From 5ebf3f40b8817e78e6d565593ad4b35a4c5ec358 Mon Sep 17 00:00:00 2001
From: Julian Schacher <julian@jsts.xyz>
Date: Sat, 27 Jul 2024 19:08:50 +0200
Subject: [PATCH 01/30] testing

---
 .woodpecker/keycloak.yaml | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/.woodpecker/keycloak.yaml b/.woodpecker/keycloak.yaml
index 01f54ed..eb11f8c 100644
--- a/.woodpecker/keycloak.yaml
+++ b/.woodpecker/keycloak.yaml
@@ -25,14 +25,27 @@ steps:
     image: alpine
     commands:
       - mkdir /woodpecker/images
+  - name: test
+    image: debian
+    commands:
+      - echo "miau" > test
+  - name: test-2
+    image: debian
+    environment:
+      MY_COOL_TEST_VAR: test
+    entrypoint:
+      - /usr/bin/cat
+      - $${MY_COOL_TEST_VAR}"
   - name: build-image
     image: gcr.io/kaniko-project/executor
+    environment:
+      MY_COOL_TEST_VAR: 25.0
     entrypoint:
       - /kaniko/executor
       - --context=dir:///woodpecker/src/keycloak
       - --dockerfile=./Containerfile
-      - --build-arg=TAG=${KEYCLOAK_VERSION}
-      - --destination=${IMAGE_NAME}:${KEYCLOAK_VERSION}
+      - --build-arg=TAG=$${MY_COOL_TEST_VAR}
+      - --destination=${IMAGE_NAME}:$${MY_COOL_TEST_VAR}
       - --no-push
       - --tar-path=/woodpecker/images/keycloak.tar
   - name: publish-image

From 1b24726e7a1116296eecb320f275c332cd9ca2a4 Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Sat, 27 Jul 2024 22:30:13 +0200
Subject: [PATCH 02/30] Add our own logo instead of the keycloak logo

---
 .../ccchh/login/resources/css/ccchh/login.css |  11 ++
 .../ccchh/login/resources/img/CCCHH.svg       | 123 ++++++++++++++++++
 2 files changed, 134 insertions(+)
 create mode 100644 keycloak/themes/ccchh/login/resources/img/CCCHH.svg

diff --git a/keycloak/themes/ccchh/login/resources/css/ccchh/login.css b/keycloak/themes/ccchh/login/resources/css/ccchh/login.css
index 1ad56c4..223f444 100644
--- a/keycloak/themes/ccchh/login/resources/css/ccchh/login.css
+++ b/keycloak/themes/ccchh/login/resources/css/ccchh/login.css
@@ -2,4 +2,15 @@
     background: url("../../img/blur-more-blur-edit.jpg") no-repeat center center fixed;
     background-size: cover;
     height: 100%;
+}
+div.ccchh-kc-logo-text {
+    background: url("../../img/CCCHH.svg") no-repeat center center;
+    background-size: contain;
+    filter: invert(1);
+    height: 126px;
+    width: 600px;
+}
+
+div.kc-logo-text span {
+    display: none;
 }
\ No newline at end of file
diff --git a/keycloak/themes/ccchh/login/resources/img/CCCHH.svg b/keycloak/themes/ccchh/login/resources/img/CCCHH.svg
new file mode 100644
index 0000000..750d341
--- /dev/null
+++ b/keycloak/themes/ccchh/login/resources/img/CCCHH.svg
@@ -0,0 +1,123 @@
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN" "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
+<svg xmlns="http://www.w3.org/2000/svg"  xmlns:xlink="http://www.w3.org/1999/xlink" width='270.000mm' height='78.923mm' viewBox="0 0 270.000 78.923">
+
+<title>Exported SVG</title>
+
+<style><![CDATA[
+polygon {
+shape-rendering:crispEdges;
+stroke-width:0.270000;
+}
+.s1 {
+stroke:#000000;
+stroke-width:0.245682;
+stroke-linecap:round;
+stroke-linejoin:round;
+fill:none;
+}
+.s2 {
+stroke:#19b219;
+stroke-width:0.245682;
+stroke-linecap:round;
+stroke-linejoin:round;
+fill:none;
+}
+.s3 {
+stroke:#7f4c00;
+stroke-width:0.245682;
+stroke-linecap:round;
+stroke-linejoin:round;
+fill:none;
+}
+.s4 {
+stroke:#00cc00;
+stroke-width:0.245682;
+stroke-linecap:round;
+stroke-linejoin:round;
+fill:none;
+}
+.s5 {
+stroke:#000000;
+stroke-width:0.163788;
+stroke-linecap:round;
+stroke-linejoin:round;
+fill:none;
+}
+.s6 {
+stroke:#ff19ff;
+stroke-width:0.163788;
+stroke-linecap:round;
+stroke-linejoin:round;
+fill:none;
+}
+.s7 {
+stroke:#ff0000;
+stroke-width:0.245682;
+stroke-linecap:round;
+stroke-linejoin:round;
+fill:none;
+}
+.s8 {
+stroke:#ffff00;
+stroke-width:0.245682;
+stroke-linecap:round;
+stroke-linejoin:round;
+fill:none;
+}
+.s9 {
+stroke:#001919;
+stroke-width:0.163788;
+stroke-linecap:round;
+stroke-linejoin:round;
+fill:none;
+}
+.sa {
+stroke:#006666;
+stroke-width:0.163788;
+stroke-linecap:round;
+stroke-linejoin:round;
+fill:none;
+}
+.sb {
+stroke:#00ffff;
+stroke-width:0.491365;
+stroke-linecap:round;
+stroke-linejoin:round;
+fill:none;
+}
+.sc {
+stroke:#ff0000;
+stroke-width:1.310307;
+stroke-linecap:round;
+stroke-linejoin:round;
+fill:none;
+}
+.sd {
+stroke:#191919;
+stroke-width:0.163788;
+stroke-linecap:round;
+stroke-linejoin:round;
+fill:none;
+}
+.se {
+stroke:#000000;
+stroke-width:0.163788;
+stroke-linecap:round;
+stroke-linejoin:round;
+stroke-dasharray:2.457,2.457;
+fill:none;
+}
+.sf {
+stroke:#000000;
+stroke-width:0.491365;
+stroke-linecap:round;
+stroke-linejoin:round;
+fill:none;
+}
+]]></style>
+<path d='M62.272 26.962 A30.000,30.000 0 0,0 28.603,10.152 A30.000,30.000 0 0,0 5.000,39.462 A30.000,30.000 0 0,0 28.603,68.772 A30.000,30.000 0 0,0 62.272,51.962 L56.651,51.962 A25.000,25.000 0 0,1 28.530,63.610 A25.000,25.000 0 0,1 10.000,39.462 A25.000,25.000 0 0,1 28.530,15.313 A25.000,25.000 0 0,1 56.651,26.962 L62.272,26.962 ' class='s0' />
+<path d='M53.540 31.962 A20.000,20.000 0 0,0 31.180,19.830 A20.000,20.000 0 0,0 15.000,39.462 A20.000,20.000 0 0,0 31.180,59.093 A20.000,20.000 0 0,0 53.540,46.962 L65.953,46.962 A30.000,30.000 0 0,0 92.347,69.344 A30.000,30.000 0 0,0 122.272,51.962 L116.651,51.962 A25.000,25.000 0 0,1 89.747,63.903 A25.000,25.000 0 0,1 70.125,41.962 L49.790,41.962 A15.000,15.000 0 0,1 33.746,54.409 A15.000,15.000 0 0,1 20.000,39.462 A15.000,15.000 0 0,1 33.746,24.514 A15.000,15.000 0 0,1 49.790,36.962 L70.125,36.962 A25.000,25.000 0 0,1 89.747,15.020 A25.000,25.000 0 0,1 116.651,26.962 L122.272,26.962 A30.000,30.000 0 0,0 92.347,9.579 A30.000,30.000 0 0,0 65.953,31.962 L53.540,31.962 ' class='s0' />
+<path d='M113.540 31.962 A20.000,20.000 0 0,0 91.180,19.830 A20.000,20.000 0 0,0 75.000,39.462 A20.000,20.000 0 0,0 91.180,59.093 A20.000,20.000 0 0,0 113.540,46.962 L125.953,46.962 A30.000,30.000 0 0,0 152.347,69.344 A30.000,30.000 0 0,0 182.272,51.962 L176.651,51.962 A25.000,25.000 0 0,1 149.747,63.903 A25.000,25.000 0 0,1 130.125,41.962 L109.790,41.962 A15.000,15.000 0 0,1 93.746,54.409 A15.000,15.000 0 0,1 80.000,39.462 A15.000,15.000 0 0,1 93.746,24.514 A15.000,15.000 0 0,1 109.790,36.962 L130.125,36.962 A25.000,25.000 0 0,1 149.747,15.020 A25.000,25.000 0 0,1 176.651,26.962 L182.272,26.962 A30.000,30.000 0 0,0 152.347,9.579 A30.000,30.000 0 0,0 125.953,31.962 L113.540,31.962 ' class='s0' />
+<path d='M173.540 31.962 A20.000,20.000 0 0,0 151.180,19.830 A20.000,20.000 0 0,0 135.000,39.462 A20.000,20.000 0 0,0 151.180,59.093 A20.000,20.000 0 0,0 173.540,46.962 L190.000,46.962 L190.000,69.462 L205.000,69.462 L205.000,46.962 L220.000,46.962 L220.000,69.462 L235.000,69.462 L235.000,46.962 L250.000,46.962 L250.000,69.462 L265.000,69.462 L265.000,9.462 L250.000,9.462 L250.000,31.962 L235.000,31.962 L235.000,9.462 L220.000,9.462 L220.000,31.962 L205.000,31.962 L205.000,9.462 L190.000,9.462 L190.000,31.962 L173.540,31.962 M169.790 36.962 L195.000,36.962 L195.000,14.462 L200.000,14.462 L200.000,36.962 L225.000,36.962 L225.000,14.462 L230.000,14.462 L230.000,36.962 L255.000,36.962 L255.000,14.462 L260.000,14.462 L260.000,64.462 L255.000,64.462 L255.000,41.962 L230.000,41.962 L230.000,64.462 L225.000,64.462 L225.000,41.962 L200.000,41.962 L200.000,64.462 L195.000,64.462 L195.000,41.962 L169.790,41.962 A15.000,15.000 0 0,1 153.746,54.409 A15.000,15.000 0 0,1 140.000,39.462 A15.000,15.000 0 0,1 153.746,24.514 A15.000,15.000 0 0,1 169.790,36.962 ' class='s0' />
+
+</svg>

