1 Commits

Author SHA1 Message Date
Sagent a8eb823120 CI: tests obligatoires avant push, abandon du tag :latest sur master 2026-06-13 18:38:15 +00:00
6 changed files with 44 additions and 108 deletions
+8 -8
View File
@@ -6,7 +6,7 @@ jobs:
hadolint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
continue-on-error: true
with:
@@ -14,19 +14,19 @@ jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- run: docker build -t ci-image:${{ github.sha }} .
- run: bash tests/test.sh ci-image:${{ github.sha }}
build-push:
needs: [test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
with:
fetch-depth: 0
- uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4
- uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -35,12 +35,12 @@ jobs:
TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "")
echo "tag=$TAG" >> $GITHUB_OUTPUT
- id: meta
uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
with:
images: jcabillot/offlineimap
tags: |
type=raw,value=${{ steps.get-latest-tag.outputs.tag }}-latest,enable=${{ steps.get-latest-tag.outputs.tag != '' }}
- uses: docker/build-push-action@53b7df96c91f9c12dcc8a07bcb9ccacbed38856a # v7.3.0
- uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
with:
context: .
push: true
+6 -6
View File
@@ -6,7 +6,7 @@ jobs:
hadolint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
continue-on-error: true
with:
@@ -14,22 +14,22 @@ jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- run: docker build -t ci-image:${{ github.sha }} .
- run: bash tests/test.sh ci-image:${{ github.sha }}
build:
needs: [test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- run: docker build -t jcabillot/offlineimap:${{ github.sha }} .
tag:
needs: [build]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
with:
fetch-depth: 0
- name: Configure git auth
+3 -3
View File
@@ -6,7 +6,7 @@ jobs:
hadolint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
continue-on-error: true
with:
@@ -14,7 +14,7 @@ jobs:
build-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- run: docker build -t ci-image:${{ github.sha }} .
- run: bash tests/test.sh ci-image:${{ github.sha }}
+8 -8
View File
@@ -6,7 +6,7 @@ jobs:
hadolint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
continue-on-error: true
with:
@@ -14,28 +14,28 @@ jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- run: docker build -t ci-image:${{ github.sha }} .
- run: bash tests/test.sh ci-image:${{ github.sha }}
build-push:
needs: [test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4
- uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- id: meta
uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
with:
images: jcabillot/offlineimap
tags: |
type=ref,event=tag
type=ref,event=tag,suffix=-latest
- uses: docker/build-push-action@53b7df96c91f9c12dcc8a07bcb9ccacbed38856a # v7.3.0
- uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
with:
context: .
push: true
+13 -7
View File
@@ -1,21 +1,27 @@
FROM alpine:3.24
FROM alpine:3.23
LABEL maintainer="Cabillot Julien <dockerimages@cabillot.eu>"
COPY entrypoint.sh /entrypoint.sh
COPY patch.py /tmp/patch.py
# hadolint ignore=DL3018
RUN apk add --no-cache offlineimap openssl tini && \
RUN apk add --no-cache offlineimap openssl && \
adduser -D offlineimap && \
# Apply post-install patches:
# - UnicodeEncodeError fallback for defective messages (Maildir + IMAP)
# - SSL SECLEVEL=1 in imaplib2 to allow connecting to servers with weak DH keys
# (OpenSSL 3.x defaults to SECLEVEL=2)
# Force SECLEVEL=1 in imaplib2 to allow connecting to servers with weak DH keys (DH_KEY_TOO_SMALL)
# This is required because OpenSSL 3.x in Alpine 3.23 defaults to SECLEVEL=2
sed -i 's/ctx = ssl.SSLContext(ssl_version)/ctx = ssl.SSLContext(ssl_version)\n ctx.set_ciphers("DEFAULT:@SECLEVEL=1")/' /usr/lib/python3.*/site-packages/imaplib2/imaplib2.py && \
# Patch offlineimap email generator bug for defective messages
python3 /tmp/patch.py && rm /tmp/patch.py
COPY --chown=offlineimap offlineimaprc.*.tmpl /home/offlineimap/
# Add Tini
ENV "TINI_VERSION" "v0.16.1"
#ADD "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini" "/tini"
#RUN chmod +x "/tini"
#ENTRYPOINT ["/tini", "--"]
USER "offlineimap"
ENTRYPOINT ["/sbin/tini", "--"]
#ENTRYPOINT [ "/entrypoint.sh" ]
CMD [ "/entrypoint.sh" ]
+5 -75
View File
@@ -1,52 +1,16 @@
#!/usr/bin/env python3
"""Post-install patches for offlineimap on Alpine.
