:
@ -139,10 +123,7 @@ services:
environment:
<<: [*common-global-variables, *common-zammad-variables]
build:
context: ../../
dockerfile: docker/zammad/Dockerfile
args:
<<: *common-zammad-args
context: ../zammad
image: registry.gitlab.com/digiresilience/link/link-stack/zammad:${LINK_STACK_VERSION}
restart: ${RESTART}
volumes:

156
docker/zammad/Dockerfile
View file

@ -1,148 +1,52 @@
# Build Zammad with CDR Link addon
# Based on Zammad's upstream Dockerfile with addon injection steps.
# Zammad source is expected at .aidocs/zammad/ relative to the repo root.
ARG ZAMMAD_VERSION=6.5.2
ARG RUBY_VERSION=3.4.8
ARG NODE_VERSION=22
# --- Base stage: runtime dependencies ---
FROM docker.io/library/ruby:$RUBY_VERSION-slim-trixie AS base
FROM node:22-slim AS node
RUN npm install -g corepack && corepack enable pnpm
FROM zammad/zammad-docker-compose:${ZAMMAD_VERSION} AS builder
USER root
WORKDIR /opt/zammad
ENV RAILS_ENV="production" \
BUNDLE_DEPLOYMENT="1" \
BUNDLE_PATH="/usr/local/bundle" \
BUNDLE_WITHOUT="test development" \
RAILS_LOG_TO_STDOUT="true"
RUN apt-get update -qq && \
apt-get install -y postgresql-common && \
/usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \
apt-get install --no-install-recommends -y curl libimlib2 libpq5 nginx gnupg postgresql-client-17 && \
rm -rf /var/lib/apt/lists /var/cache/apt/archives
# --- Node binary ---
FROM node:${NODE_VERSION}-trixie-slim AS node
RUN npm -g install corepack && corepack enable pnpm && \
rm /usr/local/bin/yarn /usr/local/bin/yarnpkg
# --- Build stage ---
FROM base AS build
SHELL ["/bin/bash", "-o", "errexit", "-o", "pipefail", "-c"]
RUN apt-get update -qq && \
apt-get install --no-install-recommends -y build-essential git libimlib2-dev libpq-dev libyaml-dev && \
rm -rf /var/lib/apt/lists /var/cache/apt/archives
# Install Ruby gems
COPY .aidocs/zammad/Gemfile .aidocs/zammad/Gemfile.lock ./
COPY .aidocs/zammad/vendor/ vendor/
RUN bundle install && \
rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git
# Install Node.js
COPY --from=node /usr/local/lib/node_modules /usr/local/lib/node_modules
COPY --from=node /usr/local/bin /usr/local/bin
# Install node modules
COPY .aidocs/zammad/package.json .aidocs/zammad/pnpm-lock.yaml ./
COPY .aidocs/zammad/.eslint-plugin-zammad/ .eslint-plugin-zammad/
# Install Node.js and pnpm (needed for Vite/Sprockets asset compilation)
COPY --from=node /usr/local/bin/ /usr/local/bin/
COPY --from=node /usr/local/lib/node_modules/ /usr/local/lib/node_modules/
RUN pnpm install --frozen-lockfile
# Copy Zammad source
COPY .aidocs/zammad/ .
# Copy addon packages, install/setup scripts, and gems
RUN mkdir -p contrib/link/addons contrib/link/gems
COPY addons/ contrib/link/addons/
COPY setup.rb contrib/link/setup.rb
COPY install.rb contrib/link/install.rb
COPY gems/ contrib/link/gems/
# --- CDR Link Addon ---
RUN mkdir -p contrib/link/addons
COPY docker/zammad/addons/ contrib/link/addons/
COPY docker/zammad/setup.rb contrib/link/setup.rb
COPY docker/zammad/install.rb contrib/link/install.rb
RUN ruby contrib/link/install.rb
# --- ProofMode gem (for media-verify addon) ---
# The proofmode gem provides C2PA and ProofMode verification via Rust FFI.
# Install from pre-built .gem file (built from https://gitlab.com/guardianproject/proofmode/proofmode-rust CI).
COPY docker/zammad/gems/ contrib/link/gems/
# Install additional gems (proofmode for media verification)
RUN for gem in contrib/link/gems/*.gem; do \
[ -f "$gem" ] && gem install "$gem" --no-document || true; \
done
# OpenSearch compatibility: 'flattened' -> 'flat_object'
RUN sed -i "s/'flattened'/'flat_object'/g" lib/search_index_backend.rb
# Extract addon files from .zpm packages into Zammad directory tree
RUN ruby contrib/link/install.rb
# Build version info
ARG COMMIT_SHA=""
RUN COMMIT_SHA="${COMMIT_SHA:-$(git rev-parse HEAD 2>/dev/null || echo unknown)}"; \
COMMIT_SHA_SHORT=$(echo "${COMMIT_SHA}" | cut -c 1-8); \
echo "$(tr -d '\n' < VERSION)-${COMMIT_SHA_SHORT}.docker" > VERSION; \
cat VERSION
# Precompile all assets (Vite + Sprockets, including addon Vue/CoffeeScript)
# Precompile assets (includes addon CoffeeScript and Vue components)
RUN touch db/schema.rb && \
ZAMMAD_SAFE_MODE=1 DATABASE_URL=postgresql://zammad:/zammad bundle exec rake assets:precompile
ZAMMAD_SAFE_MODE=1 DATABASE_URL=postgresql://zammad:/zammad \
bundle exec rake assets:precompile
RUN script/build/cleanup.sh
# Clean up build artifacts
RUN rm -rf tmp/cache node_modules/.cache node_modules
# Precompile bootsnap for faster boot times
RUN bundle exec bootsnap precompile --gemfile app/ lib/
# Inject addon registration into the entrypoint (runs during zammad-init)
# Inject addon registration into entrypoint (runs at container init when DB is available)
RUN sed -i '/^[[:space:]]*# es config/a\
echo "Installing addon packages..."\n\
bundle exec rails runner /opt/zammad/contrib/link/setup.rb\n\
bundle exec rake zammad:package:migrate\n\
' bin/docker-entrypoint
' /docker-entrypoint.sh
# Nginx embedded mode: add /link proxy location
ARG EMBEDDED=false
ARG LINK_HOST=http://link:3000
RUN if [ "$EMBEDDED" = "true" ] ; then \
sed -i '$ d' contrib/nginx/zammad.conf && \
echo "" >> contrib/nginx/zammad.conf && \
echo " location /link {" >> contrib/nginx/zammad.conf && \
echo " set \$link_url ${LINK_HOST}; proxy_pass \$link_url;" >> contrib/nginx/zammad.conf && \
echo " proxy_set_header Host \$host;" >> contrib/nginx/zammad.conf && \
echo " proxy_set_header X-Real-IP \$remote_addr;" >> contrib/nginx/zammad.conf && \
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;" >> contrib/nginx/zammad.conf && \
echo " proxy_set_header X-Forwarded-Proto https;" >> contrib/nginx/zammad.conf && \
echo " }" >> contrib/nginx/zammad.conf && \
echo "}" >> contrib/nginx/zammad.conf; \
fi
FROM zammad/zammad-docker-compose:${ZAMMAD_VERSION}
USER root
# --- Final stage ---
FROM base
COPY --from=builder --chown=zammad:zammad /opt/zammad/ /opt/zammad/
COPY --from=builder /docker-entrypoint.sh /docker-entrypoint.sh
COPY --from=builder /usr/local/bundle/ /usr/local/bundle/
RUN apt-get update -qq && \
apt-get upgrade -y && \
rm -rf /var/lib/apt/lists /var/cache/apt/archives
ENV POSTGRESQL_DB=zammad_production \
POSTGRESQL_HOST=postgresql \
POSTGRESQL_PORT=5432 \
POSTGRESQL_USER=zammad \
POSTGRESQL_PASS=zammad \
POSTGRESQL_OPTIONS=?pool=50 \
RAILS_TRUSTED_PROXIES=127.0.0.1,::1
RUN groupadd --system --gid 1000 zammad && \
useradd --create-home --home /opt/zammad --shell /bin/bash --uid 1000 --gid 1000 zammad
RUN sed -i -e "s#user www-data;##g" \
-e 's#/var/log/nginx/\(access\|error\).log#/dev/stdout#g' \
-e 's#pid /run/nginx.pid;#pid /tmp/nginx.pid;#g' /etc/nginx/nginx.conf && \
mkdir -p /opt/zammad /var/log/nginx
RUN mkdir -p "/opt/zammad/storage" "/opt/zammad/tmp" && \
chown -R 1000:1000 /etc/nginx /var/lib/nginx /var/log/nginx /opt/zammad
COPY --chown=1000:1000 --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
COPY --chown=1000:1000 --from=build /opt/zammad /opt/zammad
# Backwards compatibility
RUN ln -s "/opt/zammad/bin/docker-entrypoint" /docker-entrypoint.sh
USER 1000:1000
ENTRYPOINT ["/opt/zammad/bin/docker-entrypoint"]
LABEL io.portainer.commands.rails-console="bundle exec rails c"
USER zammad

