diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml index 5a16a553..4605567e 100644 --- a/.github/workflows/external_trigger.yml +++ b/.github/workflows/external_trigger.yml @@ -11,18 +11,23 @@ jobs: - name: External Trigger if: github.ref == 'refs/heads/master' + env: + SKIP_EXTERNAL_TRIGGER: ${{ vars.SKIP_EXTERNAL_TRIGGER }} run: | - if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER }}" ]; then - echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER is set; skipping trigger. ****" - echo "Github secret \`PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY + printf "# External trigger for docker-swag\n\n" >> $GITHUB_STEP_SUMMARY + if grep -q "^swag_master" <<< "${SKIP_EXTERNAL_TRIGGER}"; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` contains \`swag_master\`; skipping trigger." >> $GITHUB_STEP_SUMMARY exit 0 fi - echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\". ****" - echo "External trigger running off of master branch. To disable this trigger, set a Github secret named \`PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\`" >> $GITHUB_STEP_SUMMARY - echo "**** Retrieving external version ****" + echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY + echo "> External trigger running off of master branch. To disable this trigger, add \`swag_master\` into the Github organizational variable \`SKIP_EXTERNAL_TRIGGER\`." >> $GITHUB_STEP_SUMMARY + printf "\n## Retrieving external version\n\n" >> $GITHUB_STEP_SUMMARY EXT_RELEASE=$(curl -sL "https://pypi.python.org/pypi/certbot/json" |jq -r '. | .info.version') + echo "Type is \`pip_version\`" >> $GITHUB_STEP_SUMMARY if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then - echo "**** Can't retrieve external version, exiting ****" + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> Can't retrieve external version, exiting" >> $GITHUB_STEP_SUMMARY FAILURE_REASON="Can't retrieve external version for swag branch master" GHA_TRIGGER_URL="https://github.com/linuxserver/docker-swag/actions/runs/${{ github.run_id }}" curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680, @@ -31,9 +36,8 @@ jobs: exit 1 fi EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g') - echo "**** External version: ${EXT_RELEASE} ****" - echo "External version: ${EXT_RELEASE}" >> $GITHUB_STEP_SUMMARY - echo "**** Retrieving last pushed version ****" + echo "External version: \`${EXT_RELEASE}\`" >> $GITHUB_STEP_SUMMARY + echo "Retrieving last pushed version" >> $GITHUB_STEP_SUMMARY image="linuxserver/swag" tag="latest" token=$(curl -sX GET \ @@ -60,45 +64,54 @@ jobs: IMAGE_RELEASE=$(echo ${image_info} | jq -r '.Labels.build_version' | awk '{print $3}') IMAGE_VERSION=$(echo ${IMAGE_RELEASE} | awk -F'-ls' '{print $1}') if [ -z "${IMAGE_VERSION}" ]; then - echo "**** Can't retrieve last pushed version, exiting ****" + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "Can't retrieve last pushed version, exiting" >> $GITHUB_STEP_SUMMARY FAILURE_REASON="Can't retrieve last pushed version for swag tag latest" curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680, "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}], "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} exit 1 fi - echo "**** Last pushed version: ${IMAGE_VERSION} ****" - echo "Last pushed version: ${IMAGE_VERSION}" >> $GITHUB_STEP_SUMMARY + echo "Last pushed version: \`${IMAGE_VERSION}\`" >> $GITHUB_STEP_SUMMARY if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then - echo "**** Version ${EXT_RELEASE} already pushed, exiting ****" - echo "Version ${EXT_RELEASE} already pushed, exiting" >> $GITHUB_STEP_SUMMARY + echo "Version \`${EXT_RELEASE}\` already pushed, exiting" >> $GITHUB_STEP_SUMMARY exit 0 elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then - echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****" - echo "New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY + echo "New version \`${EXT_RELEASE}\` found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY exit 0 else - echo "**** New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build ****" - echo "New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build" >> $GITHUB_STEP_SUMMARY - response=$(curl -iX POST \ - https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=false \ - --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") - echo "**** Jenkins job queue url: ${response%$'\r'} ****" - echo "**** Sleeping 10 seconds until job starts ****" - sleep 10 - buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') - buildurl="${buildurl%$'\r'}" - echo "**** Jenkins job build url: ${buildurl} ****" - echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY - echo "**** Attempting to change the Jenkins job description ****" - curl -iX POST \ - "${buildurl}submitDescription" \ - --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \ - --data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ - --data-urlencode "Submit=Submit" - echo "**** Notifying Discord ****" - TRIGGER_REASON="A version change was detected for swag tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE}" - curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, - "description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}], - "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} + if [[ "${artifacts_found}" == "false" ]]; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> New version detected, but not all artifacts are published yet; skipping trigger" >> $GITHUB_STEP_SUMMARY + FAILURE_REASON="New version ${EXT_RELEASE} for swag tag latest is detected, however not all artifacts are uploaded to upstream release yet. Will try again later." + curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, + "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}], + "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} + else + printf "\n## Trigger new build\n\n" >> $GITHUB_STEP_SUMMARY + echo "New version \`${EXT_RELEASE}\` found; old version was \`${IMAGE_VERSION}\`. Triggering new build" >> $GITHUB_STEP_SUMMARY + if "${artifacts_found}" == "true" ]]; then + echo "All artifacts seem to be uploaded." >> $GITHUB_STEP_SUMMARY + fi + response=$(curl -iX POST \ + https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=false \ + --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") + echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY + echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY + sleep 10 + buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') + buildurl="${buildurl%$'\r'}" + echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY + echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY + curl -iX POST \ + "${buildurl}submitDescription" \ + --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \ + --data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ + --data-urlencode "Submit=Submit" + echo "**** Notifying Discord ****" + TRIGGER_REASON="A version change was detected for swag tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE}" + curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, + "description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}], + "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} + fi fi diff --git a/.github/workflows/external_trigger_scheduler.yml b/.github/workflows/external_trigger_scheduler.yml index 90c2a9c4..0a3b07ef 100644 --- a/.github/workflows/external_trigger_scheduler.yml +++ b/.github/workflows/external_trigger_scheduler.yml @@ -15,31 +15,31 @@ jobs: - name: External Trigger Scheduler run: | - echo "**** Branches found: ****" - git for-each-ref --format='%(refname:short)' refs/remotes - for br in $(git for-each-ref --format='%(refname:short)' refs/remotes) + printf "# External trigger scheduler for docker-swag\n\n" >> $GITHUB_STEP_SUMMARY + printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY + for br in $(git for-each-ref --format='%(refname:lstrip=3)' refs/remotes) do - br=$(echo "$br" | sed 's|origin/||g') - echo "**** Evaluating branch ${br} ****" + if [[ "${br}" == "HEAD" ]]; then + printf "\nSkipping %s.