From f74abf8fceae6acb3dce1367b9a3a9a289227ab5 Mon Sep 17 00:00:00 2001 From: thespad Date: Thu, 2 May 2024 15:10:59 +0100 Subject: [PATCH 01/17] Use corepack, enable active record encryption --- Dockerfile | 39 +++++++++++++++-------------------- Dockerfile.aarch64 | 41 ++++++++++++++++--------------------- readme-vars.yml | 10 +++++---- root/generate-active-record | 6 ++++++ 4 files changed, 47 insertions(+), 49 deletions(-) create mode 100755 root/generate-active-record diff --git a/Dockerfile b/Dockerfile index 2e470ab..34a1882 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,15 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.18 +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.19 ARG BUILD_DATE ARG VERSION ARG MASTODON_VERSION LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}" -LABEL maintainer="TheSpad" +LABEL maintainer="thespad" ENV RAILS_ENV="production" \ NODE_ENV="production" \ - NODE_OPTIONS="--openssl-legacy-provider" \ PATH="${PATH}:/app/www/bin" \ S6_STAGE2_HOOK="/init-hook" @@ -32,9 +31,10 @@ RUN \ libpq-dev \ libxml2-dev \ libxslt-dev \ + linux-headers \ + npm \ openssl-dev \ ruby-dev \ - yarn \ yaml-dev && \ echo "**** install mastodon ****" && \ mkdir -p /app/www && \ @@ -49,19 +49,23 @@ RUN \ /tmp/mastodon.tar.gz -C \ /app/www/ --strip-components=1 && \ cd /app/www && \ - # https://github.com/mastodon/mastodon/pull/24702 - sed -En "s/.*\brequire\('([^']+)'\).*/\"\1\"/p" streaming/index.js > streaming-requires.txt && \ - jq --slurpfile requires streaming-requires.txt \ - '{ dependencies: .dependencies | with_entries(select([.key] | inside($requires))) }' \ - package.json > streaming/package.json && \ bundle config set --local deployment 'true' && \ bundle config set --local without 'development test exclude' && \ bundle config set silence_root_warning true && \ bundle install -j"$(nproc)" --no-cache && \ - yarn install --production --frozen-lockfile --check-files && \ - cd streaming && \ - yarn install --production --check-files && \ - OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder rails assets:precompile && \ + npm install -g corepack && \ + corepack enable && \ + yarn workspaces focus --production @mastodon/mastodon && \ + ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=precompile_placeholder \ + ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=precompile_placeholder \ + ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=precompile_placeholder \ + OTP_SECRET=precompile_placeholder \ + SECRET_KEY_BASE=precompile_placeholder \ + bundle exec rails assets:precompile && \ + bundle exec bootsnap precompile --gemfile app/ lib/ && \ + rm -rf /app/www/node_modules && \ + cd streaming && \ + yarn workspaces focus --production @mastodon/streaming && \ echo "**** cleanup ****" && \ yarn cache clean && \ apk del --purge \ @@ -98,15 +102,6 @@ RUN \ -o -name 'Rakefile' \ -o -name '.*' \) \ -type f -delete && \ - # Remove source maps, TS files, docs, tests and other useless files. - find /app/www/streaming/node_modules \( -name '.*' \ - -o -name '*.map' \ - -o -name '*.md' \ - -o -name '*.ts' \ - -o -name 'LICENSE*' \ - -o -name 'Makefile' \ - -o -name 'README*' \) \ - -type f -delete && \ rm -rf /app/www/streaming/node_modules/*/test && \ rm -rf /app/www/node_modules diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index cac1e4c..43f0211 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,16 +1,15 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.18 +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.19 ARG BUILD_DATE ARG VERSION ARG MASTODON_VERSION LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}" -LABEL maintainer="TheSpad" +LABEL maintainer="thespad" ENV RAILS_ENV="production" \ NODE_ENV="production" \ - NODE_OPTIONS="--openssl-legacy-provider" \ PATH="${PATH}:/app/www/bin" \ S6_STAGE2_HOOK="/init-hook" @@ -33,11 +32,12 @@ RUN \ libpq-dev \ libxml2-dev \ libxslt-dev \ + linux-headers \ + npm \ openssl-dev \ python3-dev \ ruby-dev \ - yaml-dev \ - yarn && \ + yaml-dev && \ echo "**** install mastodon ****" && \ mkdir -p /app/www && \ if [ -z ${MASTODON_VERSION+x} ]; then \ @@ -51,20 +51,24 @@ RUN \ /tmp/mastodon.tar.gz -C \ /app/www/ --strip-components=1 && \ cd /app/www && \ - # https://github.com/mastodon/mastodon/pull/24702 - sed -En "s/.*\brequire\('([^']+)'\).*/\"\1\"/p" streaming/index.js > streaming-requires.txt && \ - jq --slurpfile requires streaming-requires.txt \ - '{ dependencies: .dependencies | with_entries(select([.key] | inside($requires))) }' \ - package.json > streaming/package.json && \ bundle config set --local deployment 'true' && \ bundle config set --local without 'development test exclude' && \ bundle config set silence_root_warning true && \ bundle config set force_ruby_platform true && \ bundle install -j"$(nproc)" --no-cache && \ - yarn install --production --frozen-lockfile --check-files && \ - cd streaming && \ - yarn install --production --check-files && \ - OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder rails assets:precompile && \ + npm install -g corepack && \ + corepack enable && \ + yarn workspaces focus --production @mastodon/mastodon && \ + ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=precompile_placeholder \ + ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=precompile_placeholder \ + ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=precompile_placeholder \ + OTP_SECRET=precompile_placeholder \ + SECRET_KEY_BASE=precompile_placeholder \ + bundle exec rails assets:precompile && \ + bundle exec bootsnap precompile --gemfile app/ lib/ && \ + rm -rf /app/www/node_modules && \ + cd streaming && \ + yarn workspaces focus --production @mastodon/streaming && \ echo "**** cleanup ****" && \ yarn cache clean && \ apk del --purge \ @@ -101,15 +105,6 @@ RUN \ -o -name 'Rakefile' \ -o -name '.*' \) \ -type f -delete && \ - # Remove source maps, TS files, docs, tests and other useless files. - find /app/www/streaming/node_modules \( -name '.*' \ - -o -name '*.map' \ - -o -name '*.md' \ - -o -name '*.ts' \ - -o -name 'LICENSE*' \ - -o -name 'Makefile' \ - -o -name 'README*' \) \ - -type f -delete && \ rm -rf /app/www/streaming/node_modules/*/test && \ rm -rf /app/www/node_modules diff --git a/readme-vars.yml b/readme-vars.yml index ae8e5de..1d8833c 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -27,7 +27,6 @@ param_container_name: "{{ project_name }}" param_usage_include_env: true param_env_vars: - - { env_var: "TZ", env_value: "America/New_York", desc: "Specify a timezone to use EG America/New_York"} - { env_var: "LOCAL_DOMAIN", env_value: "example.com", desc: "This is the unique identifier of your server in the network. It cannot be safely changed later."} - { env_var: "REDIS_HOST", env_value: "redis", desc: "Redis server hostname"} - { env_var: "REDIS_PORT", env_value: "6379", desc: "Redis port"} @@ -73,16 +72,18 @@ param_ports: param_usage_include_vols: true param_volumes: - - { vol_path: "/config", vol_host_path: "/path/to/appdata/config", desc: "Contains all relevant configuration files." } + - { vol_path: "/config", vol_host_path: "/path/to/mastodon/appdata/config", desc: "Contains all relevant configuration files." } # application setup block app_setup_block_enabled: true app_setup_block: | We provide aliases for the common commands that execute in the correct context so that environment variables from secrets are available to them: - * To generate keys for `SECRET_KEY_BASE` & `OTP_SECRET` run `docker run --rm -it --entrypoint /bin/bash lscr.io/linuxserver/mastodon generate-secret` once for each. + * To generate keys for `SECRET_KEY_BASE` & `OTP_SECRET` run `docker run --rm -it --entrypoint /bin/bash lscr.io/linuxserver/mastodon:develop generate-secret` once for each. - * To generate keys for `VAPID_PRIVATE_KEY` & `VAPID_PUBLIC_KEY` run `docker run --rm -it --entrypoint /bin/bash lscr.io/linuxserver/mastodon generate-vapid` + * To generate keys for `VAPID_PRIVATE_KEY` & `VAPID_PUBLIC_KEY` run `docker run --rm -it --entrypoint /bin/bash lscr.io/linuxserver/mastodon:develop generate-vapid` + + * To generate keys for `ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY`, `ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT`, & `ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY` run `docker run --rm -it --entrypoint /bin/bash lscr.io/linuxserver/mastodon:develop generate-active-record` Both of the secret generation aliases above can be run without any other setup having been carried out. @@ -114,6 +115,7 @@ app_setup_block: | # changelog changelogs: + - { date: "08.08.24:", desc: "Rebase to Alpine 3.19, enable [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files)" } - { date: "08.08.23:", desc: "Rebase to Alpine 3.18, migrate to s6v3" } - { date: "09.02.23:", desc: "Add Glitch branch." } - { date: "26.01.23:", desc: "Add aliases for key generation & tootctl to better support secrets." } diff --git a/root/generate-active-record b/root/generate-active-record new file mode 100755 index 0000000..8e47941 --- /dev/null +++ b/root/generate-active-record @@ -0,0 +1,6 @@ +#!