Infra-Mirrors/docker-swag
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-swag.git synced 2024-12-18 12:14:27 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into dynu

Browse Source
This commit is contained in:
Eric Nemchik 2024-10-21 13:50:19 -05:00 committed by GitHub
commit 8decebad67
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
16 changed files with 539 additions and 484 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
.github/workflows/external_trigger.yml vendored
View File

@ -11,18 +11,23 @@ jobs:
- name: External Trigger - name: External Trigger
if: github.ref == 'refs/heads/master' if: github.ref == 'refs/heads/master'
env:
SKIP_EXTERNAL_TRIGGER: ${{ vars.SKIP_EXTERNAL_TRIGGER }}
run: | run: |
if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER }}" ]; then printf "# External trigger for docker-swag\n\n" >> $GITHUB_STEP_SUMMARY
echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER is set; skipping trigger. ****" if grep -q "^swag_master" <<< "${SKIP_EXTERNAL_TRIGGER}"; then
echo "Github secret \`PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` contains \`swag_master\`; skipping trigger." >> $GITHUB_STEP_SUMMARY
exit 0 exit 0
fi fi
echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\". ****" echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
echo "External trigger running off of master branch. To disable this trigger, set a Github secret named \`PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\`" >> $GITHUB_STEP_SUMMARY echo "> External trigger running off of master branch. To disable this trigger, add \`swag_master\` into the Github organizational variable \`SKIP_EXTERNAL_TRIGGER\`." >> $GITHUB_STEP_SUMMARY
echo "**** Retrieving external version ****" printf "\n## Retrieving external version\n\n" >> $GITHUB_STEP_SUMMARY
EXT_RELEASE=$(curl -sL "https://pypi.python.org/pypi/certbot/json" |jq -r '. | .info.version') EXT_RELEASE=$(curl -sL "https://pypi.python.org/pypi/certbot/json" |jq -r '. | .info.version')
echo "Type is \`pip_version\`" >> $GITHUB_STEP_SUMMARY
if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
echo "**** Can't retrieve external version, exiting ****" echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> Can't retrieve external version, exiting" >> $GITHUB_STEP_SUMMARY
FAILURE_REASON="Can't retrieve external version for swag branch master" FAILURE_REASON="Can't retrieve external version for swag branch master"
GHA_TRIGGER_URL="https://github.com/linuxserver/docker-swag/actions/runs/${{ github.run_id }}" GHA_TRIGGER_URL="https://github.com/linuxserver/docker-swag/actions/runs/${{ github.run_id }}"
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680, curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
@ -31,9 +36,8 @@ jobs:
exit 1 exit 1
fi fi
EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g') EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g')
echo "**** External version: ${EXT_RELEASE} ****" echo "External version: \`${EXT_RELEASE}\`" >> $GITHUB_STEP_SUMMARY
echo "External version: ${EXT_RELEASE}" >> $GITHUB_STEP_SUMMARY echo "Retrieving last pushed version" >> $GITHUB_STEP_SUMMARY
echo "**** Retrieving last pushed version ****"
image="linuxserver/swag" image="linuxserver/swag"
tag="latest" tag="latest"
token=$(curl -sX GET \ token=$(curl -sX GET \
@ -60,37 +64,45 @@ jobs:
IMAGE_RELEASE=$(echo ${image_info} | jq -r '.Labels.build_version' | awk '{print $3}') IMAGE_RELEASE=$(echo ${image_info} | jq -r '.Labels.build_version' | awk '{print $3}')
IMAGE_VERSION=$(echo ${IMAGE_RELEASE} | awk -F'-ls' '{print $1}') IMAGE_VERSION=$(echo ${IMAGE_RELEASE} | awk -F'-ls' '{print $1}')
if [ -z "${IMAGE_VERSION}" ]; then if [ -z "${IMAGE_VERSION}" ]; then
echo "**** Can't retrieve last pushed version, exiting ****" echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "Can't retrieve last pushed version, exiting" >> $GITHUB_STEP_SUMMARY
FAILURE_REASON="Can't retrieve last pushed version for swag tag latest" FAILURE_REASON="Can't retrieve last pushed version for swag tag latest"
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680, curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
"description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}], "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
"username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
exit 1 exit 1
fi fi
echo "**** Last pushed version: ${IMAGE_VERSION} ****" echo "Last pushed version: \`${IMAGE_VERSION}\`" >> $GITHUB_STEP_SUMMARY
echo "Last pushed version: ${IMAGE_VERSION}" >> $GITHUB_STEP_SUMMARY
if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then
echo "**** Version ${EXT_RELEASE} already pushed, exiting ****" echo "Version \`${EXT_RELEASE}\` already pushed, exiting" >> $GITHUB_STEP_SUMMARY
echo "Version ${EXT_RELEASE} already pushed, exiting" >> $GITHUB_STEP_SUMMARY
exit 0 exit 0
elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****" echo "New version \`${EXT_RELEASE}\` found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY
echo "New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY
exit 0 exit 0
else else
echo "**** New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build ****" if [[ "${artifacts_found}" == "false" ]]; then
echo "New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build" >> $GITHUB_STEP_SUMMARY echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> New version detected, but not all artifacts are published yet; skipping trigger" >> $GITHUB_STEP_SUMMARY
FAILURE_REASON="New version ${EXT_RELEASE} for swag tag latest is detected, however not all artifacts are uploaded to upstream release yet. Will try again later."
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
"description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
"username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
else
printf "\n## Trigger new build\n\n" >> $GITHUB_STEP_SUMMARY
echo "New version \`${EXT_RELEASE}\` found; old version was \`${IMAGE_VERSION}\`. Triggering new build" >> $GITHUB_STEP_SUMMARY
if "${artifacts_found}" == "true" ]]; then
echo "All artifacts seem to be uploaded." >> $GITHUB_STEP_SUMMARY
fi
response=$(curl -iX POST \ response=$(curl -iX POST \
https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=false \ https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=false \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
echo "**** Jenkins job queue url: ${response%$'\r'} ****" echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY
echo "**** Sleeping 10 seconds until job starts ****" echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY
sleep 10 sleep 10
buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
buildurl="${buildurl%$'\r'}" buildurl="${buildurl%$'\r'}"
echo "**** Jenkins job build url: ${buildurl} ****" echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY
echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY
echo "**** Attempting to change the Jenkins job description ****"
curl -iX POST \ curl -iX POST \
"${buildurl}submitDescription" \ "${buildurl}submitDescription" \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \ --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
@ -102,3 +114,4 @@ jobs:
"description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}], "description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}],
"username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
fi fi
fi

24
.github/workflows/external_trigger_scheduler.yml vendored
View File

@ -15,31 +15,31 @@ jobs:
- name: External Trigger Scheduler - name: External Trigger Scheduler
run: | run: |
echo "**** Branches found: ****" printf "# External trigger scheduler for docker-swag\n\n" >> $GITHUB_STEP_SUMMARY
git for-each-ref --format='%(refname:short)' refs/remotes printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY
for br in $(git for-each-ref --format='%(refname:short)' refs/remotes) for br in $(git for-each-ref --format='%(refname:lstrip=3)' refs/remotes)
do do
br=$(echo "$br" | sed 's|origin/||g') if [[ "${br}" == "HEAD" ]]; then
echo "**** Evaluating branch ${br} ****" printf "\nSkipping %s.\n" ${br} >> $GITHUB_STEP_SUMMARY
continue
fi
printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY
ls_jenkins_vars=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml) ls_jenkins_vars=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml)
ls_branch=$(echo "${ls_jenkins_vars}" | yq -r '.ls_branch') ls_branch=$(echo "${ls_jenkins_vars}" | yq -r '.ls_branch')
ls_trigger=$(echo "${ls_jenkins_vars}" | yq -r '.external_type') ls_trigger=$(echo "${ls_jenkins_vars}" | yq -r '.external_type')
if [[ "${br}" == "${ls_branch}" ]] && [[ "${ls_trigger}" != "os" ]]; then if [[ "${br}" == "${ls_branch}" ]] && [[ "${ls_trigger}" != "os" ]]; then
echo "**** Branch ${br} appears to be live and trigger is not os; checking workflow. ****" echo "Branch appears to be live and trigger is not os; checking workflow." >> $GITHUB_STEP_SUMMARY
if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then
echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****." echo "Triggering external trigger workflow for branch." >> $GITHUB_STEP_SUMMARY
echo "Triggering external trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY
curl -iX POST \ curl -iX POST \
-H "Authorization: token ${{ secrets.CR_PAT }}" \ -H "Authorization: token ${{ secrets.CR_PAT }}" \
-H "Accept: application/vnd.github.v3+json" \ -H "Accept: application/vnd.github.v3+json" \
-d "{\"ref\":\"refs/heads/${br}\"}" \ -d "{\"ref\":\"refs/heads/${br}\"}" \
https://api.github.com/repos/linuxserver/docker-swag/actions/workflows/external_trigger.yml/dispatches https://api.github.com/repos/linuxserver/docker-swag/actions/workflows/external_trigger.yml/dispatches
else else
echo "**** Workflow doesn't exist; skipping trigger. ****" echo "Skipping branch due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY
echo "Skipping branch ${br} due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY
fi fi
else else
echo "**** ${br} is either a dev branch, or has no external version; skipping trigger. ****" echo "Skipping branch due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY
echo "Skipping branch ${br} due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY
fi fi
done done

42
.github/workflows/package_trigger.yml vendored
View File

@ -1,42 +0,0 @@
name: Package Trigger Main
on:
workflow_dispatch:
jobs:
package-trigger-master:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4.1.1
- name: Package Trigger
if: github.ref == 'refs/heads/master'
run: |
if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_SWAG_MASTER }}" ]; then
echo "**** Github secret PAUSE_PACKAGE_TRIGGER_SWAG_MASTER is set; skipping trigger. ****"
echo "Github secret \`PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY
exit 0
fi
if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****"
echo "There already seems to be an active build on Jenkins; skipping package trigger" >> $GITHUB_STEP_SUMMARY
exit 0
fi
echo "**** Package trigger running off of master branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\". ****"
echo "Package trigger running off of master branch. To disable, set a Github secret named \`PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\`" >> $GITHUB_STEP_SUMMARY
response=$(curl -iX POST \
https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=true \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
echo "**** Jenkins job queue url: ${response%$'\r'} ****"
echo "**** Sleeping 10 seconds until job starts ****"
sleep 10
buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
buildurl="${buildurl%$'\r'}"
echo "**** Jenkins job build url: ${buildurl} ****"
echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY
echo "**** Attempting to change the Jenkins job description ****"
curl -iX POST \
"${buildurl}submitDescription" \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
--data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
--data-urlencode "Submit=Submit"

