9400eedc06
* Add the ability to rebuild images Rebuilding images will be done manually (for now). The choice of the number of rebuilt releases is available (1 by default), the choice of repositories for pushing rebuilt images is available (4testing by default). Principle of operation: Through the api of the docker hub, we get the last launched tag that falls under the pattern x.x.x.1, after that the tag with the assembly of which the minor tag x.x will be sent will be calculated. Next, at one of the build steps, the number of the previous release will be received, for example x. x.x.4 which will mean that the current one will be x.x.x.5 * Add login to dockerhub * Refactoring code Set some variables for all rebuild-info job. Also set default values for repository and quantity variables * Refactor: remove push trigger * Refactoring code * Refactor: Unlinking a version * Submitting the latest tag for the latest release only
224 lines
9 KiB
YAML
224 lines
9 KiB
YAML
---
|
|
name: Rebuild Docker-Documentserver
|
|
|
|
run-name: >
|
|
Rebuild DocumentServer with secure updates for repo: ${{ github.event.inputs.repo }}
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
repo:
|
|
type: choice
|
|
description: Please, choose upload repo..
|
|
options:
|
|
- '4test'
|
|
- 'stable'
|
|
|
|
permissions:
|
|
# All other permissions are set to none
|
|
contents: read
|
|
# Technically read access while waiting for images should be more than enough. However,
|
|
# there is a bug in GitHub Actions/Packages and in case private repositories are used, you get a permission
|
|
# denied error when attempting to just pull private image, changing the token permission to write solves the
|
|
# issue. This is not dangerous, because if it is for "ONLYOFFICE/Docker-DocumentServer", only maintainers can use ds-rebuild.yaml
|
|
# If it is for a fork, then the token is read-only anyway.
|
|
packages: read
|
|
|
|
env:
|
|
COMPANY_NAME: "onlyoffice"
|
|
PRODUCT_NAME: "documentserver"
|
|
REGISTRY_URL: "https://hub.docker.com/v2/repositories"
|
|
|
|
jobs:
|
|
rebuild-info:
|
|
name: "Rebuild-info"
|
|
runs-on: "ubuntu-22.04"
|
|
env:
|
|
REPO_INPUTS: ${{ github.event.inputs.repo }}
|
|
EVENT: ${{ github.event_name }}
|
|
outputs:
|
|
stable-versions: ${{ steps.selective-checks.outputs.stable-versions }}
|
|
ucs-versions: ${{ steps.selective-checks.outputs.ucs-versions }}
|
|
minor-tags: ${{ steps.selective-checks.outputs.minor-tags }}
|
|
ucs-rebuild-condition: ${{ steps.selective-checks.outputs.ucs-rebuild-condition }}
|
|
prefix-name: ${{ steps.selective-checks.outputs.prefix-name }}
|
|
repo: ${{ steps.selective-checks.outputs.repo }}
|
|
steps:
|
|
- name: Selective checks
|
|
id: selective-checks
|
|
run: |
|
|
set -e
|
|
|
|
REPO=${REPO_INPUTS:-"4test"}
|
|
|
|
if [ "${REPO}" == "stable" ]; then
|
|
UCS_REBUILD=true
|
|
UCS_VERSIONS=($(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}-ucs/tags/?page_size=100 | \
|
|
jq -r '.results|.[]|.name' | grep -oxE '[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.1' || true))
|
|
echo "ucs-versions=$(jq -c -n '$ARGS.positional' --args "${UCS_VERSIONS[@]}")" >> "$GITHUB_OUTPUT"
|
|
elif
|
|
[ "${REPO}" == "4test" ]; then
|
|
UCS_REBUILD=false
|
|
PREFIX_NAME=4testing-
|
|
fi
|
|
|
|
STABLE_VERSIONS=($(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 | \
|
|
jq -r '.results|.[]|.name' | grep -oxE '[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.1' || true))
|
|
|
|
# When rebuilding stable versions of the document server,
|
|
# it is necessary to determine the version from which the
|
|
# minor x.x tag will need to be pushed.
|
|
|
|
VERSIONS=(${STABLE_VERSIONS[@]})
|
|
for i in {1..10}; do
|
|
if [ -z "${VERSIONS}" ]; then
|
|
break
|
|
else
|
|
TEMPLATE=${VERSIONS[0]%.*.*}
|
|
TEMPLATE_MINOR=$(printf -- '%s\n' "${VERSIONS[@]}" | grep -o -m 1 "${VERSIONS[0]%.*.*}.[0-9].[0-9]")
|
|
MINOR_TAGS+=(${TEMPLATE_MINOR%.*})
|
|
|
|
for v in ${MINOR_TAGS[@]}; do
|
|
VERSIONS=(${VERSIONS[@]//${v%.*}.*.*})
|
|
done
|
|
fi
|
|
done
|
|
|
|
echo "Stable releases that will be rebuilded"
|
|
echo "--------------------------------------"
|
|
echo "${STABLE_VERSIONS[@]}"
|
|
echo
|
|
echo
|
|
echo "Ucs releases that will be rebuilded"
|
|
echo "-----------------------------------"
|
|
echo "${UCS_VERSIONS[@]}"
|
|
|
|
echo "stable-versions=$(jq -c -n '$ARGS.positional' --args "${STABLE_VERSIONS[@]}")" >> "$GITHUB_OUTPUT"
|
|
echo "minor-tags=${MINOR_TAGS[@]}" >> "$GITHUB_OUTPUT"
|
|
echo "ucs-rebuild-condition=${UCS_REBUILD}" >> "$GITHUB_OUTPUT"
|
|
echo "prefix-name=${PREFIX_NAME}" >> "$GITHUB_OUTPUT"
|
|
echo "repo=${REPO}" >> "$GITHUB_OUTPUT"
|
|
shell: bash
|
|
|
|
re-build-stable:
|
|
name: "Rebuild stable:${{ matrix.version }} ${{ matrix.edition }}"
|
|
needs: [rebuild-info]
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
type: ["stable"]
|
|
edition: ["", "-ee", "-de"]
|
|
version: ${{fromJSON(needs.rebuild-info.outputs.stable-versions)}}
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v2
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v2
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@v2
|
|
with:
|
|
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
|
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
|
|
# Determines the new build number based
|
|
# on data from the hub.docker registry
|
|
- name: Declare release number
|
|
id: release-number
|
|
env:
|
|
REBUILD_VERSION: ${{ matrix.version }}
|
|
run: |
|
|
MINOR_VERSION=${REBUILD_VERSION%.*}
|
|
LAST_RELEASE=$(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 \
|
|
| jq -r '.results|.[]|.name' | grep -Eo -m1 "${MINOR_VERSION}.[0-9]{1,}")
|
|
LAST_RELEASE=${LAST_RELEASE#*.*.*.}
|
|
echo "release-number=$((LAST_RELEASE+1))" >> "$GITHUB_OUTPUT"
|
|
shell: bash
|
|
# Note: Rebuilding images with an
|
|
# extra layer to update security and
|
|
# all dependencies. Update tags got +1 to previous release.
|
|
- name: Re-build documentserver-stable
|
|
env:
|
|
MINOR_TAGS_ST: ${{ needs.rebuild-info.outputs.minor-tags }}
|
|
VERSION: ${{ matrix.version }}
|
|
RELEASE_NUMBER: ${{ steps.release-number.outputs.release-number }}
|
|
PREFIX_NAME: ${{ needs.rebuild-info.outputs.prefix-name }}
|
|
REPO: ${{ needs.rebuild-info.outputs.repo }}
|
|
PRODUCT_EDITION: ${{ matrix.edition }}
|
|
run: |
|
|
set -eux
|
|
export PULL_TAG=${VERSION}
|
|
export TAG=${VERSION%.*}.${RELEASE_NUMBER}
|
|
export SHORTER_TAG=${VERSION%.*}
|
|
export SHORTEST_TAG=${VERSION%.*.*}
|
|
|
|
if [ "${REPO}" == "stable" ]; then
|
|
MINOR_TAGS=(${MINOR_TAGS_ST})
|
|
for v in ${MINOR_TAGS[@]}; do
|
|
if [ "${SHORTER_TAG}" == "${v}" ]; then
|
|
export PUSH_MAJOR="true"
|
|
fi
|
|
done
|
|
if [ "${SHORTER_TAG}" == "${MINOR_TAGS[0]}" ]; then
|
|
export LATEST="true"
|
|
fi
|
|
fi
|
|
docker buildx bake -f docker-bake.hcl documentserver-stable-rebuild --push
|
|
shell: bash
|
|
re-build-ucs:
|
|
name: "Rebuild ucs: ${{ matrix.version }} ${{ matrix.edition }}"
|
|
if: needs.rebuild-info.outputs.ucs-rebuild-condition == 'true'
|
|
needs: [rebuild-info]
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
type: ["ucs"]
|
|
edition: ["", "-ee"]
|
|
version: ${{fromJSON(needs.rebuild-info.outputs.ucs-versions)}}
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v2
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v2
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@v2
|
|
with:
|
|
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
|
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
|
|
# Determines the new build number based
|
|
# on data from the hub.docker registry
|
|
- name: Declare release number
|
|
id: release-number
|
|
env:
|
|
REBUILD_VERSION: ${{ matrix.version }}
|
|
run: |
|
|
MINOR_VERSION=${REBUILD_VERSION%.*}
|
|
LAST_RELEASE=$(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 \
|
|
| jq -r '.results|.[]|.name' | grep -Eo -m1 "${MINOR_VERSION}.[0-9]{1,}")
|
|
LAST_RELEASE=${LAST_RELEASE#*.*.*.}
|
|
echo "release-number=$((LAST_RELEASE+1))" >> "$GITHUB_OUTPUT"
|
|
shell: bash
|
|
# Note: Rebuilding images with an
|
|
# extra layer to update security and
|
|
# all dependencies. Update tags +1 to previous release.
|
|
- name: Re-build documentserver-ucs
|
|
env:
|
|
VERSION: ${{ matrix.version }}
|
|
RELEASE_NUMBER: ${{ steps.release-number.outputs.release-number }}
|
|
PRODUCT_EDITION: ${{ matrix.edition }}
|
|
run: |
|
|
set -eux
|
|
export PULL_TAG=${VERSION}
|
|
export TAG=${VERSION%.*}.${RELEASE_NUMBER}
|
|
export SHORTER_TAG=${VERSION%.*}
|
|
export SHORTEST_TAG=${VERSION%.*.*}
|
|
|
|
export UCS_REBUILD=true
|
|
export UCS_PREFIX=-ucs
|
|
|
|
docker buildx bake -f docker-bake.hcl documentserver-stable-rebuild --push
|
|
shell: bash
|