/usr/bin/with-contenv bash +# shellcheck shell=bash + +cd /app/www || exit 1 + +rake db:encryption:init From b63daabc9cb5d08ffa064d7367eb927d0bfde21c Mon Sep 17 00:00:00 2001 From: thespad Date: Sun, 5 May 2024 20:06:55 +0100 Subject: [PATCH 02/17] Don't rm folder that doesn't exist any more --- Dockerfile | 1 - Dockerfile.aarch64 | 1 - 2 files changed, 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 34a1882..351187e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -74,7 +74,6 @@ RUN \ rm -r \ /app/www/app/javascript/fonts \ /app/www/app/javascript/icons \ - /app/www/app/javascript/packs \ /app/www/app/javascript/styles && \ rm -rf \ # Remove vendored sources for building native extensions. diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 43f0211..4e77c0e 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -77,7 +77,6 @@ RUN \ rm -r \ /app/www/app/javascript/fonts \ /app/www/app/javascript/icons \ - /app/www/app/javascript/packs \ /app/www/app/javascript/styles && \ rm -rf \ # Remove vendored sources for building native extensions. From 18fd371e10d30df900e405902ca814a5b15ee9ba Mon Sep 17 00:00:00 2001 From: thespad Date: Sun, 12 May 2024 23:26:22 +0100 Subject: [PATCH 03/17] Remove ruby forced platform for arm64 --- Dockerfile.aarch64 | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 4e77c0e..eb2c298 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -54,7 +54,6 @@ RUN \ bundle config set --local deployment 'true' && \ bundle config set --local without 'development test exclude' && \ bundle config set silence_root_warning true && \ - bundle config set force_ruby_platform true && \ bundle install -j"$(nproc)" --no-cache && \ npm install -g corepack && \ corepack enable && \ From 5e62c39c4ee954dda66e7ed39b0e3cedc7212d43 Mon Sep 17 00:00:00 2001 From: thespad Date: Sat, 25 May 2024 20:54:33 +0100 Subject: [PATCH 04/17] Rebase to 3.20 --- .github/ISSUE_TEMPLATE/issue.bug.yml | 4 +- .github/workflows/external_trigger.yml | 2 +- .../workflows/external_trigger_scheduler.yml | 2 +- .github/workflows/package_trigger.yml | 2 +- .../workflows/package_trigger_scheduler.yml | 2 +- Dockerfile | 3 +- Dockerfile.aarch64 | 3 +- Jenkinsfile | 226 +++++++++--------- README.md | 34 +-- jenkins-vars.yml | 6 +- readme-vars.yml | 5 +- 11 files changed, 144 insertions(+), 145 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/issue.bug.yml b/.github/ISSUE_TEMPLATE/issue.bug.yml index ce3d19a..8a680f9 100755 --- a/.github/ISSUE_TEMPLATE/issue.bug.yml +++ b/.github/ISSUE_TEMPLATE/issue.bug.yml @@ -67,10 +67,10 @@ body: - type: textarea attributes: description: | - Provide a full docker log, output of "docker logs linuxserver.io" + Provide a full docker log, output of "docker logs mastodon" label: Container logs placeholder: | - Output of `docker logs linuxserver.io` + Output of `docker logs mastodon` render: bash validations: required: true diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml index 944c053..4561c92 100644 --- a/.github/workflows/external_trigger.yml +++ b/.github/workflows/external_trigger.yml @@ -7,7 +7,7 @@ jobs: external-trigger-develop: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3.1.0 + - uses: actions/checkout@v4.1.1 - name: External Trigger if: github.ref == 'refs/heads/develop' diff --git a/.github/workflows/external_trigger_scheduler.yml b/.github/workflows/external_trigger_scheduler.yml index ad382d7..b465933 100644 --- a/.github/workflows/external_trigger_scheduler.yml +++ b/.github/workflows/external_trigger_scheduler.yml @@ -9,7 +9,7 @@ jobs: external-trigger-scheduler: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3.1.0 + - uses: actions/checkout@v4.1.1 with: fetch-depth: '0' diff --git a/.github/workflows/package_trigger.yml b/.github/workflows/package_trigger.yml index 159718b..aed0453 100644 --- a/.github/workflows/package_trigger.yml +++ b/.github/workflows/package_trigger.yml @@ -7,7 +7,7 @@ jobs: package-trigger-develop: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3.1.0 + - uses: actions/checkout@v4.1.1 - name: Package Trigger if: github.ref == 'refs/heads/develop' diff --git a/.github/workflows/package_trigger_scheduler.yml b/.github/workflows/package_trigger_scheduler.yml index 032c865..4a3bd60 100644 --- a/.github/workflows/package_trigger_scheduler.yml +++ b/.github/workflows/package_trigger_scheduler.yml @@ -9,7 +9,7 @@ jobs: package-trigger-scheduler: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3.1.0 + - uses: actions/checkout@v4.1.1 with: fetch-depth: '0' diff --git a/Dockerfile b/Dockerfile index 351187e..c457193 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.19 +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.20 ARG BUILD_DATE ARG VERSION @@ -66,6 +66,7 @@ RUN \ rm -rf /app/www/node_modules && \ cd streaming && \ yarn workspaces focus --production @mastodon/streaming && \ + printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \ echo "**** cleanup ****" && \ yarn cache clean && \ apk del --purge \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index eb2c298..df58a12 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.19 +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.20 ARG BUILD_DATE ARG VERSION @@ -68,6 +68,7 @@ RUN \ rm -rf /app/www/node_modules && \ cd streaming && \ yarn workspaces focus --production @mastodon/streaming && \ + printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \ echo "**** cleanup ****" && \ yarn cache clean && \ apk del --purge \ diff --git a/Jenkinsfile b/Jenkinsfile index 1357044..363b6c7 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -16,6 +16,7 @@ pipeline { GITHUB_TOKEN=credentials('498b4638-2d02-4ce5-832d-8a57d01d97ab') GITLAB_TOKEN=credentials('b6f0f1dd-6952-4cf6-95d1-9c06380283f0') GITLAB_NAMESPACE=credentials('gitlab-namespace-id') + DOCKERHUB_TOKEN=credentials('docker-hub-ci-pat') JSON_URL='https://api.github.com/repos/mastodon/mastodon/releases' JSON_PATH='first(.[] | select(.prerelease==true)) | .tag_name' EXT_GIT_BRANCH = 'main' @@ -34,8 +35,8 @@ pipeline { CI_WEB='false' CI_PORT='80' CI_SSL='false' - CI_DELAY='120' - CI_DOCKERENV='TZ=US/Pacific' + CI_DELAY='60' + CI_DOCKERENV='' CI_AUTH='' CI_WEBPATH='' } @@ -63,11 +64,16 @@ pipeline { env.COMMIT_SHA = sh( script: '''git rev-parse HEAD''', returnStdout: true).trim() + env.GH_DEFAULT_BRANCH = sh( + script: '''git remote show origin | grep "HEAD branch:" | sed 's|.*HEAD branch: ||' ''', + returnStdout: true).trim() env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/' env.PULL_REQUEST = env.CHANGE_ID env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml' } + sh '''#! /bin/bash + echo "The default github branch detected as ${GH_DEFAULT_BRANCH}" ''' script{ env.LS_RELEASE_NUMBER = sh( script: '''echo ${LS_RELEASE} |sed 's/^.*-ls//g' ''', @@ -125,7 +131,7 @@ pipeline { steps{ script{ env.EXT_RELEASE_CLEAN = sh( - script: '''echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g' ''', + script: '''echo ${EXT_RELEASE} | sed 's/[~,%@+;:/ ]//g' ''', returnStdout: true).trim() def semver = env.EXT_RELEASE_CLEAN =~ /(\d+)\.(\d+)\.(\d+)/ @@ -143,7 +149,7 @@ pipeline { } if (env.SEMVER != null) { - if (BRANCH_NAME != "master" && BRANCH_NAME != "main") { + if (BRANCH_NAME != "${env.GH_DEFAULT_BRANCH}") { env.SEMVER = "${env.SEMVER}-${BRANCH_NAME}" } println("SEMVER: ${env.SEMVER}") @@ -244,9 +250,11 @@ pipeline { -v ${WORKSPACE}:/mnt \ -e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \ -e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \ - ghcr.io/linuxserver/baseimage-alpine:3.17 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\ - apk add --no-cache py3-pip && \ - pip install s3cmd && \ + ghcr.io/linuxserver/baseimage-alpine:3.19 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\ + apk add --no-cache python3 && \ + python3 -m venv /lsiopy && \ + pip install --no-cache-dir -U pip && \ + pip install --no-cache-dir s3cmd && \ s3cmd put --no-preserve --acl-public -m text/xml /mnt/shellcheck-result.xml s3://ci-tests.linuxserver.io/${IMAGE}/${META_TAG}/shellcheck-result.xml" || :''' } } @@ -265,8 +273,15 @@ pipeline { set -e TEMPDIR=$(mktemp -d) docker pull ghcr.io/linuxserver/jenkins-builder:latest - docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH=develop -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest - # Stage 1 - Jenkinsfile update + # Cloned repo paths for templating: + # ${TEMPDIR}/docker-${CONTAINER_NAME}: Cloned branch develop of ${LS_USER}/${LS_REPO} for running the jenkins builder on + # ${TEMPDIR}/repo/${LS_REPO}: Cloned branch develop of ${LS_USER}/${LS_REPO} for commiting various templated file changes and pushing back to Github + # ${TEMPDIR}/docs/docker-documentation: Cloned docs repo for pushing docs updates to Github + # ${TEMPDIR}/unraid/docker-templates: Cloned docker-templates repo to check for logos + # ${TEMPDIR}/unraid/templates: Cloned templates repo for commiting unraid template changes and pushing back to Github + git clone --branch develop --depth 1 https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/docker-${CONTAINER_NAME} + docker run --rm -v ${TEMPDIR}/docker-${CONTAINER_NAME}:/tmp -e LOCAL=true -e PUID=$(id -u) -e PGID=$(id -g) ghcr.io/linuxserver/jenkins-builder:latest + echo "Starting Stage 1 - Jenkinsfile update" if [[ "$(md5sum Jenkinsfile | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/Jenkinsfile | awk '{ print $1 }')" ]]; then mkdir -p ${TEMPDIR}/repo git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO} @@ -275,16 +290,17 @@ pipeline { cp ${TEMPDIR}/docker-${CONTAINER_NAME}/Jenkinsfile ${TEMPDIR}/repo/${LS_REPO}/ git add Jenkinsfile git commit -m 'Bot Updating Templated Files' - git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all + git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git develop + git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git develop echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} - echo "Updating Jenkinsfile" + echo "Updating Jenkinsfile and exiting build, new one will trigger based on commit" rm -Rf ${TEMPDIR} exit 0 else echo "Jenkinsfile is up to date." fi - # Stage 2 - Delete old templates - OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml Dockerfile.armhf" + echo "Starting Stage 2 - Delete old templates" + OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml" for i in ${OLD_TEMPLATES}; do if [[ -f "${i}" ]]; then TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}" @@ -299,15 +315,16 @@ pipeline { git rm "${i}" done git commit -m 'Bot Updating Templated Files' - git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all + git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git develop + git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git develop echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} - echo "Deleting old and deprecated templates" + echo "Deleting old/deprecated templates and exiting build, new one will trigger based on commit" rm -Rf ${TEMPDIR} exit 0 else echo "No templates to delete" fi - # Stage 3 - Update templates + echo "Starting Stage 3 - Update templates" CURRENTHASH=$(grep -hs ^ ${TEMPLATED_FILES} | md5sum | cut -c1-8) cd ${TEMPDIR}/docker-${CONTAINER_NAME} NEWHASH=$(grep -hs ^ ${TEMPLATED_FILES} | md5sum | cut -c1-8) @@ -328,19 +345,34 @@ pipeline { fi git add readme-vars.yml ${TEMPLATED_FILES} git commit -m 'Bot Updating Templated Files' - git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all + git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git develop + git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git develop echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} + echo "Updating templates and exiting build, new one will trigger based on commit" + rm -Rf ${TEMPDIR} + exit 0 else echo "false" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} + echo "No templates to update" fi + echo "Starting Stage 4 - External repo updates: Docs, Unraid Template and Readme Sync to Docker Hub" mkdir -p ${TEMPDIR}/docs git clone https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/docs/docker-documentation - if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then + if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}" ]] && [[ (! -f ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md ${TEMPDIR}/docs/docker-documentation/docs/images/ cd ${TEMPDIR}/docs/docker-documentation + GH_DOCS_DEFAULT_BRANCH=$(git remote show origin | grep "HEAD branch:" | sed 's|.