Merge pull request 'upgrade' (#26) from upgrade into main

## Détails - Mise à jour de : * Watchtower en [1.4.0](https://github.com/containrrr/watchtower/releases/tag/v1.4.0) * Registry en [2.8.0](https://github.com/distribution/distribution/releases/tag/v2.8.0) * Prometheus en [2.33.3](https://github.com/prometheus/prometheus/releases/tag/v2.33.3) * Postgres en [14.2](https://www.postgresql.org/docs/release/14.2/) * Grafana en [8.3.6](https://github.com/grafana/grafana/releases/tag/v8.3.6) * Gitea en [1.16.1](https://github.com/go-gitea/gitea/releases/tag/v1.16.1) * Nextcloud en [23.0.0](https://nextcloud.com/changelog/#latest23) - Ajout des sha256 des images docker ## Pourquoi - Pour avoir les derniers fix de sécurité - Pour ajouter de la sécurité lors du téléchargement des images ## Liens - [ticket](https://tree.taiga.io/project/killiankemps-resilien/us/374) Reviewed-on: #26 Reviewed-by: killian <developer@killiankemps.fr>
2022-02-14 14:15:55 +01:00 · 2022-02-14 14:15:55 +01:00 · fe99557d1b
parent 3109e64b6d c4735acbc5
commit fe99557d1b
16 changed files with 16 additions and 16 deletions
--- a/directus/docker-compose.yml
+++ b/directus/docker-compose.yml
@ -9,7 +9,7 @@ volumes:
 services:
  directus:
    container_name: ${DIRECTUS_CONTAINER_NAME:-directus}
-    image: ${DIRECTUS_IMAGE:-directus/directus:9.5.1}
+    image: ${DIRECTUS_IMAGE:-directus/directus:9.5.1@sha256:c21099315f8720a12c65eea30b7450a96845ba17e9313e95a3fd23867b96c289}
    restart: always
    volumes:
      - directus:/directus/uploads
--- a/drone/runner/docker-compose.yml
+++ b/drone/runner/docker-compose.yml
@ -7,7 +7,7 @@ version: "3.8"
 services:
  drone-runner:
    container_name: ${DRONE_RUNNER_CONTAINER_NAME}
-    image: ${DRONE_RUNNER_IMAGE:-drone/drone-runner-docker:1.8.0}
+    image: ${DRONE_RUNNER_IMAGE:-drone/drone-runner-docker:1.8.0@sha256:70da970bb76a62567edbea1ac8002d9484664267f4cbb49fbd7c87a753d02260}
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
--- a/drone/server/docker-compose.yml
+++ b/drone/server/docker-compose.yml
@ -9,7 +9,7 @@ volumes:
 services:
  drone-server:
    container_name: ${DRONE_SERVER_CONTAINER_NAME:-drone-server}
-    image: ${DRONE_SERVER_IMAGE:-drone/drone:2.9.1}
+    image: ${DRONE_SERVER_IMAGE:-drone/drone:2.9.1@sha256:674e62c62cf41e06773c1b5e89687f1d514d49db6d1bb78678a5ef86927bc479}
    restart: always
    environment:
      # https://docs.drone.io/server/reference/drone-rpc-secret/
--- a/gitea/docker-compose.yml
+++ b/gitea/docker-compose.yml
@ -7,7 +7,7 @@ volumes:
 services:
  gitea:
    container_name: ${GITEA_CONTAINER_NAME:-gitea}
-    image: ${GITEA_IMAGE:-gitea/gitea:1.15.5}
+    image: ${GITEA_IMAGE:-gitea/gitea:1.16.1@sha256:bd36095359861e6970705a70d58ae0536f92f0d3f2d25c18ed663e94380c546a}
    restart: always
    environment:
      # - USER_UID=1000
--- a/grafana/docker-compose.yml
+++ b/grafana/docker-compose.yml
@ -8,7 +8,7 @@ volumes:
 services:
  grafana:
    container_name: ${GRAFANA_CONTAINER_NAME:-grafana}
-    image: ${GRAFANA_IMAGE:-grafana/grafana:8.3.4}
+    image: ${GRAFANA_IMAGE:-grafana/grafana:8.3.6@sha256:5b71534e0a0329f243994a09340db6625b55a33ae218d71e34ec73f824ec1e48}
    restart: always
    volumes:
      - grafana:/var/lib/grafana
--- a/hedgedoc/docker-compose.yml
+++ b/hedgedoc/docker-compose.yml
@ -7,7 +7,7 @@ volumes:
 services:
  hedgedoc:
    container_name: ${HEDGEDOC_CONTAINER_NAME:-hedgedoc}
-    image: ${HEDGEDOC_IMAGE:-linuxserver/hedgedoc:1.9.2-ls39}
+    image: ${HEDGEDOC_IMAGE:-linuxserver/hedgedoc:1.9.2-ls44@sha256:e3e0ec428e043104ec626a4c89e09baf61bc8939f8a28979bdadf3a4fa6f513f}
    restart: always
    depends_on:
      - postgres
--- a/mobilizon/docker-compose.yml
+++ b/mobilizon/docker-compose.yml
@ -9,7 +9,7 @@ volumes:
 services:
  mobilizon:
    container_name: ${MOBILIZON_CONTAINER_NAME:-mobilizon}
-    image: ${MOBILIZON_IMAGE:-framasoft/mobilizon:2.0.2}
+    image: ${MOBILIZON_IMAGE:-framasoft/mobilizon:2.0.2@sha256:a703d399c35b3b685be7c154bf2ac74f5acd88d8c28dd42f05f68859d76edfd3}
    restart: always
    depends_on:
      - postgres
--- a/nextcloud/docker-compose.yml
+++ b/nextcloud/docker-compose.yml
@ -7,7 +7,7 @@ volumes:
 services:
  nextcloud-fpm:
    container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm
-    image: ${NEXTCLOUD_IMAGE:-nextcloud:22.2.3-fpm-alpine}
+    image: ${NEXTCLOUD_IMAGE:-nextcloud:23.0.0-fpm-alpine@sha256:b02448c82a7fec3d1d0aacbeab466707929a9acbe7c069db4dca14166878ceb1}
    restart: always
    depends_on:
      - postgres
--- a/postgres/docker-compose.yml
+++ b/postgres/docker-compose.yml
@ -7,7 +7,7 @@ volumes:
 services:
  postgres:
    container_name: ${POSTGRES_CONTAINER_NAME:-postgres}
-    image: ${POSTGRES_IMAGE:-postgres:14.1-alpine}
+    image: ${POSTGRES_IMAGE:-postgres:14.2-alpine@sha256:536bc3ad5d53f1b84db958be04013024aae70449c931943ad0a55c56c28f68b3}
    restart: always
    environment:
      POSTGRES_USER: ${POSTGRES_USER:?err}
--- a/prometheus/docker-compose.yml
+++ b/prometheus/docker-compose.yml
@ -12,7 +12,7 @@ services:
    build:
      context: .
      args:
-        PROMETHEUS_IMAGE: ${PROMETHEUS_IMAGE:-prom/prometheus:v2.33.1}
+        PROMETHEUS_IMAGE: ${PROMETHEUS_IMAGE:-prom/prometheus:v2.33.3@sha256:20c90b9a99b12b4349150e347811cc44dccdb05c291d385320be63dc12cce73b}
    volumes:
      - prometheus:/prometheus
    restart: always
--- a/redis/docker-compose.yml
+++ b/redis/docker-compose.yml
@ -2,7 +2,7 @@ version: "3.8"

