bump: v1.11.99 (#7)

Reviewed-on: #7
2025-05-03 04:24:51 +00:00 · 2025-05-03 04:24:51 +00:00 · aaf84605a5
commit aaf84605a5
parent 9f5d8482f4
4 changed files with 28 additions and 17 deletions
--- a/.env
+++ b/.env
@ -1,2 +1,2 @@
 PROD_URL=chat.gmoker.com
-IMAGEAPP=docker.io/vectorim/element-web:v1.11.89
+IMAGEAPP=docker.io/vectorim/element-web:v1.11.99
--- a/compose.yaml
+++ b/compose.yaml
@ -4,6 +4,8 @@ services:
    image: "$IMAGEAPP"
    restart: unless-stopped
    ports:
-      - "8080:80"
+      - "8080:8080"
+    environment:
+      - ELEMENT_WEB_PORT=8080
    volumes:
      - ./config/config.json:/app/config.json:ro
--- a/manifests/bin/deploy.sh
+++ b/manifests/bin/deploy.sh
@ -3,34 +3,33 @@ set -o pipefail

 function kapply() {
    for f in "$@"; do
-        kubectl apply -f <(envsubst < "manifests/$f")
+        kubectl apply --server-side \
+            -f<(envsubst "$(env | sed 's/^/$/')" < "manifests/$f")
    done
 }; export -f kapply

 function kcreatesec() {
-    kubectl create secret generic --dry-run=client -oyaml "$@" | kubectl replace -f-
+    kubectl apply --server-side \
+        -f<(kubectl create secret generic --dry-run=client -oyaml "$@")
 }; export -f kcreatesec

 function kcreatecm() {
-    kubectl create configmap --dry-run=client -oyaml "$@" | kubectl replace -f-
+    kubectl apply --server-side \
+        -f<(kubectl create configmap --dry-run=client -oyaml "$@")
 }; export -f kcreatecm

 function kgseckey() {
    local sec="$1"; shift
    local key="$1"; shift

-    if ! kubectl get secret "$sec" -ojson | jq -re ".data.\"$key\" // empty" | base64 -d; then
-        return 1
-    fi
+    kubectl get secret "$sec" -ojson | jq -re ".data.\"$key\"" | base64 -d
 }; export -f kgseckey

 function kgcmkey() {
    local cm="$1";  shift
    local key="$1"; shift

-    if ! kubectl get configmap "$cm" -ojson | jq -re ".data.\"$key\" // empty"; then
-        return 1
-    fi
+    kubectl get configmap "$cm" -ojson | jq -re ".data.\"$key\""
 }; export -f kgcmkey


--- a/manifests/common/app.yaml
+++ b/manifests/common/app.yaml
@ -5,11 +5,18 @@ metadata:
  name: app
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
-    gethomepage.dev/enabled: "true"
-    gethomepage.dev/instance: "$GITHUB_REF_NAME"
-    gethomepage.dev/name: Element
-    gethomepage.dev/icon: element
-    gethomepage.dev/description: Secure collaboration and messaging
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      more_set_headers "X-Frame-Options: SAMEORIGIN";
+      more_set_headers "X-Content-Type-Options: nosniff";
+      more_set_headers "X-XSS-Protection: 1; mode=block";
+      more_set_headers "Content-Security-Policy: frame-ancestors 'self'";
+
+      if ($request_uri = /) {
+        more_set_headers "Cache-Control: no-cache";
+      }
+      if ($request_uri ~* ^/(config\..*\.json|i18n|home|sites|index\.html)$) {
+        more_set_headers "Cache-Control: no-cache, no-store, must-revalidate";
+      }
 spec:
  ingressClassName: nginx
  tls:
@ -63,7 +70,10 @@ spec:
          image: "$IMAGEAPP"
          ports:
            - name: http
-              containerPort: 80
+              containerPort: 8080
+          env:
+            - name: ELEMENT_WEB_PORT
+              value: "8080"
          volumeMounts:
            - name: config
              mountPath: /app/config.json