CatalogueRevamping
/
docker-ckan
14
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update CKAN Dockerfile versions to 2.9.12 

- Update workflows to generate a tag as: `2.9.12` instead of `ckan-2.9.12`. Align with the [`ckan-docker-spatial`(https://github.com/mjanez/ckan-docker-spatial#pre-configured-ckan-docker-images) and [`ckan-docker-base`(https://github.com/ckan/ckan-docker-base#pre-configured-ckan-docker-images)` tags.
This commit is contained in:
mjanez 2024-08-27 12:18:30 +02:00
parent bd13584ab1
commit 1e2f6cfe6f
No known key found for this signature in database
GPG Key ID: 7A62FDE17C5A4929
8 changed files with 63 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
.github/workflows/docker-build.yml vendored
View File

@ -14,9 +14,9 @@ on:
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
TAG: ghcr.io/${{ github.repository }}:${{ github.head_ref }}
CONTEXT: .
BRANCH: ${{ github.head_ref }}
VERSION: ${{ github.head_ref }}
DOCKERFILE_PATH: /ckan
DOCKERFILE: Dockerfile
@ -43,6 +43,10 @@ jobs:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract tag version from branch name
id: extract_tag_version
run: echo "VERSION=$(echo ${{ github.head_ref }} | sed 's/^ckan-//')" >> $GITHUB_ENV
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
@ -50,14 +54,18 @@ jobs:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
labels: |
org.opencontainers.image.documentation=https://github.com/${{ github.repository }}/blob/${{ env.BRANCH }}/README.md
org.opencontainers.image.version=${{ env.BRANCH }}
org.opencontainers.image.version=${{ env.VERSION }}
annotations: |
org.opencontainers.image.description=This image contains CKAN based on a Docker Compose deployment. The container includes CKAN along with its dependencies and configurations for spatial data support.
org.opencontainers.image.source=https://github.com/${{ github.repository }}
- name: Build and push
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
with:
push: true
tags: ${{ env.TAG }}
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
labels: ${{ steps.meta.outputs.labels }}
annotations: ${{ steps.meta.outputs.annotations }}
context: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}
file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}
@ -68,14 +76,14 @@ jobs:
no-fail: true
- name: Run Trivy container image vulnerability scanner
uses: aquasecurity/trivy-action@0.18.0
uses: aquasecurity/trivy-action@0.24.0
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BRANCH }}
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
format: sarif
output: trivy-results.sarif
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: trivy-results.sarif

22
.github/workflows/docker-manual.yml vendored
View File

@ -5,9 +5,9 @@ on: workflow_dispatch
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
TAG: ghcr.io/${{ github.repository }}:${{ github.ref_name }}
CONTEXT: .
BRANCH: ${{ github.ref_name }}
VERSION: ${{ github.ref_name }}
DOCKERFILE_PATH: /ckan
DOCKERFILE: Dockerfile
@ -33,6 +33,10 @@ jobs:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract tag version from branch name
id: extract_tag_version
run: echo "VERSION=$(echo ${{ github.head_ref }} | sed 's/^ckan-//')" >> $GITHUB_ENV
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
@ -40,14 +44,18 @@ jobs:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
labels: |
org.opencontainers.image.documentation=https://github.com/${{ github.repository }}/blob/${{ env.BRANCH }}/README.md
org.opencontainers.image.version=${{ env.BRANCH }}
org.opencontainers.image.version=${{ env.VERSION }}
annotations: |
org.opencontainers.image.description=This image contains CKAN based on a Docker Compose deployment. The container includes CKAN along with its dependencies and configurations for spatial data support.
org.opencontainers.image.source=https://github.com/${{ github.repository }}
- name: Build and push
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
with:
push: true
tags: ${{ env.TAG }}
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
labels: ${{ steps.meta.outputs.labels }}
annotations: ${{ steps.meta.outputs.annotations }}
context: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}
file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}
@ -58,14 +66,14 @@ jobs:
no-fail: true
- name: Run Trivy container image vulnerability scanner
uses: aquasecurity/trivy-action@0.18.0
uses: aquasecurity/trivy-action@0.24.0
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BRANCH }}
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
format: sarif
output: trivy-results.sarif
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: trivy-results.sarif

