Merge branch hotfix/v7.4.1 into develop
This commit is contained in:
commit
4bc4f62720
22
.github/workflows/cron-rebuild-trigger.yml
vendored
Normal file
22
.github/workflows/cron-rebuild-trigger.yml
vendored
Normal file
@ -0,0 +1,22 @@
|
||||
---
|
||||
name: Trigger 4testing rebuild
|
||||
|
||||
run-name: "Weekly 4testing rebuild trigger"
|
||||
|
||||
on:
|
||||
schedule:
|
||||
# Run every Saturday at 10 p.m.
|
||||
- cron: '00 22 * * 6'
|
||||
|
||||
jobs:
|
||||
trigger-rebuild:
|
||||
name: "trigget-rebuild"
|
||||
runs-on: "ubuntu-latest"
|
||||
steps:
|
||||
- name: Rebuild 4testing manualy
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.TOKEN }}
|
||||
run: |
|
||||
gh workflow run rebuild.yml \
|
||||
--repo ONLYOFFICE/Docker-DocumentServer \
|
||||
-f repo=4test
|
224
.github/workflows/rebuild.yml
vendored
Normal file
224
.github/workflows/rebuild.yml
vendored
Normal file
@ -0,0 +1,224 @@
|
||||
---
|
||||
name: Rebuild Docker-Documentserver
|
||||
|
||||
run-name: >
|
||||
Rebuild DocumentServer with secure updates for repo: ${{ github.event.inputs.repo }}
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
repo:
|
||||
type: choice
|
||||
description: Please, choose upload repo..
|
||||
options:
|
||||
- '4test'
|
||||
- 'stable'
|
||||
|
||||
permissions:
|
||||
# All other permissions are set to none
|
||||
contents: read
|
||||
# Technically read access while waiting for images should be more than enough. However,
|
||||
# there is a bug in GitHub Actions/Packages and in case private repositories are used, you get a permission
|
||||
# denied error when attempting to just pull private image, changing the token permission to write solves the
|
||||
# issue. This is not dangerous, because if it is for "ONLYOFFICE/Docker-DocumentServer", only maintainers can use ds-rebuild.yaml
|
||||
# If it is for a fork, then the token is read-only anyway.
|
||||
packages: read
|
||||
|
||||
env:
|
||||
COMPANY_NAME: "onlyoffice"
|
||||
PRODUCT_NAME: "documentserver"
|
||||
REGISTRY_URL: "https://hub.docker.com/v2/repositories"
|
||||
|
||||
jobs:
|
||||
rebuild-info:
|
||||
name: "Rebuild-info"
|
||||
runs-on: "ubuntu-22.04"
|
||||
env:
|
||||
REPO_INPUTS: ${{ github.event.inputs.repo }}
|
||||
EVENT: ${{ github.event_name }}
|
||||
outputs:
|
||||
stable-versions: ${{ steps.selective-checks.outputs.stable-versions }}
|
||||
ucs-versions: ${{ steps.selective-checks.outputs.ucs-versions }}
|
||||
minor-tags: ${{ steps.selective-checks.outputs.minor-tags }}
|
||||
ucs-rebuild-condition: ${{ steps.selective-checks.outputs.ucs-rebuild-condition }}
|
||||
prefix-name: ${{ steps.selective-checks.outputs.prefix-name }}
|
||||
repo: ${{ steps.selective-checks.outputs.repo }}
|
||||
steps:
|
||||
- name: Selective checks
|
||||
id: selective-checks
|
||||
run: |
|
||||
set -e
|
||||
|
||||
REPO=${REPO_INPUTS:-"4test"}
|
||||
|
||||
if [ "${REPO}" == "stable" ]; then
|
||||
UCS_REBUILD=true
|
||||
UCS_VERSIONS=($(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}-ucs/tags/?page_size=100 | \
|
||||
jq -r '.results|.[]|.name' | grep -oxE '[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.1' || true))
|
||||
echo "ucs-versions=$(jq -c -n '$ARGS.positional' --args "${UCS_VERSIONS[@]}")" >> "$GITHUB_OUTPUT"
|
||||
elif
|
||||
[ "${REPO}" == "4test" ]; then
|
||||
UCS_REBUILD=false
|
||||
PREFIX_NAME=4testing-
|
||||
fi
|
||||
|
||||
STABLE_VERSIONS=($(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 | \
|
||||
jq -r '.results|.[]|.name' | grep -oxE '[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.1' || true))
|
||||
|
||||
# When rebuilding stable versions of the document server,
|
||||
# it is necessary to determine the version from which the
|
||||
# minor x.x tag will need to be pushed.
|
||||
|
||||
VERSIONS=(${STABLE_VERSIONS[@]})
|
||||
for i in {1..10}; do
|
||||
if [ -z "${VERSIONS}" ]; then
|
||||
break
|
||||
else
|
||||
TEMPLATE=${VERSIONS[0]%.*.*}
|
||||
TEMPLATE_MINOR=$(printf -- '%s\n' "${VERSIONS[@]}" | grep -o -m 1 "${VERSIONS[0]%.*.*}.[0-9].[0-9]")
|
||||
MINOR_TAGS+=(${TEMPLATE_MINOR%.*})
|
||||
|
||||
for v in ${MINOR_TAGS[@]}; do
|
||||
VERSIONS=(${VERSIONS[@]//${v%.*}.*.*})
|
||||
done
|
||||
fi
|
||||
done
|
||||
|
||||
echo "Stable releases that will be rebuilded"
|
||||
echo "--------------------------------------"
|
||||
echo "${STABLE_VERSIONS[@]}"
|
||||
echo
|
||||
echo
|
||||
echo "Ucs releases that will be rebuilded"
|
||||
echo "-----------------------------------"
|
||||
echo "${UCS_VERSIONS[@]}"
|
||||
|
||||
echo "stable-versions=$(jq -c -n '$ARGS.positional' --args "${STABLE_VERSIONS[@]}")" >> "$GITHUB_OUTPUT"
|
||||
echo "minor-tags=${MINOR_TAGS[@]}" >> "$GITHUB_OUTPUT"
|
||||
echo "ucs-rebuild-condition=${UCS_REBUILD}" >> "$GITHUB_OUTPUT"
|
||||
echo "prefix-name=${PREFIX_NAME}" >> "$GITHUB_OUTPUT"
|
||||
echo "repo=${REPO}" >> "$GITHUB_OUTPUT"
|
||||
shell: bash
|
||||
|
||||
re-build-stable:
|
||||
name: "Rebuild stable:${{ matrix.version }} ${{ matrix.edition }}"
|
||||
needs: [rebuild-info]
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
type: ["stable"]
|
||||
edition: ["", "-ee", "-de"]
|
||||
version: ${{fromJSON(needs.rebuild-info.outputs.stable-versions)}}
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v2
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
|
||||
# Determines the new build number based
|
||||
# on data from the hub.docker registry
|
||||
- name: Declare release number
|
||||
id: release-number
|
||||
env:
|
||||
REBUILD_VERSION: ${{ matrix.version }}
|
||||
run: |
|
||||
MINOR_VERSION=${REBUILD_VERSION%.*}
|
||||
LAST_RELEASE=$(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 \
|
||||
| jq -r '.results|.[]|.name' | grep -Eo -m1 "${MINOR_VERSION}.[0-9]{1,}")
|
||||
LAST_RELEASE=${LAST_RELEASE#*.*.*.}
|
||||
echo "release-number=$((LAST_RELEASE+1))" >> "$GITHUB_OUTPUT"
