diff --git a/.editorconfig b/.editorconfig old mode 100755 new mode 100644 diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md old mode 100755 new mode 100644 index f7efbf14..9fc53d92 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -6,7 +6,7 @@ * Read, and fill the Pull Request template * If this is a fix for a typo (in code, documentation, or the README) please file an issue and let us sort it out. We do not need a PR * If the PR is addressing an existing issue include, closes #\, in the body of the PR commit message -* If you want to discuss changes, you can also bring it up in [#dev-talk](https://discordapp.com/channels/354974912613449730/757585807061155840) in our [Discord server](https://discord.gg/YWrKVTn) +* If you want to discuss changes, you can also bring it up in [#dev-talk](https://discordapp.com/channels/354974912613449730/757585807061155840) in our [Discord server](https://linuxserver.io/discord) ## Common files @@ -24,7 +24,7 @@ ## Readme If you would like to change our readme, please __**do not**__ directly edit the readme, as it is auto-generated on each commit. -Instead edit the [readme-vars.yml](https://github.com/linuxserver/docker-nextcloud/edit/master/readme-vars.yml). +Instead edit the [readme-vars.yml](https://github.com/linuxserver/docker-nextcloud/edit/develop/readme-vars.yml). These variables are used in a template for our [Jenkins Builder](https://github.com/linuxserver/docker-jenkins-builder) as part of an ansible play. Most of these variables are also carried over to [docs.linuxserver.io](https://docs.linuxserver.io/images/docker-nextcloud) @@ -105,17 +105,17 @@ docker build \ -t linuxserver/nextcloud:latest . ``` -The ARM variants can be built on x86_64 hardware using `multiarch/qemu-user-static` +The ARM variants can be built on x86_64 hardware and vice versa using `lscr.io/linuxserver/qemu-static` ```bash -docker run --rm --privileged multiarch/qemu-user-static:register --reset +docker run --rm --privileged lscr.io/linuxserver/qemu-static --reset ``` Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64`. ## Update the changelog -If you are modifying the Dockerfiles or any of the startup scripts in [root](https://github.com/linuxserver/docker-nextcloud/tree/master/root), add an entry to the changelog +If you are modifying the Dockerfiles or any of the startup scripts in [root](https://github.com/linuxserver/docker-nextcloud/tree/develop/root), add an entry to the changelog ```yml changelogs: diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml old mode 100755 new mode 100644 diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml old mode 100755 new mode 100644 index dcb34e3f..fe4115cd --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -1,7 +1,7 @@ blank_issues_enabled: false contact_links: - name: Discord chat support - url: https://discord.gg/YWrKVTn + url: https://linuxserver.io/discord about: Realtime support / chat with the community and the team. - name: Discourse discussion forum diff --git a/.github/ISSUE_TEMPLATE/issue.bug.yml b/.github/ISSUE_TEMPLATE/issue.bug.yml old mode 100755 new mode 100644 index ce3d19af..9ac9a62d --- a/.github/ISSUE_TEMPLATE/issue.bug.yml +++ b/.github/ISSUE_TEMPLATE/issue.bug.yml @@ -67,10 +67,10 @@ body: - type: textarea attributes: description: | - Provide a full docker log, output of "docker logs linuxserver.io" + Provide a full docker log, output of "docker logs nextcloud" label: Container logs placeholder: | - Output of `docker logs linuxserver.io` + Output of `docker logs nextcloud` render: bash validations: required: true diff --git a/.github/ISSUE_TEMPLATE/issue.feature.yml b/.github/ISSUE_TEMPLATE/issue.feature.yml old mode 100755 new mode 100644 diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index aeab469a..4057ec8d 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -21,7 +21,7 @@ ------------------------------ - - [ ] I have read the [contributing](https://github.com/linuxserver/docker-nextcloud/blob/master/.github/CONTRIBUTING.md) guideline and understand that I have made the correct modifications + - [ ] I have read the [contributing](https://github.com/linuxserver/docker-nextcloud/blob/develop/.github/CONTRIBUTING.md) guideline and understand that I have made the correct modifications ------------------------------ diff --git a/.github/workflows/call_issue_pr_tracker.yml b/.github/workflows/call_issue_pr_tracker.yml old mode 100755 new mode 100644 index 2c307843..d07cf121 --- a/.github/workflows/call_issue_pr_tracker.yml +++ b/.github/workflows/call_issue_pr_tracker.yml @@ -8,6 +8,9 @@ on: pull_request_review: types: [submitted,edited,dismissed] +permissions: + contents: read + jobs: manage-project: permissions: diff --git a/.github/workflows/call_issues_cron.yml b/.github/workflows/call_issues_cron.yml old mode 100755 new mode 100644 index 3cade4bc..716c188d --- a/.github/workflows/call_issues_cron.yml +++ b/.github/workflows/call_issues_cron.yml @@ -4,6 +4,9 @@ on: - cron: '35 2 * * *' workflow_dispatch: +permissions: + contents: read + jobs: stale: permissions: diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml old mode 100755 new mode 100644 index 735e3ecb..ef938ffb --- a/.github/workflows/external_trigger.yml +++ b/.github/workflows/external_trigger.yml @@ -3,52 +3,86 @@ name: External Trigger Main on: workflow_dispatch: +permissions: + contents: read + jobs: - external-trigger-master: + external-trigger-develop: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3.1.0 + - uses: actions/checkout@v4.1.1 - name: External Trigger - if: github.ref == 'refs/heads/master' + if: github.ref == 'refs/heads/develop' + env: + SKIP_EXTERNAL_TRIGGER: ${{ vars.SKIP_EXTERNAL_TRIGGER }} run: | - if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_NEXTCLOUD_MASTER }}" ]; then - echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_NEXTCLOUD_MASTER is set; skipping trigger. ****" - echo "Github secret \`PAUSE_EXTERNAL_TRIGGER_NEXTCLOUD_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY + printf "# External trigger for docker-nextcloud\n\n" >> $GITHUB_STEP_SUMMARY + if grep -q "^nextcloud_develop_" <<< "${SKIP_EXTERNAL_TRIGGER}"; then + echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY + echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` contains \`nextcloud_develop_\`; will skip trigger if version matches." >> $GITHUB_STEP_SUMMARY + elif grep -q "^nextcloud_develop" <<< "${SKIP_EXTERNAL_TRIGGER}"; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` contains \`nextcloud_develop\`; skipping trigger." >> $GITHUB_STEP_SUMMARY + exit 0 + fi + echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY + echo "> External trigger running off of develop branch. To disable this trigger, add \`nextcloud_develop\` into the Github organizational variable \`SKIP_EXTERNAL_TRIGGER\`." >> $GITHUB_STEP_SUMMARY + printf "\n## Retrieving external version\n\n" >> $GITHUB_STEP_SUMMARY + EXT_RELEASE=$(curl -u ${{ secrets.CR_USER }}:${{ secrets.CR_PAT }} -sX GET https://api.github.com/repos/nextcloud/server/releases | jq -r '.[] | select(.prerelease == true) | .tag_name' | sed 's|^v||g' | sort -rV | head -1) + echo "Type is \`custom_version_command\`" >> $GITHUB_STEP_SUMMARY + if grep -q "^nextcloud_develop_${EXT_RELEASE}" <<< "${SKIP_EXTERNAL_TRIGGER}"; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` matches current external release; skipping trigger." >> $GITHUB_STEP_SUMMARY exit 0 fi - echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_NEXTCLOUD_MASTER\". ****" - echo "External trigger running off of master branch. To disable this trigger, set a Github secret named \`PAUSE_EXTERNAL_TRIGGER_NEXTCLOUD_MASTER\`" >> $GITHUB_STEP_SUMMARY - echo "**** Retrieving external version ****" - EXT_RELEASE=$(curl -u ${{ secrets.CR_USER }}:${{ secrets.CR_PAT }} -sX GET https://api.github.com/repos/nextcloud/server/releases | jq -r '.[] | select(.prerelease != true) | .tag_name' | sed 's|^v||g' | sort -rV | head -1) if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then - echo "**** Can't retrieve external version, exiting ****" - FAILURE_REASON="Can't retrieve external version for nextcloud branch master" + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> Can't retrieve external version, exiting" >> $GITHUB_STEP_SUMMARY + FAILURE_REASON="Can't retrieve external version for nextcloud branch develop" GHA_TRIGGER_URL="https://github.com/linuxserver/docker-nextcloud/actions/runs/${{ github.run_id }}" curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680, "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n**Trigger URL:** '"${GHA_TRIGGER_URL}"' \n"}], "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} exit 1 fi - EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g') - echo "**** External version: ${EXT_RELEASE} ****" - echo "External version: ${EXT_RELEASE}" >> $GITHUB_STEP_SUMMARY - echo "**** Retrieving last pushed version ****" + EXT_RELEASE_SANITIZED=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g') + echo "Sanitized external version: \`${EXT_RELEASE_SANITIZED}\`" >> $GITHUB_STEP_SUMMARY + echo "Retrieving last pushed version" >> $GITHUB_STEP_SUMMARY image="linuxserver/nextcloud" - tag="latest" + tag="develop" token=$(curl -sX GET \ "https://ghcr.io/token?scope=repository%3Alinuxserver%2Fnextcloud%3Apull" \ | jq -r '.token') - multidigest=$(curl -s \ - --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ - --header "Authorization: Bearer ${token}" \ - "https://ghcr.io/v2/${image}/manifests/${tag}" \ - | jq -r 'first(.manifests[].digest)') - digest=$(curl -s \ + multidigest=$(curl -s \ + --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ + --header "Accept: application/vnd.oci.image.index.v1+json" \ + --header "Authorization: Bearer ${token}" \ + "https://ghcr.io/v2/${image}/manifests/${tag}") + if jq -e '.layers // empty' <<< "${multidigest}" >/dev/null 2>&1; then + # If there's a layer element it's a single-arch manifest so just get that digest + digest=$(jq -r '.config.digest' <<< "${multidigest}") + else + # Otherwise it's multi-arch or has manifest annotations + if jq -e '.manifests[]?.annotations // empty' <<< "${multidigest}" >/dev/null 2>&1; then + # Check for manifest annotations and delete if found + multidigest=$(jq 'del(.manifests[] | select(.annotations))' <<< "${multidigest}") + fi + if [[ $(jq '.manifests | length' <<< "${multidigest}") -gt 1 ]]; then + # If there's still more than one digest, it's multi-arch + multidigest=$(jq -r ".manifests[] | select(.platform.architecture == \"amd64\").digest?" <<< "${multidigest}") + else + # Otherwise it's single arch + multidigest=$(jq -r ".manifests[].digest?" <<< "${multidigest}") + fi + if digest=$(curl -s \ --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ + --header "Accept: application/vnd.oci.image.manifest.v1+json" \ --header "Authorization: Bearer ${token}" \ - "https://ghcr.io/v2/${image}/manifests/${multidigest}" \ - | jq -r '.config.digest') + "https://ghcr.io/v2/${image}/manifests/${multidigest}"); then + digest=$(jq -r '.config.digest' <<< "${digest}"); + fi + fi image_info=$(curl -sL \ --header "Authorization: Bearer ${token}" \ "https://ghcr.io/v2/${image}/blobs/${digest}") @@ -60,45 +94,54 @@ jobs: IMAGE_RELEASE=$(echo ${image_info} | jq -r '.Labels.build_version' | awk '{print $3}') IMAGE_VERSION=$(echo ${IMAGE_RELEASE} | awk -F'-ls' '{print $1}') if [ -z "${IMAGE_VERSION}" ]; then - echo "**** Can't retrieve last pushed version, exiting ****" - FAILURE_REASON="Can't retrieve last pushed version for nextcloud tag latest" + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "Can't retrieve last pushed version, exiting" >> $GITHUB_STEP_SUMMARY + FAILURE_REASON="Can't retrieve last pushed version for nextcloud tag develop" curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680, "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}], "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} exit 1 fi - echo "**** Last pushed version: ${IMAGE_VERSION} ****" - echo "Last pushed version: ${IMAGE_VERSION}" >> $GITHUB_STEP_SUMMARY - if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then - echo "**** Version ${EXT_RELEASE} already pushed, exiting ****" - echo "Version ${EXT_RELEASE} already pushed, exiting" >> $GITHUB_STEP_SUMMARY + echo "Last pushed version: \`${IMAGE_VERSION}\`" >> $GITHUB_STEP_SUMMARY + if [ "${EXT_RELEASE_SANITIZED}" == "${IMAGE_VERSION}" ]; then + echo "Sanitized version \`${EXT_RELEASE_SANITIZED}\` already pushed, exiting" >> $GITHUB_STEP_SUMMARY exit 0 - elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-nextcloud/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then - echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****" - echo "New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY + elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-nextcloud/job/develop/lastBuild/api/json | jq -r '.building') == "true" ]; then + echo "New version \`${EXT_RELEASE}\` found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY exit 0 else - echo "**** New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build ****" - echo "New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build" >> $GITHUB_STEP_SUMMARY - response=$(curl -iX POST \ - https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-nextcloud/job/master/buildWithParameters?PACKAGE_CHECK=false \ - --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") - echo "**** Jenkins job queue url: ${response%$'\r'} ****" - echo "**** Sleeping 10 seconds until job starts ****" - sleep 10 - buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') - buildurl="${buildurl%$'\r'}" - echo "**** Jenkins job build url: ${buildurl} ****" - echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY - echo "**** Attempting to change the Jenkins job description ****" - curl -iX POST \ - "${buildurl}submitDescription" \ - --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \ - --data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ - --data-urlencode "Submit=Submit" - echo "**** Notifying Discord ****" - TRIGGER_REASON="A version change was detected for nextcloud tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE}" - curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, - "description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}], - "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} + if [[ "${artifacts_found}" == "false" ]]; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> New version detected, but not all artifacts are published yet; skipping trigger" >> $GITHUB_STEP_SUMMARY + FAILURE_REASON="New version ${EXT_RELEASE} for nextcloud tag develop is detected, however not all artifacts are uploaded to upstream release yet. Will try again later." + curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, + "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}], + "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} + else + printf "\n## Trigger new build\n\n" >> $GITHUB_STEP_SUMMARY + echo "New sanitized version \`${EXT_RELEASE_SANITIZED}\` found; old version was \`${IMAGE_VERSION}\`. Triggering new build" >> $GITHUB_STEP_SUMMARY + if [[ "${artifacts_found}" == "true" ]]; then + echo "All artifacts seem to be uploaded." >> $GITHUB_STEP_SUMMARY + fi + response=$(curl -iX POST \ + https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-nextcloud/job/develop/buildWithParameters?PACKAGE_CHECK=false \ + --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") + echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY + echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY + sleep 10 + buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') + buildurl="${buildurl%$'\r'}" + echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY + echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY + curl -iX POST \ + "${buildurl}submitDescription" \ + --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \ + --data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ + --data-urlencode "Submit=Submit" + echo "**** Notifying Discord ****" + TRIGGER_REASON="A version change was detected for nextcloud tag develop. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE_SANITIZED}" + curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, + "description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}], + "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} + fi fi diff --git a/.github/workflows/external_trigger_scheduler.yml b/.github/workflows/external_trigger_scheduler.yml old mode 100755 new mode 100644 index 885f3417..f19c4094 --- a/.github/workflows/external_trigger_scheduler.yml +++ b/.github/workflows/external_trigger_scheduler.yml @@ -5,41 +5,44 @@ on: - cron: '27 * * * *' workflow_dispatch: +permissions: + contents: read + jobs: external-trigger-scheduler: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3.1.0 + - uses: actions/checkout@v4.1.1 with: fetch-depth: '0' - name: External Trigger Scheduler run: | - echo "**** Branches found: ****" - git for-each-ref --format='%(refname:short)' refs/remotes - for br in $(git for-each-ref --format='%(refname:short)' refs/remotes) + printf "# External trigger scheduler for docker-nextcloud\n\n" >> $GITHUB_STEP_SUMMARY + printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY + for br in $(git for-each-ref --format='%(refname:lstrip=3)' refs/remotes) do - br=$(echo "$br" | sed 's|origin/||g') - echo "**** Evaluating branch ${br} ****" + if [[ "${br}" == "HEAD" ]]; then + printf "\nSkipping %s.