76
.github/workflows/package_trigger_scheduler.yml vendored
View File

@ -14,37 +14,69 @@ jobs:
fetch-depth: '0' fetch-depth: '0'
- name: Package Trigger Scheduler - name: Package Trigger Scheduler
env:
SKIP_PACKAGE_TRIGGER: ${{ vars.SKIP_PACKAGE_TRIGGER }}
run: | run: |
echo "**** Branches found: ****" printf "# Package trigger scheduler for docker-swag\n\n" >> $GITHUB_STEP_SUMMARY
git for-each-ref --format='%(refname:short)' refs/remotes printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY
for br in $(git for-each-ref --format='%(refname:short)' refs/remotes) for br in $(git for-each-ref --format='%(refname:lstrip=3)' refs/remotes)
do do
br=$(echo "$br" | sed 's|origin/||g') if [[ "${br}" == "HEAD" ]]; then
echo "**** Evaluating branch ${br} ****" printf "\nSkipping %s.\n" ${br} >> $GITHUB_STEP_SUMMARY
ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml | yq -r '.ls_branch') continue
if [ "${br}" == "${ls_branch}" ]; then fi
echo "**** Branch ${br} appears to be live; checking workflow. ****" printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY
if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then JENKINS_VARS=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml)
echo "**** Workflow exists. Triggering package trigger workflow for branch ${br}. ****" if [[ "${br}" == $(yq -r '.ls_branch' <<< "${JENKINS_VARS}") ]]; then
echo "Triggering package trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY echo "Branch appears to be live; checking workflow." >> $GITHUB_STEP_SUMMARY
triggered_branches="${triggered_branches}${br} " if [[ $(yq -r '.skip_package_check' <<< "${JENKINS_VARS}") == "true" ]]; then
curl -iX POST \ echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
-H "Authorization: token ${{ secrets.CR_PAT }}" \ echo "> Skipping branch ${br} due to \`skip_package_check\` being set in \`jenkins-vars.yml\`." >> $GITHUB_STEP_SUMMARY
-H "Accept: application/vnd.github.v3+json" \ skipped_branches="${skipped_branches}${br} "
-d "{\"ref\":\"refs/heads/${br}\"}" \ elif grep -q "^swag_${br}" <<< "${SKIP_PACKAGE_TRIGGER}"; then
https://api.github.com/repos/linuxserver/docker-swag/actions/workflows/package_trigger.yml/dispatches echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
sleep 30 echo "> Github organizational variable \`SKIP_PACKAGE_TRIGGER\` contains \`swag_${br}\`; skipping trigger." >> $GITHUB_STEP_SUMMARY
skipped_branches="${skipped_branches}${br} "
elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/${br}/lastBuild/api/json | jq -r '.building') == "true" ]; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> There already seems to be an active build on Jenkins; skipping package trigger for ${br}" >> $GITHUB_STEP_SUMMARY
skipped_branches="${skipped_branches}${br} "
else else
echo "**** Workflow doesn't exist; skipping trigger. ****" echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
echo "Skipping branch ${br} due to no package trigger workflow present." >> $GITHUB_STEP_SUMMARY echo "> Triggering package trigger for branch ${br}" >> $GITHUB_STEP_SUMMARY
printf "> To disable, add \`swag_%s\` into the Github organizational variable \`SKIP_PACKAGE_TRIGGER\`.\n\n" "${br}" >> $GITHUB_STEP_SUMMARY
triggered_branches="${triggered_branches}${br} "
response=$(curl -iX POST \
https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/${br}/buildWithParameters?PACKAGE_CHECK=true \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY
echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY
sleep 10
buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
buildurl="${buildurl%$'\r'}"
echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY
echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY
curl -iX POST \
"${buildurl}submitDescription" \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
--data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
--data-urlencode "Submit=Submit"
sleep 20
fi fi
else else
echo "**** ${br} appears to be a dev branch; skipping trigger. ****"
echo "Skipping branch ${br} due to being detected as dev branch." >> $GITHUB_STEP_SUMMARY echo "Skipping branch ${br} due to being detected as dev branch." >> $GITHUB_STEP_SUMMARY
fi fi
done done
if [[ -n "${triggered_branches}" ]] || [[ -n "${skipped_branches}" ]]; then
if [[ -n "${triggered_branches}" ]]; then
NOTIFY_BRANCHES="**Triggered:** ${triggered_branches} \n"
fi
if [[ -n "${skipped_branches}" ]]; then
NOTIFY_BRANCHES="${NOTIFY_BRANCHES}**Skipped:** ${skipped_branches} \n"
fi
echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****" echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****"
echo "**** Notifying Discord ****" echo "**** Notifying Discord ****"
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
"description": "**Package Check Build(s) Triggered for swag** \n**Branch(es):** '"${triggered_branches}"' \n**Build URL:** '"https://ci.linuxserver.io/blue/organizations/jenkins/Docker-Pipeline-Builders%2Fdocker-swag/activity/"' \n"}], "description": "**Package Check Build(s) Triggered for swag** \n'"${NOTIFY_BRANCHES}"'**Build URL:** '"https://ci.linuxserver.io/blue/organizations/jenkins/Docker-Pipeline-Builders%2Fdocker-swag/activity/"' \n"}],
"username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
fi

2
.github/workflows/permissions.yml vendored
View File

@ -5,6 +5,8 @@ on:
- '**/run' - '**/run'
- '**/finish' - '**/finish'
- '**/check' - '**/check'
- 'root/migrations/*'
jobs: jobs:
permission_check: permission_check:
uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1 uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1

10
Dockerfile
View File

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1 # syntax=docker/dockerfile:1
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.19 FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.20
# set version label # set version label
ARG BUILD_DATE ARG BUILD_DATE
@ -27,6 +27,7 @@ RUN \
apk add --no-cache \ apk add --no-cache \
fail2ban \ fail2ban \
gnupg \ gnupg \
iptables-legacy \
memcached \ memcached \
nginx-mod-http-brotli \ nginx-mod-http-brotli \
nginx-mod-http-dav-ext \ nginx-mod-http-dav-ext \
@ -64,6 +65,7 @@ RUN \
php83-pdo_sqlite \ php83-pdo_sqlite \
php83-pear \ php83-pear \
php83-pecl-apcu \ php83-pecl-apcu \
php83-pecl-mcrypt \
php83-pecl-memcached \ php83-pecl-memcached \
php83-pecl-redis \ php83-pecl-redis \
php83-pgsql \ php83-pgsql \
@ -76,8 +78,6 @@ RUN \
php83-xmlreader \ php83-xmlreader \
php83-xsl \ php83-xsl \
whois && \ whois && \
apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \
php83-pecl-mcrypt && \
echo "**** install certbot plugins ****" && \ echo "**** install certbot plugins ****" && \
if [ -z ${CERTBOT_VERSION+x} ]; then \ if [ -z ${CERTBOT_VERSION+x} ]; then \
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \ CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
@ -86,7 +86,7 @@ RUN \
pip install -U --no-cache-dir \ pip install -U --no-cache-dir \
pip \ pip \
wheel && \ wheel && \
pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.19/ \ pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.20/ \
certbot==${CERTBOT_VERSION} \ certbot==${CERTBOT_VERSION} \
certbot-dns-acmedns \ certbot-dns-acmedns \
certbot-dns-aliyun \ certbot-dns-aliyun \
@ -110,7 +110,6 @@ RUN \
certbot-dns-glesys \ certbot-dns-glesys \
certbot-dns-godaddy \ certbot-dns-godaddy \
certbot-dns-google \ certbot-dns-google \
certbot-dns-google-domains \
certbot-dns-he \ certbot-dns-he \
certbot-dns-hetzner \ certbot-dns-hetzner \
certbot-dns-infomaniak \ certbot-dns-infomaniak \
@ -170,6 +169,7 @@ RUN \
tar xf \ tar xf \
/tmp/proxy-confs.tar.gz -C \ /tmp/proxy-confs.tar.gz -C \
/defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \ /defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \
printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \
echo "**** cleanup ****" && \ echo "**** cleanup ****" && \
apk del --purge \ apk del --purge \
build-dependencies && \ build-dependencies && \

10
Dockerfile.aarch64
View File

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1 # syntax=docker/dockerfile:1
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.19 FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.20
# set version label # set version label
ARG BUILD_DATE ARG BUILD_DATE
@ -27,6 +27,7 @@ RUN \
apk add --no-cache \ apk add --no-cache \
fail2ban \ fail2ban \
gnupg \ gnupg \
iptables-legacy \
memcached \ memcached \
nginx-mod-http-brotli \ nginx-mod-http-brotli \
nginx-mod-http-dav-ext \ nginx-mod-http-dav-ext \
@ -64,6 +65,7 @@ RUN \
php83-pdo_sqlite \ php83-pdo_sqlite \
php83-pear \ php83-pear \
php83-pecl-apcu \ php83-pecl-apcu \
php83-pecl-mcrypt \
php83-pecl-memcached \ php83-pecl-memcached \
php83-pecl-redis \ php83-pecl-redis \
php83-pgsql \ php83-pgsql \
@ -76,8 +78,6 @@ RUN \
php83-xmlreader \ php83-xmlreader \
php83-xsl \ php83-xsl \
whois && \ whois && \
apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \
php83-pecl-mcrypt && \
echo "**** install certbot plugins ****" && \ echo "**** install certbot plugins ****" && \
if [ -z ${CERTBOT_VERSION+x} ]; then \ if [ -z ${CERTBOT_VERSION+x} ]; then \
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \ CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
@ -86,7 +86,7 @@ RUN \
pip install -U --no-cache-dir \ pip install -U --no-cache-dir \
pip \ pip \
wheel && \ wheel && \
pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.19/ \ pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.20/ \
certbot==${CERTBOT_VERSION} \ certbot==${CERTBOT_VERSION} \
certbot-dns-acmedns \ certbot-dns-acmedns \
certbot-dns-aliyun \ certbot-dns-aliyun \
@ -110,7 +110,6 @@ RUN \
certbot-dns-glesys \ certbot-dns-glesys \
certbot-dns-godaddy \ certbot-dns-godaddy \
certbot-dns-google \ certbot-dns-google \
certbot-dns-google-domains \
certbot-dns-he \ certbot-dns-he \
certbot-dns-hetzner \ certbot-dns-hetzner \
certbot-dns-infomaniak \ certbot-dns-infomaniak \
@ -170,6 +169,7 @@ RUN \
tar xf \ tar xf \
/tmp/proxy-confs.tar.gz -C \ /tmp/proxy-confs.tar.gz -C \
/defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \ /defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \
printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \
echo "**** cleanup ****" && \ echo "**** cleanup ****" && \
apk del --purge \ apk del --purge \
build-dependencies && \ build-dependencies && \