\n" ${br} >> $GITHUB_STEP_SUMMARY + continue + fi + printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY ls_jenkins_vars=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml) ls_branch=$(echo "${ls_jenkins_vars}" | yq -r '.ls_branch') ls_trigger=$(echo "${ls_jenkins_vars}" | yq -r '.external_type') if [[ "${br}" == "${ls_branch}" ]] && [[ "${ls_trigger}" != "os" ]]; then - echo "**** Branch ${br} appears to be live and trigger is not os; checking workflow. ****" + echo "Branch appears to be live and trigger is not os; checking workflow." >> $GITHUB_STEP_SUMMARY if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then - echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****." - echo "Triggering external trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY + echo "Triggering external trigger workflow for branch." >> $GITHUB_STEP_SUMMARY curl -iX POST \ -H "Authorization: token ${{ secrets.CR_PAT }}" \ -H "Accept: application/vnd.github.v3+json" \ -d "{\"ref\":\"refs/heads/${br}\"}" \ https://api.github.com/repos/linuxserver/docker-swag/actions/workflows/external_trigger.yml/dispatches else - echo "**** Workflow doesn't exist; skipping trigger. ****" - echo "Skipping branch ${br} due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY + echo "Skipping branch due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY fi else - echo "**** ${br} is either a dev branch, or has no external version; skipping trigger. ****" - echo "Skipping branch ${br} due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY + echo "Skipping branch due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY fi done diff --git a/.github/workflows/package_trigger.yml b/.github/workflows/package_trigger.yml deleted file mode 100644 index 7d00b7ec..00000000 --- a/.github/workflows/package_trigger.yml +++ /dev/null @@ -1,42 +0,0 @@ -name: Package Trigger Main - -on: - workflow_dispatch: - -jobs: - package-trigger-master: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4.1.1 - - - name: Package Trigger - if: github.ref == 'refs/heads/master' - run: | - if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_SWAG_MASTER }}" ]; then - echo "**** Github secret PAUSE_PACKAGE_TRIGGER_SWAG_MASTER is set; skipping trigger. ****" - echo "Github secret \`PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY - exit 0 - fi - if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then - echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****" - echo "There already seems to be an active build on Jenkins; skipping package trigger" >> $GITHUB_STEP_SUMMARY - exit 0 - fi - echo "**** Package trigger running off of master branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\". ****" - echo "Package trigger running off of master branch. To disable, set a Github secret named \`PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\`" >> $GITHUB_STEP_SUMMARY - response=$(curl -iX POST \ - https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=true \ - --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") - echo "**** Jenkins job queue url: ${response%$'\r'} ****" - echo "**** Sleeping 10 seconds until job starts ****" - sleep 10 - buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') - buildurl="${buildurl%$'\r'}" - echo "**** Jenkins job build url: ${buildurl} ****" - echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY - echo "**** Attempting to change the Jenkins job description ****" - curl -iX POST \ - "${buildurl}submitDescription" \ - --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \ - --data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ - --data-urlencode "Submit=Submit" diff --git a/.github/workflows/package_trigger_scheduler.yml b/.github/workflows/package_trigger_scheduler.yml index 5b8c24de..14e54d43 100644 --- a/.github/workflows/package_trigger_scheduler.yml +++ b/.github/workflows/package_trigger_scheduler.yml @@ -14,37 +14,69 @@ jobs: fetch-depth: '0' - name: Package Trigger Scheduler + env: + SKIP_PACKAGE_TRIGGER: ${{ vars.SKIP_PACKAGE_TRIGGER }} run: | - echo "**** Branches found: ****" - git for-each-ref --format='%(refname:short)' refs/remotes - for br in $(git for-each-ref --format='%(refname:short)' refs/remotes) + printf "# Package trigger scheduler for docker-swag\n\n" >> $GITHUB_STEP_SUMMARY + printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY + for br in $(git for-each-ref --format='%(refname:lstrip=3)' refs/remotes) do - br=$(echo "$br" | sed 's|origin/||g') - echo "**** Evaluating branch ${br} ****" - ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml | yq -r '.ls_branch') - if [ "${br}" == "${ls_branch}" ]; then - echo "**** Branch ${br} appears to be live; checking workflow. ****" - if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then - echo "**** Workflow exists. Triggering package trigger workflow for branch ${br}. ****" - echo "Triggering package trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY + if [[ "${br}" == "HEAD" ]]; then + printf "\nSkipping %s.\n" ${br} >> $GITHUB_STEP_SUMMARY + continue + fi + printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY + JENKINS_VARS=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml) + if [[ "${br}" == $(yq -r '.ls_branch' <<< "${JENKINS_VARS}") ]]; then + echo "Branch appears to be live; checking workflow." >> $GITHUB_STEP_SUMMARY + if [[ $(yq -r '.skip_package_check' <<< "${JENKINS_VARS}") == "true" ]]; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> Skipping branch ${br} due to \`skip_package_check\` being set in \`jenkins-vars.yml\`." >> $GITHUB_STEP_SUMMARY + skipped_branches="${skipped_branches}${br} " + elif grep -q "^swag_${br}" <<< "${SKIP_PACKAGE_TRIGGER}"; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> Github organizational variable \`SKIP_PACKAGE_TRIGGER\` contains \`swag_${br}\`; skipping trigger." >> $GITHUB_STEP_SUMMARY + skipped_branches="${skipped_branches}${br} " + elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/${br}/lastBuild/api/json | jq -r '.building') == "true" ]; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> There already seems to be an active build on Jenkins; skipping package trigger for ${br}" >> $GITHUB_STEP_SUMMARY + skipped_branches="${skipped_branches}${br} " + else + echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY + echo "> Triggering package trigger for branch ${br}" >> $GITHUB_STEP_SUMMARY + printf "> To disable, add \`swag_%s\` into the Github organizational variable \`SKIP_PACKAGE_TRIGGER\`.\n\n" "${br}" >> $GITHUB_STEP_SUMMARY triggered_branches="${triggered_branches}${br} " + response=$(curl -iX POST \ + https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/${br}/buildWithParameters?PACKAGE_CHECK=true \ + --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") + echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY + echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY + sleep 10 + buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') + buildurl="${buildurl%$'\r'}" + echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY + echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY curl -iX POST \ - -H "Authorization: token ${{ secrets.CR_PAT }}" \ - -H "Accept: application/vnd.github.v3+json" \ - -d "{\"ref\":\"refs/heads/${br}\"}" \ - https://api.github.com/repos/linuxserver/docker-swag/actions/workflows/package_trigger.yml/dispatches - sleep 30 - else - echo "**** Workflow doesn't exist; skipping trigger. ****" - echo "Skipping branch ${br} due to no package trigger workflow present." >> $GITHUB_STEP_SUMMARY + "${buildurl}submitDescription" \ + --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \ + --data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ + --data-urlencode "Submit=Submit" + sleep 20 fi else - echo "**** ${br} appears