update repos and jenkins-vars

linuxserver · Aug 21, 2024 · c594728 · c594728
1 parent b1f61da
commit c594728
Show file tree

Hide file tree

Showing 8 changed files with 90 additions and 55 deletions.
diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml
@@ -12,6 +12,7 @@ jobs:
       - name: External Trigger
         if: github.ref == 'refs/heads/debianbookworm'
         run: |
-          echo "**** No external release, exiting ****"
+          printf "# External trigger for docker-baseimage-kasmvnc\n\n" >> $GITHUB_STEP_SUMMARY
+          echo "Type is \`os\`" >> $GITHUB_STEP_SUMMARY
           echo "No external release, exiting" >> $GITHUB_STEP_SUMMARY
           exit 0
diff --git a/.github/workflows/external_trigger_scheduler.yml b/.github/workflows/external_trigger_scheduler.yml
@@ -15,31 +15,31 @@ jobs:
 
       - name: External Trigger Scheduler
         run: |
-          echo "**** Branches found: ****"
-          git for-each-ref --format='%(refname:short)' refs/remotes
-          for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
+          printf "# External trigger scheduler for docker-baseimage-kasmvnc\n\n" >> $GITHUB_STEP_SUMMARY
+          printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY
+          for br in $(git for-each-ref --format='%(refname:lstrip=3)' refs/remotes)
           do
-            br=$(echo "$br" | sed 's|origin/||g')
-            echo "**** Evaluating branch ${br} ****"
+            if [[ "${br}" == "HEAD" ]]; then
+              printf "\nSkipping %s.\n" ${br} >> $GITHUB_STEP_SUMMARY
+              continue
+            fi
+            printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY
             ls_jenkins_vars=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/${br}/jenkins-vars.yml)
             ls_branch=$(echo "${ls_jenkins_vars}" | yq -r '.ls_branch')
             ls_trigger=$(echo "${ls_jenkins_vars}" | yq -r '.external_type')
             if [[ "${br}" == "${ls_branch}" ]] && [[ "${ls_trigger}" != "os" ]]; then
-              echo "**** Branch ${br} appears to be live and trigger is not os; checking workflow. ****"
+              echo "Branch appears to be live and trigger is not os; checking workflow." >> $GITHUB_STEP_SUMMARY
               if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then
-                echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****."
-                echo "Triggering external trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY
+                echo "Triggering external trigger workflow for branch." >> $GITHUB_STEP_SUMMARY
                 curl -iX POST \
                   -H "Authorization: token ${{ secrets.CR_PAT }}" \
                   -H "Accept: application/vnd.github.v3+json" \
                   -d "{\"ref\":\"refs/heads/${br}\"}" \
                   https://api.github.com/repos/linuxserver/docker-baseimage-kasmvnc/actions/workflows/external_trigger.yml/dispatches
               else
-                echo "**** Workflow doesn't exist; skipping trigger. ****"
-                echo "Skipping branch ${br} due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY
+                echo "Skipping branch due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY
               fi
             else
-              echo "**** ${br} is either a dev branch, or has no external version; skipping trigger. ****"
-              echo "Skipping branch ${br} due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY
+              echo "Skipping branch due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY
             fi
           done
diff --git a/.github/workflows/package_trigger.yml b/.github/workflows/package_trigger.yml
@@ -12,29 +12,29 @@ jobs:
       - name: Package Trigger
         if: github.ref == 'refs/heads/debianbookworm'
         run: |
+          printf "# Package trigger for docker-baseimage-kasmvnc\n\n" >> $GITHUB_STEP_SUMMARY
           if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_BASEIMAGE_KASMVNC_DEBIANBOOKWORM }}" ]; then
-            echo "**** Github secret PAUSE_PACKAGE_TRIGGER_BASEIMAGE_KASMVNC_DEBIANBOOKWORM is set; skipping trigger. ****"
-            echo "Github secret \`PAUSE_PACKAGE_TRIGGER_BASEIMAGE_KASMVNC_DEBIANBOOKWORM\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY
+            echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+            echo "> Github secret \`PAUSE_PACKAGE_TRIGGER_BASEIMAGE_KASMVNC_DEBIANBOOKWORM\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY
             exit 0
           fi
           if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-baseimage-kasmvnc/job/debianbookworm/lastBuild/api/json | jq -r '.building') == "true" ]; then
-            echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****"
-            echo "There already seems to be an active build on Jenkins; skipping package trigger" >> $GITHUB_STEP_SUMMARY
+            echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+            echo "> There already seems to be an active build on Jenkins; skipping package trigger" >> $GITHUB_STEP_SUMMARY
             exit 0
           fi
-          echo "**** Package trigger running off of debianbookworm branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_BASEIMAGE_KASMVNC_DEBIANBOOKWORM\". ****"
-          echo "Package trigger running off of debianbookworm branch. To disable, set a Github secret named \`PAUSE_PACKAGE_TRIGGER_BASEIMAGE_KASMVNC_DEBIANBOOKWORM\`" >> $GITHUB_STEP_SUMMARY
+          echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
+          echo "> Package trigger running off of debianbookworm branch. To disable, set a Github secret named \`PAUSE_PACKAGE_TRIGGER_BASEIMAGE_KASMVNC_DEBIANBOOKWORM\`" >> $GITHUB_STEP_SUMMARY
           response=$(curl -iX POST \
             https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-baseimage-kasmvnc/job/debianbookworm/buildWithParameters?PACKAGE_CHECK=true \
             --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
-          echo "**** Jenkins job queue url: ${response%$'\r'} ****"
-          echo "**** Sleeping 10 seconds until job starts ****"
+          echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY
+          echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY
           sleep 10
           buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
           buildurl="${buildurl%$'\r'}"
-          echo "**** Jenkins job build url: ${buildurl} ****"
-          echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY
-          echo "**** Attempting to change the Jenkins job description ****"
+          echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY
+          echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY
           curl -iX POST \
             "${buildurl}submitDescription" \
             --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \

diff --git a/.github/workflows/package_trigger_scheduler.yml b/.github/workflows/package_trigger_scheduler.yml
@@ -15,17 +15,19 @@ jobs:
 
       - name: Package Trigger Scheduler
         run: |
-          echo "**** Branches found: ****"
-          git for-each-ref --format='%(refname:short)' refs/remotes
-          for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
+          printf "# Package trigger scheduler for docker-baseimage-kasmvnc\n\n" >> $GITHUB_STEP_SUMMARY
+          printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY
+          for br in $(git for-each-ref --format='%(refname:lstrip=3)' refs/remotes)
           do
-            br=$(echo "$br" | sed 's|origin/||g')
-            echo "**** Evaluating branch ${br} ****"
+            if [[ "${br}" == "HEAD" ]]; then
+              printf "\nSkipping %s.\n" ${br} >> $GITHUB_STEP_SUMMARY
+              continue
+            fi
+            printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY
             ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/${br}/jenkins-vars.yml | yq -r '.ls_branch')
             if [ "${br}" == "${ls_branch}" ]; then
-              echo "**** Branch ${br} appears to be live; checking workflow. ****"
+              echo "Branch appears to be live; checking workflow." >> $GITHUB_STEP_SUMMARY
               if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then
-                echo "**** Workflow exists. Triggering package trigger workflow for branch ${br}. ****"
                 echo "Triggering package trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY
                 triggered_branches="${triggered_branches}${br} "
                 curl -iX POST \
@@ -35,11 +37,9 @@ jobs:
                   https://api.github.com/repos/linuxserver/docker-baseimage-kasmvnc/actions/workflows/package_trigger.yml/dispatches
                 sleep 30
               else
-                echo "**** Workflow doesn't exist; skipping trigger. ****"
                 echo "Skipping branch ${br} due to no package trigger workflow present." >> $GITHUB_STEP_SUMMARY
               fi
             else
-              echo "**** ${br} appears to be a dev branch; skipping trigger. ****"
               echo "Skipping branch ${br} due to being detected as dev branch." >> $GITHUB_STEP_SUMMARY
             fi
           done