*HEAD branch: ||') git add docs/images/docker-${CONTAINER_NAME}.md + echo "Updating docs repo" git commit -m 'Bot Updating Documentation' - git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git --all + git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git ${GH_DOCS_DEFAULT_BRANCH} --rebase + git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git ${GH_DOCS_DEFAULT_BRANCH} || \ + (MAXWAIT="10" && echo "Push to docs failed, trying again in ${MAXWAIT} seconds" && \ + sleep $((RANDOM % MAXWAIT)) && \ + git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git ${GH_DOCS_DEFAULT_BRANCH} --rebase && \ + git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git ${GH_DOCS_DEFAULT_BRANCH}) + else + echo "Docs update not needed, skipping" fi mkdir -p ${TEMPDIR}/unraid git clone https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates @@ -350,9 +382,13 @@ pipeline { elif [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-icon.png ]]; then sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-icon.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml fi - if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml) || ("$(md5sum ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml | awk '{ print $1 }')") ]]; then + if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}" ]] && [[ (! -f ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml) || ("$(md5sum ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml | awk '{ print $1 }')") ]]; then + echo "Updating Unraid template" cd ${TEMPDIR}/unraid/templates/ - if grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then + GH_TEMPLATES_DEFAULT_BRANCH=$(git remote show origin | grep "HEAD branch:" | sed 's|.*HEAD branch: ||') + if grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list && [[ -f ${TEMPDIR}/unraid/templates/unraid/deprecated/${CONTAINER_NAME}.xml ]]; then + echo "Image is on the ignore list, and already in the deprecation folder." + elif grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then echo "Image is on the ignore list, marking Unraid template as deprecated" cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/ git add -u unraid/${CONTAINER_NAME}.xml @@ -363,7 +399,42 @@ pipeline { git add unraid/${CONTAINER_NAME}.xml git commit -m 'Bot Updating Unraid Template' fi - git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git --all + git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git ${GH_TEMPLATES_DEFAULT_BRANCH} --rebase + git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git ${GH_TEMPLATES_DEFAULT_BRANCH} || \ + (MAXWAIT="10" && echo "Push to unraid templates failed, trying again in ${MAXWAIT} seconds" && \ + sleep $((RANDOM % MAXWAIT)) && \ + git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git ${GH_TEMPLATES_DEFAULT_BRANCH} --rebase && \ + git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git ${GH_TEMPLATES_DEFAULT_BRANCH}) + else + echo "No updates to Unraid template needed, skipping" + fi + if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}" ]]; then + if [[ $(cat ${TEMPDIR}/docker-${CONTAINER_NAME}/README.md | wc -m) -gt 25000 ]]; then + echo "Readme is longer than 25,000 characters. Syncing the lite version to Docker Hub" + DH_README_SYNC_PATH="${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/README.lite" + else + echo "Syncing readme to Docker Hub" + DH_README_SYNC_PATH="${TEMPDIR}/docker-${CONTAINER_NAME}/README.md" + fi + if curl -s https://hub.docker.com/v2/namespaces/${DOCKERHUB_IMAGE%%/*}/repositories/${DOCKERHUB_IMAGE##*/}/tags | jq -r '.message' | grep -q 404; then + echo "Docker Hub endpoint doesn't exist. Creating endpoint first." + DH_TOKEN=$(curl -d '{"username":"linuxserverci", "password":"'${DOCKERHUB_TOKEN}'"}' -H "Content-Type: application/json" -X POST https://hub.docker.com/v2/users/login | jq -r '.token') + curl -s \ + -H "Authorization: JWT ${DH_TOKEN}" \ + -H "Content-Type: application/json" \ + -X POST \ + -d '{"name":"'${DOCKERHUB_IMAGE##*/}'", "namespace":"'${DOCKERHUB_IMAGE%%/*}'"}' \ + https://hub.docker.com/v2/repositories/ || : + fi + DH_TOKEN=$(curl -d '{"username":"linuxserverci", "password":"'${DOCKERHUB_TOKEN}'"}' -H "Content-Type: application/json" -X POST https://hub.docker.com/v2/users/login | jq -r '.token') + curl -s \ + -H "Authorization: JWT ${DH_TOKEN}" \ + -H "Content-Type: application/json" \ + -X PATCH \ + -d "{\\"full_description\\":$(jq -Rsa . ${DH_README_SYNC_PATH})}" \ + https://hub.docker.com/v2/repositories/${DOCKERHUB_IMAGE} || : + else + echo "Not the default Github branch. Skipping readme sync to Docker Hub." fi rm -Rf ${TEMPDIR}''' script{ @@ -419,14 +490,16 @@ pipeline { } steps{ sh '''curl -H "Content-Type: application/json" -H "Private-Token: ${GITLAB_TOKEN}" -X POST https://gitlab.com/api/v4/projects \ - -d '{"namespace_id":'${GITLAB_NAMESPACE}',\ - "name":"'${LS_REPO}'", - "mirror":true,\ - "import_url":"https://github.com/linuxserver/'${LS_REPO}'.git",\ - "issues_access_level":"disabled",\ - "merge_requests_access_level":"disabled",\ - "repository_access_level":"enabled",\ - "visibility":"public"}' ''' + -d '{"namespace_id":'${GITLAB_NAMESPACE}',\ + "name":"'${LS_REPO}'", + "mirror":true,\ + "import_url":"https://github.com/linuxserver/'${LS_REPO}'.git",\ + "issues_access_level":"disabled",\ + "merge_requests_access_level":"disabled",\ + "repository_access_level":"enabled",\ + "visibility":"public"}' ''' + sh '''curl -H "Private-Token: ${GITLAB_TOKEN}" -X PUT "https://gitlab.com/api/v4/projects/Linuxserver.io%2F${LS_REPO}" \ + -d "mirror=true&import_url=https://github.com/linuxserver/${LS_REPO}.git" ''' } } /* ############### @@ -457,6 +530,7 @@ pipeline { --label \"org.opencontainers.image.title=Mastodon\" \ --label \"org.opencontainers.image.description=[Mastodon](https://github.com/mastodon/mastodon/) is a free, open-source social network server based on ActivityPub where users can follow friends and discover new ones.. \" \ --no-cache --pull -t ${IMAGE}:${META_TAG} --platform=linux/amd64 \ + --provenance=false --sbom=false \ --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." } } @@ -488,6 +562,7 @@ pipeline { --label \"org.opencontainers.image.title=Mastodon\" \ --label \"org.opencontainers.image.description=[Mastodon](https://github.com/mastodon/mastodon/) is a free, open-source social network server based on ActivityPub where users can follow friends and discover new ones.. \" \ --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} --platform=linux/amd64 \ + --provenance=false --sbom=false \ --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." } } @@ -516,6 +591,7 @@ pipeline { --label \"org.opencontainers.image.title=Mastodon\" \ --label \"org.opencontainers.image.description=[Mastodon](https://github.com/mastodon/mastodon/) is a free, open-source social network server based on ActivityPub where users can follow friends and discover new ones.. \" \ --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} --platform=linux/arm64 \ + --provenance=false --sbom=false \ --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" retry(5) { @@ -542,7 +618,7 @@ pipeline { sh '''#! /bin/bash set -e TEMPDIR=$(mktemp -d) - if [ "${MULTIARCH}" == "true" ] && [ "${PACKAGE_CHECK}" == "false" ]; then + if [ "${MULTIARCH}" == "true" ] && [ "${PACKAGE_CHECK}" != "true" ]; then LOCAL_CONTAINER=${IMAGE}:amd64-${META_TAG} else LOCAL_CONTAINER=${IMAGE}:${META_TAG} @@ -563,7 +639,8 @@ pipeline { wait git add package_versions.txt git commit -m 'Bot Updating Package Versions' - git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all + git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git develop + git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git develop echo "true" > /tmp/packages-${COMMIT_SHA}-${BUILD_NUMBER} echo "Package tag updated, stopping build process" else @@ -638,7 +715,7 @@ pipeline { --shm-size=1gb \ -v /var/run/docker.sock:/var/run/docker.sock \ -e IMAGE=\"${IMAGE}\" \ - -e DELAY_START=\"${CI_DELAY}\" \ + -e DOCKER_LOGS_TIMEOUT=\"${CI_DELAY}\" \ -e TAGS=\"${CI_TAGS}\" \ -e META_TAG=\"${META_TAG}\" \ -e PORT=\"${CI_PORT}\" \ @@ -666,12 +743,6 @@ pipeline { } steps { withCredentials([ - [ - $class: 'UsernamePasswordMultiBinding', - credentialsId: '3f9ba4d5-100d-45b0-a3c4-633fd6061207', - usernameVariable: 'DOCKERUSER', - passwordVariable: 'DOCKERPASS' - ], [ $class: 'UsernamePasswordMultiBinding', credentialsId: 'Quay.io-Robot', @@ -682,7 +753,7 @@ pipeline { retry(5) { sh '''#! /bin/bash set -e - echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin + echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin @@ -713,12 +784,6 @@ pipeline { } steps { withCredentials([ - [ - $class: 'UsernamePasswordMultiBinding', - credentialsId: '3f9ba4d5-100d-45b0-a3c4-633fd6061207', - usernameVariable: 'DOCKERUSER', - passwordVariable: 'DOCKERPASS' - ], [ $class: 'UsernamePasswordMultiBinding', credentialsId: 'Quay.io-Robot', @@ -729,7 +794,7 @@ pipeline { retry(5) { sh '''#! /bin/bash set -e - echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin + echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin @@ -758,35 +823,13 @@ pipeline { docker push ${MANIFESTIMAGE}:amd64-${SEMVER} docker push ${MANIFESTIMAGE}:arm64v8-${SEMVER} fi - docker manifest push --purge ${MANIFESTIMAGE}:develop || : - docker manifest create ${MANIFESTIMAGE}:develop ${MANIFESTIMAGE}:amd64-develop ${MANIFESTIMAGE}:arm64v8-develop - docker manifest annotate ${MANIFESTIMAGE}:develop ${MANIFESTIMAGE}:arm64v8-develop --os linux --arch arm64 --variant v8 - docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} || : - docker manifest create ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} - docker manifest annotate ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} --os linux --arch arm64 --variant v8 - docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} || : - docker manifest create ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} - docker manifest annotate ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} --os linux --arch arm64 --variant v8 - if [ -n "${SEMVER}" ]; then - docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER} || : - docker manifest create ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} - docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} --os linux --arch arm64 --variant v8 - fi - token=$(curl -sX GET "https://ghcr.io/token?scope=repository%3Alinuxserver%2F${CONTAINER_NAME}%3Apull" | jq -r '.token') - digest=$(curl -s \ - --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ - --header "Authorization: Bearer ${token}" \ - "https://ghcr.io/v2/linuxserver/${CONTAINER_NAME}/manifests/arm32v7-develop") - if [[ $(echo "$digest" | jq -r '.layers') != "null" ]]; then - docker manifest push --purge ${MANIFESTIMAGE}:arm32v7-develop || : - docker manifest create ${MANIFESTIMAGE}:arm32v7-develop ${MANIFESTIMAGE}:amd64-develop - docker manifest push --purge ${MANIFESTIMAGE}:arm32v7-develop - fi - docker manifest push --purge ${MANIFESTIMAGE}:develop - docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} - docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} + done + for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do + docker buildx imagetools create -t ${MANIFESTIMAGE}:develop ${MANIFESTIMAGE}:amd64-develop ${MANIFESTIMAGE}:arm64v8-develop + docker buildx imagetools create -t ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} + docker buildx imagetools create -t ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} if [ -n "${SEMVER}" ]; then - docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER} + docker buildx imagetools create -t ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} fi done ''' @@ -859,39 +902,6 @@ EOF ) ''' } } - // Use helper container to sync the current README on master to the dockerhub endpoint - stage('Sync-README') { - when { - environment name: 'CHANGE_ID', value: '' - environment name: 'EXIT_STATUS', value: '' - } - steps { - withCredentials([ - [ - $class: 'UsernamePasswordMultiBinding', - credentialsId: '3f9ba4d5-100d-45b0-a3c4-633fd6061207', - usernameVariable: 'DOCKERUSER', - passwordVariable: 'DOCKERPASS' - ] - ]) { - sh '''#! /bin/bash - set -e - TEMPDIR=$(mktemp -d) - docker pull ghcr.io/linuxserver/jenkins-builder:latest - docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH="${BRANCH_NAME}" -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest - docker pull ghcr.io/linuxserver/readme-sync - docker run --rm=true \ - -e DOCKERHUB_USERNAME=$DOCKERUSER \ - -e DOCKERHUB_PASSWORD=$DOCKERPASS \ - -e GIT_REPOSITORY=${LS_USER}/${LS_REPO} \ - -e DOCKER_REPOSITORY=${IMAGE} \ - -e GIT_BRANCH=master \ - -v ${TEMPDIR}/docker-${CONTAINER_NAME}:/mnt \ - ghcr.io/linuxserver/readme-sync bash -c 'node sync' - rm -Rf ${TEMPDIR} ''' - } - } - } // If this is a Pull request send the CI link as a comment on it stage('Pull Request Comment') { when { diff --git a/README.md b/README.md index b98ced3..68abb93 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ Find us at: # [linuxserver/mastodon](https://github.com/linuxserver/docker-mastodon) -[![Scarf.io pulls](https://scarf.sh/installs-badge/linuxserver-ci/linuxserver%2Fmastodon?color=94398d&label-color=555555&logo-color=ffffff&style=for-the-badge&package-type=docker)](https://scarf.sh/gateway/linuxserver-ci/docker/linuxserver%2Fmastodon) +[![Scarf.io pulls](https://scarf.sh/installs-badge/linuxserver-ci/linuxserver%2Fmastodon?color=94398d&label-color=555555&logo-color=ffffff&style=for-the-badge&package-type=docker)](https://scarf.sh) [![GitHub Stars](https://img.shields.io/github/stars/linuxserver/docker-mastodon.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-mastodon) [![GitHub Release](https://img.shields.io/github/release/linuxserver/docker-mastodon.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-mastodon/releases) [![GitHub Package Repository](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub%20Package&logo=github)](https://github.com/linuxserver/docker-mastodon/packages) @@ -44,7 +44,7 @@ Find us at: ## Supported Architectures -We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-2.md#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/). +We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://distribution.github.io/distribution/spec/manifest-v2-2/#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/). Simply pulling `lscr.io/linuxserver/mastodon:develop` should retrieve the correct image for your arch, but you can also pull specific arch images via tags. @@ -70,9 +70,11 @@ This image provides various versions that are available via tags. Please read th We provide aliases for the common commands that execute in the correct context so that environment variables from secrets are available to them: -* To generate keys for `SECRET_KEY_BASE` & `OTP_SECRET` run `docker run --rm -it --entrypoint /bin/bash lscr.io/linuxserver/mastodon generate-secret` once for each. +* To generate keys for `SECRET_KEY_BASE` & `OTP_SECRET` run `docker run --rm -it --entrypoint /bin/bash lscr.io/linuxserver/mastodon:develop generate-secret` once for each. -* To generate keys for `VAPID_PRIVATE_KEY` & `VAPID_PUBLIC_KEY` run `docker run --rm -it --entrypoint /bin/bash lscr.io/linuxserver/mastodon generate-vapid` +* To generate keys for `VAPID_PRIVATE_KEY` & `VAPID_PUBLIC_KEY` run `docker run --rm -it --entrypoint /bin/bash lscr.io/linuxserver/mastodon:develop generate-vapid` + +* To generate keys for `ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY`, `ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT`, & `ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY` run `docker run --rm -it --entrypoint /bin/bash lscr.io/linuxserver/mastodon:develop generate-active-record` Both of the secret generation aliases above can be run without any other setup having been carried out. @@ -110,7 +112,6 @@ To help you get started creating a container from this image you can either use ```yaml --- -version: "2.1" services: mastodon: image: lscr.io/linuxserver/mastodon:develop @@ -154,7 +155,7 @@ services: - DB_POOL=5 #optional - NO_CHOWN= #optional volumes: - - /path/to/appdata/config:/config + - /path/to/mastodon/appdata/config:/config ports: - 80:80 - 443:443 @@ -205,7 +206,7 @@ docker run -d \ -e NO_CHOWN= `#optional` \ -p 80:80 \ -p 443:443 \ - -v /path/to/appdata/config:/config \ + -v /path/to/mastodon/appdata/config:/config \ --restart unless-stopped \ lscr.io/linuxserver/mastodon:develop ``` @@ -326,7 +327,7 @@ We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to ## Updating Info -Most of our images are static, versioned, and require an image update and container recreation to update the app inside. With some exceptions (ie. nextcloud, plex), we do not recommend or support updating apps inside the container. Please consult the [Application Setup](#application-setup) section above to see if it is recommended for the image. +Most of our images are static, versioned, and require an image update and container recreation to update the app inside. With some exceptions (noted in the relevant readme.md), we do not recommend or support updating apps inside the container. Please consult the [Application Setup](#application-setup) section above to see if it is recommended for the image. Below are the instructions for updating containers: @@ -391,21 +392,6 @@ Below are the instructions for updating containers: docker image prune ``` -### Via Watchtower auto-updater (only use if you don't remember the original parameters) - -* Pull the latest image at its tag and replace it with the same env variables in one run: - - ```bash - docker run --rm \ - -v /var/run/docker.sock:/var/run/docker.sock \ - containrrr/watchtower \ - --run-once mastodon - ``` - -* You can also remove the old dangling images: `docker image prune` - -**warning**: We do not endorse the use of Watchtower as a solution to automated updates of existing Docker containers. In fact we generally discourage automated updates. However, this is a useful tool for one-time manual updates of containers where you have forgotten the original parameters. In the long term, we highly recommend using [Docker Compose](https://docs.linuxserver.io/general/docker-compose). - ### Image Update Notifications - Diun (Docker Image Update Notifier) **tip**: We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported. @@ -433,6 +419,8 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **25.05.24:** - Rebase to Alpine 3.20. +* **08.08.24:** - Rebase to Alpine 3.19, enable [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files). * **08.08.23:** - Rebase to Alpine 3.18, migrate to s6v3 * **09.02.23:** - Add Glitch branch. * **26.01.23:** - Add aliases for key generation & tootctl to better support secrets. diff --git a/jenkins-vars.yml b/jenkins-vars.yml index 584f578..db0b6ac 100644 --- a/jenkins-vars.yml +++ b/jenkins-vars.yml @@ -6,7 +6,6 @@ external_type: custom_json release_type: prerelease release_tag: develop ls_branch: develop -build_armhf: false repo_vars: - JSON_URL='https://api.github.com/repos/mastodon/mastodon/releases' - JSON_PATH='first(.