\n" ${br} >> $GITHUB_STEP_SUMMARY + continue + fi + printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY ls_jenkins_vars=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-nextcloud/${br}/jenkins-vars.yml) ls_branch=$(echo "${ls_jenkins_vars}" | yq -r '.ls_branch') ls_trigger=$(echo "${ls_jenkins_vars}" | yq -r '.external_type') if [[ "${br}" == "${ls_branch}" ]] && [[ "${ls_trigger}" != "os" ]]; then - echo "**** Branch ${br} appears to be live and trigger is not os; checking workflow. ****" + echo "Branch appears to be live and trigger is not os; checking workflow." >> $GITHUB_STEP_SUMMARY if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-nextcloud/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then - echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****." - echo "Triggering external trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY + echo "Triggering external trigger workflow for branch." >> $GITHUB_STEP_SUMMARY curl -iX POST \ -H "Authorization: token ${{ secrets.CR_PAT }}" \ -H "Accept: application/vnd.github.v3+json" \ -d "{\"ref\":\"refs/heads/${br}\"}" \ https://api.github.com/repos/linuxserver/docker-nextcloud/actions/workflows/external_trigger.yml/dispatches else - echo "**** Workflow doesn't exist; skipping trigger. ****" - echo "Skipping branch ${br} due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY + echo "Skipping branch due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY fi else - echo "**** ${br} is either a dev branch, or has no external version; skipping trigger. ****" - echo "Skipping branch ${br} due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY + echo "Skipping branch due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY fi done diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml old mode 100755 new mode 100644 index aebf625f..e9609fcc --- a/.github/workflows/greetings.yml +++ b/.github/workflows/greetings.yml @@ -2,12 +2,18 @@ name: Greetings on: [pull_request_target, issues] +permissions: + contents: read + jobs: greeting: + permissions: + issues: write + pull-requests: write runs-on: ubuntu-latest steps: - uses: actions/first-interaction@v1 with: issue-message: 'Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.' - pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver/docker-nextcloud/blob/master/.github/PULL_REQUEST_TEMPLATE.md)!' + pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver/docker-nextcloud/blob/develop/.github/PULL_REQUEST_TEMPLATE.md)!' repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/package_trigger.yml b/.github/workflows/package_trigger.yml deleted file mode 100755 index f2b95ece..00000000 --- a/.github/workflows/package_trigger.yml +++ /dev/null @@ -1,42 +0,0 @@ -name: Package Trigger Main - -on: - workflow_dispatch: - -jobs: - package-trigger-master: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3.1.0 - - - name: Package Trigger - if: github.ref == 'refs/heads/master' - run: | - if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_NEXTCLOUD_MASTER }}" ]; then - echo "**** Github secret PAUSE_PACKAGE_TRIGGER_NEXTCLOUD_MASTER is set; skipping trigger. ****" - echo "Github secret \`PAUSE_PACKAGE_TRIGGER_NEXTCLOUD_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY - exit 0 - fi - if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-nextcloud/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then - echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****" - echo "There already seems to be an active build on Jenkins; skipping package trigger" >> $GITHUB_STEP_SUMMARY - exit 0 - fi - echo "**** Package trigger running off of master branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_NEXTCLOUD_MASTER\". ****" - echo "Package trigger running off of master branch. To disable, set a Github secret named \`PAUSE_PACKAGE_TRIGGER_NEXTCLOUD_MASTER\`" >> $GITHUB_STEP_SUMMARY - response=$(curl -iX POST \ - https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-nextcloud/job/master/buildWithParameters?PACKAGE_CHECK=true \ - --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") - echo "**** Jenkins job queue url: ${response%$'\r'} ****" - echo "**** Sleeping 10 seconds until job starts ****" - sleep 10 - buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') - buildurl="${buildurl%$'\r'}" - echo "**** Jenkins job build url: ${buildurl} ****" - echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY - echo "**** Attempting to change the Jenkins job description ****" - curl -iX POST \ - "${buildurl}submitDescription" \ - --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \ - --data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ - --data-urlencode "Submit=Submit" diff --git a/.github/workflows/package_trigger_scheduler.yml b/.github/workflows/package_trigger_scheduler.yml old mode 100755 new mode 100644 index 6b973394..6af46fcf --- a/.github/workflows/package_trigger_scheduler.yml +++ b/.github/workflows/package_trigger_scheduler.yml @@ -5,46 +5,99 @@ on: - cron: '42 11 * * 2' workflow_dispatch: +permissions: + contents: read + jobs: package-trigger-scheduler: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3.1.0 + - uses: actions/checkout@v4.1.1 with: fetch-depth: '0' - name: Package Trigger Scheduler + env: + SKIP_PACKAGE_TRIGGER: ${{ vars.SKIP_PACKAGE_TRIGGER }} run: | - echo "**** Branches found: ****" - git for-each-ref --format='%(refname:short)' refs/remotes - for br in $(git for-each-ref --format='%(refname:short)' refs/remotes) + printf "# Package trigger scheduler for docker-nextcloud\n\n" >> $GITHUB_STEP_SUMMARY + printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY + for br in $(git for-each-ref --format='%(refname:lstrip=3)' refs/remotes) do - br=$(echo "$br" | sed 's|origin/||g') - echo "**** Evaluating branch ${br} ****" - ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-nextcloud/${br}/jenkins-vars.yml | yq -r '.ls_branch') - if [ "${br}" == "${ls_branch}" ]; then - echo "**** Branch ${br} appears to be live; checking workflow. ****" - if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-nextcloud/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then - echo "**** Workflow exists. Triggering package trigger workflow for branch ${br}. ****" - echo "Triggering package trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY - triggered_branches="${triggered_branches}${br} " - curl -iX POST \ - -H "Authorization: token ${{ secrets.CR_PAT }}" \ - -H "Accept: application/vnd.github.v3+json" \ - -d "{\"ref\":\"refs/heads/${br}\"}" \ - https://api.github.com/repos/linuxserver/docker-nextcloud/actions/workflows/package_trigger.yml/dispatches - sleep 30 + if [[ "${br}" == "HEAD" ]]; then + printf "\nSkipping %s.\n" ${br} >> $GITHUB_STEP_SUMMARY + continue + fi + printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY + JENKINS_VARS=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-nextcloud/${br}/jenkins-vars.yml) + if ! curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-nextcloud/${br}/Jenkinsfile >/dev/null 2>&1; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> No Jenkinsfile found. Branch is either deprecated or is an early dev branch." >> $GITHUB_STEP_SUMMARY + skipped_branches="${skipped_branches}${br} " + elif [[ "${br}" == $(yq -r '.ls_branch' <<< "${JENKINS_VARS}") ]]; then + echo "Branch appears to be live; checking workflow." >> $GITHUB_STEP_SUMMARY + README_VARS=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-nextcloud/${br}/readme-vars.yml) + if [[ $(yq -r '.project_deprecation_status' <<< "${README_VARS}") == "true" ]]; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> Branch appears to be deprecated; skipping trigger." >> $GITHUB_STEP_SUMMARY + skipped_branches="${skipped_branches}${br} " + elif [[ $(yq -r '.skip_package_check' <<< "${JENKINS_VARS}") == "true" ]]; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> Skipping branch ${br} due to \`skip_package_check\` being set in \`jenkins-vars.yml\`." >> $GITHUB_STEP_SUMMARY + skipped_branches="${skipped_branches}${br} " + elif grep -q "^nextcloud_${br}" <<< "${SKIP_PACKAGE_TRIGGER}"; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> Github organizational variable \`SKIP_PACKAGE_TRIGGER\` contains \`nextcloud_${br}\`; skipping trigger." >> $GITHUB_STEP_SUMMARY + skipped_branches="${skipped_branches}${br} " + elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-nextcloud/job/${br}/lastBuild/api/json | jq -r '.building' 2>/dev/null) == "true" ]; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> There already seems to be an active build on Jenkins; skipping package trigger for ${br}" >> $GITHUB_STEP_SUMMARY + skipped_branches="${skipped_branches}${br} " else - echo "**** Workflow doesn't exist; skipping trigger. ****" - echo "Skipping branch ${br} due to no package trigger workflow present." >> $GITHUB_STEP_SUMMARY + echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY + echo "> Triggering package trigger for branch ${br}" >> $GITHUB_STEP_SUMMARY + printf "> To disable, add \`nextcloud_%s\` into the Github organizational variable \`SKIP_PACKAGE_TRIGGER\`.\n\n" "${br}" >> $GITHUB_STEP_SUMMARY + triggered_branches="${triggered_branches}${br} " + response=$(curl -iX POST \ + https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-nextcloud/job/${br}/buildWithParameters?PACKAGE_CHECK=true \ + --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") + if [[ -z "${response}" ]]; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> Jenkins build could not be triggered. Skipping branch." + continue + fi + echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY + echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY + sleep 10 + buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') + buildurl="${buildurl%$'\r'}" + echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY + echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY + if ! curl -ifX POST \ + "${buildurl}submitDescription" \ + --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \ + --data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ + --data-urlencode "Submit=Submit"; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> Unable to change the Jenkins job description." + fi + sleep 20 fi else - echo "**** ${br} appears to be a dev branch; skipping trigger. ****" echo "Skipping branch ${br} due to being detected as dev branch." >> $GITHUB_STEP_SUMMARY fi done - echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****" - echo "**** Notifying Discord ****" - curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, - "description": "**Package Check Build(s) Triggered for nextcloud** \n**Branch(es):** '"${triggered_branches}"' \n**Build URL:** '"https://ci.linuxserver.io/blue/organizations/jenkins/Docker-Pipeline-Builders%2Fdocker-nextcloud/activity/"' \n"}], - "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} + if [[ -n "${triggered_branches}" ]] || [[ -n "${skipped_branches}" ]]; then + if [[ -n "${triggered_branches}" ]]; then + NOTIFY_BRANCHES="**Triggered:** ${triggered_branches} \n" + NOTIFY_BUILD_URL="**Build URL:** https://ci.linuxserver.io/blue/organizations/jenkins/Docker-Pipeline-Builders%2Fdocker-nextcloud/activity/ \n" + echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****" + fi + if [[ -n "${skipped_branches}" ]]; then + NOTIFY_BRANCHES="${NOTIFY_BRANCHES}**Skipped:** ${skipped_branches} \n" + fi + echo "**** Notifying Discord ****" + curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, + "description": "**Package Check Build(s) for nextcloud** \n'"${NOTIFY_BRANCHES}"''"${NOTIFY_BUILD_URL}"'"}], + "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} + fi diff --git a/.github/workflows/permissions.yml b/.github/workflows/permissions.yml old mode 100755 new mode 100644 index 1447bc55..02e1bdb9 --- a/.github/workflows/permissions.yml +++ b/.github/workflows/permissions.yml @@ -5,6 +5,8 @@ on: - '**/run' - '**/finish' - '**/check' + - 'root/migrations/*' + jobs: permission_check: uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1 diff --git a/Dockerfile b/Dockerfile index 33e1729c..f9fb0e46 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.18 +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.22 # set version label ARG BUILD_DATE @@ -19,45 +19,43 @@ RUN \ gnu-libiconv \ imagemagick \ libxml2 \ - php82-apcu \ - php82-bcmath \ - php82-bz2 \ - php82-dom \ - php82-exif \ - php82-ftp \ - php82-gd \ - php82-gmp \ - php82-imap \ - php82-intl \ - php82-ldap \ - php82-opcache \ - php82-pcntl \ - php82-pdo_mysql \ - php82-pdo_pgsql \ - php82-pdo_sqlite \ - php82-pecl-imagick \ - php82-pecl-memcached \ - php82-pecl-smbclient \ - php82-pgsql \ - php82-posix \ - php82-redis \ - php82-sodium \ - php82-sqlite3 \ - php82-sysvsem \ - php82-xmlreader \ + php84-apcu \ + php84-bcmath \ + php84-bz2 \ + php84-dom \ + php84-exif \ + php84-ftp \ + php84-gd \ + php84-gmp \ + php84-imap \ + php84-intl \ + php84-ldap \ + php84-opcache \ + php84-pcntl \ + php84-pdo_mysql \ + php84-pdo_pgsql \ + php84-pdo_sqlite \ + php84-pecl-imagick \ + php84-pecl-memcached \ + php84-pecl-smbclient \ + php84-pgsql \ + php84-posix \ + php84-redis \ + php84-sodium \ + php84-sqlite3 \ + php84-sysvsem \ + php84-xmlreader \ rsync \ samba-client \ sudo && \ - apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ - php82-pecl-mcrypt && \ echo "**** configure php-fpm to pass env vars ****" && \ - sed -E -i 's/^;?clear_env ?=.*$/clear_env = no/g' /etc/php82/php-fpm.d/www.conf && \ - grep -qxF 'clear_env = no' /etc/php82/php-fpm.d/www.conf || echo 'clear_env = no' >> /etc/php82/php-fpm.d/www.conf && \ - echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php82/php-fpm.conf && \ + sed -E -i 's/^;?clear_env ?=.*$/clear_env = no/g' /etc/php84/php-fpm.d/www.conf && \ + if ! grep -qxF 'clear_env = no' /etc/php84/php-fpm.d/www.conf; then echo 'clear_env = no' >> /etc/php84/php-fpm.d/www.conf; fi && \ + echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php84/php-fpm.conf && \ echo "**** configure php for nextcloud ****" && \ { \ echo 'apc.enable_cli=1'; \ - } >> /etc/php82/conf.d/apcu.ini && \ + } >> /etc/php84/conf.d/apcu.ini && \ { \ echo 'opcache.enable=1'; \ echo 'opcache.interned_strings_buffer=32'; \ @@ -67,32 +65,33 @@ RUN \ echo 'opcache.revalidate_freq=60'; \ echo 'opcache.jit=1255'; \ echo 'opcache.jit_buffer_size=128M'; \ - } >> "/etc/php82/conf.d/00_opcache.ini" && \ + } >> "/etc/php84/conf.d/00_opcache.ini" && \ { \ - echo 'memory_limit=512M'; \ - echo 'upload_max_filesize=512M'; \ - echo 'post_max_size=512M'; \ - echo 'max_input_time=300'; \ - echo 'max_execution_time=300'; \ + echo 'memory_limit=-1'; \ + echo 'upload_max_filesize=100G'; \ + echo 'post_max_size=100G'; \ + echo 'max_input_time=3600'; \ + echo 'max_execution_time=3600'; \ echo 'output_buffering=0'; \ echo 'always_populate_raw_post_data=-1'; \ - } >> "/etc/php82/conf.d/nextcloud.ini" && \ + } >> "/etc/php84/conf.d/nextcloud.ini" && \ echo "**** install nextcloud ****" && \ mkdir -p \ /app/www/src/ && \ if [ -z ${NEXTCLOUD_RELEASE+x} ]; then \ NEXTCLOUD_RELEASE=$(curl -sX GET https://api.github.com/repos/nextcloud/server/releases \ - | jq -r '.[] | select(.prerelease != true) | .tag_name' \ + | jq -r '.[] | select(.prerelease == true) | .tag_name' \ | sed 's|^v||g' | sort -rV | head -1); \ fi && \ curl -o \ /tmp/nextcloud.tar.bz2 -L \ - https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_RELEASE}.tar.bz2 && \ + https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_RELEASE}.tar.bz2 && \ tar xf /tmp/nextcloud.tar.bz2 -C \ /app/www/src --strip-components=1 && \ rm -rf /app/www/src/updater && \ mkdir -p /app/www/src/data && \ chmod +x /app/www/src/occ && \ + printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \ echo "**** cleanup ****" && \ rm -rf \ /tmp/* diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index a7fe3e76..dbc85f4f 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.18 +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.22 # set version label ARG BUILD_DATE @@ -19,45 +19,43 @@ RUN \ gnu-libiconv \ imagemagick \ libxml2 \ - php82-apcu \ - php82-bcmath \ - php82-bz2 \ - php82-dom \ - php82-exif \ - php82-ftp \ - php82-gd \ - php82-gmp \ - php82-imap \ - php82-intl \ - php82-ldap \ - php82-opcache \ - php82-pcntl \ - php82-pdo_mysql \ - php82-pdo_pgsql \ - php82-pdo_sqlite \ - php82-pecl-imagick \ - php82-pecl-memcached \ - php82-pecl-smbclient \ - php82-pgsql \ - php82-posix \ - php82-redis \ - php82-sodium \ - php82-sqlite3 \ - php82-sysvsem \ - php82-xmlreader \ + php84-apcu \ + php84-bcmath \ + php84-bz2 \ + php84-dom \ + php84-exif \ + php84-ftp \ + php84-gd \ + php84-gmp \ + php84-imap \ + php84-intl \ + php84-ldap \ + php84-opcache \ + php84-pcntl \ + php84-pdo_mysql \ + php84-pdo_pgsql \ + php84-pdo_sqlite \ + php84-pecl-imagick \ + php84-pecl-memcached \ + php84-pecl-smbclient \ + php84-pgsql \ + php84-posix \ + php84-redis \ + php84-sodium \ + php84-sqlite3 \ + php84-sysvsem \ + php84-xmlreader \ rsync \ samba-client \ sudo && \ - apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ - php82-pecl-mcrypt && \ echo "**** configure php-fpm to pass env vars ****" && \ - sed -E -i 's/^;?clear_env ?=.*$/clear_env = no/g' /etc/php82/php-fpm.d/www.conf && \ - grep -qxF 'clear_env = no' /etc/php82/php-fpm.d/www.conf || echo 'clear_env = no' >> /etc/php82/php-fpm.d/www.conf && \ - echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php82/php-fpm.conf && \ + sed -E -i 's/^;?clear_env ?=.*$/clear_env = no/g' /etc/php84/php-fpm.d/www.conf && \ + if ! grep -qxF 'clear_env = no' /etc/php84/php-fpm.d/www.conf; then echo 'clear_env = no' >> /etc/php84/php-fpm.d/www.conf; fi && \ + echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php84/php-fpm.conf && \ echo "**** configure php for nextcloud ****" && \ { \ echo 'apc.enable_cli=1'; \ - } >> /etc/php82/conf.d/apcu.ini && \ + } >> /etc/php84/conf.d/apcu.ini && \ { \ echo 'opcache.enable=1'; \ echo 'opcache.interned_strings_buffer=32'; \ @@ -67,32 +65,33 @@ RUN \ echo 'opcache.revalidate_freq=60'; \ echo 'opcache.jit=1255'; \ echo 'opcache.jit_buffer_size=128M'; \ - } >> "/etc/php82/conf.d/00_opcache.ini" && \ + } >> "/etc/php84/conf.d/00_opcache.ini" && \ { \ - echo 'memory_limit=512M'; \ - echo 'upload_max_filesize=512M'; \ - echo 'post_max_size=512M'; \ - echo 'max_input_time=300'; \ - echo 'max_execution_time=300'; \ + echo 'memory_limit=-1'; \ + echo 'upload_max_filesize=100G'; \ + echo 'post_max_size=100G'; \ + echo 'max_input_time=3600'; \ + echo 'max_execution_time=3600'; \ echo 'output_buffering=0'; \ echo 'always_populate_raw_post_data=-1'; \ - } >> "/etc/php82/conf.d/nextcloud.ini" && \ + } >> "/etc/php84/conf.d/nextcloud.ini" && \ echo "**** install nextcloud ****" && \ mkdir -p \ /app/www/src/ && \ if [ -z ${NEXTCLOUD_RELEASE+x} ]; then \ NEXTCLOUD_RELEASE=$(curl -sX GET https://api.github.com/repos/nextcloud/server/releases \ - | jq -r '.[] | select(.prerelease != true) | .tag_name' \ + | jq -r '.[] | select(.prerelease == true) | .tag_name' \ | sed 's|^v||g' | sort -rV | head -1); \ fi && \ curl -o \ /tmp/nextcloud.tar.bz2 -L \ - https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_RELEASE}.tar.bz2 && \ + https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_RELEASE}.tar.bz2 && \ tar xf /tmp/nextcloud.tar.bz2 -C \ /app/www/src --strip-components=1 && \ rm -rf /app/www/src/updater && \ mkdir -p /app/www/src/data && \ chmod +x /app/www/src/occ && \ + printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \ echo "**** cleanup ****" && \ rm -rf \ /tmp/* diff --git a/Jenkinsfile b/Jenkinsfile index 8bcb4cfb..4bf818b1 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -8,7 +8,7 @@ pipeline { } // Input to determine if this is a package check parameters { - string(defaultValue: 'false', description: 'package check run', name: 'PACKAGE_CHECK') + string(defaultValue: 'false', description: 'package check run', name: 'PACKAGE_CHECK') } // Configuration for the variables used for this specific repo environment { @@ -16,7 +16,9 @@ pipeline { GITHUB_TOKEN=credentials('498b4638-2d02-4ce5-832d-8a57d01d97ab') GITLAB_TOKEN=credentials('b6f0f1dd-6952-4cf6-95d1-9c06380283f0') GITLAB_NAMESPACE=credentials('gitlab-namespace-id') - SCARF_TOKEN=credentials('scarf_api_key') + DOCKERHUB_TOKEN=credentials('docker-hub-ci-pat') + QUAYIO_API_TOKEN=credentials('quayio-repo-api-token') + GIT_SIGNING_KEY=credentials('484fbca6-9a4f-455e-b9e3-97ac98785f5f') BUILD_VERSION_ARG = 'NEXTCLOUD_RELEASE' LS_USER = 'linuxserver' LS_REPO = 'docker-nextcloud' @@ -31,24 +33,50 @@ pipeline { CI_PORT='443' CI_SSL='true' CI_DELAY='120' - CI_DOCKERENV='TZ=US/Pacific' - CI_AUTH='user:password' + CI_DOCKERENV='' + CI_AUTH='' CI_WEBPATH='' } stages { + stage("Set git config"){ + steps{ + sh '''#!/bin/bash + cat ${GIT_SIGNING_KEY} > /config/.ssh/id_sign + chmod 600 /config/.ssh/id_sign + ssh-keygen -y -f /config/.ssh/id_sign > /config/.ssh/id_sign.pub + echo "Using $(ssh-keygen -lf /config/.ssh/id_sign) to sign commits" + git config --global gpg.format ssh + git config --global user.signingkey /config/.ssh/id_sign + git config --global commit.gpgsign true + ''' + } + } // Setup all the basic environment variables needed for the build stage("Set ENV Variables base"){ steps{ + echo "Running on node: ${NODE_NAME}" sh '''#! /bin/bash - containers=$(docker ps -aq) + echo "Pruning builder" + docker builder prune -f --builder container || : + containers=$(docker ps -q) if [[ -n "${containers}" ]]; then - docker stop ${containers} + BUILDX_CONTAINER_ID=$(docker ps -qf 'name=buildx_buildkit') + for container in ${containers}; do + if [[ "${container}" == "${BUILDX_CONTAINER_ID}" ]]; then + echo "skipping buildx container in docker stop" + else + echo "Stopping container ${container}" + docker stop ${container} + fi + done fi - docker system prune -af --volumes || : ''' + docker system prune -f --volumes || : + docker image prune -af || : + ''' script{ env.EXIT_STATUS = '' env.LS_RELEASE = sh( - script: '''docker run --rm quay.io/skopeo/stable:v1 inspect docker://ghcr.io/${LS_USER}/${CONTAINER_NAME}:latest 2>/dev/null | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''', + script: '''docker run --rm quay.io/skopeo/stable:v1 inspect docker://ghcr.io/${LS_USER}/${CONTAINER_NAME}:develop 2>/dev/null | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''', returnStdout: true).trim() env.LS_RELEASE_NOTES = sh( script: '''cat readme-vars.yml | awk -F \\" '/date: "[0-9][0-9].[0-9][0-9].[0-9][0-9]:/ {print $4;exit;}' | sed -E ':a;N;$!ba;s/\\r{0,1}\\n/\\\\n/g' ''', @@ -59,11 +87,20 @@ pipeline { env.COMMIT_SHA = sh( script: '''git rev-parse HEAD''', returnStdout: true).trim() + env.GH_DEFAULT_BRANCH = sh( + script: '''git remote show origin | grep "HEAD branch:" | sed 's|.*HEAD branch: ||' ''', + returnStdout: true).trim() env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/' env.PULL_REQUEST = env.CHANGE_ID - env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml' + env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml' + if ( env.SYFT_IMAGE_TAG == null ) { + env.SYFT_IMAGE_TAG = 'latest' + } } + echo "Using syft image tag ${SYFT_IMAGE_TAG}" + sh '''#! /bin/bash + echo "The default github branch detected as ${GH_DEFAULT_BRANCH}" ''' script{ env.LS_RELEASE_NUMBER = sh( script: '''echo ${LS_RELEASE} |sed 's/^.