Merge branch hotfix/v7.4.1 into develop
This commit is contained in:
commit
4bc4f62720
6 changed files with 296 additions and 10 deletions
22
.github/workflows/cron-rebuild-trigger.yml
vendored
Normal file
22
.github/workflows/cron-rebuild-trigger.yml
vendored
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
---
|
||||||
|
name: Trigger 4testing rebuild
|
||||||
|
|
||||||
|
run-name: "Weekly 4testing rebuild trigger"
|
||||||
|
|
||||||
|
on:
|
||||||
|
schedule:
|
||||||
|
# Run every Saturday at 10 p.m.
|
||||||
|
- cron: '00 22 * * 6'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
trigger-rebuild:
|
||||||
|
name: "trigget-rebuild"
|
||||||
|
runs-on: "ubuntu-latest"
|
||||||
|
steps:
|
||||||
|
- name: Rebuild 4testing manualy
|
||||||
|
env:
|
||||||
|
GITHUB_TOKEN: ${{ secrets.TOKEN }}
|
||||||
|
run: |
|
||||||
|
gh workflow run rebuild.yml \
|
||||||
|
--repo ONLYOFFICE/Docker-DocumentServer \
|
||||||
|
-f repo=4test
|
224
.github/workflows/rebuild.yml
vendored
Normal file
224
.github/workflows/rebuild.yml
vendored
Normal file
|
@ -0,0 +1,224 @@
|
||||||
|
---
|
||||||
|
name: Rebuild Docker-Documentserver
|
||||||
|
|
||||||
|
run-name: >
|
||||||
|
Rebuild DocumentServer with secure updates for repo: ${{ github.event.inputs.repo }}
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_dispatch:
|
||||||
|
inputs:
|
||||||
|
repo:
|
||||||
|
type: choice
|
||||||
|
description: Please, choose upload repo..
|
||||||
|
options:
|
||||||
|
- '4test'
|
||||||
|
- 'stable'
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
# All other permissions are set to none
|
||||||
|
contents: read
|
||||||
|
# Technically read access while waiting for images should be more than enough. However,
|
||||||
|
# there is a bug in GitHub Actions/Packages and in case private repositories are used, you get a permission
|
||||||
|
# denied error when attempting to just pull private image, changing the token permission to write solves the
|
||||||
|
# issue. This is not dangerous, because if it is for "ONLYOFFICE/Docker-DocumentServer", only maintainers can use ds-rebuild.yaml
|
||||||
|
# If it is for a fork, then the token is read-only anyway.
|
||||||
|
packages: read
|
||||||
|
|
||||||
|
env:
|
||||||
|
COMPANY_NAME: "onlyoffice"
|
||||||
|
PRODUCT_NAME: "documentserver"
|
||||||
|
REGISTRY_URL: "https://hub.docker.com/v2/repositories"
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
rebuild-info:
|
||||||
|
name: "Rebuild-info"
|
||||||
|
runs-on: "ubuntu-22.04"
|
||||||
|
env:
|
||||||
|
REPO_INPUTS: ${{ github.event.inputs.repo }}
|
||||||
|
EVENT: ${{ github.event_name }}
|
||||||
|
outputs:
|
||||||
|
stable-versions: ${{ steps.selective-checks.outputs.stable-versions }}
|
||||||
|
ucs-versions: ${{ steps.selective-checks.outputs.ucs-versions }}
|
||||||
|
minor-tags: ${{ steps.selective-checks.outputs.minor-tags }}
|
||||||
|
ucs-rebuild-condition: ${{ steps.selective-checks.outputs.ucs-rebuild-condition }}
|
||||||
|
prefix-name: ${{ steps.selective-checks.outputs.prefix-name }}
|
||||||
|
repo: ${{ steps.selective-checks.outputs.repo }}
|
||||||
|
steps:
|
||||||
|
- name: Selective checks
|
||||||
|
id: selective-checks
|
||||||
|
run: |
|
||||||
|
set -e
|
||||||
|
|
||||||
|
REPO=${REPO_INPUTS:-"4test"}
|
||||||
|
|
||||||
|
if [ "${REPO}" == "stable" ]; then
|
||||||
|
UCS_REBUILD=true
|
||||||
|
UCS_VERSIONS=($(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}-ucs/tags/?page_size=100 | \
|
||||||
|
jq -r '.results|.[]|.name' | grep -oxE '[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.1' || true))
|
||||||
|
echo "ucs-versions=$(jq -c -n '$ARGS.positional' --args "${UCS_VERSIONS[@]}")" >> "$GITHUB_OUTPUT"
|
||||||
|
elif
|
||||||
|
[ "${REPO}" == "4test" ]; then
|
||||||
|
UCS_REBUILD=false
|
||||||
|
PREFIX_NAME=4testing-
|
||||||
|
fi
|
||||||
|
|
||||||
|
STABLE_VERSIONS=($(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 | \
|
||||||
|
jq -r '.results|.[]|.name' | grep -oxE '[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.1' || true))
|
||||||
|
|
||||||
|
# When rebuilding stable versions of the document server,
|
||||||
|
# it is necessary to determine the version from which the
|
||||||
|
# minor x.x tag will need to be pushed.
|
||||||
|
|
||||||
|
VERSIONS=(${STABLE_VERSIONS[@]})
|
||||||
|
for i in {1..10}; do
|
||||||
|
if [ -z "${VERSIONS}" ]; then
|
||||||
|
break
|
||||||
|
else
|
||||||
|
TEMPLATE=${VERSIONS[0]%.*.*}
|
||||||
|
TEMPLATE_MINOR=$(printf -- '%s\n' "${VERSIONS[@]}" | grep -o -m 1 "${VERSIONS[0]%.*.*}.[0-9].[0-9]")
|
||||||
|
MINOR_TAGS+=(${TEMPLATE_MINOR%.*})
|
||||||
|
|
||||||
|
for v in ${MINOR_TAGS[@]}; do
|
||||||
|
VERSIONS=(${VERSIONS[@]//${v%.*}.*.*})
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "Stable releases that will be rebuilded"
|
||||||
|
echo "--------------------------------------"
|
||||||
|
echo "${STABLE_VERSIONS[@]}"
|
||||||
|
echo
|
||||||
|
echo
|
||||||
|
echo "Ucs releases that will be rebuilded"
|
||||||
|
echo "-----------------------------------"
|
||||||
|
echo "${UCS_VERSIONS[@]}"
|
||||||
|
|
||||||
|
echo "stable-versions=$(jq -c -n '$ARGS.positional' --args "${STABLE_VERSIONS[@]}")" >> "$GITHUB_OUTPUT"
|
||||||
|
echo "minor-tags=${MINOR_TAGS[@]}" >> "$GITHUB_OUTPUT"
|
||||||
|
echo "ucs-rebuild-condition=${UCS_REBUILD}" >> "$GITHUB_OUTPUT"
|
||||||
|
echo "prefix-name=${PREFIX_NAME}" >> "$GITHUB_OUTPUT"
|
||||||
|
echo "repo=${REPO}" >> "$GITHUB_OUTPUT"
|
||||||
|
shell: bash
|
||||||
|
|
||||||
|
re-build-stable:
|
||||||
|
name: "Rebuild stable:${{ matrix.version }} ${{ matrix.edition }}"
|
||||||
|
needs: [rebuild-info]
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
strategy:
|
||||||
|
fail-fast: false
|
||||||
|
matrix:
|
||||||
|
type: ["stable"]
|
||||||
|
edition: ["", "-ee", "-de"]
|
||||||
|
version: ${{fromJSON(needs.rebuild-info.outputs.stable-versions)}}
|
||||||
|
steps:
|
||||||
|
- name: Checkout code
|
||||||
|
uses: actions/checkout@v3
|
||||||
|
- name: Set up QEMU
|
||||||
|
uses: docker/setup-qemu-action@v2
|
||||||
|
- name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v2
|
||||||
|
- name: Login to Docker Hub
|
||||||
|
uses: docker/login-action@v2
|
||||||
|
with:
|
||||||
|
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||||||
|
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
|
||||||
|
# Determines the new build number based
|
||||||
|
# on data from the hub.docker registry
|
||||||
|
- name: Declare release number
|
||||||
|
id: release-number
|
||||||
|
env:
|
||||||
|
REBUILD_VERSION: ${{ matrix.version }}
|
||||||
|
run: |
|
||||||
|
MINOR_VERSION=${REBUILD_VERSION%.*}
|
||||||
|
LAST_RELEASE=$(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 \
|
||||||
|
| jq -r '.results|.[]|.name' | grep -Eo -m1 "${MINOR_VERSION}.[0-9]{1,}")
|
||||||
|
LAST_RELEASE=${LAST_RELEASE#*.*.*.}
|
||||||
|
echo "release-number=$((LAST_RELEASE+1))" >> "$GITHUB_OUTPUT"
|
||||||
|
shell: bash
|
||||||
|
# Note: Rebuilding images with an
|
||||||
|
# extra layer to update security and
|
||||||
|
# all dependencies. Update tags got +1 to previous release.
|
||||||
|
- name: Re-build documentserver-stable
|
||||||
|
env:
|
||||||
|
MINOR_TAGS_ST: ${{ needs.rebuild-info.outputs.minor-tags }}
|
||||||
|
VERSION: ${{ matrix.version }}
|
||||||
|
RELEASE_NUMBER: ${{ steps.release-number.outputs.release-number }}
|
||||||
|
PREFIX_NAME: ${{ needs.rebuild-info.outputs.prefix-name }}
|
||||||
|
REPO: ${{ needs.rebuild-info.outputs.repo }}
|
||||||
|
PRODUCT_EDITION: ${{ matrix.edition }}
|
||||||
|
run: |
|
||||||
|
set -eux
|
||||||
|
export PULL_TAG=${VERSION}
|
||||||
|
export TAG=${VERSION%.*}.${RELEASE_NUMBER}
|
||||||
|
export SHORTER_TAG=${VERSION%.*}
|
||||||
|
export SHORTEST_TAG=${VERSION%.*.*}
|
||||||
|
|
||||||
|
if [ "${REPO}" == "stable" ]; then
|
||||||
|
MINOR_TAGS=(${MINOR_TAGS_ST})
|
||||||
|
for v in ${MINOR_TAGS[@]}; do
|
||||||
|
if [ "${SHORTER_TAG}" == "${v}" ]; then
|
||||||
|
export PUSH_MAJOR="true"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
if [ "${SHORTER_TAG}" == "${MINOR_TAGS[0]}" ]; then
|
||||||
|
export LATEST="true"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
docker buildx bake -f docker-bake.hcl documentserver-stable-rebuild --push
|
||||||
|
shell: bash
|
||||||
|
re-build-ucs:
|
||||||
|
name: "Rebuild ucs: ${{ matrix.version }} ${{ matrix.edition }}"
|
||||||
|
if: needs.rebuild-info.outputs.ucs-rebuild-condition == 'true'
|
||||||
|
needs: [rebuild-info]
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
strategy:
|
||||||
|
fail-fast: false
|
||||||
|
matrix:
|
||||||
|
type: ["ucs"]
|
||||||
|
edition: ["", "-ee"]
|
||||||
|
version: ${{fromJSON(needs.rebuild-info.outputs.ucs-versions)}}
|
||||||
|
steps:
|
||||||
|
- name: Checkout code
|
||||||
|
uses: actions/checkout@v3
|
||||||
|
- name: Set up QEMU
|
||||||
|
uses: docker/setup-qemu-action@v2
|
||||||
|
- name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v2
|
||||||
|
- name: Login to Docker Hub
|
||||||
|
uses: docker/login-action@v2
|
||||||
|
with:
|
||||||
|
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||||||
|
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
|
||||||
|
# Determines the new build number based
|
||||||
|
# on data from the hub.docker registry
|
||||||
|
- name: Declare release number
|
||||||
|
id: release-number
|
||||||
|
env:
|
||||||
|
REBUILD_VERSION: ${{ matrix.version }}
|
||||||
|
run: |
|
||||||
|
MINOR_VERSION=${REBUILD_VERSION%.*}
|
||||||
|
LAST_RELEASE=$(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 \
|
||||||
|
| jq -r '.results|.[]|.name' | grep -Eo -m1 "${MINOR_VERSION}.[0-9]{1,}")
|
||||||
|
LAST_RELEASE=${LAST_RELEASE#*.*.*.}
|
||||||
|
echo "release-number=$((LAST_RELEASE+1))" >> "$GITHUB_OUTPUT"
|
||||||
|
shell: bash
|
||||||
|
# Note: Rebuilding images with an
|
||||||
|
# extra layer to update security and
|
||||||
|
# all dependencies. Update tags +1 to previous release.
|
||||||
|
- name: Re-build documentserver-ucs
|
||||||
|
env:
|
||||||
|
VERSION: ${{ matrix.version }}
|
||||||
|
RELEASE_NUMBER: ${{ steps.release-number.outputs.release-number }}
|
||||||
|
PRODUCT_EDITION: ${{ matrix.edition }}
|
||||||
|
run: |
|
||||||
|
set -eux
|
||||||
|
export PULL_TAG=${VERSION}
|
||||||
|
export TAG=${VERSION%.*}.${RELEASE_NUMBER}
|
||||||
|
export SHORTER_TAG=${VERSION%.*}
|
||||||
|
export SHORTEST_TAG=${VERSION%.*.*}
|
||||||
|
|
||||||
|
export UCS_REBUILD=true
|
||||||
|
export UCS_PREFIX=-ucs
|
||||||
|
|
||||||
|
docker buildx bake -f docker-bake.hcl documentserver-stable-rebuild --push
|
||||||
|
shell: bash
|
|
@ -66,7 +66,8 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
|
||||||
service nginx stop && \
|
service nginx stop && \
|
||||||
rm -rf /var/lib/apt/lists/*
|
rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
COPY config /app/ds/setup/config/
|
COPY config/supervisor/supervisor /etc/init.d/
|
||||||
|
COPY config/supervisor/ds/*.conf /etc/supervisor/conf.d/
|
||||||
COPY run-document-server.sh /app/ds/run-document-server.sh
|
COPY run-document-server.sh /app/ds/run-document-server.sh
|
||||||
|
|
||||||
EXPOSE 80 443
|
EXPOSE 80 443
|
||||||
|
@ -89,6 +90,8 @@ RUN PACKAGE_FILE="${COMPANY_NAME}-${PRODUCT_NAME}${PRODUCT_EDITION}${PACKAGE_VER
|
||||||
service postgresql start && \
|
service postgresql start && \
|
||||||
apt-get -yq install /tmp/$PACKAGE_FILE && \
|
apt-get -yq install /tmp/$PACKAGE_FILE && \
|
||||||
service postgresql stop && \
|
service postgresql stop && \
|
||||||
|
chmod 755 /etc/init.d/supervisor && \
|
||||||
|
sed "s/COMPANY_NAME/${COMPANY_NAME}/g" -i /etc/supervisor/conf.d/*.conf && \
|
||||||
service supervisor stop && \
|
service supervisor stop && \
|
||||||
chmod 755 /app/ds/*.sh && \
|
chmod 755 /app/ds/*.sh && \
|
||||||
rm -f /tmp/$PACKAGE_FILE && \
|
rm -f /tmp/$PACKAGE_FILE && \
|
||||||
|
|
|
@ -54,6 +54,14 @@ variable "BUILD_CHANNEL" {
|
||||||
default = ""
|
default = ""
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "PUSH_MAJOR" {
|
||||||
|
default = "false"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "LATEST" {
|
||||||
|
default = "false"
|
||||||
|
}
|
||||||
|
|
||||||
### ↓ Variables for UCS build ↓
|
### ↓ Variables for UCS build ↓
|
||||||
|
|
||||||
variable "BASE_IMAGE" {
|
variable "BASE_IMAGE" {
|
||||||
|
@ -64,6 +72,14 @@ variable "PG_VERSION" {
|
||||||
default = ""
|
default = ""
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "UCS_REBUILD" {
|
||||||
|
default = ""
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "UCS_PREFIX" {
|
||||||
|
default = ""
|
||||||
|
}
|
||||||
|
|
||||||
### ↑ Variables for UCS build ↑
|
### ↑ Variables for UCS build ↑
|
||||||
|
|
||||||
target "documentserver" {
|
target "documentserver" {
|
||||||
|
@ -131,3 +147,23 @@ target "documentserver-nonexample" {
|
||||||
"PRODUCT_EDITION": "${PRODUCT_EDITION}"
|
"PRODUCT_EDITION": "${PRODUCT_EDITION}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
target "documentserver-stable-rebuild" {
|
||||||
|
target = "documentserver-stable-rebuild"
|
||||||
|
dockerfile = "production.dockerfile"
|
||||||
|
tags = equal("true",UCS_REBUILD) ? ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}-ucs:${TAG}",] : [