22
.github/workflows/docker-master.yml vendored
View File

@ -9,6 +9,8 @@ env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
CONTEXT: .
BRANCH: master
VERSION: master
DOCKERFILE_PATH: /ckan
DOCKERFILE: Dockerfile
@ -29,10 +31,6 @@ jobs:
with:
fetch-depth: 0
- name: Get highest ckan branch excluding -dev
id: getbranch
run: echo "VERSION=$(git branch -r | grep -o 'ckan-[0-9]*\.[0-9]*\.[0-9]*[^-dev]$' | sort -V | tail -n 1)" >> $GITHUB_ENV
- name: Login to registry
uses: docker/login-action@v3
with:
@ -40,21 +38,29 @@ jobs:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Get highest ckan branch excluding -dev
id: getbranch
run: echo "VERSION=$(git branch -r | grep -o 'ckan-[0-9]*\.[0-9]*\.[0-9]*[^-dev]$' | sort -V | tail -n 1)" >> $GITHUB_ENV
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
labels: |
org.opencontainers.image.documentation=https://github.com/${{ github.repository }}/blob/master/README.md
org.opencontainers.image.documentation=https://github.com/${{ github.repository }}/blob/${{ env.BRANCH }}/README.md
org.opencontainers.image.version=${{ env.VERSION }}
annotations: |
org.opencontainers.image.description=This image contains CKAN based on a Docker Compose deployment. The container includes CKAN along with its dependencies and configurations for spatial data support.
org.opencontainers.image.source=https://github.com/${{ github.repository }}
- name: Build and push
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
with:
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
labels: ${{ steps.meta.outputs.labels }}
annotations: ${{ steps.meta.outputs.annotations }}
context: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}
file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}
@ -65,14 +71,14 @@ jobs:
no-fail: true
- name: Run Trivy container image vulnerability scanner
uses: aquasecurity/trivy-action@0.18.0
uses: aquasecurity/trivy-action@0.24.0
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
format: sarif
output: trivy-results.sarif
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: trivy-results.sarif

12
.github/workflows/docker-pr.yml vendored
View File

@ -30,11 +30,11 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Checkout
- name: Check out code
uses: actions/checkout@v4
- name: NGINX build
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
with:
context: ./nginx
file: ./nginx/Dockerfile
@ -42,7 +42,7 @@ jobs:
tags: mjanez/ckan-docker-nginx:test-build-only
- name: Apache HTTP Server build
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
with:
context: ./apache
file: ./apache/Dockerfile
@ -50,7 +50,7 @@ jobs:
tags: mjanez/ckan-docker-apache:test-build-only
- name: PostgreSQL build
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
with:
context: ./postgresql
file: ./postgresql/Dockerfile
@ -58,7 +58,7 @@ jobs:
tags: mjanez/ckan-docker-postgresql:test-build-only
- name: Solr build
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
with:
context: ./solr
file: ./solr/Dockerfile
@ -66,7 +66,7 @@ jobs:
tags: mjanez/ckan-docker-solr:test-build-only
- name: ckan-pycsw build
uses: docker/build-push-action@v4
uses: docker/build-push-action@v6
with:
context: ./ckan-pycsw
file: ./ckan-pycsw/Dockerfile