to be a dev branch; skipping trigger. ****" echo "Skipping branch ${br} due to being detected as dev branch." >> $GITHUB_STEP_SUMMARY fi done - echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****" - echo "**** Notifying Discord ****" - curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, - "description": "**Package Check Build(s) Triggered for swag** \n**Branch(es):** '"${triggered_branches}"' \n**Build URL:** '"https://ci.linuxserver.io/blue/organizations/jenkins/Docker-Pipeline-Builders%2Fdocker-swag/activity/"' \n"}], - "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} + if [[ -n "${triggered_branches}" ]] || [[ -n "${skipped_branches}" ]]; then + if [[ -n "${triggered_branches}" ]]; then + NOTIFY_BRANCHES="**Triggered:** ${triggered_branches} \n" + fi + if [[ -n "${skipped_branches}" ]]; then + NOTIFY_BRANCHES="${NOTIFY_BRANCHES}**Skipped:** ${skipped_branches} \n" + fi + echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****" + echo "**** Notifying Discord ****" + curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, + "description": "**Package Check Build(s) Triggered for swag** \n'"${NOTIFY_BRANCHES}"'**Build URL:** '"https://ci.linuxserver.io/blue/organizations/jenkins/Docker-Pipeline-Builders%2Fdocker-swag/activity/"' \n"}], + "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} + fi diff --git a/.github/workflows/permissions.yml b/.github/workflows/permissions.yml index 1447bc55..02e1bdb9 100755 --- a/.github/workflows/permissions.yml +++ b/.github/workflows/permissions.yml @@ -5,6 +5,8 @@ on: - '**/run' - '**/finish' - '**/check' + - 'root/migrations/*' + jobs: permission_check: uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1 diff --git a/Dockerfile b/Dockerfile index b1cb94f1..1b1d552f 100755 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.19 +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.20 # set version label ARG BUILD_DATE @@ -27,6 +27,7 @@ RUN \ apk add --no-cache \ fail2ban \ gnupg \ + iptables-legacy \ memcached \ nginx-mod-http-brotli \ nginx-mod-http-dav-ext \ @@ -64,6 +65,7 @@ RUN \ php83-pdo_sqlite \ php83-pear \ php83-pecl-apcu \ + php83-pecl-mcrypt \ php83-pecl-memcached \ php83-pecl-redis \ php83-pgsql \ @@ -76,8 +78,6 @@ RUN \ php83-xmlreader \ php83-xsl \ whois && \ - apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \ - php83-pecl-mcrypt && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \ @@ -86,7 +86,7 @@ RUN \ pip install -U --no-cache-dir \ pip \ wheel && \ - pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.19/ \ + pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.20/ \ certbot==${CERTBOT_VERSION} \ certbot-dns-acmedns \ certbot-dns-aliyun \ @@ -110,7 +110,6 @@ RUN \ certbot-dns-glesys \ certbot-dns-godaddy \ certbot-dns-google \ - certbot-dns-google-domains \ certbot-dns-he \ certbot-dns-hetzner \ certbot-dns-infomaniak \ @@ -170,6 +169,7 @@ RUN \ tar xf \ /tmp/proxy-confs.tar.gz -C \ /defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \ + printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \ echo "**** cleanup ****" && \ apk del --purge \ build-dependencies && \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 3f90ba45..1e3c4e11 100755 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.19 +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.20 # set version label ARG BUILD_DATE @@ -27,6 +27,7 @@ RUN \ apk add --no-cache \ fail2ban \ gnupg \ + iptables-legacy \ memcached \ nginx-mod-http-brotli \ nginx-mod-http-dav-ext \ @@ -64,6 +65,7 @@ RUN \ php83-pdo_sqlite \ php83-pear \ php83-pecl-apcu \ + php83-pecl-mcrypt \ php83-pecl-memcached \ php83-pecl-redis \ php83-pgsql \ @@ -76,8 +78,6 @@ RUN \ php83-xmlreader \ php83-xsl \ whois && \ - apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \ - php83-pecl-mcrypt && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \ @@ -86,7 +86,7 @@ RUN \ pip install -U --no-cache-dir \ pip \ wheel && \ - pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.19/ \ + pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.20/ \ certbot==${CERTBOT_VERSION} \ certbot-dns-acmedns \ certbot-dns-aliyun \ @@ -110,7 +110,6 @@ RUN \ certbot-dns-glesys \ certbot-dns-godaddy \ certbot-dns-google \ - certbot-dns-google-domains \ certbot-dns-he \ certbot-dns-hetzner \ certbot-dns-infomaniak \ @@ -170,6 +169,7 @@ RUN \ tar xf \ /tmp/proxy-confs.tar.gz -C \ /defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \ + printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \ echo "**** cleanup ****" && \ apk del --purge \ build-dependencies && \ diff --git a/Jenkinsfile b/Jenkinsfile index 6429ac15..60a9031b 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -17,6 +17,8 @@ pipeline { GITLAB_TOKEN=credentials('b6f0f1dd-6952-4cf6-95d1-9c06380283f0') GITLAB_NAMESPACE=credentials('gitlab-namespace-id') DOCKERHUB_TOKEN=credentials('docker-hub-ci-pat') + QUAYIO_API_TOKEN=credentials('quayio-repo-api-token') + GIT_SIGNING_KEY=credentials('484fbca6-9a4f-455e-b9e3-97ac98785f5f') EXT_PIP = 'certbot' BUILD_VERSION_ARG = 'CERTBOT_VERSION' LS_USER = 'linuxserver' @@ -37,9 +39,23 @@ pipeline { CI_WEBPATH='' } stages { + stage("Set git config"){ + steps{ + sh '''#!/bin/bash + cat ${GIT_SIGNING_KEY} > /config/.ssh/id_sign + chmod 600 /config/.ssh/id_sign + ssh-keygen -y -f /config/.ssh/id_sign > /config/.ssh/id_sign.pub + echo "Using $(ssh-keygen -lf /config/.ssh/id_sign) to sign commits" + git config --global gpg.format ssh + git config --global user.signingkey /config/.ssh/id_sign + git config --global commit.gpgsign true + ''' + } + } // Setup all the basic environment variables needed for the build stage("Set ENV Variables base"){ steps{ + echo "Running on node: ${NODE_NAME}" sh '''#! /bin/bash containers=$(docker ps -aq) if [[ -n "${containers}" ]]; then @@ -66,7 +82,7 @@ pipeline { env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/' env.PULL_REQUEST = env.CHANGE_ID - env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt' + env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./root/donate.txt' } sh '''#! /bin/bash echo "The default github branch detected as ${GH_DEFAULT_BRANCH}" ''' @@ -245,7 +261,7 @@ pipeline { -v ${WORKSPACE}:/mnt \ -e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \ -e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \ - ghcr.io/linuxserver/baseimage-alpine:3.19 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\ + ghcr.io/linuxserver/baseimage-alpine:3.20 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\ apk add --no-cache python3 && \ python3 -m venv /lsiopy && \ pip install --no-cache-dir -U pip && \ @@ -295,7 +311,7 @@ pipeline { echo "Jenkinsfile is up to date." fi echo "Starting Stage 2 - Delete old templates" - OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml Dockerfile.armhf" + OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml .github/workflows/package_trigger.yml" for i in ${OLD_TEMPLATES}; do if [[ -f "${i}" ]]; then TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}" @@ -352,7 +368,7 @@ pipeline { fi echo "Starting Stage 4 - External repo updates: Docs, Unraid Template and Readme Sync to Docker Hub" mkdir -p ${TEMPDIR}/docs - git clone https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/docs/docker-documentation + git clone --depth=1 https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/docs/docker-documentation if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}" ]] && [[ (! -f ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md ${TEMPDIR}/docs/docker-documentation/docs/images/ cd ${TEMPDIR}/docs/docker-documentation @@ -370,8 +386,8 @@ pipeline { echo "Docs update not needed, skipping" fi mkdir -p ${TEMPDIR}/unraid - git clone https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates - git clone https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates + git clone --depth=1 https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates + git clone --depth=1 https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates if [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-logo.png ]]; then sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-logo.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml elif [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-icon.png ]]; then @@ -381,9 +397,9 @@ pipeline { echo "Updating Unraid template" cd ${TEMPDIR}/unraid/templates/ GH_TEMPLATES_DEFAULT_BRANCH=$(git remote show origin | grep "HEAD branch:" | sed 's|.*HEAD branch: ||') - if grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list && [[ -f ${TEMPDIR}/unraid/templates/unraid/deprecated/${CONTAINER_NAME}.xml ]]; then + if grep -wq "^${CONTAINER_NAME}$" ${TEMPDIR}/unraid/templates/unraid/ignore.list && [[ -f ${TEMPDIR}/unraid/templates/unraid/deprecated/${CONTAINER_NAME}.xml ]]; then echo "Image is on the ignore list, and already in the deprecation folder." - elif grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then + elif grep -wq "^${CONTAINER_NAME}$" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then echo "Image is on the ignore list, marking Unraid template as deprecated" cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/ git add -u unraid/${CONTAINER_NAME}.xml @@ -476,10 +492,10 @@ pipeline { } } /* ####################### - GitLab Mirroring + GitLab Mirroring and Quay.io Repo Visibility ####################### */ - // Ping into Gitlab to mirror this repo and have a registry endpoint - stage("GitLab Mirror"){ + // Ping into Gitlab to mirror this repo and have a registry endpoint & mark this repo on Quay.io as public + stage("GitLab Mirror and Quay.io Visibility"){ when { environment name: 'EXIT_STATUS', value: '' } @@ -495,6 +511,8 @@ pipeline { "visibility":"public"}' ''' sh '''curl -H "Private-Token: ${GITLAB_TOKEN}" -X PUT "https://gitlab.com/api/v4/projects/Linuxserver.io%2F${LS_REPO}" \ -d "mirror=true&import_url=https://github.com/linuxserver/${LS_REPO}.git" ''' + sh '''curl -H "Content-Type: application/json" -H "Authorization: Bearer ${QUAYIO_API_TOKEN}" -X POST "https://quay.io/api/v1/repository${QUAYIMAGE/quay.io/}/changevisibility" \ + -d '{"visibility":"public"}' ||: ''' } } /* ############### @@ -525,6 +543,7 @@ pipeline { --label \"org.opencontainers.image.title=Swag\" \ --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \ --no-cache --pull -t ${IMAGE}:${META_TAG} --platform=linux/amd64 \ + --provenance=false --sbom=false \ --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." } } @@ -556,6 +575,7 @@ pipeline { --label \"org.opencontainers.image.title=Swag\" \ --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \ --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} --platform=linux/amd64 \ + --provenance=false --sbom=false \ --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." } } @@ -584,9 +604,10 @@ pipeline { --label \"org.opencontainers.image.title=Swag\" \ --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \ --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} --platform=linux/arm64 \ + --provenance=false --sbom=false \ --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" - retry(5) { + retry_backoff(5,5) { sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" } sh '''#! /bin/bash @@ -698,18 +719,27 @@ pipeline { } sh '''#! /bin/bash set -e + if grep -q 'docker-baseimage' <<< "${LS_REPO}"; then + echo "Detected baseimage, setting LSIO_FIRST_PARTY=true" + if [ -n "${CI_DOCKERENV}" ]; then + CI_DOCKERENV="LSIO_FIRST_PARTY=true|${CI_DOCKERENV}" + else + CI_DOCKERENV="LSIO_FIRST_PARTY=true" + fi + fi docker pull ghcr.io/linuxserver/ci:latest if [ "${MULTIARCH}" == "true" ]; then - docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} + docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} --platform=arm64 docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG} fi docker run --rm \ --shm-size=1gb \ -v /var/run/docker.sock:/var/run/docker.sock \ -e IMAGE=\"${IMAGE}\" \ - -e DELAY_START=\"${CI_DELAY}\" \ + -e DOCKER_LOGS_TIMEOUT=\"${CI_DELAY}\" \ -e TAGS=\"${CI_TAGS}\" \ -e META_TAG=\"${META_TAG}\" \ + -e RELEASE_TAG=\"latest\" \ -e PORT=\"${CI_PORT}\" \ -e SSL=\"${CI_SSL}\" \ -e BASE=\"${DIST_IMAGE}\" \ @@ -719,6 +749,7 @@ pipeline { -e WEB_SCREENSHOT=\"${CI_WEB}\" \ -e WEB_AUTH=\"${CI_AUTH}\" \ -e WEB_PATH=\"${CI_WEBPATH}\" \ + -e NODE_NAME=\"${NODE_NAME}\" \ -t ghcr.io/linuxserver/ci:latest \ python3 test_build.py''' } @@ -742,7 +773,7 @@ pipeline { passwordVariable: 'QUAYPASS' ] ]) { - retry(5) { + retry_backoff(5,5) { sh '''#! /bin/bash set -e echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin @@ -760,7 +791,7 @@ pipeline { docker push ${PUSHIMAGE}:${META_TAG} docker push ${PUSHIMAGE}:${EXT_RELEASE_TAG} if [ -n "${SEMVER}" ]; then - docker push ${PUSHIMAGE}:${SEMVER} + docker push ${PUSHIMAGE}:${SEMVER} fi done ''' @@ -783,7 +814,7 @@ pipeline { passwordVariable: 'QUAYPASS' ] ]) { - retry(5) { + retry_backoff(5,5) { sh '''#! /bin/bash set -e echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin @@ -791,7 +822,7 @@ pipeline { echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin if [ "${CI}" == "false" ]; then - docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} + docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} --platform=arm64 docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG} fi for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do @@ -815,35 +846,13 @@ pipeline { docker push ${MANIFESTIMAGE}:amd64-${SEMVER} docker push ${MANIFESTIMAGE}:arm64v8-${SEMVER} fi - docker manifest push --purge ${MANIFESTIMAGE}:latest || : - docker manifest create ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm64v8-latest - docker manifest annotate ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:arm64v8-latest --os linux --arch arm64 --variant v8 - docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} || : - docker manifest create ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} - docker manifest annotate ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} --os linux --arch arm64 --variant v8 - docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} || : - docker manifest create ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} - docker manifest annotate ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} --os linux --arch arm64 --variant v8 - if [ -n "${SEMVER}" ]; then - docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER} || : - docker manifest create ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} - docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} --os linux --arch arm64 --variant v8 - fi - token=$(curl -sX GET "https://ghcr.io/token?scope=repository%3Alinuxserver%2F${CONTAINER_NAME}%3Apull" | jq -r '.token') - digest=$(curl -s \ - --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ - --header "Authorization: Bearer ${token}" \ - "https://ghcr.io/v2/linuxserver/${CONTAINER_NAME}/manifests/arm32v7-latest") - if [[ $(echo "$digest" | jq -r '.layers') != "null" ]]; then - docker manifest push --purge ${MANIFESTIMAGE}:arm32v7-latest || : - docker manifest create ${MANIFESTIMAGE}:arm32v7-latest ${MANIFESTIMAGE}:amd64-latest - docker manifest push --purge ${MANIFESTIMAGE}:arm32v7-latest - fi - docker manifest push --purge ${MANIFESTIMAGE}:latest - docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} - docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} + done + for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do + docker buildx imagetools create -t ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm64v8-latest + docker buildx imagetools create -t ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} + docker buildx imagetools create -t ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} if [ -n "${SEMVER}" ]; then - docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER} + docker buildx imagetools create -t ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} fi done ''' @@ -868,7 +877,7 @@ pipeline { "object": "'${COMMIT_SHA}'",\ "message": "Tagging Release '${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}' to master",\ "type": "commit",\ - "tagger": {"name": "LinuxServer Jenkins","email": "jenkins@linuxserver.io","date": "'${GITHUB_DATE}'"}}' ''' + "tagger": {"name": "LinuxServer-CI","email": "ci@linuxserver.io","date": "'${GITHUB_DATE}'"}}' ''' echo "Pushing New release for Tag" sh '''#! /bin/bash echo "Updating PIP version of ${EXT_PIP} to ${EXT_RELEASE_CLEAN}" > releasebody.json @@ -1000,18 +1009,53 @@ EOF ###################### */ post { always { + sh '''#!