Renovate Bot
a3180f4b1c
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [freshrss/freshrss](https://freshrss.org/) ([source](https://github.com/FreshRSS/FreshRSS)) | minor | `1.26.3` -> `1.27.0` | --- ### Release Notes <details> <summary>FreshRSS/FreshRSS (freshrss/freshrss)</summary> ### [`v1.27.0`](https://github.com/FreshRSS/FreshRSS/blob/HEAD/CHANGELOG.md#2025-08-18-FreshRSS-1270) [Compare Source](https://github.com/FreshRSS/FreshRSS/compare/1.26.3...1.27.0) - Features - Implement support for HTTP `429 Too Many Requests` and `503 Service Unavailable`, obey `Retry-After` [#​7760](https://github.com/FreshRSS/FreshRSS/pull/7760) - Add sort by category title, or by feed title [#​7702](https://github.com/FreshRSS/FreshRSS/pull/7702) - Add search operator `c:` for categories like `c:23,34` or `!c:45,56` [#​7696](https://github.com/FreshRSS/FreshRSS/pull/7696) - Custom feed favicons [#​7646](https://github.com/FreshRSS/FreshRSS/pull/7646), [#​7704](https://github.com/FreshRSS/FreshRSS/pull/7704), [#​7717](https://github.com/FreshRSS/FreshRSS/pull/7717), [#​7792](https://github.com/FreshRSS/FreshRSS/pull/7792) - Rework fetch favicons for fewer HTTP requests [#​7767](https://github.com/FreshRSS/FreshRSS/pull/7767) - Add more unicity criteria based on title and/or content [#​7789](https://github.com/FreshRSS/FreshRSS/pull/7789) - Automatically restore user configuration from backup [#​7682](https://github.com/FreshRSS/FreshRSS/pull/7682) - API add support for states in `s` parameter of `streamId` [#​7695](https://github.com/FreshRSS/FreshRSS/pull/7695) - Improve sharing via Print [#​7728](https://github.com/FreshRSS/FreshRSS/pull/7728) - Redirect to the login page from bookmarklet instead of 403 [#​7782](https://github.com/FreshRSS/FreshRSS/pull/7782) - Clean local cache more often, when refreshing feeds [#​7827](https://github.com/FreshRSS/FreshRSS/pull/7827) - Security - Implement reauthentication (*sudo* mode) [#​7753](https://github.com/FreshRSS/FreshRSS/pull/7753) - Add `Content-Security-Policy: frame-ancestors` [#​7677](https://github.com/FreshRSS/FreshRSS/pull/7677) - Ensure CSP everywhere [#​7810](https://github.com/FreshRSS/FreshRSS/pull/7810) - Show warning when unsafe CSP policy is in use [#​7804](https://github.com/FreshRSS/FreshRSS/pull/7804) - Fix access rights when creating a new user [#​7783](https://github.com/FreshRSS/FreshRSS/pull/7783) - Improve security of form for user details [#​7771](https://github.com/FreshRSS/FreshRSS/pull/7771), [#​7786](https://github.com/FreshRSS/FreshRSS/pull/7786) - Disallow setting non-existent theme [#​7722](https://github.com/FreshRSS/FreshRSS/pull/7722) - Regenerate cookie ID after logging out [#​7762](https://github.com/FreshRSS/FreshRSS/pull/7762) - Require current password when setting new password [#​7763](https://github.com/FreshRSS/FreshRSS/pull/7763) - Add missing access checks for feed-related actions [#​7768](https://github.com/FreshRSS/FreshRSS/pull/7768) - Strip more unsafe attributes such as `referrerpolicy`, `ping` [#​7770](https://github.com/FreshRSS/FreshRSS/pull/7770) - Remove unneeded execution permissions [#​7802](https://github.com/FreshRSS/FreshRSS/pull/7802) - Bug fixing - Fix redirections when scraping from HTML [#​7654](https://github.com/FreshRSS/FreshRSS/pull/7654), [#​7741](https://github.com/FreshRSS/FreshRSS/pull/7741) - Fix multiple authentication HTTP headers [#​7703](https://github.com/FreshRSS/FreshRSS/pull/7703) - Fix HTML queries with a single feed [#​7730](https://github.com/FreshRSS/FreshRSS/pull/7730) - WebSub: only perform a redirection when coming from WebSub [#​7738](https://github.com/FreshRSS/FreshRSS/pull/7738) - Include enclosures in entries’ hash [#​7719](https://github.com/FreshRSS/FreshRSS/pull/7719) - Negative side-effect: users of the option to *automatically mark updated articles as unread* will once have some articles with enclosures re-appear as unread - Fix cancellation of slider exit UI [#​7705](https://github.com/FreshRSS/FreshRSS/pull/7705) - Honor *disable update* on update page [#​7733](https://github.com/FreshRSS/FreshRSS/pull/7733) - Fix no registration limit setting [#​7751](https://github.com/FreshRSS/FreshRSS/pull/7751) - Fix XML encoding of sharing functions [#​7822](https://github.com/FreshRSS/FreshRSS/pull/7822) - SimplePie - Fix propagation of HTTP error codes [#​7670](https://github.com/FreshRSS/FreshRSS/pull/7670) - Fix support for XML feeds with HTML entities [#​7689](https://github.com/FreshRSS/FreshRSS/pull/7689), [simplepie#915](https://github.com/simplepie/simplepie/pull/915) - Fix feeds encoded in UTF-16LE [#​7691](https://github.com/FreshRSS/FreshRSS/pull/7691), [simplepie#916](https://github.com/simplepie/simplepie/pull/916) - Various upstream contributions [simplepie#917](https://github.com/simplepie/simplepie/pull/917), [simplepie#924](https://github.com/simplepie/simplepie/pull/924), [simplepie#926](https://github.com/simplepie/simplepie/pull/926), [simplepie#932](https://github.com/simplepie/simplepie/pull/932), [simplepie#933](https://github.com/simplepie/simplepie/pull/933) - Sync upstream [#​7706](https://github.com/FreshRSS/FreshRSS/pull/7706), [FreshRSS/simplepie#45](https://github.com/FreshRSS/simplepie/pull/45), [#​7775](https://github.com/FreshRSS/FreshRSS/pull/7775), [FreshRSS/simplepie#50](https://github.com/FreshRSS/simplepie/pull/50), [#​7824](https://github.com/FreshRSS/FreshRSS/pull/7824), [#​7825](https://github.com/FreshRSS/FreshRSS/pull/7825), - Fix regex *Backtrack limit was exhausted* in `clean_hash()` [#​7813](https://github.com/FreshRSS/FreshRSS/pull/7813), [FreshRSS/simplepie#48](https://github.com/FreshRSS/simplepie/pull/48) - Deployment - Docker default image (Debian 12 Bookworm) updated to PHP 8.2.29 [#​7805](https://github.com/FreshRSS/FreshRSS/pull/7805) - Docker alternative image updated to Alpine 3.22 with PHP 8.4.11 and Apache 2.4.65 [#​7740](https://github.com/FreshRSS/FreshRSS/pull/7740), [#​7740](https://github.com/FreshRSS/FreshRSS/pull/7740), [#​7803](https://github.com/FreshRSS/FreshRSS/pull/7803) - Start supporting PHP 8.5+ [#​7787](https://github.com/FreshRSS/FreshRSS/pull/7787), [#​7826](https://github.com/FreshRSS/FreshRSS/pull/7826) - Docker Alpine dev image `:newest` updated to PHP 8.5-alpha and Apache 2.4.65 [#​7773](https://github.com/FreshRSS/FreshRSS/pull/7773) - Docker: interpolate `FRESHRSS_INSTALL` and `FRESHRSS_USER` variables [#​7725](https://github.com/FreshRSS/FreshRSS/pull/7725) - Docker: Reduce how much data needs to be chown/chmod’ed on container startup [#​7793](https://github.com/FreshRSS/FreshRSS/pull/7793) - Test for database PDO typing support during install (relevant for MySQL / MariaDB with obsolete driver) [#​7651](https://github.com/FreshRSS/FreshRSS/pull/7651) - Extensions - Add API endpoint for extensions [#​7576](https://github.com/FreshRSS/FreshRSS/pull/7576) - Expose the reading modes for extensions [#​7668](https://github.com/FreshRSS/FreshRSS/pull/7668), [#​7688](https://github.com/FreshRSS/FreshRSS/pull/7688) - New extension hook `before_login_btn` [#​7761](https://github.com/FreshRSS/FreshRSS/pull/7761) - UI - Improve *mark as read* request showing popup due to `onbeforeunload` [#​7554](https://github.com/FreshRSS/FreshRSS/pull/7554) - Fix lazy-loading for `<video poster="...">` and `<image>` [#​7636](https://github.com/FreshRSS/FreshRSS/pull/7636) - Avoid styling `<code>` inside of `<pre>` [#​7797](https://github.com/FreshRSS/FreshRSS/pull/7797) - Improve confirmation logic with `data-auto-leave-validation` [#​7785](https://github.com/FreshRSS/FreshRSS/pull/7785) - Update `chart.js` to 4.5.0 [#​7752](https://github.com/FreshRSS/FreshRSS/pull/7752), [#​7816](https://github.com/FreshRSS/FreshRSS/pull/7816) - Various UI and style improvements: [#​7616](https://github.com/FreshRSS/FreshRSS/pull/7616), [#​7811](https://github.com/FreshRSS/FreshRSS/pull/7811) - I18n - Show translation status in README [#​7715](https://github.com/FreshRSS/FreshRSS/pull/7715) - Improve Indonesian [#​7654](https://github.com/FreshRSS/FreshRSS/pull/7654), [#​7721](https://github.com/FreshRSS/FreshRSS/pull/7721) - Improve Persian [#​7795](https://github.com/FreshRSS/FreshRSS/pull/7795) - Misc. - Improve PHP code [#​7642](https://github.com/FreshRSS/FreshRSS/pull/7642), [#​7665](https://github.com/FreshRSS/FreshRSS/pull/7665), [#​7761](https://github.com/FreshRSS/FreshRSS/pull/7761), [#​7781](https://github.com/FreshRSS/FreshRSS/pull/7781), [#​7794](https://github.com/FreshRSS/FreshRSS/pull/7794) - Update dev dependencies [#​7708](https://github.com/FreshRSS/FreshRSS/pull/7708), [#​7709](https://github.com/FreshRSS/FreshRSS/pull/7709), [#​7710](https://github.com/FreshRSS/FreshRSS/pull/7710), [#​7711](https://github.com/FreshRSS/FreshRSS/pull/7711), [#​7776](https://github.com/FreshRSS/FreshRSS/pull/7776), [#​7777](https://github.com/FreshRSS/FreshRSS/pull/7777) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4zNS4wIiwidXBkYXRlZEluVmVyIjoiNDEuMzUuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=--> Reviewed-on: #1253 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
221 lines
7.2 KiB
YAML
221 lines
7.2 KiB
YAML
freshrss:
|
|
controllers:
|
|
main:
|
|
type: deployment
|
|
replicas: 1
|
|
strategy: Recreate
|
|
revisionHistoryLimit: 3
|
|
initContainers:
|
|
init-download-extension-1:
|
|
securityContext:
|
|
runAsUser: 0
|
|
image:
|
|
repository: alpine
|
|
tag: 3.22.1
|
|
pullPolicy: IfNotPresent
|
|
command:
|
|
- /bin/sh
|
|
- -ec
|
|
- |
|
|
apk add --no-cache git;
|
|
cd /tmp;
|
|
git clone -n --depth=1 --filter=tree:0 https://github.com/cn-tools/cntools_FreshRssExtensions.git;
|
|
cd cntools_FreshRssExtensions;
|
|
git sparse-checkout set --no-cone /xExtension-YouTubeChannel2RssFeed;
|
|
git checkout;
|
|
rm -rf /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
|
|
cp -r xExtension-YouTubeChannel2RssFeed /var/www/FreshRSS/extensions
|
|
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 128Mi
|
|
init-download-extension-2:
|
|
securityContext:
|
|
runAsUser: 0
|
|
image:
|
|
repository: alpine
|
|
tag: 3.22.1
|
|
pullPolicy: IfNotPresent
|
|
command:
|
|
- /bin/sh
|
|
- -ec
|
|
- |
|
|
apk add --no-cache git;
|
|
cd /tmp;
|
|
git clone -n --depth=1 --filter=tree:0 https://github.com/FreshRSS/Extensions.git;
|
|
cd Extensions;
|
|
git sparse-checkout set --no-cone /xExtension-ImageProxy;
|
|
git checkout;
|
|
rm -rf /var/www/FreshRSS/extensions/xExtension-ImageProxy
|
|
cp -r xExtension-ImageProxy /var/www/FreshRSS/extensions
|
|
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-ImageProxy
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 128Mi
|
|
init-download-extension-3:
|
|
securityContext:
|
|
runAsUser: 0
|
|
image:
|
|
repository: alpine
|
|
tag: 3.22.1
|
|
pullPolicy: IfNotPresent
|
|
command:
|
|
- /bin/sh
|
|
- -ec
|
|
- |
|
|
cd /tmp;
|
|
wget https://github.com/zimmra/xExtension-karakeep-button/archive/refs/tags/v1.1.tar.gz;
|
|
tar -xvzf *.tar.gz;
|
|
rm -rf /var/www/FreshRSS/extensions/xExtension-karakeep-button
|
|
mkdir /var/www/FreshRSS/extensions/xExtension-karakeep-button
|
|
cp -r /tmp/xExtension-karakeep-button-*/* /var/www/FreshRSS/extensions/xExtension-karakeep-button
|
|
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-karakeep-button
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 128Mi
|
|
containers:
|
|
main:
|
|
image:
|
|
repository: freshrss/freshrss
|
|
tag: 1.27.0
|
|
pullPolicy: IfNotPresent
|
|
env:
|
|
- name: PGID
|
|
value: "568"
|
|
- name: PUID
|
|
value: "568"
|
|
- name: TZ
|
|
value: US/Central
|
|
- name: FRESHRSS_ENV
|
|
value: production
|
|
- name: CRON_MIN
|
|
value: 13,43
|
|
- name: BASE_URL
|
|
value: https://rss.alexlebens.dev
|
|
- name: DB_HOST
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: freshrss-postgresql-17-cluster-app
|
|
key: host
|
|
- name: DB_BASE
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: freshrss-postgresql-17-cluster-app
|
|
key: dbname
|
|
- name: DB_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: freshrss-postgresql-17-cluster-app
|
|
key: user
|
|
- name: DB_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: freshrss-postgresql-17-cluster-app
|
|
key: password
|
|
- name: FRESHRSS_INSTALL
|
|
value: |
|
|
--api-enabled
|
|
--base-url $(BASE_URL)
|
|
--db-base $(DB_BASE)
|
|
--db-host $(DB_HOST)
|
|
--db-password $(DB_PASSWORD)
|
|
--db-type pgsql
|
|
--db-user $(DB_USER)
|
|
--auth-type http_auth
|
|
--default-user admin
|
|
--language en
|
|
- name: FRESHRSS_USER
|
|
value: |
|
|
--api-password $(ADMIN_API_PASSWORD)
|
|
--email $(ADMIN_EMAIL)
|
|
--language en
|
|
--password $(ADMIN_PASSWORD)
|
|
--user admin
|
|
- name: OIDC_ENABLED
|
|
value: 1
|
|
- name: OIDC_PROVIDER_METADATA_URL
|
|
value: https://auth.alexlebens.dev/application/o/freshrss/.well-known/openid-configuration
|
|
- name: OIDC_X_FORWARDED_HEADERS
|
|
value: X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host
|
|
- name: OIDC_SCOPES
|
|
value: openid email profile
|
|
- name: OIDC_REMOTE_USER_CLAIM
|
|
value: preferred_username
|
|
envFrom:
|
|
- secretRef:
|
|
name: freshrss-oidc-secret
|
|
- secretRef:
|
|
name: freshrss-install-secret
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 128Mi
|
|
service:
|
|
main:
|
|
controller: main
|
|
ports:
|
|
http:
|
|
port: 80
|
|
targetPort: 80
|
|
protocol: HTTP
|
|
persistence:
|
|
data:
|
|
storageClass: ceph-block
|
|
accessMode: ReadWriteOnce
|
|
size: 5Gi
|
|
retain: true
|
|
advancedMounts:
|
|
main:
|
|
main:
|
|
- path: /var/www/FreshRSS/data
|
|
readOnly: false
|
|
extensions:
|
|
storageClass: ceph-block
|
|
accessMode: ReadWriteOnce
|
|
size: 1Gi
|
|
retain: true
|
|
advancedMounts:
|
|
main:
|
|
init-download-extension-1:
|
|
- path: /var/www/FreshRSS/extensions
|
|
readOnly: false
|
|
init-download-extension-2:
|
|
- path: /var/www/FreshRSS/extensions
|
|
readOnly: false
|
|
init-download-extension-3:
|
|
- path: /var/www/FreshRSS/extensions
|
|
readOnly: false
|
|
main:
|
|
- path: /var/www/FreshRSS/extensions
|
|
readOnly: false
|
|
cloudflared:
|
|
existingSecretName: freshrss-cloudflared-secret
|
|
postgres-17-cluster:
|
|
mode: standalone
|
|
cluster:
|
|
storage:
|
|
storageClass: local-path
|
|
walStorage:
|
|
storageClass: local-path
|
|
monitoring:
|
|
enabled: true
|
|
prometheusRule:
|
|
enabled: true
|
|
recovery:
|
|
method: objectStore
|
|
objectStore:
|
|
endpointURL: https://nyc3.digitaloceanspaces.com
|
|
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/freshrss/freshrss-postgresql-17-cluster
|
|
endpointCredentials: freshrss-postgresql-17-cluster-backup-secret
|
|
recoveryIndex: 3
|
|
backup:
|
|
enabled: true
|
|
endpointURL: https://nyc3.digitaloceanspaces.com
|
|
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/freshrss/freshrss-postgresql-17-cluster
|
|
endpointCredentials: freshrss-postgresql-17-cluster-backup-secret
|
|
backupIndex: 3
|
|
retentionPolicy: "7d"
|