mirror of
https://github.com/Dokploy/templates.git
synced 2026-07-10 00:15:28 +02:00
fix: composer security audit blocked pinned shopware/core, bump to 6.7.12.1
Bootstrap died with exit 2 because Composer >= 2.9 enables audit.block-insecure by default: shopware/core v6.7.8.2 is now affected by 9 security advisories (all fixed in 6.7.10.1+), so 'composer create-project shopware/production:6.7.8.2' failed to resolve dependencies and the whole stack never started. - Bump the pinned Shopware version to 6.7.12.1 (latest, advisory-free). - Disable audit.block-insecure in the bootstrap's global composer config so advisories published after a version is pinned cannot brick fresh one-click deploys. - Use APP_URL=http://${main_domain} per template conventions; an https APP_URL breaks storefront sales-channel matching when the Dokploy domain is served over plain http. Verified on a Dokploy instance: full bootstrap + deployment-helper install completed in ~4 min, storefront and /admin both return HTTP 200. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
@@ -110,7 +110,7 @@ services:
|
||||
<<: *shopware-env
|
||||
COMPOSER_ALLOW_SUPERUSER: "1"
|
||||
COMPOSER_HOME: "/tmp/composer"
|
||||
SHOPWARE_VERSION: "${SHOPWARE_VERSION:-6.7.8.2}"
|
||||
SHOPWARE_VERSION: "${SHOPWARE_VERSION:-6.7.12.1}"
|
||||
SHOPWARE_DOCKER_VERSION: "${SHOPWARE_DOCKER_VERSION:-0.3.0}"
|
||||
ENABLE_DEMO_DATA: "${ENABLE_DEMO_DATA:-1}"
|
||||
DEMO_DATA_VERSION: "${DEMO_DATA_VERSION:-2.1.0}"
|
||||
@@ -148,6 +148,10 @@ services:
|
||||
|
||||
tmp_dir="$$(mktemp -d)"
|
||||
|
||||
# Composer >=2.9 refuses to install pinned versions that are affected by
|
||||
# security advisories published later. Keep the pinned bootstrap deterministic.
|
||||
composer config -g audit.block-insecure false 2>/dev/null || true
|
||||
|
||||
composer create-project --no-interaction --prefer-dist "shopware/production:${SHOPWARE_VERSION}" "$$tmp_dir"
|
||||
cd "$$tmp_dir"
|
||||
composer require --no-interaction "shopware/docker:${SHOPWARE_DOCKER_VERSION}"
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
[variables]
|
||||
main_domain = "${domain}"
|
||||
app_url = "https://${main_domain}"
|
||||
app_url = "http://${main_domain}"
|
||||
app_secret = "${hash:64}"
|
||||
instance_id = "${hash:32}"
|
||||
database_name = "shopware"
|
||||
@@ -13,7 +13,7 @@ lock_dsn = "redis://:${redis_password}@redis:6379/1"
|
||||
php_session_save_path = "tcp://redis:6379?auth=${redis_password}"
|
||||
install_admin_username = "admin"
|
||||
install_admin_password = "${password:20}"
|
||||
shopware_version = "6.7.8.2"
|
||||
shopware_version = "6.7.12.1"
|
||||
shopware_docker_version = "0.3.0"
|
||||
shopware_cli_image = "shopware/shopware-cli:0.14.3-php-8.4"
|
||||
shopware_base_image = "shopware/docker-base:8.4.19-nginx"
|
||||
|
||||
Reference in New Issue
Block a user