From 978d24aa321f412cae702585961609ddb9ab392e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 16 May 2025 22:45:37 +0300 Subject: [PATCH] Upgrade Hookshot (6.0.3 -> 7.0.0) and remove provisioning API and integration with Dimension Ref: - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/4326 - https://github.com/matrix-org/matrix-hookshot/releases/tag/7.0.0 - https://github.com/matrix-org/matrix-hookshot/pull/931 Closes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/4326 --- docs/configuring-playbook-bridge-hookshot.md | 5 --- group_vars/matrix_servers | 3 -- .../matrix-bridge-hookshot/defaults/main.yml | 22 ++----------- .../tasks/validate_config.yml | 15 ++++----- .../templates/config.yaml.j2 | 14 +------- .../templates/labels.j2 | 32 ------------------- 6 files changed, 10 insertions(+), 81 deletions(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 47daebeac..2b24f898a 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -103,7 +103,6 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri | github oauth | `/hookshot/webhooks/oauth` | `matrix_hookshot_github_oauth_endpoint` | GitHub "Callback URL" | | jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | Jira OAuth | | figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma | -| provisioning | `/hookshot/v1/` | `matrix_hookshot_provisioning_endpoint` | Dimension [provisioning](#provisioning-api) | | appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | Matrix server | | widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets | @@ -132,10 +131,6 @@ aux_file_definitions: For more information, see the documentation in the [default configuration of the aux role](https://github.com/mother-of-all-self-hosting/ansible-role-aux/blob/main/defaults/main.yml). -### Provisioning API - -The provisioning API will be enabled automatically if you set `matrix_dimension_enabled: true` and provided a `matrix_hookshot_provisioning_secret`, unless you override it either way. To use hookshot with Dimension, you will need to enter as "Provisioning URL": `http://matrix-hookshot:9002`, which is made up of the variables `matrix_hookshot_container_url` and `matrix_hookshot_provisioning_port`. - ### Collision with matrix-appservice-webhooks If you are also running [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), it reserves its namespace by the default setting `matrix_appservice_webhooks_user_prefix: '_webhook_'`. You should take care if you modify its or hookshot's prefix that they do not collide with each other's namespace (default `matrix_hookshot_generic_userIdPrefix: '_webhooks_'`). diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 89ecd3705..0f56508b7 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2317,7 +2317,6 @@ matrix_hookshot_container_http_host_bind_ports_defaultmapping: - "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_appservice_port }}:{{ matrix_hookshot_appservice_port }}" - "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_metrics_port }}:{{ matrix_hookshot_metrics_port }}" - "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_webhook_port }}:{{ matrix_hookshot_webhook_port }}" - - "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_provisioning_port }}:{{ matrix_hookshot_provisioning_port }}" matrix_hookshot_container_http_host_bind_ports: "{{ matrix_hookshot_container_http_host_bind_ports_defaultmapping if matrix_playbook_service_host_bind_interface_prefix else [] }}" @@ -2326,8 +2325,6 @@ matrix_hookshot_container_labels_traefik_docker_network: "{{ matrix_playbook_rev matrix_hookshot_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" matrix_hookshot_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" -matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret and matrix_dimension_enabled }}" - matrix_hookshot_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}" matrix_hookshot_metrics_proxying_enabled: "{{ matrix_hookshot_metrics_enabled and matrix_metrics_exposure_enabled }}" diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index 2b204cbd3..e48ff2c17 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -29,7 +29,7 @@ matrix_hookshot_container_additional_networks_auto: [] matrix_hookshot_container_additional_networks_custom: [] # renovate: datasource=docker depName=halfshot/matrix-hookshot -matrix_hookshot_version: 6.0.3 +matrix_hookshot_version: 7.0.