225 lines
9 KiB
YAML
225 lines
9 KiB
YAML
|
---
|
||
|
name: Rebuild Docker-Documentserver
|
||
|
|
||
|
run-name: >
|
||
|
Rebuild DocumentServer with secure updates for repo: ${{ github.event.inputs.repo }}
|
||
|
|
||
|
on:
|
||
|
workflow_dispatch:
|
||
|
inputs:
|
||
|
repo:
|
||
|
type: choice
|
||
|
description: Please, choose upload repo..
|
||
|
options:
|
||
|
- '4test'
|
||
|
- 'stable'
|
||
|
|
||
|
permissions:
|
||
|
# All other permissions are set to none
|
||
|
contents: read
|
||
|
# Technically read access while waiting for images should be more than enough. However,
|
||
|
# there is a bug in GitHub Actions/Packages and in case private repositories are used, you get a permission
|
||
|
# denied error when attempting to just pull private image, changing the token permission to write solves the
|
||
|
# issue. This is not dangerous, because if it is for "ONLYOFFICE/Docker-DocumentServer", only maintainers can use ds-rebuild.yaml
|
||
|
# If it is for a fork, then the token is read-only anyway.
|
||
|
packages: read
|
||
|
|
||
|
env:
|
||
|
COMPANY_NAME: "onlyoffice"
|
||
|
PRODUCT_NAME: "documentserver"
|
||
|
REGISTRY_URL: "https://hub.docker.com/v2/repositories"
|
||
|
|
||
|
jobs:
|
||
|
rebuild-info:
|
||
|
name: "Rebuild-info"
|
||
|
runs-on: "ubuntu-22.04"
|
||
|
env:
|
||
|
REPO_INPUTS: ${{ github.event.inputs.repo }}
|
||
|
EVENT: ${{ github.event_name }}
|
||
|
outputs:
|
||
|
stable-versions: ${{ steps.selective-checks.outputs.stable-versions }}
|
||
|
ucs-versions: ${{ steps.selective-checks.outputs.ucs-versions }}
|
||
|
minor-tags: ${{ steps.selective-checks.outputs.minor-tags }}
|
||
|
ucs-rebuild-condition: ${{ steps.selective-checks.outputs.ucs-rebuild-condition }}
|
||
|
prefix-name: ${{ steps.selective-checks.outputs.prefix-name }}
|
||
|
repo: ${{ steps.selective-checks.outputs.repo }}
|
||
|
steps:
|
||
|
- name: Selective checks
|
||
|
id: selective-checks
|
||
|
run: |
|
||
|
set -e
|
||
|
|
||
|
REPO=${REPO_INPUTS:-"4test"}
|
||
|
|
||
|
if [ "${REPO}" == "stable" ]; then
|
||
|
UCS_REBUILD=true
|
||
|
UCS_VERSIONS=($(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}-ucs/tags/?page_size=100 | \
|
||
|
jq -r '.results|.[]|.name' | grep -oxE '[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.1' || true))
|
||
|
echo "ucs-versions=$(jq -c -n '$ARGS.positional' --args "${UCS_VERSIONS[@]}")" >> "$GITHUB_OUTPUT"
|
||
|
elif
|
||
|
[ "${REPO}" == "4test" ]; then
|
||
|
UCS_REBUILD=false
|
||
|
PREFIX_NAME=4testing-
|
||
|
fi
|
||
|
|
||
|
STABLE_VERSIONS=($(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 | \
|
||
|
jq -r '.results|.[]|.name' | grep -oxE '[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.1' || true))