From 01851a011eb7faa381ffc19a6423a38bf5689e3e Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Sat, 27 Jul 2024 22:42:10 +0200
Subject: [PATCH 03/30] Fix: need to give the css class the correct name.

---
 keycloak/themes/ccchh/login/resources/css/ccchh/login.css | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/keycloak/themes/ccchh/login/resources/css/ccchh/login.css b/keycloak/themes/ccchh/login/resources/css/ccchh/login.css
index 223f444..ac10ab2 100644
--- a/keycloak/themes/ccchh/login/resources/css/ccchh/login.css
+++ b/keycloak/themes/ccchh/login/resources/css/ccchh/login.css
@@ -3,7 +3,8 @@
     background-size: cover;
     height: 100%;
 }
-div.ccchh-kc-logo-text {
+
+div.kc-logo-text {
     background: url("../../img/CCCHH.svg") no-repeat center center;
     background-size: contain;
     filter: invert(1);

From 8dfecd068de05b9667c91c82308bf4aebdb4a3f3 Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Sat, 27 Jul 2024 23:09:59 +0200
Subject: [PATCH 04/30] Build our nextcloud image via woodpecker

---
 .woodpecker/nextcloud.yaml | 60 ++++++++++++++++++++++++++++++++++++++
 nextcloud/Containerfile    | 13 +++++++++
 nextcloud/supervisord.conf | 22 ++++++++++++++
 3 files changed, 95 insertions(+)
 create mode 100644 .woodpecker/nextcloud.yaml
 create mode 100644 nextcloud/Containerfile
 create mode 100644 nextcloud/supervisord.conf

diff --git a/.woodpecker/nextcloud.yaml b/.woodpecker/nextcloud.yaml
new file mode 100644
index 0000000..537d112
--- /dev/null
+++ b/.woodpecker/nextcloud.yaml
@@ -0,0 +1,60 @@
+when:
+  - event: push
+  - event: cron
+    cron: daily
+
+# Manually set a workspace path, so we can use it literally, without using
+# ${CI_WORKSPACE}, when running kaniko, since using ${CI_WORKSPACE} doesn't work.
+# https://github.com/woodpecker-ci/woodpecker/issues/3982
+workspace:
+  path: src
+
+# Use matrix to set NEXTCLOUD_VERSION instead of setting the NEXTCLOUD_VERSION as
+# an environment variable in the build-images step, since string substitution
+# doesn't work for custom environment variables.
+# https://github.com/woodpecker-ci/woodpecker/issues/3983
+# Also because global environment variables aren't a thing.
+matrix:
+  NEXTCLOUD_VERSION:
+    - 28
+    - 29
+  IMAGE_NAME:
+    - git.hamburg.ccc.de/ccchh/oci-images/nextcloud
+
+steps:
+  - name: setup-image-path
+    image: docker.io/library/alpine
+    commands:
+      - mkdir /woodpecker/images
+
+  - name: build-image
+    image: gcr.io/kaniko-project/executor
+    entrypoint:
+      - /kaniko/executor
+      - --context=dir:///woodpecker/src/nextcloud
+      - --dockerfile=./Containerfile
+      - --build-arg=TAG=${NEXTCLOUD_VERSION}
+      - --destination=${IMAGE_NAME}:${NEXTCLOUD_VERSION}
+      - --no-push
+      - --tar-path=/woodpecker/images/nextcloud.tar
+
+  - name: publish-image
+    image: docker.io/library/alpine
+    secrets:
+      - GIT_API_TOKEN
+    commands:
+      - apk -u add crane
+      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
+      - crane push /woodpecker/images/keycloak.tar $IMAGE_NAME:$CI_COMMIT_BRANCH
+
+  - name: tag-version-and-latest
+    image: docker.io/library/alpine
+    when:
+      - branch: main
+    secrets:
+      - GIT_API_TOKEN
+    commands:
+      - apk -u add crane
+      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
+      - crane tag $IMAGE_NAME:$CI_COMMIT_BRANCH $NEXTCLOUD_VERSION
+      - crane tag $IMAGE_NAME:$CI_COMMIT_BRANCH latest
diff --git a/nextcloud/Containerfile b/nextcloud/Containerfile
new file mode 100644
index 0000000..79741b0
--- /dev/null
+++ b/nextcloud/Containerfile
@@ -0,0 +1,13 @@
+ARG TAG=latest
+FROM docker.io/library/nextcloud:${TAG}
+
+RUN apt-get update && apt-get install -y \
+    supervisor \
+    && rm -rf /var/lib/apt/lists/* \
+    && mkdir /var/log/supervisord /var/run/supervisord
+
+ADD supervisord.conf /supervisord.conf
+
+ENV NEXTCLOUD_UPDATE=1
+
+CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
\ No newline at end of file
diff --git a/nextcloud/supervisord.conf b/nextcloud/supervisord.conf
new file mode 100644
index 0000000..836a08a
--- /dev/null
+++ b/nextcloud/supervisord.conf
@@ -0,0 +1,22 @@
+[supervisord]
+nodaemon=true
+logfile=/var/log/supervisord/supervisord.log
+pidfile=/var/run/supervisord/supervisord.pid
+childlogdir=/var/log/supervisord/
+logfile_maxbytes=50MB                           ; maximum size of logfile before rotation
+logfile_backups=10                              ; number of backed up logfiles
+loglevel=error
+
+[program:apache2]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=apache2-foreground
+
+[program:cron]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=/cron.sh

