Infra-Mirrors/docker-swag
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-swag.git synced 2024-12-18 04:04:23 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into dynu

Browse Source
This commit is contained in:
Eric Nemchik 2024-10-21 13:50:19 -05:00 committed by GitHub
commit 8decebad67
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
16 changed files with 539 additions and 484 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
.github/workflows/external_trigger.yml vendored
View File

@ -11,18 +11,23 @@ jobs:
- name: External Trigger
if: github.ref == 'refs/heads/master'
env:
SKIP_EXTERNAL_TRIGGER: ${{ vars.SKIP_EXTERNAL_TRIGGER }}
run: |
if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER }}" ]; then
echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER is set; skipping trigger. ****"
echo "Github secret \`PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY
printf "# External trigger for docker-swag\n\n" >> $GITHUB_STEP_SUMMARY
if grep -q "^swag_master" <<< "${SKIP_EXTERNAL_TRIGGER}"; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` contains \`swag_master\`; skipping trigger." >> $GITHUB_STEP_SUMMARY
exit 0
fi
echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\". ****"
echo "External trigger running off of master branch. To disable this trigger, set a Github secret named \`PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\`" >> $GITHUB_STEP_SUMMARY
echo "**** Retrieving external version ****"
echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
echo "> External trigger running off of master branch. To disable this trigger, add \`swag_master\` into the Github organizational variable \`SKIP_EXTERNAL_TRIGGER\`." >> $GITHUB_STEP_SUMMARY
printf "\n## Retrieving external version\n\n" >> $GITHUB_STEP_SUMMARY
EXT_RELEASE=$(curl -sL "https://pypi.python.org/pypi/certbot/json" |jq -r '. | .info.version')
echo "Type is \`pip_version\`" >> $GITHUB_STEP_SUMMARY
if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
echo "**** Can't retrieve external version, exiting ****"
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> Can't retrieve external version, exiting" >> $GITHUB_STEP_SUMMARY
FAILURE_REASON="Can't retrieve external version for swag branch master"
GHA_TRIGGER_URL="https://github.com/linuxserver/docker-swag/actions/runs/${{ github.run_id }}"
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
@ -31,9 +36,8 @@ jobs:
exit 1
fi
EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g')
echo "**** External version: ${EXT_RELEASE} ****"
echo "External version: ${EXT_RELEASE}" >> $GITHUB_STEP_SUMMARY
echo "**** Retrieving last pushed version ****"
echo "External version: \`${EXT_RELEASE}\`" >> $GITHUB_STEP_SUMMARY
echo "Retrieving last pushed version" >> $GITHUB_STEP_SUMMARY
image="linuxserver/swag"
tag="latest"
token=$(curl -sX GET \
@ -60,45 +64,54 @@ jobs:
IMAGE_RELEASE=$(echo ${image_info} | jq -r '.Labels.build_version' | awk '{print $3}')
IMAGE_VERSION=$(echo ${IMAGE_RELEASE} | awk -F'-ls' '{print $1}')
if [ -z "${IMAGE_VERSION}" ]; then
echo "**** Can't retrieve last pushed version, exiting ****"
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "Can't retrieve last pushed version, exiting" >> $GITHUB_STEP_SUMMARY
FAILURE_REASON="Can't retrieve last pushed version for swag tag latest"
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
"description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
"username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
exit 1
fi
echo "**** Last pushed version: ${IMAGE_VERSION} ****"
echo "Last pushed version: ${IMAGE_VERSION}" >> $GITHUB_STEP_SUMMARY
echo "Last pushed version: \`${IMAGE_VERSION}\`" >> $GITHUB_STEP_SUMMARY
if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then
echo "**** Version ${EXT_RELEASE} already pushed, exiting ****"
echo "Version ${EXT_RELEASE} already pushed, exiting" >> $GITHUB_STEP_SUMMARY
echo "Version \`${EXT_RELEASE}\` already pushed, exiting" >> $GITHUB_STEP_SUMMARY
exit 0
elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****"
echo "New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY
echo "New version \`${EXT_RELEASE}\` found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY
exit 0
else
echo "**** New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build ****"
echo "New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build" >> $GITHUB_STEP_SUMMARY
response=$(curl -iX POST \
https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=false \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
echo "**** Jenkins job queue url: ${response%$'\r'} ****"
echo "**** Sleeping 10 seconds until job starts ****"
sleep 10
buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
buildurl="${buildurl%$'\r'}"
echo "**** Jenkins job build url: ${buildurl} ****"
echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY
echo "**** Attempting to change the Jenkins job description ****"
curl -iX POST \
"${buildurl}submitDescription" \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
--data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
--data-urlencode "Submit=Submit"
echo "**** Notifying Discord ****"
TRIGGER_REASON="A version change was detected for swag tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE}"
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
"description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}],
"username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
if [[ "${artifacts_found}" == "false" ]]; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> New version detected, but not all artifacts are published yet; skipping trigger" >> $GITHUB_STEP_SUMMARY
FAILURE_REASON="New version ${EXT_RELEASE} for swag tag latest is detected, however not all artifacts are uploaded to upstream release yet. Will try again later."
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
"description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
"username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
else
printf "\n## Trigger new build\n\n" >> $GITHUB_STEP_SUMMARY
echo "New version \`${EXT_RELEASE}\` found; old version was \`${IMAGE_VERSION}\`. Triggering new build" >> $GITHUB_STEP_SUMMARY
if "${artifacts_found}" == "true" ]]; then
echo "All artifacts seem to be uploaded." >> $GITHUB_STEP_SUMMARY
fi
response=$(curl -iX POST \
https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=false \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY
echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY
sleep 10
buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
buildurl="${buildurl%$'\r'}"
echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY
echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY
curl -iX POST \
"${buildurl}submitDescription" \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
--data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
--data-urlencode "Submit=Submit"
echo "**** Notifying Discord ****"
TRIGGER_REASON="A version change was detected for swag tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE}"
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
"description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}],
"username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
fi
fi

24
.github/workflows/external_trigger_scheduler.yml vendored
View File

@ -15,31 +15,31 @@ jobs:
- name: External Trigger Scheduler
run: |
echo "**** Branches found: ****"
git for-each-ref --format='%(refname:short)' refs/remotes
for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
printf "# External trigger scheduler for docker-swag\n\n" >> $GITHUB_STEP_SUMMARY
printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY
for br in $(git for-each-ref --format='%(refname:lstrip=3)' refs/remotes)
do
br=$(echo "$br" | sed 's|origin/||g')
echo "**** Evaluating branch ${br} ****"
if [[ "${br}" == "HEAD" ]]; then
printf "\nSkipping %s.\n" ${br} >> $GITHUB_STEP_SUMMARY
continue
fi
printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY
ls_jenkins_vars=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml)
ls_branch=$(echo "${ls_jenkins_vars}" | yq -r '.ls_branch')
ls_trigger=$(echo "${ls_jenkins_vars}" | yq -r '.external_type')
if [[ "${br}" == "${ls_branch}" ]] && [[ "${ls_trigger}" != "os" ]]; then
echo "**** Branch ${br} appears to be live and trigger is not os; checking workflow. ****"
echo "Branch appears to be live and trigger is not os; checking workflow." >> $GITHUB_STEP_SUMMARY
if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then
echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****."
echo "Triggering external trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY
echo "Triggering external trigger workflow for branch." >> $GITHUB_STEP_SUMMARY
curl -iX POST \
-H "Authorization: token ${{ secrets.CR_PAT }}" \
-H "Accept: application/vnd.github.v3+json" \
-d "{\"ref\":\"refs/heads/${br}\"}" \
https://api.github.com/repos/linuxserver/docker-swag/actions/workflows/external_trigger.yml/dispatches
else
echo "**** Workflow doesn't exist; skipping trigger. ****"
echo "Skipping branch ${br} due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY
echo "Skipping branch due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY
fi
else
echo "**** ${br} is either a dev branch, or has no external version; skipping trigger. ****"
echo "Skipping branch ${br} due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY
echo "Skipping branch due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY
fi
done