11
README.md
View File

@ -42,12 +42,18 @@ Available components:
| CKAN Version | Type | Docker tag | Notes |
| --- | --- | --- | --- |
| 2.9.8 | custom image | `ghcr.io/mjanez/ckan-spatial:ckan-2.9.8` | Stable version with CKAN 2.9.8 |
| 2.9.8 | custom image | `ghcr.io/mjanez/ckan-spatial:ckan-2.9.8`, `ghcr.io/mjanez/ckan-spatial:ckan-2.9.8`, `ghcr.io/mjanez/ckan-docker:ckan-2.9.9`, `ghcr.io/mjanez/ckan-docker:ckan-2.9.10`, `ghcr.io/mjanez/ckan-docker:ckan-2.9.11`, `ghcr.io/mjanez/ckan-docker:2.9.12` | Stable official versions of CKAN `2.9.8`, `2.9.10` and `2.9.11`, also includes a security backport: `2.9.12` |
| 2.9.9 | custom image | `ghcr.io/mjanez/ckan-docker:ckan-2.9.9` | Stable version with CKAN 2.9.9 |
| 2.9.10 | custom image | `ghcr.io/mjanez/ckan-docker:ckan-2.9.10` | Stable version with CKAN 2.9.10 |
| 2.9.11 | custom image | `ghcr.io/mjanez/ckan-docker:ckan-2.9.11` | Stable version with CKAN 2.9.11 |
| 2.9.11 | latest custom image | `ghcr.io/mjanez/ckan-docker:master` | Latest `ckan-docker` image. |
| CKAN Version | Type | Base image | Docker tag | Notes |
| --- | --- | --- | --- | --- |
| 2.9.x | custom spatial image | `alpine:3.15` | `ghcr.io/mjanez/ckan-spatial:ckan-2.9.8`, `ghcr.io/mjanez/ckan-spatial:ckan-2.9.8`, `ghcr.io/mjanez/ckan-docker:ckan-2.9.9`, `ghcr.io/mjanez/ckan-docker:ckan-2.9.10`, `ghcr.io/mjanez/ckan-docker:ckan-2.9.11`, `ghcr.io/mjanez/ckan-docker:2.9.12` | Stable official versions of CKAN `2.9.8`, `2.9.10` and `2.9.11`, including a security backport: `2.9.12`. As of `2.9.12`, repo images are aligned with the [`ckan-docker-spatial`](https://github.com/mjanez/ckan-docker-spatial#pre-configured-ckan-docker-images) and [`ckan-docker-base](https://github.com/ckan/ckan-docker-base#pre-configured-ckan-docker-images)` tags. |
| 2.10.x | custom spatial image | `python:3.10-slim-bookworm` | `ghcr.io/mjanez/ckan-docker:2.10.5` | From `2.10` images only [Debian-based official Python images](https://hub.docker.com/_/python) rather than Alpine-based images will be provided. |
The non-CKAN images are as follows:
* PostgreSQL: [Custom image](/postgresql/Dockerfile) based on official PostgreSQL image. Database files are stored in a named volume.
* Solr: [Custom image](/solr/Dockerfile.spatial) based on official CKAN [pre-configured Solr image](https://github.com/ckan/ckan-solr). The index data is stored in a named volume and has a custom spatial schema upgrades. [^2]
@ -435,6 +441,9 @@ You can now set breakpoints and remote debug your CKAN development instance usin
Add these lines to the `ckan-dev` service in the docker compose.dev.yml file
```yaml
ports:
- "0.0.0.0:${CKAN_PORT}:5000"
stdin_open: true
tty: true
```

2
ckan/Dockerfile
View File

@ -1,4 +1,4 @@
FROM ghcr.io/mjanez/ckan-base-spatial:ckan-2.9.11
FROM ghcr.io/mjanez/ckan-spatial-base:2.9.12
LABEL maintainer="mnl.janez@gmail.com"
# Set up environment variables

2
ckan/Dockerfile.dev
View File

@ -1,4 +1,4 @@
FROM ghcr.io/mjanez/ckan-base-spatial:ckan-2.9.11-dev
FROM ghcr.io/mjanez/ckan-spatial-dev:2.9.12
LABEL maintainer="mnl.janez@gmail.com"
# Set up environment variables

2
ckan/Dockerfile.ghcr
View File

@ -1,4 +1,4 @@
FROM ghcr.io/mjanez/ckan-docker:ckan-2.9.11
FROM ghcr.io/mjanez/ckan-docker:2.9.12
LABEL maintainer="mnl.janez@gmail.com"
# Set up environment variables