Skip to content

Commit 5d5ec83

Browse files
thespadthelameraptalca
authored
Monthly (#354)
* update security notes for selkies blurb to include note about seccomp unconfined * wording * use github generated release notes for LS changes * use jq to sanitize release body, remove `What's Changed` header * detect no new commits when generating release notes * Use `develop` CI image when testing dev/pr builds * Remove quotes * Rebase to 3.22 * sync snippet with baseimge to advertise all container settings (#355) * sync snippet with baseimge to advertise all container settings * add no gamepad to docs as well * Quay no fail (#356) * do not fail on quay * template jenkinsfile --------- Co-authored-by: thelamer <ryankuba@gmail.com> Co-authored-by: aptalca <541623+aptalca@users.noreply.github.com>
1 parent 2d27f3d commit 5d5ec83

File tree

5 files changed

+291
-72
lines changed

5 files changed

+291
-72
lines changed

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# syntax=docker/dockerfile:1
22

3-
FROM ghcr.io/linuxserver/baseimage-alpine:3.21
3+
FROM ghcr.io/linuxserver/baseimage-alpine:3.22
44

55
# set version label
66
ARG BUILD_DATE

Dockerfile.aarch64

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# syntax=docker/dockerfile:1
22

3-
FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.21
3+
FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.22
44