*-ls//g' ''', @@ -72,7 +109,7 @@ pipeline { script{ env.LS_TAG_NUMBER = sh( script: '''#! /bin/bash - tagsha=$(git rev-list -n 1 ${LS_RELEASE} 2>/dev/null) + tagsha=$(git rev-list -n 1 develop-${LS_RELEASE} 2>/dev/null) if [ "${tagsha}" == "${COMMIT_SHA}" ]; then echo ${LS_RELEASE_NUMBER} elif [ -z "${GIT_COMMIT}" ]; then @@ -110,7 +147,7 @@ pipeline { steps{ script{ env.EXT_RELEASE = sh( - script: ''' curl -sX GET https://api.github.com/repos/nextcloud/server/releases | jq -r '.[] | select(.prerelease != true) | .tag_name' | sed 's|^v||g' | sort -rV | head -1 ''', + script: ''' curl -sX GET https://api.github.com/repos/nextcloud/server/releases | jq -r '.[] | select(.prerelease == true) | .tag_name' | sed 's|^v||g' | sort -rV | head -1 ''', returnStdout: true).trim() env.RELEASE_LINK = 'custom_command' } @@ -121,7 +158,7 @@ pipeline { steps{ script{ env.EXT_RELEASE_CLEAN = sh( - script: '''echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g' ''', + script: '''echo ${EXT_RELEASE} | sed 's/[~,%@+;:/ ]//g' ''', returnStdout: true).trim() def semver = env.EXT_RELEASE_CLEAN =~ /(\d+)\.(\d+)\.(\d+)/ @@ -139,7 +176,7 @@ pipeline { } if (env.SEMVER != null) { - if (BRANCH_NAME != "master" && BRANCH_NAME != "main") { + if (BRANCH_NAME != "${env.GH_DEFAULT_BRANCH}") { env.SEMVER = "${env.SEMVER}-${BRANCH_NAME}" } println("SEMVER: ${env.SEMVER}") @@ -150,10 +187,10 @@ pipeline { } } } - // If this is a master build use live docker endpoints + // If this is a develop build use live docker endpoints stage("Set ENV live build"){ when { - branch "master" + branch "develop" environment name: 'CHANGE_ID', value: '' } steps { @@ -163,20 +200,22 @@ pipeline { env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/' + env.CONTAINER_NAME env.QUAYIMAGE = 'quay.io/linuxserver.io/' + env.CONTAINER_NAME if (env.MULTIARCH == 'true') { - env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + env.CI_TAGS = 'amd64-develop-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + '|arm64v8-develop-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER } else { - env.CI_TAGS = env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + env.CI_TAGS = 'develop-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER } env.VERSION_TAG = env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER - env.META_TAG = env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER - env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN + env.META_TAG = 'develop-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + env.EXT_RELEASE_TAG = 'develop-version-' + env.EXT_RELEASE_CLEAN + env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache' + env.CITEST_IMAGETAG = 'latest' } } } // If this is a dev build use dev docker endpoints stage("Set ENV dev build"){ when { - not {branch "master"} + not {branch "develop"} environment name: 'CHANGE_ID', value: '' } steps { @@ -186,14 +225,16 @@ pipeline { env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/lsiodev-' + env.CONTAINER_NAME env.QUAYIMAGE = 'quay.io/linuxserver.io/lsiodev-' + env.CONTAINER_NAME if (env.MULTIARCH == 'true') { - env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + env.CI_TAGS = 'amd64-develop-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '|arm64v8-develop-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA } else { - env.CI_TAGS = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + env.CI_TAGS = 'develop-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA } env.VERSION_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA - env.META_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA - env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN + env.META_TAG = 'develop-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + env.EXT_RELEASE_TAG = 'develop-version-' + env.EXT_RELEASE_CLEAN env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DEV_DOCKERHUB_IMAGE + '/tags/' + env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache' + env.CITEST_IMAGETAG = 'develop' } } } @@ -209,15 +250,17 @@ pipeline { env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/lspipepr-' + env.CONTAINER_NAME env.QUAYIMAGE = 'quay.io/linuxserver.io/lspipepr-' + env.CONTAINER_NAME if (env.MULTIARCH == 'true') { - env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST + env.CI_TAGS = 'amd64-develop-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST + '|arm64v8-develop-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST } else { - env.CI_TAGS = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST + env.CI_TAGS = 'develop-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST } env.VERSION_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST - env.META_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST - env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN + env.META_TAG = 'develop-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST + env.EXT_RELEASE_TAG = 'develop-version-' + env.EXT_RELEASE_CLEAN env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/pull/' + env.PULL_REQUEST env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.PR_DOCKERHUB_IMAGE + '/tags/' + env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache' + env.CITEST_IMAGETAG = 'develop' } } } @@ -240,9 +283,11 @@ pipeline { -v ${WORKSPACE}:/mnt \ -e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \ -e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \ - ghcr.io/linuxserver/baseimage-alpine:3.17 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\ - apk add --no-cache py3-pip && \ - pip install s3cmd && \ + ghcr.io/linuxserver/baseimage-alpine:3 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\ + apk add --no-cache python3 && \ + python3 -m venv /lsiopy && \ + pip install --no-cache-dir -U pip && \ + pip install --no-cache-dir s3cmd && \ s3cmd put --no-preserve --acl-public -m text/xml /mnt/shellcheck-result.xml s3://ci-tests.linuxserver.io/${IMAGE}/${META_TAG}/shellcheck-result.xml" || :''' } } @@ -250,7 +295,7 @@ pipeline { // Use helper containers to render templated files stage('Update-Templates') { when { - branch "master" + branch "develop" environment name: 'CHANGE_ID', value: '' expression { env.CONTAINER_NAME != null @@ -261,26 +306,34 @@ pipeline { set -e TEMPDIR=$(mktemp -d) docker pull ghcr.io/linuxserver/jenkins-builder:latest - docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH=master -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest - # Stage 1 - Jenkinsfile update + # Cloned repo paths for templating: + # ${TEMPDIR}/docker-${CONTAINER_NAME}: Cloned branch develop of ${LS_USER}/${LS_REPO} for running the jenkins builder on + # ${TEMPDIR}/repo/${LS_REPO}: Cloned branch develop of ${LS_USER}/${LS_REPO} for commiting various templated file changes and pushing back to Github + # ${TEMPDIR}/docs/docker-documentation: Cloned docs repo for pushing docs updates to Github + # ${TEMPDIR}/unraid/docker-templates: Cloned docker-templates repo to check for logos + # ${TEMPDIR}/unraid/templates: Cloned templates repo for commiting unraid template changes and pushing back to Github + git clone --branch develop --depth 1 https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/docker-${CONTAINER_NAME} + docker run --rm -v ${TEMPDIR}/docker-${CONTAINER_NAME}:/tmp -e LOCAL=true -e PUID=$(id -u) -e PGID=$(id -g) ghcr.io/linuxserver/jenkins-builder:latest + echo "Starting Stage 1 - Jenkinsfile update" if [[ "$(md5sum Jenkinsfile | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/Jenkinsfile | awk '{ print $1 }')" ]]; then mkdir -p ${TEMPDIR}/repo git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO} cd ${TEMPDIR}/repo/${LS_REPO} - git checkout -f master + git checkout -f develop cp ${TEMPDIR}/docker-${CONTAINER_NAME}/Jenkinsfile ${TEMPDIR}/repo/${LS_REPO}/ git add Jenkinsfile git commit -m 'Bot Updating Templated Files' - git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all + git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git develop + git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git develop echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} - echo "Updating Jenkinsfile" + echo "Updating Jenkinsfile and exiting build, new one will trigger based on commit" rm -Rf ${TEMPDIR} exit 0 else echo "Jenkinsfile is up to date." fi - # Stage 2 - Delete old templates - OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml Dockerfile.armhf" + echo "Starting Stage 2 - Delete old templates" + OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml .github/workflows/package_trigger.yml" for i in ${OLD_TEMPLATES}; do if [[ -f "${i}" ]]; then TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}" @@ -290,20 +343,50 @@ pipeline { mkdir -p ${TEMPDIR}/repo git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO} cd ${TEMPDIR}/repo/${LS_REPO} - git checkout -f master + git checkout -f develop for i in ${TEMPLATES_TO_DELETE}; do git rm "${i}" done git commit -m 'Bot Updating Templated Files' - git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all + git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git develop + git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git develop echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} - echo "Deleting old and deprecated templates" + echo "Deleting old/deprecated templates and exiting build, new one will trigger based on commit" rm -Rf ${TEMPDIR} exit 0 else echo "No templates to delete" fi - # Stage 3 - Update templates + echo "Starting Stage 2.5 - Update init diagram" + if ! grep -q 'init_diagram:' readme-vars.yml; then + echo "Adding the key 'init_diagram' to readme-vars.yml" + sed -i '\\|^#.*changelog.*$|d' readme-vars.yml + sed -i 's|^changelogs:|# init diagram\\ninit_diagram:\\n\\n# changelog\\nchangelogs:|' readme-vars.yml + fi + mkdir -p ${TEMPDIR}/d2 + docker run --rm -v ${TEMPDIR}/d2:/output -e PUID=$(id -u) -e PGID=$(id -g) -e RAW="true" ghcr.io/linuxserver/d2-builder:latest ${CONTAINER_NAME}:develop + ls -al ${TEMPDIR}/d2 + yq -ei ".init_diagram |= load_str(\\"${TEMPDIR}/d2/${CONTAINER_NAME}-develop.d2\\")" readme-vars.yml + if [[ $(md5sum readme-vars.yml | cut -c1-8) != $(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/readme-vars.yml | cut -c1-8) ]]; then + echo "'init_diagram' has been updated. Updating repo and exiting build, new one will trigger based on commit." + mkdir -p ${TEMPDIR}/repo + git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO} + cd ${TEMPDIR}/repo/${LS_REPO} + git checkout -f develop + cp ${WORKSPACE}/readme-vars.yml ${TEMPDIR}/repo/${LS_REPO}/readme-vars.yml + git add readme-vars.yml + git commit -m 'Bot Updating Templated Files' + git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git develop + git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git develop + echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} + echo "Updating templates and exiting build, new one will trigger based on commit" + rm -Rf ${TEMPDIR} + exit 0 + else + echo "false" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} + echo "Init diagram is unchanged" + fi + echo "Starting Stage 3 - Update templates" CURRENTHASH=$(grep -hs ^ ${TEMPLATED_FILES} | md5sum | cut -c1-8) cd ${TEMPDIR}/docker-${CONTAINER_NAME} NEWHASH=$(grep -hs ^ ${TEMPLATED_FILES} | md5sum | cut -c1-8) @@ -311,7 +394,7 @@ pipeline { mkdir -p ${TEMPDIR}/repo git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO} cd ${TEMPDIR}/repo/${LS_REPO} - git checkout -f master + git checkout -f develop cd ${TEMPDIR}/docker-${CONTAINER_NAME} mkdir -p ${TEMPDIR}/repo/${LS_REPO}/.github/workflows mkdir -p ${TEMPDIR}/repo/${LS_REPO}/.github/ISSUE_TEMPLATE @@ -324,31 +407,50 @@ pipeline { fi git add readme-vars.yml ${TEMPLATED_FILES} git commit -m 'Bot Updating Templated Files' - git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all + git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git develop + git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git develop echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} + echo "Updating templates and exiting build, new one will trigger based on commit" + rm -Rf ${TEMPDIR} + exit 0 else echo "false" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} + echo "No templates to update" fi - mkdir -p ${TEMPDIR}/gitbook - git clone https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/gitbook/docker-documentation - if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/gitbook/docker-documentation/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/gitbook/docker-documentation/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then - cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md ${TEMPDIR}/gitbook/docker-documentation/images/ - cd ${TEMPDIR}/gitbook/docker-documentation/ - git add images/docker-${CONTAINER_NAME}.md + echo "Starting Stage 4 - External repo updates: Docs, Unraid Template and Readme Sync to Docker Hub" + mkdir -p ${TEMPDIR}/docs + git clone --depth=1 https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/docs/docker-documentation + if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}" ]] && [[ (! -f ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then + cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md ${TEMPDIR}/docs/docker-documentation/docs/images/ + cd ${TEMPDIR}/docs/docker-documentation + GH_DOCS_DEFAULT_BRANCH=$(git remote show origin | grep "HEAD branch:" | sed 's|.*HEAD branch: ||') + git add docs/images/docker-${CONTAINER_NAME}.md + echo "Updating docs repo" git commit -m 'Bot Updating Documentation' - git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git --all + git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git ${GH_DOCS_DEFAULT_BRANCH} --rebase + git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git ${GH_DOCS_DEFAULT_BRANCH} || \ + (MAXWAIT="10" && echo "Push to docs failed, trying again in ${MAXWAIT} seconds" && \ + sleep $((RANDOM % MAXWAIT)) && \ + git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git ${GH_DOCS_DEFAULT_BRANCH} --rebase && \ + git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git ${GH_DOCS_DEFAULT_BRANCH}) + else + echo "Docs update not needed, skipping" fi mkdir -p ${TEMPDIR}/unraid - git clone https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates - git clone https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates + git clone --depth=1 https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates + git clone --depth=1 https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates if [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-logo.png ]]; then sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-logo.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml elif [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-icon.png ]]; then sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-icon.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml fi - if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml) || ("$(md5sum ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml | awk '{ print $1 }')") ]]; then + if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}" ]] && [[ (! -f ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml) || ("$(md5sum ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml | awk '{ print $1 }')") ]]; then + echo "Updating Unraid template" cd ${TEMPDIR}/unraid/templates/ - if grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then + GH_TEMPLATES_DEFAULT_BRANCH=$(git remote show origin | grep "HEAD branch:" | sed 's|.*HEAD branch: ||') + if grep -wq "^${CONTAINER_NAME}$" ${TEMPDIR}/unraid/templates/unraid/ignore.list && [[ -f ${TEMPDIR}/unraid/templates/unraid/deprecated/${CONTAINER_NAME}.xml ]]; then + echo "Image is on the ignore list, and already in the deprecation folder." + elif grep -wq "^${CONTAINER_NAME}$" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then echo "Image is on the ignore list, marking Unraid template as deprecated" cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/ git add -u unraid/${CONTAINER_NAME}.xml @@ -359,7 +461,42 @@ pipeline { git add unraid/${CONTAINER_NAME}.xml git commit -m 'Bot Updating Unraid Template' fi - git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git --all + git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git ${GH_TEMPLATES_DEFAULT_BRANCH} --rebase + git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git ${GH_TEMPLATES_DEFAULT_BRANCH} || \ + (MAXWAIT="10" && echo "Push to unraid templates failed, trying again in ${MAXWAIT} seconds" && \ + sleep $((RANDOM % MAXWAIT)) && \ + git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git ${GH_TEMPLATES_DEFAULT_BRANCH} --rebase && \ + git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git ${GH_TEMPLATES_DEFAULT_BRANCH}) + else + echo "No updates to Unraid template needed, skipping" + fi + if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}" ]]; then + if [[ $(cat ${TEMPDIR}/docker-${CONTAINER_NAME}/README.md | wc -m) -gt 25000 ]]; then + echo "Readme is longer than 25,000 characters. Syncing the lite version to Docker Hub" + DH_README_SYNC_PATH="${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/README.lite" + else + echo "Syncing readme to Docker Hub" + DH_README_SYNC_PATH="${TEMPDIR}/docker-${CONTAINER_NAME}/README.md" + fi + if curl -s https://hub.docker.com/v2/namespaces/${DOCKERHUB_IMAGE%%/*}/repositories/${DOCKERHUB_IMAGE##*/}/tags | jq -r '.message' | grep -q 404; then + echo "Docker Hub endpoint doesn't exist. Creating endpoint first." + DH_TOKEN=$(curl -d '{"username":"linuxserverci", "password":"'${DOCKERHUB_TOKEN}'"}' -H "Content-Type: application/json" -X POST https://hub.docker.com/v2/users/login | jq -r '.token') + curl -s \ + -H "Authorization: JWT ${DH_TOKEN}" \ + -H "Content-Type: application/json" \ + -X POST \ + -d '{"name":"'${DOCKERHUB_IMAGE##*/}'", "namespace":"'${DOCKERHUB_IMAGE%%/*}'"}' \ + https://hub.docker.com/v2/repositories/ || : + fi + DH_TOKEN=$(curl -d '{"username":"linuxserverci", "password":"'${DOCKERHUB_TOKEN}'"}' -H "Content-Type: application/json" -X POST https://hub.docker.com/v2/users/login | jq -r '.token') + curl -s \ + -H "Authorization: JWT ${DH_TOKEN}" \ + -H "Content-Type: application/json" \ + -X PATCH \ + -d "{\\"full_description\\":$(jq -Rsa . ${DH_README_SYNC_PATH})}" \ + https://hub.docker.com/v2/repositories/${DOCKERHUB_IMAGE} || : + else + echo "Not the default Github branch. Skipping readme sync to Docker Hub." fi rm -Rf ${TEMPDIR}''' script{ @@ -372,7 +509,7 @@ pipeline { // Exit the build if the Templated files were just updated stage('Template-exit') { when { - branch "master" + branch "develop" environment name: 'CHANGE_ID', value: '' environment name: 'FILES_UPDATED', value: 'true' expression { @@ -385,10 +522,10 @@ pipeline { } } } - // If this is a master build check the S6 service file perms + // If this is a develop build check the S6 service file perms stage("Check S6 Service file Permissions"){ when { - branch "master" + branch "develop" environment name: 'CHANGE_ID', value: '' environment name: 'EXIT_STATUS', value: '' } @@ -406,52 +543,27 @@ pipeline { } } /* ####################### - GitLab Mirroring + GitLab Mirroring and Quay.io Repo Visibility ####################### */ - // Ping into Gitlab to mirror this repo and have a registry endpoint - stage("GitLab Mirror"){ + // Ping into Gitlab to mirror this repo and have a registry endpoint & mark this repo on Quay.io as public + stage("GitLab Mirror and Quay.io Visibility"){ when { environment name: 'EXIT_STATUS', value: '' } steps{ sh '''curl -H "Content-Type: application/json" -H "Private-Token: ${GITLAB_TOKEN}" -X POST https://gitlab.com/api/v4/projects \ - -d '{"namespace_id":'${GITLAB_NAMESPACE}',\ - "name":"'${LS_REPO}'", - "mirror":true,\ - "import_url":"https://github.com/linuxserver/'${LS_REPO}'.git",\ - "issues_access_level":"disabled",\ - "merge_requests_access_level":"disabled",\ - "repository_access_level":"enabled",\ - "visibility":"public"}' ''' - } - } - /* ####################### - Scarf.sh package registry - ####################### */ - // Add package to Scarf.sh and set permissions - stage("Scarf.sh package registry"){ - when { - branch "master" - environment name: 'EXIT_STATUS', value: '' - } - steps{ - sh '''#! /bin/bash - PACKAGE_UUID=$(curl -X GET -H "Authorization: Bearer ${SCARF_TOKEN}" https://scarf.sh/api/v1/organizations/linuxserver-ci/packages | jq -r '.