[] | select(.prerelease==true)) | .tag_name' @@ -26,8 +25,7 @@ repo_vars: - CI_WEB='false' - CI_PORT='80' - CI_SSL='false' - - CI_DELAY='120' - - CI_DOCKERENV='TZ=US/Pacific' + - CI_DELAY='60' + - CI_DOCKERENV='' - CI_AUTH='' - CI_WEBPATH='' - \ No newline at end of file diff --git a/readme-vars.yml b/readme-vars.yml index 1d8833c..7b44bc5 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -72,7 +72,7 @@ param_ports: param_usage_include_vols: true param_volumes: - - { vol_path: "/config", vol_host_path: "/path/to/mastodon/appdata/config", desc: "Contains all relevant configuration files." } + - { vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/appdata/config", desc: "Contains all relevant configuration files." } # application setup block app_setup_block_enabled: true @@ -115,7 +115,8 @@ app_setup_block: | # changelog changelogs: - - { date: "08.08.24:", desc: "Rebase to Alpine 3.19, enable [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files)" } + - { date: "25.05.24:", desc: "Rebase to Alpine 3.20." } + - { date: "08.08.24:", desc: "Rebase to Alpine 3.19, enable [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files)." } - { date: "08.08.23:", desc: "Rebase to Alpine 3.18, migrate to s6v3" } - { date: "09.02.23:", desc: "Add Glitch branch." } - { date: "26.01.23:", desc: "Add aliases for key generation & tootctl to better support secrets." } From ef7696abdc3ff1d64238dd18c5783be7ff6ca4ce Mon Sep 17 00:00:00 2001 From: thespad Date: Sat, 25 May 2024 21:00:36 +0100 Subject: [PATCH 05/17] Add ARE envs --- README.md | 9 +++++++++ readme-vars.yml | 3 +++ 2 files changed, 12 insertions(+) diff --git a/README.md b/README.md index 68abb93..e237d97 100644 --- a/README.md +++ b/README.md @@ -129,6 +129,9 @@ services: - DB_PASS=mastodon - DB_PORT=5432 - ES_ENABLED=false + - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY= + - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= + - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT= - SECRET_KEY_BASE= - OTP_SECRET= - VAPID_PRIVATE_KEY= @@ -179,6 +182,9 @@ docker run -d \ -e DB_PASS=mastodon \ -e DB_PORT=5432 \ -e ES_ENABLED=false \ + -e ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY= \ + -e ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= \ + -e ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT= \ -e SECRET_KEY_BASE= \ -e OTP_SECRET= \ -e VAPID_PRIVATE_KEY= \ @@ -231,6 +237,9 @@ Containers are configured using parameters passed at runtime (such as those abov | `-e DB_PASS=mastodon` | Postgres password | | `-e DB_PORT=5432` | Portgres port | | `-e ES_ENABLED=false` | Enable or disable Elasticsearch (requires a separate ES instance) | +| `-e ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=` | Primary key for [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files). | +| `-e ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=` | Deterministic key for [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files). | +| `-e ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=` | Derivation salt for [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files). | | `-e SECRET_KEY_BASE=` | Browser session secret. Changing it will break all active browser sessions. | | `-e OTP_SECRET=` | MFA secret. Changing it will break two-factor authentication. | | `-e VAPID_PRIVATE_KEY=` | Push notification private key. Changing it will break push notifications. | diff --git a/readme-vars.yml b/readme-vars.yml index 7b44bc5..4c246d0 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -36,6 +36,9 @@ param_env_vars: - { env_var: "DB_PASS", env_value: "mastodon", desc: "Postgres password"} - { env_var: "DB_PORT", env_value: "5432", desc: "Portgres port"} - { env_var: "ES_ENABLED", env_value: "false", desc: "Enable or disable Elasticsearch (requires a separate ES instance)"} + - { env_var: "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY", env_value: "", desc: "Primary key for [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files)."} + - { env_var: "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY", env_value: "", desc: "Deterministic key for [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files)."} + - { env_var: "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT", env_value: "", desc: "Derivation salt for [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files)."} - { env_var: "SECRET_KEY_BASE", env_value: "", desc: "Browser session secret. Changing it will break all active browser sessions."} - { env_var: "OTP_SECRET", env_value: "", desc: "MFA secret. Changing it will break two-factor authentication."} - { env_var: "VAPID_PRIVATE_KEY", env_value: "", desc: "Push notification private key. Changing it will break push notifications."} From 23261f1c64ee6b8be78d804456671339709206f7 Mon Sep 17 00:00:00 2001 From: thespad Date: Sat, 25 May 2024 21:11:21 +0100 Subject: [PATCH 06/17] Fix postgres typo --- readme-vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme-vars.yml b/readme-vars.yml index 4c246d0..81f2ed8 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -34,7 +34,7 @@ param_env_vars: - { env_var: "DB_USER", env_value: "mastodon", desc: "Postgres username"} - { env_var: "DB_NAME", env_value: "mastodon", desc: "Postgres db name"} - { env_var: "DB_PASS", env_value: "mastodon", desc: "Postgres password"} - - { env_var: "DB_PORT", env_value: "5432", desc: "Portgres port"} + - { env_var: "DB_PORT", env_value: "5432", desc: "Postgres port"} - { env_var: "ES_ENABLED", env_value: "false", desc: "Enable or disable Elasticsearch (requires a separate ES instance)"} - { env_var: "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY", env_value: "", desc: "Primary key for [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files)."} - { env_var: "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY", env_value: "", desc: "Deterministic key for [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files)."} From e5a3e8165942b6b400c6fa6df2ed9a6444628b2e Mon Sep 17 00:00:00 2001 From: thespad Date: Tue, 28 May 2024 19:49:39 +0100 Subject: [PATCH 07/17] Update http2 config --- readme-vars.yml | 2 +- root/defaults/nginx/site-confs/default.conf.sample | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/readme-vars.yml b/readme-vars.yml index 81f2ed8..086a4bf 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -118,7 +118,7 @@ app_setup_block: | # changelog changelogs: - - { date: "25.05.24:", desc: "Rebase to Alpine 3.20." } + - { date: "25.05.24:", desc: "Rebase to Alpine 3.20. Existing users should update: site-confs/default.conf to avoid http2 deprecation warnings." } - { date: "08.08.24:", desc: "Rebase to Alpine 3.19, enable [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files)." } - { date: "08.08.23:", desc: "Rebase to Alpine 3.18, migrate to s6v3" } - { date: "09.02.23:", desc: "Add Glitch branch." } diff --git a/root/defaults/nginx/site-confs/default.conf.sample b/root/defaults/nginx/site-confs/default.conf.sample index 8a4c79a..e7fa238 100644 --- a/root/defaults/nginx/site-confs/default.conf.sample +++ b/root/defaults/nginx/site-confs/default.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/04/13 - Changelog: https://github.com/linuxserver/docker-mastodon/commits/develop/root/defaults/nginx/site-confs/default.conf.sample +## Version 2024/05/27 - Changelog: https://github.com/linuxserver/docker-mastodon/commits/develop/root/defaults/nginx/site-confs/default.conf.sample map $http_upgrade $connection_upgrade { default upgrade; @@ -19,8 +19,10 @@ server { listen 80 default_server; listen [::]:80 default_server; - listen 443 ssl http2 default_server; - listen [::]:443 ssl http2 default_server; + listen 443 ssl default_server; + listen [::]:443 ssl default_server; + + http2 on; server_name _; From 201e4b3ce317ffffa9e6dc792c4a5878f29e10ab Mon Sep 17 00:00:00 2001 From: thespad Date: Tue, 28 May 2024 20:17:09 +0100 Subject: [PATCH 08/17] Update http2 config --- readme-vars.yml | 2 +- root/defaults/nginx/site-confs/default.conf.sample | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/readme-vars.yml b/readme-vars.yml index 086a4bf..7e774e7 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -118,7 +118,7 @@ app_setup_block: | # changelog changelogs: - - { date: "25.05.24:", desc: "Rebase to Alpine 3.20. Existing users should update: site-confs/default.conf to avoid http2 deprecation warnings." } + - { date: "25.05.24:", desc: "Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings." } - { date: "08.08.24:", desc: "Rebase to Alpine 3.19, enable [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files)." } - { date: "08.08.23:", desc: "Rebase to Alpine 3.18, migrate to s6v3" } - { date: "09.02.23:", desc: "Add Glitch branch." } diff --git a/root/defaults/nginx/site-confs/default.conf.sample b/root/defaults/nginx/site-confs/default.conf.sample index e7fa238..e7926af 100644 --- a/root/defaults/nginx/site-confs/default.conf.sample +++ b/root/defaults/nginx/site-confs/default.conf.sample @@ -22,8 +22,6 @@ server { listen 443 ssl default_server; listen [::]:443 ssl default_server; - http2 on; - server_name _; include /config/nginx/ssl.conf; From 7bd86106ab3275db50ed6826c4ba787d3725eacd Mon Sep 17 00:00:00 2001 From: thespad Date: Wed, 29 May 2024 13:58:39 +0100 Subject: [PATCH 09/17] Use wildcard listener --- root/defaults/nginx/site-confs/default.conf.sample | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/root/defaults/nginx/site-confs/default.conf.sample b/root/defaults/nginx/site-confs/default.conf.sample index e7926af..46bc58a 100644 --- a/root/defaults/nginx/site-confs/default.conf.sample +++ b/root/defaults/nginx/site-confs/default.conf.sample @@ -16,11 +16,8 @@ upstream streaming { proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g; server { - listen 80 default_server; - listen [::]:80 default_server; - - listen 443 ssl default_server; - listen [::]:443 ssl default_server; + listen *:80 default_server; + listen *:443 ssl default_server; server_name _; From aae31986b95896c323044ce04030fc3d2f90ab1e Mon Sep 17 00:00:00 2001 From: thespad Date: Fri, 21 Jun 2024 23:17:45 +0100 Subject: [PATCH 10/17] Move gcompat from build to runtime deps, add rdoc --- Dockerfile | 1 + Dockerfile.aarch64 | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c457193..089f152 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,6 +23,7 @@ RUN \ nodejs \ ruby \ ruby-bundler \ + ruby-rdoc \ yaml && \ apk add --no-cache --virtual=build-dependencies \ build-base \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index df58a12..e2ab6de 