From ce0b88bfab2195bf7fefb32e1fdca10342f72c96 Mon Sep 17 00:00:00 2001 From: thespad Date: Sat, 5 Jul 2025 15:53:48 +0100 Subject: [PATCH] Rebase to 3.22 --- .editorconfig | 0 .github/CONTRIBUTING.md | 0 .github/FUNDING.yml | 0 .github/ISSUE_TEMPLATE/config.yml | 0 .github/ISSUE_TEMPLATE/issue.bug.yml | 0 .github/ISSUE_TEMPLATE/issue.feature.yml | 0 .github/workflows/call_issue_pr_tracker.yml | 3 +++ .github/workflows/call_issues_cron.yml | 3 +++ .github/workflows/external_trigger.yml | 19 +++++++++++-------- .../workflows/external_trigger_scheduler.yml | 3 +++ .github/workflows/greetings.yml | 6 ++++++ .../workflows/package_trigger_scheduler.yml | 3 +++ .github/workflows/permissions.yml | 0 Dockerfile | 4 ++-- Dockerfile.aarch64 | 4 ++-- Jenkinsfile | 9 +++++++-- LICENSE | 0 README.md | 4 +--- jenkins-vars.yml | 2 +- readme-vars.yml | 1 + 20 files changed, 43 insertions(+), 18 deletions(-) mode change 100755 => 100644 .editorconfig mode change 100755 => 100644 .github/CONTRIBUTING.md mode change 100755 => 100644 .github/FUNDING.yml mode change 100755 => 100644 .github/ISSUE_TEMPLATE/config.yml mode change 100755 => 100644 .github/ISSUE_TEMPLATE/issue.bug.yml mode change 100755 => 100644 .github/ISSUE_TEMPLATE/issue.feature.yml mode change 100755 => 100644 .github/workflows/call_issue_pr_tracker.yml mode change 100755 => 100644 .github/workflows/call_issues_cron.yml mode change 100755 => 100644 .github/workflows/external_trigger.yml mode change 100755 => 100644 .github/workflows/external_trigger_scheduler.yml mode change 100755 => 100644 .github/workflows/greetings.yml mode change 100755 => 100644 .github/workflows/package_trigger_scheduler.yml mode change 100755 => 100644 .github/workflows/permissions.yml mode change 100755 => 100644 LICENSE diff --git a/.editorconfig b/.editorconfig old mode 100755 new mode 100644 diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md old mode 100755 new mode 100644 diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml old mode 100755 new mode 100644 diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml old mode 100755 new mode 100644 diff --git a/.github/ISSUE_TEMPLATE/issue.bug.yml b/.github/ISSUE_TEMPLATE/issue.bug.yml old mode 100755 new mode 100644 diff --git a/.github/ISSUE_TEMPLATE/issue.feature.yml b/.github/ISSUE_TEMPLATE/issue.feature.yml old mode 100755 new mode 100644 diff --git a/.github/workflows/call_issue_pr_tracker.yml b/.github/workflows/call_issue_pr_tracker.yml old mode 100755 new mode 100644 index 2c30784..d07cf12 --- a/.github/workflows/call_issue_pr_tracker.yml +++ b/.github/workflows/call_issue_pr_tracker.yml @@ -8,6 +8,9 @@ on: pull_request_review: types: [submitted,edited,dismissed] +permissions: + contents: read + jobs: manage-project: permissions: diff --git a/.github/workflows/call_issues_cron.yml b/.github/workflows/call_issues_cron.yml old mode 100755 new mode 100644 index c42aa42..c3876c5 --- a/.github/workflows/call_issues_cron.yml +++ b/.github/workflows/call_issues_cron.yml @@ -4,6 +4,9 @@ on: - cron: '26 1 * * *' workflow_dispatch: +permissions: + contents: read + jobs: stale: permissions: diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml old mode 100755 new mode 100644 index 6e36204..6257769 --- a/.github/workflows/external_trigger.yml +++ b/.github/workflows/external_trigger.yml @@ -3,6 +3,9 @@ name: External Trigger Main on: workflow_dispatch: +permissions: + contents: read + jobs: external-trigger-master: runs-on: ubuntu-latest @@ -26,7 +29,7 @@ jobs: echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY echo "> External trigger running off of master branch. To disable this trigger, add \`openssh-server_master\` into the Github organizational variable \`SKIP_EXTERNAL_TRIGGER\`." >> $GITHUB_STEP_SUMMARY printf "\n## Retrieving external version\n\n" >> $GITHUB_STEP_SUMMARY - EXT_RELEASE=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.21/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \ + EXT_RELEASE=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.22/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \ && awk '/^P:'"openssh-server-pam"'$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://') echo "Type is \`alpine_repo\`" >> $GITHUB_STEP_SUMMARY if grep -q "^openssh-server_master_${EXT_RELEASE}" <<< "${SKIP_EXTERNAL_TRIGGER}"; then @@ -44,8 +47,8 @@ jobs: "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} exit 1 fi - EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g') - echo "External version: \`${EXT_RELEASE}\`" >> $GITHUB_STEP_SUMMARY + EXT_RELEASE_SANITIZED=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g') + echo "Sanitized external version: \`${EXT_RELEASE_SANITIZED}\`" >> $GITHUB_STEP_SUMMARY echo "Retrieving last pushed version" >> $GITHUB_STEP_SUMMARY image="linuxserver/openssh-server" tag="latest" @@ -101,10 +104,10 @@ jobs: exit 1 fi echo "Last pushed version: \`${IMAGE_VERSION}\`" >> $GITHUB_STEP_SUMMARY - if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then - echo "Version \`${EXT_RELEASE}\` already pushed, exiting" >> $GITHUB_STEP_SUMMARY + if [ "${EXT_RELEASE_SANITIZED}" == "${IMAGE_VERSION}" ]; then + echo "Sanitized version \`${EXT_RELEASE_SANITIZED}\` already pushed, exiting" >> $GITHUB_STEP_SUMMARY exit 0 - elif [[ $(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.21/main/aarch64/APKINDEX.tar.gz" | tar -xz -C /tmp && awk '/^P:'"openssh-server-pam"'$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://') != "${EXT_RELEASE}" ]]; then + elif [[ $(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.22/main/aarch64/APKINDEX.tar.gz" | tar -xz -C /tmp && awk '/^P:'"openssh-server-pam"'$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://') != "${EXT_RELEASE}" ]]; then echo "New version \`${EXT_RELEASE}\` found; but not all arch repos updated yet; exiting" >> $GITHUB_STEP_SUMMARY FAILURE_REASON="New version ${EXT_RELEASE} for openssh-server tag latest is detected, however not all arch repos are updated yet. Will try again later." curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, @@ -124,7 +127,7 @@ jobs: "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} else printf "\n## Trigger new build\n\n" >> $GITHUB_STEP_SUMMARY - echo "New version \`${EXT_RELEASE}\` found; old version was \`${IMAGE_VERSION}\`. Triggering new build" >> $GITHUB_STEP_SUMMARY + echo "New sanitized version \`${EXT_RELEASE_SANITIZED}\` found; old version was \`${IMAGE_VERSION}\`. Triggering new build" >> $GITHUB_STEP_SUMMARY if [[ "${artifacts_found}" == "true" ]]; then echo "All artifacts seem to be uploaded." >> $GITHUB_STEP_SUMMARY fi @@ -144,7 +147,7 @@ jobs: --data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ --data-urlencode "Submit=Submit" echo "**** Notifying Discord ****" - TRIGGER_REASON="A version change was detected for openssh-server tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE}" + TRIGGER_REASON="A version change was detected for openssh-server tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE_SANITIZED}" curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, "description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}], "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} diff --git a/.github/workflows/external_trigger_scheduler.yml b/.github/workflows/external_trigger_scheduler.yml old mode 100755 new mode 100644 index e7e03f9..fe7d62f --- a/.github/workflows/external_trigger_scheduler.yml +++ b/.github/workflows/external_trigger_scheduler.yml @@ -5,6 +5,9 @@ on: - cron: '11 * * * *' workflow_dispatch: +permissions: + contents: read + jobs: external-trigger-scheduler: runs-on: ubuntu-latest diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml old mode 100755 new mode 100644 index 63070c1..425a2a3 --- a/.github/workflows/greetings.yml +++ b/.github/workflows/greetings.yml @@ -2,8 +2,14 @@ name: Greetings on: [pull_request_target, issues] +permissions: + contents: read + jobs: greeting: + permissions: + issues: write + pull-requests: write runs-on: ubuntu-latest steps: - uses: actions/first-interaction@v1 diff --git a/.github/workflows/package_trigger_scheduler.yml b/.github/workflows/package_trigger_scheduler.yml old mode 100755 new mode 100644 index 5d9a4a7..637b334 --- a/.github/workflows/package_trigger_scheduler.yml +++ b/.github/workflows/package_trigger_scheduler.yml @@ -5,6 +5,9 @@ on: - cron: '39 18 * * 0' workflow_dispatch: +permissions: + contents: read + jobs: package-trigger-scheduler: runs-on: ubuntu-latest diff --git a/.github/workflows/permissions.yml b/.github/workflows/permissions.yml old mode 100755 new mode 100644 diff --git a/Dockerfile b/Dockerfile index dee4f03..e95c4e0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine:3.21 +FROM ghcr.io/linuxserver/baseimage-alpine:3.22 # set version label ARG BUILD_DATE @@ -18,7 +18,7 @@ RUN \ sudo && \ echo "**** install openssh-server ****" && \ if [ -z ${OPENSSH_RELEASE+x} ]; then \ - OPENSSH_RELEASE=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.21/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp && \ + OPENSSH_RELEASE=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.22/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp && \ awk '/^P:openssh-server-pam$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://'); \ fi && \ apk add --no-cache \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index f324839..e716371 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.21 +FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.22 # set version label ARG BUILD_DATE @@ -18,7 +18,7 @@ RUN \ sudo && \ echo "**** install openssh-server ****" && \ if [ -z ${OPENSSH_RELEASE+x} ]; then \ - OPENSSH_RELEASE=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.21/main/aarch64/APKINDEX.tar.gz" | tar -xz -C /tmp && \ + OPENSSH_RELEASE=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.22/main/aarch64/APKINDEX.tar.gz" | tar -xz -C /tmp && \ awk '/^P:openssh-server-pam$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://'); \ fi && \ apk add --no-cache \ diff --git a/Jenkinsfile b/Jenkinsfile index c712d60..5721f30 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -27,7 +27,7 @@ pipeline { DEV_DOCKERHUB_IMAGE = 'lsiodev/openssh-server' PR_DOCKERHUB_IMAGE = 'lspipepr/openssh-server' DIST_IMAGE = 'alpine' - DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.21/main/' + DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.22/main/' DIST_REPO_PACKAGES = 'openssh-server-pam' MULTIARCH='true' CI='true' @@ -96,7 +96,11 @@ pipeline { env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/' env.PULL_REQUEST = env.CHANGE_ID env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml' + if ( env.SYFT_IMAGE_TAG == null ) { + env.SYFT_IMAGE_TAG = 'latest' + } } + echo "Using syft image tag ${SYFT_IMAGE_TAG}" sh '''#! /bin/bash echo "The default github branch detected as ${GH_DEFAULT_BRANCH}" ''' script{ @@ -783,7 +787,7 @@ pipeline { docker run --rm \ -v /var/run/docker.sock:/var/run/docker.sock:ro \ -v ${TEMPDIR}:/tmp \ - ghcr.io/anchore/syft:v1.26.1 \ + ghcr.io/anchore/syft:${SYFT_IMAGE_TAG} \ ${LOCAL_CONTAINER} -o table=/tmp/package_versions.txt NEW_PACKAGE_TAG=$(md5sum ${TEMPDIR}/package_versions.txt | cut -c1-8 ) echo "Package tag sha from current packages in buit container is ${NEW_PACKAGE_TAG} comparing to old ${PACKAGE_TAG} from github" @@ -893,6 +897,7 @@ pipeline { -e WEB_AUTH=\"${CI_AUTH}\" \ -e WEB_PATH=\"${CI_WEBPATH}\" \ -e NODE_NAME=\"${NODE_NAME}\" \ + -e SYFT_IMAGE_TAG=\"${CI_SYFT_IMAGE_TAG:-${SYFT_IMAGE_TAG}}\" \ -t ghcr.io/linuxserver/ci:latest \ python3 test_build.py''' } diff --git a/LICENSE b/LICENSE old mode 100755 new mode 100644 diff --git a/README.md b/README.md index b861466..35e7072 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,6 @@ [![Blog](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Blog)](https://blog.linuxserver.io "all the things you can do with our containers including How-To guides, opinions and much more!") [![Discord](https://img.shields.io/discord/354974912613449730.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Discord&logo=discord)](https://linuxserver.io/discord "realtime support / chat with the community and the team.") [![Discourse](https://img.shields.io/discourse/https/discourse.linuxserver.io/topics.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=discourse)](https://discourse.linuxserver.io "post on our community forum.") -[![Fleet](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Fleet)](https://fleet.linuxserver.io "an online web interface which displays all of our maintained images.") [![GitHub](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub&logo=github)](https://github.com/linuxserver "view the source for all of our repositories.") [![Open Collective](https://img.shields.io/opencollective/all/linuxserver.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Supporters&logo=open%20collective)](https://opencollective.com/linuxserver "please consider helping us by either donating or contributing to our budget") @@ -22,7 +21,6 @@ Find us at: * [Blog](https://blog.linuxserver.io) - all the things you can do with our containers including How-To guides, opinions and much more! * [Discord](https://linuxserver.io/discord) - realtime support / chat with the community and the team. * [Discourse](https://discourse.linuxserver.io) - post on our community forum. -* [Fleet](https://fleet.linuxserver.io) - an online web interface which displays all of our maintained images. * [GitHub](https://github.com/linuxserver) - view the source for all of our repositories. * [Open Collective](https://opencollective.com/linuxserver) - please consider helping us by either donating or contributing to our budget @@ -57,7 +55,6 @@ The architectures supported by this image are: | :----: | :----: | ---- | | x86-64 | ✅ | amd64-\ | | arm64 | ✅ | arm64v8-\ | -| armhf | ❌ | | ## Application Setup @@ -340,6 +337,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **05.07.25:** - Rebase to Alpine 3.22. * **10.02.25:** - Add support for sshd_config.d * **12.01.25:** - Rebase to Alpine 3.21. * **24.11.24:** - Move sshd_config to /config/sshd/sshd_config. diff --git a/jenkins-vars.yml b/jenkins-vars.yml index a142da5..58bb0a4 100644 --- a/jenkins-vars.yml +++ b/jenkins-vars.yml @@ -15,7 +15,7 @@ repo_vars: - DEV_DOCKERHUB_IMAGE = 'lsiodev/openssh-server' - PR_DOCKERHUB_IMAGE = 'lspipepr/openssh-server' - DIST_IMAGE = 'alpine' - - DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.21/main/' + - DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.22/main/' - DIST_REPO_PACKAGES = 'openssh-server-pam' - MULTIARCH='true' - CI='true' diff --git a/readme-vars.yml b/readme-vars.yml index 3a21e0c..dd74b42 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -117,6 +117,7 @@ init_diagram: | "openssh-server:latest" <- Base Images # changelog changelogs: + - {date: "05.07.25:", desc: "Rebase to Alpine 3.22."} - {date: "10.02.25:", desc: "Add support for sshd_config.d"} - {date: "12.01.25:", desc: "Rebase to Alpine 3.21."} - {date: "24.11.24:", desc: "Move sshd_config to /config/sshd/sshd_config."}