55
# set version label
66
ARG BUILD_DATE

Jenkinsfile

Lines changed: 62 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -206,6 +206,7 @@ pipeline {
206206
env.META_TAG = env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER
207207
env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN
208208
env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache'
209+
env.CITEST_IMAGETAG = 'latest'
209210
}
210211
}
211212
}
@@ -231,6 +232,7 @@ pipeline {
231232
env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN
232233
env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DEV_DOCKERHUB_IMAGE + '/tags/'
233234
env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache'
235+
env.CITEST_IMAGETAG = 'develop'
234236
}
235237
}
236238
}
@@ -256,6 +258,7 @@ pipeline {
256258
env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/pull/' + env.PULL_REQUEST
257259
env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.PR_DOCKERHUB_IMAGE + '/tags/'
258260
env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache'
261+
env.CITEST_IMAGETAG = 'develop'
259262
}
260263
}
261264
}
@@ -569,13 +572,16 @@ pipeline {
569572
echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
570573
echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
571574
echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
575+
572576
if [[ "${PACKAGE_CHECK}" != "true" ]]; then
577+
declare -A pids
573578
IFS=',' read -ra CACHE <<< "$BUILDCACHE"
574579
for i in "${CACHE[@]}"; do
575580
docker push ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} &
581+
pids[$!]="$i"
576582
done
577-
for p in $(jobs -p); do
578-
wait "$p" || { echo "job $p failed" >&2; exit 1; }
583+
for p in "${!pids[@]}"; do
584+
wait "$p" || { [[ "${pids[$p]}" != *"quay.io"* ]] && exit 1; }
579585
done
580586
fi
581587
'''
@@ -635,13 +641,16 @@ pipeline {
635641
echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
636642
echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
637643
echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
644+
638645
if [[ "${PACKAGE_CHECK}" != "true" ]]; then
646+
declare -A pids
639647
IFS=',' read -ra CACHE <<< "$BUILDCACHE"
640648
for i in "${CACHE[@]}"; do
641649
docker push ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} &
650+
pids[$!]="$i"
642651
done
643-
for p in $(jobs -p); do
644-
wait "$p" || { echo "job $p failed" >&2; exit 1; }
652+
for p in "${!pids[@]}"; do
653+
wait "$p" || { [[ "${pids[$p]}" != *"quay.io"* ]] && exit 1; }
645654
done
646655
fi
647656
'''
@@ -695,12 +704,14 @@ pipeline {
695704
echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
696705
echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
697706
if [[ "${PACKAGE_CHECK}" != "true" ]]; then
707+
declare -A pids
698708
IFS=',' read -ra CACHE <<< "$BUILDCACHE"
699709
for i in "${CACHE[@]}"; do
700710
docker push ${i}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} &
711+
pids[$!]="$i"
701712
done
702-
for p in $(jobs -p); do
703-
wait "$p" || { echo "job $p failed" >&2; exit 1; }
713+
for p in "${!pids[@]}"; do
714+
wait "$p" || { [[ "${pids[$p]}" != *"quay.io"* ]] && exit 1; }
704715
done
705716
fi
706717
'''
@@ -825,7 +836,7 @@ pipeline {
825836
CI_DOCKERENV="LSIO_FIRST_PARTY=true"
826837
fi
827838
fi
828-
docker pull ghcr.io/linuxserver/ci:latest
839+
docker pull ghcr.io/linuxserver/ci:${CITEST_IMAGETAG}
829840
if [ "${MULTIARCH}" == "true" ]; then
830841
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} --platform=arm64
831842
docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
@@ -849,7 +860,7 @@ pipeline {
849860
-e WEB_PATH=\"${CI_WEBPATH}\" \
850861
-e NODE_NAME=\"${NODE_NAME}\" \
851862
-e SYFT_IMAGE_TAG=\"${CI_SYFT_IMAGE_TAG:-${SYFT_IMAGE_TAG}}\" \
852-
-t ghcr.io/linuxserver/ci:latest \
863+
-t ghcr.io/linuxserver/ci:${CITEST_IMAGETAG} \
853864
python3 test_build.py'''
854865
}
855866
}
@@ -875,9 +886,11 @@ pipeline {
875886
CACHEIMAGE=${i}
876887
fi
877888
done
878-
docker buildx imagetools create --prefer-index=false -t ${PUSHIMAGE}:${META_TAG} -t ${PUSHIMAGE}:latest -t ${PUSHIMAGE}:${EXT_RELEASE_TAG} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER}
889+
docker buildx imagetools create --prefer-index=false -t ${PUSHIMAGE}:${META_TAG} -t ${PUSHIMAGE}:latest -t ${PUSHIMAGE}:${EXT_RELEASE_TAG} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \
890+
{ [[ "${PUSHIMAGE}" != "${QUAYIMAGE}" ]] && exit 1; }
879891
if [ -n "${SEMVER}" ]; then
880-
docker buildx imagetools create --prefer-index=false -t ${PUSHIMAGE}:${SEMVER} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER}
892+
docker buildx imagetools create --prefer-index=false -t ${PUSHIMAGE}:${SEMVER} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \
893+
{ [[ "${PUSHIMAGE}" != "${QUAYIMAGE}" ]] && exit 1; }
881894
fi
882895
done
883896
'''
@@ -902,20 +915,27 @@ pipeline {
902915
CACHEIMAGE=${i}
903916
fi
904917
done
905-
docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:amd64-${META_TAG} -t ${MANIFESTIMAGE}:amd64-latest -t ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER}
906-
docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:arm64v8-${META_TAG} -t ${MANIFESTIMAGE}:arm64v8-latest -t ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} ${CACHEIMAGE}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
918+
docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:amd64-${META_TAG} -t ${MANIFESTIMAGE}:amd64-latest -t ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \
919+
{ [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]] && exit 1; }
920+
docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:arm64v8-${META_TAG} -t ${MANIFESTIMAGE}:arm64v8-latest -t ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} ${CACHEIMAGE}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || \
921+
{ [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]] && exit 1; }
907922
if [ -n "${SEMVER}" ]; then
908-
docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:amd64-${SEMVER} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER}
909-
docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:arm64v8-${SEMVER} ${CACHEIMAGE}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
923+
docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:amd64-${SEMVER} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \
924+
{ [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]] && exit 1; }
925+
docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:arm64v8-${SEMVER} ${CACHEIMAGE}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || \
926+
{ [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]] && exit 1; }
910927
fi
911928
done
912929
for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
913-
docker buildx imagetools create -t ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm64v8-latest
914-
docker buildx imagetools create -t ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
915-
916-
docker buildx imagetools create -t ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
930+
docker buildx imagetools create -t ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm64v8-latest || \
931+
{ [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]] && exit 1; }
932+
docker buildx imagetools create -t ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} || \
933+
{ [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]] && exit 1; }
934+
docker buildx imagetools create -t ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} || \
935+
{ [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]] && exit 1; }
917936
if [ -n "${SEMVER}" ]; then
918-
docker buildx imagetools create -t ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
937+
docker buildx imagetools create -t ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} || \
938+
{ [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]] && exit 1; }
919939
fi
920940
done
921941
'''
@@ -933,6 +953,16 @@ pipeline {
933953
environment name: 'EXIT_STATUS', value: ''
934954
}
935955
steps {
956+
echo "Auto-generating release notes"
957+
sh '''if [ "$(git tag --points-at HEAD)" != "" ]; then
958+
echo "Existing tag points to current commit, suggesting no new LS changes"
959+
AUTO_RELEASE_NOTES="No changes"
960+
else
961+
AUTO_RELEASE_NOTES=$(curl -fsL -H "Authorization: token ${GITHUB_TOKEN}" -H "Accept: application/vnd.github+json" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases/generate-notes \
962+
-d '{"tag_name":"'${META_TAG}'",\
963+
"target_commitish": "master"}' \
964+
| jq -r '.body' | sed 's|## What.s Changed||')
965+
fi'''
936966
echo "Pushing New tag for current commit ${META_TAG}"
937967
sh '''curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/git/tags \
938968
-d '{"tag":"'${META_TAG}'",\
@@ -943,12 +973,19 @@ pipeline {
943973
echo "Pushing New release for Tag"
944974
sh '''#! /bin/bash
945975
echo "Updating base packages to ${PACKAGE_TAG}" > releasebody.json
946-
echo '{"tag_name":"'${META_TAG}'",\
947-
"target_commitish": "master",\
948-
"name": "'${META_TAG}'",\
949-
"body": "**CI Report:**\\n\\n'${CI_URL:-N/A}'\\n\\n**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n\\n**Remote Changes:**\\n\\n' > start
950-
printf '","draft": false,"prerelease": false}' >> releasebody.json
951-
paste -d'\\0' start releasebody.json > releasebody.json.done
976+
jq -n \
977+
--arg tag_name "$META_TAG" \
978+
--arg target_commitish "master" \
979+
--arg ci_url "${CI_URL:-N/A}" \
980+
--arg ls_notes "$AUTO_RELEASE_NOTES" \
981+
--arg remote_notes "$(cat releasebody.json)" \
982+
'{
983+
"tag_name": $tag_name,
984+
"target_commitish": $target_commitish,
985+
"name": $tag_name,
986+
"body": ("**CI Report:**\\n\\n" + $ci_url + "\\n\\n**LinuxServer Changes:**\\n\\n" + $ls_notes + "\\n\\n**Remote Changes:**\\n\\n" + $remote_notes),
987+
"draft": false,
988+
"prerelease": false }' > releasebody.json.done
952989
curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done'''
953990
}
954991
}

0 commit comments

Comments
 (0)