From 1e2f6cfe6f55a68e1ffa89c2842cebe5ef03095c Mon Sep 17 00:00:00 2001 From: mjanez <96422458+mjanez@users.noreply.github.com> Date: Tue, 27 Aug 2024 12:18:30 +0200 Subject: [PATCH] Update CKAN Dockerfile versions to 2.9.12 - Update workflows to generate a tag as: `2.9.12` instead of `ckan-2.9.12`. Align with the [`ckan-docker-spatial`(https://github.com/mjanez/ckan-docker-spatial#pre-configured-ckan-docker-images) and [`ckan-docker-base`(https://github.com/ckan/ckan-docker-base#pre-configured-ckan-docker-images)` tags. --- .github/workflows/docker-build.yml | 22 +++++++++++++++------- .github/workflows/docker-manual.yml | 22 +++++++++++++++------- .github/workflows/docker-master.yml | 22 ++++++++++++++-------- .github/workflows/docker-pr.yml | 12 ++++++------ README.md | 11 ++++++++++- ckan/Dockerfile | 2 +- ckan/Dockerfile.dev | 2 +- ckan/Dockerfile.ghcr | 2 +- 8 files changed, 63 insertions(+), 32 deletions(-) diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 07ed077..eead1f3 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -14,9 +14,9 @@ on: env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} - TAG: ghcr.io/${{ github.repository }}:${{ github.head_ref }} CONTEXT: . BRANCH: ${{ github.head_ref }} + VERSION: ${{ github.head_ref }} DOCKERFILE_PATH: /ckan DOCKERFILE: Dockerfile @@ -43,6 +43,10 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract tag version from branch name + id: extract_tag_version + run: echo "VERSION=$(echo ${{ github.head_ref }} | sed 's/^ckan-//')" >> $GITHUB_ENV + - name: Extract Docker metadata id: meta uses: docker/metadata-action@v5 @@ -50,14 +54,18 @@ jobs: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} labels: | org.opencontainers.image.documentation=https://github.com/${{ github.repository }}/blob/${{ env.BRANCH }}/README.md - org.opencontainers.image.version=${{ env.BRANCH }} + org.opencontainers.image.version=${{ env.VERSION }} + annotations: | + org.opencontainers.image.description=This image contains CKAN based on a Docker Compose deployment. The container includes CKAN along with its dependencies and configurations for spatial data support. + org.opencontainers.image.source=https://github.com/${{ github.repository }} - name: Build and push - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: push: true - tags: ${{ env.TAG }} + tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }} labels: ${{ steps.meta.outputs.labels }} + annotations: ${{ steps.meta.outputs.annotations }} context: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }} file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }} @@ -68,14 +76,14 @@ jobs: no-fail: true - name: Run Trivy container image vulnerability scanner - uses: aquasecurity/trivy-action@0.18.0 + uses: aquasecurity/trivy-action@0.24.0 with: - image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BRANCH }} + image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }} format: sarif output: trivy-results.sarif - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 if: always() with: sarif_file: trivy-results.sarif \ No newline at end of file diff --git a/.github/workflows/docker-manual.yml b/.github/workflows/docker-manual.yml index 9acbb46..44e2553 100644 --- a/.github/workflows/docker-manual.yml +++ b/.github/workflows/docker-manual.yml @@ -5,9 +5,9 @@ on: workflow_dispatch env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} - TAG: ghcr.io/${{ github.repository }}:${{ github.ref_name }} CONTEXT: . BRANCH: ${{ github.ref_name }} + VERSION: ${{ github.ref_name }} DOCKERFILE_PATH: /ckan DOCKERFILE: Dockerfile @@ -33,6 +33,10 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract tag version from branch name + id: extract_tag_version + run: echo "VERSION=$(echo ${{ github.head_ref }} | sed 's/^ckan-//')" >> $GITHUB_ENV + - name: Extract Docker metadata id: meta uses: docker/metadata-action@v5 @@ -40,14 +44,18 @@ jobs: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} labels: | org.opencontainers.image.documentation=https://github.com/${{ github.repository }}/blob/${{ env.BRANCH }}/README.md - org.opencontainers.image.version=${{ env.BRANCH }} + org.opencontainers.image.version=${{ env.VERSION }} + annotations: | + org.opencontainers.image.description=This image contains CKAN based on a Docker Compose deployment. The container includes CKAN along with its dependencies and configurations for spatial data support. + org.opencontainers.image.source=https://github.com/${{ github.repository }} - name: Build and push - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: push: true - tags: ${{ env.TAG }} + tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }} labels: ${{ steps.meta.outputs.labels }} + annotations: ${{ steps.meta.outputs.annotations }} context: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }} file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }} @@ -58,14 +66,14 @@ jobs: no-fail: true - name: Run Trivy container image vulnerability scanner - uses: aquasecurity/trivy-action@0.18.0 + uses: aquasecurity/trivy-action@0.24.0 with: - image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BRANCH }} + image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }} format: sarif output: trivy-results.sarif - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 if: always() with: sarif_file: trivy-results.sarif \ No newline at end of file diff --git a/.github/workflows/docker-master.yml b/.github/workflows/docker-master.yml index f798eaf..b0eab55 100644 --- a/.github/workflows/docker-master.yml +++ b/.github/workflows/docker-master.yml @@ -9,6 +9,8 @@ env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} CONTEXT: . + BRANCH: master + VERSION: master DOCKERFILE_PATH: /ckan DOCKERFILE: Dockerfile @@ -29,10 +31,6 @@ jobs: with: fetch-depth: 0 - - name: Get highest ckan branch excluding -dev - id: getbranch - run: echo "VERSION=$(git branch -r | grep -o 'ckan-[0-9]*\.[0-9]*\.[0-9]*[^-dev]$' | sort -V | tail -n 1)" >> $GITHUB_ENV - - name: Login to registry uses: docker/login-action@v3 with: @@ -40,21 +38,29 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Get highest ckan branch excluding -dev + id: getbranch + run: echo "VERSION=$(git branch -r | grep -o 'ckan-[0-9]*\.[0-9]*\.[0-9]*[^-dev]$' | sort -V | tail -n 1)" >> $GITHUB_ENV + - name: Extract Docker metadata id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} labels: | - org.opencontainers.image.documentation=https://github.com/${{ github.repository }}/blob/master/README.md + org.opencontainers.image.documentation=https://github.com/${{ github.repository }}/blob/${{ env.BRANCH }}/README.md org.opencontainers.image.version=${{ env.VERSION }} + annotations: | + org.opencontainers.image.description=This image contains CKAN based on a Docker Compose deployment. The container includes CKAN along with its dependencies and configurations for spatial data support. + org.opencontainers.image.source=https://github.com/${{ github.repository }} - name: Build and push - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: push: true tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }} labels: ${{ steps.meta.outputs.labels }} + annotations: ${{ steps.meta.outputs.annotations }} context: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }} file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }} @@ -65,14 +71,14 @@ jobs: no-fail: true - name: Run Trivy container image vulnerability scanner - uses: aquasecurity/trivy-action@0.18.0 + uses: aquasecurity/trivy-action@0.24.0 with: image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }} format: sarif output: trivy-results.sarif - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 if: always() with: sarif_file: trivy-results.sarif \ No newline at end of file diff --git a/.github/workflows/docker-pr.yml b/.github/workflows/docker-pr.yml index fea16e4..ccd46a7 100644 --- a/.github/workflows/docker-pr.yml +++ b/.github/workflows/docker-pr.yml @@ -30,11 +30,11 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Checkout + - name: Check out code uses: actions/checkout@v4 - name: NGINX build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: ./nginx file: ./nginx/Dockerfile @@ -42,7 +42,7 @@ jobs: tags: mjanez/ckan-docker-nginx:test-build-only - name: Apache HTTP Server build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: ./apache file: ./apache/Dockerfile @@ -50,7 +50,7 @@ jobs: tags: mjanez/ckan-docker-apache:test-build-only - name: PostgreSQL build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: ./postgresql file: ./postgresql/Dockerfile @@ -58,7 +58,7 @@ jobs: tags: mjanez/ckan-docker-postgresql:test-build-only - name: Solr build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: ./solr file: ./solr/Dockerfile @@ -66,7 +66,7 @@ jobs: tags: mjanez/ckan-docker-solr:test-build-only - name: ckan-pycsw build - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v6 with: context: ./ckan-pycsw file: ./ckan-pycsw/Dockerfile diff --git a/README.md b/README.md index 3af86f2..01be220 100644 --- a/README.md +++ b/README.md @@ -42,12 +42,18 @@ Available components: | CKAN Version | Type | Docker tag | Notes | | --- | --- | --- | --- | -| 2.9.8 | custom image | `ghcr.io/mjanez/ckan-spatial:ckan-2.9.8` | Stable version with CKAN 2.9.8 | +| 2.9.8 | custom image | `ghcr.io/mjanez/ckan-spatial:ckan-2.9.8`, `ghcr.io/mjanez/ckan-spatial:ckan-2.9.8`, `ghcr.io/mjanez/ckan-docker:ckan-2.9.9`, `ghcr.io/mjanez/ckan-docker:ckan-2.9.10`, `ghcr.io/mjanez/ckan-docker:ckan-2.9.11`, `ghcr.io/mjanez/ckan-docker:2.9.12` | Stable official versions of CKAN `2.9.8`, `2.9.10` and `2.9.11`, also includes a security backport: `2.9.12` | | 2.9.9 | custom image | `ghcr.io/mjanez/ckan-docker:ckan-2.9.9` | Stable version with CKAN 2.9.9 | | 2.9.10 | custom image | `ghcr.io/mjanez/ckan-docker:ckan-2.9.10` | Stable version with CKAN 2.9.10 | | 2.9.11 | custom image | `ghcr.io/mjanez/ckan-docker:ckan-2.9.11` | Stable version with CKAN 2.9.11 | | 2.9.11 | latest custom image | `ghcr.io/mjanez/ckan-docker:master` | Latest `ckan-docker` image. | +| CKAN Version | Type | Base image | Docker tag | Notes | +| --- | --- | --- | --- | --- | +| 2.9.x | custom spatial image | `alpine:3.15` | `ghcr.io/mjanez/ckan-spatial:ckan-2.9.8`, `ghcr.io/mjanez/ckan-spatial:ckan-2.9.8`, `ghcr.io/mjanez/ckan-docker:ckan-2.9.9`, `ghcr.io/mjanez/ckan-docker:ckan-2.9.10`, `ghcr.io/mjanez/ckan-docker:ckan-2.9.11`, `ghcr.io/mjanez/ckan-docker:2.9.12` | Stable official versions of CKAN `2.9.8`, `2.9.10` and `2.9.11`, including a security backport: `2.9.12`. As of `2.9.12`, repo images are aligned with the [`ckan-docker-spatial`](https://github.com/mjanez/ckan-docker-spatial#pre-configured-ckan-docker-images) and [`ckan-docker-base](https://github.com/ckan/ckan-docker-base#pre-configured-ckan-docker-images)` tags. | +| 2.10.x | custom spatial image | `python:3.10-slim-bookworm` | `ghcr.io/mjanez/ckan-docker:2.10.5` | From `2.10` images only [Debian-based official Python images](https://hub.docker.com/_/python) rather than Alpine-based images will be provided. | + + The non-CKAN images are as follows: * PostgreSQL: [Custom image](/postgresql/Dockerfile) based on official PostgreSQL image. Database files are stored in a named volume. * Solr: [Custom image](/solr/Dockerfile.spatial) based on official CKAN [pre-configured Solr image](https://github.com/ckan/ckan-solr). The index data is stored in a named volume and has a custom spatial schema upgrades. [^2] @@ -435,6 +441,9 @@ You can now set breakpoints and remote debug your CKAN development instance usin Add these lines to the `ckan-dev` service in the docker compose.dev.yml file ```yaml +ports: + - "0.0.0.0:${CKAN_PORT}:5000" + stdin_open: true tty: true ``` diff --git a/ckan/Dockerfile b/ckan/Dockerfile index eec6ed8..9b96915 100644 --- a/ckan/Dockerfile +++ b/ckan/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/mjanez/ckan-base-spatial:ckan-2.9.11 +FROM ghcr.io/mjanez/ckan-spatial-base:2.9.12 LABEL maintainer="mnl.janez@gmail.com" # Set up environment variables diff --git a/ckan/Dockerfile.dev b/ckan/Dockerfile.dev index 21f3a8a..228902e 100644 --- a/ckan/Dockerfile.dev +++ b/ckan/Dockerfile.dev @@ -1,4 +1,4 @@ -FROM ghcr.io/mjanez/ckan-base-spatial:ckan-2.9.11-dev +FROM ghcr.io/mjanez/ckan-spatial-dev:2.9.12 LABEL maintainer="mnl.janez@gmail.com" # Set up environment variables diff --git a/ckan/Dockerfile.ghcr b/ckan/Dockerfile.ghcr index 03dc78a..4e1e5a0 100644 --- a/ckan/Dockerfile.ghcr +++ b/ckan/Dockerfile.ghcr @@ -1,4 +1,4 @@ -FROM ghcr.io/mjanez/ckan-docker:ckan-2.9.11 +FROM ghcr.io/mjanez/ckan-docker:2.9.12 LABEL maintainer="mnl.janez@gmail.com" # Set up environment variables