diff --git a/Dockerfile b/Dockerfile
@@ -245,12 +245,8 @@ RUN \
     '/locale/d' \
     /etc/dpkg/dpkg.cfg.d/docker && \
   echo "**** install deps ****" && \
-  apt-get update && \
-  apt-get install -y \
-    gnupg && \
-  curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - && \
-  echo "deb [arch=amd64] https://download.docker.com/linux/debian bookworm stable" > \
-    /etc/apt/sources.list.d/docker.list && \
+  curl -fsSL https://download.docker.com/linux/debian/gpg | tee /usr/share/keyrings/docker.asc >/dev/null && \
+  echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker.asc] https://download.docker.com/linux/debian bookworm stable" > /etc/apt/sources.list.d/docker.list && \
   curl -fsSL https://deb.nodesource.com/setup_18.x | bash - && \
   apt-get update && \
   DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \

diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
@@ -249,12 +249,8 @@ RUN \
     '/locale/d' \
     /etc/dpkg/dpkg.cfg.d/docker && \
   echo "**** install deps ****" && \
-  apt-get update && \
-  apt-get install -y \
-    gnupg && \
-  curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - && \
-  echo "deb [arch=arm64] https://download.docker.com/linux/debian bookworm stable" > \
-    /etc/apt/sources.list.d/docker.list && \
+  curl -fsSL https://download.docker.com/linux/debian/gpg | tee /usr/share/keyrings/docker.asc >/dev/null && \
+  echo "deb [arch=arm64 signed-by=/usr/share/keyrings/docker.asc] https://download.docker.com/linux/debian bookworm stable" > /etc/apt/sources.list.d/docker.list && \
   curl -fsSL https://deb.nodesource.com/setup_18.x | bash - && \
   apt-get update && \
   DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \

diff --git a/Jenkinsfile b/Jenkinsfile
@@ -17,6 +17,8 @@ pipeline {
     GITLAB_TOKEN=credentials('b6f0f1dd-6952-4cf6-95d1-9c06380283f0')
     GITLAB_NAMESPACE=credentials('gitlab-namespace-id')
     DOCKERHUB_TOKEN=credentials('docker-hub-ci-pat')
+    QUAYIO_API_TOKEN=credentials('quayio-repo-api-token')
+    GIT_SIGNING_KEY=credentials('484fbca6-9a4f-455e-b9e3-97ac98785f5f')
     BUILD_VERSION_ARG = 'KASMVNC_RELEASE'
     LS_USER = 'linuxserver'
     LS_REPO = 'docker-baseimage-kasmvnc'
@@ -32,13 +34,27 @@ pipeline {
     CI_SSL='false'
     CI_DELAY='120'
     CI_DOCKERENV='TZ=US/Pacific'
-    CI_AUTH='username:password'
+    CI_AUTH=''
     CI_WEBPATH=''
   }
   stages {
+    stage("Set git config"){
+      steps{
+        sh '''#!/bin/bash
+              cat ${GIT_SIGNING_KEY} > /config/.ssh/id_sign
+              chmod 600 /config/.ssh/id_sign
+              ssh-keygen -y -f /config/.ssh/id_sign > /config/.ssh/id_sign.pub
+              echo "Using $(ssh-keygen -lf /config/.ssh/id_sign) to sign commits"
+              git config --global gpg.format ssh
+              git config --global user.signingkey /config/.ssh/id_sign
+              git config --global commit.gpgsign true
+        '''
+      }
+    }
     // Setup all the basic environment variables needed for the build
     stage("Set ENV Variables base"){
       steps{
+        echo "Running on node: ${NODE_NAME}"
         sh '''#! /bin/bash
               containers=$(docker ps -aq)
               if [[ -n "${containers}" ]]; then
@@ -440,10 +456,10 @@ pipeline {
       }
     }
     /* #######################
-           GitLab Mirroring
+       GitLab Mirroring and Quay.io Repo Visibility
        ####################### */
-    // Ping into Gitlab to mirror this repo and have a registry endpoint
-    stage("GitLab Mirror"){
+    // Ping into Gitlab to mirror this repo and have a registry endpoint & mark this repo on Quay.io as public
+    stage("GitLab Mirror and Quay.io Visibility"){
       when {
         environment name: 'EXIT_STATUS', value: ''
       }
@@ -459,6 +475,8 @@ pipeline {
             "visibility":"public"}' '''
         sh '''curl -H "Private-Token: ${GITLAB_TOKEN}" -X PUT "https://gitlab.com/api/v4/projects/Linuxserver.io%2F${LS_REPO}" \
           -d "mirror=true&import_url=https://github.com/linuxserver/${LS_REPO}.git" '''
+        sh '''curl -H "Content-Type: application/json" -H "Authorization: Bearer ${QUAYIO_API_TOKEN}" -X POST "https://quay.io/api/v1/repository${QUAYIMAGE/quay.io/}/changevisibility" \
+          -d '{"visibility":"public"}' ||: '''
       } 
     }
     /* ###############
@@ -550,7 +568,7 @@ pipeline {
               --provenance=false --sbom=false \
               --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
             sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
-            retry(5) {
+            retry_backoff(5,5) {
               sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
             }
             sh '''#! /bin/bash
@@ -706,7 +724,7 @@ pipeline {
             passwordVariable: 'QUAYPASS'
           ]
         ]) {
-          retry(5) {
+          retry_backoff(5,5) {
             sh '''#! /bin/bash
                   set -e
                   echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin
@@ -724,7 +742,7 @@ pipeline {
                     docker push ${PUSHIMAGE}:${META_TAG}
                     docker push ${PUSHIMAGE}:${EXT_RELEASE_TAG}
                     if [ -n "${SEMVER}" ]; then
-                     docker push ${PUSHIMAGE}:${SEMVER}
+                      docker push ${PUSHIMAGE}:${SEMVER}
                     fi
                   done
                '''
@@ -747,7 +765,7 @@ pipeline {
             passwordVariable: 'QUAYPASS'
           ]
         ]) {
-          retry(5) {
+          retry_backoff(5,5) {
             sh '''#! /bin/bash
                   set -e
                   echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin
@@ -810,7 +828,7 @@ pipeline {
              "object": "'${COMMIT_SHA}'",\
              "message": "Tagging Release '${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}' to debianbookworm",\
              "type": "commit",\
-             "tagger": {"name": "LinuxServer Jenkins","email": "jenkins@linuxserver.io","date": "'${GITHUB_DATE}'"}}' '''
+             "tagger": {"name": "LinuxServer-CI","email": "ci@linuxserver.io","date": "'${GITHUB_DATE}'"}}' '''
         echo "Pushing New release for Tag"
         sh '''#! /bin/bash
               echo "Updating base packages to ${PACKAGE_TAG}" > releasebody.json
@@ -942,6 +960,13 @@ EOF
      ###################### */
   post {
     always {
+      sh '''#!/bin/bash
+            rm -rf /config/.ssh/id_sign
+            rm -rf /config/.ssh/id_sign.pub
+            git config --global --unset gpg.format
+            git config --global --unset user.signingkey
+            git config --global --unset commit.gpgsign
+        '''
       script{
         if (env.EXIT_STATUS == "ABORTED"){
           sh 'echo "build aborted"'
@@ -971,3 +996,20 @@ EOF
     }
   }
 }
+
+def retry_backoff(int max_attempts, int power_base, Closure c) {
+  int n = 0
+  while (n < max_attempts) {
+    try {
+      c()
+      return
+    } catch (err) {
+      if ((n + 1) >= max_attempts) {
+        throw err
+      }
+      sleep(power_base ** n)
+      n++
+    }
+  }
+  return
+}
diff --git a/jenkins-vars.yml b/jenkins-vars.yml
@@ -23,5 +23,5 @@ repo_vars:
   - CI_SSL='false'
   - CI_DELAY='120'
   - CI_DOCKERENV='TZ=US/Pacific'
-  - CI_AUTH='username:password'
+  - CI_AUTH=''
   - CI_WEBPATH=''