fix some remaining issues with collabora

Signed-off-by: Simon L. <szaimen@e.mail.de>
fix some paths and seccompprofile
2026-02-17 03:00:21 +00:00 · 2025-11-10 15:52:35 +01:00 · 2025-11-10 15:29:22 +01:00 · 2025-11-10 14:44:06 +01:00 · 2025-11-10 13:42:56 +00:00 · 2025-11-10 14:42:29 +01:00
7 changed files with 10 additions and 10 deletions
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@ -16,7 +16,7 @@ jobs:
        uses: actions/checkout@v5

      - name: Turnstyle
-        uses: softprops/turnstyle@9d692f15fa9f84928799bccac2dba6565e024bdf # v2
+        uses: softprops/turnstyle@2e4451ef94c5969eee533c487092052d4d1a53af # v2
        with:
          continue-after-seconds: 180
        env:
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@ -22,7 +22,8 @@ jobs:
            | tail -1
        )"
        watchtower_commit_hash="$(git ls-remote https://github.com/nicholas-fedor/watchtower $watchtower_version | sed 's/refs.*//')"
-        sed -i "s|^ENV WATCHTOWER_COMMIT_HASH.*$|ENV WATCHTOWER_COMMIT_HASH=$watchtower_commit_hash # $watchtower_version|" ./Containers/watchtower/Dockerfile
+        sed -i "s|^ENV WATCHTOWER_COMMIT_HASH.*$|ENV WATCHTOWER_COMMIT_HASH=$watchtower_commit_hash|" ./Containers/watchtower/Dockerfile
+        sed -i "s|\$WATCHTOWER_COMMIT_HASH.*$|\$WATCHTOWER_COMMIT_HASH # $watchtower_version|" ./Containers/watchtower/Dockerfile
        
    - name: Create Pull Request
      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.4-alpine3.22 AS go

-ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
+ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee

 RUN set -ex; \
    apk upgrade --no-cache -a; \
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@ -1,13 +1,13 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.4-alpine3.22 AS go

-ENV WATCHTOWER_COMMIT_HASH=9130559da17f882f2db4dbc2a3ed0425f41f25e4	 # v1.12.1
+ENV WATCHTOWER_COMMIT_HASH=9130559da17f882f2db4dbc2a3ed0425f41f25e4	

 RUN set -ex; \
    apk upgrade --no-cache -a; \
    apk add --no-cache \
        build-base; \
-    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH;
+    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.1

 FROM alpine:3.22.2

--- a/php/containers.json
+++ b/php/containers.json
@ -380,7 +380,7 @@
      "internal_port": "9980",
      "environment": [
        "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:23973",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
        "dictionaries=%COLLABORA_DICTIONARIES%",
        "TZ=%TIMEZONE%",
        "server_name=%NC_DOMAIN%",
--- a/php/src/Data/DataConst.php
+++ b/php/src/Data/DataConst.php
@ -60,10 +60,10 @@ class DataConst {
    }

    public static function GetCollaboraSeccompProfilePath() : string {
-        return (string)realpath(__DIR__ . '/../cool-seccomp-profile.json');
+        return (string)realpath(__DIR__ . '/../../cool-seccomp-profile.json');
    }

    public static function GetContainersDefinitionPath() : string {
-        return (string)realpath(__DIR__ . '/../containers.json');
+        return (string)realpath(__DIR__ . '/../../containers.json');
    }
 }
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@ -406,8 +406,7 @@ readonly class DockerActionManager {
        } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') {
            // Load reference seccomp profile for collabora
            $seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
-            $seccompProfile = addslashes($seccompProfile);
-            $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile", "no-new-privileges=true", "apparmor=unconfined"];
+            $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile"];

            // Additional Collabora options
            if ($this->configurationManager->GetAdditionalCollaboraOptions() !== '') {
Author	SHA1	Message	Date
Simon L.	767e0d4b9f	fix some remaining issues with collabora Some checks are pending Codespell / Check spelling (push) Waiting to run Details Docker Lint / docker-lint (push) Waiting to run Details Json Validator / Json Validator (push) Waiting to run Details Lint php / php-lint (push) Waiting to run Details Lint php / php-lint-summary (push) Blocked by required conditions Details PHP Deprecation Detector / PHP Deprecation Detector (push) Waiting to run Details Static analysis / static-psalm-analysis (push) Waiting to run Details Signed-off-by: Simon L. <szaimen@e.mail.de>	2025-11-10 15:52:35 +01:00
Simon L.	cc65481d51	fix some paths and seccompprofile Signed-off-by: Simon L. <szaimen@e.mail.de>	2025-11-10 15:29:22 +01:00
Simon L.	e15304e28f	Merge pull request #7094 from nextcloud/watchtower-container-update watchtower container update	2025-11-10 14:44:06 +01:00
szaimen	472cfdbcb8	watchtower-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2025-11-10 13:42:56 +00:00
Simon L.	6ab60592ad	fix detail Signed-off-by: Simon L. <szaimen@e.mail.de>	2025-11-10 14:42:29 +01:00
Simon L.	da5d4ee5af	fix watchtower update script Signed-off-by: Simon L. <szaimen@e.mail.de>	2025-11-10 14:39:53 +01:00
Simon L.	f7b8ca9757	Merge pull request #7093 from nextcloud/dependabot/github_actions/dot-github/workflows/softprops/turnstyle-3.2.1 build(deps): bump softprops/turnstyle from 3.2.0 to 3.2.1 in /.github/workflows	2025-11-10 14:30:55 +01:00
Simon L.	2137f4ee1e	Merge pull request #7091 from nextcloud/imaginary-container-update Imaginary update	2025-11-10 14:30:25 +01:00
dependabot[bot]	8cd5dd929c	build(deps): bump softprops/turnstyle in /.github/workflows Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 3.2.0 to 3.2.1. - [Release notes](https://github.com/softprops/turnstyle/releases) - [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md) - [Commits](`9d692f15fa...2e4451ef94`) --- updated-dependencies: - dependency-name: softprops/turnstyle dependency-version: 3.2.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-11-10 13:22:55 +00:00
szaimen	c2ea69a918	imaginary-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2025-11-09 12:03:08 +00:00