|
||
|
|
||
|
# When rebuilding stable versions of the document server,
|
||
|
# it is necessary to determine the version from which the
|
||
|
# minor x.x tag will need to be pushed.
|
||
|
|
||
|
VERSIONS=(${STABLE_VERSIONS[@]})
|
||
|
for i in {1..10}; do
|
||
|
if [ -z "${VERSIONS}" ]; then
|
||
|
break
|
||
|
else
|
||
|
TEMPLATE=${VERSIONS[0]%.*.*}
|
||
|
TEMPLATE_MINOR=$(printf -- '%s\n' "${VERSIONS[@]}" | grep -o -m 1 "${VERSIONS[0]%.*.*}.[0-9].[0-9]")
|
||
|
MINOR_TAGS+=(${TEMPLATE_MINOR%.*})
|
||
|
|
||
|
for v in ${MINOR_TAGS[@]}; do
|
||
|
VERSIONS=(${VERSIONS[@]//${v%.*}.*.*})
|
||
|
done
|
||
|
fi
|
||
|
done
|
||
|
|
||
|
echo "Stable releases that will be rebuilded"
|
||
|
echo "--------------------------------------"
|
||
|
echo "${STABLE_VERSIONS[@]}"
|
||
|
echo
|
||
|
echo
|
||
|
echo "Ucs releases that will be rebuilded"
|
||
|
echo "-----------------------------------"
|
||
|
echo "${UCS_VERSIONS[@]}"
|
||
|
|
||
|
echo "stable-versions=$(jq -c -n '$ARGS.positional' --args "${STABLE_VERSIONS[@]}")" >> "$GITHUB_OUTPUT"
|
||
|
echo "minor-tags=${MINOR_TAGS[@]}" >> "$GITHUB_OUTPUT"
|
||
|
echo "ucs-rebuild-condition=${UCS_REBUILD}" >> "$GITHUB_OUTPUT"
|
||
|
echo "prefix-name=${PREFIX_NAME}" >> "$GITHUB_OUTPUT"
|
||
|
echo "repo=${REPO}" >> "$GITHUB_OUTPUT"
|
||
|
shell: bash
|
||
|
|
||
|
re-build-stable:
|
||
|
name: "Rebuild stable:${{ matrix.version }} ${{ matrix.edition }}"
|
||
|
needs: [rebuild-info]
|
||
|
runs-on: ubuntu-latest
|
||
|
strategy:
|
||
|
fail-fast: false
|
||
|
matrix:
|
||
|
type: ["stable"]
|
||
|
edition: ["", "-ee", "-de"]
|
||
|
version: ${{fromJSON(needs.rebuild-info.outputs.stable-versions)}}
|
||
|
steps:
|
||
|
- name: Checkout code
|
||
|
uses: actions/checkout@v3
|
||
|
- name: Set up QEMU
|
||
|
uses: docker/setup-qemu-action@v2
|
||
|
- name: Set up Docker Buildx
|
||
|
uses: docker/setup-buildx-action@v2
|
||
|
- name: Login to Docker Hub
|
||
|
uses: docker/login-action@v2
|
||
|
with:
|
||
|
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||
|
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
|
||
|
# Determines the new build number based
|
||
|
# on data from the hub.docker registry
|
||
|
- name: Declare release number
|
||
|
id: release-number
|
||
|
env:
|
||
|
REBUILD_VERSION: ${{ matrix.version }}
|
||
|
run: |
|
||
|
MINOR_VERSION=${REBUILD_VERSION%.*}
|
||
|
LAST_RELEASE=$(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 \
|
||
|
| jq -r '.results|.[]|.name' | grep -Eo -m1 "${MINOR_VERSION}.[0-9]{1,}")
|
||
|
LAST_RELEASE=${LAST_RELEASE#*.*.*.}
|
||
|
echo "release-number=$((LAST_RELEASE+1))" >> "$GITHUB_OUTPUT"