From 4fcbc461754eed302d8ca41303012a1e0b80d8f9 Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Sat, 27 Jul 2024 23:19:14 +0200
Subject: [PATCH 05/30] Build Container on push if it's files have changed

---
 .woodpecker/keycloak.yaml  | 3 +++
 .woodpecker/nextcloud.yaml | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.woodpecker/keycloak.yaml b/.woodpecker/keycloak.yaml
index 01f54ed..00c32b0 100644
--- a/.woodpecker/keycloak.yaml
+++ b/.woodpecker/keycloak.yaml
@@ -1,5 +1,8 @@
 when:
   - event: push
+    path: 
+      - 'keycloak/**'
+      - '.woodpecker/keycloak.yaml'
   - event: cron
     cron: daily
 
diff --git a/.woodpecker/nextcloud.yaml b/.woodpecker/nextcloud.yaml
index 537d112..14a5783 100644
--- a/.woodpecker/nextcloud.yaml
+++ b/.woodpecker/nextcloud.yaml
@@ -1,5 +1,8 @@
 when:
   - event: push
+    path: 
+    - 'nextcloud/**'
+    - '.woodpecker/nextcloud.yaml'
   - event: cron
     cron: daily
 

From 38078de4b019422b7ff91b4d329664c5c35a44e0 Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Sat, 27 Jul 2024 23:23:25 +0200
Subject: [PATCH 06/30] Fix: set -p for mkdir

---
 .woodpecker/nextcloud.yaml | 4 ++--
 nextcloud/Containerfile    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.woodpecker/nextcloud.yaml b/.woodpecker/nextcloud.yaml
index 14a5783..6bd50e8 100644
--- a/.woodpecker/nextcloud.yaml
+++ b/.woodpecker/nextcloud.yaml
@@ -1,8 +1,8 @@
 when:
   - event: push
     path: 
-    - 'nextcloud/**'
-    - '.woodpecker/nextcloud.yaml'
+      - 'nextcloud/**'
+      - '.woodpecker/nextcloud.yaml'
   - event: cron
     cron: daily
 
diff --git a/nextcloud/Containerfile b/nextcloud/Containerfile
index 79741b0..f37901e 100644
--- a/nextcloud/Containerfile
+++ b/nextcloud/Containerfile
@@ -4,7 +4,7 @@ FROM docker.io/library/nextcloud:${TAG}
 RUN apt-get update && apt-get install -y \
     supervisor \
     && rm -rf /var/lib/apt/lists/* \
-    && mkdir /var/log/supervisord /var/run/supervisord
+    && mkdir -p /var/log/supervisord /var/run/supervisord
 
 ADD supervisord.conf /supervisord.conf
 

From 14df00e63165afa7874369f2eef7ba506055c50c Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Sat, 27 Jul 2024 23:27:23 +0200
Subject: [PATCH 07/30] Fix: push images with the version tag first

---
 .woodpecker/keycloak.yaml  | 8 ++++----
 .woodpecker/nextcloud.yaml | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.woodpecker/keycloak.yaml b/.woodpecker/keycloak.yaml
index 00c32b0..0ffcc3c 100644
--- a/.woodpecker/keycloak.yaml
+++ b/.woodpecker/keycloak.yaml
@@ -45,8 +45,8 @@ steps:
     commands:
       - apk -u add crane
       - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
-      - crane push /woodpecker/images/keycloak.tar $IMAGE_NAME:$CI_COMMIT_BRANCH
-  - name: tag-version-and-latest
+      - crane push /woodpecker/images/keycloak.tar $IMAGE_NAME:$KEYCLOAK_VERSION
+  - name: tag-branch-and-latest
     image: alpine
     when:
       - branch: main
@@ -55,5 +55,5 @@ steps:
     commands:
       - apk -u add crane
       - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
-      - crane tag $IMAGE_NAME:$CI_COMMIT_BRANCH $KEYCLOAK_VERSION
-      - crane tag $IMAGE_NAME:$CI_COMMIT_BRANCH latest
+      - crane tag $IMAGE_NAME:$KEYCLOAK_VERSION $CI_COMMIT_BRANCH
+      - crane tag $IMAGE_NAME:$KEYCLOAK_VERSION latest
diff --git a/.woodpecker/nextcloud.yaml b/.woodpecker/nextcloud.yaml
index 6bd50e8..cca797d 100644
--- a/.woodpecker/nextcloud.yaml
+++ b/.woodpecker/nextcloud.yaml
@@ -48,9 +48,9 @@ steps:
     commands:
       - apk -u add crane
       - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
-      - crane push /woodpecker/images/keycloak.tar $IMAGE_NAME:$CI_COMMIT_BRANCH
+      - crane push /woodpecker/images/nextcloud.tar $IMAGE_NAME:$NEXTCLOUD_VERSION
 
-  - name: tag-version-and-latest
+  - name: tag-branch-and-latest
     image: docker.io/library/alpine
     when:
       - branch: main
@@ -59,5 +59,5 @@ steps:
     commands:
       - apk -u add crane
       - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
-      - crane tag $IMAGE_NAME:$CI_COMMIT_BRANCH $NEXTCLOUD_VERSION
-      - crane tag $IMAGE_NAME:$CI_COMMIT_BRANCH latest
+      - crane tag $IMAGE_NAME:$NEXTCLOUD_VERSION $CI_COMMIT_BRANCH
+      - crane tag $IMAGE_NAME:$NEXTCLOUD_VERSION latest

From 5dcbe2c3c8e323f19f0fb2e0ac87f883be2928f9 Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Sat, 27 Jul 2024 23:43:26 +0200
Subject: [PATCH 08/30] only tag branch and latest if PREFERRED_VERSION

---
 .woodpecker/nextcloud.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.woodpecker/nextcloud.yaml b/.woodpecker/nextcloud.yaml
index cca797d..5b829a6 100644
--- a/.woodpecker/nextcloud.yaml
+++ b/.woodpecker/nextcloud.yaml
@@ -24,6 +24,9 @@ matrix:
   IMAGE_NAME:
     - git.hamburg.ccc.de/ccchh/oci-images/nextcloud
 
+variables:
+  &PREFERRED_VERSION 28
+
 steps:
   - name: setup-image-path
     image: docker.io/library/alpine
@@ -54,6 +57,7 @@ steps:
     image: docker.io/library/alpine
     when:
       - branch: main
+      - evaluate: PREFERRED_VERSION == NEXTCLOUD_VERSION
     secrets:
       - GIT_API_TOKEN
     commands:

From 69c5ef00fe0e48f00cdd665bf0748ae466750cd3 Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Sun, 28 Jul 2024 00:02:40 +0200
Subject: [PATCH 09/30] only tag branch & latest if version equals check

---
 .woodpecker/keycloak.yaml  | 1 +
 .woodpecker/nextcloud.yaml | 5 +----
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/.woodpecker/keycloak.yaml b/.woodpecker/keycloak.yaml
index 0ffcc3c..f98ad87 100644
--- a/.woodpecker/keycloak.yaml
+++ b/.woodpecker/keycloak.yaml
@@ -50,6 +50,7 @@ steps:
     image: alpine
     when:
       - branch: main
+      - evaluate: 'KEYCLOAK_VERSION == "25.0"'
     secrets:
       - GIT_API_TOKEN
     commands:
diff --git a/.woodpecker/nextcloud.yaml b/.woodpecker/nextcloud.yaml
index 5b829a6..43609a6 100644
--- a/.woodpecker/nextcloud.yaml
+++ b/.woodpecker/nextcloud.yaml
@@ -24,9 +24,6 @@ matrix:
   IMAGE_NAME:
     - git.hamburg.ccc.de/ccchh/oci-images/nextcloud
 
-variables:
-  &PREFERRED_VERSION 28
-
 steps:
   - name: setup-image-path
     image: docker.io/library/alpine
@@ -57,7 +54,7 @@ steps:
     image: docker.io/library/alpine
     when:
       - branch: main
-      - evaluate: PREFERRED_VERSION == NEXTCLOUD_VERSION
+      - evaluate: 'NEXTCLOUD_VERSION == "28"'
     secrets:
       - GIT_API_TOKEN
     commands:

From 0025b72e4bffa4bf8c10404d03dcddc990120a19 Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Sun, 28 Jul 2024 00:13:26 +0200
Subject: [PATCH 10/30] Fix: fix path /var/run/supervisord/ does not exist

---
 .woodpecker/nextcloud.yaml | 2 +-
 nextcloud/Containerfile    | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.woodpecker/nextcloud.yaml b/.woodpecker/nextcloud.yaml
index 43609a6..36b4a19 100644
--- a/.woodpecker/nextcloud.yaml
+++ b/.woodpecker/nextcloud.yaml
@@ -54,7 +54,7 @@ steps:
     image: docker.io/library/alpine
     when:
       - branch: main
-      - evaluate: 'NEXTCLOUD_VERSION == "28"'
+        evaluate: 'NEXTCLOUD_VERSION == "28"'
     secrets:
       - GIT_API_TOKEN
     commands:
diff --git a/nextcloud/Containerfile b/nextcloud/Containerfile
index f37901e..db26687 100644
--- a/nextcloud/Containerfile
+++ b/nextcloud/Containerfile
@@ -4,7 +4,8 @@ FROM docker.io/library/nextcloud:${TAG}
 RUN apt-get update && apt-get install -y \
     supervisor \
     && rm -rf /var/lib/apt/lists/* \
-    && mkdir -p /var/log/supervisord /var/run/supervisord
+    && mkdir -p /var/log/supervisord \
+    && mkdir -p /var/run/supervisord
 
 ADD supervisord.conf /supervisord.conf
 

From 65f93ad899c26b5eaa36a7679b37de8c0c344c10 Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Sun, 28 Jul 2024 00:27:14 +0200
Subject: [PATCH 11/30] Nextcloud: ADD supervisord.conf to root

---
 nextcloud/Containerfile | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/nextcloud/Containerfile b/nextcloud/Containerfile
index db26687..322f1f5 100644
--- a/nextcloud/Containerfile
+++ b/nextcloud/Containerfile
@@ -1,13 +1,12 @@
 ARG TAG=latest
 FROM docker.io/library/nextcloud:${TAG}
 
-RUN apt-get update && apt-get install -y \
-    supervisor \
+RUN apt-get update \
+    && apt-get install -y supervisor \
     && rm -rf /var/lib/apt/lists/* \
-    && mkdir -p /var/log/supervisord \
-    && mkdir -p /var/run/supervisord
+    && mkdir /var/log/supervisord /var/run/supervisord
 
-ADD supervisord.conf /supervisord.conf
+ADD supervisord.conf /
 
 ENV NEXTCLOUD_UPDATE=1
 

From efb88af7ca772201f47fb64f85eb3e1005628143 Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Sun, 28 Jul 2024 00:29:18 +0200
Subject: [PATCH 12/30] Nextcloud: add -p flag to mkdir

---
 nextcloud/Containerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud/Containerfile b/nextcloud/Containerfile
index 322f1f5..186ff63 100644
--- a/nextcloud/Containerfile
+++ b/nextcloud/Containerfile
@@ -4,7 +4,7 @@ FROM docker.io/library/nextcloud:${TAG}
 RUN apt-get update \
     && apt-get install -y supervisor \
     && rm -rf /var/lib/apt/lists/* \
-    && mkdir /var/log/supervisord /var/run/supervisord
+    && mkdir -p /var/log/supervisord /var/run/supervisord
 
 ADD supervisord.conf /
 

From 82af017d9f80357e5f3f7aa1c552112263587d50 Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Sun, 28 Jul 2024 03:23:18 +0200
Subject: [PATCH 13/30] nextcloud: use COPY

---
 nextcloud/Containerfile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/nextcloud/Containerfile b/nextcloud/Containerfile
index 186ff63..5a3c30d 100644
--- a/nextcloud/Containerfile
+++ b/nextcloud/Containerfile
@@ -4,10 +4,10 @@ FROM docker.io/library/nextcloud:${TAG}
 RUN apt-get update \
     && apt-get install -y supervisor \
     && rm -rf /var/lib/apt/lists/* \
-    && mkdir -p /var/log/supervisord /var/run/supervisord
+    && mkdir /var/log/supervisord /var/run/supervisord
 
-ADD supervisord.conf /
+COPY supervisord.conf /
 
 ENV NEXTCLOUD_UPDATE=1
 
-CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
\ No newline at end of file
+CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

From a8ab630c756c5f384a7f1fbe11bf5d6ff935d4ee Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Sun, 28 Jul 2024 03:32:40 +0200
Subject: [PATCH 14/30] nextcloud: try kaniko flag

---
 .woodpecker/nextcloud.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.woodpecker/nextcloud.yaml b/.woodpecker/nextcloud.yaml
index 36b4a19..f975816 100644
--- a/.woodpecker/nextcloud.yaml
+++ b/.woodpecker/nextcloud.yaml
@@ -40,6 +40,7 @@ steps:
       - --destination=${IMAGE_NAME}:${NEXTCLOUD_VERSION}
       - --no-push
       - --tar-path=/woodpecker/images/nextcloud.tar
+      - --cache-run-layers=false 
 
   - name: publish-image
     image: docker.io/library/alpine

From 0f10928c1b4c1adc9feb8bae49a8ff1d3fe4f6c3 Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Sun, 28 Jul 2024 03:34:36 +0200
Subject: [PATCH 15/30] nextcloud: more fun flags

---
 .woodpecker/nextcloud.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.woodpecker/nextcloud.yaml b/.woodpecker/nextcloud.yaml
index f975816..60ed526 100644
--- a/.woodpecker/nextcloud.yaml
+++ b/.woodpecker/nextcloud.yaml
@@ -40,7 +40,9 @@ steps:
       - --destination=${IMAGE_NAME}:${NEXTCLOUD_VERSION}
       - --no-push
       - --tar-path=/woodpecker/images/nextcloud.tar
-      - --cache-run-layers=false 
+      - --cache-run-layers=false
+      - --cleanup 
+      - --cache=false
 
   - name: publish-image
     image: docker.io/library/alpine

From f88c3ce4e77c3b98eba4670ec9452e549af1eb3c Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Sun, 28 Jul 2024 03:37:32 +0200
Subject: [PATCH 16/30] nextcloud: revert flags

---
 .woodpecker/nextcloud.yaml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.woodpecker/nextcloud.yaml b/.woodpecker/nextcloud.yaml
index 60ed526..36b4a19 100644
--- a/.woodpecker/nextcloud.yaml
+++ b/.woodpecker/nextcloud.yaml
@@ -40,9 +40,6 @@ steps:
       - --destination=${IMAGE_NAME}:${NEXTCLOUD_VERSION}
       - --no-push
       - --tar-path=/woodpecker/images/nextcloud.tar
-      - --cache-run-layers=false
-      - --cleanup 
-      - --cache=false
 
   - name: publish-image
     image: docker.io/library/alpine

From 99cce09ef64ab7093f0e8b2f3d7ea2e29d774247 Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Mon, 29 Jul 2024 21:28:58 +0200
Subject: [PATCH 17/30] Squashed commit of the following:

commit 59d03f97a3f429e2035da30c079fd6c5277d9eec
Author: c6ristian <c6ristian@christian.moe>
Date:   Mon Jul 29 20:15:58 2024 +0200

    explain why the COPY step exists

commit 2fd26d6f6f6ae0fdb2991561de5cf71763904853
Author: c6ristian <c6ristian@christian.moe>
Date:   Mon Jul 29 19:55:52 2024 +0200

    no keep var run

commit cc2f0cdc8109083f24dc9c0491b6870bf964f92e
Author: c6ristian <c6ristian@christian.moe>
Date:   Mon Jul 29 19:53:52 2024 +0200

    no keep var log

commit 88569e05f515cb06f2898b297e150c6988da8c1c
Author: c6ristian <c6ristian@christian.moe>
Date:   Mon Jul 29 19:46:31 2024 +0200