Run as root in the Docker build (RUN python3 /tmp/patch.py).
Fixes two upstream issues that persist in offlineimap 8.0.0:
1. UnicodeEncodeError when writing messages with non-ASCII bytes
(Maildir.save thread + IMAP header generation).
2. SSL SECLEVEL=2 in OpenSSL 3.x prevents connecting to servers with
weak DH keys (DH_KEY_TOO_SMALL). Force SECLEVEL=1 in imaplib2.
Paths are resolved dynamically so the patch survives Python version
bumps across Alpine releases (was hardcoded to python3.12).
"""
import glob
import sys
# ---------------------------------------------------------------
# 1. Maildir.py — wrap fd.write(msg.as_bytes(...)) in a try/except
# that falls back to UTF-8 encoded as_string on UnicodeEncodeError
# ---------------------------------------------------------------
maildir_path = glob.glob(
"/usr/lib/python%d.%d/site-packages/offlineimap/folder/Maildir.py"
% (sys.version_info.major, sys.version_info.minor)
)[0]
import sys, os
maildir_path = "/usr/lib/python3.12/site-packages/offlineimap/folder/Maildir.py"
with open(maildir_path, "r") as f:
maildir = f.read()
maildir = maildir.replace(
"fd.write(msg.as_bytes(policy=output_policy))",
"try:\n fd.write(msg.as_bytes(policy=output_policy))\n except UnicodeEncodeError:\n fd.write(msg.as_string(policy=output_policy).encode('utf-8'))",
"try:\n fd.write(msg.as_bytes(policy=output_policy))\n except UnicodeEncodeError:\n fd.write(msg.as_string(policy=output_policy).encode('utf-8'))"
)
with open(maildir_path, "w") as f:
f.write(maildir)
# ---------------------------------------------------------------
# 2. IMAP.py — add a helper and replace msg.as_bytes(policy=...) calls
# with the helper that falls back on UnicodeEncodeError
# ---------------------------------------------------------------
imap_path = glob.glob(
"/usr/lib/python%d.%d/site-packages/offlineimap/folder/IMAP.py"
% (sys.version_info.major, sys.version_info.minor)
)[0]
imap_path = "/usr/lib/python3.12/site-packages/offlineimap/folder/IMAP.py"
with open(imap_path, "r") as f:
imap_py = f.read()
@@ -57,40 +21,6 @@ def get_msg_bytes(msg, policy):
except UnicodeEncodeError:
return msg.as_string(policy=policy).encode('utf-8')
"""
imap_py = imap_patch + imap_py.replace(
"msg.as_bytes(policy=output_policy)", "get_msg_bytes(msg, output_policy)"
)
imap_py = imap_patch + imap_py.replace("msg.as_bytes(policy=output_policy)", "get_msg_bytes(msg, output_policy)")
with open(imap_path, "w") as f:
f.write(imap_py)
# ---------------------------------------------------------------
# 3. imaplib2.py — force SECLEVEL=1 to allow weak DH keys
# (moved here from a sed one-liner in the Dockerfile)
# ---------------------------------------------------------------
imaplib2_paths = glob.glob(
"/usr/lib/python%d.%d/site-packages/imaplib2/imaplib2.py"
% (sys.version_info.major, sys.version_info.minor)
)
if imaplib2_paths:
imaplib2_path = imaplib2_paths[0]
with open(imaplib2_path, "r") as f:
imaplib2_py = f.read()
old = "ctx = ssl.SSLContext(ssl_version)"
new = (
'ctx = ssl.SSLContext(ssl_version)\n'
' ctx.set_ciphers("DEFAULT:@SECLEVEL=1")'
)
if old in imaplib2_py:
imaplib2_py = imaplib2_py.replace(old, new)
with open(imaplib2_path, "w") as f:
f.write(imaplib2_py)
print("Patched imaplib2 SECLEVEL=1")
else:
print("imaplib2 already patched or pattern not found — skipping")
else:
print("imaplib2 not found — skipping SECLEVEL patch")