From 7a6c539527cb6174b86be3d904be8166df6b9a1d Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Thu, 25 May 2023 22:12:06 -0500 Subject: [PATCH 1/2] Rebase to Alpine 3.18, deprecate armhf --- .github/ISSUE_TEMPLATE/issue.bug.yml | 1 - Dockerfile | 80 ++++++------ Dockerfile.aarch64 | 80 ++++++------ Dockerfile.armhf | 186 --------------------------- Jenkinsfile | 185 +++++++++----------------- README.md | 3 +- jenkins-vars.yml | 1 + readme-vars.yml | 2 +- 8 files changed, 138 insertions(+), 400 deletions(-) delete mode 100755 Dockerfile.armhf diff --git a/.github/ISSUE_TEMPLATE/issue.bug.yml b/.github/ISSUE_TEMPLATE/issue.bug.yml index 59a10f5..ce3d19a 100755 --- a/.github/ISSUE_TEMPLATE/issue.bug.yml +++ b/.github/ISSUE_TEMPLATE/issue.bug.yml @@ -53,7 +53,6 @@ body: options: - x86-64 - arm64 - - armhf validations: required: true - type: textarea diff --git a/Dockerfile b/Dockerfile index 609208d..1c503f9 100755 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.17 +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.18 # set version label ARG BUILD_DATE @@ -24,7 +24,7 @@ RUN \ openssl-dev \ python3-dev && \ echo "**** install runtime packages ****" && \ - apk add --no-cache --upgrade \ + apk add --no-cache \ fail2ban \ gnupg \ memcached \ @@ -45,55 +45,49 @@ RUN \ nginx-mod-stream \ nginx-mod-stream-geoip2 \ nginx-vim \ - php81-bcmath \ - php81-bz2 \ - php81-ctype \ - php81-curl \ - php81-dom \ - php81-exif \ - php81-ftp \ - php81-gd \ - php81-gmp \ - php81-iconv \ - php81-imap \ - php81-intl \ - php81-ldap \ - php81-mysqli \ - php81-mysqlnd \ - php81-opcache \ - php81-pdo_mysql \ - php81-pdo_odbc \ - php81-pdo_pgsql \ - php81-pdo_sqlite \ - php81-pear \ - php81-pecl-apcu \ - php81-pecl-mailparse \ - php81-pecl-memcached \ - php81-pecl-redis \ - php81-pgsql \ - php81-phar \ - php81-posix \ - php81-soap \ - php81-sockets \ - php81-sodium \ - php81-sqlite3 \ - php81-tokenizer \ - php81-xmlreader \ - php81-xsl \ - php81-zip \ + php82-bcmath \ + php82-bz2 \ + php82-dom \ + php82-exif \ + php82-ftp \ + php82-gd \ + php82-gmp \ + php82-imap \ + php82-intl \ + php82-ldap \ + php82-mysqli \ + php82-mysqlnd \ + php82-opcache \ + php82-pdo_mysql \ + php82-pdo_odbc \ + php82-pdo_pgsql \ + php82-pdo_sqlite \ + php82-pear \ + php82-pecl-apcu \ + php82-pecl-mailparse \ + php82-pecl-memcached \ + php82-pecl-redis \ + php82-pgsql \ + php82-posix \ + php82-soap \ + php82-sockets \ + php82-sodium \ + php82-sqlite3 \ + php82-tokenizer \ + php82-xmlreader \ + php82-xsl \ whois && \ apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ - php81-pecl-mcrypt \ - php81-pecl-xmlrpc && \ + php82-pecl-mcrypt && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \ fi && \ - python3 -m ensurepip && \ - pip3 install -U --no-cache-dir \ + python3 -m venv /lsiopy && \ + pip install -U --no-cache-dir \ pip \ wheel && \ - pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \ + pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.18/ \ certbot==${CERTBOT_VERSION} \ certbot-dns-acmedns \ certbot-dns-aliyun \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 4546b5f..4aa2dea 100755 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.17 +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.18 # set version label ARG BUILD_DATE @@ -24,7 +24,7 @@ RUN \ openssl-dev \ python3-dev && \ echo "**** install runtime packages ****" && \ - apk add --no-cache --upgrade \ + apk add --no-cache \ fail2ban \ gnupg \ memcached \ @@ -45,55 +45,49 @@ RUN \ nginx-mod-stream \ nginx-mod-stream-geoip2 \ nginx-vim \ - php81-bcmath \ - php81-bz2 \ - php81-ctype \ - php81-curl \ - php81-dom \ - php81-exif \ - php81-ftp \ - php81-gd \ - php81-gmp \ - php81-iconv \ - php81-imap \ - php81-intl \ - php81-ldap \ - php81-mysqli \ - php81-mysqlnd \ - php81-opcache \ - php81-pdo_mysql \ - php81-pdo_odbc \ - php81-pdo_pgsql \ - php81-pdo_sqlite \ - php81-pear \ - php81-pecl-apcu \ - php81-pecl-mailparse \ - php81-pecl-memcached \ - php81-pecl-redis \ - php81-pgsql \ - php81-phar \ - php81-posix \ - php81-soap \ - php81-sockets \ - php81-sodium \ - php81-sqlite3 \ - php81-tokenizer \ - php81-xmlreader \ - php81-xsl \ - php81-zip \ + php82-bcmath \ + php82-bz2 \ + php82-dom \ + php82-exif \ + php82-ftp \ + php82-gd \ + php82-gmp \ + php82-imap \ + php82-intl \ + php82-ldap \ + php82-mysqli \ + php82-mysqlnd \ + php82-opcache \ + php82-pdo_mysql \ + php82-pdo_odbc \ + php82-pdo_pgsql \ + php82-pdo_sqlite \ + php82-pear \ + php82-pecl-apcu \ + php82-pecl-mailparse \ + php82-pecl-memcached \ + php82-pecl-redis \ + php82-pgsql \ + php82-posix \ + php82-soap \ + php82-sockets \ + php82-sodium \ + php82-sqlite3 \ + php82-tokenizer \ + php82-xmlreader \ + php82-xsl \ whois && \ apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ - php81-pecl-mcrypt \ - php81-pecl-xmlrpc && \ + php82-pecl-mcrypt && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \ fi && \ - python3 -m ensurepip && \ - pip3 install -U --no-cache-dir \ + python3 -m venv /lsiopy && \ + pip install -U --no-cache-dir \ pip \ wheel && \ - pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \ + pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.18/ \ certbot==${CERTBOT_VERSION} \ certbot-dns-acmedns \ certbot-dns-aliyun \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf deleted file mode 100755 index 1efd3f5..0000000 --- a/Dockerfile.armhf +++ /dev/null @@ -1,186 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.17 - -# set version label -ARG BUILD_DATE -ARG VERSION -ARG CERTBOT_VERSION -LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}" -LABEL maintainer="nemchik" - -# environment settings -ENV DHLEVEL=2048 ONLY_SUBDOMAINS=false AWS_CONFIG_FILE=/config/dns-conf/route53.ini -ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2 - -RUN \ - echo "**** install build packages ****" && \ - apk add --no-cache --virtual=build-dependencies \ - build-base \ - cargo \ - libffi-dev \ - libxml2-dev \ - libxslt-dev \ - openssl-dev \ - python3-dev && \ - echo "**** install runtime packages ****" && \ - apk add --no-cache --upgrade \ - fail2ban \ - gnupg \ - memcached \ - nginx-mod-http-brotli \ - nginx-mod-http-dav-ext \ - nginx-mod-http-echo \ - nginx-mod-http-fancyindex \ - nginx-mod-http-geoip2 \ - nginx-mod-http-headers-more \ - nginx-mod-http-image-filter \ - nginx-mod-http-perl \ - nginx-mod-http-redis2 \ - nginx-mod-http-set-misc \ - nginx-mod-http-upload-progress \ - nginx-mod-http-xslt-filter \ - nginx-mod-mail \ - nginx-mod-rtmp \ - nginx-mod-stream \ - nginx-mod-stream-geoip2 \ - nginx-vim \ - php81-bcmath \ - php81-bz2 \ - php81-ctype \ - php81-curl \ - php81-dom \ - php81-exif \ - php81-ftp \ - php81-gd \ - php81-gmp \ - php81-iconv \ - php81-imap \ - php81-intl \ - php81-ldap \ - php81-mysqli \ - php81-mysqlnd \ - php81-opcache \ - php81-pdo_mysql \ - php81-pdo_odbc \ - php81-pdo_pgsql \ - php81-pdo_sqlite \ - php81-pear \ - php81-pecl-apcu \ - php81-pecl-mailparse \ - php81-pecl-memcached \ - php81-pecl-redis \ - php81-pgsql \ - php81-phar \ - php81-posix \ - php81-soap \ - php81-sockets \ - php81-sodium \ - php81-sqlite3 \ - php81-tokenizer \ - php81-xmlreader \ - php81-xsl \ - php81-zip \ - whois && \ - apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ - php81-pecl-mcrypt \ - php81-pecl-xmlrpc && \ - echo "**** install certbot plugins ****" && \ - if [ -z ${CERTBOT_VERSION+x} ]; then \ - CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \ - fi && \ - python3 -m ensurepip && \ - pip3 install -U --no-cache-dir \ - pip \ - wheel && \ - pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \ - certbot==${CERTBOT_VERSION} \ - certbot-dns-acmedns \ - certbot-dns-aliyun \ - certbot-dns-azure \ - certbot-dns-cloudflare \ - certbot-dns-cpanel \ - certbot-dns-desec \ - certbot-dns-digitalocean \ - certbot-dns-directadmin \ - certbot-dns-dnsimple \ - certbot-dns-dnsmadeeasy \ - certbot-dns-dnspod \ - certbot-dns-do \ - certbot-dns-domeneshop \ - certbot-dns-duckdns \ - certbot-dns-dynu \ - certbot-dns-gehirn \ - certbot-dns-godaddy \ - certbot-dns-google \ - certbot-dns-google-domains \ - certbot-dns-he \ - certbot-dns-hetzner \ - certbot-dns-infomaniak \ - certbot-dns-inwx \ - certbot-dns-ionos \ - certbot-dns-linode \ - certbot-dns-loopia \ - certbot-dns-luadns \ - certbot-dns-netcup \ - certbot-dns-njalla \ - certbot-dns-nsone \ - certbot-dns-ovh \ - certbot-dns-porkbun \ - certbot-dns-rfc2136 \ - certbot-dns-route53 \ - certbot-dns-sakuracloud \ - certbot-dns-standalone \ - certbot-dns-transip \ - certbot-dns-vultr \ - certbot-plugin-gandi \ - cryptography \ - future \ - requests && \ - echo "**** enable OCSP stapling from base ****" && \ - sed -i \ - 's|#ssl_stapling on;|ssl_stapling on;|' \ - /defaults/nginx/ssl.conf.sample && \ - sed -i \ - 's|#ssl_stapling_verify on;|ssl_stapling_verify on;|' \ - /defaults/nginx/ssl.conf.sample && \ - sed -i \ - 's|#ssl_trusted_certificate /config/keys/cert.crt;|ssl_trusted_certificate /config/keys/cert.crt;|' \ - /defaults/nginx/ssl.conf.sample && \ - echo "**** correct ip6tables legacy issue ****" && \ - rm \ - /sbin/ip6tables && \ - ln -s \ - /sbin/ip6tables-nft /sbin/ip6tables && \ - echo "**** remove unnecessary fail2ban filters ****" && \ - rm \ - /etc/fail2ban/jail.d/alpine-ssh.conf && \ - echo "**** copy fail2ban default action and filter to /defaults ****" && \ - mkdir -p /defaults/fail2ban && \ - mv /etc/fail2ban/action.d /defaults/fail2ban/ && \ - mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \ - echo "**** define allowipv6 to silence warning ****" && \ - sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \ - echo "**** copy proxy confs to /defaults ****" && \ - mkdir -p \ - /defaults/nginx/proxy-confs && \ - curl -o \ - /tmp/proxy-confs.tar.gz -L \ - "https://github.com/linuxserver/reverse-proxy-confs/tarball/master" && \ - tar xf \ - /tmp/proxy-confs.tar.gz -C \ - /defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \ - echo "**** cleanup ****" && \ - apk del --purge \ - build-dependencies && \ - rm -rf \ - /tmp/* \ - $HOME/.cache \ - $HOME/.cargo - -# copy local files -COPY root/ / - -# ports and volumes -EXPOSE 80 443 -VOLUME /config diff --git a/Jenkinsfile b/Jenkinsfile index 86696fe..1278654 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -40,7 +40,12 @@ pipeline { // Setup all the basic environment variables needed for the build stage("Set ENV Variables base"){ steps{ - sh '''docker pull quay.io/skopeo/stable:v1 || : ''' + sh '''#! /bin/bash + containers=$(docker ps -aq) + if [[ -n "${containers}" ]]; then + docker stop ${containers} + fi + docker system prune -af --volumes || : ''' script{ env.EXIT_STATUS = '' env.LS_RELEASE = sh( @@ -158,7 +163,7 @@ pipeline { env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/' + env.CONTAINER_NAME env.QUAYIMAGE = 'quay.io/linuxserver.io/' + env.CONTAINER_NAME if (env.MULTIARCH == 'true') { - env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + '|arm32v7-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER } else { env.CI_TAGS = env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER } @@ -181,7 +186,7 @@ pipeline { env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/lsiodev-' + env.CONTAINER_NAME env.QUAYIMAGE = 'quay.io/linuxserver.io/lsiodev-' + env.CONTAINER_NAME if (env.MULTIARCH == 'true') { - env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '|arm32v7-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA } else { env.CI_TAGS = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA } @@ -204,12 +209,12 @@ pipeline { env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/lspipepr-' + env.CONTAINER_NAME env.QUAYIMAGE = 'quay.io/linuxserver.io/lspipepr-' + env.CONTAINER_NAME if (env.MULTIARCH == 'true') { - env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST + '|arm32v7-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST + env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST } else { - env.CI_TAGS = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST + env.CI_TAGS = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST } - env.VERSION_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST - env.META_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST + env.VERSION_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST + env.META_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/pull/' + env.PULL_REQUEST env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.PR_DOCKERHUB_IMAGE + '/tags/' @@ -337,6 +342,8 @@ pipeline { git clone https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates if [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-logo.png ]]; then sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-logo.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml + elif [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-icon.png ]]; then + sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-icon.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml fi if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml) || ("$(md5sum ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml | awk '{ print $1 }')") ]]; then cd ${TEMPDIR}/unraid/templates/ @@ -428,8 +435,7 @@ pipeline { } steps{ sh '''#! /bin/bash - set -e - PACKAGE_UUID=$(curl -X GET -H "Authorization: Bearer ${SCARF_TOKEN}" https://scarf.sh/api/v1/organizations/linuxserver-ci/packages | jq -r '.[] | select(.name=="linuxserver/swag") | .uuid') + PACKAGE_UUID=$(curl -X GET -H "Authorization: Bearer ${SCARF_TOKEN}" https://scarf.sh/api/v1/organizations/linuxserver-ci/packages | jq -r '.[] | select(.name=="linuxserver/swag") | .uuid' || :) if [ -z "${PACKAGE_UUID}" ]; then echo "Adding package to Scarf.sh" curl -sX POST https://scarf.sh/api/v1/organizations/linuxserver-ci/packages \ @@ -509,41 +515,6 @@ pipeline { --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." } } - stage('Build ARMHF') { - agent { - label 'ARMHF' - } - steps { - echo "Running on node: ${NODE_NAME}" - echo 'Logging into Github' - sh '''#! /bin/bash - echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin - ''' - sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile.armhf" - sh "docker buildx build \ - --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \ - --label \"org.opencontainers.image.authors=linuxserver.io\" \ - --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \ - --label \"org.opencontainers.image.documentation=https://docs.linuxserver.io/images/docker-swag\" \ - --label \"org.opencontainers.image.source=https://github.com/linuxserver/docker-swag\" \ - --label \"org.opencontainers.image.version=${EXT_RELEASE_CLEAN}-ls${LS_TAG_NUMBER}\" \ - --label \"org.opencontainers.image.revision=${COMMIT_SHA}\" \ - --label \"org.opencontainers.image.vendor=linuxserver.io\" \ - --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \ - --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \ - --label \"org.opencontainers.image.title=Swag\" \ - --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \ - --no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} --platform=linux/arm/v7 \ - --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." - sh "docker tag ${IMAGE}:arm32v7-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}" - retry(5) { - sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}" - } - sh '''docker rmi \ - ${IMAGE}:arm32v7-${META_TAG} \ - ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} || :''' - } - } stage('Build ARM64') { agent { label 'ARM64' @@ -574,9 +545,12 @@ pipeline { retry(5) { sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" } - sh '''docker rmi \ - ${IMAGE}:arm64v8-${META_TAG} \ - ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || :''' + sh '''#! /bin/bash + containers=$(docker ps -aq) + if [[ -n "${containers}" ]]; then + docker stop ${containers} + fi + docker system prune -af --volumes || : ''' } } } @@ -637,13 +611,6 @@ pipeline { environment name: 'EXIT_STATUS', value: '' } steps { - sh '''#! /bin/bash - echo "Packages were updated. Cleaning up the image and exiting." - if [ "${MULTIARCH}" == "true" ] && [ "${PACKAGE_CHECK}" == "false" ]; then - docker rmi ${IMAGE}:amd64-${META_TAG} - else - docker rmi ${IMAGE}:${META_TAG} - fi''' script{ env.EXIT_STATUS = 'ABORTED' } @@ -661,13 +628,6 @@ pipeline { } } steps { - sh '''#! /bin/bash - echo "There are no package updates. Cleaning up the image and exiting." - if [ "${MULTIARCH}" == "true" ] && [ "${PACKAGE_CHECK}" == "false" ]; then - docker rmi ${IMAGE}:amd64-${META_TAG} - else - docker rmi ${IMAGE}:${META_TAG} - fi''' script{ env.EXIT_STATUS = 'ABORTED' } @@ -695,9 +655,7 @@ pipeline { set -e docker pull ghcr.io/linuxserver/ci:latest if [ "${MULTIARCH}" == "true" ]; then - docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} - docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG} docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG} fi docker run --rm \ @@ -768,17 +726,6 @@ pipeline { done ''' } - sh '''#! /bin/bash - for DELETEIMAGE in "${GITHUBIMAGE}" "${GITLABIMAGE}" "${QUAYIMAGE}" "${IMAGE}"; do - docker rmi \ - ${DELETEIMAGE}:${META_TAG} \ - ${DELETEIMAGE}:${EXT_RELEASE_TAG} \ - ${DELETEIMAGE}:latest || : - if [ -n "${SEMVER}" ]; then - docker rmi ${DELETEIMAGE}:${SEMVER} || : - fi - done - ''' } } } @@ -811,8 +758,6 @@ pipeline { echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin if [ "${CI}" == "false" ]; then - docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} - docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG} docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG} fi @@ -820,49 +765,47 @@ pipeline { docker tag ${IMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-latest docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} - docker tag ${IMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG} - docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-latest - docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG} docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-latest docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} if [ -n "${SEMVER}" ]; then docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${SEMVER} - docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${SEMVER} docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${SEMVER} fi docker push ${MANIFESTIMAGE}:amd64-${META_TAG} docker push ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} docker push ${MANIFESTIMAGE}:amd64-latest - docker push ${MANIFESTIMAGE}:arm32v7-${META_TAG} - docker push ${MANIFESTIMAGE}:arm32v7-latest - docker push ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG} docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG} docker push ${MANIFESTIMAGE}:arm64v8-latest docker push ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} if [ -n "${SEMVER}" ]; then docker push ${MANIFESTIMAGE}:amd64-${SEMVER} - docker push ${MANIFESTIMAGE}:arm32v7-${SEMVER} docker push ${MANIFESTIMAGE}:arm64v8-${SEMVER} fi docker manifest push --purge ${MANIFESTIMAGE}:latest || : - docker manifest create ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm32v7-latest ${MANIFESTIMAGE}:arm64v8-latest - docker manifest annotate ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:arm32v7-latest --os linux --arch arm + docker manifest create ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm64v8-latest docker manifest annotate ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:arm64v8-latest --os linux --arch arm64 --variant v8 docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} || : - docker manifest create ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} - docker manifest annotate ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG} --os linux --arch arm + docker manifest create ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} docker manifest annotate ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} --os linux --arch arm64 --variant v8 docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} || : - docker manifest create ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} - docker manifest annotate ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG} --os linux --arch arm + docker manifest create ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} docker manifest annotate ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} --os linux --arch arm64 --variant v8 if [ -n "${SEMVER}" ]; then docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER} || : - docker manifest create ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm32v7-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} - docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm32v7-${SEMVER} --os linux --arch arm + docker manifest create ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} --os linux --arch arm64 --variant v8 fi + token=$(curl -sX GET "https://ghcr.io/token?scope=repository%3Alinuxserver%2F${CONTAINER_NAME}%3Apull" | jq -r '.token') + digest=$(curl -s \ + --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ + --header "Authorization: Bearer ${token}" \ + "https://ghcr.io/v2/linuxserver/${CONTAINER_NAME}/manifests/arm32v7-latest") + if [[ $(echo "$digest" | jq -r '.layers') != "null" ]]; then + docker manifest push --purge ${MANIFESTIMAGE}:arm32v7-latest || : + docker manifest create ${MANIFESTIMAGE}:arm32v7-latest ${MANIFESTIMAGE}:amd64-latest + docker manifest push --purge ${MANIFESTIMAGE}:arm32v7-latest + fi docker manifest push --purge ${MANIFESTIMAGE}:latest docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} @@ -872,29 +815,6 @@ pipeline { done ''' } - sh '''#! /bin/bash - for DELETEIMAGE in "${GITHUBIMAGE}" "${GITLABIMAGE}" "${QUAYIMAGE}" "${IMAGE}"; do - docker rmi \ - ${DELETEIMAGE}:amd64-${META_TAG} \ - ${DELETEIMAGE}:amd64-latest \ - ${DELETEIMAGE}:amd64-${EXT_RELEASE_TAG} \ - ${DELETEIMAGE}:arm32v7-${META_TAG} \ - ${DELETEIMAGE}:arm32v7-latest \ - ${DELETEIMAGE}:arm32v7-${EXT_RELEASE_TAG} \ - ${DELETEIMAGE}:arm64v8-${META_TAG} \ - ${DELETEIMAGE}:arm64v8-latest \ - ${DELETEIMAGE}:arm64v8-${EXT_RELEASE_TAG} || : - if [ -n "${SEMVER}" ]; then - docker rmi \ - ${DELETEIMAGE}:amd64-${SEMVER} \ - ${DELETEIMAGE}:arm32v7-${SEMVER} \ - ${DELETEIMAGE}:arm64v8-${SEMVER} || : - fi - done - docker rmi \ - ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} \ - ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || : - ''' } } } @@ -965,7 +885,6 @@ pipeline { stage('Pull Request Comment') { when { not {environment name: 'CHANGE_ID', value: ''} - environment name: 'CI', value: 'true' environment name: 'EXIT_STATUS', value: '' } steps { @@ -1019,16 +938,24 @@ pipeline { echo "$escaped_table" } - # Retrieve JSON data from URL - data=$(get_json "$CI_JSON_URL") - # Create table from JSON data - table=$(build_table "$data") - echo -e "$table" + if [[ "${CI}" = "true" ]]; then + # Retrieve JSON data from URL + data=$(get_json "$CI_JSON_URL") + # Create table from JSON data + table=$(build_table "$data") + echo -e "$table" - curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ - -H "Accept: application/vnd.github.v3+json" \ - "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ - -d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}"''' + curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ + -H "Accept: application/vnd.github.v3+json" \ + "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ + -d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}" + else + curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ + -H "Accept: application/vnd.github.v3+json" \ + "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ + -d "{\\"body\\": \\"I am a bot, here is the pushed image/manifest for this PR: \\n\\n\\`${GITHUBIMAGE}:${META_TAG}\\`\\"}" + fi + ''' } } @@ -1055,6 +982,14 @@ pipeline { } } cleanup { + sh '''#! /bin/bash + echo "Performing docker system prune!!" + containers=$(docker ps -aq) + if [[ -n "${containers}" ]]; then + docker stop ${containers} + fi + docker system prune -af --volumes || : + ''' cleanWs() } } diff --git a/README.md b/README.md index 4543e8a..6933657 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,7 @@ The architectures supported by this image are: | :----: | :----: | ---- | | x86-64 | ✅ | amd64-\ | | arm64 | ✅ | arm64v8-\ | -| armhf | ✅ | arm32v7-\ | +| armhf | ❌ | | ## Application Setup @@ -336,6 +336,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **25.05.23:** - Rebase to Alpine 3.18, deprecate armhf. * **27.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-location.conf, authentik-server.conf - Simplify auth configs and fix Set-Cookie header bug. * **13.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik. * **25.03.23:** - Fix renewal post hook. diff --git a/jenkins-vars.yml b/jenkins-vars.yml index 989b638..fe053cb 100644 --- a/jenkins-vars.yml +++ b/jenkins-vars.yml @@ -6,6 +6,7 @@ external_type: pip_version release_type: stable release_tag: latest ls_branch: master +build_armhf: false repo_vars: - EXT_PIP = 'certbot' - BUILD_VERSION_ARG = 'CERTBOT_VERSION' diff --git a/readme-vars.yml b/readme-vars.yml index f36b368..a903adc 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -14,7 +14,6 @@ project_blurb_optional_extras: [] available_architectures: - { arch: "{{ arch_x86_64 }}", tag: "amd64-latest"} - { arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"} - - { arch: "{{ arch_armhf }}", tag: "arm32v7-latest"} # development version development_versions: false @@ -154,6 +153,7 @@ app_setup_block: | # changelog changelogs: + - { date: "25.05.23:", desc: "Rebase to Alpine 3.18, deprecate armhf." } - { date: "27.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-location.conf, authentik-server.conf - Simplify auth configs and fix Set-Cookie header bug." } - { date: "13.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik." } - { date: "25.03.23:", desc: "Fix renewal post hook." } From 49d848b6394dce9900f15aa0c76e8e089beb9655 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Mon, 29 May 2023 18:16:41 -0500 Subject: [PATCH 2/2] Remove mailparse Does not exist for php82 in alpine 3.18 Signed-off-by: Eric Nemchik --- Dockerfile | 1 - Dockerfile.aarch64 | 1 - 2 files changed, 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1c503f9..085c146 100755 --- a/Dockerfile +++ b/Dockerfile @@ -64,7 +64,6 @@ RUN \ php82-pdo_sqlite \ php82-pear \ php82-pecl-apcu \ - php82-pecl-mailparse \ php82-pecl-memcached \ php82-pecl-redis \ php82-pgsql \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 4aa2dea..aca81c2 100755 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -64,7 +64,6 @@ RUN \ php82-pdo_sqlite \ php82-pear \ php82-pecl-apcu \ - php82-pecl-mailparse \ php82-pecl-memcached \ php82-pecl-redis \ php82-pgsql \