feat(fireflyiii): add cron support

[stavros-k]

Description

Fixes #990

Type of change

• Feature/App addition
• Bugfix
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Refactor of current code

How Has This Been Tested?

Notes:

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests to this description that prove my fix is effective or that my feature works
• I increased versions for any altered app according to semantic versioning

[gitguardian]

⚠️ GitGuardian has uncovered 0 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Details of the secret

Secret	Commit	Filename	Detected At

🛠 How to resolve this

1. Understand the implications of revoking this secret by examining where it is used in your code.

2. Replace and store your secret safely. Learn here the best practices

3. Revoke and rotate this secret

4. If possible, rewrite your git history to remove all evidence of the secret leak. Please beware this is not a trivial operation. You might completely break other contributing developers’ workflow and you risk accidentally deleting work in progress.

💡 To avoid such incidents in the future, consider following these best practices for managing and storing secrets including API keys and other credentials.

You are seeing this because you or someone else has authorized GitGuardian to scan pull requests

[PrivatePuffin]

Please do not send in ANY commits at this time.
I'm doing a complicated cleanup and rerelease procedure!

[stavros-k]

• Needs to detect adjust the link that curls based on the app name
• Needs to check why STATIC_CRON_TOKEN doesn't work but user cli token does, maybe an upstream bug.
• Also needs to adjust schedule as it's too often now
• automatic generation of static_cron_token
• check if we should change the image used for curl or digest pin or something

Still needs work.

[stavros-k]

@Ornias1993 Is this how auto generated remembered secrets works? It's mostly copy-pasta from authelia.
If thats correct I can also move APP_KEY to auto generated remembered secret as this is just the encryption key of the app.

EDIT: I think it needs also a configmap?

[PrivatePuffin]

You actually need to load the secret value to a env-var as normal.

[stavros-k]

Is there any better/recommended image to use for curl?
Would CI detect the image defined in _cronjob.tpl to update it regularly?

Also, should the APP_KEY also be moved to autogen remembered secrets?

[PrivatePuffin]

Is there any better/recommended image to use for curl? Would CI detect the image defined in _cronjob.tpl to update it regularly?

You should reference our alpline image under alpineImage or something.
Check common what to reference.

[PrivatePuffin]

Also, should the APP_KEY also be moved to autogen remembered secrets?

No idea.
If it is NOT used-exposed: Yes it should.

[PrivatePuffin]

Approved, though it could use some future (security) optimalisations and configurability by the user...

[PrivatePuffin]

Please bump minor version (not patch) @stavros-k

[stavros-k]

Approved, though it could use some future (security) optimalisations and configurability by the user...

Configurability won't be much as the cron wont be accepted by the app if it runs sooner than once per 12h.

I'd like to hear what security updates could be done for the future

[PrivatePuffin]

@stavros-k awesome, didn't know that.
In terms of security, adding securityContext is mostly the thing. it does not contain securityContext and also won't share the podSecurityContext from the main pod (as it's technically not IN the same pod)

[stavros-k]

@stavros-k awesome, didn't know that. In terms of security, adding securityContext is mostly the thing. it does not contain securityContext and also won't share the podSecurityContext from the main pod (as it's technically not IN the same pod)

Awesome, will do some tests later and make a new PR addressing this!

[truecharts-admin]

This PR is locked to prevent necro-posting on closed PRs. Please create a issue or contact staff on discord if you want to further discuss this