Merge branch 'master' into staging

.github/workflows/image_builds.yml

@@ -0,0 +1,41 @@
+name: Build Mailcow Docker Images
+
+on:
+  push:
+    branches: [ "master", "staging" ]
+  workflow_dispatch:
+
+jobs:
+  docker_image_builds:
+    strategy:
+      matrix:
+        images: ["acme-mailcow",
+                 "clamd-mailcow",
+                 "dockerapi-mailcow",
+                 "dovecot-mailcow",
+                 "netfilter-mailcow",
+                 "olefy-mailcow",
+                 "php-fpm-mailcow",
+                 "postfix-mailcow",
+                 "rspamd-mailcow",
+                 "sogo-mailcow",
+                 "solr-mailcow",
+                 "unbound-mailcow",
+                 "watchdog-mailcow"]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Setup Docker
+        run: |
+          curl -sSL https://get.docker.com/ | CHANNEL=stable sudo sh
+          sudo service docker start
+          sudo curl -L https://github.com/docker/compose/releases/download/v$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
+          sudo chmod +x /usr/local/bin/docker-compose
+      - name: Prepair Image Builds
+        run: |
+          cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml
+      - name: Build Docker Images
+        run: |
+          docker-compose build ${image}
+        env:
+          image: ${{ matrix.images }}

.github/workflows/integration_tests.yml

@@ -0,0 +1,60 @@
+name: Mailcow Integration Tests
+
+on:
+  push:
+    branches: [ "master", "staging" ]
+  workflow_dispatch:
+
+jobs:
+  integration_tests:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Setup Ansible
+        run: |
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install python3 python3-pip git
+          sudo pip3 install ansible
+      - name: Prepair Test Environment
+        run: |
+          git clone https://github.com/mailcow/mailcow-integration-tests.git --branch $(curl -sL https://api.github.com/repos/mailcow/mailcow-integration-tests/releases/latest | jq -r '.tag_name') --single-branch .
+          ./fork_check.sh
+          ./ci.sh
+          ./ci-pip-requirements.sh
+        env:
+          VAULT_PW: ${{ secrets.MAILCOW_TESTS_VAULT_PW }}
+          VAULT_FILE: ${{ secrets.MAILCOW_TESTS_VAULT_FILE }}
+      - name: Start Integration Test Server
+        run: |
+          ./fork_check.sh
+          ansible-playbook mailcow-start-server.yml --diff
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+          ANSIBLE_HOST_KEY_CHECKING: 'false'
+      - name: Setup Integration Test Server
+        run: |
+          ./fork_check.sh
+          sleep 30
+          ansible-playbook mailcow-setup-server.yml --private-key id_ssh_rsa --diff
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+          ANSIBLE_HOST_KEY_CHECKING: 'false'
+      - name: Run Integration Tests
+        run: |
+          ./fork_check.sh
+          ansible-playbook mailcow-integration-tests.yml --private-key id_ssh_rsa --diff
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+          ANSIBLE_HOST_KEY_CHECKING: 'false'
+      - name: Delete Integration Test Server
+        if: always()
+        run: |
+          ./fork_check.sh
+          ansible-playbook mailcow-delete-server.yml --diff
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+          ANSIBLE_HOST_KEY_CHECKING: 'false'

.github/workflows/tweet-trigger-publish-release.yml

@@ -0,0 +1,17 @@
+name: "Tweet trigger release"
+on:
+  release:
+    types: [published]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Tweet-trigger-publish-release
+        uses: mugi111/tweet-trigger-release@v1.1
+        with:
+          consumer_key: ${{ secrets.CONSUMER_KEY }}
+          consumer_secret: ${{ secrets.CONSUMER_SECRET }}
+          access_token_key: ${{ secrets.ACCESS_TOKEN_KEY }}
+          access_token_secret: ${{ secrets.ACCESS_TOKEN_SECRET }}
+          tweet_body: 'A new mailcow-dockerized Release has been Released on GitHub! Checkout our GitHub Page for the latest Release: github.com/mailcow/mailcow-dockerized/releases/latest'

SECURITY.md

@@ -0,0 +1,42 @@
+# Security Policies and Procedures
+
+This document outlines security procedures and general policies for the _mailcow: dockerized_ project as found on [mailcow-dockerized](https://github.com/mailcow/mailcow-dockerized).
+
+  * [Reporting a Vulnerability](#reporting-a-vulnerability)
+  * [Disclosure Policy](#disclosure-policy)
+  * [Comments on this Policy](#comments-on-this-policy)
+
+## Reporting a Vulnerability 
+
+The mailcow team and community take all security vulnerabilities
+seriously. Thank you for improving the security of our open source 
+software. We appreciate your efforts and responsible disclosure and will
+make every effort to acknowledge your contributions.
+
+Report security vulnerabilities by emailing the mailcow team at:
+    
+    info at servercow.de
+
+mailcow team will acknowledge your email as soon as possible, and will
+send a more detailed response afterwards indicating the next steps in 
+handling your report. After the initial reply to your report, the mailcow
+team will endeavor to keep you informed of the progress towards a fix and
+full announcement, and may ask for additional information or guidance.
+
+Report security vulnerabilities in third-party modules to the person or 
+team maintaining the module.
+
+## Disclosure Policy
+
+When the mailcow team receives a security bug report, they will assign it
+to a primary handler. This person will coordinate the fix and release
+process, involving the following steps:
+
+  * Confirm the problem and determine the affected versions.
+  * Audit code to find any potential similar problems.
+  * Prepare fixes for all releases still under maintenance.
+
+## Comments on this Policy
+
+If you have suggestions on how this process could be improved please submit a
+pull request.