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -17,16 +17,17 @@ RUN \ apk add --no-cache \ ffmpeg \ file \ + gcompat \ imagemagick \ libpq \ libidn \ nodejs \ ruby \ ruby-bundler \ + ruby-rdoc \ yaml && \ apk add --no-cache --virtual=build-dependencies \ build-base \ - gcompat \ icu-dev \ libidn-dev \ libpq-dev \ From 4d531f47a4a13cf6736fed531c6fceeccd5cc989 Mon Sep 17 00:00:00 2001 From: thespad Date: Sat, 29 Jun 2024 18:18:18 +0100 Subject: [PATCH 11/17] Add version output --- root/etc/s6-overlay/s6-rc.d/init-adduser/run | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/root/etc/s6-overlay/s6-rc.d/init-adduser/run b/root/etc/s6-overlay/s6-rc.d/init-adduser/run index 565f89d..db02434 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-adduser/run +++ b/root/etc/s6-overlay/s6-rc.d/init-adduser/run @@ -29,8 +29,13 @@ GID/UID echo " User UID: $(id -u abc) User GID: $(id -g abc) +───────────────────────────────────────" +if [[ -f /build_version ]]; then + cat /build_version + echo ' ─────────────────────────────────────── -" + ' +fi lsiown abc:abc /app lsiown abc:abc /config From 2bfd0fc7bc7c85af3e76c3c6363ed4193d3fadec Mon Sep 17 00:00:00 2001 From: thespad Date: Thu, 18 Jul 2024 18:48:59 +0100 Subject: [PATCH 12/17] Run builder --- .github/workflows/permissions.yml | 2 ++ Jenkinsfile | 12 ++++++------ README.md | 4 ++-- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/.github/workflows/permissions.yml b/.github/workflows/permissions.yml index 1447bc5..02e1bdb 100644 --- a/.github/workflows/permissions.yml +++ b/.github/workflows/permissions.yml @@ -5,6 +5,8 @@ on: - '**/run' - '**/finish' - '**/check' + - 'root/migrations/*' + jobs: permission_check: uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1 diff --git a/Jenkinsfile b/Jenkinsfile index 363b6c7..4eceffa 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -250,7 +250,7 @@ pipeline { -v ${WORKSPACE}:/mnt \ -e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \ -e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \ - ghcr.io/linuxserver/baseimage-alpine:3.19 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\ + ghcr.io/linuxserver/baseimage-alpine:3.20 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\ apk add --no-cache python3 && \ python3 -m venv /lsiopy && \ pip install --no-cache-dir -U pip && \ @@ -357,7 +357,7 @@ pipeline { fi echo "Starting Stage 4 - External repo updates: Docs, Unraid Template and Readme Sync to Docker Hub" mkdir -p ${TEMPDIR}/docs - git clone https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/docs/docker-documentation + git clone --depth=1 https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/docs/docker-documentation if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}" ]] && [[ (! -f ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md ${TEMPDIR}/docs/docker-documentation/docs/images/ cd ${TEMPDIR}/docs/docker-documentation @@ -375,8 +375,8 @@ pipeline { echo "Docs update not needed, skipping" fi mkdir -p ${TEMPDIR}/unraid - git clone https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates - git clone https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates + git clone --depth=1 https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates + git clone --depth=1 https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates if [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-logo.png ]]; then sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-logo.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml elif [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-icon.png ]]; then @@ -708,7 +708,7 @@ pipeline { set -e docker pull ghcr.io/linuxserver/ci:latest if [ "${MULTIARCH}" == "true" ]; then - docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} + docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} --platform=arm64 docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG} fi docker run --rm \ @@ -799,7 +799,7 @@ pipeline { echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin if [ "${CI}" == "false" ]; then - docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} + docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} --platform=arm64 docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG} fi for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do diff --git a/README.md b/README.md index e237d97..50a9065 100644 --- a/README.md +++ b/README.md @@ -235,7 +235,7 @@ Containers are configured using parameters passed at runtime (such as those abov | `-e DB_USER=mastodon` | Postgres username | | `-e DB_NAME=mastodon` | Postgres db name | | `-e DB_PASS=mastodon` | Postgres password | -| `-e DB_PORT=5432` | Portgres port | +| `-e DB_PORT=5432` | Postgres port | | `-e ES_ENABLED=false` | Enable or disable Elasticsearch (requires a separate ES instance) | | `-e ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=` | Primary key for [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files). | | `-e ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=` | Deterministic key for [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files). | @@ -428,7 +428,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions -* **25.05.24:** - Rebase to Alpine 3.20. +* **25.05.24:** - Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings. * **08.08.24:** - Rebase to Alpine 3.19, enable [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files). * **08.08.23:** - Rebase to Alpine 3.18, migrate to s6v3 * **09.02.23:** - Add Glitch branch. From bcae012e3e6bb4550765a7f71a9d1cf4fabe2f86 Mon Sep 17 00:00:00 2001 From: thespad Date: Mon, 26 Aug 2024 21:46:21 +0100 Subject: [PATCH 13/17] Harmonise cleanup with glitch --- Dockerfile | 4 +--- Dockerfile.aarch64 | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 089f152..5a92aac 100644 --- a/Dockerfile +++ b/Dockerfile @@ -102,9 +102,7 @@ RUN \ -o -name '*LICENSE*' \ -o -name 'Rakefile' \ -o -name '.*' \) \ - -type f -delete && \ - rm -rf /app/www/streaming/node_modules/*/test && \ - rm -rf /app/www/node_modules + -type f -delete COPY root/ / diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index e2ab6de..8a5472d 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -104,9 +104,7 @@ RUN \ -o -name '*LICENSE*' \ -o -name 'Rakefile' \ -o -name '.*' \) \ - -type f -delete && \ - rm -rf /app/www/streaming/node_modules/*/test && \ - rm -rf /app/www/node_modules + -type f -delete COPY root/ / From a1117976cfdec78c9325b1c28aca30c3cf9b7c24 Mon Sep 17 00:00:00 2001 From: thespad Date: Mon, 26 Aug 2024 21:54:00 +0100 Subject: [PATCH 14/17] Update jenkinsfile & changelog date --- .github/workflows/external_trigger.yml | 45 +++++++------- .../workflows/external_trigger_scheduler.yml | 24 +++---- .github/workflows/package_trigger.yml | 22 +++---- .../workflows/package_trigger_scheduler.yml | 18 +++--- Jenkinsfile | 62 ++++++++++++++++--- README.md | 2 +- readme-vars.yml | 2 +- .../nginx/site-confs/default.conf.sample | 6 +- 8 files changed, 112 insertions(+), 69 deletions(-) diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml index 4561c92..2e0efac 100644 --- a/.github/workflows/external_trigger.yml +++ b/.github/workflows/external_trigger.yml @@ -12,17 +12,20 @@ jobs: - name: External Trigger if: github.ref == 'refs/heads/develop' run: | + printf "# External trigger for docker-mastodon\n\n" >> $GITHUB_STEP_SUMMARY if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_MASTODON_DEVELOP }}" ]; then - echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_MASTODON_DEVELOP is set; skipping trigger. ****" - echo "Github secret \`PAUSE_EXTERNAL_TRIGGER_MASTODON_DEVELOP\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> Github secret \`PAUSE_EXTERNAL_TRIGGER_MASTODON_DEVELOP\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY exit 0 fi - echo "**** External trigger running off of develop branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_MASTODON_DEVELOP\". ****" - echo "External trigger running off of develop branch. To disable this trigger, set a Github secret named \`PAUSE_EXTERNAL_TRIGGER_MASTODON_DEVELOP\`" >> $GITHUB_STEP_SUMMARY - echo "**** Retrieving external version ****" + echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY + echo "> External trigger running off of develop branch. To disable this trigger, set a Github secret named \`PAUSE_EXTERNAL_TRIGGER_MASTODON_DEVELOP\`" >> $GITHUB_STEP_SUMMARY + printf "\n## Retrieving external version\n\n" >> $GITHUB_STEP_SUMMARY EXT_RELEASE=$(curl -u "${{ secrets.CR_USER }}:${{ secrets.CR_PAT }}" -sX GET "https://api.github.com/repos/mastodon/mastodon/releases" | jq -r '. | first(.[] | select(.prerelease==true)) | .tag_name') + echo "Type is \`custom_json\`" >> $GITHUB_STEP_SUMMARY if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then - echo "**** Can't retrieve external version, exiting ****" + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> Can't retrieve external version, exiting" >> $GITHUB_STEP_SUMMARY FAILURE_REASON="Can't retrieve external version for mastodon branch develop" GHA_TRIGGER_URL="https://github.com/linuxserver/docker-mastodon/actions/runs/${{ github.run_id }}" curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680, @@ -31,9 +34,8 @@ jobs: exit 1 fi EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g') - echo "**** External version: ${EXT_RELEASE} ****" - echo "External version: ${EXT_RELEASE}" >> $GITHUB_STEP_SUMMARY - echo "**** Retrieving last pushed version ****" + echo "External version: \`${EXT_RELEASE}\`" >> $GITHUB_STEP_SUMMARY + echo "Retrieving last pushed version" >> $GITHUB_STEP_SUMMARY image="linuxserver/mastodon" tag="develop" token=$(curl -sX GET \ @@ -60,37 +62,34 @@ jobs: IMAGE_RELEASE=$(echo ${image_info} | jq -r '.Labels.build_version' | awk '{print $3}') IMAGE_VERSION=$(echo ${IMAGE_RELEASE} | awk -F'-ls' '{print $1}') if [ -z "${IMAGE_VERSION}" ]; then - echo "**** Can't retrieve last pushed version, exiting ****" + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "Can't retrieve last pushed version, exiting" >> $GITHUB_STEP_SUMMARY FAILURE_REASON="Can't retrieve last pushed version for mastodon tag develop" curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680, "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}], "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} exit 