|
||||
shell: bash
|
||||
# Note: Rebuilding images with an
|
||||
# extra layer to update security and
|
||||
# all dependencies. Update tags got +1 to previous release.
|
||||
- name: Re-build documentserver-stable
|
||||
env:
|
||||
MINOR_TAGS_ST: ${{ needs.rebuild-info.outputs.minor-tags }}
|
||||
VERSION: ${{ matrix.version }}
|
||||
RELEASE_NUMBER: ${{ steps.release-number.outputs.release-number }}
|
||||
PREFIX_NAME: ${{ needs.rebuild-info.outputs.prefix-name }}
|
||||
REPO: ${{ needs.rebuild-info.outputs.repo }}
|
||||
PRODUCT_EDITION: ${{ matrix.edition }}
|
||||
run: |
|
||||
set -eux
|
||||
export PULL_TAG=${VERSION}
|
||||
export TAG=${VERSION%.*}.${RELEASE_NUMBER}
|
||||
export SHORTER_TAG=${VERSION%.*}
|
||||
export SHORTEST_TAG=${VERSION%.*.*}
|
||||
|
||||
if [ "${REPO}" == "stable" ]; then
|
||||
MINOR_TAGS=(${MINOR_TAGS_ST})
|
||||
for v in ${MINOR_TAGS[@]}; do
|
||||
if [ "${SHORTER_TAG}" == "${v}" ]; then
|
||||
export PUSH_MAJOR="true"
|
||||
fi
|
||||
done
|
||||
if [ "${SHORTER_TAG}" == "${MINOR_TAGS[0]}" ]; then
|
||||
export LATEST="true"
|
||||
fi
|
||||
fi
|
||||
docker buildx bake -f docker-bake.hcl documentserver-stable-rebuild --push
|
||||
shell: bash
|
||||
re-build-ucs:
|
||||
name: "Rebuild ucs: ${{ matrix.version }} ${{ matrix.edition }}"
|
||||
if: needs.rebuild-info.outputs.ucs-rebuild-condition == 'true'
|
||||
needs: [rebuild-info]
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
type: ["ucs"]
|
||||
edition: ["", "-ee"]
|
||||
version: ${{fromJSON(needs.rebuild-info.outputs.ucs-versions)}}
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v2
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
|
||||
# Determines the new build number based
|
||||
# on data from the hub.docker registry
|
||||
- name: Declare release number
|
||||
id: release-number
|
||||
env:
|
||||
REBUILD_VERSION: ${{ matrix.version }}
|
||||
run: |
|
||||
MINOR_VERSION=${REBUILD_VERSION%.*}
|
||||
LAST_RELEASE=$(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 \
|
||||
| jq -r '.results|.[]|.name' | grep -Eo -m1 "${MINOR_VERSION}.[0-9]{1,}")
|
||||
LAST_RELEASE=${LAST_RELEASE#*.*.*.}
|
||||
echo "release-number=$((LAST_RELEASE+1))" >> "$GITHUB_OUTPUT"
|
||||
shell: bash
|
||||
# Note: Rebuilding images with an
|
||||
# extra layer to update security and
|
||||
# all dependencies. Update tags +1 to previous release.
|
||||
- name: Re-build documentserver-ucs
|
||||
env:
|
||||
VERSION: ${{ matrix.version }}
|
||||
RELEASE_NUMBER: ${{ steps.release-number.outputs.release-number }}
|
||||
PRODUCT_EDITION: ${{ matrix.edition }}
|
||||
run: |
|
||||
set -eux
|
||||
export PULL_TAG=${VERSION}
|
||||
export TAG=${VERSION%.*}.${RELEASE_NUMBER}
|
||||
export SHORTER_TAG=${VERSION%.*}
|
||||
export SHORTEST_TAG=${VERSION%.*.*}
|
||||
|
||||
export UCS_REBUILD=true
|
||||
export UCS_PREFIX=-ucs
|
||||
|
||||
docker buildx bake -f docker-bake.hcl documentserver-stable-rebuild --push
|
||||
shell: bash
|
@ -66,7 +66,8 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
|
||||
service nginx stop && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
COPY config /app/ds/setup/config/
|
||||
COPY config/supervisor/supervisor /etc/init.d/
|
||||
COPY config/supervisor/ds/*.conf /etc/supervisor/conf.d/
|
||||
COPY run-document-server.sh /app/ds/run-document-server.sh
|
||||
|
||||
EXPOSE 80 443
|
||||
@ -89,6 +90,8 @@ RUN PACKAGE_FILE="${COMPANY_NAME}-${PRODUCT_NAME}${PRODUCT_EDITION}${PACKAGE_VER
|
||||
service postgresql start && \
|
||||
apt-get -yq install /tmp/$PACKAGE_FILE && \
|
||||
service postgresql stop && \
|
||||
chmod 755 /etc/init.d/supervisor && \
|
||||
