The Action for "update.sh" fails, docker images for 23.0.4 missing

[marhry]

I was wondering why the apache-latest tag was still on 23.0.3, and it seems that there might be an automation issue:

The github action logs look like someone may have turned on protection for the master branch inadvertently, which causes all runs of update.sh
to fail, e. g. https://github.com/nextcloud/docker/runs/6121397540?check_suite_focus=true

Pasting the error message from that run:

Run ad-m/github-push-action@master
Push to branch master
remote: error: GH006: Protected branch update failed for refs/heads/master.        
remote: error: 3 of 3 required status checks are expected. At least 1 approving review is required by reviewers with write access.        
To https://github.com/nextcloud/docker.git
 ! [remote rejected] HEAD -> master (protected branch hook declined)

Thanks for all the work, hope this helps to track down the issue!

[hoh]

This is a big security issue since it prevents operators that use Docker to update to the newer version.
@skjnldsv , do you have the permissions to fix this ?

[marhry]

Looks like it's fallout from a recent PR: #1730 (comment)

[skjnldsv]

@hoh this is not a security issue, please don't make a fuzz out of nothing and scare people

The github action logs look like someone may have turned on protection for the master branch inadvertently, which causes all runs of update.sh

It's not inadvertently. It was an attempt to increase the protection in here. I disabled it for now, but we should have something far more restrictive for this repository. If anyone is willing to write a workflow that create a pull request instead of pushing straight to master, that would be very welcome :)

Or whatever solution allowing a branch protection on master 😉

[J0WI]

Pending update docker-library/official-images#12307

[t-lo]

My nextcloud installation just broke because we updated to 23.0.4 and restarted, but there's no updated docker image available.
My server now refuses to start, which comes at a surprise since I'm using the "stable" channel precisely because I need things to work.
I'm now stuck with

Can't start Nextcloud because the version of the data (23.0.4.1) is higher than the docker image version (23.0.3.2) and downgrading is not supported.

And nextcloud snarkily remarks

Are you sure you have pulled the newest image version?

Yes nextcloud, I am sure.

Two questions:

1. Is it possible to prevent upgrading nextcloud data to a newer version (even if it's marked "stable") when there's no docker image (apart from manually checking on Docker hub)?
2. Is there a work-around I can use to get my nextcloud server up and running? I'm blocked here, nothing works and no one has access to their stuff.

[J0WI]

That's why the updater app is removed from the image: https://github.com/nextcloud/docker/blob/3f42156a0705785a502acfb71d08781bba3cb277/Dockerfile-alpine.template#L123=

The easiest work around is to build it locally.

[t-lo]

That's odd. The web updater is available and works fine with my docker image installation.
Note that I'm using a docker volume at /var/www/html in the container for backup purposes - maybe the initial nextcloud install "fixes" the missing updater?

[GuidoDr]

2. Is there a work-around I can use to get my nextcloud server up and running? I'm blocked here, nothing works and no one has access to their stuff.

well a "dirty" workaround that I also used when I did accidentically upgrade with the web updater in the past and the docker image had not yet been available:

Edit the version.php and replace the 23.0.4.1 and the 23.0.4 with 23.0.3.2 and 23.0.3 in these two lines:

$OC_Version = array(23,0,3,2);
$OC_VersionString = '23.0.3';

Your data will still already be 23.0.4.1 but the system thinks, that it will be 23.0.3.2
As far as I know there had not been any bigger change in the data directory between 23.0.3.2 and 23.0.4.1

I am glad that the devs here removed in newer docker images the web updater from the docker image so that these accidents can normally no longer happen with newer images. We just have to live then with the notification that a new release is available until really the docker image for this release is available. Therefore I do now always check hub.docker.com when I do get the notification in order to check if the docker image is already available.

[marhry]

FWIW, this mechanism (removed updater) worked fine in my installation and I opened this issue to just raise awareness that some build process might be going wrong (as has now emerged), because I did not see the newer docker image on pull.

@skjnldsv Instead of pushing the updated Dockerfile images to master, what about having a dedicated branch that takes in the updated images, which is not protected? They could still be tagged for releases. But I'm not familiar with the nextcloud release process or dockerhub, so apologies if I miss something.

[marhry]

I can confirm nextcloud:23.0.4-apache works fine now. Thanks for the quick fixes and pushing the update @J0WI / @skjnldsv. I'm closing the issue if that's alright.