uselagoon/lagoon v1.5.0

v1.5.0 - And we thought this is just gonna be a small one

on GitHub

The name of this release says it all: Originally v1.5.0 was expected to have a couple of fixes while we're working on v2.0.0 of Lagoon. But then the Lagoon Gods had something different in mind:

Our security A-12 @smlx found another security issue (on a Friday evening in Australia nonetheless) and so the US team (it being only Friday morning at that time) joined forces. Security bug slayer @cdchris12 with support of rollout strategy consultant @twardnw and pull request review hawk @Schnitzel got a PR formed that used as much as automated update magic as possible, in order to create the least amount of work for any Lagoon Maintainer Magicians out there.
After a couple of hours the PR finally passed (e38818c) and was ready to set sail. As this is a security release, we hot-released fixed images on all Lagoon versions managed by the Lagoon Maintainer Squadron and of course found another bug that was promptly fixed (#1861) and confirmed by master tester @shreddedbacon. While in the same time PR and Issue organizer @tobybellwood made sure that the Lagoon milestones were aligned to the new world order.

Just a couple of hours after the security bug was discovered, the Lagoons are safe again and this release marks the second security release of Lagoon.

Upgrade Instructions

During the release of 1.5.0 (not waiting until the build pod has finished!)

1. Immediately after keycloak-db has restarted, run:

   mysql -e "SET PASSWORD FOR '$MARIADB_USER'@'%' = PASSWORD('$MARIADB_PASSWORD'); FLUSH PRIVILEGES;"
   

   inside the keycloak-db pod.
2. Immediately after keycloak-db has restarted, run:

   /rerun_initdb.sh
   

   inside the api-db pod.

Failure to do these two things might cause the api and keycloak pods to not be able to connect to the databases and cause a downtime of Lagoon and a failed build.
To recover: run the two commands in the respective db pods and trigger another Lagoon build.

API & Authentication subsystem

• Adding Keycloak DB and API DB password generation @cdchris12 (e38818c)
• inject api-db connection credentials via env variables @Schnitzel (#1861)
• Fix favicon URL typo @smlx (#1790)
• Destructive Action Button Color @shreddedbacon (#1794)
• Fix running cron via UI tasks @fubarhouse (#1809)
• Allow the lagoon UI to pre-select a keycloak identity provider for login @rocketeerbkw (#1847)
• Add (non-admin) users who create projects as owners of the created pr… @rocketeerbkw (#1849)
• Fix typo in api subscription constructor @rocketeerbkw (#1839)

Admin & User Interfaces subsystem

• Storage Description - Additional Calculation @justinlevi (#1857)
• Fix favicon URL typo @smlx (#1790)
• Destructive Action Button Color @shreddedbacon (#1794)
• Pricing Fix - Hotfix @justinlevi (#1792)
• Fix running cron via UI tasks @fubarhouse (#1809)
• Billing Invoice English/Germain Translation @justinlevi (#1856)
• Additional Hotfix Tweaks to the UI @justinlevi (#1850)
• Billing UI: Adding Modifiers & Currency Character Fix @justinlevi (#1848)
• Feature/billing invoicing ui @justinlevi (#1842)
• Billing UI Invoice @justinlevi (#1828)
• handle empty hours in hits @Schnitzel (#1841)

Build & Deploy subsystem

• [Harbor] Custom S3 Region Endpoint Support @cdchris12 (#1719)
• Remove legacy CLI image @smlx (#1798)
• Adding the --compatability flag to all docker-compose up -d commands. @cdchris12 (#1800)
• Label namespaces with lagoon/project in k8s @smlx (#1833)
• Use labels on kubernetes jobs to not block builds on cron/backups/tasks @rocketeerbkw (#1846)
• capability to deploy PRs into k8s @Schnitzel (#1844)
• Support k3d running in docker on btrfs @smlx (#1829)
• Add Harbor Migration Script @cdchris12 (#1806)
• use parallel retries 4 to handle docker registry failures @Schnitzel (#1813)

Logging & Reporting subsystem

• Add logs-dispatcher service image @smlx (#1845)
• Upgrade ElasticSearch/Kibana to 7.6.1 @vincenzodnp (#1814)
• curator: allow to set use_ssl @Schnitzel (#1854)

Base Images & Testing subsystem

• Added support for ImageMagick in php images @vincenzodnp (#1770)
• Add Node.js v14 images @rocketeerbkw (#1810)
• Add logs-dispatcher service image @smlx (#1845)
• Upgrade ElasticSearch/Kibana to 7.6.1 @vincenzodnp (#1814)
• Update Newrelic to 9.10.1.263 @dasrecht (#1855)
• Update Newrelic 9.10.0.262 and install Newrelic on PHP 7.4 @dasrecht (#1838)
• Limit k3d cluster name length @smlx (#1832)
• Add workaround for missing localhost dns on linux @smlx (#1526)
• #1482 clean docker image cache on tag deployments @Schnitzel (#1816)
• Fix for issue #1818. Pin ubuntu image version as 18.04 in ssh/Dockerfile @josephgultekin (#1819)
• Added support for Solr7.7 and latest Search API Solr module @vincenzodnp (#1731)

Documentation & Examples / DX subsystem

• Added documentation snippet for generating JWT on command line. @nicksantamaria (#1796)
• Add Github issue template config with a link to Discussions feature @dan2k3k4 (#1821)