|
||
|
shell: bash
|
||
|
# Note: Rebuilding images with an
|
||
|
# extra layer to update security and
|
||
|
# all dependencies. Update tags got +1 to previous release.
|
||
|
- name: Re-build documentserver-stable
|
||
|
env:
|
||
|
MINOR_TAGS_ST: ${{ needs.rebuild-info.outputs.minor-tags }}
|
||
|
VERSION: ${{ matrix.version }}
|
||
|
RELEASE_NUMBER: ${{ steps.release-number.outputs.release-number }}
|
||
|
PREFIX_NAME: ${{ needs.rebuild-info.outputs.prefix-name }}
|
||
|
REPO: ${{ needs.rebuild-info.outputs.repo }}
|
||
|
PRODUCT_EDITION: ${{ matrix.edition }}
|
||
|
run: |
|
||
|
set -eux
|
||
|
export PULL_TAG=${VERSION}
|
||
|
export TAG=${VERSION%.*}.${RELEASE_NUMBER}
|
||
|
export SHORTER_TAG=${VERSION%.*}
|
||
|
export SHORTEST_TAG=${VERSION%.*.*}
|
||
|
|
||
|
if [ "${REPO}" == "stable" ]; then
|
||
|
MINOR_TAGS=(${MINOR_TAGS_ST})
|
||
|
for v in ${MINOR_TAGS[@]}; do
|
||
|
if [ "${SHORTER_TAG}" == "${v}" ]; then
|
||
|
export PUSH_MAJOR="true"
|
||
|
fi
|
||
|
done
|
||
|
if [ "${SHORTER_TAG}" == "${MINOR_TAGS[0]}" ]; then
|
||
|
export LATEST="true"
|
||
|
fi
|
||
|
fi
|
||
|
docker buildx bake -f docker-bake.hcl documentserver-stable-rebuild --push
|
||
|
shell: bash
|
||
|
re-build-ucs:
|
||
|
name: "Rebuild ucs: ${{ matrix.version }} ${{ matrix.edition }}"
|
||
|
if: needs.rebuild-info.outputs.ucs-rebuild-condition == 'true'
|
||
|
needs: [rebuild-info]
|
||
|
runs-on: ubuntu-latest
|
||
|
strategy:
|
||
|
fail-fast: false
|
||
|
matrix:
|
||
|
type: ["ucs"]
|
||
|
edition: ["", "-ee"]
|
||
|
version: ${{fromJSON(needs.rebuild-info.outputs.ucs-versions)}}
|
||
|
steps:
|
||
|
- name: Checkout code
|
||
|
uses: actions/checkout@v3
|
||
|
- name: Set up QEMU
|
||
|
uses: docker/setup-qemu-action@v2
|
||
|
- name: Set up Docker Buildx
|
||
|
uses: docker/setup-buildx-action@v2
|
||
|
- name: Login to Docker Hub
|
||
|
uses: docker/login-action@v2
|
||
|
with:
|
||
|
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||
|
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
|
||
|
# Determines the new build number based
|
||
|
# on data from the hub.docker registry
|
||
|
- name: Declare release number
|
||
|
id: release-number
|
||
|
env:
|
||
|
REBUILD_VERSION: ${{ matrix.version }}
|
||
|
run: |
|
||
|
MINOR_VERSION=${REBUILD_VERSION%.*}
|
||
|
LAST_RELEASE=$(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 \
|
||
|
| jq -r '.results|.[]|.name' | grep -Eo -m1 "${MINOR_VERSION}.[0-9]{1,}")
|
||
|
LAST_RELEASE=${LAST_RELEASE#*.*.*.}
|
||
|
echo "release-number=$((LAST_RELEASE+1))" >> "$GITHUB_OUTPUT"
|
||
|
shell: bash
|
||
|
# Note: Rebuilding images with an
|
||
|
# extra layer to update security and
|
||
|
# all dependencies. Update tags +1 to previous release.
|
||
|
- name: Re-build documentserver-ucs
|
||
|
env:
|
||
|
VERSION: ${{ matrix.version }}
|
||
|
RELEASE_NUMBER: ${{ steps.release-number.outputs.release-number }}
|
||
|
PRODUCT_EDITION: ${{ matrix.edition }}
|
||
|
run: |
|
||
|
set -eux
|
||
|
export PULL_TAG=${VERSION}
|
||
|
export TAG=${VERSION%.*}.${RELEASE_NUMBER}
|
||
|
export SHORTER_TAG=${VERSION%.*}
|
||
|
export SHORTEST_TAG=${VERSION%.*.*}
|
||
|
|
||
|
export UCS_REBUILD=true
|
||
|
export UCS_PREFIX=-ucs
|
||
|
|
||
|
docker buildx bake -f docker-bake.hcl documentserver-stable-rebuild --push
|
||
|
shell: bash
|