[] | select(.name=="linuxserver/nextcloud") | .uuid' || :) - if [ -z "${PACKAGE_UUID}" ]; then - echo "Adding package to Scarf.sh" - curl -sX POST https://scarf.sh/api/v1/organizations/linuxserver-ci/packages \ - -H "Authorization: Bearer ${SCARF_TOKEN}" \ - -H "Content-Type: application/json" \ - -d '{"name":"linuxserver/nextcloud",\ - "shortDescription":"example description",\ - "libraryType":"docker",\ - "website":"https://github.com/linuxserver/docker-nextcloud",\ - "backendUrl":"https://ghcr.io/linuxserver/nextcloud",\ - "publicUrl":"https://lscr.io/linuxserver/nextcloud"}' || : - else - echo "Package already exists on Scarf.sh" - fi - ''' + -d '{"namespace_id":'${GITLAB_NAMESPACE}',\ + "name":"'${LS_REPO}'", + "mirror":true,\ + "import_url":"https://github.com/linuxserver/'${LS_REPO}'.git",\ + "issues_access_level":"disabled",\ + "merge_requests_access_level":"disabled",\ + "repository_access_level":"enabled",\ + "visibility":"public"}' ''' + sh '''curl -H "Private-Token: ${GITLAB_TOKEN}" -X PUT "https://gitlab.com/api/v4/projects/Linuxserver.io%2F${LS_REPO}" \ + -d "mirror=true&import_url=https://github.com/linuxserver/${LS_REPO}.git" ''' + sh '''curl -H "Content-Type: application/json" -H "Authorization: Bearer ${QUAYIO_API_TOKEN}" -X POST "https://quay.io/api/v1/repository${QUAYIMAGE/quay.io/}/changevisibility" \ + -d '{"visibility":"public"}' ||: ''' } } /* ############### @@ -482,7 +594,45 @@ pipeline { --label \"org.opencontainers.image.title=Nextcloud\" \ --label \"org.opencontainers.image.description=[Nextcloud](https://nextcloud.com/) gives you access to all your files wherever you are. Where are your photos and documents? With Nextcloud you pick a server of your choice, at home, in a data center or at a provider. And that is where your files will be. Nextcloud runs on that server, protecting your data and giving you access from your desktop or mobile devices. Through Nextcloud you also access, sync and share your existing data on that FTP drive at the office, a Dropbox or a NAS you have at home. \" \ --no-cache --pull -t ${IMAGE}:${META_TAG} --platform=linux/amd64 \ + --provenance=true --sbom=true --builder=container --load \ --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." + sh '''#! /bin/bash + set -e + IFS=',' read -ra CACHE <<< "$BUILDCACHE" + for i in "${CACHE[@]}"; do + docker tag ${IMAGE}:${META_TAG} ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} + done + ''' + withCredentials([ + [ + $class: 'UsernamePasswordMultiBinding', + credentialsId: 'Quay.io-Robot', + usernameVariable: 'QUAYUSER', + passwordVariable: 'QUAYPASS' + ] + ]) { + retry_backoff(5,5) { + sh '''#! /bin/bash + set -e + echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin + echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin + echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin + echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin + + if [[ "${PACKAGE_CHECK}" != "true" ]]; then + declare -A pids + IFS=',' read -ra CACHE <<< "$BUILDCACHE" + for i in "${CACHE[@]}"; do + docker push ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} & + pids[$!]="$i" + done + for p in "${!pids[@]}"; do + wait "$p" || { [[ "${pids[$p]}" != *"quay.io"* ]] && exit 1; } + done + fi + ''' + } + } } } // Build MultiArch Docker containers for push to LS Repo @@ -513,7 +663,45 @@ pipeline { --label \"org.opencontainers.image.title=Nextcloud\" \ --label \"org.opencontainers.image.description=[Nextcloud](https://nextcloud.com/) gives you access to all your files wherever you are. Where are your photos and documents? With Nextcloud you pick a server of your choice, at home, in a data center or at a provider. And that is where your files will be. Nextcloud runs on that server, protecting your data and giving you access from your desktop or mobile devices. Through Nextcloud you also access, sync and share your existing data on that FTP drive at the office, a Dropbox or a NAS you have at home. \" \ --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} --platform=linux/amd64 \ + --provenance=true --sbom=true --builder=container --load \ --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." + sh '''#! /bin/bash + set -e + IFS=',' read -ra CACHE <<< "$BUILDCACHE" + for i in "${CACHE[@]}"; do + docker tag ${IMAGE}:amd64-${META_TAG} ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} + done + ''' + withCredentials([ + [ + $class: 'UsernamePasswordMultiBinding', + credentialsId: 'Quay.io-Robot', + usernameVariable: 'QUAYUSER', + passwordVariable: 'QUAYPASS' + ] + ]) { + retry_backoff(5,5) { + sh '''#! /bin/bash + set -e + echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin + echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin + echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin + echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin + + if [[ "${PACKAGE_CHECK}" != "true" ]]; then + declare -A pids + IFS=',' read -ra CACHE <<< "$BUILDCACHE" + for i in "${CACHE[@]}"; do + docker push ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} & + pids[$!]="$i" + done + for p in "${!pids[@]}"; do + wait "$p" || { [[ "${pids[$p]}" != *"quay.io"* ]] && exit 1; } + done + fi + ''' + } + } } } stage('Build ARM64') { @@ -522,10 +710,6 @@ pipeline { } steps { echo "Running on node: ${NODE_NAME}" - echo 'Logging into Github' - sh '''#! /bin/bash - echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin - ''' sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile.aarch64" sh "docker buildx build \ --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \ @@ -541,17 +725,52 @@ pipeline { --label \"org.opencontainers.image.title=Nextcloud\" \ --label \"org.opencontainers.image.description=[Nextcloud](https://nextcloud.com/) gives you access to all your files wherever you are. Where are your photos and documents? With Nextcloud you pick a server of your choice, at home, in a data center or at a provider. And that is where your files will be. Nextcloud runs on that server, protecting your data and giving you access from your desktop or mobile devices. Through Nextcloud you also access, sync and share your existing data on that FTP drive at the office, a Dropbox or a NAS you have at home. \" \ --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} --platform=linux/arm64 \ + --provenance=true --sbom=true --builder=container --load \ --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." - sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" - retry(5) { - sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" + sh '''#! /bin/bash + set -e + IFS=',' read -ra CACHE <<< "$BUILDCACHE" + for i in "${CACHE[@]}"; do + docker tag ${IMAGE}:arm64v8-${META_TAG} ${i}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} + done + ''' + withCredentials([ + [ + $class: 'UsernamePasswordMultiBinding', + credentialsId: 'Quay.io-Robot', + usernameVariable: 'QUAYUSER', + passwordVariable: 'QUAYPASS' + ] + ]) { + retry_backoff(5,5) { + sh '''#! /bin/bash + set -e + echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin + echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin + echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin + echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin + if [[ "${PACKAGE_CHECK}" != "true" ]]; then + declare -A pids + IFS=',' read -ra CACHE <<< "$BUILDCACHE" + for i in "${CACHE[@]}"; do + docker push ${i}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} & + pids[$!]="$i" + done + for p in "${!pids[@]}"; do + wait "$p" || { [[ "${pids[$p]}" != *"quay.io"* ]] && exit 1; } + done + fi + ''' + } } sh '''#! /bin/bash containers=$(docker ps -aq) if [[ -n "${containers}" ]]; then docker stop ${containers} fi - docker system prune -af --volumes || : ''' + docker system prune -f --volumes || : + docker image prune -af || : + ''' } } } @@ -559,7 +778,7 @@ pipeline { // Take the image we just built and dump package versions for comparison stage('Update-packages') { when { - branch "master" + branch "develop" environment name: 'CHANGE_ID', value: '' environment name: 'EXIT_STATUS', value: '' } @@ -567,7 +786,7 @@ pipeline { sh '''#! /bin/bash set -e TEMPDIR=$(mktemp -d) - if [ "${MULTIARCH}" == "true" ] && [ "${PACKAGE_CHECK}" == "false" ]; then + if [ "${MULTIARCH}" == "true" ] && [ "${PACKAGE_CHECK}" != "true" ]; then LOCAL_CONTAINER=${IMAGE}:amd64-${META_TAG} else LOCAL_CONTAINER=${IMAGE}:${META_TAG} @@ -576,19 +795,20 @@ pipeline { docker run --rm \ -v /var/run/docker.sock:/var/run/docker.sock:ro \ -v ${TEMPDIR}:/tmp \ - ghcr.io/anchore/syft:latest \ + ghcr.io/anchore/syft:${SYFT_IMAGE_TAG} \ ${LOCAL_CONTAINER} -o table=/tmp/package_versions.txt NEW_PACKAGE_TAG=$(md5sum ${TEMPDIR}/package_versions.txt | cut -c1-8 ) echo "Package tag sha from current packages in buit container is ${NEW_PACKAGE_TAG} comparing to old ${PACKAGE_TAG} from github" if [ "${NEW_PACKAGE_TAG}" != "${PACKAGE_TAG}" ]; then git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/${LS_REPO} - git --git-dir ${TEMPDIR}/${LS_REPO}/.git checkout -f master + git --git-dir ${TEMPDIR}/${LS_REPO}/.git checkout -f develop cp ${TEMPDIR}/package_versions.txt ${TEMPDIR}/${LS_REPO}/ cd ${TEMPDIR}/${LS_REPO}/ wait git add package_versions.txt git commit -m 'Bot Updating Package Versions' - git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all + git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git develop + git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git develop echo "true" > /tmp/packages-${COMMIT_SHA}-${BUILD_NUMBER} echo "Package tag updated, stopping build process" else @@ -606,7 +826,7 @@ pipeline { // Exit the build if the package file was just updated stage('PACKAGE-exit') { when { - branch "master" + branch "develop" environment name: 'CHANGE_ID', value: '' environment name: 'PACKAGE_UPDATED', value: 'true' environment name: 'EXIT_STATUS', value: '' @@ -620,7 +840,7 @@ pipeline { // Exit the build if this is just a package check and there are no changes to push stage('PACKAGECHECK-exit') { when { - branch "master" + branch "develop" environment name: 'CHANGE_ID', value: '' environment name: 'PACKAGE_UPDATED', value: 'false' environment name: 'EXIT_STATUS', value: '' @@ -654,18 +874,27 @@ pipeline { } sh '''#! /bin/bash set -e - docker pull ghcr.io/linuxserver/ci:latest + if grep -q 'docker-baseimage' <<< "${LS_REPO}"; then + echo "Detected baseimage, setting LSIO_FIRST_PARTY=true" + if [ -n "${CI_DOCKERENV}" ]; then + CI_DOCKERENV="LSIO_FIRST_PARTY=true|${CI_DOCKERENV}" + else + CI_DOCKERENV="LSIO_FIRST_PARTY=true" + fi + fi + docker pull ghcr.io/linuxserver/ci:${CITEST_IMAGETAG} if [ "${MULTIARCH}" == "true" ]; then - docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} + docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} --platform=arm64 docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG} fi docker run --rm \ --shm-size=1gb \ -v /var/run/docker.sock:/var/run/docker.sock \ -e IMAGE=\"${IMAGE}\" \ - -e DELAY_START=\"${CI_DELAY}\" \ + -e DOCKER_LOGS_TIMEOUT=\"${CI_DELAY}\" \ -e TAGS=\"${CI_TAGS}\" \ -e META_TAG=\"${META_TAG}\" \ + -e RELEASE_TAG=\"develop\" \ -e PORT=\"${CI_PORT}\" \ -e SSL=\"${CI_SSL}\" \ -e BASE=\"${DIST_IMAGE}\" \ @@ -675,7 +904,11 @@ pipeline { -e WEB_SCREENSHOT=\"${CI_WEB}\" \ -e WEB_AUTH=\"${CI_AUTH}\" \ -e WEB_PATH=\"${CI_WEBPATH}\" \ - -t ghcr.io/linuxserver/ci:latest \ + -e NODE_NAME=\"${NODE_NAME}\" \ + -e SYFT_IMAGE_TAG=\"${CI_SYFT_IMAGE_TAG:-${SYFT_IMAGE_TAG}}\" \ + -e COMMIT_SHA=\"${COMMIT_SHA}\" \ + -e BUILD_NUMBER=\"${BUILD_NUMBER}\" \ + -t ghcr.io/linuxserver/ci:${CITEST_IMAGETAG} \ python3 test_build.py''' } } @@ -690,43 +923,25 @@ pipeline { environment name: 'EXIT_STATUS', value: '' } steps { - withCredentials([ - [ - $class: 'UsernamePasswordMultiBinding', - credentialsId: '3f9ba4d5-100d-45b0-a3c4-633fd6061207', - usernameVariable: 'DOCKERUSER', - passwordVariable: 'DOCKERPASS' - ], - [ - $class: 'UsernamePasswordMultiBinding', - credentialsId: 'Quay.io-Robot', - usernameVariable: 'QUAYUSER', - passwordVariable: 'QUAYPASS' - ] - ]) { - retry(5) { - sh '''#! /bin/bash - set -e - echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin - echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin - echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin - echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin - for PUSHIMAGE in "${GITHUBIMAGE}" "${GITLABIMAGE}" "${QUAYIMAGE}" "${IMAGE}"; do - docker tag ${IMAGE}:${META_TAG} ${PUSHIMAGE}:${META_TAG} - docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:latest - docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:${EXT_RELEASE_TAG} - if [ -n "${SEMVER}" ]; then - docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:${SEMVER} - fi - docker push ${PUSHIMAGE}:latest - docker push ${PUSHIMAGE}:${META_TAG} - docker push ${PUSHIMAGE}:${EXT_RELEASE_TAG} - if [ -n "${SEMVER}" ]; then - docker push ${PUSHIMAGE}:${SEMVER} - fi + retry_backoff(5,5) { + sh '''#! /bin/bash + set -e + for PUSHIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do + [[ ${PUSHIMAGE%%/*} =~ \\. ]] && PUSHIMAGEPLUS="${PUSHIMAGE}" || PUSHIMAGEPLUS="docker.io/${PUSHIMAGE}" + IFS=',' read -ra CACHE <<< "$BUILDCACHE" + for i in "${CACHE[@]}"; do + if [[ "${PUSHIMAGEPLUS}" == "$(cut -d "/" -f1 <<< ${i})"* ]]; then + CACHEIMAGE=${i} + fi done - ''' - } + docker buildx imagetools create --prefer-index=false -t ${PUSHIMAGE}:${META_TAG} -t ${PUSHIMAGE}:develop -t ${PUSHIMAGE}:${EXT_RELEASE_TAG} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \ + { if [[ "${PUSHIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + if [ -n "${SEMVER}" ]; then + docker buildx imagetools create --prefer-index=false -t ${PUSHIMAGE}:${SEMVER} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \ + { if [[ "${PUSHIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + fi + done + ''' } } } @@ -737,92 +952,48 @@ pipeline { environment name: 'EXIT_STATUS', value: '' } steps { - withCredentials([ - [ - $class: 'UsernamePasswordMultiBinding', - credentialsId: '3f9ba4d5-100d-45b0-a3c4-633fd6061207', - usernameVariable: 'DOCKERUSER', - passwordVariable: 'DOCKERPASS' - ], - [ - $class: 'UsernamePasswordMultiBinding', - credentialsId: 'Quay.io-Robot', - usernameVariable: 'QUAYUSER', - passwordVariable: 'QUAYPASS' - ] - ]) { - retry(5) { - sh '''#! /bin/bash - set -e - echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin - echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin - echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin - echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin - if [ "${CI}" == "false" ]; then - docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} - docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG} - fi - for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do - docker tag ${IMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} - docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-latest - docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} - docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} - docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-latest - docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} - if [ -n "${SEMVER}" ]; then - docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${SEMVER} - docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${SEMVER} - fi - docker push ${MANIFESTIMAGE}:amd64-${META_TAG} - docker push ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} - docker push ${MANIFESTIMAGE}:amd64-latest - docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG} - docker push ${MANIFESTIMAGE}:arm64v8-latest - docker push ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} - if [ -n "${SEMVER}" ]; then - docker push ${MANIFESTIMAGE}:amd64-${SEMVER} - docker push ${MANIFESTIMAGE}:arm64v8-${SEMVER} - fi - docker manifest push --purge ${MANIFESTIMAGE}:latest || : - docker manifest create ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm64v8-latest - docker manifest annotate ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:arm64v8-latest --os linux --arch arm64 --variant v8 - docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} || : - docker manifest create ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} - docker manifest annotate ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} --os linux --arch arm64 --variant v8 - docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} || : - docker manifest create ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} - docker manifest annotate ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} --os linux --arch arm64 --variant v8 - if [ -n "${SEMVER}" ]; then - docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER} || : - docker manifest create ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} - docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} --os linux --arch arm64 --variant v8 - fi - token=$(curl -sX GET "https://ghcr.io/token?scope=repository%3Alinuxserver%2F${CONTAINER_NAME}%3Apull" | jq -r '.token') - digest=$(curl -s \ - --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ - --header "Authorization: Bearer ${token}" \ - "https://ghcr.io/v2/linuxserver/${CONTAINER_NAME}/manifests/arm32v7-latest") - if [[ $(echo "$digest" | jq -r '.layers') != "null" ]]; then - docker manifest push --purge ${MANIFESTIMAGE}:arm32v7-latest || : - docker manifest create ${MANIFESTIMAGE}:arm32v7-latest ${MANIFESTIMAGE}:amd64-latest - docker manifest push --purge ${MANIFESTIMAGE}:arm32v7-latest - fi - docker manifest push --purge ${MANIFESTIMAGE}:latest - docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} - docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} - if [ -n "${SEMVER}" ]; then - docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER} - fi + retry_backoff(5,5) { + sh '''#! /bin/bash + set -e + for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do + [[ ${MANIFESTIMAGE%%/*} =~ \\. ]] && MANIFESTIMAGEPLUS="${MANIFESTIMAGE}" || MANIFESTIMAGEPLUS="docker.io/${MANIFESTIMAGE}" + IFS=',' read -ra CACHE <<< "$BUILDCACHE" + for i in "${CACHE[@]}"; do + if [[ "${MANIFESTIMAGEPLUS}" == "$(cut -d "/" -f1 <<< ${i})"* ]]; then + CACHEIMAGE=${i} + fi done - ''' - } + docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:amd64-${META_TAG} -t ${MANIFESTIMAGE}:amd64-develop -t ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \ + { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:arm64v8-${META_TAG} -t ${MANIFESTIMAGE}:arm64v8-develop -t ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} ${CACHEIMAGE}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || \ + { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + if [ -n "${SEMVER}" ]; then + docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:amd64-${SEMVER} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \ + { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:arm64v8-${SEMVER} ${CACHEIMAGE}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || \ + { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + fi + done + for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do + docker buildx imagetools create -t ${MANIFESTIMAGE}:develop ${MANIFESTIMAGE}:amd64-develop ${MANIFESTIMAGE}:arm64v8-develop || \ + { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + docker buildx imagetools create -t ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} || \ + { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + docker buildx imagetools create -t ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} || \ + { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + if [ -n "${SEMVER}" ]; then + docker buildx imagetools create -t ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} || \ + { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + fi + done + ''' } } } // If this is a public release tag it in the LS Github stage('Github-Tag-Push-Release') { when { - branch "master" + branch "develop" expression { env.LS_RELEASE != env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER } @@ -830,56 +1001,76 @@ pipeline { environment name: 'EXIT_STATUS', value: '' } steps { - echo "Pushing New tag for current commit ${META_TAG}" - sh '''curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/git/tags \ - -d '{"tag":"'${META_TAG}'",\ - "object": "'${COMMIT_SHA}'",\ - "message": "Tagging Release '${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}' to master",\ - "type": "commit",\ - "tagger": {"name": "LinuxServer Jenkins","email": "jenkins@linuxserver.io","date": "'${GITHUB_DATE}'"}}' ''' - echo "Pushing New release for Tag" sh '''#! /bin/bash + echo "Auto-generating release notes" + if [ "$(git tag --points-at HEAD)" != "" ]; then + echo "Existing tag points to current commit, suggesting no new LS changes" + AUTO_RELEASE_NOTES="No changes" + else + AUTO_RELEASE_NOTES=$(curl -fsL -H "Authorization: token ${GITHUB_TOKEN}" -H "Accept: application/vnd.github+json" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases/generate-notes \ + -d '{"tag_name":"'${META_TAG}'",\ + "target_commitish": "develop"}' \ + | jq -r '.body' | sed 's|## What.s Changed||') + fi + echo "Pushing New tag for current commit ${META_TAG}" + curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/git/tags \ + -d '{"tag":"'${META_TAG}'",\ + "object": "'${COMMIT_SHA}'",\ + "message": "Tagging Release '${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}' to develop",\ + "type": "commit",\ + "tagger": {"name": "LinuxServer-CI","email": "ci@linuxserver.io","date": "'${GITHUB_DATE}'"}}' + echo "Pushing New release for Tag" echo "Updating to ${EXT_RELEASE_CLEAN}" > releasebody.json - echo '{"tag_name":"'${META_TAG}'",\ - "target_commitish": "master",\ - "name": "'${META_TAG}'",\ - "body": "**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n\\n**Remote Changes:**\\n\\n' > start - printf '","draft": false,"prerelease": false}' >> releasebody.json - paste -d'\\0' start releasebody.json > releasebody.json.done - curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done''' + jq -n \ + --arg tag_name "$META_TAG" \ + --arg target_commitish "develop" \ + --arg ci_url "${CI_URL:-N/A}" \ + --arg ls_notes "$AUTO_RELEASE_NOTES" \ + --arg remote_notes "$(cat releasebody.json)" \ + '{ + "tag_name": $tag_name, + "target_commitish": $target_commitish, + "name": $tag_name, + "body": ("**CI Report:**\\n\\n" + $ci_url + "\\n\\n**LinuxServer Changes:**\\n\\n" + $ls_notes + "\\n\\n**Remote Changes:**\\n\\n" + $remote_notes), + "draft": false, + "prerelease": true }' > releasebody.json.done + curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done + ''' } } - // Use helper container to sync the current README on master to the dockerhub endpoint - stage('Sync-README') { + // Add protection to the release branch + stage('Github-Release-Branch-Protection') { when { + branch "develop" environment name: 'CHANGE_ID', value: '' environment name: 'EXIT_STATUS', value: '' } steps { - withCredentials([ - [ - $class: 'UsernamePasswordMultiBinding', - credentialsId: '3f9ba4d5-100d-45b0-a3c4-633fd6061207', - usernameVariable: 'DOCKERUSER', - passwordVariable: 'DOCKERPASS' - ] - ]) { - sh '''#! /bin/bash - set -e - TEMPDIR=$(mktemp -d) - docker pull ghcr.io/linuxserver/jenkins-builder:latest - docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH="${BRANCH_NAME}" -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest - docker pull ghcr.io/linuxserver/readme-sync - docker run --rm=true \ - -e DOCKERHUB_USERNAME=$DOCKERUSER \ - -e DOCKERHUB_PASSWORD=$DOCKERPASS \ - -e GIT_REPOSITORY=${LS_USER}/${LS_REPO} \ - -e DOCKER_REPOSITORY=${IMAGE} \ - -e GIT_BRANCH=master \ - -v ${TEMPDIR}/docker-${CONTAINER_NAME}:/mnt \ - ghcr.io/linuxserver/readme-sync bash -c 'node sync' - rm -Rf ${TEMPDIR} ''' - } + echo "Setting up protection for release branch develop" + sh '''#! /bin/bash + curl -H "Authorization: token ${GITHUB_TOKEN}" -X PUT https://api.github.com/repos/${LS_USER}/${LS_REPO}/branches/develop/protection \ + -d $(jq -c . << EOF + { + "required_status_checks": null, + "enforce_admins": false, + "required_pull_request_reviews": { + "dismiss_stale_reviews": false, + "require_code_owner_reviews": false, + "require_last_push_approval": false, + "required_approving_review_count": 1 + }, + "restrictions": null, + "required_linear_history": false, + "allow_force_pushes": false, + "allow_deletions": false, + "block_creations": false, + "required_conversation_resolution": true, + "lock_branch": false, + "allow_fork_syncing": false, + "required_signatures": false + } +EOF + ) ''' } } // If this is a Pull request send the CI link as a comment on it @@ -966,32 +1157,94 @@ pipeline { ###################### */ post { always { + sh '''#!/bin/bash + rm -rf /config/.ssh/id_sign + rm -rf /config/.ssh/id_sign.pub + git config --global --unset gpg.format + git config --global --unset user.signingkey + git config --global --unset commit.gpgsign + ''' script{ + env.JOB_DATE = sh( + script: '''date '+%Y-%m-%dT%H:%M:%S%:z' ''', + returnStdout: true).trim() if (env.EXIT_STATUS == "ABORTED"){ sh 'echo "build aborted"' - } - else if (currentBuild.currentResult == "SUCCESS"){ - sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 1681177,\ - "description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** Success\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\ - "username": "Jenkins"}' ${BUILDS_DISCORD} ''' - } - else { - sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 16711680,\ - "description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** failure\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\ + }else{ + if (currentBuild.currentResult == "SUCCESS"){ + if (env.GITHUBIMAGE =~ /lspipepr/){ + env.JOB_WEBHOOK_STATUS='Success' + env.JOB_WEBHOOK_COLOUR=3957028 + env.JOB_WEBHOOK_FOOTER='PR Build' + }else if (env.GITHUBIMAGE =~ /lsiodev/){ + env.JOB_WEBHOOK_STATUS='Success' + env.JOB_WEBHOOK_COLOUR=3957028 + env.JOB_WEBHOOK_FOOTER='Dev Build' + }else{ + env.JOB_WEBHOOK_STATUS='Success' + env.JOB_WEBHOOK_COLOUR=1681177 + env.JOB_WEBHOOK_FOOTER='Live Build' + } + }else{ + if (env.GITHUBIMAGE =~ /lspipepr/){ + env.JOB_WEBHOOK_STATUS='Failure' + env.JOB_WEBHOOK_COLOUR=12669523 + env.JOB_WEBHOOK_FOOTER='PR Build' + }else if (env.GITHUBIMAGE =~ /lsiodev/){ + env.JOB_WEBHOOK_STATUS='Failure' + env.JOB_WEBHOOK_COLOUR=12669523 + env.JOB_WEBHOOK_FOOTER='Dev Build' + }else{ + env.JOB_WEBHOOK_STATUS='Failure' + env.JOB_WEBHOOK_COLOUR=16711680 + env.JOB_WEBHOOK_FOOTER='Live Build' + } + } + sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"'color'": '${JOB_WEBHOOK_COLOUR}',\ + "footer": {"text" : "'"${JOB_WEBHOOK_FOOTER}"'"},\ + "timestamp": "'${JOB_DATE}'",\ + "description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** '${JOB_WEBHOOK_STATUS}'\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\ "username": "Jenkins"}' ${BUILDS_DISCORD} ''' } } } cleanup { sh '''#! /bin/bash - echo "Performing docker system prune!!" - containers=$(docker ps -aq) + echo "Pruning builder!!" + docker builder prune -f --builder container || : + containers=$(docker ps -q) if [[ -n "${containers}" ]]; then - docker stop ${containers} + BUILDX_CONTAINER_ID=$(docker ps -qf 'name=buildx_buildkit') + for container in ${containers}; do + if [[ "${container}" == "${BUILDX_CONTAINER_ID}" ]]; then + echo "skipping buildx container in docker stop" + else + echo "Stopping container ${container}" + docker stop ${container} + fi + done fi - docker system prune -af --volumes || : + docker system prune -f --volumes || : + docker image prune -af || : ''' cleanWs() } } } + +def retry_backoff(int max_attempts, int power_base, Closure c) { + int n = 0 + while (n < max_attempts) { + try { + c() + return + } catch (err) { + if ((n + 1) >= max_attempts) { + throw err + } + sleep(power_base ** n) + n++ + } + } + return +} diff --git a/LICENSE b/LICENSE old mode 100755 new mode 100644 diff --git a/README.md b/README.md index 06b01a1f..cdd79c30 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,10 @@ - - - + + [![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)](https://linuxserver.io) [![Blog](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Blog)](https://blog.linuxserver.io "all the things you can do with our containers including How-To guides, opinions and much more!") -[![Discord](https://img.shields.io/discord/354974912613449730.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Discord&logo=discord)](https://discord.gg/YWrKVTn "realtime support / chat with the community and the team.") +[![Discord](https://img.shields.io/discord/354974912613449730.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Discord&logo=discord)](https://linuxserver.io/discord "realtime support / chat with the community and the team.") [![Discourse](https://img.shields.io/discourse/https/discourse.linuxserver.io/topics.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=discourse)](https://discourse.linuxserver.io "post on our community forum.") -[![Fleet](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Fleet)](https://fleet.linuxserver.io "an online web interface which displays all of our maintained images.") [![GitHub](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub&logo=github)](https://github.com/linuxserver "view the source for all of our repositories.") [![Open Collective](https://img.shields.io/opencollective/all/linuxserver.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Supporters&logo=open%20collective)](https://opencollective.com/linuxserver "please consider helping us by either donating or contributing to our budget") @@ -21,15 +19,14 @@ The [LinuxServer.io](https://linuxserver.io) team brings you another container r Find us at: * [Blog](https://blog.linuxserver.io) - all the things you can do with our containers including How-To guides, opinions and much more! -* [Discord](https://discord.gg/YWrKVTn) - realtime support / chat with the community and the team. +* [Discord](https://linuxserver.io/discord) - realtime support / chat with the community and the team. * [Discourse](https://discourse.linuxserver.io) - post on our community forum. -* [Fleet](https://fleet.linuxserver.io) - an online web interface which displays all of our maintained images. * [GitHub](https://github.com/linuxserver) - view the source for all of our repositories. * [Open Collective](https://opencollective.com/linuxserver) - please consider helping us by either donating or contributing to our budget # [linuxserver/nextcloud](https://github.com/linuxserver/docker-nextcloud) -[![Scarf.io pulls](https://scarf.sh/installs-badge/linuxserver-ci/linuxserver%2Fnextcloud?color=94398d&label-color=555555&logo-color=ffffff&style=for-the-badge&package-type=docker)](https://scarf.sh/gateway/linuxserver-ci/docker/linuxserver%2Fnextcloud) +[![Scarf.io pulls](https://scarf.sh/installs-badge/linuxserver-ci/linuxserver%2Fnextcloud?color=94398d&label-color=555555&logo-color=ffffff&style=for-the-badge&package-type=docker)](https://scarf.sh) [![GitHub Stars](https://img.shields.io/github/stars/linuxserver/docker-nextcloud.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-nextcloud) [![GitHub Release](https://img.shields.io/github/release/linuxserver/docker-nextcloud.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-nextcloud/releases) [![GitHub Package Repository](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub%20Package&logo=github)](https://github.com/linuxserver/docker-nextcloud/packages) @@ -37,8 +34,8 @@ Find us at: [![Quay.io](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Quay.io)](https://quay.io/repository/linuxserver.io/nextcloud) [![Docker Pulls](https://img.shields.io/docker/pulls/linuxserver/nextcloud.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=pulls&logo=docker)](https://hub.docker.com/r/linuxserver/nextcloud) [![Docker Stars](https://img.shields.io/docker/stars/linuxserver/nextcloud.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=stars&logo=docker)](https://hub.docker.com/r/linuxserver/nextcloud) -[![Jenkins Build](https://img.shields.io/jenkins/build?labelColor=555555&logoColor=ffffff&style=for-the-badge&jobUrl=https%3A%2F%2Fround-lake.dustinice.workers.dev%3A443%2Fhttps%2Fci.linuxserver.io%2Fjob%2FDocker-Pipeline-Builders%2Fjob%2Fdocker-nextcloud%2Fjob%2Fmaster%2F&logo=jenkins)](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-nextcloud/job/master/) -[![LSIO CI](https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=CI&query=CI&url=https%3A%2F%2Fround-lake.dustinice.workers.dev%3A443%2Fhttps%2Fci-tests.linuxserver.io%2Flinuxserver%2Fnextcloud%2Flatest%2Fci-status.yml)](https://ci-tests.linuxserver.io/linuxserver/nextcloud/latest/index.html) +[![Jenkins Build](https://img.shields.io/jenkins/build?labelColor=555555&logoColor=ffffff&style=for-the-badge&jobUrl=https%3A%2F%2Fround-lake.dustinice.workers.dev%3A443%2Fhttps%2Fci.linuxserver.io%2Fjob%2FDocker-Pipeline-Builders%2Fjob%2Fdocker-nextcloud%2Fjob%2Fdevelop%2F&logo=jenkins)](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-nextcloud/job/develop/) +[![LSIO CI](https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=CI&query=CI&url=https%3A%2F%2Fround-lake.dustinice.workers.dev%3A443%2Fhttps%2Fci-tests.linuxserver.io%2Flinuxserver%2Fnextcloud%2Fdevelop%2Fci-status.yml)](https://ci-tests.linuxserver.io/linuxserver/nextcloud/develop/index.html) [Nextcloud](https://nextcloud.com/) gives you access to all your files wherever you are. @@ -48,9 +45,9 @@ Where are your photos and documents? With Nextcloud you pick a server of your ch ## Supported Architectures -We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-2.md#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/). +We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://distribution.github.io/distribution/spec/manifest-v2-2/#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/). -Simply pulling `lscr.io/linuxserver/nextcloud:latest` should retrieve the correct image for your arch, but you can also pull specific arch images via tags. +Simply pulling `lscr.io/linuxserver/nextcloud:develop` should retrieve the correct image for your arch, but you can also pull specific arch images via tags. The architectures supported by this image are: @@ -58,12 +55,23 @@ The architectures supported by this image are: | :----: | :----: | ---- | | x86-64 | ✅ | amd64-\ | | arm64 | ✅ | arm64v8-\ | -| armhf | ❌ | | + +## Version Tags + +This image provides various versions that are available via tags. Please read the descriptions carefully and exercise caution when using unstable or development tags. + +| Tag | Available | Description | +| :----: | :----: |--- | +| latest | ✅ | Stable Nextcloud releases | +| develop | ✅ | Beta Nextcloud pre-releases *only* | +| previous | ✅ | Nextcloud releases from the previous major version | ## Application Setup Access the webui at `https://:443`, for more information check out [Nextcloud](https://nextcloud.com/). +Note: `occ` should be run without prepending with `sudo -u abc php` or `sudo -u www-data php` ie; `docker exec -it nextcloud occ maintenance:mode --off` + ### Updating Nextcloud Updating Nextcloud is done by pulling the new image, and recreating the container with it. @@ -78,6 +86,34 @@ Nextcloud's built-in collaborative editing packages (Collabora/CODE and OnlyOffi If (auto) installed, those built-in packages may cause instability and should be removed. +### HEIC Image Previews + +In order to enable HEIC image preview generation you will need to add the following to your `config.php` file in your `config/www/nextcloud/config' directory; + +``` + 'enable_previews' => true, + 'enabledPreviewProviders' => + array ( + 'OC\Preview\PNG', + 'OC\Preview\JPEG', + 'OC\Preview\GIF', + 'OC\Preview\BMP', + 'OC\Preview\XBitmap', + 'OC\Preview\MP3', + 'OC\Preview\TXT', + 'OC\Preview\MarkDown', + 'OC\Preview\OpenDocument', + 'OC\Preview\Krita', + 'OC\Preview\HEIC', + ), +``` + +You may need to log out and back in for the changes to come in to effect. + +This fix was sourced from [Nextcloud Documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#enabledpreviewproviders) + +Nextcloud state that HEIC preview is disabled by default due to performance or privacy concerns, so enable this at your own risk. + ### Custom App Directories If you are [using custom app directories](https://docs.nextcloud.com/server/latest/admin_manual/apps_management.html#using-custom-app-directories) you will need to make the custom folder(s) you are using available to the web server. The recommended way to do this with our container is to add a volume. Ex: @@ -96,23 +132,25 @@ If you are using a reverse proxy which validates certificates, you need to [disa ## Usage -Here are some example snippets to help you get started creating a container. +To help you get started creating a container from this image you can either use docker-compose or the docker cli. + +>[!NOTE] +>Unless a parameter is flaged as 'optional', it is *mandatory* and a value must be provided. ### docker-compose (recommended, [click here for more info](https://docs.linuxserver.io/general/docker-compose)) ```yaml --- -version: "2.1" services: nextcloud: - image: lscr.io/linuxserver/nextcloud:latest + image: lscr.io/linuxserver/nextcloud:develop container_name: nextcloud environment: - PUID=1000 - PGID=1000 - TZ=Etc/UTC volumes: - - /path/to/appdata:/config + - /path/to/nextcloud/config:/config - /path/to/data:/data ports: - 443:443 @@ -128,24 +166,23 @@ docker run -d \ -e PGID=1000 \ -e TZ=Etc/UTC \ -p 443:443 \ - -v /path/to/appdata:/config \ + -v /path/to/nextcloud/config:/config \ -v /path/to/data:/data \ --restart unless-stopped \ - lscr.io/linuxserver/nextcloud:latest - + lscr.io/linuxserver/nextcloud:develop ``` ## Parameters -Container images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `:` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container. +Containers are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `:` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container. | Parameter | Function | | :----: | --- | -| `-p 443` | WebUI | +| `-p 443:443` | WebUI | | `-e PUID=1000` | for UserID - see below for explanation | | `-e PGID=1000` | for GroupID - see below for explanation | | `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). | -| `-v /config` | Nextcloud configs. | +| `-v /config` | Persistent config files | | `-v /data` | Your personal data. | ## Environment variables from files (Docker secrets) @@ -155,10 +192,10 @@ You can set any environment variable from a file by using a special prepend `FIL As an example: ```bash --e FILE__PASSWORD=/run/secrets/mysecretpassword +-e FILE__MYVAR=/run/secrets/mysecretvariable ``` -Will set the environment variable `PASSWORD` based on the contents of the `/run/secrets/mysecretpassword` file. +Will set the environment variable `MYVAR` based on the contents of the `/run/secrets/mysecretvariable` file. ## Umask for running applications @@ -167,15 +204,20 @@ Keep in mind umask is not chmod it subtracts from permissions based on it's valu ## User / Group Identifiers -When using volumes (`-v` flags) permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`. +When using volumes (`-v` flags), permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`. Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic. -In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as below: +In this instance `PUID=1000` and `PGID=1000`, to find yours use `id your_user` as below: ```bash - $ id username - uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup) +id your_user +``` + +Example output: + +```text +uid=1000(your_user) gid=1000(your_user) groups=1000(your_user) ``` ## Docker Mods @@ -186,53 +228,101 @@ We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to ## Support Info -* Shell access whilst the container is running: `docker exec -it nextcloud /bin/bash` -* To monitor the logs of the container in realtime: `docker logs -f nextcloud` -* container version number - * `docker inspect -f '{{ index .Config.Labels "build_version" }}' nextcloud` -* image version number - * `docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/nextcloud:latest` +* Shell access whilst the container is running: + + ```bash + docker exec -it nextcloud /bin/bash + ``` + +* To monitor the logs of the container in realtime: + + ```bash + docker logs -f nextcloud + ``` + +* Container version number: + + ```bash + docker inspect -f '{{ index .Config.Labels "build_version" }}' nextcloud + ``` + +* Image version number: + + ```bash + docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/nextcloud:develop + ``` ## Updating Info -Most of our images are static, versioned, and require an image update and container recreation to update the app inside. With some exceptions (ie. nextcloud, plex), we do not recommend or support updating apps inside the container. Please consult the [Application Setup](#application-setup) section above to see if it is recommended for the image. +Most of our images are static, versioned, and require an image update and container recreation to update the app inside. With some exceptions (noted in the relevant readme.md), we do not recommend or support updating apps inside the container. Please consult the [Application Setup](#application-setup) section above to see if it is recommended for the image. Below are the instructions for updating containers: ### Via Docker Compose -* Update all images: `docker-compose pull` - * or update a single image: `docker-compose pull nextcloud` -* Let compose update all containers as necessary: `docker-compose up -d` - * or update a single container: `docker-compose up -d nextcloud` -* You can also remove the old dangling images: `docker image prune` +* Update images: + * All images: + + ```bash + docker-compose pull + ``` + + * Single image: + + ```bash + docker-compose pull nextcloud + ``` + +* Update containers: + * All containers: + + ```bash + docker-compose up -d + ``` + + * Single container: + + ```bash + docker-compose up -d nextcloud + ``` + +* You can also remove the old dangling images: + + ```bash + docker image prune + ``` ### Via Docker Run -* Update the image: `docker pull lscr.io/linuxserver/nextcloud:latest` -* Stop the running container: `docker stop nextcloud` -* Delete the container: `docker rm nextcloud` -* Recreate a new container with the same docker run parameters as instructed above (if mapped correctly to a host folder, your `/config` folder and settings will be preserved) -* You can also remove the old dangling images: `docker image prune` +* Update the image: + + ```bash + docker pull lscr.io/linuxserver/nextcloud:develop + ``` -### Via Watchtower auto-updater (only use if you don't remember the original parameters) +* Stop the running container: -* Pull the latest image at its tag and replace it with the same env variables in one run: + ```bash + docker stop nextcloud + ``` - ```bash - docker run --rm \ - -v /var/run/docker.sock:/var/run/docker.sock \ - containrrr/watchtower \ - --run-once nextcloud - ``` +* Delete the container: -* You can also remove the old dangling images: `docker image prune` + ```bash + docker rm nextcloud + ``` + +* Recreate a new container with the same docker run parameters as instructed above (if mapped correctly to a host folder, your `/config` folder and settings will be preserved) +* You can also remove the old dangling images: -**Note:** We do not endorse the use of Watchtower as a solution to automated updates of existing Docker containers. In fact we generally discourage automated updates. However, this is a useful tool for one-time manual updates of containers where you have forgotten the original parameters. In the long term, we highly recommend using [Docker Compose](https://docs.linuxserver.io/general/docker-compose). + ```bash + docker image prune + ``` ### Image Update Notifications - Diun (Docker Image Update Notifier) -* We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported. +>[!TIP] +>We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported. ## Building locally @@ -244,19 +334,35 @@ cd docker-nextcloud docker build \ --no-cache \ --pull \ - -t lscr.io/linuxserver/nextcloud:latest . + -t lscr.io/linuxserver/nextcloud:develop . ``` -The ARM variants can be built on x86_64 hardware using `multiarch/qemu-user-static` +The ARM variants can be built on x86_64 hardware and vice versa using `lscr.io/linuxserver/qemu-static` ```bash -docker run --rm --privileged multiarch/qemu-user-static:register --reset +docker run --rm --privileged lscr.io/linuxserver/qemu-static --reset ``` Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64`. ## Versions +* **10.07.25:** - Rebase to Alpine 3.22. +* **12.02.25:** - Rebase to Alpine 3.21. +* **09.01.25:** - Fix uploading large files. Existing users should update their nginx confs. +* **09.07.24:** - Add `previous` tag for n-1 releases. +* **24.06.24:** - Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings. +* **19.05.24:** - Added util-linux package required for taskset. +* **10.04.24:** - Added imagemagick-pdf. +* **05.04.24:** - Added imagemagick-heic. Manual update to `config.php` required - see above. +* **02.04.24:** - Existing users should update: site-confs/default.conf - Add support for the Client Push (notify_push) plugin and the [new mod](https://github.com/linuxserver/docker-mods/tree/nextcloud-notify-push). +* **22.03.24:** - Add imagemagick-svg module. +* **06.03.24:** - Rebase to Alpine 3.19 with php 8.3. +* **02.01.24:** - Existing users should update: site-confs/default.conf - Cleanup default site conf. +* **22.12.23:** - Site default conf updating to include mime.types for js and mjs and update location to include more file types. +* **28.10.23:** - Disable web upgrades using occ during init. +* **31.08.23:** - Re-add updatenotification app. This allows users to be notified for app updates, but also notifies for NextCloud updates. Updating NextCloud via the web UI is not supported when using this image. +* **14.08.23:** - Add develop branch. * **25.06.23:** - Move Nextcloud installation inside container. Remove CLI updater. [See changes announcement](https://info.linuxserver.io/issues/2023-06-25-nextcloud/). * **21.06.23:** - Existing users should update `/config/nginx/site-confs/default.conf` - Security fix for real ip settings. * **25.05.23:** - Rebase to Alpine 3.18, deprecate armhf. diff --git a/jenkins-vars.yml b/jenkins-vars.yml index cf356f7a..d63f5245 100644 --- a/jenkins-vars.yml +++ b/jenkins-vars.yml @@ -3,11 +3,10 @@ # jenkins variables project_name: docker-nextcloud external_type: na -custom_version_command: "curl -sX GET https://api.github.com/repos/nextcloud/server/releases | jq -r '.[] | select(.prerelease != true) | .tag_name' | sed 's|^v||g' | sort -rV | head -1" -release_type: stable -release_tag: latest -ls_branch: master -build_armhf: false +custom_version_command: "curl -sX GET https://api.github.com/repos/nextcloud/server/releases | jq -r '.[] | select(.prerelease == true) | .tag_name' | sed 's|^v||g' | sort -rV | head -1" +release_type: prerelease +release_tag: develop +ls_branch: develop repo_vars: - BUILD_VERSION_ARG = 'NEXTCLOUD_RELEASE' - LS_USER = 'linuxserver' @@ -23,6 +22,6 @@ repo_vars: - CI_PORT='443' - CI_SSL='true' - CI_DELAY='120' - - CI_DOCKERENV='TZ=US/Pacific' - - CI_AUTH='user:password' + - CI_DOCKERENV='' + - CI_AUTH='' - CI_WEBPATH='' diff --git a/package_versions.txt b/package_versions.txt index 56349de7..268a0770 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -1,378 +1,489 @@ -NAME VERSION TYPE -alpine-baselayout 3.4.3-r1 apk -alpine-baselayout-data 3.4.3-r1 apk -alpine-keys 2.4-r1 apk -alpine-release 3.18.2-r0 apk -alsa-lib 1.2.9-r1 apk -amphp/amp v2.6.2 php-composer -amphp/byte-stream v1.8.1 php-composer -amphp/parallel v1.4.3 php-composer -amphp/parser v1.1.0 php-composer -amphp/process v1.1.4 php-composer -amphp/serialization v1.0.0 php-composer -amphp/sync v1.4.2 php-composer -aom-libs 3.6.1-r0 apk -apache2-utils 2.4.57-r3 apk -apk-tools 2.14.0-r2 apk -apr 1.7.4-r0 apk -apr-util 1.6.3-r1 apk -argon2-libs 20190702-r4 apk -avahi-libs 0.8-r13 apk -aws/aws-crt-php v1.0.2 php-composer -aws/aws-sdk-php 3.240.8 php-composer -bantu/ini-get-wrapper v1.0.1 php-composer -bash 5.2.15-r5 apk -beberlei/assert v3.3.1 php-composer -brick/math 0.9.2 php-composer -brotli-libs 1.0.9-r14 apk -busybox 1.36.1 binary -busybox 1.36.1-r1 apk -busybox-binsh 1.36.1-r1 apk -c-client 2007f-r15 apk -ca-certificates 20230506-r0 apk -ca-certificates-bundle 20230506-r0 apk -cairo 1.17.8-r1 apk -cairo-gobject 1.17.8-r1 apk -christian-riesen/base32 1.6.0 php-composer -christophwurst/id3parser v0.1.4 php-composer -cjson 1.7.15-r4 apk -coreutils 9.3-r1 apk -cups-libs 2.4.6-r0 apk -curl 8.1.2-r0 apk -cweagans/composer-patches 1.7.1 php-composer -darsyn/ip 4.1.0 php-composer -dbus-libs 1.14.8-r0 apk -deepdiver/zipstreamer 2.0.0 php-composer -deepdiver1975/tarstreamer 2.0.0 php-composer -doctrine/cache 2.2.0 php-composer -doctrine/dbal 3.3.8 php-composer -doctrine/deprecations v1.0.0 php-composer -doctrine/event-manager 1.2.0 php-composer -doctrine/lexer 1.2.3 php-composer -egulias/email-validator 3.2.5 php-composer -ffmpeg 6.0-r15 apk -ffmpeg-libavcodec 6.0-r15 apk -ffmpeg-libavdevice 6.0-r15 apk -ffmpeg-libavfilter 6.0-r15 apk -ffmpeg-libavformat 6.0-r15 apk -ffmpeg-libavutil 6.0-r15 apk -ffmpeg-libpostproc 6.0-r15 apk -ffmpeg-libswresample 6.0-r15 apk -ffmpeg-libswscale 6.0-r15 apk -fgrosse/phpasn1 v2.3.0 php-composer -flac-libs 1.4.3-r0 apk -fontconfig 2.14.2-r3 apk -freetype 2.13.0-r5 apk -fribidi 1.0.13-r0 apk -fusonic/linq v1.1.0 php-composer -fusonic/opengraph v2.2.0 php-composer -gdbm 1.23-r1 apk -gdk-pixbuf 2.42.10-r5 apk -ghostscript 10.01.2-r0 apk -giggsey/libphonenumber-for-php 8.13.7 php-composer -giggsey/locale 2.3 php-composer -git 2.40.1-r0 apk -glib 2.76.4-r0 apk -glslang-libs 1.3.243.0-r1 apk -gmp 6.2.1-r3 apk -gnu-libiconv 1.17-r1 apk -gnu-libiconv-libs 1.17-r1 apk -gnutls 3.8.0-r2 apk -graphite2 1.3.14-r5 apk -guzzlehttp/guzzle 7.5.0 php-composer -guzzlehttp/promises 1.5.2 php-composer -guzzlehttp/psr7 2.4.5 php-composer -guzzlehttp/uri-template v0.2.0 php-composer -harfbuzz 7.3.0-r0 apk -hexogen/kdtree v0.2.5 php-composer -hwdata-pci 0.370-r0 apk -icewind/searchdav v3.0.1 php-composer -icewind/smb v3.5.4 php-composer -icewind/streams v0.7.7 php-composer -icu-data-en 73.2-r2 apk -icu-libs 73.2-r2 apk -imagemagick 7.1.1.13-r0 apk -imagemagick-libs 7.1.1.13-r0 apk -jansson 2.14-r3 apk -jbig2dec 0.19-r3 apk -jq 1.6-r3 apk -justinrainbow/json-schema 5.2.10 php-composer -lame-libs 3.100-r5 apk -laravel/serializable-closure v1.2.2 php-composer -lcms2 2.15-r2 apk -ldb 2.7.2-r1 apk -league/flysystem 2.5.0 php-composer -league/mime-type-detection 1.11.0 php-composer -league/uri 6.4.0 php-composer -league/uri-interfaces 2.2.0 php-composer -libacl 2.3.1-r3 apk -libarchive 3.6.2-r2 apk -libass 0.17.1-r0 apk -libasyncns 0.8-r1 apk -libattr 2.5.1-r4 apk -libavif 0.11.1-r2 apk -libblkid 2.38.1-r8 apk -libbluray 1.3.4-r0 apk -libbsd 0.11.7-r1 apk -libbz2 1.0.8-r5 apk -libc-utils 0.7.2-r5 apk -libcap2 2.69-r0 apk -libcrypto3 3.1.1-r3 apk -libcurl 8.1.2-r0 apk -libdav1d 1.2.1-r0 apk -libde265 1.0.12-r0 apk -libdrm 2.4.115-r4 apk -libedit 20221030.3.1-r1 apk -libevent 2.1.12-r6 apk -libexpat 2.5.0-r1 apk -libffi 3.4.4-r2 apk -libformw 6.4_p20230506-r0 apk -libgcc 12.2.1_git20220924-r10 apk -libgomp 12.2.1_git20220924-r10 apk -libheif 1.16.2-r0 apk -libhwy 1.0.4-r1 apk -libice 1.1.1-r2 apk -libidn2 2.3.4-r1 apk -libintl 0.21.1-r7 apk -libjpeg-turbo 2.1.5.1-r3 apk -libjxl 0.8.2-r0 apk -libldap 2.6.5-r0 apk -libltdl 2.4.7-r2 apk -libmcrypt 2.5.8-r10 apk -libmd 1.0.4-r2 apk -libmemcached-libs 1.1.4-r1 apk -libmount 2.38.1-r8 apk -libncursesw 6.4_p20230506-r0 apk -libogg 1.3.5-r4 apk -libopenmpt 0.7.2-r0 apk -libpanelw 6.4_p20230506-r0 apk -libpciaccess 0.17-r2 apk -libplacebo 5.264.1-r1 apk -libpng 1.6.39-r3 apk -libpq 15.3-r0 apk -libproc2 4.0.3-r1 apk -libpulse 16.1-r10 apk -libraw 0.21.1-r1 apk -librist 0.2.7-r0 apk -librsvg 2.56.3-r0 apk -libsasl 2.1.28-r4 apk -libsm 1.2.4-r1 apk -libsmbclient 4.18.5-r0 apk -libsndfile 1.2.0-r2 apk -libsodium 1.0.18-r3 apk -libsrt 1.5.2-r0 apk -libssh 0.10.5-r0 apk -libssl3 3.1.1-r3 apk -libstdc++ 12.2.1_git20220924-r10 apk -libtasn1 4.19.0-r1 apk -libtheora 1.1.1-r17 apk -libunibreak 5.1-r0 apk -libunistring 1.1-r1 apk -libuuid 2.38.1-r8 apk -libva 2.18.0-r1 apk -libvdpau 1.5-r1 apk -libvorbis 1.3.7-r1 apk -libvpx 1.13.0-r1 apk -libwbclient 4.18.5-r0 apk -libwebp 1.3.1-r0 apk -libx11 1.8.4-r4 apk -libxau 1.0.11-r2 apk -libxcb 1.15-r1 apk -libxdmcp 1.1.4-r2 apk -libxext 1.3.5-r2 apk -libxfixes 6.0.1-r2 apk -libxft 2.3.8-r1 apk -libxml2 2.11.4-r0 apk -libxpm 3.5.16-r1 apk -libxrender 0.9.11-r3 apk -libxt 1.3.0-r2 apk -libxxhash 0.8.2-r0 apk -libzip 1.9.2-r2 apk -libzmq 4.3.4-r4 apk -linux-pam 1.5.2-r10 apk -lmdb 0.9.31-r0 apk -logrotate 3.21.0-r1 apk -lz4-libs 1.9.4-r4 apk -mbedtls 2.28.3-r1 apk -mexitek/phpcolors v1.0.4 php-composer -microsoft/azure-storage-blob 1.5.4 php-composer -microsoft/azure-storage-common 1.5.2 php-composer -mlocati/ip-lib 1.18.0 php-composer -mpg123-libs 1.31.3-r1 apk -mtdowling/jmespath.php 2.6.1 php-composer -musl 1.2.4-r0 apk -musl-utils 1.2.4-r0 apk -nano 7.2-r1 apk -ncurses-terminfo-base 6.4_p20230506-r0 apk -netcat-openbsd 1.219-r1 apk -nettle 3.8.1-r2 apk -nextcloud/lognormalizer v1.0.0 php-composer -nghttp2-libs 1.53.0-r0 apk -nginx 1.24.0-r6 apk -numactl 2.0.16-r4 apk -onevpl-libs 2023.2.1-r0 apk -oniguruma 6.9.8-r1 apk -openssl 3.1.1-r3 apk -opis/closure 3.6.3 php-composer -opus 1.4-r0 apk -orc 0.4.34-r0 apk -p11-kit 0.24.1-r2 apk -pango 1.50.14-r1 apk -pcre 8.45-r3 apk -pcre2 10.42-r1 apk -pear/archive_tar 1.4.14 php-composer -pear/console_getopt v1.4.3 php-composer -pear/pear-core-minimal v1.10.10 php-composer -pear/pear_exception v1.0.2 php-composer -php-cli 8.2.8 binary -php-fpm 8.2.8 binary -php-http/guzzle7-adapter 1.0.0 php-composer -php-http/httplug 2.2.0 php-composer -php-http/promise 1.1.0 php-composer -php-opencloud/openstack v3.2.1 php-composer -php82 8.2.8-r0 apk -php82-bcmath 8.2.8-r0 apk -php82-bz2 8.2.8-r0 apk -php82-common 8.2.8-r0 apk -php82-ctype 8.2.8-r0 apk -php82-curl 8.2.8-r0 apk -php82-dom 8.2.8-r0 apk -php82-exif 8.2.8-r0 apk -php82-fileinfo 8.2.8-r0 apk -php82-fpm 8.2.8-r0 apk -php82-ftp 8.2.8-r0 apk -php82-gd 8.2.8-r0 apk -php82-gmp 8.2.8-r0 apk -php82-iconv 8.2.8-r0 apk -php82-imap 8.2.8-r0 apk -php82-intl 8.2.8-r0 apk -php82-ldap 8.2.8-r0 apk -php82-mbstring 8.2.8-r0 apk -php82-mysqlnd 8.2.8-r0 apk -php82-opcache 8.2.8-r0 apk -php82-openssl 8.2.8-r0 apk -php82-pcntl 8.2.8-r0 apk -php82-pdo 8.2.8-r0 apk -php82-pdo_mysql 8.2.8-r0 apk -php82-pdo_pgsql 8.2.8-r0 apk -php82-pdo_sqlite 8.2.8-r0 apk -php82-pecl-apcu 5.1.22-r0 apk -php82-pecl-igbinary 3.2.14-r0 apk -php82-pecl-imagick 3.7.0-r5 apk -php82-pecl-mcrypt 1.0.6-r0 apk -php82-pecl-memcached 3.2.0-r1 apk -php82-pecl-msgpack 2.2.0-r0 apk -php82-pecl-redis 5.3.7-r2 apk -php82-pecl-smbclient 1.1.1-r0 apk -php82-pgsql 8.2.8-r0 apk -php82-phar 8.2.8-r0 apk -php82-posix 8.2.8-r0 apk -php82-session 8.2.8-r0 apk -php82-simplexml 8.2.8-r0 apk -php82-sockets 8.2.8-r0 apk -php82-sodium 8.2.8-r0 apk -php82-sqlite3 8.2.8-r0 apk -php82-sysvsem 8.2.8-r0 apk -php82-xml 8.2.8-r0 apk -php82-xmlreader 8.2.8-r0 apk -php82-xmlwriter 8.2.8-r0 apk -php82-zip 8.2.8-r0 apk -phpseclib/phpseclib 2.0.40 php-composer -pimple/pimple v3.5.0 php-composer -pixman 0.42.2-r1 apk -pkgconf 1.9.5-r0 apk -popt 1.19-r2 apk -procps-ng 4.0.3-r1 apk -psr/cache 1.0.1 php-composer -psr/clock 1.0.0 php-composer -psr/container 2.0.2 php-composer -psr/event-dispatcher 1.0.0 php-composer -psr/http-client 1.0.1 php-composer -psr/http-factory 1.0.1 php-composer -psr/http-message 1.0.1 php-composer -psr/log 1.1.4 php-composer -punic/punic 1.6.5 php-composer -ralouphie/getallheaders 3.0.3 php-composer -ramsey/collection 1.1.3 php-composer -ramsey/uuid 4.1.1 php-composer -readline 8.2.1-r1 apk -rsync 3.2.7-r4 apk -rubix/ml dev-chore/bump-flysystem-v2.1.1 php-composer -rubix/tensor 2.2.3 php-composer -rullzer/easytotp v0.1.4 php-composer -sabre/dav 4.4.0 php-composer -sabre/event 5.1.4 php-composer -sabre/http 5.1.5 php-composer -sabre/uri 2.2.2 php-composer -sabre/vobject 4.4.2 php-composer -sabre/xml 2.2.5 php-composer -samba-client 4.18.5-r0 apk -samba-client-libs 4.18.5-r0 apk -samba-common 4.18.5-r0 apk -samba-libs 4.18.5-r0 apk -samba-util-libs 4.18.5-r0 apk -scanelf 1.3.7-r1 apk -scssphp/scssphp v1.11.0 php-composer -sdl2 2.26.5-r0 apk -shaderc 2023.3-r1 apk -shadow 4.13-r4 apk -shared-mime-info 2.2-r5 apk -skalibs 2.13.1.1-r1 apk -soxr 0.1.3-r5 apk -speexdsp 1.2.1-r1 apk -spirv-tools 1.3.243.0-r1 apk -spomky-labs/base64url v2.0.4 php-composer -spomky-labs/cbor-php v2.0.1 php-composer -sqlite-libs 3.41.2-r2 apk -ssl_client 1.36.1-r1 apk -stecman/symfony-console-completion 0.11.0 php-composer -sudo 1.9.13_p3-r2 apk -svt-av1-libs 1.6.0-r0 apk -swiftmailer/swiftmailer v6.3.0 php-composer -symfony/console v5.4.19 php-composer -symfony/css-selector v5.4.11 php-composer -symfony/deprecation-contracts v2.5.2 php-composer -symfony/dom-crawler v5.4.11 php-composer -symfony/event-dispatcher v4.4.30 php-composer -symfony/event-dispatcher-contracts v1.1.9 php-composer -symfony/http-foundation v5.4.10 php-composer -symfony/mailer v5.4.19 php-composer -symfony/mime v5.4.19 php-composer -symfony/polyfill-ctype v1.23.0 php-composer -symfony/polyfill-iconv v1.27.0 php-composer -symfony/polyfill-intl-grapheme v1.23.1 php-composer -symfony/polyfill-intl-idn v1.27.0 php-composer -symfony/polyfill-intl-normalizer v1.27.0 php-composer -symfony/polyfill-mbstring v1.27.0 php-composer -symfony/polyfill-php72 v1.27.0 php-composer -symfony/polyfill-php73 v1.23.0 php-composer -symfony/polyfill-php73 v1.26.0 php-composer -symfony/polyfill-php80 v1.26.0 php-composer -symfony/polyfill-php80 v1.27.0 php-composer -symfony/process v4.4.30 php-composer -symfony/routing v4.4.30 php-composer -symfony/service-contracts v3.0.2 php-composer -symfony/string v6.0.19 php-composer -symfony/translation v4.4.41 php-composer -symfony/translation-contracts v2.4.0 php-composer -talloc 2.4.0-r1 apk -tdb-libs 1.4.8-r1 apk -tevent 0.14.1-r1 apk -thecodingmachine/safe v1.3.3 php-composer -tiff 4.5.1-r0 apk -tzdata 2023c-r1 apk -utmps-libs 0.1.2.1-r1 apk -v4l-utils-libs 1.24.1-r0 apk -vidstab 1.1.1-r0 apk -vulkan-loader 1.3.243.0-r1 apk -wayland-libs-client 1.22.0-r2 apk -web-auth/cose-lib v3.3.9 php-composer -web-auth/metadata-service v3.3.9 php-composer -web-auth/webauthn-lib v3.3.9 php-composer -x264-libs 0.164_git20220602-r1 apk -x265-libs 3.5-r4 apk -xvidcore 1.3.7-r1 apk -xz-libs 5.4.3-r0 apk -zimg 3.0.5-r0 apk -zlib 1.2.13-r1 apk -zstd-libs 1.5.5-r4 apk +NAME VERSION TYPE +Process Wrapper 0.0.0.0 binary (+1 duplicate) +acl-libs 2.3.2-r1 apk +activity 5.0.0-dev.0 npm +alpine-baselayout 3.7.0-r0 apk +alpine-baselayout-data 3.7.0-r0 apk +alpine-keys 2.5-r0 apk +alpine-release 3.22.2-r0 apk +alsa-lib 1.2.14-r0 apk +amphp/amp v2.6.4 php-composer +amphp/byte-stream v1.8.2 php-composer +amphp/parallel v1.4.4 php-composer +amphp/parser v1.1.1 php-composer +amphp/process v1.1.9 php-composer +amphp/serialization v1.0.0 php-composer +amphp/sync v1.4.2 php-composer +andrewdalpino/okbloomer 1.0.0 php-composer +anstream 0.6.8 rust-crate +anstyle 1.0.4 rust-crate +anstyle-parse 0.2.3 rust-crate +anstyle-query 1.0.2 rust-crate +anyhow 1.0.79 rust-crate +anyhow 1.0.98 rust-crate +aom-libs 3.12.1-r0 apk +apache2-utils 2.4.66-r0 apk +apk-tools 2.14.9-r3 apk +apr 1.7.5-r0 apk +apr-util 1.6.3-r1 apk +arg_enum_proc_macro 0.3.4 rust-crate +argon2-libs 20190702-r5 apk +arrayvec 0.7.4 rust-crate +av-metrics 0.9.1 rust-crate +av1-grain 0.2.3 rust-crate +aws/aws-crt-php v1.2.7 php-composer +aws/aws-sdk-php 3.349.3 php-composer +bamarni/composer-bin-plugin 1.8.2 php-composer +bantu/ini-get-wrapper v1.0.1 php-composer +bash 5.2.37-r0 apk +bitflags 2.4.1 rust-crate +bitstream-io 2.2.0 rust-crate +bitstream-io 2.6.0 rust-crate +bitvec 1.0.1 rust-crate +bitvec_helpers 3.1.6 rust-crate +brick/math 0.12.1 php-composer +brotli-libs 1.1.0-r2 apk +busybox 1.37.0-r20 apk +busybox-binsh 1.37.0-r20 apk +c-ares 1.34.6-r0 apk +c-client 2007f-r15 apk +ca-certificates 20250911-r0 apk +ca-certificates-bundle 20250911-r0 apk +catatonit 0.2.1-r0 apk +cfg-if 1.0.0 rust-crate +christian-riesen/base32 1.6.0 php-composer +cjson 1.7.19-r0 apk +clap 4.4.14 rust-crate +clap_builder 4.4.14 rust-crate +clap_complete 4.4.6 rust-crate +clap_derive 4.4.7 rust-crate +clap_lex 0.6.0 rust-crate +colorchoice 1.0.0 rust-crate +composer 2.9.2 binary +console 0.15.8 rust-crate +coreutils 9.7-r1 apk +coreutils-env 9.7-r1 apk +coreutils-fmt 9.7-r1 apk +coreutils-sha512sum 9.7-r1 apk +crc 3.3.0 rust-crate +crc-catalog 2.4.0 rust-crate +crossbeam 0.8.4 rust-crate +crossbeam-channel 0.5.14 rust-crate +crossbeam-deque 0.8.5 rust-crate +crossbeam-epoch 0.9.18 rust-crate +crossbeam-queue 0.3.11 rust-crate +crossbeam-utils 0.8.19 rust-crate +curl 8.14.1-r2 apk +cweagans/composer-patches 1.7.3 php-composer +dbus-libs 1.16.2-r1 apk +deepdiver/zipstreamer v2.0.3 php-composer +deepdiver1975/tarstreamer v2.1.0 php-composer +doctrine/dbal 3.10.2 php-composer +doctrine/deprecations 1.1.5 php-composer +doctrine/event-manager 2.0.1 php-composer +doctrine/lexer 3.0.1 php-composer +dolby_vision 3.3.1 rust-crate +egulias/email-validator 4.0.4 php-composer +either 1.9.0 rust-crate +errno 0.3.8 rust-crate +fern 0.6.2 rust-crate +ffmpeg 6.1.2-r2 apk +ffmpeg-libavcodec 6.1.2-r2 