42
.github/workflows/package_trigger.yml vendored
View File

@ -1,42 +0,0 @@
name: Package Trigger Main
on:
workflow_dispatch:
jobs:
package-trigger-master:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4.1.1
- name: Package Trigger
if: github.ref == 'refs/heads/master'
run: |
if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_SWAG_MASTER }}" ]; then
echo "**** Github secret PAUSE_PACKAGE_TRIGGER_SWAG_MASTER is set; skipping trigger. ****"
echo "Github secret \`PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY
exit 0
fi
if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****"
echo "There already seems to be an active build on Jenkins; skipping package trigger" >> $GITHUB_STEP_SUMMARY
exit 0
fi
echo "**** Package trigger running off of master branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\". ****"
echo "Package trigger running off of master branch. To disable, set a Github secret named \`PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\`" >> $GITHUB_STEP_SUMMARY
response=$(curl -iX POST \
https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=true \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
echo "**** Jenkins job queue url: ${response%$'\r'} ****"
echo "**** Sleeping 10 seconds until job starts ****"
sleep 10
buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
buildurl="${buildurl%$'\r'}"
echo "**** Jenkins job build url: ${buildurl} ****"
echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY
echo "**** Attempting to change the Jenkins job description ****"
curl -iX POST \
"${buildurl}submitDescription" \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
--data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
--data-urlencode "Submit=Submit"

84
.github/workflows/package_trigger_scheduler.yml vendored
View File

@ -14,37 +14,69 @@ jobs:
fetch-depth: '0'
- name: Package Trigger Scheduler
env:
SKIP_PACKAGE_TRIGGER: ${{ vars.SKIP_PACKAGE_TRIGGER }}
run: |
echo "**** Branches found: ****"
git for-each-ref --format='%(refname:short)' refs/remotes
for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
printf "# Package trigger scheduler for docker-swag\n\n" >> $GITHUB_STEP_SUMMARY
printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY
for br in $(git for-each-ref --format='%(refname:lstrip=3)' refs/remotes)
do
br=$(echo "$br" | sed 's|origin/||g')
echo "**** Evaluating branch ${br} ****"
ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml | yq -r '.ls_branch')
if [ "${br}" == "${ls_branch}" ]; then
echo "**** Branch ${br} appears to be live; checking workflow. ****"
if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then
echo "**** Workflow exists. Triggering package trigger workflow for branch ${br}. ****"
echo "Triggering package trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY
triggered_branches="${triggered_branches}${br} "
curl -iX POST \
-H "Authorization: token ${{ secrets.CR_PAT }}" \
-H "Accept: application/vnd.github.v3+json" \
-d "{\"ref\":\"refs/heads/${br}\"}" \
https://api.github.com/repos/linuxserver/docker-swag/actions/workflows/package_trigger.yml/dispatches
sleep 30
if [[ "${br}" == "HEAD" ]]; then
printf "\nSkipping %s.\n" ${br} >> $GITHUB_STEP_SUMMARY
continue
fi
printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY
JENKINS_VARS=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml)
if [[ "${br}" == $(yq -r '.ls_branch' <<< "${JENKINS_VARS}") ]]; then
echo "Branch appears to be live; checking workflow." >> $GITHUB_STEP_SUMMARY
if [[ $(yq -r '.skip_package_check' <<< "${JENKINS_VARS}") == "true" ]]; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> Skipping branch ${br} due to \`skip_package_check\` being set in \`jenkins-vars.yml\`." >> $GITHUB_STEP_SUMMARY
skipped_branches="${skipped_branches}${br} "
elif grep -q "^swag_${br}" <<< "${SKIP_PACKAGE_TRIGGER}"; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> Github organizational variable \`SKIP_PACKAGE_TRIGGER\` contains \`swag_${br}\`; skipping trigger." >> $GITHUB_STEP_SUMMARY
skipped_branches="${skipped_branches}${br} "
elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/${br}/lastBuild/api/json | jq -r '.building') == "true" ]; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> There already seems to be an active build on Jenkins; skipping package trigger for ${br}" >> $GITHUB_STEP_SUMMARY
skipped_branches="${skipped_branches}${br} "
else
echo "**** Workflow doesn't exist; skipping trigger. ****"
echo "Skipping branch ${br} due to no package trigger workflow present." >> $GITHUB_STEP_SUMMARY
echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
echo "> Triggering package trigger for branch ${br}" >> $GITHUB_STEP_SUMMARY
printf "> To disable, add \`swag_%s\` into the Github organizational variable \`SKIP_PACKAGE_TRIGGER\`.\n\n" "${br}" >> $GITHUB_STEP_SUMMARY
triggered_branches="${triggered_branches}${br} "
response=$(curl -iX POST \
https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/${br}/buildWithParameters?PACKAGE_CHECK=true \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY
echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY
sleep 10
buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
buildurl="${buildurl%$'\r'}"
echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY
echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY
curl -iX POST \
"${buildurl}submitDescription" \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
--data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
--data-urlencode "Submit=Submit"
sleep 20
fi
else
echo "**** ${br} appears to be a dev branch; skipping trigger. ****"
echo "Skipping branch ${br} due to being detected as dev branch." >> $GITHUB_STEP_SUMMARY
fi
done
echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****"
echo "**** Notifying Discord ****"
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
"description": "**Package Check Build(s) Triggered for swag** \n**Branch(es):** '"${triggered_branches}"' \n**Build URL:** '"https://ci.linuxserver.io/blue/organizations/jenkins/Docker-Pipeline-Builders%2Fdocker-swag/activity/"' \n"}],
"username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
if [[ -n "${triggered_branches}" ]] || [[ -n "${skipped_branches}" ]]; then
if [[ -n "${triggered_branches}" ]]; then
NOTIFY_BRANCHES="**Triggered:** ${triggered_branches} \n"
fi
if [[ -n "${skipped_branches}" ]]; then
NOTIFY_BRANCHES="${NOTIFY_BRANCHES}**Skipped:** ${skipped_branches} \n"
fi
echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****"
echo "**** Notifying Discord ****"
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
"description": "**Package Check Build(s) Triggered for swag** \n'"${NOTIFY_BRANCHES}"'**Build URL:** '"https://ci.linuxserver.io/blue/organizations/jenkins/Docker-Pipeline-Builders%2Fdocker-swag/activity/"' \n"}],
"username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
fi

2
.github/workflows/permissions.yml vendored
View File

@ -5,6 +5,8 @@ on:
- '**/run'
- '**/finish'
- '**/check'
- 'root/migrations/*'
jobs:
permission_check:
uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1

10
Dockerfile
View File

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.19
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.20
# set version label
ARG BUILD_DATE
@ -27,6 +27,7 @@ RUN \
apk add --no-cache \
fail2ban \
gnupg \
iptables-legacy \
memcached \
nginx-mod-http-brotli \
nginx-mod-http-dav-ext \
@ -64,6 +65,7 @@ RUN \
php83-pdo_sqlite \
php83-pear \
php83-pecl-apcu \
php83-pecl-mcrypt \
php83-pecl-memcached \
php83-pecl-redis \
php83-pgsql \
@ -76,8 +78,6 @@ RUN \
php83-xmlreader \
php83-xsl \
whois && \
apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \
php83-pecl-mcrypt && \
echo "**** install certbot plugins ****" && \
if [ -z ${CERTBOT_VERSION+x} ]; then \
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
@ -86,7 +86,7 @@ RUN \
pip install -U --no-cache-dir \
pip \
wheel && \
pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.19/ \
pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.20/ \
certbot==${CERTBOT_VERSION} \
certbot-dns-acmedns \
certbot-dns-aliyun \
@ -110,7 +110,6 @@ RUN \
certbot-dns-glesys \
certbot-dns-godaddy \
certbot-dns-google \
certbot-dns-google-domains \
certbot-dns-he \
certbot-dns-hetzner \
certbot-dns-infomaniak \
@ -170,6 +169,7 @@ RUN \
tar xf \
/tmp/proxy-confs.tar.gz -C \
/defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \
printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \
echo "**** cleanup ****" && \
apk del --purge \
build-dependencies && \

10
Dockerfile.aarch64
View File

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.19
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.20
# set version label
ARG BUILD_DATE
@ -27,6 +27,7 @@ RUN \
apk add --no-cache \
fail2ban \
gnupg \
iptables-legacy \
memcached \
nginx-mod-http-brotli \
nginx-mod-http-dav-ext \
@ -64,6 +65,7 @@ RUN \
php83-pdo_sqlite \
php83-pear \
php83-pecl-apcu \
php83-pecl-mcrypt \
php83-pecl-memcached \
php83-pecl-redis \
php83-pgsql \
@ -76,8 +78,6 @@ RUN \
php83-xmlreader \
php83-xsl \
whois && \
apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \
php83-pecl-mcrypt && \
echo "**** install certbot plugins ****" && \
if [ -z ${CERTBOT_VERSION+x} ]; then \
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
@ -86,7 +86,7 @@ RUN \
pip install -U --no-cache-dir \
pip \
wheel && \
pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.19/ \
pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.20/ \
certbot==${CERTBOT_VERSION} \
certbot-dns-acmedns \
certbot-dns-aliyun \
@ -110,7 +110,6 @@ RUN \
certbot-dns-glesys \
certbot-dns-godaddy \
certbot-dns-google \
certbot-dns-google-domains \
certbot-dns-he \
certbot-dns-hetzner \
certbot-dns-infomaniak \
@ -170,6 +169,7 @@ RUN \
tar xf \
/tmp/proxy-confs.tar.gz -C \
/defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \
printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \
echo "**** cleanup ****" && \
apk del --purge \
build-dependencies && \

173
Jenkinsfile vendored
View File

@ -17,6 +17,8 @@ pipeline {
GITLAB_TOKEN=credentials('b6f0f1dd-6952-4cf6-95d1-9c06380283f0')
GITLAB_NAMESPACE=credentials('gitlab-namespace-id')
DOCKERHUB_TOKEN=credentials('docker-hub-ci-pat')
QUAYIO_API_TOKEN=credentials('quayio-repo-api-token')
GIT_SIGNING_KEY=credentials('484fbca6-9a4f-455e-b9e3-97ac98785f5f')
EXT_PIP = 'certbot'
BUILD_VERSION_ARG = 'CERTBOT_VERSION'
LS_USER = 'linuxserver'
@ -37,9 +39,23 @@ pipeline {
CI_WEBPATH=''
}
stages {
stage("Set git config"){
steps{
sh '''#!/bin/bash
cat ${GIT_SIGNING_KEY} > /config/.ssh/id_sign
chmod 600 /config/.ssh/id_sign
ssh-keygen -y -f /config/.ssh/id_sign > /config/.ssh/id_sign.pub
echo "Using $(ssh-keygen -lf /config/.ssh/id_sign) to sign commits"
git config --global gpg.format ssh
git config --global user.signingkey /config/.ssh/id_sign
git config --global commit.gpgsign true
'''
}
}
// Setup all the basic environment variables needed for the build
stage("Set ENV Variables base"){
steps{
echo "Running on node: ${NODE_NAME}"
sh '''#! /bin/bash
containers=$(docker ps -aq)
if [[ -n "${containers}" ]]; then
@ -66,7 +82,7 @@ pipeline {
env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT
env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/'
env.PULL_REQUEST = env.CHANGE_ID
env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./root/donate.txt'
}
sh '''#! /bin/bash
echo "The default github branch detected as ${GH_DEFAULT_BRANCH}" '''
@ -245,7 +261,7 @@ pipeline {
-v ${WORKSPACE}:/mnt \
-e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \
-e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \
ghcr.io/linuxserver/baseimage-alpine:3.19 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\
ghcr.io/linuxserver/baseimage-alpine:3.20 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\
apk add --no-cache python3 && \
python3 -m venv /lsiopy && \
pip install --no-cache-dir -U pip && \
@ -295,7 +311,7 @@ pipeline {
echo "Jenkinsfile is up to date."
fi
echo "Starting Stage 2 - Delete old templates"
OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml Dockerfile.armhf"
OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml .github/workflows/package_trigger.yml"
for i in ${OLD_TEMPLATES}; do
if [[ -f "${i}" ]]; then
TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}"
@ -352,7 +368,7 @@ pipeline {
fi
echo "Starting Stage 4 - External repo updates: Docs, Unraid Template and Readme Sync to Docker Hub"
mkdir -p ${TEMPDIR}/docs
git clone https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/docs/docker-documentation
git clone --depth=1 https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/docs/docker-documentation
if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}" ]] && [[ (! -f ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then
cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md ${TEMPDIR}/docs/docker-documentation/docs/images/
cd ${TEMPDIR}/docs/docker-documentation
@ -370,8 +386,8 @@ pipeline {
echo "Docs update not needed, skipping"
fi
mkdir -p ${TEMPDIR}/unraid
git clone https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates
git clone https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates
git clone --depth=1 https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates
git clone --depth=1 https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates
if [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-logo.png ]]; then
sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-logo.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml
elif [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-icon.png ]]; then
@ -381,9 +397,9 @@ pipeline {
echo "Updating Unraid template"
cd ${TEMPDIR}/unraid/templates/
GH_TEMPLATES_DEFAULT_BRANCH=$(git remote show origin | grep "HEAD branch:" | sed 's|.*HEAD branch: ||')
if grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list && [[ -f ${TEMPDIR}/unraid/templates/unraid/deprecated/${CONTAINER_NAME}.xml ]]; then
if grep -wq "^${CONTAINER_NAME}$" ${TEMPDIR}/unraid/templates/unraid/ignore.list && [[ -f ${TEMPDIR}/unraid/templates/unraid/deprecated/${CONTAINER_NAME}.xml ]]; then
echo "Image is on the ignore list, and already in the deprecation folder."
elif grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then
elif grep -wq "^${CONTAINER_NAME}$" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then
echo "Image is on the ignore list, marking Unraid template as deprecated"
cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/
git add -u unraid/${CONTAINER_NAME}.xml
@ -476,10 +492,10 @@ pipeline {
}
}
/* #######################
GitLab Mirroring
GitLab Mirroring and Quay.io Repo Visibility
####################### */
// Ping into Gitlab to mirror this repo and have a registry endpoint
stage("GitLab Mirror"){
// Ping into Gitlab to mirror this repo and have a registry endpoint & mark this repo on Quay.io as public
stage("GitLab Mirror and Quay.io Visibility"){
when {
environment name: 'EXIT_STATUS', value: ''
}
@ -495,6 +511,8 @@ pipeline {
"visibility":"public"}' '''
sh '''curl -H "Private-Token: ${GITLAB_TOKEN}" -X PUT "https://gitlab.com/api/v4/projects/Linuxserver.io%2F${LS_REPO}" \
-d "mirror=true&import_url=https://github.com/linuxserver/${LS_REPO}.git" '''
sh '''curl -H "Content-Type: application/json" -H "Authorization: Bearer ${QUAYIO_API_TOKEN}" -X POST "https://quay.io/api/v1/repository${QUAYIMAGE/quay.io/}/changevisibility" \
-d '{"visibility":"public"}' ||: '''
}
}
/* ###############
@ -525,6 +543,7 @@ pipeline {
--label \"org.opencontainers.image.title=Swag\" \
--label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
--no-cache --pull -t ${IMAGE}:${META_TAG} --platform=linux/amd64 \
--provenance=false --sbom=false \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
}
}
@ -556,6 +575,7 @@ pipeline {
--label \"org.opencontainers.image.title=Swag\" \
--label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
--no-cache --pull -t ${IMAGE}:amd64-${META_TAG} --platform=linux/amd64 \
--provenance=false --sbom=false \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
}
}
@ -584,9 +604,10 @@ pipeline {
--label \"org.opencontainers.image.title=Swag\" \
--label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
--no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} --platform=linux/arm64 \
--provenance=false --sbom=false \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
retry(5) {
retry_backoff(5,5) {
sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
}
sh '''#! /bin/bash
@ -698,18 +719,27 @@ pipeline {
}
sh '''#! /bin/bash
set -e
if grep -q 'docker-baseimage' <<< "${LS_REPO}"; then
echo "Detected baseimage, setting LSIO_FIRST_PARTY=true"
if [ -n "${CI_DOCKERENV}" ]; then
CI_DOCKERENV="LSIO_FIRST_PARTY=true|${CI_DOCKERENV}"
else
CI_DOCKERENV="LSIO_FIRST_PARTY=true"
fi
fi
docker pull ghcr.io/linuxserver/ci:latest
if [ "${MULTIARCH}" == "true" ]; then
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} --platform=arm64
docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
fi
docker run --rm \
--shm-size=1gb \
-v /var/run/docker.sock:/var/run/docker.sock \
-e IMAGE=\"${IMAGE}\" \
-e DELAY_START=\"${CI_DELAY}\" \
-e DOCKER_LOGS_TIMEOUT=\"${CI_DELAY}\" \
-e TAGS=\"${CI_TAGS}\" \
-e META_TAG=\"${META_TAG}\" \
-e RELEASE_TAG=\"latest\" \
-e PORT=\"${CI_PORT}\" \
-e SSL=\"${CI_SSL}\" \
-e BASE=\"${DIST_IMAGE}\" \
@ -719,6 +749,7 @@ pipeline {
-e WEB_SCREENSHOT=\"${CI_WEB}\" \
-e WEB_AUTH=\"${CI_AUTH}\" \
-e WEB_PATH=\"${CI_WEBPATH}\" \
-e NODE_NAME=\"${NODE_NAME}\" \
-t ghcr.io/linuxserver/ci:latest \
python3 test_build.py'''
}
@ -742,7 +773,7 @@ pipeline {
passwordVariable: 'QUAYPASS'
]
]) {
retry(5) {
retry_backoff(5,5) {
sh '''#! /bin/bash
set -e
echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin
@ -760,7 +791,7 @@ pipeline {
docker push ${PUSHIMAGE}:${META_TAG}
docker push ${PUSHIMAGE}:${EXT_RELEASE_TAG}
if [ -n "${SEMVER}" ]; then
docker push ${PUSHIMAGE}:${SEMVER}
docker push ${PUSHIMAGE}:${SEMVER}
fi
done
'''
@ -783,7 +814,7 @@ pipeline {
passwordVariable: 'QUAYPASS'
]
]) {
retry(5) {
retry_backoff(5,5) {
sh '''#! /bin/bash
set -e
echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin
@ -791,7 +822,7 @@ pipeline {
echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
if [ "${CI}" == "false" ]; then
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} --platform=arm64
docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
fi
for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
@ -815,35 +846,13 @@ pipeline {
docker push ${MANIFESTIMAGE}:amd64-${SEMVER}
docker push ${MANIFESTIMAGE}:arm64v8-${SEMVER}
fi
docker manifest push --purge ${MANIFESTIMAGE}:latest || :
docker manifest create ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm64v8-latest
docker manifest annotate ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:arm64v8-latest --os linux --arch arm64 --variant v8
docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} || :
docker manifest create ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
docker manifest annotate ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} --os linux --arch arm64 --variant v8
docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} || :
docker manifest create ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
docker manifest annotate ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} --os linux --arch arm64 --variant v8
done
for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
docker buildx imagetools create -t ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm64v8-latest
docker buildx imagetools create -t ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
docker buildx imagetools create -t ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
if [ -n "${SEMVER}" ]; then
docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER} || :
docker manifest create ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} --os linux --arch arm64 --variant v8
fi
token=$(curl -sX GET "https://ghcr.io/token?scope=repository%3Alinuxserver%2F${CONTAINER_NAME}%3Apull" | jq -r '.token')
digest=$(curl -s \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Authorization: Bearer ${token}" \
"https://ghcr.io/v2/linuxserver/${CONTAINER_NAME}/manifests/arm32v7-latest")
if [[ $(echo "$digest" | jq -r '.layers') != "null" ]]; then
docker manifest push --purge ${MANIFESTIMAGE}:arm32v7-latest || :
docker manifest create ${MANIFESTIMAGE}:arm32v7-latest ${MANIFESTIMAGE}:amd64-latest
docker manifest push --purge ${MANIFESTIMAGE}:arm32v7-latest
fi
docker manifest push --purge ${MANIFESTIMAGE}:latest
docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG}
docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG}
if [ -n "${SEMVER}" ]; then
docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER}
docker buildx imagetools create -t ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
fi
done
'''
@ -868,7 +877,7 @@ pipeline {
"object": "'${COMMIT_SHA}'",\
"message": "Tagging Release '${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}' to master",\
"type": "commit",\
"tagger": {"name": "LinuxServer Jenkins","email": "jenkins@linuxserver.io","date": "'${GITHUB_DATE}'"}}' '''
"tagger": {"name": "LinuxServer-CI","email": "ci@linuxserver.io","date": "'${GITHUB_DATE}'"}}' '''
echo "Pushing New release for Tag"
sh '''#! /bin/bash
echo "Updating PIP version of ${EXT_PIP} to ${EXT_RELEASE_CLEAN}" > releasebody.json
@ -1000,18 +1009,53 @@ EOF
###################### */
post {
always {
sh '''#!/bin/bash
rm -rf /config/.ssh/id_sign
rm -rf /config/.ssh/id_sign.pub
git config --global --unset gpg.format
git config --global --unset user.signingkey
git config --global --unset commit.gpgsign
'''
script{
env.JOB_DATE = sh(
script: '''date '+%Y-%m-%dT%H:%M:%S%:z' ''',
returnStdout: true).trim()
if (env.EXIT_STATUS == "ABORTED"){
sh 'echo "build aborted"'
}
else if (currentBuild.currentResult == "SUCCESS"){
sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 1681177,\
"description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** Success\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
"username": "Jenkins"}' ${BUILDS_DISCORD} '''
}
else {
sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 16711680,\
"description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** failure\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
}else{
if (currentBuild.currentResult == "SUCCESS"){
if (env.GITHUBIMAGE =~ /lspipepr/){
env.JOB_WEBHOOK_STATUS='Success'
env.JOB_WEBHOOK_COLOUR=3957028
env.JOB_WEBHOOK_FOOTER='PR Build'
}else if (env.GITHUBIMAGE =~ /lsiodev/){
env.JOB_WEBHOOK_STATUS='Success'
env.JOB_WEBHOOK_COLOUR=3957028
env.JOB_WEBHOOK_FOOTER='Dev Build'
}else{
env.JOB_WEBHOOK_STATUS='Success'
env.JOB_WEBHOOK_COLOUR=1681177
env.JOB_WEBHOOK_FOOTER='Live Build'
}
}else{
if (env.GITHUBIMAGE =~ /lspipepr/){
env.JOB_WEBHOOK_STATUS='Failure'
env.JOB_WEBHOOK_COLOUR=12669523
env.JOB_WEBHOOK_FOOTER='PR Build'
}else if (env.GITHUBIMAGE =~ /lsiodev/){
env.JOB_WEBHOOK_STATUS='Failure'
env.JOB_WEBHOOK_COLOUR=12669523
env.JOB_WEBHOOK_FOOTER='Dev Build'
}else{
env.JOB_WEBHOOK_STATUS='Failure'
env.JOB_WEBHOOK_COLOUR=16711680
env.JOB_WEBHOOK_FOOTER='Live Build'
}
}
sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"'color'": '${JOB_WEBHOOK_COLOUR}',\
"footer": {"text" : "'"${JOB_WEBHOOK_FOOTER}"'"},\
"timestamp": "'${JOB_DATE}'",\
"description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** '${JOB_WEBHOOK_STATUS}'\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
"username": "Jenkins"}' ${BUILDS_DISCORD} '''
}
}
@ -1029,3 +1073,20 @@ EOF
}
}
}
def retry_backoff(int max_attempts, int power_base, Closure c) {
int n = 0
while (n < max_attempts) {
try {
c()
return
} catch (err) {
if ((n + 1) >= max_attempts) {
throw err
}
sleep(power_base ** n)
n++
}
}
return
}

12
README.md
View File

@ -28,7 +28,7 @@ Find us at:
# [linuxserver/swag](https://github.com/linuxserver/docker-swag)
[![Scarf.io pulls](https://scarf.sh/installs-badge/linuxserver-ci/linuxserver%2Fswag?color=94398d&label-color=555555&logo-color=ffffff&style=for-the-badge&package-type=docker)](https://scarf.sh/gateway/linuxserver-ci/docker/linuxserver%2Fswag)
[![Scarf.io pulls](https://scarf.sh/installs-badge/linuxserver-ci/linuxserver%2Fswag?color=94398d&label-color=555555&logo-color=ffffff&style=for-the-badge&package-type=docker)](https://scarf.sh)
[![GitHub Stars](https://img.shields.io/github/stars/linuxserver/docker-swag.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-swag)
[![GitHub Release](https://img.shields.io/github/release/linuxserver/docker-swag.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-swag/releases)
[![GitHub Package Repository](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub%20Package&logo=github)](https://github.com/linuxserver/docker-swag/packages)
@ -76,7 +76,7 @@ The architectures supported by this image are:
### Certbot Plugins
SWAG includes many Certbot plugins out of the box, but not all plugins can be includes.
SWAG includes many Certbot plugins out of the box, but not all plugins can be included.
If you need a plugin that is not included, the quickest way to have the plugin available is to use our [Universal Package Install Docker Mod](https://github.com/linuxserver/docker-mods/tree/universal-package-install).
Set the following environment variables on your container:
@ -227,7 +227,7 @@ Containers are configured using parameters passed at runtime (such as those abov
| `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
| `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynudns`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
| `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
@ -375,7 +375,8 @@ Below are the instructions for updating containers:
### Image Update Notifications - Diun (Docker Image Update Notifier)
**tip**: We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported.
>[!TIP]
>We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported.
## Building locally
@ -400,6 +401,9 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions
* **30.08.24:** - Fix zerossl cert revocation.
* **24.07.14:** - Rebase to Alpine 3.20. Remove deprecated Google Domains certbot plugin. Existing users should update their nginx confs to avoid http2 deprecation warnings.
* **01.07.24:** - Fall back to iptables-legacy if iptables doesn't work.
* **23.03.24:** - Fix perms on the generated `priv-fullchain-bundle.pem`.
* **14.03.24:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf - Update Authelia conf samples with support for 4.38.
* **11.03.24:** - Restore support for DynuDNS using `certbot-dns-dynudns`.

1
jenkins-vars.yml
View File

@ -6,7 +6,6 @@ external_type: pip_version
release_type: stable
release_tag: latest
ls_branch: master
build_armhf: false
repo_vars:
- EXT_PIP = 'certbot'
- BUILD_VERSION_ARG = 'CERTBOT_VERSION'

500
package_versions.txt
View File

@ -1,52 +1,50 @@
NAME VERSION TYPE
ConfigArgParse 1.7 python
PyJWT 2.8.0 python
PyNamecheap 0.0.3 python
PyYAML 6.0.1 python
Simple Launcher 1.1.0.14 dotnet (+5 duplicates)
acme 2.10.0 python
alpine-baselayout 3.4.3-r2 apk
alpine-baselayout-data 3.4.3-r2 apk
acme 2.11.0 python
alpine-baselayout 3.6.5-r0 apk
alpine-baselayout-data 3.6.5-r0 apk
alpine-keys 2.4-r1 apk
alpine-release 3.19.1-r0 apk
aom-libs 3.7.1-r0 apk
apache2-utils 2.4.59-r0 apk
alpine-release 3.20.3-r0 apk
aom-libs 3.9.1-r0 apk
apache2-utils 2.4.62-r0 apk
apk-tools 2.14.4-r0 apk
apr 1.7.4-r0 apk
apr 1.7.5-r0 apk
apr-util 1.6.3-r1 apk
argon2-libs 20190702-r5 apk
attrs 23.2.0 python
attrs 24.2.0 python
autocommand 2.2.2 python
azure-common 1.1.28 python
azure-core 1.30.1 python
azure-identity 1.16.0 python
azure-core 1.31.0 python
azure-identity 1.19.0 python
azure-mgmt-core 1.4.0 python
azure-mgmt-dns 8.1.0 python
bash 5.2.21-r0 apk
backports-tarfile 1.2.0 python
bash 5.2.26-r0 apk
beautifulsoup4 4.12.3 python
boto3 1.34.108 python
botocore 1.34.108 python
brotli-libs 1.1.0-r1 apk
boto3 1.35.44 python
botocore 1.35.44 python
brotli-libs 1.1.0-r2 apk
bs4 0.0.2 python
busybox 1.36.1-r15 apk
busybox-binsh 1.36.1-r15 apk
c-ares 1.27.0-r0 apk
busybox 1.36.1-r29 apk
busybox-binsh 1.36.1-r29 apk
c-ares 1.28.1-r0 apk
c-client 2007f-r15 apk
ca-certificates 20240226-r0 apk
ca-certificates-bundle 20240226-r0 apk
cachetools 5.3.3 python
ca-certificates 20240705-r0 apk
ca-certificates-bundle 20240705-r0 apk
cachetools 5.5.0 python
catatonit 0.2.0-r0 apk
certbot 2.10.0 python
certbot 2.11.0 python
certbot-dns-acmedns 0.1.0 python
certbot-dns-aliyun 2.0.0 python
certbot-dns-azure 2.5.0 python
certbot-dns-bunny 0.0.9 python
certbot-dns-cloudflare 2.10.0 python
certbot-dns-cloudflare 2.11.0 python
certbot-dns-cpanel 0.4.0 python
certbot-dns-desec 1.2.1 python
certbot-dns-digitalocean 2.10.0 python
certbot-dns-digitalocean 2.11.0 python
certbot-dns-directadmin 1.0.4 python
certbot-dns-dnsimple 2.10.0 python
certbot-dns-dnsmadeeasy 2.10.0 python
certbot-dns-dnsimple 2.11.0 python
certbot-dns-dnsmadeeasy 2.11.0 python
certbot-dns-dnspod 0.1.0 python
certbot-dns-do 0.31.0 python
certbot-dns-domeneshop 0.2.9 python
@ -54,296 +52,312 @@ certbot-dns-dreamhost 1.0 python
certbot-dns-duckdns 1.3 python
certbot-dns-dynudns 0.0.6 python
certbot-dns-freedns 0.2.0 python
certbot-dns-gehirn 2.10.0 python
certbot-dns-gehirn 2.11.0 python
certbot-dns-glesys 2.1.0 python
certbot-dns-godaddy 2.8.0 python
certbot-dns-google 2.10.0 python
certbot-dns-google-domains 0.1.11 python
certbot-dns-google 2.11.0 python
certbot-dns-he 1.0.0 python
certbot-dns-hetzner 2.0.0 python
certbot-dns-hetzner 2.0.1 python
certbot-dns-infomaniak 0.2.2 python
certbot-dns-inwx 2.2.0 python
certbot-dns-ionos 2024.1.8 python
certbot-dns-linode 2.10.0 python
certbot-dns-linode 2.11.0 python
certbot-dns-loopia 1.0.1 python
certbot-dns-luadns 2.10.0 python
certbot-dns-luadns 2.11.0 python
certbot-dns-namecheap 1.0.0 python
certbot-dns-netcup 1.4.3 python
certbot-dns-njalla 1.0.0 python
certbot-dns-nsone 2.10.0 python
certbot-dns-ovh 2.10.0 python
certbot-dns-nsone 2.11.0 python
certbot-dns-ovh 2.11.0 python
certbot-dns-porkbun 0.8 python
certbot-dns-rfc2136 2.10.0 python
certbot-dns-route53 2.10.0 python
certbot-dns-sakuracloud 2.10.0 python
certbot-dns-rfc2136 2.11.0 python
certbot-dns-route53 2.11.0 python
certbot-dns-sakuracloud 2.11.0 python
certbot-dns-standalone 1.1 python
certbot-dns-transip 0.5.2 python
certbot-dns-vultr 1.1.0 python
certbot-plugin-gandi 1.5.0 python
certifi 2024.2.2 python
cffi 1.16.0 python
charset-normalizer 3.3.2 python
cloudflare 2.20.0 python
composer 2.7.6 binary
configobj 5.0.8 python
coreutils 9.4-r2 apk
coreutils-env 9.4-r2 apk
coreutils-fmt 9.4-r2 apk
coreutils-sha512sum 9.4-r2 apk
cryptography 42.0.7 python
curl 8.5.0-r0 apk
dataclasses-json 0.5.14 python
certifi 2024.8.30 python
cffi 1.17.1 python
charset-normalizer 3.4.0 python
cloudflare 2.19.4 python
composer 2.7.9 binary
configargparse 1.7 python
configobj 5.0.9 python
coreutils 9.5-r1 apk
coreutils-env 9.5-r1 apk
coreutils-fmt 9.5-r1 apk
coreutils-sha512sum 9.5-r1 apk
cryptography 43.0.3 python
curl 8.9.1-r2 apk
distro 1.9.0 python
dns-lexicon 3.17.0 python
dnslib 0.9.24 python
dnspython 2.6.1 python
dns-lexicon 3.18.0 python
dnslib 0.9.25 python
dnspython 2.7.0 python
domeneshop 0.4.4 python
fail2ban 1.0.2 python
fail2ban 1.0.2-r3 apk
fail2ban-pyc 1.0.2-r3 apk
filelock 3.14.0 python
fail2ban 1.1.0 python
fail2ban 1.1.0-r0 apk
fail2ban-pyc 1.1.0-r0 apk
filelock 3.16.1 python
findutils 4.9.0-r5 apk
fontconfig 2.14.2-r4 apk
fontconfig 2.15.0-r1 apk
freetype 2.13.2-r0 apk
future 1.0.0 python
gdbm 1.23-r1 apk
git 2.43.4-r0 apk
git-perl 2.43.4-r0 apk
gmp 6.3.0-r0 apk
gnupg 2.4.4-r0 apk
gnupg-dirmngr 2.4.4-r0 apk
gnupg-gpgconf 2.4.4-r0 apk
gnupg-keyboxd 2.4.4-r0 apk
gnupg-utils 2.4.4-r0 apk
gnupg-wks-client 2.4.4-r0 apk
gnutls 3.8.4-r0 apk
google-api-core 2.19.0 python
google-api-python-client 2.129.0 python
google-auth 2.29.0 python
git 2.45.2-r0 apk
git-init-template 2.45.2-r0 apk
git-perl 2.45.2-r0 apk
gmp 6.3.0-r1 apk
gnupg 2.4.5-r0 apk
gnupg-dirmngr 2.4.5-r0 apk
gnupg-gpgconf 2.4.5-r0 apk
gnupg-keyboxd 2.4.5-r0 apk
gnupg-utils 2.4.5-r0 apk
gnupg-wks-client 2.4.5-r0 apk
gnutls 3.8.5-r0 apk
google-api-core 2.21.0 python
google-api-python-client 2.149.0 python
google-auth 2.35.0 python
google-auth-httplib2 0.2.0 python
googleapis-common-protos 1.63.0 python
gpg 2.4.4-r0 apk
gpg-agent 2.4.4-r0 apk
gpg-wks-server 2.4.4-r0 apk
gpgsm 2.4.4-r0 apk
gpgv 2.4.4-r0 apk
googleapis-common-protos 1.65.0 python
gpg 2.4.5-r0 apk
gpg-agent 2.4.5-r0 apk
gpg-wks-server 2.4.5-r0 apk
gpgsm 2.4.5-r0 apk
gpgv 2.4.5-r0 apk
httplib2 0.22.0 python
icu-data-en 74.1-r0 apk
icu-libs 74.1-r0 apk
idna 3.7 python
icu-data-en 74.2-r0 apk
icu-libs 74.2-r0 apk
idna 3.10 python
importlib-metadata 8.0.0 python
importlib-resources 6.4.0 python
inflect 7.3.1 python
iptables 1.8.10-r3 apk
isodate 0.6.1 python
iptables-legacy 1.8.10-r3 apk
isodate 0.7.2 python
jaraco-collections 5.1.0 python
jaraco-context 5.3.0 python
jaraco-functools 4.0.1 python
jaraco-text 3.12.1 python
jmespath 1.0.1 python
josepy 1.14.0 python
jq 1.7.1-r0 apk
jsonlines 4.0.0 python
jsonpickle 3.0.4 python
libacl 2.3.1-r4 apk
libassuan 2.5.6-r1 apk
libattr 2.5.1-r5 apk
libavif 1.0.3-r0 apk
libbsd 0.11.7-r3 apk
jsonpickle 3.3.0 python
libacl 2.3.2-r0 apk
libassuan 2.5.7-r0 apk
libattr 2.5.2-r0 apk
libavif 1.0.4-r0 apk
libbsd 0.12.2-r0 apk
libbz2 1.0.8-r6 apk
libc-utils 0.7.2-r5 apk
libcrypto3 3.1.4-r6 apk
libcurl 8.5.0-r0 apk
libdav1d 1.3.0-r1 apk
libedit 20230828.3.1-r3 apk
libcrypto3 3.3.2-r0 apk
libcurl 8.9.1-r2 apk
libdav1d 1.4.2-r0 apk
libedit 20240517.3.1-r0 apk
libevent 2.1.12-r7 apk
libexpat 2.6.2-r0 apk
libffi 3.4.4-r3 apk
libgcc 13.2.1_git20231014-r0 apk
libexpat 2.6.3-r0 apk
libffi 3.4.6-r0 apk
libgcc 13.2.1_git20240309-r0 apk
libgcrypt 1.10.3-r0 apk
libgd 2.3.3-r8 apk
libgpg-error 1.47-r2 apk
libice 1.1.1-r5 apk
libidn2 2.3.4-r4 apk
libintl 0.22.3-r0 apk
libjpeg-turbo 3.0.1-r0 apk
libksba 1.6.5-r0 apk
libldap 2.6.6-r1 apk
libmaxminddb-libs 1.7.1-r2 apk
libgd 2.3.3-r9 apk
libgpg-error 1.49-r0 apk
libice 1.1.1-r6 apk
libidn2 2.3.7-r0 apk
libintl 0.22.5-r0 apk
libip4tc 1.8.10-r3 apk
libip6tc 1.8.10-r3 apk
libjpeg-turbo 3.0.3-r0 apk
libksba 1.6.6-r0 apk
libldap 2.6.8-r0 apk
libmaxminddb-libs 1.9.1-r0 apk
libmcrypt 2.5.8-r10 apk
libmd 1.1.0-r0 apk
libmemcached-libs 1.1.4-r1 apk
libmnl 1.0.5-r2 apk
libncursesw 6.4_p20231125-r0 apk
libncursesw 6.4_p20240420-r1 apk
libnftnl 1.2.6-r0 apk
libpanelw 6.4_p20231125-r0 apk
libpng 1.6.40-r0 apk
libpanelw 6.4_p20240420-r1 apk
libpng 1.6.44-r0 apk
libpq 16.3-r0 apk
libproc2 4.0.4-r0 apk
libsasl 2.1.28-r5 apk
libseccomp 2.5.5-r0 apk
libpsl 0.21.5-r1 apk
libsasl 2.1.28-r6 apk
libseccomp 2.5.5-r1 apk
libsharpyuv 1.3.2-r0 apk
libsm 1.2.4-r3 apk
libsm 1.2.4-r4 apk
libsodium 1.0.19-r0 apk
libssl3 3.1.4-r6 apk
libstdc++ 13.2.1_git20231014-r0 apk
libssl3 3.3.2-r0 apk
libstdc++ 13.2.1_git20240309-r0 apk
libtasn1 4.19.0-r2 apk
libunistring 1.1-r2 apk
libuuid 2.39.3-r0 apk
libunistring 1.2-r0 apk
libuuid 2.40.1-r1 apk
libwebp 1.3.2-r0 apk
libx11 1.8.7-r0 apk
libxau 1.0.11-r3 apk
libxcb 1.16-r0 apk
libxdmcp 1.1.4-r3 apk
libxext 1.3.5-r3 apk
libxml2 2.11.7-r0 apk
libx11 1.8.9-r1 apk
libxau 1.0.11-r4 apk
libxcb 1.16.1-r0 apk
libxdmcp 1.1.5-r1 apk
libxext 1.3.6-r2 apk
libxml2 2.12.7-r0 apk
libxpm 3.5.17-r0 apk
libxslt 1.1.39-r0 apk
libxt 1.3.0-r4 apk
libxslt 1.1.39-r1 apk
libxt 1.3.0-r5 apk
libxtables 1.8.10-r3 apk
libzip 1.10.1-r0 apk
linux-pam 1.5.3-r7 apk
linux-pam 1.6.0-r0 apk
logrotate 3.21.0-r1 apk
loopialib 0.2.0 python
lxml 5.2.2 python
lxml 5.3.0 python
lz4-libs 1.9.4-r5 apk
marshmallow 3.21.2 python
memcached 1.6.22-r0 apk
memcached 1.6.27-r0 apk
mock 5.1.0 python
mpdecimal 2.5.1-r2 apk
msal 1.28.0 python
msal-extensions 1.1.0 python
musl 1.2.4_git20230717-r4 apk
musl-utils 1.2.4_git20230717-r4 apk
mypy-extensions 1.0.0 python
nano 7.2-r1 apk
ncurses-terminfo-base 6.4_p20231125-r0 apk
more-itertools 10.3.0 python
mpdecimal 4.0.0-r0 apk
msal 1.31.0 python
msal-extensions 1.2.0 python
musl 1.2.5-r0 apk
musl-utils 1.2.5-r0 apk
my-test-package 1.0 python
nano 8.0-r0 apk
ncurses-terminfo-base 6.4_p20240420-r1 apk
netcat-openbsd 1.226-r0 apk
nettle 3.9.1-r0 apk
nghttp2-libs 1.58.0-r0 apk
nginx 1.24.0-r16 apk
nginx-mod-devel-kit 1.24.0-r16 apk
nginx-mod-http-brotli 1.24.0-r16 apk
nginx-mod-http-dav-ext 1.24.0-r16 apk
nginx-mod-http-echo 1.24.0-r16 apk
nginx-mod-http-fancyindex 1.24.0-r16 apk
nginx-mod-http-geoip2 1.24.0-r16 apk
nginx-mod-http-headers-more 1.24.0-r16 apk
nginx-mod-http-image-filter 1.24.0-r16 apk
nginx-mod-http-perl 1.24.0-r16 apk
nginx-mod-http-redis2 1.24.0-r16 apk
nginx-mod-http-set-misc 1.24.0-r16 apk
nginx-mod-http-upload-progress 1.24.0-r16 apk
nginx-mod-http-xslt-filter 1.24.0-r16 apk
nginx-mod-mail 1.24.0-r16 apk
nginx-mod-rtmp 1.24.0-r16 apk
nginx-mod-stream 1.24.0-r16 apk
nginx-mod-stream-geoip2 1.24.0-r16 apk
nginx-vim 1.24.0-r16 apk
nghttp2-libs 1.62.1-r0 apk
nginx 1.26.2-r0 apk
nginx-mod-devel-kit 1.26.2-r0 apk
nginx-mod-http-brotli 1.26.2-r0 apk
nginx-mod-http-dav-ext 1.26.2-r0 apk
nginx-mod-http-echo 1.26.2-r0 apk
nginx-mod-http-fancyindex 1.26.2-r0 apk
nginx-mod-http-geoip2 1.26.2-r0 apk
nginx-mod-http-headers-more 1.26.2-r0 apk
nginx-mod-http-image-filter 1.26.2-r0 apk
nginx-mod-http-perl 1.26.2-r0 apk
nginx-mod-http-redis2 1.26.2-r0 apk
nginx-mod-http-set-misc 1.26.2-r0 apk
nginx-mod-http-upload-progress 1.26.2-r0 apk
nginx-mod-http-xslt-filter 1.26.2-r0 apk
nginx-mod-mail 1.26.2-r0 apk
nginx-mod-rtmp 1.26.2-r0 apk
nginx-mod-stream 1.26.2-r0 apk
nginx-mod-stream-geoip2 1.26.2-r0 apk
nginx-vim 1.26.2-r0 apk
npth 1.6-r4 apk
oniguruma 6.9.9-r0 apk
openssl 3.1.4-r6 apk
openssl 3.3.2-r0 apk
p11-kit 0.25.3-r0 apk
packaging 24.0 python
packaging 24.1 python
parsedatetime 2.6 python
pcre 8.45-r3 apk
pcre2 10.42-r2 apk
pcre2 10.43-r0 apk
perl 5.38.2-r0 apk
perl-error 0.17029-r2 apk
perl-git 2.43.4-r0 apk
php83 8.3.7-r0 apk
php83-bcmath 8.3.7-r0 apk
php83-bz2 8.3.7-r0 apk
php83-common 8.3.7-r0 apk
php83-ctype 8.3.7-r0 apk
php83-curl 8.3.7-r0 apk
php83-dom 8.3.7-r0 apk
php83-exif 8.3.7-r0 apk
php83-fileinfo 8.3.7-r0 apk
php83-fpm 8.3.7-r0 apk
php83-ftp 8.3.7-r0 apk
php83-gd 8.3.7-r0 apk
php83-gmp 8.3.7-r0 apk
php83-iconv 8.3.7-r0 apk
php83-imap 8.3.7-r0 apk
php83-intl 8.3.7-r0 apk
php83-ldap 8.3.7-r0 apk
php83-mbstring 8.3.7-r0 apk
php83-mysqli 8.3.7-r0 apk
php83-mysqlnd 8.3.7-r0 apk
php83-opcache 8.3.7-r0 apk
php83-openssl 8.3.7-r0 apk
php83-pdo 8.3.7-r0 apk
php83-pdo_mysql 8.3.7-r0 apk
php83-pdo_odbc 8.3.7-r0 apk
php83-pdo_pgsql 8.3.7-r0 apk
php83-pdo_sqlite 8.3.7-r0 apk
php83-pear 8.3.7-r0 apk
perl-git 2.45.2-r0 apk
php83 8.3.12-r0 apk
php83-bcmath 8.3.12-r0 apk
php83-bz2 8.3.12-r0 apk
php83-common 8.3.12-r0 apk
php83-ctype 8.3.12-r0 apk
php83-curl 8.3.12-r0 apk
php83-dom 8.3.12-r0 apk
php83-exif 8.3.12-r0 apk
php83-fileinfo 8.3.12-r0 apk
php83-fpm 8.3.12-r0 apk
php83-ftp 8.3.12-r0 apk
php83-gd 8.3.12-r0 apk
php83-gmp 8.3.12-r0 apk
php83-iconv 8.3.12-r0 apk
php83-imap 8.3.12-r0 apk
php83-intl 8.3.12-r0 apk
php83-ldap 8.3.12-r0 apk
php83-mbstring 8.3.12-r0 apk
php83-mysqli 8.3.12-r0 apk
php83-mysqlnd 8.3.12-r0 apk
php83-opcache 8.3.12-r0 apk
php83-openssl 8.3.12-r0 apk
php83-pdo 8.3.12-r0 apk
php83-pdo_mysql 8.3.12-r0 apk
php83-pdo_odbc 8.3.12-r0 apk
php83-pdo_pgsql 8.3.12-r0 apk
php83-pdo_sqlite 8.3.12-r0 apk
php83-pear 8.3.12-r0 apk
php83-pecl-apcu 5.1.23-r0 apk
php83-pecl-igbinary 3.2.15-r0 apk
php83-pecl-mcrypt 1.0.7-r0 apk
php83-pecl-memcached 3.2.0-r0 apk
php83-pecl-msgpack 2.2.0-r1 apk
php83-pecl-redis 6.0.2-r0 apk
php83-pgsql 8.3.7-r0 apk
php83-phar 8.3.7-r0 apk
php83-posix 8.3.7-r0 apk
php83-session 8.3.7-r0 apk
php83-simplexml 8.3.7-r0 apk
php83-soap 8.3.7-r0 apk
php83-sockets 8.3.7-r0 apk
php83-sodium 8.3.7-r0 apk
php83-sqlite3 8.3.7-r0 apk
php83-tokenizer 8.3.7-r0 apk
php83-xml 8.3.7-r0 apk
php83-xmlreader 8.3.7-r0 apk
php83-xmlwriter 8.3.7-r0 apk
php83-xsl 8.3.7-r0 apk
php83-zip 8.3.7-r0 apk
pinentry 1.2.1-r1 apk
pip 24.0 python
php83-pecl-msgpack 2.2.0-r2 apk
php83-pecl-redis 6.1.0-r0 apk
php83-pgsql 8.3.12-r0 apk
php83-phar 8.3.12-r0 apk
php83-posix 8.3.12-r0 apk
php83-session 8.3.12-r0 apk
php83-simplexml 8.3.12-r0 apk
php83-soap 8.3.12-r0 apk
php83-sockets 8.3.12-r0 apk
php83-sodium 8.3.12-r0 apk
php83-sqlite3 8.3.12-r0 apk
php83-tokenizer 8.3.12-r0 apk
php83-xml 8.3.12-r0 apk
php83-xmlreader 8.3.12-r0 apk
php83-xmlwriter 8.3.12-r0 apk
php83-xsl 8.3.12-r0 apk
php83-zip 8.3.12-r0 apk
pinentry 1.3.0-r0 apk
pip 24.2 python
pkb-client 1.2 python
platformdirs 4.2.2 python
popt 1.19-r3 apk
portalocker 2.8.2 python
portalocker 2.10.1 python
procps-ng 4.0.4-r0 apk
proto-plus 1.23.0 python
protobuf 4.25.3 python
publicsuffixlist 0.9.4 python
pyOpenSSL 24.1.0 python
pyRFC3339 1.1 python
proto-plus 1.24.0 python
protobuf 5.28.2 python
pyacmedns 0.4 python
pyasn1 0.6.0 python
pyasn1_modules 0.4.0 python
pyc 3.11.9-r0 apk
pyasn1 0.6.1 python
pyasn1-modules 0.4.1 python
pyc 3.12.7-r0 apk
pycparser 2.22 python
pyjwt 2.9.0 python
pynamecheap 0.0.3 python
pyopenssl 24.2.1 python
pyotp 2.9.0 python
pyparsing 3.1.2 python
pyparsing 3.2.0 python
pyrfc3339 1.1 python
python-dateutil 2.9.0.post0 python
python-digitalocean 1.17.0 python
python-transip 0.6.0 python
python3 3.11.9-r0 apk
python3-pyc 3.11.9-r0 apk
python3-pycache-pyc0 3.11.9-r0 apk
pytz 2024.1 python
readline 8.2.1-r2 apk
requests 2.31.0 python
requests-file 2.0.0 python
python3 3.12.7-r0 apk
python3-pyc 3.12.7-r0 apk
python3-pycache-pyc0 3.12.7-r0 apk
pytz 2024.2 python
pyyaml 6.0.2 python
readline 8.2.10-r0 apk
requests 2.32.3 python
requests-file 2.1.0 python
requests-mock 1.12.1 python
rsa 4.9 python
s3transfer 0.10.1 python
s3transfer 0.10.3 python
scanelf 1.3.7-r2 apk
setuptools 65.5.0 python
shadow 4.14.2-r0 apk
setuptools 75.2.0 python
shadow 4.15.1-r0 apk
six 1.16.0 python
skalibs 2.14.0.1-r0 apk
soupsieve 2.5 python
sqlite-libs 3.44.2-r0 apk
ssl_client 1.36.1-r15 apk
tiff 4.6.0-r0 apk
skalibs 2.14.1.1-r0 apk
soupsieve 2.6 python
sqlite-libs 3.45.3-r1 apk
ssl_client 1.36.1-r29 apk
tiff 4.6.0t-r0 apk
tldextract 5.1.2 python
typing-inspect 0.9.0 python
typing_extensions 4.11.0 python
tzdata 2024a-r0 apk
tomli 2.0.1 python
typeguard 4.3.0 python
typing-extensions 4.12.2 python (+1 duplicate)
tzdata 2024b-r0 apk
unixodbc 2.3.12-r0 apk
uritemplate 4.1.1 python
urllib3 2.2.1 python
utmps-libs 0.1.2.2-r0 apk
urllib3 2.2.3 python
utmps-libs 0.1.2.2-r1 apk
wheel 0.43.0 python
whois 5.5.20-r0 apk
xz-libs 5.4.5-r0 apk
zlib 1.3.1-r0 apk
zope.interface 6.4 python
zstd-libs 1.5.5-r8 apk
wheel 0.44.0 python
whois 5.5.23-r0 apk
xz-libs 5.6.2-r0 apk
zipp 3.19.2 python
zlib 1.3.1-r1 apk
zope-interface 7.1.0 python
zstd-libs 1.5.6-r0 apk