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_registry_prefix }}matrix-org/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_registry_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_hookshot_docker_image_registry_prefix_upstream }}" @@ -187,16 +187,6 @@ matrix_hookshot_feeds_enabled: true matrix_hookshot_feeds_pollIntervalSeconds: 600 # noqa var-naming matrix_hookshot_feeds_pollTimeoutSeconds: 30 # noqa var-naming - -matrix_hookshot_provisioning_enabled: false -# There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. -matrix_hookshot_provisioning_port: 9002 -matrix_hookshot_provisioning_secret: '' -# Provisioning will be automatically enabled if Dimension is enabled and you have provided a provisioning secret, unless you override it -matrix_hookshot_provisioning_internal: "/v1" -matrix_hookshot_provisioning_hostname: "{{ matrix_hookshot_public_hostname }}" -matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_provisioning_internal }}" - # Valid values: error, warn, info, debug matrix_hookshot_logging_level: warn @@ -289,15 +279,7 @@ matrix_hookshot_container_labels_widgets_traefik_entrypoints: "{{ matrix_hooksho matrix_hookshot_container_labels_widgets_traefik_tls: "{{ matrix_hookshot_container_labels_widgets_traefik_entrypoints != 'web' }}" matrix_hookshot_container_labels_widgets_traefik_tls_certResolver: "{{ matrix_hookshot_container_labels_traefik_tls_certResolver }}" # noqa var-naming -# Controls whether labels will be added that expose Hookshot's provisioning endpoint -matrix_hookshot_container_labels_provisioning_enabled: "{{ matrix_hookshot_provisioning_enabled }}" -matrix_hookshot_container_labels_provisioning_traefik_rule: "Host(`{{ matrix_hookshot_provisioning_hostname }}`) && PathPrefix(`{{ matrix_hookshot_provisioning_endpoint }}`)" -matrix_hookshot_container_labels_provisioning_traefik_priority: 0 -matrix_hookshot_container_labels_provisioning_traefik_entrypoints: "{{ matrix_hookshot_container_labels_traefik_entrypoints }}" -matrix_hookshot_container_labels_provisioning_traefik_tls: "{{ matrix_hookshot_container_labels_provisioning_traefik_entrypoints != 'web' }}" -matrix_hookshot_container_labels_provisioning_traefik_tls_certResolver: "{{ matrix_hookshot_container_labels_traefik_tls_certResolver }}" # noqa var-naming - -# Controls whether labels will be added that expose Hookshot's provisioning endpoint +# Controls whether labels will be added that expose Hookshot's metrics endpoint matrix_hookshot_container_labels_metrics_enabled: "{{ matrix_hookshot_metrics_enabled and matrix_hookshot_metrics_proxying_enabled }}" matrix_hookshot_container_labels_metrics_traefik_rule: "Host(`{{ matrix_hookshot_metrics_proxying_hostname }}`) && PathPrefix(`{{ matrix_hookshot_metrics_proxying_path_prefix }}`)" matrix_hookshot_container_labels_metrics_traefik_priority: 0 diff --git a/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml b/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml index 1c35abe88..9735668ae 100644 --- a/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml @@ -39,6 +39,13 @@ - {'old': 'matrix_hookshot_queue_port', 'new': 'matrix_hookshot_cache_redis_port'} - {'old': 'matrix_hookshot_experimental_encryption_enabled', 'new': 'matrix_hookshot_encryption_enabled'} - {'old': 'matrix_hookshot_docker_image_name_prefix', 'new': 'matrix_hookshot_docker_image_registry_prefix'} + - {'old': 'matrix_hookshot_provisioning_enabled', 'new': ''} + - {'old': 'matrix_hookshot_provisioning_port', 'new': ''} + - {'old': 'matrix_hookshot_provisioning_secret', 'new': ''} + - {'old': 'matrix_hookshot_provisioning_internal', 'new': ''} + - {'old': 'matrix_hookshot_provisioning_hostname', 'new': ''} + - {'old': 'matrix_hookshot_provisioning_endpoint', 'new': ''} + - {'old': 'matrix_hookshot_container_labels_provisioning_enabled', 'new': ''} - name: Fail if required Hookshot settings not defined ansible.builtin.fail: @@ -92,14 +99,6 @@ You need to define at least one Figma instance in `matrix_hookshot_figma_instances` to enable Figma. when: "matrix_hookshot_figma_enabled and matrix_hookshot_figma_instances | length == 0" -- name: Fail if required provisioning settings not defined - ansible.builtin.fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`) to enable provisioning. - when: "matrix_hookshot_provisioning_enabled and vars[item] == ''" - with_items: - - "matrix_hookshot_provisioning_secret" - - name: Fail if no Redis queue enabled when Hookshot encryption is enabled ansible.builtin.fail: msg: >- diff --git a/roles/custom/matrix-bridge-hookshot/templates/config.yaml.j2 b/roles/custom/matrix-bridge-hookshot/templates/config.yaml.j2 index 0f99ea747..eb62280a8 100644 --- a/roles/custom/matrix-bridge-hookshot/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-hookshot/templates/config.yaml.j2 @@ -89,12 +89,6 @@ feeds: pollIntervalSeconds: {{ matrix_hookshot_feeds_pollIntervalSeconds | to_json }} pollTimeoutSeconds: {{ matrix_hookshot_feeds_pollTimeoutSeconds | to_json }} {% endif %} -{% if matrix_hookshot_provisioning_enabled %} -provisioning: - # (Optional) Provisioning API for integration managers - # - secret: {{ matrix_hookshot_provisioning_secret | to_json }} -{% endif %} passFile: # A passkey used to encrypt tokens stored inside the bridge. # Run openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096 to generate @@ -143,7 +137,7 @@ permissions: {{ matrix_hookshot_permissions | to_json }} listeners: # (Optional) HTTP Listener configuration. # Bind resource endpoints to ports and addresses. - # 'resources' may be any of webhooks, widgets, metrics, provisioning, appservice + # 'resources' may be any of webhooks, widgets, metrics # {# always enabled since all services need it #} - port: {{ matrix_hookshot_webhook_port }} @@ -156,12 +150,6 @@ listeners: resources: - metrics {% endif %} -{% if matrix_hookshot_provisioning_enabled %} - - port: {{ matrix_hookshot_provisioning_port }} - bindAddress: 0.0.0.0 - resources: - - provisioning -{% endif %} {% if matrix_hookshot_widgets_enabled %} - port: {{ matrix_hookshot_widgets_port }} bindAddress: 0.0.0.0 diff --git a/roles/custom/matrix-bridge-hookshot/templates/labels.j2 b/roles/custom/matrix-bridge-hookshot/templates/labels.j2 index d7a36da4d..68dfaa906 100644 --- a/roles/custom/matrix-bridge-hookshot/templates/labels.j2 +++ b/roles/custom/matrix-bridge-hookshot/templates/labels.j2 @@ -14,7 +14,6 @@ traefik.docker.network={{ matrix_hookshot_container_labels_traefik_docker_networ traefik.http.services.matrix-hookshot-webhooks.loadbalancer.server.port={{ matrix_hookshot_webhook_port }} traefik.http.services.matrix-hookshot-appservice.loadbalancer.server.port={{ matrix_hookshot_appservice_port }} traefik.http.services.matrix-hookshot-widgets.loadbalancer.server.port={{ matrix_hookshot_widgets_port }} -traefik.http.services.matrix-hookshot-provisioning.loadbalancer.server.port={{ matrix_hookshot_provisioning_port }} traefik.http.services.matrix-hookshot-metrics.loadbalancer.server.port={{ matrix_hookshot_metrics_port }} {% if matrix_hookshot_container_labels_webhooks_enabled %} @@ -118,37 +117,6 @@ traefik.http.routers.matrix-hookshot-widgets.tls.certResolver={{ matrix_hookshot ############################################################ {% endif %} -{% if matrix_hookshot_container_labels_provisioning_enabled %} -############################################################ -# # -# Provisioning # -# # -############################################################ - -traefik.http.middlewares.matrix-hookshot-provisioning-strip-prefix.stripprefix.prefixes={{ matrix_hookshot_provisioning_endpoint }} - -traefik.http.routers.matrix-hookshot-provisioning.rule={{ matrix_hookshot_container_labels_provisioning_traefik_rule }} -traefik.http.routers.matrix-hookshot-provisioning.middlewares=matrix-hookshot-provisioning-strip-prefix - -{% if matrix_hookshot_container_labels_provisioning_traefik_priority | int > 0 %} -traefik.http.routers.matrix-hookshot-provisioning.priority={{ matrix_hookshot_container_labels_provisioning_traefik_priority }} -{% endif %} - -traefik.http.routers.matrix-hookshot-provisioning.service=matrix-hookshot-provisioning -traefik.http.routers.matrix-hookshot-provisioning.entrypoints={{ matrix_hookshot_container_labels_provisioning_traefik_entrypoints }} - -traefik.http.routers.matrix-hookshot-provisioning.tls={{ matrix_hookshot_container_labels_provisioning_traefik_tls | to_json }} -{% if matrix_hookshot_container_labels_provisioning_traefik_tls %} -traefik.http.routers.matrix-hookshot-provisioning.tls.certResolver={{ matrix_hookshot_container_labels_provisioning_traefik_tls_certResolver }} -{% endif %} - -############################################################ -# # -# /Provisioning # -# # -############################################################ -{% endif %} - {% if matrix_hookshot_container_labels_metrics_enabled %} ############################################################