167
Jenkinsfile vendored
View File

@ -17,6 +17,8 @@ pipeline {
GITLAB_TOKEN=credentials('b6f0f1dd-6952-4cf6-95d1-9c06380283f0') GITLAB_TOKEN=credentials('b6f0f1dd-6952-4cf6-95d1-9c06380283f0')
GITLAB_NAMESPACE=credentials('gitlab-namespace-id') GITLAB_NAMESPACE=credentials('gitlab-namespace-id')
DOCKERHUB_TOKEN=credentials('docker-hub-ci-pat') DOCKERHUB_TOKEN=credentials('docker-hub-ci-pat')
QUAYIO_API_TOKEN=credentials('quayio-repo-api-token')
GIT_SIGNING_KEY=credentials('484fbca6-9a4f-455e-b9e3-97ac98785f5f')
EXT_PIP = 'certbot' EXT_PIP = 'certbot'
BUILD_VERSION_ARG = 'CERTBOT_VERSION' BUILD_VERSION_ARG = 'CERTBOT_VERSION'
LS_USER = 'linuxserver' LS_USER = 'linuxserver'
@ -37,9 +39,23 @@ pipeline {
CI_WEBPATH='' CI_WEBPATH=''
} }
stages { stages {
stage("Set git config"){
steps{
sh '''#!/bin/bash
cat ${GIT_SIGNING_KEY} > /config/.ssh/id_sign
chmod 600 /config/.ssh/id_sign
ssh-keygen -y -f /config/.ssh/id_sign > /config/.ssh/id_sign.pub
echo "Using $(ssh-keygen -lf /config/.ssh/id_sign) to sign commits"
git config --global gpg.format ssh
git config --global user.signingkey /config/.ssh/id_sign
git config --global commit.gpgsign true
'''
}
}
// Setup all the basic environment variables needed for the build // Setup all the basic environment variables needed for the build
stage("Set ENV Variables base"){ stage("Set ENV Variables base"){
steps{ steps{
echo "Running on node: ${NODE_NAME}"
sh '''#! /bin/bash sh '''#! /bin/bash
containers=$(docker ps -aq) containers=$(docker ps -aq)
if [[ -n "${containers}" ]]; then if [[ -n "${containers}" ]]; then
@ -66,7 +82,7 @@ pipeline {
env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT
env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/' env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/'
env.PULL_REQUEST = env.CHANGE_ID env.PULL_REQUEST = env.CHANGE_ID
env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt' env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./root/donate.txt'
} }
sh '''#! /bin/bash sh '''#! /bin/bash
echo "The default github branch detected as ${GH_DEFAULT_BRANCH}" ''' echo "The default github branch detected as ${GH_DEFAULT_BRANCH}" '''
@ -245,7 +261,7 @@ pipeline {
-v ${WORKSPACE}:/mnt \ -v ${WORKSPACE}:/mnt \
-e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \ -e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \
-e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \ -e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \
ghcr.io/linuxserver/baseimage-alpine:3.19 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\ ghcr.io/linuxserver/baseimage-alpine:3.20 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\
apk add --no-cache python3 && \ apk add --no-cache python3 && \
python3 -m venv /lsiopy && \ python3 -m venv /lsiopy && \
pip install --no-cache-dir -U pip && \ pip install --no-cache-dir -U pip && \
@ -295,7 +311,7 @@ pipeline {
echo "Jenkinsfile is up to date." echo "Jenkinsfile is up to date."
fi fi
echo "Starting Stage 2 - Delete old templates" echo "Starting Stage 2 - Delete old templates"
OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml Dockerfile.armhf" OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml .github/workflows/package_trigger.yml"
for i in ${OLD_TEMPLATES}; do for i in ${OLD_TEMPLATES}; do
if [[ -f "${i}" ]]; then if [[ -f "${i}" ]]; then
TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}" TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}"
@ -352,7 +368,7 @@ pipeline {
fi fi
echo "Starting Stage 4 - External repo updates: Docs, Unraid Template and Readme Sync to Docker Hub" echo "Starting Stage 4 - External repo updates: Docs, Unraid Template and Readme Sync to Docker Hub"
mkdir -p ${TEMPDIR}/docs mkdir -p ${TEMPDIR}/docs
git clone https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/docs/docker-documentation git clone --depth=1 https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/docs/docker-documentation
if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}" ]] && [[ (! -f ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}" ]] && [[ (! -f ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then
cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md ${TEMPDIR}/docs/docker-documentation/docs/images/ cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md ${TEMPDIR}/docs/docker-documentation/docs/images/
cd ${TEMPDIR}/docs/docker-documentation cd ${TEMPDIR}/docs/docker-documentation
@ -370,8 +386,8 @@ pipeline {
echo "Docs update not needed, skipping" echo "Docs update not needed, skipping"
fi fi
mkdir -p ${TEMPDIR}/unraid mkdir -p ${TEMPDIR}/unraid
git clone https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates git clone --depth=1 https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates
git clone https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates git clone --depth=1 https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates
if [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-logo.png ]]; then if [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-logo.png ]]; then
sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-logo.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-logo.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml
elif [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-icon.png ]]; then elif [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-icon.png ]]; then
@ -381,9 +397,9 @@ pipeline {
echo "Updating Unraid template" echo "Updating Unraid template"
cd ${TEMPDIR}/unraid/templates/ cd ${TEMPDIR}/unraid/templates/
GH_TEMPLATES_DEFAULT_BRANCH=$(git remote show origin | grep "HEAD branch:" | sed 's|.*HEAD branch: ||') GH_TEMPLATES_DEFAULT_BRANCH=$(git remote show origin | grep "HEAD branch:" | sed 's|.*HEAD branch: ||')
if grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list && [[ -f ${TEMPDIR}/unraid/templates/unraid/deprecated/${CONTAINER_NAME}.xml ]]; then if grep -wq "^${CONTAINER_NAME}$" ${TEMPDIR}/unraid/templates/unraid/ignore.list && [[ -f ${TEMPDIR}/unraid/templates/unraid/deprecated/${CONTAINER_NAME}.xml ]]; then
echo "Image is on the ignore list, and already in the deprecation folder." echo "Image is on the ignore list, and already in the deprecation folder."
elif grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then elif grep -wq "^${CONTAINER_NAME}$" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then
echo "Image is on the ignore list, marking Unraid template as deprecated" echo "Image is on the ignore list, marking Unraid template as deprecated"
cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/ cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/
git add -u unraid/${CONTAINER_NAME}.xml git add -u unraid/${CONTAINER_NAME}.xml
@ -476,10 +492,10 @@ pipeline {
} }
} }
/* ####################### /* #######################
GitLab Mirroring GitLab Mirroring and Quay.io Repo Visibility
####################### */ ####################### */
// Ping into Gitlab to mirror this repo and have a registry endpoint // Ping into Gitlab to mirror this repo and have a registry endpoint & mark this repo on Quay.io as public
stage("GitLab Mirror"){ stage("GitLab Mirror and Quay.io Visibility"){
when { when {
environment name: 'EXIT_STATUS', value: '' environment name: 'EXIT_STATUS', value: ''
} }
@ -495,6 +511,8 @@ pipeline {
"visibility":"public"}' ''' "visibility":"public"}' '''
sh '''curl -H "Private-Token: ${GITLAB_TOKEN}" -X PUT "https://gitlab.com/api/v4/projects/Linuxserver.io%2F${LS_REPO}" \ sh '''curl -H "Private-Token: ${GITLAB_TOKEN}" -X PUT "https://gitlab.com/api/v4/projects/Linuxserver.io%2F${LS_REPO}" \
-d "mirror=true&import_url=https://github.com/linuxserver/${LS_REPO}.git" ''' -d "mirror=true&import_url=https://github.com/linuxserver/${LS_REPO}.git" '''
sh '''curl -H "Content-Type: application/json" -H "Authorization: Bearer ${QUAYIO_API_TOKEN}" -X POST "https://quay.io/api/v1/repository${QUAYIMAGE/quay.io/}/changevisibility" \
-d '{"visibility":"public"}' ||: '''
} }
} }
/* ############### /* ###############
@ -525,6 +543,7 @@ pipeline {
--label \"org.opencontainers.image.title=Swag\" \ --label \"org.opencontainers.image.title=Swag\" \
--label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \ --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
--no-cache --pull -t ${IMAGE}:${META_TAG} --platform=linux/amd64 \ --no-cache --pull -t ${IMAGE}:${META_TAG} --platform=linux/amd64 \
--provenance=false --sbom=false \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
} }
} }
@ -556,6 +575,7 @@ pipeline {
--label \"org.opencontainers.image.title=Swag\" \ --label \"org.opencontainers.image.title=Swag\" \
--label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \ --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
--no-cache --pull -t ${IMAGE}:amd64-${META_TAG} --platform=linux/amd64 \ --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} --platform=linux/amd64 \
--provenance=false --sbom=false \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
} }
} }
@ -584,9 +604,10 @@ pipeline {
--label \"org.opencontainers.image.title=Swag\" \ --label \"org.opencontainers.image.title=Swag\" \
--label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \ --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
--no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} --platform=linux/arm64 \ --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} --platform=linux/arm64 \
--provenance=false --sbom=false \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
retry(5) { retry_backoff(5,5) {
sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
} }
sh '''#! /bin/bash sh '''#! /bin/bash
@ -698,18 +719,27 @@ pipeline {
} }
sh '''#! /bin/bash sh '''#! /bin/bash
set -e set -e
if grep -q 'docker-baseimage' <<< "${LS_REPO}"; then
echo "Detected baseimage, setting LSIO_FIRST_PARTY=true"
if [ -n "${CI_DOCKERENV}" ]; then
CI_DOCKERENV="LSIO_FIRST_PARTY=true|${CI_DOCKERENV}"
else
CI_DOCKERENV="LSIO_FIRST_PARTY=true"
fi
fi
docker pull ghcr.io/linuxserver/ci:latest docker pull ghcr.io/linuxserver/ci:latest
if [ "${MULTIARCH}" == "true" ]; then if [ "${MULTIARCH}" == "true" ]; then
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} --platform=arm64
docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG} docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
fi fi
docker run --rm \ docker run --rm \
--shm-size=1gb \ --shm-size=1gb \
-v /var/run/docker.sock:/var/run/docker.sock \ -v /var/run/docker.sock:/var/run/docker.sock \
-e IMAGE=\"${IMAGE}\" \ -e IMAGE=\"${IMAGE}\" \
-e DELAY_START=\"${CI_DELAY}\" \ -e DOCKER_LOGS_TIMEOUT=\"${CI_DELAY}\" \
-e TAGS=\"${CI_TAGS}\" \ -e TAGS=\"${CI_TAGS}\" \
-e META_TAG=\"${META_TAG}\" \ -e META_TAG=\"${META_TAG}\" \
-e RELEASE_TAG=\"latest\" \
-e PORT=\"${CI_PORT}\" \ -e PORT=\"${CI_PORT}\" \
-e SSL=\"${CI_SSL}\" \ -e SSL=\"${CI_SSL}\" \
-e BASE=\"${DIST_IMAGE}\" \ -e BASE=\"${DIST_IMAGE}\" \
@ -719,6 +749,7 @@ pipeline {
-e WEB_SCREENSHOT=\"${CI_WEB}\" \ -e WEB_SCREENSHOT=\"${CI_WEB}\" \
-e WEB_AUTH=\"${CI_AUTH}\" \ -e WEB_AUTH=\"${CI_AUTH}\" \
-e WEB_PATH=\"${CI_WEBPATH}\" \ -e WEB_PATH=\"${CI_WEBPATH}\" \
-e NODE_NAME=\"${NODE_NAME}\" \
-t ghcr.io/linuxserver/ci:latest \ -t ghcr.io/linuxserver/ci:latest \
python3 test_build.py''' python3 test_build.py'''
} }
@ -742,7 +773,7 @@ pipeline {
passwordVariable: 'QUAYPASS' passwordVariable: 'QUAYPASS'
] ]
]) { ]) {
retry(5) { retry_backoff(5,5) {
sh '''#! /bin/bash sh '''#! /bin/bash
set -e set -e
echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin
@ -783,7 +814,7 @@ pipeline {
passwordVariable: 'QUAYPASS' passwordVariable: 'QUAYPASS'
] ]
]) { ]) {
retry(5) { retry_backoff(5,5) {
sh '''#! /bin/bash sh '''#! /bin/bash
set -e set -e
echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin
@ -791,7 +822,7 @@ pipeline {
echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
if [ "${CI}" == "false" ]; then if [ "${CI}" == "false" ]; then
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} --platform=arm64
docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG} docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
fi fi
for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
@ -815,35 +846,13 @@ pipeline {
docker push ${MANIFESTIMAGE}:amd64-${SEMVER} docker push ${MANIFESTIMAGE}:amd64-${SEMVER}
docker push ${MANIFESTIMAGE}:arm64v8-${SEMVER} docker push ${MANIFESTIMAGE}:arm64v8-${SEMVER}
fi fi
docker manifest push --purge ${MANIFESTIMAGE}:latest || : done
docker manifest create ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm64v8-latest for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
docker manifest annotate ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:arm64v8-latest --os linux --arch arm64 --variant v8 docker buildx imagetools create -t ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm64v8-latest
docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} || : docker buildx imagetools create -t ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
docker manifest create ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} docker buildx imagetools create -t ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
docker manifest annotate ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} --os linux --arch arm64 --variant v8
docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} || :
docker manifest create ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
docker manifest annotate ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} --os linux --arch arm64 --variant v8
if [ -n "${SEMVER}" ]; then if [ -n "${SEMVER}" ]; then
docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER} || : docker buildx imagetools create -t ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
docker manifest create ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} --os linux --arch arm64 --variant v8
fi
token=$(curl -sX GET "https://ghcr.io/token?scope=repository%3Alinuxserver%2F${CONTAINER_NAME}%3Apull" | jq -r '.token')
digest=$(curl -s \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Authorization: Bearer ${token}" \
"https://ghcr.io/v2/linuxserver/${CONTAINER_NAME}/manifests/arm32v7-latest")
if [[ $(echo "$digest" | jq -r '.layers') != "null" ]]; then
docker manifest push --purge ${MANIFESTIMAGE}:arm32v7-latest || :
docker manifest create ${MANIFESTIMAGE}:arm32v7-latest ${MANIFESTIMAGE}:amd64-latest
docker manifest push --purge ${MANIFESTIMAGE}:arm32v7-latest
fi
docker manifest push --purge ${MANIFESTIMAGE}:latest
docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG}
docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG}
if [ -n "${SEMVER}" ]; then
docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER}
fi fi
done done
''' '''
@ -868,7 +877,7 @@ pipeline {
"object": "'${COMMIT_SHA}'",\ "object": "'${COMMIT_SHA}'",\
"message": "Tagging Release '${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}' to master",\ "message": "Tagging Release '${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}' to master",\
"type": "commit",\ "type": "commit",\
"tagger": {"name": "LinuxServer Jenkins","email": "jenkins@linuxserver.io","date": "'${GITHUB_DATE}'"}}' ''' "tagger": {"name": "LinuxServer-CI","email": "ci@linuxserver.io","date": "'${GITHUB_DATE}'"}}' '''
echo "Pushing New release for Tag" echo "Pushing New release for Tag"
sh '''#! /bin/bash sh '''#! /bin/bash
echo "Updating PIP version of ${EXT_PIP} to ${EXT_RELEASE_CLEAN}" > releasebody.json echo "Updating PIP version of ${EXT_PIP} to ${EXT_RELEASE_CLEAN}" > releasebody.json
@ -1000,18 +1009,53 @@ EOF
###################### */ ###################### */
post { post {
always { always {
sh '''#!/bin/bash
rm -rf /config/.ssh/id_sign
rm -rf /config/.ssh/id_sign.pub
git config --global --unset gpg.format
git config --global --unset user.signingkey
git config --global --unset commit.gpgsign
'''
script{ script{
env.JOB_DATE = sh(
script: '''date '+%Y-%m-%dT%H:%M:%S%:z' ''',
returnStdout: true).trim()
if (env.EXIT_STATUS == "ABORTED"){ if (env.EXIT_STATUS == "ABORTED"){
sh 'echo "build aborted"' sh 'echo "build aborted"'
}else{
if (currentBuild.currentResult == "SUCCESS"){
if (env.GITHUBIMAGE =~ /lspipepr/){
env.JOB_WEBHOOK_STATUS='Success'
env.JOB_WEBHOOK_COLOUR=3957028
env.JOB_WEBHOOK_FOOTER='PR Build'
}else if (env.GITHUBIMAGE =~ /lsiodev/){
env.JOB_WEBHOOK_STATUS='Success'
env.JOB_WEBHOOK_COLOUR=3957028
env.JOB_WEBHOOK_FOOTER='Dev Build'
}else{
env.JOB_WEBHOOK_STATUS='Success'
env.JOB_WEBHOOK_COLOUR=1681177
env.JOB_WEBHOOK_FOOTER='Live Build'
} }
else if (currentBuild.currentResult == "SUCCESS"){ }else{
sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 1681177,\ if (env.GITHUBIMAGE =~ /lspipepr/){
"description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** Success\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\ env.JOB_WEBHOOK_STATUS='Failure'
"username": "Jenkins"}' ${BUILDS_DISCORD} ''' env.JOB_WEBHOOK_COLOUR=12669523
env.JOB_WEBHOOK_FOOTER='PR Build'
}else if (env.GITHUBIMAGE =~ /lsiodev/){
env.JOB_WEBHOOK_STATUS='Failure'
env.JOB_WEBHOOK_COLOUR=12669523
env.JOB_WEBHOOK_FOOTER='Dev Build'
}else{
env.JOB_WEBHOOK_STATUS='Failure'
env.JOB_WEBHOOK_COLOUR=16711680
env.JOB_WEBHOOK_FOOTER='Live Build'
} }
else { }
sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 16711680,\ sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"'color'": '${JOB_WEBHOOK_COLOUR}',\
"description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** failure\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\ "footer": {"text" : "'"${JOB_WEBHOOK_FOOTER}"'"},\
"timestamp": "'${JOB_DATE}'",\
"description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** '${JOB_WEBHOOK_STATUS}'\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
"username": "Jenkins"}' ${BUILDS_DISCORD} ''' "username": "Jenkins"}' ${BUILDS_DISCORD} '''
} }
} }
@ -1029,3 +1073,20 @@ EOF
} }
} }
} }
def retry_backoff(int max_attempts, int power_base, Closure c) {
int n = 0
while (n < max_attempts) {
try {
c()
return
} catch (err) {
if ((n + 1) >= max_attempts) {
throw err
}
sleep(power_base ** n)
n++
}
}
return
}

12
README.md
View File

@ -28,7 +28,7 @@ Find us at:
# [linuxserver/swag](https://github.com/linuxserver/docker-swag) # [linuxserver/swag](https://github.com/linuxserver/docker-swag)
[![Scarf.io pulls](https://scarf.sh/installs-badge/linuxserver-ci/linuxserver%2Fswag?color=94398d&label-color=555555&logo-color=ffffff&style=for-the-badge&package-type=docker)](https://scarf.sh/gateway/linuxserver-ci/docker/linuxserver%2Fswag) [![Scarf.io pulls](https://scarf.sh/installs-badge/linuxserver-ci/linuxserver%2Fswag?color=94398d&label-color=555555&logo-color=ffffff&style=for-the-badge&package-type=docker)](https://scarf.sh)
[![GitHub Stars](https://img.shields.io/github/stars/linuxserver/docker-swag.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-swag) [![GitHub Stars](https://img.shields.io/github/stars/linuxserver/docker-swag.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-swag)
[![GitHub Release](https://img.shields.io/github/release/linuxserver/docker-swag.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-swag/releases) [![GitHub Release](https://img.shields.io/github/release/linuxserver/docker-swag.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-swag/releases)
[![GitHub Package Repository](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub%20Package&logo=github)](https://github.com/linuxserver/docker-swag/packages) [![GitHub Package Repository](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub%20Package&logo=github)](https://github.com/linuxserver/docker-swag/packages)
@ -76,7 +76,7 @@ The architectures supported by this image are:
### Certbot Plugins ### Certbot Plugins
SWAG includes many Certbot plugins out of the box, but not all plugins can be includes. SWAG includes many Certbot plugins out of the box, but not all plugins can be included.
If you need a plugin that is not included, the quickest way to have the plugin available is to use our [Universal Package Install Docker Mod](https://github.com/linuxserver/docker-mods/tree/universal-package-install). If you need a plugin that is not included, the quickest way to have the plugin available is to use our [Universal Package Install Docker Mod](https://github.com/linuxserver/docker-mods/tree/universal-package-install).
Set the following environment variables on your container: Set the following environment variables on your container:
@ -227,7 +227,7 @@ Containers are configured using parameters passed at runtime (such as those abov
| `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). | | `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) | | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
| `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. | | `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | | `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynudns`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. | | `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). | | `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
| `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` | | `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
@ -375,7 +375,8 @@ Below are the instructions for updating containers:
### Image Update Notifications - Diun (Docker Image Update Notifier) ### Image Update Notifications - Diun (Docker Image Update Notifier)
**tip**: We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported. >[!TIP]
>We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported.
## Building locally ## Building locally
@ -400,6 +401,9 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions ## Versions
* **30.08.24:** - Fix zerossl cert revocation.
* **24.07.14:** - Rebase to Alpine 3.20. Remove deprecated Google Domains certbot plugin. Existing users should update their nginx confs to avoid http2 deprecation warnings.
* **01.07.24:** - Fall back to iptables-legacy if iptables doesn't work.
* **23.03.24:** - Fix perms on the generated `priv-fullchain-bundle.pem`. * **23.03.24:** - Fix perms on the generated `priv-fullchain-bundle.pem`.
* **14.03.24:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf - Update Authelia conf samples with support for 4.38. * **14.03.24:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf - Update Authelia conf samples with support for 4.38.
* **11.03.24:** - Restore support for DynuDNS using `certbot-dns-dynudns`. * **11.03.24:** - Restore support for DynuDNS using `certbot-dns-dynudns`.

1
jenkins-vars.yml
View File

@ -6,7 +6,6 @@ external_type: pip_version
release_type: stable release_type: stable
release_tag: latest release_tag: latest
ls_branch: master ls_branch: master
build_armhf: false
repo_vars: repo_vars:
- EXT_PIP = 'certbot' - EXT_PIP = 'certbot'
- BUILD_VERSION_ARG = 'CERTBOT_VERSION' - BUILD_VERSION_ARG = 'CERTBOT_VERSION'