apk +ffmpeg-libavdevice 6.1.2-r2 apk +ffmpeg-libavfilter 6.1.2-r2 apk +ffmpeg-libavformat 6.1.2-r2 apk +ffmpeg-libavutil 6.1.2-r2 apk +ffmpeg-libpostproc 6.1.2-r2 apk +ffmpeg-libswresample 6.1.2-r2 apk +ffmpeg-libswscale 6.1.2-r2 apk +fftw-double-libs 3.3.10-r6 apk +files_downloadlimit 5.0.0-dev.0 npm +files_pdfviewer 5.0.0-dev.0 npm +findutils 4.10.0-r0 apk +firstrunwizard 5.0.0-dev.0 npm +fontconfig 2.15.0-r3 apk +freetype 2.13.3-r0 apk +fribidi 1.0.16-r1 apk +funty 2.0.0 rust-crate +fusonic/opengraph v3.0.0 php-composer +gdbm 1.24-r0 apk +getrandom 0.2.12 rust-crate +giflib 5.2.2-r1 apk +giggsey/libphonenumber-for-php-lite 9.0.17 php-composer +git 2.49.1-r0 apk +git-init-template 2.49.1-r0 apk +glib 2.84.4-r0 apk +glslang-libs 1.4.309.0-r0 apk +gmp 6.3.0-r3 apk +gnu-libiconv 1.17-r2 apk +gnu-libiconv-libs 1.17-r2 apk +gnutls 3.8.8-r0 apk +graphite2 1.3.14-r6 apk +guzzlehttp/guzzle 7.9.3 php-composer +guzzlehttp/promises 2.2.0 php-composer +guzzlehttp/psr7 2.7.1 php-composer +guzzlehttp/uri-template v1.0.4 php-composer +harfbuzz 11.2.1-r0 apk +heck 0.4.1 rust-crate +hexogen/kdtree v0.2.6 php-composer +hwdata-pci 0.395-r0 apk +icewind/searchdav v3.2.0 php-composer +icewind/smb v3.7.0 php-composer +icewind/streams v0.7.8 php-composer +icu-data-en 76.1-r1 apk +icu-libs 76.1-r1 apk +imagemagick 7.1.2.8-r0 apk +imagemagick-jpeg 7.1.2.8-r0 apk +imagemagick-jxl 7.1.2.8-r0 apk +imagemagick-libs 7.1.2.8-r0 apk +imagemagick-openexr 7.1.2.8-r0 apk +imagemagick-webp 7.1.2.8-r0 apk +imath 3.1.12-r0 apk +interpolate_name 0.2.4 rust-crate +itertools 0.10.5 rust-crate +itertools 0.12.0 rust-crate +ivf 0.1.3 rust-crate +jansson 2.14.1-r0 apk +joomla/string 3.0.4 php-composer +jq 1.8.1-r0 apk +justinrainbow/json-schema 6.4.2 php-composer +kornrunner/blurhash v1.2.2 php-composer +lab 0.11.0 rust-crate +lame-libs 3.100-r5 apk +laravel/serializable-closure v2.0.4 php-composer +lazy_static 1.4.0 rust-crate +lcms2 2.16-r0 apk +lcobucci/clock 3.0.0 php-composer +ldb 4.21.9-r1 apk +libSvtAv1Enc 2.3.0-r0 apk +libapk2 2.14.9-r3 apk +libarchive 3.8.3-r0 apk +libass 0.17.3-r0 apk +libasyncns 0.8-r4 apk +libattr 2.5.2-r2 apk +libauth-samba 4.21.9-r1 apk +libavif 1.3.0-r0 apk +libblkid 2.41-r9 apk +libbluray 1.3.4-r1 apk +libbsd 0.12.2-r0 apk +libbz2 1.0.8-r6 apk +libc 0.2.155 rust-crate +libc 0.2.172 rust-crate +libcap2 2.76-r0 apk +libcrypto3 3.5.4-r0 apk +libcurl 8.14.1-r2 apk +libdav1d 1.5.1-r0 apk +libdeflate 1.23-r0 apk +libdovi 3.3.1-r1 apk +libdrm 2.4.124-r0 apk +libeconf 0.6.3-r0 apk +libedit 20250104.3.1-r1 apk +libevent 2.1.12-r8 apk +libexpat 2.7.3-r0 apk +libffi 3.4.8-r0 apk +libflac 1.4.3-r1 apk +libformw 6.5_p20250503-r0 apk +libgcc 14.2.0-r6 apk +libgomp 14.2.0-r6 apk +libhwy 1.0.7-r1 apk +libice 1.1.2-r0 apk +libidn2 2.3.7-r0 apk +libintl 0.24.1-r0 apk +libjpeg-turbo 3.1.0-r0 apk +libjxl 0.10.3-r2 apk +libldap 2.6.8-r0 apk +libltdl 2.5.4-r1 apk +libmd 1.1.0-r0 apk +libmemcached-libs 1.1.4-r1 apk +libmount 2.41-r9 apk +libncursesw 6.5_p20250503-r0 apk +libogg 1.3.5-r5 apk +libopenmpt 0.7.15-r0 apk +libpanelw 6.5_p20250503-r0 apk +libpciaccess 0.18.1-r0 apk +libplacebo 6.338.2-r3 apk +libpng 1.6.53-r0 apk +libpq 17.7-r0 apk +libproc2 4.0.4-r3 apk +libpsl 0.21.5-r3 apk +libpulse 17.0-r5 apk +librist 0.2.10-r1 apk +libsasl 2.1.28-r8 apk +libsharpyuv 1.5.0-r0 apk +libsm 1.2.5-r0 apk +libsmbclient 4.21.9-r1 apk +libsndfile 1.2.2-r2 apk +libsodium 1.0.20-r0 apk +libsrt 1.5.3-r1 apk +libssh 0.11.2-r0 apk +libssl3 3.5.4-r0 apk +libstdc++ 14.2.0-r6 apk +libtasn1 4.20.0-r0 apk +libtheora 1.1.1-r18 apk +libunibreak 6.1-r0 apk +libunistring 1.3-r0 apk +libuuid 2.41-r9 apk +libva 2.22.0-r1 apk +libvdpau 1.5-r4 apk +libvorbis 1.3.7-r2 apk +libvpx 1.15.0-r0 apk +libwbclient 4.21.9-r1 apk +libwebp 1.5.0-r0 apk +libwebpdemux 1.5.0-r0 apk +libwebpmux 1.5.0-r0 apk +libx11 1.8.11-r0 apk +libxau 1.0.12-r0 apk +libxcb 1.17.0-r0 apk +libxdmcp 1.1.5-r1 apk +libxext 1.3.6-r2 apk +libxfixes 6.0.1-r4 apk +libxml2 2.13.9-r0 apk +libxpm 3.5.17-r0 apk +libxt 1.3.1-r0 apk +libxxhash 0.8.3-r0 apk +libyuv 0.0.1887.20251502-r1 apk +libzip 1.11.4-r0 apk +libzmq 4.3.5-r2 apk +lilv-libs 0.24.26-r0 apk +linux-pam 1.7.0-r4 apk +linux-raw-sys 0.4.12 rust-crate +lmdb 0.9.33-r0 apk +log 0.4.20 rust-crate +logreader 5.0.0-dev.0 npm +logrotate 3.21.0-r1 apk +lz4-libs 1.10.0-r0 apk +marc-mabe/php-enum v4.7.1 php-composer +masterminds/html5 2.9.0 php-composer +maybe-rayon 0.1.1 rust-crate +mbedtls 3.6.5-r0 apk +memchr 2.7.1 rust-crate +mexitek/phpcolors v1.0.4 php-composer +microsoft/azure-storage-blob 1.5.4 php-composer +microsoft/azure-storage-common 1.5.2 php-composer +minimal-lexical 0.2.1 rust-crate +mlocati/ip-lib 1.20.0 php-composer +mpg123-libs 1.32.10-r0 apk +mtdowling/jmespath.php 2.8.0 php-composer +musl 1.2.5-r10 apk +musl-utils 1.2.5-r10 apk +nano 8.4-r0 apk +ncurses-terminfo-base 6.5_p20250503-r0 apk +netcat-openbsd 1.229.1-r0 apk +nettle 3.10.1-r0 apk +new_debug_unreachable 1.0.4 rust-crate +nextcloud 1.0.0 npm +nextcloud/lognormalizer v1.0.0 php-composer +nghttp2-libs 1.65.0-r0 apk +nginx 1.28.0-r3 apk +nom 7.1.3 rust-crate +noop_proc_macro 0.3.0 rust-crate +notifications 5.0.0-dev.0 npm +num-bigint 0.4.4 rust-crate +num-derive 0.4.1 rust-crate +num-integer 0.1.45 rust-crate +num-rational 0.4.1 rust-crate +num-traits 0.2.17 rust-crate +numactl 2.0.18-r0 apk +once_cell 1.19.0 rust-crate +onevpl-libs 2023.3.1-r2 apk +oniguruma 6.9.10-r0 apk +openexr-libiex 3.3.2-r0 apk +openexr-libilmthread 3.3.2-r0 apk +openexr-libopenexr 3.3.2-r0 apk +openexr-libopenexrcore 3.3.2-r0 apk +openssl 3.5.4-r0 apk +opus 1.5.2-r1 apk +orc 0.4.40-r1 apk +p11-kit 0.25.5-r2 apk +paragonie/constant_time_encoding v2.6.3 php-composer +password_policy 4.0.0-dev.0 npm +paste 1.0.14 rust-crate +pcre2 10.46-r0 apk +pear/archive_tar 1.5.0 php-composer +pear/console_getopt v1.4.3 php-composer +pear/pear-core-minimal v1.10.16 php-composer +pear/pear_exception v1.0.2 php-composer +photos 5.0.0-dev.1 npm +php-http/guzzle7-adapter 1.1.0 php-composer +php-http/httplug 2.4.1 php-composer +php-http/promise 1.3.1 php-composer +php-opencloud/openstack v3.14.0 php-composer +php84 8.4.16-r0 apk +php84-bcmath 8.4.16-r0 apk +php84-bz2 8.4.16-r0 apk +php84-common 8.4.16-r0 apk +php84-ctype 8.4.16-r0 apk +php84-curl 8.4.16-r0 apk +php84-dom 8.4.16-r0 apk +php84-exif 8.4.16-r0 apk +php84-fileinfo 8.4.16-r0 apk +php84-fpm 8.4.16-r0 apk +php84-ftp 8.4.16-r0 apk +php84-gd 8.4.16-r0 apk +php84-gmp 8.4.16-r0 apk +php84-iconv 8.4.16-r0 apk +php84-intl 8.4.16-r0 apk +php84-ldap 8.4.16-r0 apk +php84-mbstring 8.4.16-r0 apk +php84-mysqlnd 8.4.16-r0 apk +php84-opcache 8.4.16-r0 apk +php84-openssl 8.4.16-r0 apk +php84-pcntl 8.4.16-r0 apk +php84-pdo 8.4.16-r0 apk +php84-pdo_mysql 8.4.16-r0 apk +php84-pdo_pgsql 8.4.16-r0 apk +php84-pdo_sqlite 8.4.16-r0 apk +php84-pecl-apcu 5.1.27-r0 apk +php84-pecl-igbinary 3.2.16-r1 apk +php84-pecl-imagick 3.8.0-r1 apk +php84-pecl-imap 1.0.3-r0 apk +php84-pecl-memcached 3.3.0-r0 apk +php84-pecl-msgpack 3.0.0-r0 apk +php84-pecl-redis 6.3.0-r0 apk +php84-pecl-smbclient 1.2.0_pre-r0 apk +php84-pgsql 8.4.16-r0 apk +php84-phar 8.4.16-r0 apk +php84-posix 8.4.16-r0 apk +php84-session 8.4.16-r0 apk +php84-simplexml 8.4.16-r0 apk +php84-sockets 8.4.16-r0 apk +php84-sodium 8.4.16-r0 apk +php84-sqlite3 8.4.16-r0 apk +php84-sysvsem 8.4.16-r0 apk +php84-xml 8.4.16-r0 apk +php84-xmlreader 8.4.16-r0 apk +php84-xmlwriter 8.4.16-r0 apk +php84-zip 8.4.16-r0 apk +phpseclib/phpseclib 2.0.47 php-composer +pimple/pimple v3.5.0 php-composer +popt 1.19-r4 apk +ppv-lite86 0.2.17 rust-crate +privacy 4.0.0-dev.0 npm +proc-macro2 1.0.76 rust-crate +procps-ng 4.0.4-r3 apk +profiling 1.0.13 rust-crate +profiling-procmacros 1.0.13 rust-crate +psr/cache 3.0.0 php-composer +psr/clock 1.0.0 php-composer +psr/container 2.0.2 php-composer +psr/event-dispatcher 1.0.0 php-composer +psr/http-client 1.0.3 php-composer +psr/http-factory 1.1.0 php-composer +psr/http-message 2.0 php-composer +psr/log 3.0.2 php-composer (+1 duplicate) +punic/punic 3.8.1 php-composer +quote 1.0.35 rust-crate +radium 0.7.0 rust-crate +ralouphie/getallheaders 3.0.3 php-composer +rand 0.8.5 rust-crate +rand_chacha 0.3.1 rust-crate +rand_core 0.6.4 rust-crate +rav1e 0.7.1 rust-crate +rav1e-libs 0.7.1-r2 apk +rayon 1.8.0 rust-crate +rayon-core 1.12.0 rust-crate +readline 8.2.13-r1 apk +recommendations 5.0.0-dev.0 npm +rsync 3.4.1-r1 apk +rubix/ml 2.5.2 php-composer +rubix/tensor 3.0.5 php-composer +rullzer/easytotp v0.1.4 php-composer +rustix 0.38.28 rust-crate +sabre/dav 4.7.0 php-composer +sabre/event 5.1.7 php-composer +sabre/http 5.1.12 php-composer +sabre/uri 2.3.4 php-composer +sabre/vobject 4.5.6 php-composer +sabre/xml 2.2.11 php-composer +samba-client 4.21.9-r1 apk +samba-client-libs 4.21.9-r1 apk +samba-common 4.21.9-r1 apk +samba-libs 4.21.9-r1 apk +samba-util-libs 4.21.9-r1 apk +scan_fmt 0.2.6 rust-crate +scanelf 1.3.8-r1 apk +sdl2-compat 2.32.56-r0 apk +sdl3 3.2.16-r0 apk +serd-libs 0.32.4-r0 apk +shaderc 2024.4-r0 apk +shadow 4.17.3-r0 apk +signal-hook 0.3.17 rust-crate +signal-hook-registry 1.4.1 rust-crate +simd_helpers 0.1.0 rust-crate +skalibs-libs 2.14.4.0-r0 apk +sord-libs 0.16.18-r0 apk +soxr 0.1.3-r7 apk +speexdsp 1.2.1-r2 apk +spirv-tools 1.4.313.0-r0 apk +spomky-labs/cbor-php 3.0.4 php-composer +spomky-labs/pki-framework 1.2.1 php-composer +sqlite-libs 3.49.2-r1 apk +sratom 0.6.18-r0 apk +ssl_client 1.37.0-r20 apk +stecman/symfony-console-completion v0.14.0 php-composer +sudo 1.9.17_p2-r0 apk +support 4.0.0-dev.0 npm +symfony/console v6.4.17 php-composer +symfony/css-selector v6.4.13 php-composer +symfony/deprecation-contracts v3.6.0 php-composer (+1 duplicate) +symfony/dom-crawler v6.4.23 php-composer +symfony/event-dispatcher v6.4.8 php-composer +symfony/event-dispatcher-contracts v3.5.0 php-composer +symfony/http-foundation v6.4.29 php-composer +symfony/mailer v6.4.12 php-composer +symfony/mime v6.4.12 php-composer +symfony/polyfill-intl-grapheme v1.32.0 php-composer +symfony/polyfill-intl-idn v1.32.0 php-composer +symfony/polyfill-intl-normalizer v1.32.0 php-composer +symfony/polyfill-mbstring v1.31.0 php-composer +symfony/polyfill-php80 v1.31.0 php-composer +symfony/polyfill-php82 v1.31.0 php-composer +symfony/polyfill-php82 v1.32.0 php-composer +symfony/polyfill-php83 v1.31.0 php-composer +symfony/polyfill-php83 v1.32.0 php-composer +symfony/polyfill-php84 v1.32.0 php-composer +symfony/polyfill-uuid v1.29.0 php-composer +symfony/process v6.4.15 php-composer +symfony/routing v6.4.12 php-composer +symfony/service-contracts v3.5.1 php-composer +symfony/string v6.4.15 php-composer +symfony/translation v6.4.4 php-composer +symfony/translation-contracts v3.4.2 php-composer +symfony/uid v6.4.3 php-composer +syn 2.0.48 rust-crate +talloc 2.4.2-r1 apk +tap 1.0.1 rust-crate +tdb-libs 1.4.12-r0 apk +teams 32.0.0 npm +terminal_size 0.3.0 rust-crate +tevent 0.16.1-r0 apk +text 6.0.0 npm +thiserror 1.0.56 rust-crate +thiserror-impl 1.0.56 rust-crate +tinyvec 1.9.0 rust-crate +twofactor_totp 14.0.0 npm +tzdata 2025c-r0 apk +unicode-ident 1.0.12 rust-crate +unicode-width 0.1.11 rust-crate +utf8parse 0.2.1 rust-crate +utmps-libs 0.1.3.1-r0 apk +v4l-utils-libs 1.28.1-r1 apk +v_frame 0.3.7 rust-crate +vidstab 1.1.1-r0 apk +viewer 5.0.0-dev.0 npm +vulkan-loader 1.4.313.0-r0 apk +wamania/php-stemmer v4.0.0 php-composer +wapmorgan/mp3info 0.1.1 php-composer +wayland-libs-client 1.23.1-r3 apk +web-auth/cose-lib 4.3.0 php-composer +web-auth/webauthn-lib 4.9.1 php-composer +wyz 0.5.1 rust-crate +x264-libs 0.164.3108-r0 apk +x265-libs 3.6-r0 apk +xvidcore 1.3.7-r2 apk +xz-libs 5.8.1-r0 apk +y4m 0.8.0 rust-crate +zimg 3.0.5-r3 apk +zix-libs 0.6.2-r0 apk +zlib 1.3.1-r2 apk +zstd-libs 1.5.7-r0 apk diff --git a/readme-vars.yml b/readme-vars.yml index 83ae4735..d491ff25 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -9,48 +9,35 @@ project_blurb: | Where are your photos and documents? With Nextcloud you pick a server of your choice, at home, in a data center or at a provider. And that is where your files will be. Nextcloud runs on that server, protecting your data and giving you access from your desktop or mobile devices. Through Nextcloud you also access, sync and share your existing data on that FTP drive at the office, a Dropbox or a NAS you have at home. project_lsio_github_repo_url: "https://github.com/linuxserver/docker-{{ project_name }}" -project_blurb_optional_extras_enabled: false - # supported architectures available_architectures: - - { arch: "{{ arch_x86_64 }}", tag: "amd64-latest"} - - { arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"} - + - {arch: "{{ arch_x86_64 }}", tag: "amd64-latest"} + - {arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"} # development version -development_versions: false +development_versions: true development_versions_items: - - { tag: "latest", desc: "Stable Nextcloud releases" } - + - {tag: "latest", desc: "Stable Nextcloud releases"} + - {tag: "develop", desc: "Beta Nextcloud pre-releases *only*"} + - {tag: "previous", desc: "Nextcloud releases from the previous major version"} # container parameters common_param_env_vars_enabled: true param_container_name: "{{ project_name }}" -param_usage_include_net: false -param_usage_include_env: true -param_env_vars: - - { env_var: "TZ", env_value: "Europe/London", desc: "Specify a timezone to use EG Europe/London." } param_usage_include_vols: true param_volumes: - - { vol_path: "/config", vol_host_path: "/path/to/appdata", desc: "Nextcloud configs." } - - { vol_path: "/data", vol_host_path: "/path/to/data", desc: "Your personal data." } + - {vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Persistent config files"} + - {vol_path: "/data", vol_host_path: "/path/to/data", desc: "Your personal data."} param_usage_include_ports: true param_ports: - - { external_port: "443", internal_port: "443", port_desc: "WebUI" } -param_device_map: false -cap_add_param: false - -# optional container parameters -opt_param_usage_include_env: false -opt_param_usage_include_vols: false -opt_param_usage_include_ports: false -opt_param_device_map: false -opt_cap_add_param: false -optional_block_1: false - + - {external_port: "443", internal_port: "443", port_desc: "WebUI"} +readonly_supported: false +nonroot_supported: false # application setup block app_setup_block_enabled: true app_setup_block: | Access the webui at `https://:443`, for more information check out [Nextcloud]({{ project_url }}). + Note: `occ` should be run without prepending with `sudo -u abc php` or `sudo -u www-data php` ie; `docker exec -it nextcloud occ maintenance:mode --off` + ### Updating Nextcloud Updating Nextcloud is done by pulling the new image, and recreating the container with it. @@ -65,6 +52,34 @@ app_setup_block: | If (auto) installed, those built-in packages may cause instability and should be removed. + ### HEIC Image Previews + + In order to enable HEIC image preview generation you will need to add the following to your `config.php` file in your `config/www/nextcloud/config' directory; + + ``` + 'enable_previews' => true, + 'enabledPreviewProviders' => + array ( + 'OC\Preview\PNG', + 'OC\Preview\JPEG', + 'OC\Preview\GIF', + 'OC\Preview\BMP', + 'OC\Preview\XBitmap', + 'OC\Preview\MP3', + 'OC\Preview\TXT', + 'OC\Preview\MarkDown', + 'OC\Preview\OpenDocument', + 'OC\Preview\Krita', + 'OC\Preview\HEIC', + ), + ``` + + You may need to log out and back in for the changes to come in to effect. + + This fix was sourced from [Nextcloud Documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#enabledpreviewproviders) + + Nextcloud state that HEIC preview is disabled by default due to performance or privacy concerns, so enable this at your own risk. + ### Custom App Directories If you are [using custom app directories](https://docs.nextcloud.com/server/latest/admin_manual/apps_management.html#using-custom-app-directories) you will need to make the custom folder(s) you are using available to the web server. The recommended way to do this with our container is to add a volume. Ex: @@ -75,54 +90,121 @@ app_setup_block: | ``` Afterwards, you can set `"path" => OC::$SERVERROOT . "/your_custom_apps_folder",` in your `config.php` file, per the [official documentation](https://docs.nextcloud.com/server/latest/admin_manual/apps_management.html#using-custom-app-directories). - +# init diagram +init_diagram: | + "nextcloud:develop": { + docker-mods + base { + fix-attr +\nlegacy cont-init + } + docker-mods -> base + legacy-services + custom services + init-services -> legacy-services + init-services -> custom services + custom services -> legacy-services + legacy-services -> ci-service-check + init-migrations -> init-adduser + init-nginx-end -> init-config + init-os-end -> init-config + init-config -> init-config-end + init-crontab-config -> init-config-end + init-nextcloud-config -> init-config-end + init-config -> init-crontab-config + init-mods-end -> init-custom-files + init-adduser -> init-device-perms + base -> init-envfile + init-os-end -> init-folders + init-php -> init-keygen + base -> init-migrations + init-config-end -> init-mods + init-mods-package-install -> init-mods-end + init-mods -> init-mods-package-install + init-nginx-end -> init-nextcloud-config + init-samples -> init-nginx + init-version-checks -> init-nginx-end + init-adduser -> init-os-end + init-device-perms -> init-os-end + init-envfile -> init-os-end + init-keygen -> init-permissions + init-nginx -> init-php + init-folders -> init-samples + init-custom-files -> init-services + init-permissions -> init-version-checks + init-services -> svc-cron + svc-cron -> legacy-services + init-services -> svc-nginx + svc-nginx -> legacy-services + init-services -> svc-php-fpm + svc-php-fpm -> legacy-services + } + Base Images: { + "baseimage-alpine-nginx:3.22" <- "baseimage-alpine:3.22" + } + "nextcloud:develop" <- Base Images # changelog changelogs: - - { date: "25.06.23:", desc: "Move Nextcloud installation inside container. Remove CLI updater. [See changes announcement](https://info.linuxserver.io/issues/2023-06-25-nextcloud/)." } - - { date: "21.06.23:", desc: "Existing users should update `/config/nginx/site-confs/default.conf` - Security fix for real ip settings." } - - { date: "25.05.23:", desc: "Rebase to Alpine 3.18, deprecate armhf." } - - { date: "13.04.23:", desc: "Move ssl.conf include to default.conf." } - - { date: "21.03.23:", desc: "Add php81-sysvsem as new dep for v26. Update default X-Robots-Tag to `noindex, nofollow``." } - - { date: "02.03.23:", desc: "Set permissions on crontabs during init." } - - { date: "20.01.23:", desc: "Rebase to alpine 3.17 with php8.1." } - - { date: "10.10.22:", desc: "Rebasing to alpine 3.15 with php8. Restructure nginx configs ([see changes announcement](https://info.linuxserver.io/issues/2022-08-20-nginx-base))." } - - { date: "30.09.22:", desc: "Disabled `output_buffering` as per [nextcloud docs](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/big_file_upload_configuration.html" } - - { date: "21.05.22:", desc: "Update version check endpoint." } - - { date: "28.04.22:", desc: "Increase OPCache interned strings buffered setting to 16." } - - { date: "14.04.22:", desc: "Nginx default site config updated for v23 (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container). Fix LDAP connection." } - - { date: "11.09.21:", desc: "Rebasing to alpine 3.14" } - - { date: "21.03.21:", desc: "Publish `php8` tag for testing." } - - { date: "25.02.21:", desc: "Nginx default site config updated for v21 (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container)." } - - { date: "21.01.21:", desc: "Fix php iconv (was breaking the mail addon). If installed, attempt to remove broken CODE Server app during startup." } - - { date: "20.01.21:", desc: "Increase php fcgi timeout to prevent 504 Gateway timeout errors (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container)." } - - { date: "16.01.21:", desc: "Rebasing to alpine 3.13. Users with issues on 32-bit arm, [see this article](https://docs.linuxserver.io/faq#my-host-is-incompatible-with-images-based-on-ubuntu-focal-and-alpine-3-13)." } - - { date: "12.08.20:", desc: "Various updates to default site config, including added support for webfinger (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container)." } - - { date: "03.06.20:", desc: "Rebasing to alpine 3.12" } - - { date: "03.06.20:", desc: "Add php7-bcmath and php7-fileinfo" } - - { date: "31.05.20:", desc: "Add aliases for occ and updater.phar" } - - { date: "31.03.20:", desc: "Allow crontab to be user customized, fix logrotate." } - - { date: "17.01.20:", desc: "Updated php.ini defaults and site config, including an optional HSTS directive (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container)." } - - { date: "19.12.19:", desc: "Rebasing to alpine 3.11." } - - { date: "18.11.19:", desc: "Nginx default site config updated for v17 (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container)." } - - { date: "28.10.19:", desc: "Change cronjob to run every 5 minutes." } - - { date: "24.10.19:", desc: "Nginx default site config updated due to CVE-2019-11043 (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container)." } - - { date: "14.07.19:", desc: "Download nextcloud during build time." } - - { date: "28.06.19:", desc: "Rebasing to alpine 3.10." } - - { date: "23.03.19:", desc: "Switching to new Base images, shift to arm32v7 tag." } - - { date: "27.02.19:", desc: "Updating base nginx config to sync up with v15 requirements." } - - { date: "22.02.19:", desc: "Rebasing to alpine 3.9." } - - { date: "28.01.19:", desc: "Add pipeline logic and multi arch." } - - { date: "25.01.19:", desc: "Add php7-phar for occ upgrades." } - - { date: "05.09.18:", desc: "Rebase to alpine 3.8." } - - { date: "11.06.18:", desc: "Use latest rather than specific version for initial install." } - - { date: "26.04.18:", desc: "Bump default install to 13.0.1." } - - { date: "06.02.18:", desc: "Bump default install to 13.0.0." } - - { date: "26.01.18:", desc: "Rebase to alpine 3.7, bump default install to 12.0.5." } - - { date: "12.12.17:", desc: "Bump default install to 12.0.4, fix continuation lines." } - - { date: "15.10.17:", desc: "Sed php.ini for opcache requirements in newer nextcloud versions." } - - { date: "20.09.17:", desc: "Bump default install to 12.0.3." } - - { date: "19.08.17:", desc: "Bump default install to 12.0.2." } - - { date: "25.05.17:", desc: "Rebase to alpine 3.6." } - - { date: "22.05.17:", desc: "Update to nextcloud 12.0, adding required dependecies and note about commenting out SAMEORIGIN; line." } - - { date: "03.05.17:", desc: "Use community repo of memcache." } - - { date: "07.03.17:", desc: "Release into main repository and upgrade to php7 and Alpine 3.5." } + - {date: "10.07.25:", desc: "Rebase to Alpine 3.22."