2
packages/zammad-addon-common/src/migrate.ts
View file

@ -37,7 +37,7 @@ export const createMigration = async ({ displayName }: Record<string, string>) =
const contents = migrationTemplate.replace("MIGRATION_NAME", migrationName);
const time = new Date().toISOString().replace(/[-:.]/g, "").slice(0, 14);
const migrationFileName = `${time}_${migrationBaseName}.rb`;
const addonDir = path.join("src", "db", "addon", displayName);
const addonDir = path.join("src", "db", "addon", displayName.toLowerCase());
await fs.mkdir(addonDir, { recursive: true });
await fs.writeFile(path.join(addonDir, migrationFileName), contents);
}

3
packages/zammad-addon-proofmode/src/config/initializers/proofmode_verify.rb
View file

@ -2,6 +2,7 @@
Rails.application.config.after_initialize do
require 'proofmode_verify'
Rails.logger.info 'Proofmode verification addon loaded'
rescue LoadError => e
Rails.logger.warn "Proofmode verification addon not available: #{e.message}"
end

2672
pnpm-lock.yaml generated
View file

File diff suppressed because it is too large Load diff

2
turbo.json
View file

@ -17,7 +17,7 @@
"outputs": [
"build/**",
"dist/**",
"docker/zammad/addons/**"
"../../docker/zammad/addons/**"
]
},
"lint": {