From 338d5c7e6a0f1c1294c3127e1481ea0739a23d87 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 11:16:17 -0800 Subject: [PATCH 01/60] Bump actions/checkout from 4.2.0 to 4.2.1 (#253) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.0 to 4.2.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/d632683dd7b4114ad314bca15554477dd762a938...eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 8 ++++---- .github/workflows/alpine-stable.yml | 8 ++++---- .github/workflows/debian-mainline.yml | 6 +++--- .github/workflows/debian-stable.yml | 6 +++--- .github/workflows/image-cleanup.yml | 2 +- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index e18b1d2..7f02e8e 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -16,7 +16,7 @@ jobs: distro: ${{ steps.distro_version.outputs.release }} steps: - name: Check out the codebase - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Parse NGINX mainline version id: nginx_version @@ -38,7 +38,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 @@ -156,7 +156,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 @@ -274,7 +274,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index d415609..ddf3bb8 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -16,7 +16,7 @@ jobs: distro: ${{ steps.distro_version.outputs.release }} steps: - name: Check out the codebase - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Parse NGINX stable version id: nginx_version @@ -38,7 +38,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 @@ -148,7 +148,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 @@ -258,7 +258,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index 693a65c..7cac08e 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -16,7 +16,7 @@ jobs: distro: ${{ steps.distro_version.outputs.release }} steps: - name: Check out the codebase - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Parse NGINX mainline version id: nginx_version @@ -38,7 +38,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 @@ -157,7 +157,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index 54c7213..c9844ea 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -16,7 +16,7 @@ jobs: distro: ${{ steps.distro_version.outputs.release }} steps: - name: Check out the codebase - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Parse NGINX stable version id: nginx_version @@ -38,7 +38,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 @@ -149,7 +149,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 diff --git a/.github/workflows/image-cleanup.yml b/.github/workflows/image-cleanup.yml index 3ed920b..4ac48e1 100644 --- a/.github/workflows/image-cleanup.yml +++ b/.github/workflows/image-cleanup.yml @@ -14,7 +14,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 From 54d835844ea6cc75d0de18ebd38de89970120b06 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 08:21:55 -0800 Subject: [PATCH 02/60] Bump actions/checkout from 4.2.1 to 4.2.2 (#256) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.1 to 4.2.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871...11bd71901bbe5b1630ceea73d27597364c9af683) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 8 ++++---- .github/workflows/alpine-stable.yml | 8 ++++---- .github/workflows/debian-mainline.yml | 6 +++--- .github/workflows/debian-stable.yml | 6 +++--- .github/workflows/image-cleanup.yml | 2 +- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 7f02e8e..ab13f91 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -16,7 +16,7 @@ jobs: distro: ${{ steps.distro_version.outputs.release }} steps: - name: Check out the codebase - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Parse NGINX mainline version id: nginx_version @@ -38,7 +38,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 @@ -156,7 +156,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 @@ -274,7 +274,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index ddf3bb8..e0e383c 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -16,7 +16,7 @@ jobs: distro: ${{ steps.distro_version.outputs.release }} steps: - name: Check out the codebase - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Parse NGINX stable version id: nginx_version @@ -38,7 +38,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 @@ -148,7 +148,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 @@ -258,7 +258,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index 7cac08e..9cd984a 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -16,7 +16,7 @@ jobs: distro: ${{ steps.distro_version.outputs.release }} steps: - name: Check out the codebase - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Parse NGINX mainline version id: nginx_version @@ -38,7 +38,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 @@ -157,7 +157,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index c9844ea..59b3d2d 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -16,7 +16,7 @@ jobs: distro: ${{ steps.distro_version.outputs.release }} steps: - name: Check out the codebase - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Parse NGINX stable version id: nginx_version @@ -38,7 +38,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 @@ -149,7 +149,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 diff --git a/.github/workflows/image-cleanup.yml b/.github/workflows/image-cleanup.yml index 4ac48e1..e3b7019 100644 --- a/.github/workflows/image-cleanup.yml +++ b/.github/workflows/image-cleanup.yml @@ -14,7 +14,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 From 69dec3fc07d2e604fa4fde8b18513dd406fc747a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 08:22:13 -0800 Subject: [PATCH 03/60] Bump stumpylog/image-cleaner-action from 0.8.0 to 0.9.0 (#255) Bumps [stumpylog/image-cleaner-action](https://github.com/stumpylog/image-cleaner-action) from 0.8.0 to 0.9.0. - [Release notes](https://github.com/stumpylog/image-cleaner-action/releases) - [Changelog](https://github.com/stumpylog/image-cleaner-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/stumpylog/image-cleaner-action/compare/0924047a3709a8f39313ec9e5f5888597e3bf81b...5e55abae6a73c6b494013c4314e08e69298f4dc1) --- updated-dependencies: - dependency-name: stumpylog/image-cleaner-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/image-cleanup.