    COPY .keep

commit 1eca9841675fde50a229f6272918e4bb83dfa6d0
Author: c6ristian <c6ristian@christian.moe>
Date:   Mon Jul 29 19:21:50 2024 +0200

    nextcloud: try a .keep file to save the folder
---
 nextcloud/.keep         | 0
 nextcloud/Containerfile | 7 +++++--
 2 files changed, 5 insertions(+), 2 deletions(-)
 create mode 100644 nextcloud/.keep

diff --git a/nextcloud/.keep b/nextcloud/.keep
new file mode 100644
index 0000000..e69de29
diff --git a/nextcloud/Containerfile b/nextcloud/Containerfile
index 5a3c30d..d139a4d 100644
--- a/nextcloud/Containerfile
+++ b/nextcloud/Containerfile
@@ -4,10 +4,13 @@ FROM docker.io/library/nextcloud:${TAG}
 RUN apt-get update \
     && apt-get install -y supervisor \
     && rm -rf /var/lib/apt/lists/* \
-    && mkdir /var/log/supervisord /var/run/supervisord
+    && mkdir -p /var/log/supervisord /var/run/supervisord 
+
+# We need to copy a file to the supervisord folder in /var/run so it exists when the container starts.
+COPY .keep /var/run/supervisord/
 
 COPY supervisord.conf /
 
 ENV NEXTCLOUD_UPDATE=1
 
-CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
+CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
\ No newline at end of file

From c9f1ead4188d2e3e85a1ef014423ae95d0fe6b2d Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Mon, 29 Jul 2024 21:51:01 +0200
Subject: [PATCH 18/30] Add Nextcloud image to README.md

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 0daf4ba..ade5424 100644
--- a/README.md
+++ b/README.md
@@ -11,3 +11,4 @@ Tools in use:
 ## Images
 
 - `git.hamburg.ccc.de/CCCHH/oci-images/keycloak`
+- `git.hamburg.ccc.de/CCCHH/oci-images/nextcloud`
\ No newline at end of file

From 6783e974b91464e5b598461496272208ab243636 Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Mon, 29 Jul 2024 22:20:59 +0200
Subject: [PATCH 19/30] keycloak: fix login theme for mobile

---
 keycloak/themes/ccchh/login/resources/css/ccchh/login.css | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/keycloak/themes/ccchh/login/resources/css/ccchh/login.css b/keycloak/themes/ccchh/login/resources/css/ccchh/login.css
index ac10ab2..9a31b32 100644
--- a/keycloak/themes/ccchh/login/resources/css/ccchh/login.css
+++ b/keycloak/themes/ccchh/login/resources/css/ccchh/login.css
@@ -8,8 +8,7 @@ div.kc-logo-text {
     background: url("../../img/CCCHH.svg") no-repeat center center;
     background-size: contain;
     filter: invert(1);
-    height: 126px;
-    width: 600px;
+    height: 100px;
 }
 
 div.kc-logo-text span {

From 2906ee45d815f65eda2965ac4d42a7c1c3a24428 Mon Sep 17 00:00:00 2001
From: Julian Schacher <julian@jsts.xyz>
Date: Sat, 10 Aug 2024 19:16:52 +0200
Subject: [PATCH 20/30] organize the image publishing/tagging process better

Every image gets pushed with a unique version-branch tag by default and
then the version and latest tags get only tagged from the main branch
and the main branch and the desired version respectively.
---
 .woodpecker/keycloak.yaml  | 23 ++++++++++++++++++-----
 .woodpecker/nextcloud.yaml | 18 ++++++++++++++----
 2 files changed, 32 insertions(+), 9 deletions(-)

diff --git a/.woodpecker/keycloak.yaml b/.woodpecker/keycloak.yaml
index f98ad87..06eed66 100644
--- a/.woodpecker/keycloak.yaml
+++ b/.woodpecker/keycloak.yaml
@@ -28,6 +28,7 @@ steps:
     image: alpine
     commands:
       - mkdir /woodpecker/images
+
   - name: build-image
     image: gcr.io/kaniko-project/executor
     entrypoint:
@@ -38,6 +39,7 @@ steps:
       - --destination=${IMAGE_NAME}:${KEYCLOAK_VERSION}
       - --no-push
       - --tar-path=/woodpecker/images/keycloak.tar
+
   - name: publish-image
     image: alpine
     secrets:
@@ -45,16 +47,27 @@ steps:
     commands:
       - apk -u add crane
       - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
-      - crane push /woodpecker/images/keycloak.tar $IMAGE_NAME:$KEYCLOAK_VERSION
-  - name: tag-branch-and-latest
+      - crane push /woodpecker/images/keycloak.tar $IMAGE_NAME:$KEYCLOAK_VERSION-$CI_COMMIT_BRANCH
+
+  - name: tag-version
     image: alpine
     when:
       - branch: main
-      - evaluate: 'KEYCLOAK_VERSION == "25.0"'
     secrets:
       - GIT_API_TOKEN
     commands:
       - apk -u add crane
       - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
-      - crane tag $IMAGE_NAME:$KEYCLOAK_VERSION $CI_COMMIT_BRANCH
-      - crane tag $IMAGE_NAME:$KEYCLOAK_VERSION latest
+      - crane tag $IMAGE_NAME:$KEYCLOAK_VERSION-$CI_COMMIT_BRANCH $KEYCLOAK_VERSION
+
+  - name: tag-latest
+    image: alpine
+    when:
+      - branch: main
+        evaluate: 'KEYCLOAK_VERSION == "25.0"'
+    secrets:
+      - GIT_API_TOKEN
+    commands:
+      - apk -u add crane
+      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
+      - crane tag $IMAGE_NAME:$KEYCLOAK_VERSION-$CI_COMMIT_BRANCH latest
diff --git a/.woodpecker/nextcloud.yaml b/.woodpecker/nextcloud.yaml
index 36b4a19..feea22e 100644
--- a/.woodpecker/nextcloud.yaml
+++ b/.woodpecker/nextcloud.yaml
@@ -48,9 +48,20 @@ steps:
     commands:
       - apk -u add crane
       - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
-      - crane push /woodpecker/images/nextcloud.tar $IMAGE_NAME:$NEXTCLOUD_VERSION
+      - crane push /woodpecker/images/nextcloud.tar $IMAGE_NAME:$NEXTCLOUD_VERSION-$CI_COMMIT_BRANCH
 
-  - name: tag-branch-and-latest
+  - name: tag-version
+    image: docker.io/library/alpine
+    when:
+      - branch: main
+    secrets:
+      - GIT_API_TOKEN
+    commands:
+      - apk -u add crane
+      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
+      - crane tag $IMAGE_NAME:$NEXTCLOUD_VERSION-$CI_COMMIT_BRANCH $NEXTCLOUD_VERSION
+
+  - name: tag-latest
     image: docker.io/library/alpine
     when:
       - branch: main
@@ -60,5 +71,4 @@ steps:
     commands:
       - apk -u add crane
       - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
-      - crane tag $IMAGE_NAME:$NEXTCLOUD_VERSION $CI_COMMIT_BRANCH
-      - crane tag $IMAGE_NAME:$NEXTCLOUD_VERSION latest
+      - crane tag $IMAGE_NAME:$NEXTCLOUD_VERSION-$CI_COMMIT_BRANCH latest

From a4a0af5d6540e55a5774c9d2f526e402d3ef1d41 Mon Sep 17 00:00:00 2001
From: Julian Schacher <julian@jsts.xyz>
Date: Sat, 10 Aug 2024 20:39:10 +0200
Subject: [PATCH 21/30] penpot: introduce ci for building custom penpot images

