Update hardened malloc to 10

Use github.actor also for trivy step
waiting for the database container on setup
2025-07-04 09:06:12 +00:00 · 2022-01-13 20:05:21 +01:00 · 2022-01-13 19:38:14 +01:00 · 2022-01-13 19:35:53 +01:00 · 2021-12-08 21:25:40 +01:00 · 2021-12-08 21:25:35 +01:00
6 changed files with 40 additions and 24 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -3,10 +3,10 @@ name: build
 on:
  workflow_dispatch:
  push:
-    branches: [ main ]
+    branches: [ master ]
  schedule:
    # Build the image regularly (each Friday)
-    - cron: '13 23 * * 5'
+    - cron: '23 04 * * 5'

 jobs:
  build:
@ -19,25 +19,25 @@ jobs:
      - name: Build an image from Dockerfile
        run: |
          docker build \
-              -t ghcr.io/hoellen/nextcloud \
-              -t ghcr.io/hoellen/nextcloud:$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c6) \
-              -t ghcr.io/hoellen/nextcloud:$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c2) \
+              -t ghcr.io/${{ github.actor }}/nextcloud \
+              -t ghcr.io/${{ github.actor }}/nextcloud:$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c6) \
+              -t ghcr.io/${{ github.actor }}/nextcloud:$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c2) \
              .

      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
-          image-ref: 'ghcr.io/hoellen/nextcloud'
+          image-ref: 'ghcr.io/${{ github.actor }}/nextcloud'
          format: 'template'
          template: '@/contrib/sarif.tpl'
          output: 'trivy-results.sarif'
          severity: 'CRITICAL,HIGH'
          vuln-type: "os"

-#      - name: Upload Trivy scan results to GitHub Security tab
-#        uses: github/codeql-action/upload-sarif@v1
-#        with:
-#          sarif_file: 'trivy-results.sarif'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: 'trivy-results.sarif'

      - name: Login to the registry
        run: >-
@ -46,6 +46,6 @@ jobs:

      - name: Push image to GitHub
        run: |
-          docker push ghcr.io/hoellen/nextcloud
-          docker push ghcr.io/hoellen/nextcloud:$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c6)
-          docker push ghcr.io/hoellen/nextcloud:$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c2)
+          docker push ghcr.io/${{ github.actor }}/nextcloud
+          docker push ghcr.io/${{ github.actor }}/nextcloud:$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c6)
+          docker push ghcr.io/${{ github.actor }}/nextcloud:$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c2)
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@ -16,7 +16,7 @@ jobs:
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
-          image-ref: 'ghcr.io/hoellen/nextcloud'
+          image-ref: 'ghcr.io/${{ github.actor }}/nextcloud'
          format: 'template'
          template: '@/contrib/sarif.tpl'
          output: 'trivy-results.sarif'
--- a/20
+++ b/20
@ -1,10 +1,10 @@
 # -------------- Build-time variables --------------
-ARG NEXTCLOUD_VERSION=22.2.3
+ARG NEXTCLOUD_VERSION=23.0.0
 ARG PHP_VERSION=8.0
 ARG NGINX_VERSION=1.20

-ARG ALPINE_VERSION=3.14
-ARG HARDENED_MALLOC_VERSION=8
+ARG ALPINE_VERSION=3.15
+ARG HARDENED_MALLOC_VERSION=10

 ARG UID=1000
 ARG GID=1000
@ -28,6 +28,8 @@ RUN apk -U upgrade \
        libzip-dev \
        openldap-dev \
        postgresql-dev \
+        samba-dev \
+        imagemagick-dev \
        zlib-dev \
 && apk --no-cache add \
        freetype \
@ -38,7 +40,10 @@ RUN apk -U upgrade \
        libpq \
        libwebp \
        libzip \
+        libsmbclient \
        openldap \
+	      libgomp \
+        imagemagick \
        zlib \
 && docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp \
 && docker-php-ext-configure ldap \
@ -54,9 +59,14 @@ RUN apk -U upgrade \
        pdo_pgsql \
        zip \
        gmp \
+ && pecl install smbclient \
 && pecl install APCu \
 && pecl install redis \
- && echo "extension=redis.so" > /usr/local/etc/php/conf.d/redis.ini \
+ && pecl install imagick \
+ && docker-php-ext-enable \
+        smbclient \
+        redis \
+        imagick \
 && apk del build-deps \
 && rm -rf /var/cache/apk/*

@ -84,7 +94,7 @@ FROM base as nextcloud

 COPY --from=nginx /usr/sbin/nginx /usr/sbin/nginx
 COPY --from=nginx /etc/nginx /etc/nginx
-COPY --from=build-malloc /tmp/hardened_malloc/libhardened_malloc.so /usr/local/lib/
+COPY --from=build-malloc /tmp/hardened_malloc/out/libhardened_malloc.so /usr/local/lib/

 ARG NEXTCLOUD_VERSION
 ARG GPG_nextcloud="2880 6A87 8AE4 23A2 8372  792E D758 99B9 A724 937A"
--- a/README.md
+++ b/README.md
@ -4,7 +4,7 @@
 Nextcloud [official website](https://nextcloud.com/) and [source code](https://github.com/nextcloud).

 ## Why this image?
-This non-official image is intended as an **all-in-one** (as in monolithic) Nextcloud **production** image. If you're not sure you want this image, you should probably use [the official image](https://hub.docker.com/r/nextcloud).
+This non-official image is intended as an **all-in-one** (as in monolithic) Nextcloud **production** image. It is based on the [Wondefall/docker-nextcloud](https://github.com/Wonderfall/docker-nextcloud) image. If you're not sure you want this image, you should probably use [the official image](https://hub.docker.com/r/nextcloud).

 ## Security
 Don't run random images from random dudes on the Internet. Ideally, you want to maintain and build it yourself.
--- a/rootfs/etc/nginx/conf.d/default.conf
+++ b/rootfs/etc/nginx/conf.d/default.conf
@ -30,10 +30,10 @@ server {
            access_log off;
        }

-        location /.well-known {
-            location = /.well-known/carddav   { return 301 $nc_proto://$host:$nc_port/remote.php/dav; }
-            location = /.well-known/caldav    { return 301 $nc_proto://$host:$nc_port/remote.php/dav; }
-            location ^~ /.well-known          { return 301 $nc_proto://$host:$nc_port/index.php$uri; }
+        location ^~ /.well-known {
+            location = /.well-known/carddav   { return 301 $nc_proto://$host/remote.php/dav; }
+            location = /.well-known/caldav    { return 301 $nc_proto://$host/remote.php/dav; }
+            location ^~ /.well-known          { return 301 $nc_proto://$host/index.php$uri;  }
            try_files $uri $uri/ =404;
        }

--- a/rootfs/usr/local/bin/setup.sh
+++ b/rootfs/usr/local/bin/setup.sh
@ -55,6 +55,12 @@ cat >> /nextcloud/config/autoconfig.php <<EOF;
 ?>
 EOF

+until nc -z "${DB_HOST:-nextcloud-db}" "${DB_PORT:-3306}"
+do
+    echo "waiting for the database container..."
+    sleep 1
+done
+
 echo "Starting automatic configuration..."
 # Execute setup
 (cd /nextcloud; php index.php &>/dev/null)
Author	SHA1	Message	Date
hoellen	beab287fc4	Update hardened malloc to 10	2022-01-13 20:05:21 +01:00
Jan Wagner	b839ac7838	Use github.actor also for trivy step	2022-01-13 19:38:14 +01:00
Jan Wagner	9851eb52ee	waiting for the database container on setup	2022-01-13 19:35:53 +01:00
Jan Wagner	9b0a84a36f	Also use github.actor for the scan workfow	2021-12-08 21:25:40 +01:00
Jan Wagner	70560d7d48	Use github.actor to detect the username for ghcr.io upload	2021-12-08 21:25:35 +01:00
Jan Wagner	8b15621860	Adding back smb support to the image	2021-12-07 15:39:06 +01:00
hoellen	63ac90199c	Fix typo in workflow cron argument	2021-12-06 08:48:44 +01:00
hoellen	a0cd4f12c9	Update README	2021-12-06 08:31:48 +01:00
hoellen	ae37864108	Enable scan during build again and change trigger	2021-12-06 08:29:08 +01:00
hoellen	94d1a1f7c7	Update to Alpine 3.15	2021-12-05 21:34:06 +01:00
hoellen	0b59268aa8	Change .well-known regex	2021-12-05 21:32:08 +01:00
hoellen	11632128e4	Add imagick dependency	2021-12-05 21:02:36 +01:00
hoellen	6d3ff722dd	Update to Nextcloud 23	2021-12-04 10:26:48 +01:00
hoellen	d279197f16	Remove nc_port	2021-12-04 10:23:36 +01:00