sed "s/COMPANY_NAME/${COMPANY_NAME}/g" -i /etc/supervisor/conf.d/*.conf && \
|
||||
service supervisor stop && \
|
||||
chmod 755 /app/ds/*.sh && \
|
||||
rm -f /tmp/$PACKAGE_FILE && \
|
||||
|
@ -54,6 +54,14 @@ variable "BUILD_CHANNEL" {
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "PUSH_MAJOR" {
|
||||
default = "false"
|
||||
}
|
||||
|
||||
variable "LATEST" {
|
||||
default = "false"
|
||||
}
|
||||
|
||||
### ↓ Variables for UCS build ↓
|
||||
|
||||
variable "BASE_IMAGE" {
|
||||
@ -64,6 +72,14 @@ variable "PG_VERSION" {
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "UCS_REBUILD" {
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "UCS_PREFIX" {
|
||||
default = ""
|
||||
}
|
||||
|
||||
### ↑ Variables for UCS build ↑
|
||||
|
||||
target "documentserver" {
|
||||
@ -131,3 +147,23 @@ target "documentserver-nonexample" {
|
||||
"PRODUCT_EDITION": "${PRODUCT_EDITION}"
|
||||
}
|
||||
}
|
||||
|
||||
target "documentserver-stable-rebuild" {
|
||||
target = "documentserver-stable-rebuild"
|
||||
dockerfile = "production.dockerfile"
|
||||
tags = equal("true",UCS_REBUILD) ? ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}-ucs:${TAG}",] : [
|
||||
"docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
|
||||
equal("",PREFIX_NAME) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTER_TAG}": "",
|
||||
equal("true",PUSH_MAJOR) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTEST_TAG}": "",
|
||||
equal("",PREFIX_NAME) && equal("true",LATEST) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest": "",
|
||||
equal("-ee",PRODUCT_EDITION) && equal("",PREFIX_NAME) ? "docker.io/${COMPANY_NAME}4enterprise/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}": "",
|
||||
]
|
||||
platforms = ["linux/amd64", "linux/arm64"]
|
||||
args = {
|
||||
"UCS_PREFIX": "${UCS_PREFIX}"
|
||||
"PULL_TAG": "${PULL_TAG}"
|
||||
"COMPANY_NAME": "${COMPANY_NAME}"
|
||||
"PRODUCT_NAME": "${PRODUCT_NAME}"
|
||||
"PRODUCT_EDITION": "${PRODUCT_EDITION}"
|
||||
}
|
||||
}
|
||||
|
@ -2,11 +2,20 @@
|
||||
ARG PULL_TAG=latest
|
||||
ARG COMPANY_NAME=onlyoffice
|
||||
ARG PRODUCT_EDITION=
|
||||
### Rebuild arguments
|
||||
ARG UCS_PREFIX=
|
||||
ARG IMAGE=${COMPANY_NAME}/documentserver${PRODUCT_EDITION}${UCS_PREFIX}:${PULL_TAG}
|
||||
|
||||
### Build main-release ###
|
||||
|
||||
FROM ${COMPANY_NAME}/4testing-documentserver${PRODUCT_EDITION}:${PULL_TAG} as documentserver-stable
|
||||
|
||||
### Rebuild stable images with secure updates
|
||||
FROM ${IMAGE} as documentserver-stable-rebuild
|
||||
RUN echo "This is rebuild" \
|
||||
&& apt-get update -y \
|
||||
&& apt-get upgrade -y
|
||||
|
||||
### Build nonexample ###
|
||||
|
||||
FROM ${COMPANY_NAME}/documentserver${PRODUCT_EDITION}:${PULL_TAG} as documentserver-nonexample
|
||||
|
@ -499,13 +499,6 @@ update_nginx_settings(){
|
||||
documentserver-update-securelink.sh -s ${SECURE_LINK_SECRET:-$(pwgen -s 20)} -r false
|
||||
}
|
||||
|
||||
update_supervisor_settings(){
|
||||
# Copy modified supervisor start script
|
||||
cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisor /etc/init.d/
|
||||
sed "s/COMPANY_NAME/${COMPANY_NAME}/g" -i ${SYSCONF_TEMPLATES_DIR}/supervisor/ds/*.conf
|
||||
cp ${SYSCONF_TEMPLATES_DIR}/supervisor/ds/*.conf /etc/supervisor/conf.d/
|
||||
}
|
||||
|
||||
update_log_settings(){
|
||||
${JSON_LOG} -I -e "this.categories.default.level = '${DS_LOG_LEVEL}'"
|
||||
}
|
||||
@ -632,7 +625,6 @@ if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then
|
||||
|
||||
update_nginx_settings
|
||||
|
||||
update_supervisor_settings
|
||||
service supervisor start
|
||||
|
||||
# start cron to enable log rotating
|
||||
|
Loading…
x
Reference in New Issue
Block a user