New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The Action for "update.sh" fails, docker images for 23.0.4 missing #1735
Comments
This is a big security issue since it prevents operators that use Docker to update to the newer version. |
Looks like it's fallout from a recent PR: #1730 (comment) |
@hoh this is not a security issue, please don't make a fuzz out of nothing and scare people
It's not inadvertently. It was an attempt to increase the protection in here. I disabled it for now, but we should have something far more restrictive for this repository. If anyone is willing to write a workflow that create a pull request instead of pushing straight to master, that would be very welcome :) Or whatever solution allowing a branch protection on master 😉 |
Pending update docker-library/official-images#12307 |
My nextcloud installation just broke because we updated to 23.0.4 and restarted, but there's no updated docker image available.
And nextcloud snarkily remarks
Yes nextcloud, I am sure. Two questions:
|
That's why the updater app is removed from the image: https://github.com/nextcloud/docker/blob/3f42156a0705785a502acfb71d08781bba3cb277/Dockerfile-alpine.template#L123= The easiest work around is to build it locally. |
That's odd. The web updater is available and works fine with my docker image installation. |
well a "dirty" workaround that I also used when I did accidentically upgrade with the web updater in the past and the docker image had not yet been available: Edit the version.php and replace the 23.0.4.1 and the 23.0.4 with 23.0.3.2 and 23.0.3 in these two lines:
Your data will still already be 23.0.4.1 but the system thinks, that it will be 23.0.3.2 I am glad that the devs here removed in newer docker images the web updater from the docker image so that these accidents can normally no longer happen with newer images. We just have to live then with the notification that a new release is available until really the docker image for this release is available. Therefore I do now always check hub.docker.com when I do get the notification in order to check if the docker image is already available. |
FWIW, this mechanism (removed updater) worked fine in my installation and I opened this issue to just raise awareness that some build process might be going wrong (as has now emerged), because I did not see the newer docker image on @skjnldsv Instead of pushing the updated Dockerfile images to master, what about having a dedicated branch that takes in the updated images, which is not protected? They could still be tagged for releases. But I'm not familiar with the nextcloud release process or dockerhub, so apologies if I miss something. |
I was wondering why the apache-latest tag was still on 23.0.3, and it seems that there might be an automation issue:
The github action logs look like someone may have turned on protection for the master branch inadvertently, which causes all runs of
update.sh
to fail, e. g. https://github.com/nextcloud/docker/runs/6121397540?check_suite_focus=true
Pasting the error message from that run:
Thanks for all the work, hope this helps to track down the issue!
The text was updated successfully, but these errors were encountered: