* Add Docker update support via Watchtower integration
Add web-based Docker container updates using Watchtower HTTP API.
When configured with WATCHTOWER_API_URL and WATCHTOWER_API_TOKEN
environment variables, administrators can trigger container updates
from the Update Manager page.
Features:
- WatchtowerClient service for Watchtower HTTP API communication
- Docker update progress page with animated Docker whale logo
- Real-time step tracking: Trigger, Pull, Stop, Restart, Health Check, Verify
- CSP-compatible progress bar using CSS classes
- Translated UI strings via Stimulus values
- Health endpoint polling to detect container restart
- Watchtower setup documentation for Docker installations
- WatchtowerClient made nullable for non-Docker installations
- Unit tests for WatchtowerClient
* Fixed translation message IDs
* Switch Watchtower docs to maintained nicholas-fedor fork
The original containrrr/watchtower is no longer maintained (last release
Nov 2023). Point users to the drop-in compatible active fork and add an
info note explaining why. No code changes — the HTTP API is identical,
so WatchtowerClient works against either image.
* Fixed exception when github is not reachable
* Only show version string in health endpoint, when user has permissions
* Do not expose watchtower API port in example docker-compose file
* Show if updates, backup restore and backup download are allowed in update manager page
* Report 'not authorized' for version in health endpoint if user lacks permission
---------
Co-authored-by: Jan Böhmer <mail@jan-boehmer.de>
* Add manual backup creation and delete buttons to Update Manager
- Add "Create Backup" button in the backups tab for on-demand backups
- Add delete buttons (trash icons) for update logs and backups
- New controller routes with CSRF protection and permission checks
- Use data-turbo-confirm for CSP-safe confirmation dialogs
- Add deleteLog() method to UpdateExecutor with filename validation
* Add Docker backup support: download button, SQLite restore fix, decouple from auto-update
- Decouple backup creation/restore UI from can_auto_update so Docker
and other non-git installations can use backup features
- Add backup download endpoint for saving backups externally
- Fix SQLite restore to use configured DATABASE_URL path instead of
hardcoded var/app.db (affects Docker and custom SQLite paths)
- Show Docker-specific warning about var/backups/ not being persisted
- Pass is_docker flag to template via InstallationTypeDetector
* Add tests for backup/update manager improvements
- Controller tests: auth, CSRF validation, 404 for missing backups, restore disabled check
- UpdateExecutor: deleteLog validation, non-existent file, successful deletion
- BackupManager: deleteBackup validation for missing/non-zip files
* Fix test failures: add locale prefix to URLs, correct log directory path
* Fix auth test: expect 401 instead of redirect for HTTP Basic auth
* Improve test coverage for update manager controller
Add happy-path tests for backup creation, deletion, download,
and log deletion with valid CSRF tokens. Also test the locked
state blocking backup creation.
* Fix CSRF tests: initialize session before getting tokens
* Fix CSRF tests: extract tokens from rendered page HTML
* Harden backup security: password confirmation, CSRF, env toggle
Address security review feedback from jbtronics:
- Add IS_AUTHENTICATED_FULLY to all sensitive endpoints (create/delete
backup, delete log, download backup, start update, restore)
- Change backup download from GET to POST with CSRF token
- Require password confirmation before downloading backups (backups
contain sensitive data like password hashes and secrets)
- Add DISABLE_BACKUP_DOWNLOAD env var (default: disabled) to control
whether backup downloads are allowed
- Add password confirmation modal with security warning in template
- Add comprehensive tests: auth checks, env var blocking, POST-only
enforcement, status/progress endpoint auth
* Fix download modal: use per-backup modals for CSP/Turbo compatibility
- Replace shared modal + inline JS with per-backup modals that have
filename pre-set in hidden fields (no JavaScript needed)
- Add data-turbo="false" to download forms for native browser handling
- Add data-bs-dismiss="modal" to submit button to auto-close modal
- Add hidden username field for Chrome accessibility best practice
- Fix test: GET on POST-only route returns 404 not 405
* Fixed translation keys
* Fixed text justification in download modal
* Hardenened security of deleteLogEndpoint
* Show whether backup, restores and updates are allowed or disabled by sysadmin on update manager
* Added documentation for update manager related env variables
---------
Co-authored-by: Jan Böhmer <mail@jan-boehmer.de>
Changes based on maintainer feedback from PR #1217:
1. Add yarn install/build steps to update process
- Added yarn availability check in validateUpdatePreconditions
- Added yarn install and yarn build steps after composer install
- Added yarn rebuild to rollback process
- Updated total steps count from 12 to 14
2. Add environment variables to disable web features
- DISABLE_WEB_UPDATES: Completely disable web-based updates
- DISABLE_BACKUP_RESTORE: Disable backup restore from web UI
- Added checks in controller and template
3. Extract BackupManager service
- New service handles backup creation, listing, details, and restoration
- UpdateExecutor now delegates backup operations to BackupManager
- Cleaner separation of concerns for future reuse
4. Merge upstream/master and resolve translation conflicts
- Added Conrad info provider and generic web provider translations
- Kept Update Manager translations
* Add env option to disable part image overlay
Fixes#369 while preserving the state as-is
* Added documentation and use 1 instead of true for new env
---------
Co-authored-by: Jan Böhmer <mail@jan-boehmer.de>
* OEMSecrets provider interface v.1.0
New class for interacting with the OEMSecrets (https://www.oemsecrets.com) API version 3.0.1.
* Refactored info provider to be stateless and independent from session, optimized Part-DB API usage, and fixed PHPStan issues.
Refactored info provider to be stateless and independent from session, now use Psr\Cache, fixed issues identified by PHPStan, additional minor enhancements and bug fixes.
* Prefix cache keys with oemsecrets_ to avoid key collissions
* Use uniqid with more entropy to reduce probability of collisions
* Made $resultData local as it is only used inside searchByKeyword
* Use the parameter name $id from interface declaration for getDetails to avoid problems with named arguments
* Use unicode modifier for preg_match to avoid problems when parameters contain non-unicode strings
* Various small code quality improvements
* Try to retrieve the part from the API in getDetails, if the DTO was not cached before
* Improved code formatting
* Channged OEMSecret default country to DE to be consistent with other default values
* Do not call gc_collect_cycles in the loop to process the results, but only after all processBatch calls
---------
Co-authored-by: Jan Böhmer <mail@jan-boehmer.de>