This is in preparation for building penpot images with custom patches
applied.
---
 .woodpecker/penpot.yaml | 91 +++++++++++++++++++++++++++++++++++++++++
 README.md               |  5 ++-
 2 files changed, 95 insertions(+), 1 deletion(-)
 create mode 100644 .woodpecker/penpot.yaml

diff --git a/.woodpecker/penpot.yaml b/.woodpecker/penpot.yaml
new file mode 100644
index 0000000..4ff29eb
--- /dev/null
+++ b/.woodpecker/penpot.yaml
@@ -0,0 +1,91 @@
+when:
+  - event: push
+    path: 
+      - 'penpot/**'
+      - '.woodpecker/penpot.yaml'
+  - event: cron
+    cron: daily
+
+# Manually set a workspace path, so we can use it literally, without using
+# ${CI_WORKSPACE}, when running kaniko, since using ${CI_WORKSPACE} doesn't work.
+# https://github.com/woodpecker-ci/woodpecker/issues/3982
+workspace:
+  path: src
+
+# Use matrix to set PENPOT_VERSION instead of setting the PENPOT_VERSION as an
+# environment variable in the build-images step, since string substitution
+# doesn't work for custom environment variables.
+# https://github.com/woodpecker-ci/woodpecker/issues/3983
+# Also because global environment variables aren't a thing.
+matrix:
+  PENPOT_VERSION:
+    - 2.1.2
+  IMAGE_BASE_NAME:
+    - git.hamburg.ccc.de/ccchh/oci-images/penpot
+  IMAGE_TYPE:
+    - frontend
+    - backend
+    - exporter
+
+steps:
+  - name: setup-image-path
+    image: alpine
+    commands:
+      - mkdir /woodpecker/images
+
+  - name: setup-penpot-repo
+    image: alpine
+    commands:
+      - apk -u add git curl
+      - git clone --branch $PENPOT_VERSION https://github.com/penpot/penpot.git /woodpecker/penpot
+      - cd /woodpecker/penpot
+      - git submodule update --init --recursive
+      # Get build system patch allowing for building images with kaniko.
+      # https://github.com/penpot/penpot/pull/4945
+      # https://github.com/penpot/penpot/pull/4945/commits/752574bac789cc90cc218004bb9545cc6239895d
+      - curl https://github.com/penpot/penpot/commit/752574bac789cc90cc218004bb9545cc6239895d.patch > 0001-move-entire-image-build-process-into-Dockerfiles.patch
+      - git config user.name "Woodpecker"
+      - git config user.email "woodpecker@woodpecker.invalid"
+      - git am *.patch
+
+  - name: build-image
+    image: gcr.io/kaniko-project/executor
+    entrypoint:
+      - /kaniko/executor
+      - --context=dir:///woodpecker/penpot
+      - --dockerfile=./docker/images/Dockerfile.${IMAGE_TYPE}
+      - --destination=${IMAGE_BASE_NAME}/${IMAGE_TYPE}:${PENPOT_VERSION}
+      - --no-push
+      - --tar-path=/woodpecker/images/penpot-${IMAGE_TYPE}.tar
+
+  - name: publish-image
+    image: docker.io/library/alpine
+    secrets:
+      - GIT_API_TOKEN
+    commands:
+      - apk -u add crane
+      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
+      - crane push /woodpecker/images/penpot-$IMAGE_TYPE.tar $IMAGE_BASE_NAME/$IMAGE_TYPE:$PENPOT_VERSION-$CI_COMMIT_BRANCH
+
+  - name: tag-version
+    image: docker.io/library/alpine
+    when:
+      - branch: main
+    secrets:
+      - GIT_API_TOKEN
+    commands:
+      - apk -u add crane
+      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
+      - crane tag $IMAGE_BASE_NAME/$IMAGE_TYPE:$PENPOT_VERSION-$CI_COMMIT_BRANCH $PENPOT_VERSION
+
+  - name: tag-latest
+    image: docker.io/library/alpine
+    when:
+      - branch: main
+        evaluate: 'PENPOT_VERSION == "2.1.2"'
+    secrets:
+      - GIT_API_TOKEN
+    commands:
+      - apk -u add crane
+      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
+      - crane tag $IMAGE_BASE_NAME/$IMAGE_TYPE:$PENPOT_VERSION-$CI_COMMIT_BRANCH latest
diff --git a/README.md b/README.md
index ade5424..557f82b 100644
--- a/README.md
+++ b/README.md
@@ -11,4 +11,7 @@ Tools in use:
 ## Images
 
 - `git.hamburg.ccc.de/CCCHH/oci-images/keycloak`
-- `git.hamburg.ccc.de/CCCHH/oci-images/nextcloud`
\ No newline at end of file
+- `git.hamburg.ccc.de/CCCHH/oci-images/nextcloud`
+- `git.hamburg.ccc.de/CCCHH/oci-images/penpot/frontend`
+- `git.hamburg.ccc.de/CCCHH/oci-images/penpot/backend`
+- `git.hamburg.ccc.de/CCCHH/oci-images/penpot/exporter`

From 98175014f99bf722405b0dcf64084b6b7ebb37cc Mon Sep 17 00:00:00 2001
From: Julian Schacher <julian@jsts.xyz>
Date: Sat, 10 Aug 2024 20:40:03 +0200
Subject: [PATCH 22/30] penpot: add patch disallow. reg. with invite, if pass.
 login is disabled

---
 .woodpecker/penpot.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.woodpecker/penpot.yaml b/.woodpecker/penpot.yaml
index 4ff29eb..9e79d1b 100644
--- a/.woodpecker/penpot.yaml
+++ b/.woodpecker/penpot.yaml
@@ -44,6 +44,10 @@ steps:
       # https://github.com/penpot/penpot/pull/4945
       # https://github.com/penpot/penpot/pull/4945/commits/752574bac789cc90cc218004bb9545cc6239895d
       - curl https://github.com/penpot/penpot/commit/752574bac789cc90cc218004bb9545cc6239895d.patch > 0001-move-entire-image-build-process-into-Dockerfiles.patch
+      # Get patch disallowing registration with invitation token, when disable-login-with-password flag is set.
+      # https://github.com/penpot/penpot/issues/4975
+      # https://github.com/june128/penpot/commit/f799da132bf5a51015859031f45154172fbf7cd0
+      - curl https://github.com/june128/penpot/commit/f799da132bf5a51015859031f45154172fbf7cd0.patch > 0002-hotfix-dont-allow-registration-with-invite-if-password-login-is-disabled.patch
       - git config user.name "Woodpecker"
       - git config user.email "woodpecker@woodpecker.invalid"
       - git am *.patch

From 8dbb9c64b3b25769ae86c0e93d7f482f82c0ed6f Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Fri, 4 Oct 2024 16:19:02 +0200
Subject: [PATCH 23/30] Build Keycloak image with version 26

---
 .woodpecker/keycloak.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.woodpecker/keycloak.yaml b/.woodpecker/keycloak.yaml
index 06eed66..b507779 100644
--- a/.woodpecker/keycloak.yaml
+++ b/.woodpecker/keycloak.yaml
@@ -20,6 +20,7 @@ workspace:
 matrix:
   KEYCLOAK_VERSION:
     - 25.0
+    - 26.0
   IMAGE_NAME:
   - git.hamburg.ccc.de/ccchh/oci-images/keycloak
 
@@ -64,7 +65,7 @@ steps:
     image: alpine
     when:
       - branch: main
-        evaluate: 'KEYCLOAK_VERSION == "25.0"'
+        evaluate: 'KEYCLOAK_VERSION == "26.0"'
     secrets:
       - GIT_API_TOKEN
     commands:

From 6023af9f0ffe06ddd23b19b9e3982ab316c5256c Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Thu, 31 Oct 2024 23:22:48 +0100
Subject: [PATCH 24/30] nextcloud: Remove version 28 add version 30