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-cleanup.yml b/.github/workflows/image-cleanup.yml index e3b7019..e0cda00 100644 --- a/.github/workflows/image-cleanup.yml +++ b/.github/workflows/image-cleanup.yml @@ -28,7 +28,7 @@ jobs: .github/workflows/scripts/delete-untagged-amazon-public-ecr-images.sh - name: Delete untagged NGINX Unprivileged Docker images on the GitHub Container Registry - uses: stumpylog/image-cleaner-action/untagged@0924047a3709a8f39313ec9e5f5888597e3bf81b # v0.8.0 + uses: stumpylog/image-cleaner-action/untagged@5e55abae6a73c6b494013c4314e08e69298f4dc1 # v0.9.0 with: is_org: true owner: nginxinc From 7e515bf70e10e5ea7cdcc14fd3e736ebc639df9a Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 27 Nov 2024 02:44:08 -0900 Subject: [PATCH 04/60] feat: Update mainline NGINX to 1.27.3 (#260) * And update mainline NJS to 0.8.7 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- update.sh | 6 +++--- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 85230ba..6b0d6c2 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.27.2-alpine +ARG IMAGE=nginxinc/nginx-unprivileged:1.27.3-alpine FROM $IMAGE ARG UID=101 @@ -52,7 +52,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index c1b0b0c..4584e34 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -8,7 +8,7 @@ FROM $IMAGE LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION=1.27.2 +ENV NGINX_VERSION=1.27.3 ENV PKG_RELEASE=1 ENV DYNPKG_RELEASE=1 @@ -63,7 +63,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 2c6dab6..982f44f 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,10 +3,10 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.27.2-alpine-slim +ARG IMAGE=nginxinc/nginx-unprivileged:1.27.3-alpine-slim FROM $IMAGE -ENV NJS_VERSION=0.8.6 +ENV NJS_VERSION=0.8.7 ENV NJS_RELEASE=1 ARG UID=101 @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 79ad6f8..fee9868 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.27.2 +ARG IMAGE=nginxinc/nginx-unprivileged:1.27.3 FROM $IMAGE ARG UID=101 @@ -54,7 +54,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 5bd0419..cd09304 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -8,8 +8,8 @@ FROM $IMAGE LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION=1.27.2 -ENV NJS_VERSION=0.8.6 +ENV NGINX_VERSION=1.27.3 +ENV NJS_VERSION=0.8.7 ENV NJS_RELEASE=1~bookworm ENV PKG_RELEASE=1~bookworm ENV DYNPKG_RELEASE=1~bookworm @@ -81,7 +81,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/update.sh b/update.sh index ffbab5c..edf057f 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.27.2' + [mainline]='1.27.3' [stable]='1.26.2' ) # Current njs versions declare -A njs=( - [mainline]='0.8.6' + [mainline]='0.8.7' [stable]='0.8.5' ) @@ -66,7 +66,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c' + [mainline]='5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960' [stable]='b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764' ) From 899909ee1a9fd15d6ae19a1197d199b5ba2c2fea Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 04:07:00 -0900 Subject: [PATCH 05/60] Bump docker/metadata-action from 5.5.1 to 5.6.1 (#258) Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.5.1 to 5.6.1. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/8e5442c4ef9f78752691e2d8f8d19755c6f78e81...369eb591f429131d6889c46b94e711f089e6ca96) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 6 +++--- .github/workflows/alpine-stable.yml | 6 +++--- .github/workflows/debian-mainline.yml | 4 ++-- .github/workflows/debian-stable.yml | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index ab13f91..40f4cc6 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -85,7 +85,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 with: images: | docker.io/nginxinc/nginx-unprivileged @@ -203,7 +203,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 with: images: | docker.io/nginxinc/nginx-unprivileged @@ -321,7 +321,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 with: images: | docker.io/nginxinc/nginx-unprivileged diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index e0e383c..c73a839 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -85,7 +85,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 with: images: | docker.io/nginxinc/nginx-unprivileged @@ -195,7 +195,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 with: images: | docker.io/nginxinc/nginx-unprivileged @@ -305,7 +305,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 with: images: | docker.io/nginxinc/nginx-unprivileged diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index 9cd984a..98a4ab6 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -85,7 +85,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 with: images: | docker.io/nginxinc/nginx-unprivileged @@ -204,7 +204,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 with: images: | docker.io/nginxinc/nginx-unprivileged diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index 59b3d2d..120a2c2 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -85,7 +85,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 with: images: | docker.io/nginxinc/nginx-unprivileged @@ -196,7 +196,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 with: images: | docker.io/nginxinc/nginx-unprivileged From a756e1aa0ab288c455dc4c03e7affe331322af7b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Jan 2025 10:46:13 -0900 Subject: [PATCH 06/60] Bump docker/build-push-action from 6.9.0 to 6.10.0 (#264) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.9.0 to 6.10.