1 fi - echo "**** Last pushed version: ${IMAGE_VERSION} ****" - echo "Last pushed version: ${IMAGE_VERSION}" >> $GITHUB_STEP_SUMMARY + echo "Last pushed version: \`${IMAGE_VERSION}\`" >> $GITHUB_STEP_SUMMARY if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then - echo "**** Version ${EXT_RELEASE} already pushed, exiting ****" - echo "Version ${EXT_RELEASE} already pushed, exiting" >> $GITHUB_STEP_SUMMARY + echo "Version \`${EXT_RELEASE}\` already pushed, exiting" >> $GITHUB_STEP_SUMMARY exit 0 elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-mastodon/job/develop/lastBuild/api/json | jq -r '.building') == "true" ]; then - echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****" - echo "New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY + echo "New version \`${EXT_RELEASE}\` found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY exit 0 else - echo "**** New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build ****" - echo "New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build" >> $GITHUB_STEP_SUMMARY + printf "\n## Trigger new build\n\n" >> $GITHUB_STEP_SUMMARY + echo "New version \`${EXT_RELEASE}\` found; old version was \`${IMAGE_VERSION}\`. Triggering new build" >> $GITHUB_STEP_SUMMARY response=$(curl -iX POST \ https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-mastodon/job/develop/buildWithParameters?PACKAGE_CHECK=false \ --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") - echo "**** Jenkins job queue url: ${response%$'\r'} ****" - echo "**** Sleeping 10 seconds until job starts ****" + echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY + echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY sleep 10 buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') buildurl="${buildurl%$'\r'}" - echo "**** Jenkins job build url: ${buildurl} ****" - echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY - echo "**** Attempting to change the Jenkins job description ****" + echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY + echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY curl -iX POST \ "${buildurl}submitDescription" \ --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \ diff --git a/.github/workflows/external_trigger_scheduler.yml b/.github/workflows/external_trigger_scheduler.yml index b465933..c3c08b9 100644 --- a/.github/workflows/external_trigger_scheduler.yml +++ b/.github/workflows/external_trigger_scheduler.yml @@ -15,31 +15,31 @@ jobs: - name: External Trigger Scheduler run: | - echo "**** Branches found: ****" - git for-each-ref --format='%(refname:short)' refs/remotes - for br in $(git for-each-ref --format='%(refname:short)' refs/remotes) + printf "# External trigger scheduler for docker-mastodon\n\n" >> $GITHUB_STEP_SUMMARY + printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY + for br in $(git for-each-ref --format='%(refname:lstrip=3)' refs/remotes) do - br=$(echo "$br" | sed 's|origin/||g') - echo "**** Evaluating branch ${br} ****" + if [[ "${br}" == "HEAD" ]]; then + printf "\nSkipping %s.\n" ${br} >> $GITHUB_STEP_SUMMARY + continue + fi + printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY ls_jenkins_vars=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-mastodon/${br}/jenkins-vars.yml) ls_branch=$(echo "${ls_jenkins_vars}" | yq -r '.ls_branch') ls_trigger=$(echo "${ls_jenkins_vars}" | yq -r '.external_type') if [[ "${br}" == "${ls_branch}" ]] && [[ "${ls_trigger}" != "os" ]]; then - echo "**** Branch ${br} appears to be live and trigger is not os; checking workflow. ****" + echo "Branch appears to be live and trigger is not os; checking workflow." >> $GITHUB_STEP_SUMMARY if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-mastodon/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then - echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****." - echo "Triggering external trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY + echo "Triggering external trigger workflow for branch." >> $GITHUB_STEP_SUMMARY curl -iX POST \ -H "Authorization: token ${{ secrets.CR_PAT }}" \ -H "Accept: application/vnd.github.v3+json" \ -d "{\"ref\":\"refs/heads/${br}\"}" \ https://api.github.com/repos/linuxserver/docker-mastodon/actions/workflows/external_trigger.yml/dispatches else - echo "**** Workflow doesn't exist; skipping trigger. ****" - echo "Skipping branch ${br} due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY + echo "Skipping branch due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY fi else - echo "**** ${br} is either a dev branch, or has no external version; skipping trigger. ****" - echo "Skipping branch ${br} due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY + echo "Skipping branch due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY fi done diff --git a/.github/workflows/package_trigger.yml b/.github/workflows/package_trigger.yml index aed0453..d9f6500 100644 --- a/.github/workflows/package_trigger.yml +++ b/.github/workflows/package_trigger.yml @@ -12,29 +12,29 @@ jobs: - name: Package Trigger if: github.ref == 'refs/heads/develop' run: | + printf "# Package trigger for docker-mastodon\n\n" >> $GITHUB_STEP_SUMMARY if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_MASTODON_DEVELOP }}" ]; then - echo "**** Github secret PAUSE_PACKAGE_TRIGGER_MASTODON_DEVELOP is set; skipping trigger. ****" - echo "Github secret \`PAUSE_PACKAGE_TRIGGER_MASTODON_DEVELOP\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> Github secret \`PAUSE_PACKAGE_TRIGGER_MASTODON_DEVELOP\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY exit 0 fi if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-mastodon/job/develop/lastBuild/api/json | jq -r '.building') == "true" ]; then - echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****" - echo "There already seems to be an active build on Jenkins; skipping package trigger" >> $GITHUB_STEP_SUMMARY + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> There already seems to be an active build on Jenkins; skipping package trigger" >> $GITHUB_STEP_SUMMARY exit 0 fi - echo "**** Package trigger running off of develop branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_MASTODON_DEVELOP\". ****" - echo "Package trigger running off of develop branch. To disable, set a Github secret named \`PAUSE_PACKAGE_TRIGGER_MASTODON_DEVELOP\`" >> $GITHUB_STEP_SUMMARY + echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY + echo "> Package trigger running off of develop branch. To disable, set a Github secret named \`PAUSE_PACKAGE_TRIGGER_MASTODON_DEVELOP\`" >> $GITHUB_STEP_SUMMARY response=$(curl -iX POST \ https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-mastodon/job/develop/buildWithParameters?PACKAGE_CHECK=true \ --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") - echo "**** Jenkins job queue url: ${response%$'\r'} ****" - echo "**** Sleeping 10 seconds until job starts ****" + echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY + echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY sleep 10 buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') buildurl="${buildurl%$'\r'}" - echo "**** Jenkins job build url: ${buildurl} ****" - echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY - echo "**** Attempting to change the Jenkins job description ****" + echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY + echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY curl -iX POST \ "${buildurl}submitDescription" \ --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \ diff --git a/.github/workflows/package_trigger_scheduler.yml b/.github/workflows/package_trigger_scheduler.yml index 4a3bd60..2489a8b 100644 --- a/.github/workflows/package_trigger_scheduler.yml +++ b/.github/workflows/package_trigger_scheduler.yml @@ -15,17 +15,19 @@ jobs: - name: Package Trigger Scheduler run: | - echo "**** Branches found: ****" - git for-each-ref --format='%(refname:short)' refs/remotes - for br in $(git for-each-ref --format='%(refname:short)' refs/remotes) + printf "# Package trigger scheduler for docker-mastodon\n\n" >> $GITHUB_STEP_SUMMARY + printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY + for br in $(git for-each-ref --format='%(refname:lstrip=3)' refs/remotes) do - br=$(echo "$br" | sed 's|origin/||g') - echo "**** Evaluating branch ${br} ****" + if [[ "${br}" == "HEAD" ]]; then + printf "\nSkipping %s.\n" ${br} >> $GITHUB_STEP_SUMMARY + continue + fi + printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-mastodon/${br}/jenkins-vars.yml | yq -r '.ls_branch') if [ "${br}" == "${ls_branch}" ]; then - echo "**** Branch ${br} appears to be live; checking workflow. ****" + echo "Branch appears to be live; checking workflow." >> $GITHUB_STEP_SUMMARY if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-mastodon/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then - echo "**** Workflow exists. Triggering package trigger workflow for branch ${br}. ****" echo "Triggering package trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY triggered_branches="${triggered_branches}${br} " curl -iX POST \ @@ -35,11 +37,9 @@ jobs: https://api.github.com/repos/linuxserver/docker-mastodon/actions/workflows/package_trigger.yml/dispatches sleep 30 else - echo "**** Workflow doesn't exist; skipping trigger. ****" echo "Skipping branch ${br} due to no package trigger workflow present." >> $GITHUB_STEP_SUMMARY fi else - echo "**** ${br} appears to be a dev branch; skipping trigger. ****" echo "Skipping branch ${br} due to being detected as dev branch." >> $GITHUB_STEP_SUMMARY fi done diff --git a/Jenkinsfile b/Jenkinsfile index 4eceffa..9ae0c63 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -17,6 +17,8 @@ pipeline { GITLAB_TOKEN=credentials('b6f0f1dd-6952-4cf6-95d1-9c06380283f0') GITLAB_NAMESPACE=credentials('gitlab-namespace-id') DOCKERHUB_TOKEN=credentials('docker-hub-ci-pat') + QUAYIO_API_TOKEN=credentials('quayio-repo-api-token') + GIT_SIGNING_KEY=credentials('484fbca6-9a4f-455e-b9e3-97ac98785f5f') JSON_URL='https://api.github.com/repos/mastodon/mastodon/releases' JSON_PATH='first(.