 services:
  redis:
-    image: ${REDIS_IMAGE:-redis:6.2.6-alpine}
+    image: ${REDIS_IMAGE:-redis:6.2.6-alpine@sha256:4bed291aa5efb9f0d77b76ff7d4ab71eee410962965d052552db1fb80576431d}
    container_name: ${REDIS_CONTAINER_NAME:-redis}
    restart: always
    environment:
--- a/registry/.env
+++ b/registry/.env
@ -5,7 +5,7 @@ TRAEFIK_NETWORK_NAME=kifeart

 ## REGISTRY

-REGISTRY_IMAGE=registry:2.7.1
+#REGISTRY_IMAGE=
 REGISTRY_CUSTOM_IMAGE=custom/registry
 REGISTRY_DOMAIN=registry.cool.life
 REGISTRY_VOLUME_NAME=registry
--- a/registry/docker-compose.yml
+++ b/registry/docker-compose.yml
@ -7,7 +7,7 @@ volumes:
 services:
  registry:
    container_name: ${REGISTRY_CONTAINER_NAME}
-    image: ${REGISTRY_IMAGE}
+    image: ${REGISTRY_IMAGE:-registry:2.8.0@sha256:c26590bcf53822a542e78fab5c88e1dfbcdee91c1882f4656b7db7b542d91d97}
    restart: always
    environment:
      REGISTRY_AUTH: htpasswd
--- a/traefik/docker-compose.yml
+++ b/traefik/docker-compose.yml
@ -11,7 +11,7 @@ networks:
 services:
  traefik:
    container_name: ${TRAEFIK_CONTAINER_NAME:-traefik}
-    image: ${TRAEFIK_IMAGE:-traefik:v2.6.0}
+    image: ${TRAEFIK_IMAGE:-traefik:v2.6.0@sha256:b22bd53ef626cf3667390c3e3651936b08f9c0c9107e3a6faf02e6dc06b3e0c0}
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
--- a/watchtower/.env
+++ b/watchtower/.env
@ -1,5 +1,5 @@
 WATCHTOWER_CONTAINER_NAME=watchtower
-WATCHTOWER_IMAGE=containrrr/watchtower:1.0.3
+#WATCHTOWER_IMAGE=
 REGISTRY_DOMAIN=registry.cool.life
 REGISTRY_USER=kosssi
 REGISTRY_PASSWORD=z91PjNYpswd4ai5YoMCw58VoygJSZev7qNJ0cAlPmPBD5pVz9O
--- a/watchtower/docker-compose.yml
+++ b/watchtower/docker-compose.yml
@ -3,7 +3,7 @@ version: '3.8'
 services:
  watchtower:
    container_name: ${WATCHTOWER_CONTAINER_NAME}
-    image: ${WATCHTOWER_IMAGE}
+    image: ${WATCHTOWER_IMAGE:-containrrr/watchtower:1.4.0@sha256:bbf9794a691b59ed2ed3089fec53844f14ada249ee5e372ff0e595b73f4e9ab3}
    restart: always
    command: -i 60 --label-enable --cleanup --debug
    # --debug