---
 .woodpecker/nextcloud.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.woodpecker/nextcloud.yaml b/.woodpecker/nextcloud.yaml
index feea22e..5aa788f 100644
--- a/.woodpecker/nextcloud.yaml
+++ b/.woodpecker/nextcloud.yaml
@@ -19,8 +19,8 @@ workspace:
 # Also because global environment variables aren't a thing.
 matrix:
   NEXTCLOUD_VERSION:
-    - 28
     - 29
+    - 30
   IMAGE_NAME:
     - git.hamburg.ccc.de/ccchh/oci-images/nextcloud
 

From 8eb83415d9c8420d804050a7310126f223c60456 Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Sun, 26 Jan 2025 03:17:11 +0100
Subject: [PATCH 25/30] keycloak: drop version 25.0 and add 26.1

---
 .woodpecker/keycloak.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.woodpecker/keycloak.yaml b/.woodpecker/keycloak.yaml
index b507779..0057312 100644
--- a/.woodpecker/keycloak.yaml
+++ b/.woodpecker/keycloak.yaml
@@ -19,8 +19,8 @@ workspace:
 # Also because global environment variables aren't a thing.
 matrix:
   KEYCLOAK_VERSION:
-    - 25.0
     - 26.0
+    - 26.1
   IMAGE_NAME:
   - git.hamburg.ccc.de/ccchh/oci-images/keycloak
 

From d0b7c324749e71d3bf376e74dde0800de95ac282 Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Tue, 20 May 2025 20:11:59 +0200
Subject: [PATCH 26/30] updates ci files

---
 .woodpecker/keycloak.yaml  | 16 ++++++++++------
 .woodpecker/nextcloud.yaml | 18 +++++++++++-------
 2 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/.woodpecker/keycloak.yaml b/.woodpecker/keycloak.yaml
index 0057312..dc64f11 100644
--- a/.woodpecker/keycloak.yaml
+++ b/.woodpecker/keycloak.yaml
@@ -21,6 +21,7 @@ matrix:
   KEYCLOAK_VERSION:
     - 26.0
     - 26.1
+    - 26.2
   IMAGE_NAME:
   - git.hamburg.ccc.de/ccchh/oci-images/keycloak
 
@@ -43,8 +44,9 @@ steps:
 
   - name: publish-image
     image: alpine
-    secrets:
-      - GIT_API_TOKEN
+    environment:
+      GIT_API_TOKEN:
+        from_secret: GIT_API_TOKEN
     commands:
       - apk -u add crane
       - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
@@ -54,8 +56,9 @@ steps:
     image: alpine
     when:
       - branch: main
-    secrets:
-      - GIT_API_TOKEN
+    environment:
+      GIT_API_TOKEN:
+        from_secret: GIT_API_TOKEN
     commands:
       - apk -u add crane
       - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
@@ -66,8 +69,9 @@ steps:
     when:
       - branch: main
         evaluate: 'KEYCLOAK_VERSION == "26.0"'
-    secrets:
-      - GIT_API_TOKEN
+    environment:
+      GIT_API_TOKEN:
+        from_secret: GIT_API_TOKEN
     commands:
       - apk -u add crane
       - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
diff --git a/.woodpecker/nextcloud.yaml b/.woodpecker/nextcloud.yaml
index 5aa788f..a9b3fa2 100644
--- a/.woodpecker/nextcloud.yaml
+++ b/.woodpecker/nextcloud.yaml
@@ -21,6 +21,7 @@ matrix:
   NEXTCLOUD_VERSION:
     - 29
     - 30
+    - 31
   IMAGE_NAME:
     - git.hamburg.ccc.de/ccchh/oci-images/nextcloud
 
@@ -43,8 +44,9 @@ steps:
 
   - name: publish-image
     image: docker.io/library/alpine
-    secrets:
-      - GIT_API_TOKEN
+    environment:
+      GIT_API_TOKEN:
+        from_secret: GIT_API_TOKEN
     commands:
       - apk -u add crane
       - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
@@ -54,8 +56,9 @@ steps:
     image: docker.io/library/alpine
     when:
       - branch: main
-    secrets:
-      - GIT_API_TOKEN
+    environment:
+      GIT_API_TOKEN:
+        from_secret: GIT_API_TOKEN
     commands:
       - apk -u add crane
       - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
@@ -65,9 +68,10 @@ steps:
     image: docker.io/library/alpine
     when:
       - branch: main
-        evaluate: 'NEXTCLOUD_VERSION == "28"'
-    secrets:
-      - GIT_API_TOKEN
+        evaluate: 'NEXTCLOUD_VERSION == "29"'
+    environment:
+      GIT_API_TOKEN:
+        from_secret: GIT_API_TOKEN
     commands:
       - apk -u add crane
       - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN

From f4bfd374f92bbe817f672d4454cf3d9e78f5a2bb Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Mon, 2 Jun 2025 19:24:35 +0200
Subject: [PATCH 27/30] alertmanager-ntfy

---
 .woodpecker/alertmanager-ntfy.yaml | 73 ++++++++++++++++++++++++++++++
 alertmanager-ntfy/Containerfile    | 14 ++++++
 2 files changed, 87 insertions(+)
 create mode 100644 .woodpecker/alertmanager-ntfy.yaml
 create mode 100644 alertmanager-ntfy/Containerfile

diff --git a/.woodpecker/alertmanager-ntfy.yaml b/.woodpecker/alertmanager-ntfy.yaml
new file mode 100644
index 0000000..d92a169
--- /dev/null
+++ b/.woodpecker/alertmanager-ntfy.yaml
@@ -0,0 +1,73 @@
+when:
+  - event: push
+    path:
+      - 'alertmanager-ntfy/**'
+      - '.woodpecker/alertmanager-ntfy.yaml'
+  - event: cron
+    cron: daily
+
+# Manually set a workspace path, so we can use it literally, without using
+# ${CI_WORKSPACE}, when running kaniko, since using ${CI_WORKSPACE} doesn't work.
+# https://github.com/woodpecker-ci/woodpecker/issues/3982
+workspace:
+  path: src
+
+matrix:
+  ALERTMANAGER-NTFY_VERSION:
+    - 76d5f772f70d6915c89da00414c20009b03cc361
+  IMAGE_NAME:
+  - git.hamburg.ccc.de/ccchh/oci-images/alertmanager-ntfy
+
+steps:
+  - name: setup
+    image: alpine
+    commands:
+      - apk -u add git
+      - mkdir /woodpecker/images
+      - git clone --revision=${ALERTMANAGER-NTFY_VERSION} https://github.com/alexbakker/alertmanager-ntfy.git
+      - ls
+
+#  - name: build-image
+#    image: gcr.io/kaniko-project/executor
+#    entrypoint:
+#      - /kaniko/executor
+#      - --context=dir:///woodpecker/src/alertmanager-ntfy
+#      - --dockerfile=./Containerfile
+#      - --destination=${IMAGE_NAME}:${ALERTMANAGER-NTFY_VERSION}
+#      - --no-push
+#      - --tar-path=/woodpecker/images/alertmanager-ntfy.tar
+#
+#  - name: publish-image
+#    image: alpine
+#    environment:
+#      GIT_API_TOKEN:
+#        from_secret: GIT_API_TOKEN
+#    commands:
+#      - apk -u add crane
+#      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
+#      - crane push /woodpecker/images/keycloak.tar $IMAGE_NAME:$ALERTMANAGER-NTFY_VERSION-$CI_COMMIT_BRANCH
+#
+#  - name: tag-version
+#    image: alpine
+#    when:
+#      - branch: main
+#    environment:
+#      GIT_API_TOKEN:
+#        from_secret: GIT_API_TOKEN
+#    commands:
+#      - apk -u add crane
+#      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
+#      - crane tag $IMAGE_NAME:$ALERTMANAGER-NTFY_VERSION-$CI_COMMIT_BRANCH $ALERTMANAGER-NTFY_VERSION
+#
+#  - name: tag-latest
+#    image: alpine
+#    when:
+#      - branch: main
+#        evaluate: 'KEYCLOAK_VERSION == "26.0"'
+#    environment:
+#      GIT_API_TOKEN:
+#        from_secret: GIT_API_TOKEN
+#    commands:
+#      - apk -u add crane
+#      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
+#      - crane tag $IMAGE_NAME:$ALERTMANAGER-NTFY_VERSION-$CI_COMMIT_BRANCH latest
diff --git a/alertmanager-ntfy/Containerfile b/alertmanager-ntfy/Containerfile
new file mode 100644
index 0000000..8f45f75
--- /dev/null
+++ b/alertmanager-ntfy/Containerfile
@@ -0,0 +1,14 @@
+ARG TAG=latest
+FROM docker.io/golang:${TAG} as builder
+ARG CGO_ENABLED=0
+WORKDIR /app
+
+COPY go.mod go.sum ./
+RUN go mod download
+COPY . .
+
+RUN go build
+
+FROM scratch
+COPY --from=builder /app/alertmanager-ntfy /alertmanager-ntfy
+ENTRYPOINT ["/alertmanager-ntfy"]
\ No newline at end of file