[] | select(.prerelease==true)) | .tag_name' EXT_GIT_BRANCH = 'main' @@ -41,9 +43,23 @@ pipeline { CI_WEBPATH='' } stages { + stage("Set git config"){ + steps{ + sh '''#!/bin/bash + cat ${GIT_SIGNING_KEY} > /config/.ssh/id_sign + chmod 600 /config/.ssh/id_sign + ssh-keygen -y -f /config/.ssh/id_sign > /config/.ssh/id_sign.pub + echo "Using $(ssh-keygen -lf /config/.ssh/id_sign) to sign commits" + git config --global gpg.format ssh + git config --global user.signingkey /config/.ssh/id_sign + git config --global commit.gpgsign true + ''' + } + } // Setup all the basic environment variables needed for the build stage("Set ENV Variables base"){ steps{ + echo "Running on node: ${NODE_NAME}" sh '''#! /bin/bash containers=$(docker ps -aq) if [[ -n "${containers}" ]]; then @@ -386,9 +402,9 @@ pipeline { echo "Updating Unraid template" cd ${TEMPDIR}/unraid/templates/ GH_TEMPLATES_DEFAULT_BRANCH=$(git remote show origin | grep "HEAD branch:" | sed 's|.*HEAD branch: ||') - if grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list && [[ -f ${TEMPDIR}/unraid/templates/unraid/deprecated/${CONTAINER_NAME}.xml ]]; then + if grep -wq "^${CONTAINER_NAME}$" ${TEMPDIR}/unraid/templates/unraid/ignore.list && [[ -f ${TEMPDIR}/unraid/templates/unraid/deprecated/${CONTAINER_NAME}.xml ]]; then echo "Image is on the ignore list, and already in the deprecation folder." - elif grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then + elif grep -wq "^${CONTAINER_NAME}$" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then echo "Image is on the ignore list, marking Unraid template as deprecated" cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/ git add -u unraid/${CONTAINER_NAME}.xml @@ -481,10 +497,10 @@ pipeline { } } /* ####################### - GitLab Mirroring + GitLab Mirroring and Quay.io Repo Visibility ####################### */ - // Ping into Gitlab to mirror this repo and have a registry endpoint - stage("GitLab Mirror"){ + // Ping into Gitlab to mirror this repo and have a registry endpoint & mark this repo on Quay.io as public + stage("GitLab Mirror and Quay.io Visibility"){ when { environment name: 'EXIT_STATUS', value: '' } @@ -500,6 +516,8 @@ pipeline { "visibility":"public"}' ''' sh '''curl -H "Private-Token: ${GITLAB_TOKEN}" -X PUT "https://gitlab.com/api/v4/projects/Linuxserver.io%2F${LS_REPO}" \ -d "mirror=true&import_url=https://github.com/linuxserver/${LS_REPO}.git" ''' + sh '''curl -H "Content-Type: application/json" -H "Authorization: Bearer ${QUAYIO_API_TOKEN}" -X POST "https://quay.io/api/v1/repository${QUAYIMAGE/quay.io/}/changevisibility" \ + -d '{"visibility":"public"}' ||: ''' } } /* ############### @@ -594,7 +612,7 @@ pipeline { --provenance=false --sbom=false \ --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" - retry(5) { + retry_backoff(5,5) { sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" } sh '''#! /bin/bash @@ -750,7 +768,7 @@ pipeline { passwordVariable: 'QUAYPASS' ] ]) { - retry(5) { + retry_backoff(5,5) { sh '''#! /bin/bash set -e echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin @@ -768,7 +786,7 @@ pipeline { docker push ${PUSHIMAGE}:${META_TAG} docker push ${PUSHIMAGE}:${EXT_RELEASE_TAG} if [ -n "${SEMVER}" ]; then - docker push ${PUSHIMAGE}:${SEMVER} + docker push ${PUSHIMAGE}:${SEMVER} fi done ''' @@ -791,7 +809,7 @@ pipeline { passwordVariable: 'QUAYPASS' ] ]) { - retry(5) { + retry_backoff(5,5) { sh '''#! /bin/bash set -e echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin @@ -854,7 +872,7 @@ pipeline { "object": "'${COMMIT_SHA}'",\ "message": "Tagging Release '${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}' to develop",\ "type": "commit",\ - "tagger": {"name": "LinuxServer Jenkins","email": "jenkins@linuxserver.io","date": "'${GITHUB_DATE}'"}}' ''' + "tagger": {"name": "LinuxServer-CI","email": "ci@linuxserver.io","date": "'${GITHUB_DATE}'"}}' ''' echo "Pushing New release for Tag" sh '''#! /bin/bash echo "Data change at JSON endpoint ${JSON_URL}" > releasebody.json @@ -986,6 +1004,13 @@ EOF ###################### */ post { always { + sh '''#!/bin/bash + rm -rf /config/.ssh/id_sign + rm -rf /config/.ssh/id_sign.pub + git config --global --unset gpg.format + git config --global --unset user.signingkey + git config --global --unset commit.gpgsign + ''' script{ if (env.EXIT_STATUS == "ABORTED"){ sh 'echo "build aborted"' @@ -1015,3 +1040,20 @@ EOF } } } + +def retry_backoff(int max_attempts, int power_base, Closure c) { + int n = 0 + while (n < max_attempts) { + try { + c() + return + } catch (err) { + if ((n + 1) >= max_attempts) { + throw err + } + sleep(power_base ** n) + n++ + } + } + return +} diff --git a/README.md b/README.md index 50a9065..de215cc 100644 --- a/README.md +++ b/README.md @@ -428,7 +428,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions -* **25.05.24:** - Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings. +* **26.08.24:** - Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings. * **08.08.24:** - Rebase to Alpine 3.19, enable [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files). * **08.08.23:** - Rebase to Alpine 3.18, migrate to s6v3 * **09.02.23:** - Add Glitch branch. diff --git a/readme-vars.yml b/readme-vars.yml index 7e774e7..b2dc5a8 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -118,7 +118,7 @@ app_setup_block: | # changelog changelogs: - - { date: "25.05.24:", desc: "Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings." } + - { date: "26.08.24:", desc: "Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings." } - { date: "08.08.24:", desc: "Rebase to Alpine 3.19, enable [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files)." } - { date: "08.08.23:", desc: "Rebase to Alpine 3.18, migrate to s6v3" } - { date: "09.02.23:", desc: "Add Glitch branch." } diff --git a/root/defaults/nginx/site-confs/default.conf.sample b/root/defaults/nginx/site-confs/default.conf.sample index 46bc58a..fafa1af 100644 --- a/root/defaults/nginx/site-confs/default.conf.sample +++ b/root/defaults/nginx/site-confs/default.conf.sample @@ -16,8 +16,10 @@ upstream streaming { proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g; server { - listen *:80 default_server; - listen *:443 ssl default_server; + listen 80 default_server; + listen [::]:80 default_server; + listen 443 ssl default_server; + listen [::]:443 ssl default_server; server_name _; From 064e888c8caa76dea47a7d0bc490d32e28aa5769 Mon Sep 17 00:00:00 2001 From: thespad Date: Mon, 26 Aug 2024 22:49:29 +0100 Subject: [PATCH 15/17] Fix double changelog entry --- README.md | 3 +-- readme-vars.yml | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index de215cc..7503b80 100644 --- a/README.md +++ b/README.md @@ -428,8 +428,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions -* **26.08.24:** - Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings. -* **08.08.24:** - Rebase to Alpine 3.19, enable [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files). +* **26.08.24:** - Rebase to Alpine 3.20, enable [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files). Existing users should update their nginx confs to avoid http2 deprecation warnings. * **08.08.23:** - Rebase to Alpine 3.18, migrate to s6v3 * **09.02.23:** - Add Glitch branch. * **26.01.23:** - Add aliases for key generation & tootctl to better support secrets. diff --git a/readme-vars.yml b/readme-vars.yml index b2dc5a8..fde6bc2 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -118,8 +118,7 @@ app_setup_block: | # changelog changelogs: - - { date: "26.08.24:", desc: "Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings." } - - { date: "08.08.24:", desc: "Rebase to Alpine 3.19, enable [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files)." } + - { date: "26.08.24:", desc: "Rebase to Alpine 3.20, enable [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files). Existing users should update their nginx confs to avoid http2 deprecation warnings." } - { date: "08.08.23:", desc: "Rebase to Alpine 3.18, migrate to s6v3" } - { date: "09.02.23:", desc: "Add Glitch branch." } - { date: "26.01.23:", desc: "Add aliases for key generation & tootctl to better support secrets." } From 650b041af4abbc6cd16d9009d6e4c12042cee973 Mon Sep 17 00:00:00 2001 From: thespad Date: Mon, 26 Aug 2024 22:50:22 +0100 Subject: [PATCH 16/17] Update nginx conf date --- root/defaults/nginx/site-confs/default.conf.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/root/defaults/nginx/site-confs/default.conf.sample b/root/defaults/nginx/site-confs/default.conf.sample index fafa1af..12a5ce2 100644 --- a/root/defaults/nginx/site-confs/default.conf.sample +++ b/root/defaults/nginx/site-confs/default.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/05/27 - Changelog: https://github.com/linuxserver/docker-mastodon/commits/develop/root/defaults/nginx/site-confs/default.conf.sample +## Version 2024/08/26 - Changelog: https://github.com/linuxserver/docker-mastodon/commits/develop/root/defaults/nginx/site-confs/default.conf.sample map $http_upgrade $connection_upgrade { default upgrade; From b2ead272e3fe92c9c52d71cf26155439efc36395 Mon Sep 17 00:00:00 2001 From: thespad Date: Mon, 26 Aug 2024 22:54:31 +0100 Subject: [PATCH 17/17] Fix config path placeholder --- README.md | 4 ++-- readme-vars.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 7503b80..ebf8f54 100644 --- a/README.md +++ b/README.md @@ -158,7 +158,7 @@ services: - DB_POOL=5 #optional - NO_CHOWN= #optional volumes: - - /path/to/mastodon/appdata/config:/config + - /path/to/mastodon/config:/config ports: - 80:80 - 443:443 @@ -212,7 +212,7 @@ docker run -d \ -e NO_CHOWN= `#optional` \ -p 80:80 \ -p 443:443 \ - -v /path/to/mastodon/appdata/config:/config \ + -v /path/to/mastodon/config:/config \ --restart unless-stopped \ lscr.io/linuxserver/mastodon:develop ``` diff --git a/readme-vars.yml b/readme-vars.yml index fde6bc2..b53fe24 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -75,7 +75,7 @@ param_ports: param_usage_include_vols: true param_volumes: - - { vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/appdata/config", desc: "Contains all relevant configuration files." } + - { vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Contains all relevant configuration files." } # application setup block app_setup_block_enabled: true