500
package_versions.txt
View File

@ -1,52 +1,50 @@
NAME VERSION TYPE NAME VERSION TYPE
ConfigArgParse 1.7 python
PyJWT 2.8.0 python
PyNamecheap 0.0.3 python
PyYAML 6.0.1 python
Simple Launcher 1.1.0.14 dotnet (+5 duplicates) Simple Launcher 1.1.0.14 dotnet (+5 duplicates)
acme 2.10.0 python acme 2.11.0 python
alpine-baselayout 3.4.3-r2 apk alpine-baselayout 3.6.5-r0 apk
alpine-baselayout-data 3.4.3-r2 apk alpine-baselayout-data 3.6.5-r0 apk
alpine-keys 2.4-r1 apk alpine-keys 2.4-r1 apk
alpine-release 3.19.1-r0 apk alpine-release 3.20.3-r0 apk
aom-libs 3.7.1-r0 apk aom-libs 3.9.1-r0 apk
apache2-utils 2.4.59-r0 apk apache2-utils 2.4.62-r0 apk
apk-tools 2.14.4-r0 apk apk-tools 2.14.4-r0 apk
apr 1.7.4-r0 apk apr 1.7.5-r0 apk
apr-util 1.6.3-r1 apk apr-util 1.6.3-r1 apk
argon2-libs 20190702-r5 apk argon2-libs 20190702-r5 apk
attrs 23.2.0 python attrs 24.2.0 python
autocommand 2.2.2 python
azure-common 1.1.28 python azure-common 1.1.28 python
azure-core 1.30.1 python azure-core 1.31.0 python
azure-identity 1.16.0 python azure-identity 1.19.0 python
azure-mgmt-core 1.4.0 python azure-mgmt-core 1.4.0 python
azure-mgmt-dns 8.1.0 python azure-mgmt-dns 8.1.0 python
bash 5.2.21-r0 apk backports-tarfile 1.2.0 python
bash 5.2.26-r0 apk
beautifulsoup4 4.12.3 python beautifulsoup4 4.12.3 python
boto3 1.34.108 python boto3 1.35.44 python
botocore 1.34.108 python botocore 1.35.44 python
brotli-libs 1.1.0-r1 apk brotli-libs 1.1.0-r2 apk
bs4 0.0.2 python bs4 0.0.2 python
busybox 1.36.1-r15 apk busybox 1.36.1-r29 apk
busybox-binsh 1.36.1-r15 apk busybox-binsh 1.36.1-r29 apk
c-ares 1.27.0-r0 apk c-ares 1.28.1-r0 apk
c-client 2007f-r15 apk c-client 2007f-r15 apk
ca-certificates 20240226-r0 apk ca-certificates 20240705-r0 apk
ca-certificates-bundle 20240226-r0 apk ca-certificates-bundle 20240705-r0 apk
cachetools 5.3.3 python cachetools 5.5.0 python
catatonit 0.2.0-r0 apk catatonit 0.2.0-r0 apk
certbot 2.10.0 python certbot 2.11.0 python
certbot-dns-acmedns 0.1.0 python certbot-dns-acmedns 0.1.0 python
certbot-dns-aliyun 2.0.0 python certbot-dns-aliyun 2.0.0 python
certbot-dns-azure 2.5.0 python certbot-dns-azure 2.5.0 python
certbot-dns-bunny 0.0.9 python certbot-dns-bunny 0.0.9 python
certbot-dns-cloudflare 2.10.0 python certbot-dns-cloudflare 2.11.0 python
certbot-dns-cpanel 0.4.0 python certbot-dns-cpanel 0.4.0 python
certbot-dns-desec 1.2.1 python certbot-dns-desec 1.2.1 python
certbot-dns-digitalocean 2.10.0 python certbot-dns-digitalocean 2.11.0 python
certbot-dns-directadmin 1.0.4 python certbot-dns-directadmin 1.0.4 python
certbot-dns-dnsimple 2.10.0 python certbot-dns-dnsimple 2.11.0 python
certbot-dns-dnsmadeeasy 2.10.0 python certbot-dns-dnsmadeeasy 2.11.0 python
certbot-dns-dnspod 0.1.0 python certbot-dns-dnspod 0.1.0 python
certbot-dns-do 0.31.0 python certbot-dns-do 0.31.0 python
certbot-dns-domeneshop 0.2.9 python certbot-dns-domeneshop 0.2.9 python
@ -54,296 +52,312 @@ certbot-dns-dreamhost 1.0 python
certbot-dns-duckdns 1.3 python certbot-dns-duckdns 1.3 python
certbot-dns-dynudns 0.0.6 python certbot-dns-dynudns 0.0.6 python
certbot-dns-freedns 0.2.0 python certbot-dns-freedns 0.2.0 python
certbot-dns-gehirn 2.10.0 python certbot-dns-gehirn 2.11.0 python
certbot-dns-glesys 2.1.0 python certbot-dns-glesys 2.1.0 python
certbot-dns-godaddy 2.8.0 python certbot-dns-godaddy 2.8.0 python
certbot-dns-google 2.10.0 python certbot-dns-google 2.11.0 python
certbot-dns-google-domains 0.1.11 python
certbot-dns-he 1.0.0 python certbot-dns-he 1.0.0 python
certbot-dns-hetzner 2.0.0 python certbot-dns-hetzner 2.0.1 python
certbot-dns-infomaniak 0.2.2 python certbot-dns-infomaniak 0.2.2 python
certbot-dns-inwx 2.2.0 python certbot-dns-inwx 2.2.0 python
certbot-dns-ionos 2024.1.8 python certbot-dns-ionos 2024.1.8 python
certbot-dns-linode 2.10.0 python certbot-dns-linode 2.11.0 python
certbot-dns-loopia 1.0.1 python certbot-dns-loopia 1.0.1 python
certbot-dns-luadns 2.10.0 python certbot-dns-luadns 2.11.0 python
certbot-dns-namecheap 1.0.0 python certbot-dns-namecheap 1.0.0 python
certbot-dns-netcup 1.4.3 python certbot-dns-netcup 1.4.3 python
certbot-dns-njalla 1.0.0 python certbot-dns-njalla 1.0.0 python
certbot-dns-nsone 2.10.0 python certbot-dns-nsone 2.11.0 python
certbot-dns-ovh 2.10.0 python certbot-dns-ovh 2.11.0 python
certbot-dns-porkbun 0.8 python certbot-dns-porkbun 0.8 python
certbot-dns-rfc2136 2.10.0 python certbot-dns-rfc2136 2.11.0 python
certbot-dns-route53 2.10.0 python certbot-dns-route53 2.11.0 python
certbot-dns-sakuracloud 2.10.0 python certbot-dns-sakuracloud 2.11.0 python
certbot-dns-standalone 1.1 python certbot-dns-standalone 1.1 python
certbot-dns-transip 0.5.2 python certbot-dns-transip 0.5.2 python
certbot-dns-vultr 1.1.0 python certbot-dns-vultr 1.1.0 python
certbot-plugin-gandi 1.5.0 python certbot-plugin-gandi 1.5.0 python
certifi 2024.2.2 python certifi 2024.8.30 python
cffi 1.16.0 python cffi 1.17.1 python
charset-normalizer 3.3.2 python charset-normalizer 3.4.0 python
cloudflare 2.20.0 python cloudflare 2.19.4 python
composer 2.7.6 binary composer 2.7.9 binary
configobj 5.0.8 python configargparse 1.7 python
coreutils 9.4-r2 apk configobj 5.0.9 python
coreutils-env 9.4-r2 apk coreutils 9.5-r1 apk
coreutils-fmt 9.4-r2 apk coreutils-env 9.5-r1 apk
coreutils-sha512sum 9.4-r2 apk coreutils-fmt 9.5-r1 apk
cryptography 42.0.7 python coreutils-sha512sum 9.5-r1 apk
curl 8.5.0-r0 apk cryptography 43.0.3 python
dataclasses-json 0.5.14 python curl 8.9.1-r2 apk
distro 1.9.0 python distro 1.9.0 python
dns-lexicon 3.17.0 python dns-lexicon 3.18.0 python
dnslib 0.9.24 python dnslib 0.9.25 python
dnspython 2.6.1 python dnspython 2.7.0 python
domeneshop 0.4.4 python domeneshop 0.4.4 python
fail2ban 1.0.2 python fail2ban 1.1.0 python
fail2ban 1.0.2-r3 apk fail2ban 1.1.0-r0 apk
fail2ban-pyc 1.0.2-r3 apk fail2ban-pyc 1.1.0-r0 apk
filelock 3.14.0 python filelock 3.16.1 python
findutils 4.9.0-r5 apk findutils 4.9.0-r5 apk
fontconfig 2.14.2-r4 apk fontconfig 2.15.0-r1 apk
freetype 2.13.2-r0 apk freetype 2.13.2-r0 apk
future 1.0.0 python future 1.0.0 python
gdbm 1.23-r1 apk gdbm 1.23-r1 apk
git 2.43.4-r0 apk git 2.45.2-r0 apk
git-perl 2.43.4-r0 apk git-init-template 2.45.2-r0 apk