From 1e323bfa923aac17a8b21bfb775e19017b868777 Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Tue, 24 Jun 2025 22:51:06 +0200
Subject: [PATCH 28/30] remove never used image build

---
 .woodpecker/alertmanager-ntfy.yaml | 73 ------------------------------
 alertmanager-ntfy/Containerfile    | 14 ------
 2 files changed, 87 deletions(-)
 delete mode 100644 .woodpecker/alertmanager-ntfy.yaml
 delete mode 100644 alertmanager-ntfy/Containerfile

diff --git a/.woodpecker/alertmanager-ntfy.yaml b/.woodpecker/alertmanager-ntfy.yaml
deleted file mode 100644
index d92a169..0000000
--- a/.woodpecker/alertmanager-ntfy.yaml
+++ /dev/null
@@ -1,73 +0,0 @@
-when:
-  - event: push
-    path:
-      - 'alertmanager-ntfy/**'
-      - '.woodpecker/alertmanager-ntfy.yaml'
-  - event: cron
-    cron: daily
-
-# Manually set a workspace path, so we can use it literally, without using
-# ${CI_WORKSPACE}, when running kaniko, since using ${CI_WORKSPACE} doesn't work.
-# https://github.com/woodpecker-ci/woodpecker/issues/3982
-workspace:
-  path: src
-
-matrix:
-  ALERTMANAGER-NTFY_VERSION:
-    - 76d5f772f70d6915c89da00414c20009b03cc361
-  IMAGE_NAME:
-  - git.hamburg.ccc.de/ccchh/oci-images/alertmanager-ntfy
-
-steps:
-  - name: setup
-    image: alpine
-    commands:
-      - apk -u add git
-      - mkdir /woodpecker/images
-      - git clone --revision=${ALERTMANAGER-NTFY_VERSION} https://github.com/alexbakker/alertmanager-ntfy.git
-      - ls
-
-#  - name: build-image
-#    image: gcr.io/kaniko-project/executor
-#    entrypoint:
-#      - /kaniko/executor
-#      - --context=dir:///woodpecker/src/alertmanager-ntfy
-#      - --dockerfile=./Containerfile
-#      - --destination=${IMAGE_NAME}:${ALERTMANAGER-NTFY_VERSION}
-#      - --no-push
-#      - --tar-path=/woodpecker/images/alertmanager-ntfy.tar
-#
-#  - name: publish-image
-#    image: alpine
-#    environment:
-#      GIT_API_TOKEN:
-#        from_secret: GIT_API_TOKEN
-#    commands:
-#      - apk -u add crane
-#      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
-#      - crane push /woodpecker/images/keycloak.tar $IMAGE_NAME:$ALERTMANAGER-NTFY_VERSION-$CI_COMMIT_BRANCH
-#
-#  - name: tag-version
-#    image: alpine
-#    when:
-#      - branch: main
-#    environment:
-#      GIT_API_TOKEN:
-#        from_secret: GIT_API_TOKEN
-#    commands:
-#      - apk -u add crane
-#      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
-#      - crane tag $IMAGE_NAME:$ALERTMANAGER-NTFY_VERSION-$CI_COMMIT_BRANCH $ALERTMANAGER-NTFY_VERSION
-#
-#  - name: tag-latest
-#    image: alpine
-#    when:
-#      - branch: main
-#        evaluate: 'KEYCLOAK_VERSION == "26.0"'
-#    environment:
-#      GIT_API_TOKEN:
-#        from_secret: GIT_API_TOKEN
-#    commands:
-#      - apk -u add crane
-#      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
-#      - crane tag $IMAGE_NAME:$ALERTMANAGER-NTFY_VERSION-$CI_COMMIT_BRANCH latest
diff --git a/alertmanager-ntfy/Containerfile b/alertmanager-ntfy/Containerfile
deleted file mode 100644
index 8f45f75..0000000
--- a/alertmanager-ntfy/Containerfile
+++ /dev/null
@@ -1,14 +0,0 @@
-ARG TAG=latest
-FROM docker.io/golang:${TAG} as builder
-ARG CGO_ENABLED=0
-WORKDIR /app
-
-COPY go.mod go.sum ./
-RUN go mod download
-COPY . .
-
-RUN go build
-
-FROM scratch
-COPY --from=builder /app/alertmanager-ntfy /alertmanager-ntfy
-ENTRYPOINT ["/alertmanager-ntfy"]
\ No newline at end of file

From 1f3e972fbd036a38131cefdf7d283780c31648f3 Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Sun, 29 Jun 2025 20:33:09 +0200
Subject: [PATCH 29/30] fix secrets

---
 .woodpecker/penpot.yaml | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/.woodpecker/penpot.yaml b/.woodpecker/penpot.yaml
index 9e79d1b..8cedcbe 100644
--- a/.woodpecker/penpot.yaml
+++ b/.woodpecker/penpot.yaml
@@ -64,8 +64,9 @@ steps:
 
   - name: publish-image
     image: docker.io/library/alpine
-    secrets:
-      - GIT_API_TOKEN
+    environment:
+      GIT_API_TOKEN:
+        from_secret: GIT_API_TOKEN
     commands:
       - apk -u add crane
       - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
@@ -75,8 +76,9 @@ steps:
     image: docker.io/library/alpine
     when:
       - branch: main
-    secrets:
-      - GIT_API_TOKEN
+    environment:
+      GIT_API_TOKEN:
+        from_secret: GIT_API_TOKEN
     commands:
       - apk -u add crane
       - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
@@ -87,8 +89,9 @@ steps:
     when:
       - branch: main
         evaluate: 'PENPOT_VERSION == "2.1.2"'
-    secrets:
-      - GIT_API_TOKEN
+    environment:
+      GIT_API_TOKEN:
+        from_secret: GIT_API_TOKEN
     commands:
       - apk -u add crane
       - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN

From b722397a8be291c9dd8631092a4b22257d11111f Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Sun, 29 Jun 2025 20:34:53 +0200
Subject: [PATCH 30/30] do not build eol keycloak and nextcloud

---
 .woodpecker/keycloak.yaml  | 1 -
 .woodpecker/nextcloud.yaml | 1 -
 2 files changed, 2 deletions(-)

diff --git a/.woodpecker/keycloak.yaml b/.woodpecker/keycloak.yaml
index dc64f11..5c3433a 100644
--- a/.woodpecker/keycloak.yaml
+++ b/.woodpecker/keycloak.yaml
@@ -19,7 +19,6 @@ workspace:
 # Also because global environment variables aren't a thing.
 matrix:
   KEYCLOAK_VERSION:
-    - 26.0
     - 26.1
     - 26.2
   IMAGE_NAME:
diff --git a/.woodpecker/nextcloud.yaml b/.woodpecker/nextcloud.yaml
index a9b3fa2..d570293 100644
--- a/.woodpecker/nextcloud.yaml
+++ b/.woodpecker/nextcloud.yaml
@@ -19,7 +19,6 @@ workspace:
 # Also because global environment variables aren't a thing.
 matrix:
   NEXTCLOUD_VERSION:
-    - 29
     - 30
     - 31
   IMAGE_NAME: