diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml index 1d7489b..d2b819f 100644 --- a/.github/workflows/external_trigger.yml +++ b/.github/workflows/external_trigger.yml @@ -12,6 +12,7 @@ jobs: - name: External Trigger if: github.ref == 'refs/heads/debianbookworm' run: | - echo "**** No external release, exiting ****" + printf "# External trigger for docker-baseimage-rdesktop\n\n" >> $GITHUB_STEP_SUMMARY + echo "Type is \`os\`" >> $GITHUB_STEP_SUMMARY echo "No external release, exiting" >> $GITHUB_STEP_SUMMARY exit 0 diff --git a/.github/workflows/external_trigger_scheduler.yml b/.github/workflows/external_trigger_scheduler.yml index f842b9c..10503b1 100644 --- a/.github/workflows/external_trigger_scheduler.yml +++ b/.github/workflows/external_trigger_scheduler.yml @@ -15,31 +15,31 @@ jobs: - name: External Trigger Scheduler run: | - echo "**** Branches found: ****" - git for-each-ref --format='%(refname:short)' refs/remotes - for br in $(git for-each-ref --format='%(refname:short)' refs/remotes) + printf "# External trigger scheduler for docker-baseimage-rdesktop\n\n" >> $GITHUB_STEP_SUMMARY + printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY + for br in $(git for-each-ref --format='%(refname:lstrip=3)' refs/remotes) do - br=$(echo "$br" | sed 's|origin/||g') - echo "**** Evaluating branch ${br} ****" + if [[ "${br}" == "HEAD" ]]; then + printf "\nSkipping %s.\n" ${br} >> $GITHUB_STEP_SUMMARY + continue + fi + printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY ls_jenkins_vars=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-baseimage-rdesktop/${br}/jenkins-vars.yml) ls_branch=$(echo "${ls_jenkins_vars}" | yq -r '.ls_branch') ls_trigger=$(echo "${ls_jenkins_vars}" | yq -r '.external_type') if [[ "${br}" == "${ls_branch}" ]] && [[ "${ls_trigger}" != "os" ]]; then - echo "**** Branch ${br} appears to be live and trigger is not os; checking workflow. ****" + echo "Branch appears to be live and trigger is not os; checking workflow." >> $GITHUB_STEP_SUMMARY if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-baseimage-rdesktop/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then - echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****." - echo "Triggering external trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY + echo "Triggering external trigger workflow for branch." >> $GITHUB_STEP_SUMMARY curl -iX POST \ -H "Authorization: token ${{ secrets.CR_PAT }}" \ -H "Accept: application/vnd.github.v3+json" \ -d "{\"ref\":\"refs/heads/${br}\"}" \ https://api.github.com/repos/linuxserver/docker-baseimage-rdesktop/actions/workflows/external_trigger.yml/dispatches else - echo "**** Workflow doesn't exist; skipping trigger. ****" - echo "Skipping branch ${br} due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY + echo "Skipping branch due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY fi else - echo "**** ${br} is either a dev branch, or has no external version; skipping trigger. ****" - echo "Skipping branch ${br} due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY + echo "Skipping branch due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY fi done diff --git a/.github/workflows/package_trigger.yml b/.github/workflows/package_trigger.yml index f202a0e..0d42b8e 100644 --- a/.github/workflows/package_trigger.yml +++ b/.github/workflows/package_trigger.yml @@ -12,29 +12,29 @@ jobs: - name: Package Trigger if: github.ref == 'refs/heads/debianbookworm' run: | + printf "# Package trigger for docker-baseimage-rdesktop\n\n" >> $GITHUB_STEP_SUMMARY if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_BASEIMAGE_RDESKTOP_DEBIANBOOKWORM }}" ]; then - echo "**** Github secret PAUSE_PACKAGE_TRIGGER_BASEIMAGE_RDESKTOP_DEBIANBOOKWORM is set; skipping trigger. ****" - echo "Github secret \`PAUSE_PACKAGE_TRIGGER_BASEIMAGE_RDESKTOP_DEBIANBOOKWORM\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> Github secret \`PAUSE_PACKAGE_TRIGGER_BASEIMAGE_RDESKTOP_DEBIANBOOKWORM\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY exit 0 fi if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-baseimage-rdesktop/job/debianbookworm/lastBuild/api/json | jq -r '.building') == "true" ]; then - echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****" - echo "There already seems to be an active build on Jenkins; skipping package trigger" >> $GITHUB_STEP_SUMMARY + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> There already seems to be an active build on Jenkins; skipping package trigger" >> $GITHUB_STEP_SUMMARY exit 0 fi - echo "**** Package trigger running off of debianbookworm branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_BASEIMAGE_RDESKTOP_DEBIANBOOKWORM\". ****" - echo "Package trigger running off of debianbookworm branch. To disable, set a Github secret named \`PAUSE_PACKAGE_TRIGGER_BASEIMAGE_RDESKTOP_DEBIANBOOKWORM\`" >> $GITHUB_STEP_SUMMARY + echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY + echo "> Package trigger running off of debianbookworm branch. To disable, set a Github secret named \`PAUSE_PACKAGE_TRIGGER_BASEIMAGE_RDESKTOP_DEBIANBOOKWORM\`" >> $GITHUB_STEP_SUMMARY response=$(curl -iX POST \ https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-baseimage-rdesktop/job/debianbookworm/buildWithParameters?PACKAGE_CHECK=true \ --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") - echo "**** Jenkins job queue url: ${response%$'\r'} ****" - echo "**** Sleeping 10 seconds until job starts ****" + echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY + echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY sleep 10 buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') buildurl="${buildurl%$'\r'}" - echo "**** Jenkins job build url: ${buildurl} ****" - echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY - echo "**** Attempting to change the Jenkins job description ****" + echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY + echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY curl -iX POST \ "${buildurl}submitDescription" \ --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \ diff --git a/.github/workflows/package_trigger_scheduler.yml b/.github/workflows/package_trigger_scheduler.yml index 1875753..100b578 100644 --- a/.github/workflows/package_trigger_scheduler.yml +++ b/.github/workflows/package_trigger_scheduler.yml @@ -15,17 +15,19 @@ jobs: - name: Package Trigger Scheduler run: | - echo "**** Branches found: ****" - git for-each-ref --format='%(refname:short)' refs/remotes - for br in $(git for-each-ref --format='%(refname:short)' refs/remotes) + printf "# Package trigger scheduler for docker-baseimage-rdesktop\n\n" >> $GITHUB_STEP_SUMMARY + printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY + for br in $(git for-each-ref --format='%(refname:lstrip=3)' refs/remotes) do - br=$(echo "$br" | sed 's|origin/||g') - echo "**** Evaluating branch ${br} ****" + if [[ "${br}" == "HEAD" ]]; then + printf "\nSkipping %s.