Docker image for WebScrapBook 2.9.0 (https://pypi.org/project/webscrapbook/2.9.0/).
Pull
docker pull vsc55/webscrapbook:2.9.0 # Docker Hub
docker pull ghcr.io/vsc55/webscrapbook:2.9.0 # GHCR
WebScrapBook 2.9.0
- Fixed a potential error when writing a large file into a nested ZIP archive.
- Introduced the
zipremovedependency to optimize ZIP-related file operations. - Allowed compression when streaming out a ZIP file.
- Miscellaneous improvements to the internal code, test suite, and dev tools.
Image changes (v1.2)
Targets WebScrapBook 2.9.0 on python:3.14-alpine.
Added
- Configuration via environment variables, applied to
config.inion every
boot (the environment is the source of truth for the managed keys):- Authentication:
WSB_AUTH_USER,WSB_AUTH_PASSWORD(stored hashed),
WSB_AUTH_PERMISSION(all/read). - Reverse proxy:
WSB_ALLOWED_X_FOR,WSB_ALLOWED_X_PROTO,
WSB_ALLOWED_X_HOST,WSB_ALLOWED_X_PORT,WSB_ALLOWED_X_PREFIX. - HTTPS:
WSB_SSL_ON,WSB_SSL_CERT,WSB_SSL_KEY,WSB_SSL_PW. - Appearance:
WSB_APP_NAME,WSB_THEME,WSB_LOCALE.
- Authentication:
apply_config.py: idempotent config writer (only re-hashes the auth password
when it actually changes; removes the managed[auth "docker"]section when
WSB_AUTH_USERis unset).- The server now runs as an unprivileged
wsbuser (privileges are dropped with
su-execafter the entrypoint fixes the volume ownership). WSB_FIX_PERMS=trueforces a recursivechownof/dataon boot, to migrate
a volume created by an older root-based image without deletingconfig.ini.- Timestamped, traceable startup logging across
entrypoint.sh,run_wsb.sh
andapply_config.py(each step is logged). Secrets are never logged — only
variable names and the auth permission level, never usernames/passwords/tokens
or command arguments. - Documented the environment variables in the
Dockerfileand both
docker-compose*examples. - Expanded the
README.md: status badges, data layout, extension usage, Docker Compose
example, configuration table, subpath hosting (reverse proxy +
WSB_ALLOWED_X_PREFIX), image tags, a "Versioning & releases" section
(product vs image version), update steps, the version/arch tables aligned
with the CI workflow, and a Star History chart. - CI:
upstream-releaseworkflow that polls PyPI daily and, when a new
WebScrapBook version appears, creates the matching tag (which triggers the
cibuild & publish). Requires aTOKEN_WEBSCRAPBOOKPAT secret so the tag
push firesci.
Changed
- Bumped base image to
python:3.14-alpine(WebScrapBook 2.9.0). run_wsb.shandentrypoint.shnowexecthe final process so it becomes
PID 1 and shuts down cleanly onSIGTERM(docker stop).health_check.shnow followsWSB_SSL_ONand switches tohttps(with-k)
when TLS is enabled.- Image
LABEL versionupdated to1.2. - CI: rebuilt the GitHub Actions workflow into two jobs.
testbuilds an amd64
image and runs a smoke test (the container must boot and serve) on every push
tomaster, pull request and manual run; alldocker/*actions were updated
to their current majors.publishbuilds and pushes the multi-arch image to
Docker Hub only on a version tag and only aftertestpasses. - CI: bumped
actions/checkoutto v5 (Node.js 24) to clear the Node.js 20
deprecation warning. - CI: the
publishjob now also pushes to GitHub Container Registry
(ghcr.io/<owner>/webscrapbook) alongside Docker Hub, using the built-in
GITHUB_TOKEN(no extra secret). - CI: every push to
masterpublishes a rollingghcr.io/<owner>/webscrapbook:test
image (amd64), after the smoke test passes. Docker Hub still receives tagged
releases only. - CI: on a version tag, a GitHub Release is created (named after the tag) with
docker pullinstructions (Docker Hub + GHCR) and the upstream WebScrapBook
changelog for that version. The image's own changelog entry (its separate
version) is appended only whenCHANGELOG.mdchanged since the previous tag,
i.e. when the image itself changed for this release.
Fixed
- Removed
--platform=$BUILDPLATFORMfromFROM, which forced the builder's
architecture and broke multi-arch builds. - Corrected the inverted condition in the ownership fix that previously
preventedchownfrom ever running. - CI:
build_args→build-argsin the publish step. The typo silently
dropped the argument, so published images installed WebScrapBooklatest
regardless of the release tag; the tagged version is now actually built.
Removed
- Docker Hub autobuild hooks (
hooks/build,hooks/post_push). Publishing is
now handled by the GitHub Actionsciworkflow; keeping the hooks (with
Docker Hub autobuild enabled) would publish the image a second time. Remember
to disable the Automated Build on Docker Hub as well. MODE_RUNenvironment variable (declared but never used).--squashflag frombuild.sh(experimental, fails on modern builders).apk upgrade --no-cachefrom the build (kept for reproducibility; base image
updates handle security patches).