40
readme-vars.yml
View File

@ -7,40 +7,24 @@ project_logo: "https://github.com/linuxserver/docker-templates/raw/master/linuxs
project_blurb: "SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention."
project_lsio_github_repo_url: "https://github.com/linuxserver/docker-{{ project_name }}"
project_blurb_optional_extras_enabled: false
project_blurb_optional_extras: []
# supported architectures
available_architectures:
- { arch: "{{ arch_x86_64 }}", tag: "amd64-latest"}
- { arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"}
# development version
development_versions: false
development_versions_items:
- { tag: "latest", desc: "Stable releases" }
# container parameters
common_param_env_vars_enabled: true #PGID, PUID, etc, you can set it to 'optional'
common_param_env_vars_enabled: true
param_container_name: "{{ project_name }}"
param_usage_include_net: false #you can set it to 'optional'
param_net: "host"
param_net_desc: "Shares host networking with container."
param_usage_include_env: true
param_env_vars:
- { env_var: "TZ", env_value: "Europe/London", desc: "Specify a timezone to use EG Europe/London." }
- { env_var: "URL", env_value: "yourdomain.url", desc: "Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns)." }
- { env_var: "VALIDATION", env_value: "http", desc: "Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set)." }
- { env_var: "VALIDATION", env_value: "http", desc: "Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set).", env_options: ["http", "dns"] }
param_usage_include_vols: true
param_volumes:
- { vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Persistent config files" }
param_usage_include_ports: true
param_ports:
- { external_port: "443", internal_port: "443", port_desc: "Https port" }
param_device_map: false
param_devices:
- { device_path: "/dev/dri", device_host_path: "/dev/dri", desc: "For hardware transcoding" }
cap_add_param: true
cap_add_param_vars:
- { cap_add_var: "NET_ADMIN" }
@ -50,27 +34,15 @@ opt_param_usage_include_env: true
opt_param_env_vars:
- { env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)" }
- { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." }
- { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
- { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
- { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." }
- { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." }
- { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
- { env_var: "EXTRA_DOMAINS", env_value: "", desc: "Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org`" }
- { env_var: "STAGING", env_value: "false", desc: "Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes." }
opt_param_usage_include_vols: false
opt_param_volumes:
- { vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Persistent config files" }
opt_param_usage_include_ports: true
opt_param_ports:
- { external_port: "80", internal_port: "80", port_desc: "Http port (required for http validation and http -> https redirect)" }
opt_param_device_map: false
opt_param_devices:
- { device_path: "/dev/dri", device_host_path: "/dev/dri", desc: "For hardware transcoding" }
opt_cap_add_param: false
opt_cap_add_param_vars:
- { cap_add_var: "NET_ADMIN" }
optional_block_1: false
optional_block_1_items: ""
# application setup block
app_setup_block_enabled: true
@ -92,7 +64,7 @@ app_setup_block: |
### Certbot Plugins
SWAG includes many Certbot plugins out of the box, but not all plugins can be includes.
SWAG includes many Certbot plugins out of the box, but not all plugins can be included.
If you need a plugin that is not included, the quickest way to have the plugin available is to use our [Universal Package Install Docker Mod](https://github.com/linuxserver/docker-mods/tree/universal-package-install).
Set the following environment variables on your container:
@ -168,6 +140,10 @@ app_setup_block: |
# changelog
changelogs:
- { date: "21.10.24:", desc: "Fix naming issue with Dynu plugin. If you are using Dynu, please make sure your credentials are set in /config/dns-conf/dynu.ini and your DNSPLUGIN variable is set to dynu (not dynudns)." }
- { date: "30.08.24:", desc: "Fix zerossl cert revocation." }
- { date: "24.07.14:", desc: "Rebase to Alpine 3.20. Remove deprecated Google Domains certbot plugin. Existing users should update their nginx confs to avoid http2 deprecation warnings."}
- { date: "01.07.24:", desc: "Fall back to iptables-legacy if iptables doesn't work." }
- { date: "23.03.24:", desc: "Fix perms on the generated `priv-fullchain-bundle.pem`." }
- { date: "14.03.24:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf - Update Authelia conf samples with support for 4.38." }
- { date: "11.03.24:", desc: "Restore support for DynuDNS using `certbot-dns-dynudns`." }

4
root/defaults/dns-conf/google-domains.ini
View File

@ -1,4 +0,0 @@
# Instructions: https://github.com/aaomidi/certbot-dns-google-domains#credentials
# Replace with your value
dns_google_domains_access_token = abcdef
dns_google_domains_zone = example.com

6
root/defaults/nginx/site-confs/default.conf.sample
View File

@ -1,4 +1,4 @@
## Version 2024/03/06 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
## Version 2024/07/16 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
# redirect all traffic to https
server {
@ -12,8 +12,8 @@ server {
# main server block
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name _;

13
root/etc/s6-overlay/s6-rc.d/init-certbot-config/run
View File

@ -189,24 +189,15 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
[[ ! "${STAGING}" = "${ORIGSTAGING}" ]] ||
[[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then
if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]]; then
REV_ACMESERVER=("https://acme.zerossl.com/v2/DV90")
REV_ZEROSSL_EAB_KID=$(awk -F "=" '/eab-kid/ {print $2}' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" | tr -d ' ')
REV_ZEROSSL_EAB_HMAC_KEY=$(awk -F "=" '/eab-hmac-key/ {print $2}' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" | tr -d ' ')
if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
REV_ZEROSSL_EAB_KID=$(awk -F "=" '/eab-kid/ {print $2}' /config/etc/letsencrypt/cli.ini | tr -d ' ')
REV_ZEROSSL_EAB_HMAC_KEY=$(awk -F "=" '/eab-hmac-key/ {print $2}' /config/etc/letsencrypt/cli.ini | tr -d ' ')
fi
if [[ -n "${REV_ZEROSSL_EAB_KID}" ]] && [[ -n "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
REV_ACMESERVER+=("--eab-kid" "${REV_ZEROSSL_EAB_KID}" "--eab-hmac-key" "${REV_ZEROSSL_EAB_HMAC_KEY}")
fi
elif [[ "${ORIGSTAGING}" = "true" ]]; then
REV_ACMESERVER=("https://acme-staging-v02.api.letsencrypt.org/directory")
else
REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
fi
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --key-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/privkey.pem --server "${REV_ACMESERVER[@]}" || true
else
certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
fi

9
root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run
View File

@ -1,6 +1,15 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
if ! iptables -L &> /dev/null; then
ln -sf /sbin/xtables-legacy-multi /sbin/iptables
ln -sf /sbin/xtables-legacy-multi /sbin/iptables-save
ln -sf /sbin/xtables-legacy-multi /sbin/iptables-restore
ln -sf /sbin/xtables-legacy-multi /sbin/ip6tables
ln -sf /sbin/xtables-legacy-multi /sbin/ip6tables-save
ln -sf /sbin/xtables-legacy-multi /sbin/ip6tables-restore
fi
# copy/update the fail2ban config defaults to/in /config
cp -R /defaults/fail2ban/filter.d /config/fail2ban/
cp -R /defaults/fail2ban/action.d /config/fail2ban/