\n" ${br} >> $GITHUB_STEP_SUMMARY + continue + fi + printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-baseimage-rdesktop/${br}/jenkins-vars.yml | yq -r '.ls_branch') if [ "${br}" == "${ls_branch}" ]; then - echo "**** Branch ${br} appears to be live; checking workflow. ****" + echo "Branch appears to be live; checking workflow." >> $GITHUB_STEP_SUMMARY if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-baseimage-rdesktop/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then - echo "**** Workflow exists. Triggering package trigger workflow for branch ${br}. ****" echo "Triggering package trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY triggered_branches="${triggered_branches}${br} " curl -iX POST \ @@ -35,11 +37,9 @@ jobs: https://api.github.com/repos/linuxserver/docker-baseimage-rdesktop/actions/workflows/package_trigger.yml/dispatches sleep 30 else - echo "**** Workflow doesn't exist; skipping trigger. ****" echo "Skipping branch ${br} due to no package trigger workflow present." >> $GITHUB_STEP_SUMMARY fi else - echo "**** ${br} appears to be a dev branch; skipping trigger. ****" echo "Skipping branch ${br} due to being detected as dev branch." >> $GITHUB_STEP_SUMMARY fi done diff --git a/Dockerfile b/Dockerfile index da6506b..f98a3ef 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,5 @@ +# syntax=docker/dockerfile:1 + FROM ghcr.io/linuxserver/baseimage-debian:bookworm AS buildstage ARG XRDP_PULSE_VERSION=v0.7 @@ -115,8 +117,8 @@ RUN \ dpkg -i /xrdp.deb && \ rm /xrdp.deb && \ echo "**** install docker ****" && \ - curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - && \ - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian bookworm stable" && \ + curl -fsSL https://download.docker.com/linux/debian/gpg | tee /usr/share/keyrings/docker.asc >/dev/null && \ + echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker.asc] https://download.docker.com/linux/debian bookworm stable" > /etc/apt/sources.list.d/docker.list && \ apt-get update && \ apt-get install -y --no-install-recommends \ docker-ce-cli && \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 05138e3..913bcbe 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,3 +1,5 @@ +# syntax=docker/dockerfile:1 + FROM ghcr.io/linuxserver/baseimage-debian:arm64v8-bookworm AS buildstage ARG XRDP_PULSE_VERSION=v0.7 @@ -114,8 +116,8 @@ RUN \ dpkg -i /xrdp.deb && \ rm /xrdp.deb && \ echo "**** install docker ****" && \ - curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - && \ - add-apt-repository "deb [arch=arm64] https://download.docker.com/linux/debian bookworm stable" && \ + curl -fsSL https://download.docker.com/linux/debian/gpg | tee /usr/share/keyrings/docker.asc >/dev/null && \ + echo "deb [arch=arm64 signed-by=/usr/share/keyrings/docker.asc] https://download.docker.com/linux/debian bookworm stable" > /etc/apt/sources.list.d/docker.list && \ apt-get update && \ apt-get install -y --no-install-recommends \ docker-ce-cli && \ diff --git a/Jenkinsfile b/Jenkinsfile index bf72c9b..eb20790 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -17,6 +17,8 @@ pipeline { GITLAB_TOKEN=credentials('b6f0f1dd-6952-4cf6-95d1-9c06380283f0') GITLAB_NAMESPACE=credentials('gitlab-namespace-id') DOCKERHUB_TOKEN=credentials('docker-hub-ci-pat') + QUAYIO_API_TOKEN=credentials('quayio-repo-api-token') + GIT_SIGNING_KEY=credentials('484fbca6-9a4f-455e-b9e3-97ac98785f5f') BUILD_VERSION_ARG = 'XRDP_VERSION' LS_USER = 'linuxserver' LS_REPO = 'docker-baseimage-rdesktop' @@ -32,13 +34,27 @@ pipeline { CI_SSL='false' CI_DELAY='30' CI_DOCKERENV='TZ=US/Pacific' - CI_AUTH='user:password' + CI_AUTH='' CI_WEBPATH='' } stages { + stage("Set git config"){ + steps{ + sh '''#!