/bin/bash + rm -rf /config/.ssh/id_sign + rm -rf /config/.ssh/id_sign.pub + git config --global --unset gpg.format + git config --global --unset user.signingkey + git config --global --unset commit.gpgsign + ''' script{ + env.JOB_DATE = sh( + script: '''date '+%Y-%m-%dT%H:%M:%S%:z' ''', + returnStdout: true).trim() if (env.EXIT_STATUS == "ABORTED"){ sh 'echo "build aborted"' - } - else if (currentBuild.currentResult == "SUCCESS"){ - sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 1681177,\ - "description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** Success\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\ - "username": "Jenkins"}' ${BUILDS_DISCORD} ''' - } - else { - sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 16711680,\ - "description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** failure\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\ + }else{ + if (currentBuild.currentResult == "SUCCESS"){ + if (env.GITHUBIMAGE =~ /lspipepr/){ + env.JOB_WEBHOOK_STATUS='Success' + env.JOB_WEBHOOK_COLOUR=3957028 + env.JOB_WEBHOOK_FOOTER='PR Build' + }else if (env.GITHUBIMAGE =~ /lsiodev/){ + env.JOB_WEBHOOK_STATUS='Success' + env.JOB_WEBHOOK_COLOUR=3957028 + env.JOB_WEBHOOK_FOOTER='Dev Build' + }else{ + env.JOB_WEBHOOK_STATUS='Success' + env.JOB_WEBHOOK_COLOUR=1681177 + env.JOB_WEBHOOK_FOOTER='Live Build' + } + }else{ + if (env.GITHUBIMAGE =~ /lspipepr/){ + env.JOB_WEBHOOK_STATUS='Failure' + env.JOB_WEBHOOK_COLOUR=12669523 + env.JOB_WEBHOOK_FOOTER='PR Build' + }else if (env.GITHUBIMAGE =~ /lsiodev/){ + env.JOB_WEBHOOK_STATUS='Failure' + env.JOB_WEBHOOK_COLOUR=12669523 + env.JOB_WEBHOOK_FOOTER='Dev Build' + }else{ + env.JOB_WEBHOOK_STATUS='Failure' + env.JOB_WEBHOOK_COLOUR=16711680 + env.JOB_WEBHOOK_FOOTER='Live Build' + } + } + sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"'color'": '${JOB_WEBHOOK_COLOUR}',\ + "footer": {"text" : "'"${JOB_WEBHOOK_FOOTER}"'"},\ + "timestamp": "'${JOB_DATE}'",\ + "description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** '${JOB_WEBHOOK_STATUS}'\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\ "username": "Jenkins"}' ${BUILDS_DISCORD} ''' } } @@ -1029,3 +1073,20 @@ EOF } } } + +def retry_backoff(int max_attempts, int power_base, Closure c) { + int n = 0 + while (n < max_attempts) { + try { + c() + return + } catch (err) { + if ((n + 1) >= max_attempts) { + throw err + } + sleep(power_base ** n) + n++ + } + } + return +} diff --git a/README.md b/README.md index d47bf25d..6acc553b 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ Find us at: # [linuxserver/swag](https://github.com/linuxserver/docker-swag) -[![Scarf.io pulls](https://scarf.sh/installs-badge/linuxserver-ci/linuxserver%2Fswag?color=94398d&label-color=555555&logo-color=ffffff&style=for-the-badge&package-type=docker)](https://scarf.sh/gateway/linuxserver-ci/docker/linuxserver%2Fswag) +[![Scarf.io pulls](https://scarf.sh/installs-badge/linuxserver-ci/linuxserver%2Fswag?color=94398d&label-color=555555&logo-color=ffffff&style=for-the-badge&package-type=docker)](https://scarf.sh) [![GitHub Stars](https://img.shields.io/github/stars/linuxserver/docker-swag.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-swag) [![GitHub Release](https://img.shields.io/github/release/linuxserver/docker-swag.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-swag/releases) [![GitHub Package Repository](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub%20Package&logo=github)](https://github.com/linuxserver/docker-swag/packages) @@ -76,7 +76,7 @@ The architectures supported by this image are: ### Certbot Plugins -SWAG includes many Certbot plugins out of the box, but not all plugins can be includes. +SWAG includes many Certbot plugins out of the box, but not all plugins can be included. If you need a plugin that is not included, the quickest way to have the plugin available is to use our [Universal Package Install Docker Mod](https://github.com/linuxserver/docker-mods/tree/universal-package-install). Set the following environment variables on your container: @@ -227,7 +227,7 @@ Containers are configured using parameters passed at runtime (such as those abov | `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). | | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) | | `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. | -| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | +| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynudns`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | | `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. | | `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). | | `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` | @@ -375,7 +375,8 @@ Below are the instructions for updating containers: ### Image Update Notifications - Diun (Docker Image Update Notifier) -**tip**: We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported. +>[!TIP] +>We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported. ## Building locally @@ -400,6 +401,9 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **30.08.24:** - Fix zerossl cert revocation. +* **24.07.14:** - Rebase to Alpine 3.20. Remove deprecated Google Domains certbot plugin. Existing users should update their nginx confs to avoid http2 deprecation warnings. +* **01.07.24:** - Fall back to iptables-legacy if iptables doesn't work. * **23.03.24:** - Fix perms on the generated `priv-fullchain-bundle.pem`. * **14.03.24:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf - Update Authelia conf samples with support for 4.38. * **11.03.24:** - Restore support for DynuDNS using `certbot-dns-dynudns`. diff --git a/jenkins-vars.yml b/jenkins-vars.yml index fe053cbf..989b638c 100644 --- a/jenkins-vars.yml +++ b/jenkins-vars.yml @@ -6,7 +6,6 @@ external_type: pip_version release_type: stable release_tag: latest ls_branch: master -build_armhf: false repo_vars: - EXT_PIP = 'certbot' - BUILD_VERSION_ARG = 'CERTBOT_VERSION' diff --git a/package_versions.txt b/package_versions.txt index a0ee25fe..d35d73f2 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -1,52 +1,50 @@ NAME VERSION TYPE -ConfigArgParse 1.7 python -PyJWT 2.8.0 python -PyNamecheap 0.0.3 python -PyYAML 6.0.1 python Simple Launcher 1.1.0.14 dotnet (+5 duplicates) -acme 2.10.0 python -alpine-baselayout 3.4.3-r2 apk -alpine-baselayout-data 3.4.3-r2 apk +acme 2.11.0 python +alpine-baselayout 3.6.5-r0 apk +alpine-baselayout-data 3.6.5-r0 apk alpine-keys 2.4-r1 apk -alpine-release 3.19.1-r0 apk -aom-libs 3.7.1-r0 apk -apache2-utils 2.4.59-r0 apk +alpine-release 3.20.3-r0 apk +aom-libs 3.9.1-r0 apk +apache2-utils 2.4.62-r0 apk apk-tools 2.14.4-r0 apk -apr 1.7.4-r0 apk +apr 1.7.5-r0 apk apr-util 1.6.3-r1 apk argon2-libs 20190702-r5 apk -attrs 23.2.0 python +attrs 24.2.0 python +autocommand 2.2.2 python azure-common 1.1.28 python -azure-core 1.30.1 python -azure-identity 1.16.0 python +azure-core 1.31.0 python +azure-identity 1.19.0 python azure-mgmt-core 1.4.0 python azure-mgmt-dns 8.1.0 python -bash 5.2.21-r0 apk +backports-tarfile 1.2.0 python +bash 5.2.26-r0 apk beautifulsoup4 4.12.3 python -boto3 1.34.108 python -botocore 1.34.108 python -brotli-libs 1.1.0-r1 apk +boto3 1.35.44 python +botocore 1.35.44 python +brotli-libs 1.1.0-r2 apk bs4 0.0.2 python -busybox 1.36.1-r15 apk -busybox-binsh 1.36.1-r15 apk -c-ares 1.27.0-r0 apk +busybox 1.36.1-r29 apk +busybox-binsh 1.36.1-r29 apk +c-ares 1.28.1-r0 apk c-client 2007f-r15 apk -ca-certificates 20240226-r0 apk -ca-certificates-bundle 20240226-r0 apk -cachetools 5.3.3 python +ca-certificates 20240705-r0 apk +ca-certificates-bundle 20240705-r0 apk +cachetools 5.5.0 python catatonit 0.2.0-r0 apk -certbot 2.10.0 python +certbot 2.11.0 python certbot-dns-acmedns 0.1.0 python certbot-dns-aliyun 2.0.0 python certbot-dns-azure 2.5.0 python certbot-dns-bunny 0.0.9 python -certbot-dns-cloudflare 2.10.0 python +certbot-dns-cloudflare 2.11.0 python certbot-dns-cpanel 0.4.0 python certbot-dns-desec 1.2.1 python -certbot-dns-digitalocean 2.10.0 python +certbot-dns-digitalocean 2.11.0 python certbot-dns-directadmin 1.0.4 python -certbot-dns-dnsimple 2.10.0 python -certbot-dns-dnsmadeeasy 2.10.0 python +certbot-dns-dnsimple 2.11.0 python +certbot-dns-dnsmadeeasy 2.11.0 python certbot-dns-dnspod 0.1.0 python certbot-dns-do 0.31.0 python certbot-dns-domeneshop 0.2.9 python @@ -54,296 +52,312 @@ certbot-dns-dreamhost 1.0 python certbot-dns-duckdns 1.3 python certbot-dns-dynudns 0.0.6 python certbot-dns-freedns 0.2.0 python -certbot-dns-gehirn 2.10.0 python +certbot-dns-gehirn 2.11.0 python certbot-dns-glesys 2.1.0 python certbot-dns-godaddy 2.8.0 python -certbot-dns-google 2.10.0 python -certbot-dns-google-domains 0.1.11 python +certbot-dns-google 2.11.0 python certbot-dns-he 1.0.0 python -certbot-dns-hetzner 2.0.0 python +certbot-dns-hetzner 2.0.1 python certbot-dns-infomaniak 0.2.2 python certbot-dns-inwx 2.2.0 python certbot-dns-ionos 2024.1.8 python -certbot-dns-linode 2.10.0 python +certbot-dns-linode 2.11.0 python certbot-dns-loopia 1.0.1 python -certbot-dns-luadns 2.10.0 python +certbot-dns-luadns 2.11.0 python certbot-dns-namecheap 1.0.0 python certbot-dns-netcup 1.4.3 python certbot-dns-njalla 1.0.0 python -certbot-dns-nsone 2.10.0 python -certbot-dns-ovh 2.10.0 python +certbot-dns-nsone 2.11.0 python +certbot-dns-ovh 2.11.0 python certbot-dns-porkbun 0.8 python -certbot-dns-rfc2136 2.10.0 python -certbot-dns-route53 2.10.0 python -certbot-dns-sakuracloud 2.10.0 python +certbot-dns-rfc2136 2.11.0 python +certbot-dns-route53 2.11.0 python +certbot-dns-sakuracloud 2.11.0 python certbot-dns-standalone 1.1 python certbot-dns-transip 0.5.2 python certbot-dns-vultr 1.1.0 python certbot-plugin-gandi 1.5.0 python -certifi 2024.2.2 python -cffi 1.16.0 python -charset-normalizer 3.3.2 python -cloudflare 2.20.0 python -composer 2.7.6 binary -configobj 5.0.8 python -coreutils 9.4-r2 apk -coreutils-env 9.4-r2 apk -coreutils-fmt 9.4-r2 apk -coreutils-sha512sum 9.4-r2 apk -cryptography 42.0.7 python -curl 8.5.0-r0 apk -dataclasses-json 0.5.14 python +certifi 2024.8.30 python +cffi 1.17.1 python +charset-normalizer 3.4.0 python +cloudflare 2.19.4 python +composer 2.7.9 binary +configargparse 1.7 python +configobj 5.0.9 python +coreutils 9.5-r1 apk +coreutils-env 9.5-r1 apk +coreutils-fmt 9.5-r1 apk +coreutils-sha512sum 9.5-r1 apk +cryptography 43.0.3 python +curl 8.9.1-r2 apk distro 1.9.0 python -dns-lexicon 3.17.0 python -dnslib 0.9.24 python -dnspython 2.6.1 python +dns-lexicon 3.18.0 python +dnslib 0.9.25 python +dnspython 2.7.0 python domeneshop 0.4.4 python -fail2ban 1.0.2 python -fail2ban 1.0.2-r3 apk -fail2ban-pyc 1.0.2-r3 apk -filelock 3.14.0 python +fail2ban 1.1.0 python +fail2ban 1.1.0-r0 apk +fail2ban-pyc 1.1.0-r0 apk +filelock 3.16.1 python findutils 4.9.0-r5 apk -fontconfig 2.14.2-r4 apk +fontconfig 2.15.0-r1 apk freetype 2.13.2-r0 apk future 1.0.0 python gdbm 1.23-r1 apk -git 2.43.4-r0 apk -git-perl 2.43.4-r0 apk -gmp 6.3.0-r0 apk -gnupg 2.4.4-r0 apk -gnupg-dirmngr 2.4.4-r0 apk -gnupg-gpgconf 2.4.4-r0 apk -gnupg-keyboxd 2.4.4-r0 apk -gnupg-utils 2.4.4-r0 apk -gnupg-wks-client 2.4.4-r0 apk -gnutls 3.8.4-r0 apk -google-api-core 2.19.0 python -google-api-python-client 2.129.0 python -google-auth 2.29.0 python +git 2.45.2-r0 apk +git-init-template 2.45.2-r0 apk +git-perl 2.45.2-r0 apk +gmp 6.3.0-r1 apk +gnupg 2.4.5-r0 apk +gnupg-dirmngr 2.4.5-r0 apk +gnupg-gpgconf 2.4.5-r0 apk +gnupg-keyboxd 2.4.5-r0 apk +gnupg-utils 2.4.5-r0 apk +gnupg-wks-client 2.4.5-r0 apk +gnutls 3.8.5-r0 apk +google-api-core 2.21.0 python +google-api-python-client 2.149.0 python +google-auth 2.35.0 python google-auth-httplib2 0.2.0 python -googleapis-common-protos 1.63.0 python -gpg 2.4.4-r0 apk -gpg-agent 2.4.4-r0 apk -gpg-wks-server 2.4.4-r0 apk -gpgsm 2.4.4-r0 apk -gpgv 2.4.4-r0 apk +googleapis-common-protos 1.65.0 python +gpg 2.4.5-r0 apk +gpg-agent 2.4.5-r0 apk +gpg-wks-server 2.4.5-r0 apk +gpgsm 2.4.5-r0 apk +gpgv 2.4.5-r0 apk httplib2 0.22.0 python -icu-data-en 74.1-r0 apk -icu-libs 74.1-r0 apk -idna 3.7 python +icu-data-en 74.2-r0 apk +icu-libs 74.2-r0 apk +idna 3.10 python +importlib-metadata 8.0.0 python +importlib-resources 6.4.0 python +inflect 7.3.1 python iptables 1.8.10-r3 apk -isodate 0.6.1 python +iptables-legacy 1.8.10-r3 apk +isodate 0.7.2 python +jaraco-collections 5.1.0 python +jaraco-context 5.3.0 python +jaraco-functools 4.0.1 python +jaraco-text 3.12.1 python jmespath 1.0.1 python josepy 1.14.0 python jq 1.7.1-r0 apk jsonlines 4.0.0 python -jsonpickle 3.0.4 python -libacl 2.3.1-r4 apk -libassuan 2.5.6-r1 apk -libattr 2.5.1-r5 apk -libavif 1.0.3-r0 apk -libbsd 0.11.7-r3 apk +jsonpickle 3.3.0 python +libacl 2.3.2-r0 apk +libassuan 2.5.7-r0 apk +libattr 2.5.2-r0 apk +libavif 1.0.4-r0 apk +libbsd 0.12.2-r0 apk libbz2 1.0.8-r6 apk -libc-utils 0.7.2-r5 apk -libcrypto3 3.1.4-r6 apk -libcurl 8.5.0-r0 apk -libdav1d 1.3.0-r1 apk -libedit 20230828.3.1-r3 apk +libcrypto3 3.3.2-r0 apk +libcurl 8.9.1-r2 apk +libdav1d 1.4.2-r0 apk +libedit 20240517.3.1-r0 apk libevent 2.1.12-r7 apk -libexpat 2.6.2-r0 apk -libffi 3.4.4-r3 apk -libgcc 13.2.1_git20231014-r0 apk +libexpat 2.6.3-r0 apk +libffi 3.4.6-r0 apk +libgcc 13.2.1_git20240309-r0 apk libgcrypt 1.10.3-r0 apk -libgd 2.3.3-r8 apk -libgpg-error 1.47-r2 apk -libice 1.1.1-r5 apk -libidn2 2.3.4-r4 apk -libintl 0.22.3-r0 apk -libjpeg-turbo 3.0.1-r0 apk -libksba 1.6.5-r0 apk -libldap 2.6.6-r1 apk -libmaxminddb-libs 1.7.1-r2 apk +libgd 2.3.3-r9 apk +libgpg-error 1.49-r0 apk +libice 1.1.1-r6 apk +libidn2 2.3.7-r0 apk +libintl 0.22.5-r0 apk +libip4tc 1.8.10-r3 apk +libip6tc 1.8.10-r3 apk +libjpeg-turbo 3.0.3-r0 apk +libksba 1.6.6-r0 apk +libldap 2.6.8-r0 apk +libmaxminddb-libs 1.9.1-r0 apk libmcrypt 2.5.8-r10 apk libmd 1.1.0-r0 apk libmemcached-libs 1.1.4-r1 apk libmnl 1.0.5-r2 apk -libncursesw 6.4_p20231125-r0 apk +libncursesw 6.4_p20240420-r1 apk libnftnl 1.2.6-r0 apk -libpanelw 6.4_p20231125-r0 apk -libpng 1.6.40-r0 apk +libpanelw 6.4_p20240420-r1 apk +libpng 1.6.44-r0 apk libpq 16.3-r0 apk libproc2 4.0.4-r0 apk -libsasl 2.1.28-r5 apk -libseccomp 2.5.5-r0 apk +libpsl 0.21.5-r1 apk +libsasl 2.1.28-r6 apk +libseccomp 2.5.5-r1 apk libsharpyuv 1.3.2-r0 apk -libsm 1.2.4-r3 apk +libsm 1.2.4-r4 apk libsodium 1.0.19-r0 apk -libssl3 3.1.4-r6 apk -libstdc++ 13.2.1_git20231014-r0 apk +libssl3 3.3.2-r0 apk +libstdc++ 13.2.1_git20240309-r0 apk libtasn1 4.19.0-r2 apk -libunistring 1.1-r2 apk -libuuid 2.39.3-r0 apk +libunistring 1.2-r0 apk +libuuid 2.40.1-r1 apk libwebp 1.3.2-r0 apk -libx11 1.8.7-r0 apk -libxau 1.0.11-r3 apk -libxcb 1.16-r0 apk -libxdmcp 1.1.4-r3 apk -libxext 1.3.5-r3 apk -libxml2 2.11.7-r0 apk +libx11 1.8.9-r1 apk +libxau 1.0.11-r4 apk +libxcb 1.16.1-r0 apk +libxdmcp 1.1.5-r1 apk +libxext 1.3.6-r2 apk +libxml2 2.12.7-r0 apk libxpm 3.5.17-r0 apk -libxslt 1.1.39-r0 apk -libxt 1.3.0-r4 apk +libxslt 1.1.39-r1 apk +libxt 1.3.0-r5 apk libxtables 1.8.10-r3 apk libzip 1.10.1-r0 apk -linux-pam 1.5.3-r7 apk +linux-pam 1.6.0-r0 apk logrotate 3.21.0-r1 apk loopialib 0.2.0 python -lxml 5.2.2 python +lxml 5.3.0 python lz4-libs 1.9.4-r5 apk -marshmallow 3.21.2 python -memcached 1.6.22-r0 apk +memcached 1.6.27-r0 apk mock 5.1.0 python -mpdecimal 2.5.1-r2 apk -msal 1.28.0 python -msal-extensions 1.1.0 python -musl 