|
||||||
|
"docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
|
||||||
|
equal("",PREFIX_NAME) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTER_TAG}": "",
|
||||||
|
equal("true",PUSH_MAJOR) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTEST_TAG}": "",
|
||||||
|
equal("",PREFIX_NAME) && equal("true",LATEST) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest": "",
|
||||||
|
equal("-ee",PRODUCT_EDITION) && equal("",PREFIX_NAME) ? "docker.io/${COMPANY_NAME}4enterprise/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}": "",
|
||||||
|
]
|
||||||
|
platforms = ["linux/amd64", "linux/arm64"]
|
||||||
|
args = {
|
||||||
|
"UCS_PREFIX": "${UCS_PREFIX}"
|
||||||
|
"PULL_TAG": "${PULL_TAG}"
|
||||||
|
"COMPANY_NAME": "${COMPANY_NAME}"
|
||||||
|
"PRODUCT_NAME": "${PRODUCT_NAME}"
|
||||||
|
"PRODUCT_EDITION": "${PRODUCT_EDITION}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -2,11 +2,20 @@
|
||||||
ARG PULL_TAG=latest
|
ARG PULL_TAG=latest
|
||||||
ARG COMPANY_NAME=onlyoffice
|
ARG COMPANY_NAME=onlyoffice
|
||||||
ARG PRODUCT_EDITION=
|
ARG PRODUCT_EDITION=
|
||||||
|
### Rebuild arguments
|
||||||
|
ARG UCS_PREFIX=
|
||||||
|
ARG IMAGE=${COMPANY_NAME}/documentserver${PRODUCT_EDITION}${UCS_PREFIX}:${PULL_TAG}
|
||||||
|
|
||||||
### Build main-release ###
|
### Build main-release ###
|
||||||
|
|
||||||
FROM ${COMPANY_NAME}/4testing-documentserver${PRODUCT_EDITION}:${PULL_TAG} as documentserver-stable
|
FROM ${COMPANY_NAME}/4testing-documentserver${PRODUCT_EDITION}:${PULL_TAG} as documentserver-stable
|
||||||
|
|
||||||
|
### Rebuild stable images with secure updates
|
||||||
|
FROM ${IMAGE} as documentserver-stable-rebuild
|
||||||
|
RUN echo "This is rebuild" \
|
||||||
|
&& apt-get update -y \
|
||||||
|
&& apt-get upgrade -y
|
||||||
|
|
||||||
### Build nonexample ###
|
### Build nonexample ###
|
||||||
|
|
||||||
FROM ${COMPANY_NAME}/documentserver${PRODUCT_EDITION}:${PULL_TAG} as documentserver-nonexample
|
FROM ${COMPANY_NAME}/documentserver${PRODUCT_EDITION}:${PULL_TAG} as documentserver-nonexample
|
||||||
|
|
|
@ -499,13 +499,6 @@ update_nginx_settings(){
|
||||||
documentserver-update-securelink.sh -s ${SECURE_LINK_SECRET:-$(pwgen -s 20)} -r false
|
documentserver-update-securelink.sh -s ${SECURE_LINK_SECRET:-$(pwgen -s 20)} -r false
|
||||||
}
|
}
|
||||||
|
|
||||||
update_supervisor_settings(){
|
|
||||||
# Copy modified supervisor start script
|
|
||||||
cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisor /etc/init.d/
|
|
||||||
sed "s/COMPANY_NAME/${COMPANY_NAME}/g" -i ${SYSCONF_TEMPLATES_DIR}/supervisor/ds/*.conf
|
|
||||||
cp ${SYSCONF_TEMPLATES_DIR}/supervisor/ds/*.conf /etc/supervisor/conf.d/
|
|
||||||
}
|
|
||||||
|
|
||||||
update_log_settings(){
|
update_log_settings(){
|
||||||
${JSON_LOG} -I -e "this.categories.default.level = '${DS_LOG_LEVEL}'"
|
${JSON_LOG} -I -e "this.categories.default.level = '${DS_LOG_LEVEL}'"
|
||||||
}
|
}
|
||||||
|
@ -632,7 +625,6 @@ if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then
|
||||||
|
|
||||||
update_nginx_settings
|
update_nginx_settings
|
||||||
|
|
||||||
update_supervisor_settings
|
|
||||||
service supervisor start
|
service supervisor start
|
||||||
|
|
||||||
# start cron to enable log rotating
|
# start cron to enable log rotating
|
||||||
|
|
Loading…
Reference in a new issue