/bin/bash + cat ${GIT_SIGNING_KEY} > /config/.ssh/id_sign + chmod 600 /config/.ssh/id_sign + ssh-keygen -y -f /config/.ssh/id_sign > /config/.ssh/id_sign.pub + echo "Using $(ssh-keygen -lf /config/.ssh/id_sign) to sign commits" + git config --global gpg.format ssh + git config --global user.signingkey /config/.ssh/id_sign + git config --global commit.gpgsign true + ''' + } + } // Setup all the basic environment variables needed for the build stage("Set ENV Variables base"){ steps{ + echo "Running on node: ${NODE_NAME}" sh '''#! /bin/bash containers=$(docker ps -aq) if [[ -n "${containers}" ]]; then @@ -440,10 +456,10 @@ pipeline { } } /* ####################### - GitLab Mirroring + GitLab Mirroring and Quay.io Repo Visibility ####################### */ - // Ping into Gitlab to mirror this repo and have a registry endpoint - stage("GitLab Mirror"){ + // Ping into Gitlab to mirror this repo and have a registry endpoint & mark this repo on Quay.io as public + stage("GitLab Mirror and Quay.io Visibility"){ when { environment name: 'EXIT_STATUS', value: '' } @@ -459,6 +475,8 @@ pipeline { "visibility":"public"}' ''' sh '''curl -H "Private-Token: ${GITLAB_TOKEN}" -X PUT "https://gitlab.com/api/v4/projects/Linuxserver.io%2F${LS_REPO}" \ -d "mirror=true&import_url=https://github.com/linuxserver/${LS_REPO}.git" ''' + sh '''curl -H "Content-Type: application/json" -H "Authorization: Bearer ${QUAYIO_API_TOKEN}" -X POST "https://quay.io/api/v1/repository${QUAYIMAGE/quay.io/}/changevisibility" \ + -d '{"visibility":"public"}' ||: ''' } } /* ############### @@ -550,7 +568,7 @@ pipeline { --provenance=false --sbom=false \ --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" - retry(5) { + retry_backoff(5,5) { sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" } sh '''#! /bin/bash @@ -706,7 +724,7 @@ pipeline { passwordVariable: 'QUAYPASS' ] ]) { - retry(5) { + retry_backoff(5,5) { sh '''#! /bin/bash set -e echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin @@ -724,7 +742,7 @@ pipeline { docker push ${PUSHIMAGE}:${META_TAG} docker push ${PUSHIMAGE}:${EXT_RELEASE_TAG} if [ -n "${SEMVER}" ]; then - docker push ${PUSHIMAGE}:${SEMVER} + docker push ${PUSHIMAGE}:${SEMVER} fi done ''' @@ -747,7 +765,7 @@ pipeline { passwordVariable: 'QUAYPASS' ] ]) { - retry(5) { + retry_backoff(5,5) { sh '''#! /bin/bash set -e echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin @@ -810,7 +828,7 @@ pipeline { "object": "'${COMMIT_SHA}'",\ "message": "Tagging Release '${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}' to debianbookworm",\ "type": "commit",\ - "tagger": {"name": "LinuxServer Jenkins","email": "jenkins@linuxserver.io","date": "'${GITHUB_DATE}'"}}' ''' + "tagger": {"name": "LinuxServer-CI","email": "ci@linuxserver.io","date": "'${GITHUB_DATE}'"}}' ''' echo "Pushing New release for Tag" sh '''#! /bin/bash echo "Updating base packages to ${PACKAGE_TAG}" > releasebody.json @@ -942,6 +960,13 @@ EOF ###################### */ post { always { + sh '''#!/bin/bash + rm -rf /config/.ssh/id_sign + rm -rf /config/.ssh/id_sign.pub + git config --global --unset gpg.format + git config --global --unset user.signingkey + git config --global --unset commit.gpgsign + ''' script{ if (env.EXIT_STATUS == "ABORTED"){ sh 'echo "build aborted"' @@ -971,3 +996,20 @@ EOF } } } + +def retry_backoff(int max_attempts, int power_base, Closure c) { + int n = 0 + while (n < max_attempts) { + try { + c() + return + } catch (err) { + if ((n + 1) >= max_attempts) { + throw err + } + sleep(power_base ** n) + n++ + } + } + return +} diff --git a/jenkins-vars.yml b/jenkins-vars.yml index 3abf00f..a7269ea 100644 --- a/jenkins-vars.yml +++ b/jenkins-vars.yml @@ -22,5 +22,5 @@ repo_vars: - CI_SSL='false' - CI_DELAY='30' - CI_DOCKERENV='TZ=US/Pacific' - - CI_AUTH='user:password' + - CI_AUTH='' - CI_WEBPATH=''