1.2.4_git20230717-r4 apk -musl-utils 1.2.4_git20230717-r4 apk -mypy-extensions 1.0.0 python -nano 7.2-r1 apk -ncurses-terminfo-base 6.4_p20231125-r0 apk +more-itertools 10.3.0 python +mpdecimal 4.0.0-r0 apk +msal 1.31.0 python +msal-extensions 1.2.0 python +musl 1.2.5-r0 apk +musl-utils 1.2.5-r0 apk +my-test-package 1.0 python +nano 8.0-r0 apk +ncurses-terminfo-base 6.4_p20240420-r1 apk netcat-openbsd 1.226-r0 apk nettle 3.9.1-r0 apk -nghttp2-libs 1.58.0-r0 apk -nginx 1.24.0-r16 apk -nginx-mod-devel-kit 1.24.0-r16 apk -nginx-mod-http-brotli 1.24.0-r16 apk -nginx-mod-http-dav-ext 1.24.0-r16 apk -nginx-mod-http-echo 1.24.0-r16 apk -nginx-mod-http-fancyindex 1.24.0-r16 apk -nginx-mod-http-geoip2 1.24.0-r16 apk -nginx-mod-http-headers-more 1.24.0-r16 apk -nginx-mod-http-image-filter 1.24.0-r16 apk -nginx-mod-http-perl 1.24.0-r16 apk -nginx-mod-http-redis2 1.24.0-r16 apk -nginx-mod-http-set-misc 1.24.0-r16 apk -nginx-mod-http-upload-progress 1.24.0-r16 apk -nginx-mod-http-xslt-filter 1.24.0-r16 apk -nginx-mod-mail 1.24.0-r16 apk -nginx-mod-rtmp 1.24.0-r16 apk -nginx-mod-stream 1.24.0-r16 apk -nginx-mod-stream-geoip2 1.24.0-r16 apk -nginx-vim 1.24.0-r16 apk +nghttp2-libs 1.62.1-r0 apk +nginx 1.26.2-r0 apk +nginx-mod-devel-kit 1.26.2-r0 apk +nginx-mod-http-brotli 1.26.2-r0 apk +nginx-mod-http-dav-ext 1.26.2-r0 apk +nginx-mod-http-echo 1.26.2-r0 apk +nginx-mod-http-fancyindex 1.26.2-r0 apk +nginx-mod-http-geoip2 1.26.2-r0 apk +nginx-mod-http-headers-more 1.26.2-r0 apk +nginx-mod-http-image-filter 1.26.2-r0 apk +nginx-mod-http-perl 1.26.2-r0 apk +nginx-mod-http-redis2 1.26.2-r0 apk +nginx-mod-http-set-misc 1.26.2-r0 apk +nginx-mod-http-upload-progress 1.26.2-r0 apk +nginx-mod-http-xslt-filter 1.26.2-r0 apk +nginx-mod-mail 1.26.2-r0 apk +nginx-mod-rtmp 1.26.2-r0 apk +nginx-mod-stream 1.26.2-r0 apk +nginx-mod-stream-geoip2 1.26.2-r0 apk +nginx-vim 1.26.2-r0 apk npth 1.6-r4 apk oniguruma 6.9.9-r0 apk -openssl 3.1.4-r6 apk +openssl 3.3.2-r0 apk p11-kit 0.25.3-r0 apk -packaging 24.0 python +packaging 24.1 python parsedatetime 2.6 python pcre 8.45-r3 apk -pcre2 10.42-r2 apk +pcre2 10.43-r0 apk perl 5.38.2-r0 apk perl-error 0.17029-r2 apk -perl-git 2.43.4-r0 apk -php83 8.3.7-r0 apk -php83-bcmath 8.3.7-r0 apk -php83-bz2 8.3.7-r0 apk -php83-common 8.3.7-r0 apk -php83-ctype 8.3.7-r0 apk -php83-curl 8.3.7-r0 apk -php83-dom 8.3.7-r0 apk -php83-exif 8.3.7-r0 apk -php83-fileinfo 8.3.7-r0 apk -php83-fpm 8.3.7-r0 apk -php83-ftp 8.3.7-r0 apk -php83-gd 8.3.7-r0 apk -php83-gmp 8.3.7-r0 apk -php83-iconv 8.3.7-r0 apk -php83-imap 8.3.7-r0 apk -php83-intl 8.3.7-r0 apk -php83-ldap 8.3.7-r0 apk -php83-mbstring 8.3.7-r0 apk -php83-mysqli 8.3.7-r0 apk -php83-mysqlnd 8.3.7-r0 apk -php83-opcache 8.3.7-r0 apk -php83-openssl 8.3.7-r0 apk -php83-pdo 8.3.7-r0 apk -php83-pdo_mysql 8.3.7-r0 apk -php83-pdo_odbc 8.3.7-r0 apk -php83-pdo_pgsql 8.3.7-r0 apk -php83-pdo_sqlite 8.3.7-r0 apk -php83-pear 8.3.7-r0 apk +perl-git 2.45.2-r0 apk +php83 8.3.12-r0 apk +php83-bcmath 8.3.12-r0 apk +php83-bz2 8.3.12-r0 apk +php83-common 8.3.12-r0 apk +php83-ctype 8.3.12-r0 apk +php83-curl 8.3.12-r0 apk +php83-dom 8.3.12-r0 apk +php83-exif 8.3.12-r0 apk +php83-fileinfo 8.3.12-r0 apk +php83-fpm 8.3.12-r0 apk +php83-ftp 8.3.12-r0 apk +php83-gd 8.3.12-r0 apk +php83-gmp 8.3.12-r0 apk +php83-iconv 8.3.12-r0 apk +php83-imap 8.3.12-r0 apk +php83-intl 8.3.12-r0 apk +php83-ldap 8.3.12-r0 apk +php83-mbstring 8.3.12-r0 apk +php83-mysqli 8.3.12-r0 apk +php83-mysqlnd 8.3.12-r0 apk +php83-opcache 8.3.12-r0 apk +php83-openssl 8.3.12-r0 apk +php83-pdo 8.3.12-r0 apk +php83-pdo_mysql 8.3.12-r0 apk +php83-pdo_odbc 8.3.12-r0 apk +php83-pdo_pgsql 8.3.12-r0 apk +php83-pdo_sqlite 8.3.12-r0 apk +php83-pear 8.3.12-r0 apk php83-pecl-apcu 5.1.23-r0 apk php83-pecl-igbinary 3.2.15-r0 apk php83-pecl-mcrypt 1.0.7-r0 apk php83-pecl-memcached 3.2.0-r0 apk -php83-pecl-msgpack 2.2.0-r1 apk -php83-pecl-redis 6.0.2-r0 apk -php83-pgsql 8.3.7-r0 apk -php83-phar 8.3.7-r0 apk -php83-posix 8.3.7-r0 apk -php83-session 8.3.7-r0 apk -php83-simplexml 8.3.7-r0 apk -php83-soap 8.3.7-r0 apk -php83-sockets 8.3.7-r0 apk -php83-sodium 8.3.7-r0 apk -php83-sqlite3 8.3.7-r0 apk -php83-tokenizer 8.3.7-r0 apk -php83-xml 8.3.7-r0 apk -php83-xmlreader 8.3.7-r0 apk -php83-xmlwriter 8.3.7-r0 apk -php83-xsl 8.3.7-r0 apk -php83-zip 8.3.7-r0 apk -pinentry 1.2.1-r1 apk -pip 24.0 python +php83-pecl-msgpack 2.2.0-r2 apk +php83-pecl-redis 6.1.0-r0 apk +php83-pgsql 8.3.12-r0 apk +php83-phar 8.3.12-r0 apk +php83-posix 8.3.12-r0 apk +php83-session 8.3.12-r0 apk +php83-simplexml 8.3.12-r0 apk +php83-soap 8.3.12-r0 apk +php83-sockets 8.3.12-r0 apk +php83-sodium 8.3.12-r0 apk +php83-sqlite3 8.3.12-r0 apk +php83-tokenizer 8.3.12-r0 apk +php83-xml 8.3.12-r0 apk +php83-xmlreader 8.3.12-r0 apk +php83-xmlwriter 8.3.12-r0 apk +php83-xsl 8.3.12-r0 apk +php83-zip 8.3.12-r0 apk +pinentry 1.3.0-r0 apk +pip 24.2 python pkb-client 1.2 python +platformdirs 4.2.2 python popt 1.19-r3 apk -portalocker 2.8.2 python +portalocker 2.10.1 python procps-ng 4.0.4-r0 apk -proto-plus 1.23.0 python -protobuf 4.25.3 python -publicsuffixlist 0.9.4 python -pyOpenSSL 24.1.0 python -pyRFC3339 1.1 python +proto-plus 1.24.0 python +protobuf 5.28.2 python pyacmedns 0.4 python -pyasn1 0.6.0 python -pyasn1_modules 0.4.0 python -pyc 3.11.9-r0 apk +pyasn1 0.6.1 python +pyasn1-modules 0.4.1 python +pyc 3.12.7-r0 apk pycparser 2.22 python +pyjwt 2.9.0 python +pynamecheap 0.0.3 python +pyopenssl 24.2.1 python pyotp 2.9.0 python -pyparsing 3.1.2 python +pyparsing 3.2.0 python +pyrfc3339 1.1 python python-dateutil 2.9.0.post0 python python-digitalocean 1.17.0 python python-transip 0.6.0 python -python3 3.11.9-r0 apk -python3-pyc 3.11.9-r0 apk -python3-pycache-pyc0 3.11.9-r0 apk -pytz 2024.1 python -readline 8.2.1-r2 apk -requests 2.31.0 python -requests-file 2.0.0 python +python3 3.12.7-r0 apk +python3-pyc 3.12.7-r0 apk +python3-pycache-pyc0 3.12.7-r0 apk +pytz 2024.2 python +pyyaml 6.0.2 python +readline 8.2.10-r0 apk +requests 2.32.3 python +requests-file 2.1.0 python requests-mock 1.12.1 python rsa 4.9 python -s3transfer 0.10.1 python +s3transfer 0.10.3 python scanelf 1.3.7-r2 apk -setuptools 65.5.0 python -shadow 4.14.2-r0 apk +setuptools 75.2.0 python +shadow 4.15.1-r0 apk six 1.16.0 python -skalibs 2.14.0.1-r0 apk -soupsieve 2.5 python -sqlite-libs 3.44.2-r0 apk -ssl_client 1.36.1-r15 apk -tiff 4.6.0-r0 apk +skalibs 2.14.1.1-r0 apk +soupsieve 2.6 python +sqlite-libs 3.45.3-r1 apk +ssl_client 1.36.1-r29 apk +tiff 4.6.0t-r0 apk tldextract 5.1.2 python -typing-inspect 0.9.0 python -typing_extensions 4.11.0 python -tzdata 2024a-r0 apk +tomli 2.0.1 python +typeguard 4.3.0 python +typing-extensions 4.12.2 python (+1 duplicate) +tzdata 2024b-r0 apk unixodbc 2.3.12-r0 apk uritemplate 4.1.1 python -urllib3 2.2.1 python -utmps-libs 0.1.2.2-r0 apk +urllib3 2.2.3 python +utmps-libs 0.1.2.2-r1 apk wheel 0.43.0 python -whois 5.5.20-r0 apk -xz-libs 5.4.5-r0 apk -zlib 1.3.1-r0 apk -zope.interface 6.4 python -zstd-libs 1.5.5-r8 apk +wheel 0.44.0 python +whois 5.5.23-r0 apk +xz-libs 5.6.2-r0 apk +zipp 3.19.2 python +zlib 1.3.1-r1 apk +zope-interface 7.1.0 python +zstd-libs 1.5.6-r0 apk diff --git a/readme-vars.yml b/readme-vars.yml index f0687aa0..bc879fdb 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -7,40 +7,24 @@ project_logo: "https://github.com/linuxserver/docker-templates/raw/master/linuxs project_blurb: "SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention." project_lsio_github_repo_url: "https://github.com/linuxserver/docker-{{ project_name }}" -project_blurb_optional_extras_enabled: false -project_blurb_optional_extras: [] - # supported architectures available_architectures: - { arch: "{{ arch_x86_64 }}", tag: "amd64-latest"} - { arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"} -# development version -development_versions: false -development_versions_items: - - { tag: "latest", desc: "Stable releases" } - - # container parameters -common_param_env_vars_enabled: true #PGID, PUID, etc, you can set it to 'optional' +common_param_env_vars_enabled: true param_container_name: "{{ project_name }}" -param_usage_include_net: false #you can set it to 'optional' -param_net: "host" -param_net_desc: "Shares host networking with container." param_usage_include_env: true param_env_vars: - - { env_var: "TZ", env_value: "Europe/London", desc: "Specify a timezone to use EG Europe/London." } - { env_var: "URL", env_value: "yourdomain.url", desc: "Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns)." } - - { env_var: "VALIDATION", env_value: "http", desc: "Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set)." } + - { env_var: "VALIDATION", env_value: "http", desc: "Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set).", env_options: ["http", "dns"] } param_usage_include_vols: true param_volumes: - { vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Persistent config files" } param_usage_include_ports: true param_ports: - { external_port: "443", internal_port: "443", port_desc: "Https port" } -param_device_map: false -param_devices: - - { device_path: "/dev/dri", device_host_path: "/dev/dri", desc: "For hardware transcoding" } cap_add_param: true cap_add_param_vars: - { cap_add_var: "NET_ADMIN" } @@ -50,27 +34,15 @@ opt_param_usage_include_env: true opt_param_env_vars: - { env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)" } - { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." } - - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." } + - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." } - { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." } - { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." } - { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" } - { env_var: "EXTRA_DOMAINS", env_value: "", desc: "Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org`" } - { env_var: "STAGING", env_value: "false", desc: "Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes." } -opt_param_usage_include_vols: false -opt_param_volumes: - - { vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Persistent config files" } opt_param_usage_include_ports: true opt_param_ports: - { external_port: "80", internal_port: "80", port_desc: "Http port (required for http validation and http -> https redirect)" } -opt_param_device_map: false -opt_param_devices: - - { device_path: "/dev/dri", device_host_path: "/dev/dri", desc: "For hardware transcoding" } -opt_cap_add_param: false -opt_cap_add_param_vars: - - { cap_add_var: "NET_ADMIN" } - -optional_block_1: false -optional_block_1_items: "" # application setup block app_setup_block_enabled: true @@ -92,7 +64,7 @@ app_setup_block: | ### Certbot Plugins - SWAG includes many Certbot plugins out of the box, but not all plugins can be includes. + SWAG includes many Certbot plugins out of the box, but not all plugins can be included. If you need a plugin that is not included, the quickest way to have the plugin available is to use our [Universal Package Install Docker Mod](https://github.com/linuxserver/docker-mods/tree/universal-package-install). Set the following environment variables on your container: @@ -168,6 +140,10 @@ app_setup_block: | # changelog changelogs: + - { date: "21.10.24:", desc: "Fix naming issue with Dynu plugin. If you are using Dynu, please make sure your credentials are set in /config/dns-conf/dynu.ini and your DNSPLUGIN variable is set to dynu (not dynudns)." } + - { date: "30.08.24:", desc: "Fix zerossl cert revocation." } + - { date: "24.07.14:", desc: "Rebase to Alpine 3.20. Remove deprecated Google Domains certbot plugin. Existing users should update their nginx confs to avoid http2 deprecation warnings."} + - { date: "01.07.24:", desc: "Fall back to iptables-legacy if iptables doesn't work." } - { date: "23.03.24:", desc: "Fix perms on the generated `priv-fullchain-bundle.pem`." } - { date: "14.03.24:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf - Update Authelia conf samples with support for 4.38." } - { date: "11.03.24:", desc: "Restore support for DynuDNS using `certbot-dns-dynudns`." } diff --git a/root/defaults/dns-conf/google-domains.ini b/root/defaults/dns-conf/google-domains.ini deleted file mode 100644 index 0979bdde..00000000 --- a/root/defaults/dns-conf/google-domains.ini +++ /dev/null @@ -1,4 +0,0 @@ -# Instructions: https://github.com/aaomidi/certbot-dns-google-domains#credentials -# Replace with your value -dns_google_domains_access_token = abcdef -dns_google_domains_zone = example.com diff --git a/root/defaults/nginx/site-confs/default.conf.sample b/root/defaults/nginx/site-confs/default.conf.sample index f90e633a..ce0d65e4 100644 --- a/root/defaults/nginx/site-confs/default.conf.sample +++ b/root/defaults/nginx/site-confs/default.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/03/06 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample +## Version 2024/07/16 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample # redirect all traffic to https server { @@ -12,8 +12,8 @@ server { # main server block server { - listen 443 ssl http2 default_server; - listen [::]:443 ssl http2 default_server; + listen 443 ssl default_server; + listen [::]:443 ssl default_server; server_name _; diff --git a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run index f3ad0aaf..32835102 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run +++ b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run @@ -189,24 +189,15 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] || [[ ! "${STAGING}" = "${ORIGSTAGING}" ]] || [[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created" - if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then + if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]]; then REV_ACMESERVER=("https://acme.zerossl.com/v2/DV90") - REV_ZEROSSL_EAB_KID=$(awk -F "=" '/eab-kid/ {print $2}' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" | tr -d ' ') - REV_ZEROSSL_EAB_HMAC_KEY=$(awk -F "=" '/eab-hmac-key/ {print $2}' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" | tr -d ' ') - if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then - REV_ZEROSSL_EAB_KID=$(awk -F "=" '/eab-kid/ {print $2}' /config/etc/letsencrypt/cli.ini | tr -d ' ') - REV_ZEROSSL_EAB_HMAC_KEY=$(awk -F "=" '/eab-hmac-key/ {print $2}' /config/etc/letsencrypt/cli.ini | tr -d ' ') - fi - if [[ -n "${REV_ZEROSSL_EAB_KID}" ]] && [[ -n "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then - REV_ACMESERVER+=("--eab-kid" "${REV_ZEROSSL_EAB_KID}" "--eab-hmac-key" "${REV_ZEROSSL_EAB_HMAC_KEY}") - fi elif [[ "${ORIGSTAGING}" = "true" ]]; then REV_ACMESERVER=("https://acme-staging-v02.api.letsencrypt.org/directory") else REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory") fi if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then - certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true + certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --key-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/privkey.pem --server "${REV_ACMESERVER[@]}" || true else certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true fi diff --git a/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run index abd14b43..6022729d 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run +++ b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run @@ -1,6 +1,15 @@ #!/usr/bin/with-contenv bash # shellcheck shell=bash +if ! iptables -L &> /dev/null; then + ln -sf /sbin/xtables-legacy-multi /sbin/iptables + ln -sf /sbin/xtables-legacy-multi /sbin/iptables-save + ln -sf /sbin/xtables-legacy-multi /sbin/iptables-restore + ln -sf /sbin/xtables-legacy-multi /sbin/ip6tables + ln -sf /sbin/xtables-legacy-multi /sbin/ip6tables-save + ln -sf /sbin/xtables-legacy-multi /sbin/ip6tables-restore +fi + # copy/update the fail2ban config defaults to/in /config cp -R /defaults/fail2ban/filter.d /config/fail2ban/ cp -R /defaults/fail2ban/action.d /config/fail2ban/