} + - {date: "12.02.25:", desc: "Rebase to Alpine 3.21."} + - {date: "09.01.25:", desc: "Fix uploading large files. Existing users should update their nginx confs."} + - {date: "09.07.24:", desc: "Add `previous` tag for n-1 releases."} + - {date: "24.06.24:", desc: "Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings."} + - {date: "19.05.24:", desc: "Added util-linux package required for taskset."} + - {date: "10.04.24:", desc: "Added imagemagick-pdf."} + - {date: "05.04.24:", desc: "Added imagemagick-heic. Manual update to `config.php` required - see above."} + - {date: "02.04.24:", desc: "Existing users should update: site-confs/default.conf - Add support for the Client Push (notify_push) plugin and the [new mod](https://github.com/linuxserver/docker-mods/tree/nextcloud-notify-push)."} + - {date: "22.03.24:", desc: "Add imagemagick-svg module."} + - {date: "06.03.24:", desc: "Rebase to Alpine 3.19 with php 8.3."} + - {date: "02.01.24:", desc: "Existing users should update: site-confs/default.conf - Cleanup default site conf."} + - {date: "22.12.23:", desc: "Site default conf updating to include mime.types for js and mjs and update location to include more file types."} + - {date: "28.10.23:", desc: "Disable web upgrades using occ during init."} + - {date: "31.08.23:", desc: "Re-add updatenotification app. This allows users to be notified for app updates, but also notifies for NextCloud updates. Updating NextCloud via the web UI is not supported when using this image."} + - {date: "14.08.23:", desc: "Add develop branch."} + - {date: "25.06.23:", desc: "Move Nextcloud installation inside container. Remove CLI updater. [See changes announcement](https://info.linuxserver.io/issues/2023-06-25-nextcloud/)."} + - {date: "21.06.23:", desc: "Existing users should update `/config/nginx/site-confs/default.conf` - Security fix for real ip settings."} + - {date: "25.05.23:", desc: "Rebase to Alpine 3.18, deprecate armhf."} + - {date: "13.04.23:", desc: "Move ssl.conf include to default.conf."} + - {date: "21.03.23:", desc: "Add php81-sysvsem as new dep for v26. Update default X-Robots-Tag to `noindex, nofollow``."} + - {date: "02.03.23:", desc: "Set permissions on crontabs during init."} + - {date: "20.01.23:", desc: "Rebase to alpine 3.17 with php8.1."} + - {date: "10.10.22:", desc: "Rebasing to alpine 3.15 with php8. Restructure nginx configs ([see changes announcement](https://info.linuxserver.io/issues/2022-08-20-nginx-base))."} + - {date: "30.09.22:", desc: "Disabled `output_buffering` as per [nextcloud docs](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/big_file_upload_configuration.html"} + - {date: "21.05.22:", desc: "Update version check endpoint."} + - {date: "28.04.22:", desc: "Increase OPCache interned strings buffered setting to 16."} + - {date: "14.04.22:", desc: "Nginx default site config updated for v23 (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container). Fix LDAP connection."} + - {date: "11.09.21:", desc: "Rebasing to alpine 3.14"} + - {date: "21.03.21:", desc: "Publish `php8` tag for testing."} + - {date: "25.02.21:", desc: "Nginx default site config updated for v21 (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container)."} + - {date: "21.01.21:", desc: "Fix php iconv (was breaking the mail addon). If installed, attempt to remove broken CODE Server app during startup."} + - {date: "20.01.21:", desc: "Increase php fcgi timeout to prevent 504 Gateway timeout errors (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container)."} + - {date: "16.01.21:", desc: "Rebasing to alpine 3.13. Users with issues on 32-bit arm, [see this article](https://docs.linuxserver.io/faq#my-host-is-incompatible-with-images-based-on-ubuntu-focal-and-alpine-3-13)."} + - {date: "12.08.20:", desc: "Various updates to default site config, including added support for webfinger (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container)."} + - {date: "03.06.20:", desc: "Rebasing to alpine 3.12"} + - {date: "03.06.20:", desc: "Add php7-bcmath and php7-fileinfo"} + - {date: "31.05.20:", desc: "Add aliases for occ and updater.phar"} + - {date: "31.03.20:", desc: "Allow crontab to be user customized, fix logrotate."} + - {date: "17.01.20:", desc: "Updated php.ini defaults and site config, including an optional HSTS directive (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container)."} + - {date: "19.12.19:", desc: "Rebasing to alpine 3.11."} + - {date: "18.11.19:", desc: "Nginx default site config updated for v17 (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container)."} + - {date: "28.10.19:", desc: "Change cronjob to run every 5 minutes."} + - {date: "24.10.19:", desc: "Nginx default site config updated due to CVE-2019-11043 (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container)."} + - {date: "14.07.19:", desc: "Download nextcloud during build time."} + - {date: "28.06.19:", desc: "Rebasing to alpine 3.10."} + - {date: "23.03.19:", desc: "Switching to new Base images, shift to arm32v7 tag."} + - {date: "27.02.19:", desc: "Updating base nginx config to sync up with v15 requirements."} + - {date: "22.02.19:", desc: "Rebasing to alpine 3.9."} + - {date: "28.01.19:", desc: "Add pipeline logic and multi arch."} + - {date: "25.01.19:", desc: "Add php7-phar for occ upgrades."} + - {date: "05.09.18:", desc: "Rebase to alpine 3.8."} + - {date: "11.06.18:", desc: "Use latest rather than specific version for initial install."} + - {date: "26.04.18:", desc: "Bump default install to 13.0.1."} + - {date: "06.02.18:", desc: "Bump default install to 13.0.0."} + - {date: "26.01.18:", desc: "Rebase to alpine 3.7, bump default install to 12.0.5."} + - {date: "12.12.17:", desc: "Bump default install to 12.0.4, fix continuation lines."} + - {date: "15.10.17:", desc: "Sed php.ini for opcache requirements in newer nextcloud versions."} + - {date: "20.09.17:", desc: "Bump default install to 12.0.3."} + - {date: "19.08.17:", desc: "Bump default install to 12.0.2."} + - {date: "25.05.17:", desc: "Rebase to alpine 3.6."} + - {date: "22.05.17:", desc: "Update to nextcloud 12.0, adding required dependecies and note about commenting out SAMEORIGIN; line."} + - {date: "03.05.17:", desc: "Use community repo of memcache."} + - {date: "07.03.17:", desc: "Release into main repository and upgrade to php7 and Alpine 3.5."} diff --git a/root/defaults/nginx/site-confs/default.conf.sample b/root/defaults/nginx/site-confs/default.conf.sample index bbf83899..72ce8274 100644 --- a/root/defaults/nginx/site-confs/default.conf.sample +++ b/root/defaults/nginx/site-confs/default.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/06/23 - Changelog: https://github.com/linuxserver/docker-nextcloud/commits/master/root/defaults/nginx/site-confs/default.conf.sample +## Version 2025/07/10 - Changelog: https://github.com/linuxserver/docker-nextcloud/commits/master/root/defaults/nginx/site-confs/default.conf.sample # Set the `immutable` cache control options only for assets with a cache busting `v` argument map $arg_v $asset_immutable { @@ -9,9 +9,10 @@ map $arg_v $asset_immutable { server { listen 80 default_server; listen [::]:80 default_server; - - listen 443 ssl http2 default_server; - listen [::]:443 ssl http2 default_server; + listen 443 ssl default_server; + listen [::]:443 ssl default_server; + listen 443 quic reuseport default_server; + listen [::]:443 quic reuseport default_server; server_name _; @@ -26,7 +27,7 @@ server { # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html#nextcloud-in-the-webroot-of-nginx # set max upload size and increase upload timeout: - client_max_body_size 512M; + client_max_body_size 0; client_body_timeout 300s; fastcgi_buffers 64 4K; @@ -36,25 +37,24 @@ server { gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + gzip_types application/atom+xml text/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # Pagespeed is not supported by Nextcloud, so if your server is built # with the `ngx_pagespeed` module, uncomment this line to disable it. #pagespeed off; - # The settings allows you to optimize the HTTP2 bandwitdth. + # The settings allows you to optimize the HTTP2 bandwidth. # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/ - # for tunning hints + # for tuning hints client_body_buffer_size 512k; # HTTP response headers borrowed from Nextcloud `.htaccess` - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "noindex, nofollow" always; - add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "noindex, nofollow" always; + add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; @@ -66,7 +66,7 @@ server { # that file is correctly served; if it doesn't, then the request is passed to # the front-end controller. This consistent behaviour means that we don't need # to specify custom rules for certain paths (e.g. images and other assets, - # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus + # `/updater`, `/ocs-provider`), and thus # `try_files $uri $uri/ /index.php$request_uri` # always provides the desired behaviour. index index.php index.html /index.php$request_uri; @@ -113,7 +113,7 @@ server { # to the URI, resulting in a HTTP 500 error response. location ~ \.php(?:$|/) { # Required for legacy support - rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; + rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; @@ -134,7 +134,8 @@ server { fastcgi_max_temp_file_size 0; } - location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ { + # Serve static files + location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463, $asset_immutable"; access_log off; # Optional: Don't log access to assets @@ -142,6 +143,7 @@ server { location ~ \.wasm$ { default_type application/wasm; } + } location ~ \.woff2?$ { diff --git a/root/etc/s6-overlay/s6-rc.d/init-nextcloud-config/run b/root/etc/s6-overlay/s6-rc.d/init-nextcloud-config/run index c1bcbc2a..bba0b8d1 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-nextcloud-config/run +++ b/root/etc/s6-overlay/s6-rc.d/init-nextcloud-config/run @@ -10,7 +10,7 @@ mkdir -p \ /data # migrate legacy install (copy inside container) -if [ -f /config/www/nextcloud/version.php ]; then +if [[ -f /config/www/nextcloud/version.php ]]; then echo "Migrating legacy install (this can take a while) ...)" rsync -rlD --remove-source-files --exclude-from=/app/upgrade.exclude /config/www/nextcloud/ /app/www/public/ rm -rf /config/www/nextcloud/updater/ @@ -26,7 +26,7 @@ fi # symlink config folders for dir in apps config themes; do - if [ "$(readlink /app/www/public/${dir})" != "/config/www/nextcloud/${dir}" ]; then + if [[ "$(readlink /app/www/public/${dir})" != "/config/www/nextcloud/${dir}" ]]; then rm -rf "/app/www/public/${dir}" ln -s "/config/www/nextcloud/${dir}" "/app/www/public/${dir}" lsiown abc:abc "/config/www/nextcloud/${dir}" "/app/www/public/${dir}" @@ -34,9 +34,9 @@ for dir in apps config themes; do done # get versions -image_version=$(php -r "require '/app/www/src/version.php'; echo implode('.', \$OC_Version);" 2>/dev/null) -installed_version=$(php -r "require '/config/www/nextcloud/config/config.php'; echo \$CONFIG['version'];" 2>/dev/null) -if [ "${installed_version}" = "" ]; then +image_version=$(php -r "require '/app/www/src/version.php'; echo implode('.', \$OC_Version);" 2>/dev/null | xargs) +installed_version=$(php -r "require '/config/www/nextcloud/config/config.php'; echo \$CONFIG['version'];" 2>/dev/null | xargs) +if [[ "${installed_version}" = "" ]]; then installed_version="0.0.0.0" fi image_major="${image_version%%.*}" @@ -54,23 +54,23 @@ if vergt "${installed_version}" "${image_version}"; then sleep infinity fi -if [ "${installed_version}" != "0.0.0.0" ] && vergt "${image_major}" "${max_upgrade}"; then +if [[ "${installed_version}" != "0.0.0.0" ]] && vergt "${image_major}" "${max_upgrade}"; then echo "Can't start Nextcloud because the version of the data (${installed_version}) is more than one major version behind the docker image version (${image_version}) and upgrading more than one major version is not supported. Please run an image tagged for the major version ${max_upgrade} first." sleep infinity fi -if [ "${installed_version}" = "0.0.0.0" ] || [ ! -f /app/www/public/version.php ] || [ -z "$(ls -A /config/www/nextcloud/apps 2>/dev/null)" ]; then +if [[ "${installed_version}" = "0.0.0.0" ]] || [[ ! -f /app/www/public/version.php ]] || [[ -z "$(ls -A /config/www/nextcloud/apps 2>/dev/null)" ]]; then touch /tmp/needs_install fi -if [ "${installed_version}" != "0.0.0.0" ] && vergt "${image_version}" "${installed_version}"; then +if [[ "${installed_version}" != "0.0.0.0" ]] && vergt "${image_version}" "${installed_version}"; then touch /tmp/needs_upgrade fi # initialize nextcloud -if [ -f /config/www/nextcloud/config/needs_migration ] || [ -f /tmp/needs_install ] || [ -f /tmp/needs_upgrade ]; then +if [[ -f /config/www/nextcloud/config/needs_migration ]] || [[ -f /tmp/needs_install ]] || [[ -f /tmp/needs_upgrade ]]; then echo "Initializing nextcloud ${image_version} (this can take a while) ..." - if [ -f /config/www/nextcloud/config/needs_migration ] || [ -f /tmp/needs_upgrade ]; then + if [[ -f /config/www/nextcloud/config/needs_migration ]] || [[ -f /tmp/needs_upgrade ]]; then echo "Upgrading nextcloud from ${installed_version} ..." shippedApps=$(jq -r .shippedApps[] /app/www/src/core/shipped.json) for app in ${shippedApps}; do @@ -80,25 +80,25 @@ if [ -f /config/www/nextcloud/config/needs_migration ] || [ -f /tmp/needs_instal rsync -rlD --exclude-from=/app/upgrade.exclude /app/www/src/ /app/www/public/ for dir in apps config themes; do - if [ -f /config/www/nextcloud/config/needs_migration ] || [ -f /tmp/needs_upgrade ] || [ -z "$(ls -A /app/www/public/${dir} 2>/dev/null)" ]; then + if [[ -f /config/www/nextcloud/config/needs_migration ]] || [[ -f /tmp/needs_upgrade ]] || [[ -z "$(ls -A /app/www/public/${dir} 2>/dev/null)" ]]; then rsync -rlD --include "/${dir}" --exclude '/*' /app/www/src/ /config/www/nextcloud/ fi done - if [ -z "$(ls -A /data/ 2>/dev/null)" ]; then + if [[ -z "$(ls -A /data/ 2>/dev/null)" ]]; then rsync -rlD --include "/data" --exclude '/*' /app/www/src/ / fi echo "Setting permissions" lsiown abc:abc /data - lsiown abc:abc -R \ + lsiown -R abc:abc \ /app/www/public \ /config/www/nextcloud - if [ -f /config/www/nextcloud/config/needs_migration ] || [ -f /tmp/needs_upgrade ]; then + if [[ -f /config/www/nextcloud/config/needs_migration ]] || [[ -f /tmp/needs_upgrade ]]; then # Upgrade occ upgrade else - if [ "${installed_version}" = "0.0.0.0" ]; then + if [[ "${installed_version}" = "0.0.0.0" ]]; then # Install echo "New nextcloud instance" echo "Please run the web-based installer on first connect!" @@ -124,7 +124,7 @@ if occ config:system:get installed >/dev/null 2>&1; then occ config:system:set memcache.local --value='\\OC\\Memcache\\APCu' fi if ! occ config:system:get filelocking.enabled >/dev/null 2>&1; then - occ config:system:set filelocking.enabled --value=true + occ config:system:set filelocking.enabled --value=true --type=boolean fi if ! occ config:system:get memcache.locking >/dev/null 2>&1; then occ config:system:set memcache.locking --value='\\OC\\Memcache\\APCu' @@ -132,6 +132,9 @@ if occ config:system:get installed >/dev/null 2>&1; then if ! occ config:system:get datadirectory >/dev/null 2>&1; then occ config:system:set datadirectory --value='/data' fi + if ! occ config:system:get upgrade.disable-web >/dev/null 2>&1; then + occ config:system:set upgrade.disable-web --value=true --type=boolean + fi else echo "After completing the web-based installer, restart the Nextcloud container to apply default memory caching and transactional file locking configurations." echo "Alternatively, you can apply your own configurations by editing /config/www/nextcloud/config/config.php following the documentation:" @@ -139,15 +142,35 @@ else echo "https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/files_locking_transactional.html" fi -if (occ app:list --no-interaction | grep -q richdocumentscode) 2>/dev/null; then - echo "Removing CODE Server" - APP=$(occ app:list --no-interaction | grep richdocumentscode | awk -F ' ' '{print $2}' | tr -d ':') - occ app:remove --no-interaction "${APP}" 2>/dev/null -fi +# remove problematic apps +for APP in richdocumentscode; do + if (occ app:list | grep -q " - ${APP}:") 2>/dev/null; then + echo "Removing ${APP}" + fi + APP_PATH=$(occ app:getpath "${APP}" 2>/dev/null) + if [[ -z "${APP_PATH}" ]] || [[ ! -d "${APP_PATH}" ]]; then + APP_PATH="/app/www/public/apps/${APP}" + fi + if [[ -d "${APP_PATH}" ]]; then + occ app:disable "${APP}" >/dev/null 2>&1 + fi + APP_STATUS="$(occ config:app:get "${APP}" enabled 2>/dev/null)" + if [[ "${APP_STATUS}" != "no" ]] && [[ -n "${APP_STATUS}" ]]; then + occ config:app:set "${APP}" enabled --value="no" >/dev/null 2>&1 + fi + occ app:remove "${APP}" >/dev/null 2>&1 + rm -rf "${APP_PATH}" +done # set data directory -if [ ! -s /config/www/nextcloud/config/config.php ]; then +if [[ ! -s /config/www/nextcloud/config/config.php ]]; then echo -e " '/data',\n);" >/config/www/nextcloud/config/config.php -elif [ -f /config/www/nextcloud/config/config.php ]; then +elif [[ -f /config/www/nextcloud/config/config.php ]]; then sed -i "s|/app/www/public/data|/data|g" /config/www/nextcloud/config/config.php fi + +#modify javascript mime type and add .mjs support +if [[ -s /etc/nginx/mime.types ]]; then + sed -i 's|\bjs;|js mjs;|g' /etc/nginx/mime.types + sed -i 's|\bapplication/javascript|text/javascript|g' /etc/nginx/mime.types +fi diff --git a/root/migrations/02-default-location b/root/migrations/02-default-location old mode 100644 new mode 100755 index a3727ec5..cbaab7d4 --- a/root/migrations/02-default-location +++ b/root/migrations/02-default-location @@ -5,7 +5,7 @@ DEFAULT_CONF="/config/nginx/site-confs/default.conf" OLD_ROOT="root /config/www/nextcloud/;" NEW_ROOT="root /app/www/public;" -if grep -q "${OLD_ROOT}" "${DEFAULT_CONF}"; then +if [[ -f "${DEFAULT_CONF}" ]] && grep -q "${OLD_ROOT}" "${DEFAULT_CONF}" 2>/dev/null; then echo "updating root in ${DEFAULT_CONF}" sed -i "s|${OLD_ROOT}|${NEW_ROOT}|" "${DEFAULT_CONF}" fi