gmp 6.3.0-r0 apk git-perl 2.45.2-r0 apk
gnupg 2.4.4-r0 apk gmp 6.3.0-r1 apk
gnupg-dirmngr 2.4.4-r0 apk gnupg 2.4.5-r0 apk
gnupg-gpgconf 2.4.4-r0 apk gnupg-dirmngr 2.4.5-r0 apk
gnupg-keyboxd 2.4.4-r0 apk gnupg-gpgconf 2.4.5-r0 apk
gnupg-utils 2.4.4-r0 apk gnupg-keyboxd 2.4.5-r0 apk
gnupg-wks-client 2.4.4-r0 apk gnupg-utils 2.4.5-r0 apk
gnutls 3.8.4-r0 apk gnupg-wks-client 2.4.5-r0 apk
google-api-core 2.19.0 python gnutls 3.8.5-r0 apk
google-api-python-client 2.129.0 python google-api-core 2.21.0 python
google-auth 2.29.0 python google-api-python-client 2.149.0 python
google-auth 2.35.0 python
google-auth-httplib2 0.2.0 python google-auth-httplib2 0.2.0 python
googleapis-common-protos 1.63.0 python googleapis-common-protos 1.65.0 python
gpg 2.4.4-r0 apk gpg 2.4.5-r0 apk
gpg-agent 2.4.4-r0 apk gpg-agent 2.4.5-r0 apk
gpg-wks-server 2.4.4-r0 apk gpg-wks-server 2.4.5-r0 apk
gpgsm 2.4.4-r0 apk gpgsm 2.4.5-r0 apk
gpgv 2.4.4-r0 apk gpgv 2.4.5-r0 apk
httplib2 0.22.0 python httplib2 0.22.0 python
icu-data-en 74.1-r0 apk icu-data-en 74.2-r0 apk
icu-libs 74.1-r0 apk icu-libs 74.2-r0 apk
idna 3.7 python idna 3.10 python
importlib-metadata 8.0.0 python
importlib-resources 6.4.0 python
inflect 7.3.1 python
iptables 1.8.10-r3 apk iptables 1.8.10-r3 apk
isodate 0.6.1 python iptables-legacy 1.8.10-r3 apk
isodate 0.7.2 python
jaraco-collections 5.1.0 python
jaraco-context 5.3.0 python
jaraco-functools 4.0.1 python
jaraco-text 3.12.1 python
jmespath 1.0.1 python jmespath 1.0.1 python
josepy 1.14.0 python josepy 1.14.0 python
jq 1.7.1-r0 apk jq 1.7.1-r0 apk
jsonlines 4.0.0 python jsonlines 4.0.0 python
jsonpickle 3.0.4 python jsonpickle 3.3.0 python
libacl 2.3.1-r4 apk libacl 2.3.2-r0 apk
libassuan 2.5.6-r1 apk libassuan 2.5.7-r0 apk
libattr 2.5.1-r5 apk libattr 2.5.2-r0 apk
libavif 1.0.3-r0 apk libavif 1.0.4-r0 apk
libbsd 0.11.7-r3 apk libbsd 0.12.2-r0 apk
libbz2 1.0.8-r6 apk libbz2 1.0.8-r6 apk
libc-utils 0.7.2-r5 apk libcrypto3 3.3.2-r0 apk
libcrypto3 3.1.4-r6 apk libcurl 8.9.1-r2 apk
libcurl 8.5.0-r0 apk libdav1d 1.4.2-r0 apk
libdav1d 1.3.0-r1 apk libedit 20240517.3.1-r0 apk
libedit 20230828.3.1-r3 apk
libevent 2.1.12-r7 apk libevent 2.1.12-r7 apk
libexpat 2.6.2-r0 apk libexpat 2.6.3-r0 apk
libffi 3.4.4-r3 apk libffi 3.4.6-r0 apk
libgcc 13.2.1_git20231014-r0 apk libgcc 13.2.1_git20240309-r0 apk
libgcrypt 1.10.3-r0 apk libgcrypt 1.10.3-r0 apk
libgd 2.3.3-r8 apk libgd 2.3.3-r9 apk
libgpg-error 1.47-r2 apk libgpg-error 1.49-r0 apk
libice 1.1.1-r5 apk libice 1.1.1-r6 apk
libidn2 2.3.4-r4 apk libidn2 2.3.7-r0 apk
libintl 0.22.3-r0 apk libintl 0.22.5-r0 apk
libjpeg-turbo 3.0.1-r0 apk libip4tc 1.8.10-r3 apk
libksba 1.6.5-r0 apk libip6tc 1.8.10-r3 apk
libldap 2.6.6-r1 apk libjpeg-turbo 3.0.3-r0 apk
libmaxminddb-libs 1.7.1-r2 apk libksba 1.6.6-r0 apk
libldap 2.6.8-r0 apk
libmaxminddb-libs 1.9.1-r0 apk
libmcrypt 2.5.8-r10 apk libmcrypt 2.5.8-r10 apk
libmd 1.1.0-r0 apk libmd 1.1.0-r0 apk
libmemcached-libs 1.1.4-r1 apk libmemcached-libs 1.1.4-r1 apk
libmnl 1.0.5-r2 apk libmnl 1.0.5-r2 apk
libncursesw 6.4_p20231125-r0 apk libncursesw 6.4_p20240420-r1 apk
libnftnl 1.2.6-r0 apk libnftnl 1.2.6-r0 apk
libpanelw 6.4_p20231125-r0 apk libpanelw 6.4_p20240420-r1 apk
libpng 1.6.40-r0 apk libpng 1.6.44-r0 apk
libpq 16.3-r0 apk libpq 16.3-r0 apk
libproc2 4.0.4-r0 apk libproc2 4.0.4-r0 apk
libsasl 2.1.28-r5 apk libpsl 0.21.5-r1 apk
libseccomp 2.5.5-r0 apk libsasl 2.1.28-r6 apk
libseccomp 2.5.5-r1 apk
libsharpyuv 1.3.2-r0 apk libsharpyuv 1.3.2-r0 apk
libsm 1.2.4-r3 apk libsm 1.2.4-r4 apk
libsodium 1.0.19-r0 apk libsodium 1.0.19-r0 apk
libssl3 3.1.4-r6 apk libssl3 3.3.2-r0 apk
libstdc++ 13.2.1_git20231014-r0 apk libstdc++ 13.2.1_git20240309-r0 apk
libtasn1 4.19.0-r2 apk libtasn1 4.19.0-r2 apk
libunistring 1.1-r2 apk libunistring 1.2-r0 apk
libuuid 2.39.3-r0 apk libuuid 2.40.1-r1 apk
libwebp 1.3.2-r0 apk libwebp 1.3.2-r0 apk
libx11 1.8.7-r0 apk libx11 1.8.9-r1 apk
libxau 1.0.11-r3 apk libxau 1.0.11-r4 apk
libxcb 1.16-r0 apk libxcb 1.16.1-r0 apk
libxdmcp 1.1.4-r3 apk libxdmcp 1.1.5-r1 apk
libxext 1.3.5-r3 apk libxext 1.3.6-r2 apk
libxml2 2.11.7-r0 apk libxml2 2.12.7-r0 apk
libxpm 3.5.17-r0 apk libxpm 3.5.17-r0 apk
libxslt 1.1.39-r0 apk libxslt 1.1.39-r1 apk
libxt 1.3.0-r4 apk libxt 1.3.0-r5 apk
libxtables 1.8.10-r3 apk libxtables 1.8.10-r3 apk
libzip 1.10.1-r0 apk libzip 1.10.1-r0 apk
linux-pam 1.5.3-r7 apk linux-pam 1.6.0-r0 apk
logrotate 3.21.0-r1 apk logrotate 3.21.0-r1 apk
loopialib 0.2.0 python loopialib 0.2.0 python
lxml 5.2.2 python lxml 5.3.0 python
lz4-libs 1.9.4-r5 apk lz4-libs 1.9.4-r5 apk
marshmallow 3.21.2 python memcached 1.6.27-r0 apk
memcached 1.6.22-r0 apk
mock 5.1.0 python mock 5.1.0 python
mpdecimal 2.5.1-r2 apk more-itertools 10.3.0 python
msal 1.28.0 python mpdecimal 4.0.0-r0 apk
msal-extensions 1.1.0 python msal 1.31.0 python
musl 1.2.4_git20230717-r4 apk msal-extensions 1.2.0 python
musl-utils 1.2.4_git20230717-r4 apk musl 1.2.5-r0 apk
mypy-extensions 1.0.0 python musl-utils 1.2.5-r0 apk
nano 7.2-r1 apk my-test-package 1.0 python
ncurses-terminfo-base 6.4_p20231125-r0 apk nano 8.0-r0 apk
ncurses-terminfo-base 6.4_p20240420-r1 apk
netcat-openbsd 1.226-r0 apk netcat-openbsd 1.226-r0 apk
nettle 3.9.1-r0 apk nettle 3.9.1-r0 apk
nghttp2-libs 1.58.0-r0 apk nghttp2-libs 1.62.1-r0 apk
nginx 1.24.0-r16 apk nginx 1.26.2-r0 apk
nginx-mod-devel-kit 1.24.0-r16 apk nginx-mod-devel-kit 1.26.2-r0 apk
nginx-mod-http-brotli 1.24.0-r16 apk nginx-mod-http-brotli 1.26.2-r0 apk
nginx-mod-http-dav-ext 1.24.0-r16 apk nginx-mod-http-dav-ext 1.26.2-r0 apk
nginx-mod-http-echo 1.24.0-r16 apk nginx-mod-http-echo 1.26.2-r0 apk
nginx-mod-http-fancyindex 1.24.0-r16 apk nginx-mod-http-fancyindex 1.26.2-r0 apk
nginx-mod-http-geoip2 1.24.0-r16 apk nginx-mod-http-geoip2 1.26.2-r0 apk
nginx-mod-http-headers-more 1.24.0-r16 apk nginx-mod-http-headers-more 1.26.2-r0 apk
nginx-mod-http-image-filter 1.24.0-r16 apk nginx-mod-http-image-filter 1.26.2-r0 apk
nginx-mod-http-perl 1.24.0-r16 apk nginx-mod-http-perl 1.26.2-r0 apk
nginx-mod-http-redis2 1.24.0-r16 apk nginx-mod-http-redis2 1.26.2-r0 apk
nginx-mod-http-set-misc 1.24.0-r16 apk nginx-mod-http-set-misc 1.26.2-r0 apk
nginx-mod-http-upload-progress 1.24.0-r16 apk nginx-mod-http-upload-progress 1.26.2-r0 apk
nginx-mod-http-xslt-filter 1.24.0-r16 apk nginx-mod-http-xslt-filter 1.26.2-r0 apk
nginx-mod-mail 1.24.0-r16 apk nginx-mod-mail 1.26.2-r0 apk
nginx-mod-rtmp 1.24.0-r16 apk nginx-mod-rtmp 1.26.2-r0 apk
nginx-mod-stream 1.24.0-r16 apk nginx-mod-stream 1.26.2-r0 apk
nginx-mod-stream-geoip2 1.24.0-r16 apk nginx-mod-stream-geoip2 1.26.2-r0 apk
nginx-vim 1.24.0-r16 apk nginx-vim 1.26.2-r0 apk
npth 1.6-r4 apk npth 1.6-r4 apk
oniguruma 6.9.9-r0 apk oniguruma 6.9.9-r0 apk
openssl 3.1.4-r6 apk openssl 3.3.2-r0 apk
p11-kit 0.25.3-r0 apk p11-kit 0.25.3-r0 apk
packaging 24.0 python packaging 24.1 python
parsedatetime 2.6 python parsedatetime 2.6 python
pcre 8.45-r3 apk pcre 8.45-r3 apk
pcre2 10.42-r2 apk pcre2 10.43-r0 apk
perl 5.38.2-r0 apk perl 5.38.2-r0 apk
perl-error 0.17029-r2 apk perl-error 0.17029-r2 apk
perl-git 2.43.4-r0 apk perl-git 2.45.2-r0 apk
php83 8.3.7-r0 apk php83 8.3.12-r0 apk
php83-bcmath 8.3.7-r0 apk php83-bcmath 8.3.12-r0 apk
php83-bz2 8.3.7-r0 apk php83-bz2 8.3.12-r0 apk
php83-common 8.3.7-r0 apk php83-common 8.3.12-r0 apk
php83-ctype 8.3.7-r0 apk php83-ctype 8.3.12-r0 apk
php83-curl 8.3.7-r0 apk php83-curl 8.3.12-r0 apk
php83-dom 8.3.7-r0 apk php83-dom 8.3.12-r0 apk
php83-exif 8.3.7-r0 apk php83-exif 8.3.12-r0 apk
php83-fileinfo 8.3.7-r0 apk php83-fileinfo 8.3.12-r0 apk
php83-fpm 8.3.7-r0 apk php83-fpm 8.3.12-r0 apk
php83-ftp 8.3.7-r0 apk php83-ftp 8.3.12-r0 apk
php83-gd 8.3.7-r0 apk php83-gd 8.3.12-r0 apk
php83-gmp 8.3.7-r0 apk php83-gmp 8.3.12-r0 apk
php83-iconv 8.3.7-r0 apk php83-iconv 8.3.12-r0 apk
php83-imap 8.3.7-r0 apk php83-imap 8.3.12-r0 apk
php83-intl 8.3.7-r0 apk php83-intl 8.3.12-r0 apk
php83-ldap 8.3.7-r0 apk php83-ldap 8.3.12-r0 apk
php83-mbstring 8.3.7-r0 apk php83-mbstring 8.3.12-r0 apk
php83-mysqli 8.3.7-r0 apk php83-mysqli 8.3.12-r0 apk
php83-mysqlnd 8.3.7-r0 apk php83-mysqlnd 8.3.12-r0 apk
php83-opcache 8.3.7-r0 apk php83-opcache 8.3.12-r0 apk
php83-openssl 8.3.7-r0 apk php83-openssl 8.3.12-r0 apk
php83-pdo 8.3.7-r0 apk php83-pdo 8.3.12-r0 apk
php83-pdo_mysql 8.3.7-r0 apk php83-pdo_mysql 8.3.12-r0 apk
php83-pdo_odbc 8.3.7-r0 apk php83-pdo_odbc 8.3.12-r0 apk
php83-pdo_pgsql 8.3.7-r0 apk php83-pdo_pgsql 8.3.12-r0 apk
php83-pdo_sqlite 8.3.7-r0 apk php83-pdo_sqlite 8.3.12-r0 apk
php83-pear 8.3.7-r0 apk php83-pear 8.3.12-r0 apk
php83-pecl-apcu 5.1.23-r0 apk php83-pecl-apcu 5.1.23-r0 apk
php83-pecl-igbinary 3.2.15-r0 apk php83-pecl-igbinary 3.2.15-r0 apk
php83-pecl-mcrypt 1.0.7-r0 apk php83-pecl-mcrypt 1.0.7-r0 apk
php83-pecl-memcached 3.2.0-r0 apk php83-pecl-memcached 3.2.0-r0 apk
php83-pecl-msgpack 2.2.0-r1 apk php83-pecl-msgpack 2.2.0-r2 apk
php83-pecl-redis 6.0.2-r0 apk php83-pecl-redis 6.1.0-r0 apk
php83-pgsql 8.3.7-r0 apk php83-pgsql 8.3.12-r0 apk
php83-phar 8.3.7-r0 apk php83-phar 8.3.12-r0 apk
php83-posix 8.3.7-r0 apk php83-posix 8.3.12-r0 apk
php83-session 8.3.7-r0 apk php83-session 8.3.12-r0 apk
php83-simplexml 8.3.7-r0 apk php83-simplexml 8.3.12-r0 apk
php83-soap 8.3.7-r0 apk php83-soap 8.3.12-r0 apk
php83-sockets 8.3.7-r0 apk php83-sockets 8.3.12-r0 apk
php83-sodium 8.3.7-r0 apk php83-sodium 8.3.12-r0 apk
php83-sqlite3 8.3.7-r0 apk php83-sqlite3 8.3.12-r0 apk
php83-tokenizer 8.3.7-r0 apk php83-tokenizer 8.3.12-r0 apk
php83-xml 8.3.7-r0 apk php83-xml 8.3.12-r0 apk
php83-xmlreader 8.3.7-r0 apk php83-xmlreader 8.3.12-r0 apk
php83-xmlwriter 8.3.7-r0 apk php83-xmlwriter 8.3.12-r0 apk
php83-xsl 8.3.7-r0 apk php83-xsl 8.3.12-r0 apk
php83-zip 8.3.7-r0 apk php83-zip 8.3.12-r0 apk
pinentry 1.2.1-r1 apk pinentry 1.3.0-r0 apk
pip 24.0 python pip 24.2 python
pkb-client 1.2 python pkb-client 1.2 python
platformdirs 4.2.2 python
popt 1.19-r3 apk popt 1.19-r3 apk
portalocker 2.8.2 python portalocker 2.10.1 python
procps-ng 4.0.4-r0 apk procps-ng 4.0.4-r0 apk
proto-plus 1.23.0 python proto-plus 1.24.0 python
protobuf 4.25.3 python protobuf 5.28.2 python
publicsuffixlist 0.9.4 python
pyOpenSSL 24.1.0 python
pyRFC3339 1.1 python
pyacmedns 0.4 python pyacmedns 0.4 python
pyasn1 0.6.0 python pyasn1 0.6.1 python
pyasn1_modules 0.4.0 python pyasn1-modules 0.4.1 python
pyc 3.11.9-r0 apk pyc 3.12.7-r0 apk
pycparser 2.22 python pycparser 2.22 python
pyjwt 2.9.0 python
pynamecheap 0.0.3 python
pyopenssl 24.2.1 python
pyotp 2.9.0 python pyotp 2.9.0 python
pyparsing 3.1.2 python pyparsing 3.2.0 python
pyrfc3339 1.1 python
python-dateutil 2.9.0.post0 python python-dateutil 2.9.0.post0 python
python-digitalocean 1.17.0 python python-digitalocean 1.17.0 python
python-transip 0.6.0 python python-transip 0.6.0 python
python3 3.11.9-r0 apk python3 3.12.7-r0 apk
python3-pyc 3.11.9-r0 apk python3-pyc 3.12.7-r0 apk
python3-pycache-pyc0 3.11.9-r0 apk python3-pycache-pyc0 3.12.7-r0 apk
pytz 2024.1 python pytz 2024.2 python
readline 8.2.1-r2 apk pyyaml 6.0.2 python
requests 2.31.0 python readline 8.2.10-r0 apk
requests-file 2.0.0 python requests 2.32.3 python
requests-file 2.1.0 python
requests-mock 1.12.1 python requests-mock 1.12.1 python
rsa 4.9 python rsa 4.9 python
s3transfer 0.10.1 python s3transfer 0.10.3 python
scanelf 1.3.7-r2 apk scanelf 1.3.7-r2 apk
setuptools 65.5.0 python setuptools 75.2.0 python
shadow 4.14.2-r0 apk shadow 4.15.1-r0 apk
six 1.16.0 python six 1.16.0 python
skalibs 2.14.0.1-r0 apk skalibs 2.14.1.1-r0 apk
soupsieve 2.5 python soupsieve 2.6 python
sqlite-libs 3.44.2-r0 apk sqlite-libs 3.45.3-r1 apk
ssl_client 1.36.1-r15 apk ssl_client 1.36.1-r29 apk
tiff 4.6.0-r0 apk tiff 4.6.0t-r0 apk
tldextract 5.1.2 python tldextract 5.1.2 python
typing-inspect 0.9.0 python tomli 2.0.1 python
typing_extensions 4.11.0 python typeguard 4.3.0 python
tzdata 2024a-r0 apk typing-extensions 4.12.2 python (+1 duplicate)
tzdata 2024b-r0 apk
unixodbc 2.3.12-r0 apk unixodbc 2.3.12-r0 apk
uritemplate 4.1.1 python uritemplate 4.1.1 python
urllib3 2.2.1 python urllib3 2.2.3 python
utmps-libs 0.1.2.2-r0 apk utmps-libs 0.1.2.2-r1 apk
wheel 0.43.0 python wheel 0.43.0 python
whois 5.5.20-r0 apk wheel 0.44.0 python
xz-libs 5.4.5-r0 apk whois 5.5.23-r0 apk
zlib 1.3.1-r0 apk xz-libs 5.6.2-r0 apk
zope.interface 6.4 python zipp 3.19.2 python
zstd-libs 1.5.5-r8 apk zlib 1.3.1-r1 apk
zope-interface 7.1.0 python
zstd-libs 1.5.6-r0 apk

40
readme-vars.yml
View File

@ -7,40 +7,24 @@ project_logo: "https://github.com/linuxserver/docker-templates/raw/master/linuxs
project_blurb: "SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention." project_blurb: "SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention."
project_lsio_github_repo_url: "https://github.com/linuxserver/docker-{{ project_name }}" project_lsio_github_repo_url: "https://github.com/linuxserver/docker-{{ project_name }}"
project_blurb_optional_extras_enabled: false
project_blurb_optional_extras: []
# supported architectures # supported architectures
available_architectures: available_architectures:
- { arch: "{{ arch_x86_64 }}", tag: "amd64-latest"} - { arch: "{{ arch_x86_64 }}", tag: "amd64-latest"}
- { arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"} - { arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"}
# development version
development_versions: false
development_versions_items:
- { tag: "latest", desc: "Stable releases" }
# container parameters # container parameters
common_param_env_vars_enabled: true #PGID, PUID, etc, you can set it to 'optional' common_param_env_vars_enabled: true
param_container_name: "{{ project_name }}" param_container_name: "{{ project_name }}"
param_usage_include_net: false #you can set it to 'optional'
param_net: "host"
param_net_desc: "Shares host networking with container."
param_usage_include_env: true param_usage_include_env: true
param_env_vars: param_env_vars:
- { env_var: "TZ", env_value: "Europe/London", desc: "Specify a timezone to use EG Europe/London." }
- { env_var: "URL", env_value: "yourdomain.url", desc: "Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns)." } - { env_var: "URL", env_value: "yourdomain.url", desc: "Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns)." }
- { env_var: "VALIDATION", env_value: "http", desc: "Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set)." } - { env_var: "VALIDATION", env_value: "http", desc: "Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set).", env_options: ["http", "dns"] }
param_usage_include_vols: true param_usage_include_vols: true
param_volumes: param_volumes:
- { vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Persistent config files" } - { vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Persistent config files" }
param_usage_include_ports: true param_usage_include_ports: true
param_ports: param_ports:
- { external_port: "443", internal_port: "443", port_desc: "Https port" } - { external_port: "443", internal_port: "443", port_desc: "Https port" }
param_device_map: false
param_devices:
- { device_path: "/dev/dri", device_host_path: "/dev/dri", desc: "For hardware transcoding" }
cap_add_param: true cap_add_param: true
cap_add_param_vars: cap_add_param_vars:
- { cap_add_var: "NET_ADMIN" } - { cap_add_var: "NET_ADMIN" }
@ -50,27 +34,15 @@ opt_param_usage_include_env: true
opt_param_env_vars: opt_param_env_vars:
- { env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)" } - { env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)" }
- { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." } - { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." }
- { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." } - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
- { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." } - { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." }
- { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." } - { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." }
- { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" } - { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
- { env_var: "EXTRA_DOMAINS", env_value: "", desc: "Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org`" } - { env_var: "EXTRA_DOMAINS", env_value: "", desc: "Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org`" }
- { env_var: "STAGING", env_value: "false", desc: "Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes." } - { env_var: "STAGING", env_value: "false", desc: "Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes." }
opt_param_usage_include_vols: false
opt_param_volumes:
- { vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Persistent config files" }
opt_param_usage_include_ports: true opt_param_usage_include_ports: true
opt_param_ports: opt_param_ports:
- { external_port: "80", internal_port: "80", port_desc: "Http port (required for http validation and http -> https redirect)" } - { external_port: "80", internal_port: "80", port_desc: "Http port (required for http validation and http -> https redirect)" }
opt_param_device_map: false
opt_param_devices:
- { device_path: "/dev/dri", device_host_path: "/dev/dri", desc: "For hardware transcoding" }
opt_cap_add_param: false
opt_cap_add_param_vars:
- { cap_add_var: "NET_ADMIN" }
optional_block_1: false
optional_block_1_items: ""
# application setup block # application setup block
app_setup_block_enabled: true app_setup_block_enabled: true
@ -92,7 +64,7 @@ app_setup_block: |
### Certbot Plugins ### Certbot Plugins
SWAG includes many Certbot plugins out of the box, but not all plugins can be includes. SWAG includes many Certbot plugins out of the box, but not all plugins can be included.
If you need a plugin that is not included, the quickest way to have the plugin available is to use our [Universal Package Install Docker Mod](https://github.com/linuxserver/docker-mods/tree/universal-package-install). If you need a plugin that is not included, the quickest way to have the plugin available is to use our [Universal Package Install Docker Mod](https://github.com/linuxserver/docker-mods/tree/universal-package-install).
Set the following environment variables on your container: Set the following environment variables on your container:
@ -168,6 +140,10 @@ app_setup_block: |
# changelog # changelog
changelogs: changelogs:
- { date: "21.10.24:", desc: "Fix naming issue with Dynu plugin. If you are using Dynu, please make sure your credentials are set in /config/dns-conf/dynu.ini and your DNSPLUGIN variable is set to dynu (not dynudns)." }
- { date: "30.08.24:", desc: "Fix zerossl cert revocation." }
- { date: "24.07.14:", desc: "Rebase to Alpine 3.20. Remove deprecated Google Domains certbot plugin. Existing users should update their nginx confs to avoid http2 deprecation warnings."}
- { date: "01.07.24:", desc: "Fall back to iptables-legacy if iptables doesn't work." }
- { date: "23.03.24:", desc: "Fix perms on the generated `priv-fullchain-bundle.pem`." } - { date: "23.03.24:", desc: "Fix perms on the generated `priv-fullchain-bundle.pem`." }
- { date: "14.03.24:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf - Update Authelia conf samples with support for 4.38." } - { date: "14.03.24:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf - Update Authelia conf samples with support for 4.38." }
- { date: "11.03.24:", desc: "Restore support for DynuDNS using `certbot-dns-dynudns`." } - { date: "11.03.24:", desc: "Restore support for DynuDNS using `certbot-dns-dynudns`." }

4
root/defaults/dns-conf/google-domains.ini
View File

@ -1,4 +0,0 @@
# Instructions: https://github.com/aaomidi/certbot-dns-google-domains#credentials
# Replace with your value
dns_google_domains_access_token = abcdef
dns_google_domains_zone = example.com

6
root/defaults/nginx/site-confs/default.conf.sample
View File

@ -1,4 +1,4 @@
## Version 2024/03/06 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample ## Version 2024/07/16 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
# redirect all traffic to https # redirect all traffic to https
server { server {
@ -12,8 +12,8 @@ server {
# main server block # main server block
server { server {
listen 443 ssl http2 default_server; listen 443 ssl default_server;
listen [::]:443 ssl http2 default_server; listen [::]:443 ssl default_server;
server_name _; server_name _;

13
root/etc/s6-overlay/s6-rc.d/init-certbot-config/run
View File

@ -189,24 +189,15 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
[[ ! "${STAGING}" = "${ORIGSTAGING}" ]] || [[ ! "${STAGING}" = "${ORIGSTAGING}" ]] ||
[[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then [[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created" echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]]; then
REV_ACMESERVER=("https://acme.zerossl.com/v2/DV90") REV_ACMESERVER=("https://acme.zerossl.com/v2/DV90")
REV_ZEROSSL_EAB_KID=$(awk -F "=" '/eab-kid/ {print $2}' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" | tr -d ' ')
REV_ZEROSSL_EAB_HMAC_KEY=$(awk -F "=" '/eab-hmac-key/ {print $2}' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" | tr -d ' ')
if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
REV_ZEROSSL_EAB_KID=$(awk -F "=" '/eab-kid/ {print $2}' /config/etc/letsencrypt/cli.ini | tr -d ' ')
REV_ZEROSSL_EAB_HMAC_KEY=$(awk -F "=" '/eab-hmac-key/ {print $2}' /config/etc/letsencrypt/cli.ini | tr -d ' ')
fi
if [[ -n "${REV_ZEROSSL_EAB_KID}" ]] && [[ -n "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
REV_ACMESERVER+=("--eab-kid" "${REV_ZEROSSL_EAB_KID}" "--eab-hmac-key" "${REV_ZEROSSL_EAB_HMAC_KEY}")
fi
elif [[ "${ORIGSTAGING}" = "true" ]]; then elif [[ "${ORIGSTAGING}" = "true" ]]; then
REV_ACMESERVER=("https://acme-staging-v02.api.letsencrypt.org/directory") REV_ACMESERVER=("https://acme-staging-v02.api.letsencrypt.org/directory")
else else
REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory") REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
fi fi
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --key-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/privkey.pem --server "${REV_ACMESERVER[@]}" || true
else else
certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
fi fi

9
root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run
View File

@ -1,6 +1,15 @@
#!/usr/bin/with-contenv bash #!/usr/bin/with-contenv bash
# shellcheck shell=bash # shellcheck shell=bash
if ! iptables -L &> /dev/null; then
ln -sf /sbin/xtables-legacy-multi /sbin/iptables
ln -sf /sbin/xtables-legacy-multi /sbin/iptables-save
ln -sf /sbin/xtables-legacy-multi /sbin/iptables-restore
ln -sf /sbin/xtables-legacy-multi /sbin/ip6tables
ln -sf /sbin/xtables-legacy-multi /sbin/ip6tables-save
ln -sf /sbin/xtables-legacy-multi /sbin/ip6tables-restore
fi
# copy/update the fail2ban config defaults to/in /config # copy/update the fail2ban config defaults to/in /config
cp -R /defaults/fail2ban/filter.d /config/fail2ban/ cp -R /defaults/fail2ban/filter.d /config/fail2ban/
cp -R /defaults/fail2ban/action.d /config/fail2ban/ cp -R /defaults/fail2ban/action.d /config/fail2ban/