Skip to content

2.9.0

Latest

Choose a tag to compare

@github-actions github-actions released this 12 Jul 12:54

Docker image for WebScrapBook 2.9.0 (https://pypi.org/project/webscrapbook/2.9.0/).

Pull

docker pull vsc55/webscrapbook:2.9.0            # Docker Hub
docker pull ghcr.io/vsc55/webscrapbook:2.9.0    # GHCR

WebScrapBook 2.9.0

  • Fixed a potential error when writing a large file into a nested ZIP archive.
  • Introduced the zipremove dependency to optimize ZIP-related file operations.
  • Allowed compression when streaming out a ZIP file.
  • Miscellaneous improvements to the internal code, test suite, and dev tools.

Image changes (v1.2)

Targets WebScrapBook 2.9.0 on python:3.14-alpine.

Added

  • Configuration via environment variables, applied to config.ini on every
    boot (the environment is the source of truth for the managed keys):
    • Authentication: WSB_AUTH_USER, WSB_AUTH_PASSWORD (stored hashed),
      WSB_AUTH_PERMISSION (all/read).
    • Reverse proxy: WSB_ALLOWED_X_FOR, WSB_ALLOWED_X_PROTO,
      WSB_ALLOWED_X_HOST, WSB_ALLOWED_X_PORT, WSB_ALLOWED_X_PREFIX.
    • HTTPS: WSB_SSL_ON, WSB_SSL_CERT, WSB_SSL_KEY, WSB_SSL_PW.
    • Appearance: WSB_APP_NAME, WSB_THEME, WSB_LOCALE.
  • apply_config.py: idempotent config writer (only re-hashes the auth password
    when it actually changes; removes the managed [auth "docker"] section when
    WSB_AUTH_USER is unset).
  • The server now runs as an unprivileged wsb user (privileges are dropped with
    su-exec after the entrypoint fixes the volume ownership).
  • WSB_FIX_PERMS=true forces a recursive chown of /data on boot, to migrate
    a volume created by an older root-based image without deleting config.ini.
  • Timestamped, traceable startup logging across entrypoint.sh, run_wsb.sh
    and apply_config.py (each step is logged). Secrets are never logged — only
    variable names and the auth permission level, never usernames/passwords/tokens
    or command arguments.
  • Documented the environment variables in the Dockerfile and both
    docker-compose* examples.
  • Expanded the README.md: status badges, data layout, extension usage, Docker Compose
    example, configuration table, subpath hosting (reverse proxy +
    WSB_ALLOWED_X_PREFIX), image tags, a "Versioning & releases" section
    (product vs image version), update steps, the version/arch tables aligned
    with the CI workflow, and a Star History chart.
  • CI: upstream-release workflow that polls PyPI daily and, when a new
    WebScrapBook version appears, creates the matching tag (which triggers the
    ci build & publish). Requires a TOKEN_WEBSCRAPBOOK PAT secret so the tag
    push fires ci.

Changed

  • Bumped base image to python:3.14-alpine (WebScrapBook 2.9.0).
  • run_wsb.sh and entrypoint.sh now exec the final process so it becomes
    PID 1 and shuts down cleanly on SIGTERM (docker stop).
  • health_check.sh now follows WSB_SSL_ON and switches to https (with -k)
    when TLS is enabled.
  • Image LABEL version updated to 1.2.
  • CI: rebuilt the GitHub Actions workflow into two jobs. test builds an amd64
    image and runs a smoke test (the container must boot and serve) on every push
    to master, pull request and manual run; all docker/* actions were updated
    to their current majors. publish builds and pushes the multi-arch image to
    Docker Hub only on a version tag and only after test passes.
  • CI: bumped actions/checkout to v5 (Node.js 24) to clear the Node.js 20
    deprecation warning.
  • CI: the publish job now also pushes to GitHub Container Registry
    (ghcr.io/<owner>/webscrapbook) alongside Docker Hub, using the built-in
    GITHUB_TOKEN (no extra secret).
  • CI: every push to master publishes a rolling ghcr.io/<owner>/webscrapbook:test
    image (amd64), after the smoke test passes. Docker Hub still receives tagged
    releases only.
  • CI: on a version tag, a GitHub Release is created (named after the tag) with
    docker pull instructions (Docker Hub + GHCR) and the upstream WebScrapBook
    changelog for that version. The image's own changelog entry (its separate
    version) is appended only when CHANGELOG.md changed since the previous tag,
    i.e. when the image itself changed for this release.

Fixed

  • Removed --platform=$BUILDPLATFORM from FROM, which forced the builder's
    architecture and broke multi-arch builds.
  • Corrected the inverted condition in the ownership fix that previously
    prevented chown from ever running.
  • CI: build_argsbuild-args in the publish step. The typo silently
    dropped the argument, so published images installed WebScrapBook latest
    regardless of the release tag; the tagged version is now actually built.

Removed

  • Docker Hub autobuild hooks (hooks/build, hooks/post_push). Publishing is
    now handled by the GitHub Actions ci workflow; keeping the hooks (with
    Docker Hub autobuild enabled) would publish the image a second time. Remember
    to disable the Automated Build on Docker Hub as well.
  • MODE_RUN environment variable (declared but never used).
  • --squash flag from build.sh (experimental, fails on modern builders).
  • apk upgrade --no-cache from the build (kept for reproducibility; base image
    updates handle security patches).