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/4f58ea79222b3b9dc2c8bbdd6debcef730109a75...48aba3b46d1b1fec4febb7c5d0c644b249a11355) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 6 +++--- .github/workflows/alpine-stable.yml | 6 +++--- .github/workflows/debian-mainline.yml | 4 ++-- .github/workflows/debian-stable.yml | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 40f4cc6..5d0e811 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -108,7 +108,7 @@ jobs: - name: Build and push NGINX mainline slim Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x context: "{{ defaultContext }}:mainline/alpine-slim" @@ -226,7 +226,7 @@ jobs: - name: Build and push NGINX mainline Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x context: "{{ defaultContext }}:mainline/alpine" @@ -344,7 +344,7 @@ jobs: - name: Build and push NGINX mainline perl Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x context: "{{ defaultContext }}:mainline/alpine-perl" diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index c73a839..a0199f4 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -104,7 +104,7 @@ jobs: - name: Build and push NGINX stable slim Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x context: "{{ defaultContext }}:stable/alpine-slim" @@ -214,7 +214,7 @@ jobs: - name: Build and push NGINX stable Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x context: "{{ defaultContext }}:stable/alpine" @@ -324,7 +324,7 @@ jobs: - name: Build and push NGINX stable perl Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x context: "{{ defaultContext }}:stable/alpine-perl" diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index 98a4ab6..b6def5a 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -108,7 +108,7 @@ jobs: - name: Build and push NGINX mainline Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x @@ -227,7 +227,7 @@ jobs: - name: Build and push NGINX mainline perl Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index 120a2c2..862c959 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -104,7 +104,7 @@ jobs: - name: Build and push NGINX stable Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x @@ -215,7 +215,7 @@ jobs: - name: Build and push NGINX stable perl Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x From 7095a6540f04d4780a9a8453d965a376cbb4deee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Jan 2025 10:46:28 -0900 Subject: [PATCH 07/60] Bump docker/setup-buildx-action from 3.7.1 to 3.8.0 (#266) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.7.1 to 3.8.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/c47758b77c9736f4b2ef4073d4d51994fabfe349...6524bf65af31da8d45b59e8c27de4bd072b392f5) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 6 +++--- .github/workflows/alpine-stable.yml | 6 +++--- .github/workflows/debian-mainline.yml | 4 ++-- .github/workflows/debian-stable.yml | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 5d0e811..4410e68 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -44,7 +44,7 @@ jobs: uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -162,7 +162,7 @@ jobs: uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -280,7 +280,7 @@ jobs: uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index a0199f4..292ae2d 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -44,7 +44,7 @@ jobs: uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -154,7 +154,7 @@ jobs: uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -264,7 +264,7 @@ jobs: uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index b6def5a..4de646a 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -44,7 +44,7 @@ jobs: uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -163,7 +163,7 @@ jobs: uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index 862c959..c86bb18 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -44,7 +44,7 @@ jobs: uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -155,7 +155,7 @@ jobs: uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} From 17ba3abed0a1dd16cec63d093ba9b784808b46c5 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Mon, 13 Jan 2025 03:26:28 -0900 Subject: [PATCH 08/60] Add `riscv64` support on Alpine Linux (#268) * And update njs to 0.8.8 --- .github/workflows/alpine-mainline.yml | 6 +++--- .github/workflows/alpine-stable.yml | 6 +++--- mainline/alpine-perl/Dockerfile | 10 +++++----- mainline/alpine-slim/Dockerfile | 10 +++++----- mainline/alpine/Dockerfile | 12 ++++++------ mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- stable/alpine-perl/Dockerfile | 10 +++++----- stable/alpine-slim/Dockerfile | 10 +++++----- stable/alpine/Dockerfile | 12 ++++++------ stable/debian-perl/Dockerfile | 4 ++-- stable/debian/Dockerfile | 6 +++--- update.sh | 12 ++++++------ 13 files changed, 54 insertions(+), 54 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 4410e68..fa1f8aa 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -110,7 +110,7 @@ jobs: id: build uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: - platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x + platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:mainline/alpine-slim" labels: ${{ steps.meta.outputs.labels }} annotations: ${{ steps.meta.outputs.annotations }} @@ -228,7 +228,7 @@ jobs: id: build uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: - platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x + platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:mainline/alpine" labels: ${{ steps.meta.outputs.labels }} annotations: ${{ steps.meta.outputs.annotations }} @@ -346,7 +346,7 @@ jobs: id: build uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: - platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x + platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:mainline/alpine-perl" labels: ${{ steps.meta.outputs.labels }} annotations: ${{ steps.meta.outputs.annotations }} diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index 292ae2d..9c8d8d1 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -106,7 +106,7 @@ jobs: id: build uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: - platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x + platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:stable/alpine-slim" labels: ${{ steps.meta.outputs.labels }} annotations: ${{ steps.meta.outputs.annotations }} @@ -216,7 +216,7 @@ jobs: id: build uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: - platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x + platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:stable/alpine" labels: ${{ steps.meta.outputs.labels }} annotations: ${{ steps.meta.outputs.annotations }} @@ -326,7 +326,7 @@ jobs: id: build uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: - platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x + platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:stable/alpine-perl" labels: ${{ steps.meta.outputs.labels }} annotations: ${{ steps.meta.outputs.annotations }} diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 6b0d6c2..46e58c6 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -51,16 +51,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ && cd alpine \ && make module-perl \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 4584e34..e15186f 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -62,16 +62,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ && cd alpine \ && make base \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 982f44f..8a70d2a 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -6,7 +6,7 @@ ARG IMAGE=nginxinc/nginx-unprivileged:1.27.3-alpine-slim FROM $IMAGE -ENV NJS_VERSION=0.8.7 +ENV NJS_VERSION=0.8.8 ENV NJS_RELEASE=1 ARG UID=101 @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index fee9868..b817371 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -51,10 +51,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="0286c5190d972a49bffc9bf247885dd510ce8181" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index cd09304..e3f573c 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -9,7 +9,7 @@ FROM $IMAGE LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION=1.27.3 -ENV NJS_VERSION=0.8.7 +ENV NJS_VERSION=0.8.8 ENV NJS_RELEASE=1~bookworm ENV PKG_RELEASE=1~bookworm ENV DYNPKG_RELEASE=1~bookworm @@ -78,10 +78,10 @@ RUN set -x \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="0286c5190d972a49bffc9bf247885dd510ce8181" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 7754fe1..46f883c 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -51,16 +51,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ + && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ && cd alpine \ && make module-perl \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index d6bb43d..51431a1 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -62,16 +62,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ + && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ && cd alpine \ && make base \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index ac67694..9bb5845 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -6,7 +6,7 @@ ARG IMAGE=nginxinc/nginx-unprivileged:1.26.2-alpine-slim FROM $IMAGE -ENV NJS_VERSION=0.8.5 +ENV NJS_VERSION=0.8.8 ENV NJS_RELEASE=1 ARG UID=101 @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ + && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 3a861f8..2375109 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -51,10 +51,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="f43e929dc7a6111ef5d9ecb281a75749f7934261" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 452f8de..ff20d50 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -9,7 +9,7 @@ FROM $IMAGE LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION=1.26.2 -ENV NJS_VERSION=0.8.5 +ENV NJS_VERSION=0.8.8 ENV NJS_RELEASE=1~bookworm ENV PKG_RELEASE=1~bookworm ENV DYNPKG_RELEASE=2~bookworm @@ -78,10 +78,10 @@ RUN set -x \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="f43e929dc7a6111ef5d9ecb281a75749f7934261" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/update.sh b/update.sh index edf057f..b29cb51 100755 --- a/update.sh +++ b/update.sh @@ -18,8 +18,8 @@ declare -A nginx=( # Current njs versions declare -A njs=( - [mainline]='0.8.7' - [stable]='0.8.5' + [mainline]='0.8.8' + [stable]='0.8.8' ) # Current njs patchlevel version @@ -58,16 +58,16 @@ declare -A alpine=( # when building packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='${NGINX_VERSION}-${PKG_RELEASE}' + [mainline]='0286c5190d972a49bffc9bf247885dd510ce8181' + [stable]='f43e929dc7a6111ef5d9ecb281a75749f7934261' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960' - [stable]='b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764' + [mainline]='1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535' + [stable]='315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6' ) get_packages() { From e89cb03e30c1de61d8ba37ba6ae40809697b2e02 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Jan 2025 03:27:19 -0900 Subject: [PATCH 09/60] Bump docker/setup-qemu-action from 3.2.0 to 3.3.0 (#270) Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.2.0 to 3.3.0. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/49b3bc8e6bdd4a60e6116a5414239cba5943d3cf...53851d14592bedcffcf25ea515637cff71ef929a) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 6 +++--- .github/workflows/alpine-stable.yml | 6 +++--- .github/workflows/debian-mainline.yml | 4 ++-- .github/workflows/debian-stable.yml | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index fa1f8aa..7fa57b2 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -41,7 +41,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 @@ -159,7 +159,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 @@ -277,7 +277,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index 9c8d8d1..0a8a477 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -41,7 +41,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 @@ -151,7 +151,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 @@ -261,7 +261,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index 4de646a..230f19d 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -41,7 +41,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 @@ -160,7 +160,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index c86bb18..de7a58a 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -41,7 +41,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 @@ -152,7 +152,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 From 0cecd4eba966b7d70fa97619625e22003c93be90 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Jan 2025 12:00:42 -0900 Subject: [PATCH 10/60] Bump docker/build-push-action from 6.10.0 to 6.11.0 (#269) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.10.0 to 6.11.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/48aba3b46d1b1fec4febb7c5d0c644b249a11355...b32b51a8eda65d6793cd0494a773d4f6bcef32dc) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 6 +++--- .github/workflows/alpine-stable.yml | 6 +++--- .github/workflows/debian-mainline.yml | 4 ++-- .github/workflows/debian-stable.yml | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 7fa57b2..91ee2d2 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -108,7 +108,7 @@ jobs: - name: Build and push NGINX mainline slim Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:mainline/alpine-slim" @@ -226,7 +226,7 @@ jobs: - name: Build and push NGINX mainline Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:mainline/alpine" @@ -344,7 +344,7 @@ jobs: - name: Build and push NGINX mainline perl Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:mainline/alpine-perl" diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index 0a8a477..48f4bb1 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -104,7 +104,7 @@ jobs: - name: Build and push NGINX stable slim Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:stable/alpine-slim" @@ -214,7 +214,7 @@ jobs: - name: Build and push NGINX stable Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:stable/alpine" @@ -324,7 +324,7 @@ jobs: - name: Build and push NGINX stable perl Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:stable/alpine-perl" diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index 230f19d..03095e0 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -108,7 +108,7 @@ jobs: - name: Build and push NGINX mainline Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x @@ -227,7 +227,7 @@ jobs: - name: Build and push NGINX mainline perl Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index de7a58a..a8f9e60 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -104,7 +104,7 @@ jobs: - name: Build and push NGINX stable Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x @@ -215,7 +215,7 @@ jobs: - name: Build and push NGINX stable perl Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x From 2cc5e1e803dee7adc6418662068edb014b26584c Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Thu, 13 Feb 2025 09:29:19 -0900 Subject: [PATCH 11/60] feat: Update mainline NGINX to 1.27.4 (#283) * And stable NGINX to 1.26.3 * And NJS to 0.8.9 --- mainline/alpine-perl/Dockerfile | 12 ++++++------ mainline/alpine-slim/Dockerfile | 14 +++++++------- mainline/alpine/Dockerfile | 14 +++++++------- mainline/debian-perl/Dockerfile | 6 +++--- mainline/debian/Dockerfile | 8 ++++---- stable/alpine-perl/Dockerfile | 12 ++++++------ stable/alpine-slim/Dockerfile | 12 ++++++------ stable/alpine/Dockerfile | 14 +++++++------- stable/debian-perl/Dockerfile | 6 +++--- stable/debian/Dockerfile | 8 ++++---- update.sh | 22 +++++++++++----------- 11 files changed, 64 insertions(+), 64 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 46e58c6..a4df043 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.27.3-alpine +ARG IMAGE=nginxinc/nginx-unprivileged:1.27.4-alpine FROM $IMAGE ARG UID=101 @@ -51,16 +51,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index e15186f..ccf7acb 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -3,12 +3,12 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=alpine:3.20 +ARG IMAGE=alpine:3.21 FROM $IMAGE LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION=1.27.3 +ENV NGINX_VERSION=1.27.4 ENV PKG_RELEASE=1 ENV DYNPKG_RELEASE=1 @@ -62,16 +62,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 8a70d2a..e9914fe 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,10 +3,10 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.27.3-alpine-slim +ARG IMAGE=nginxinc/nginx-unprivileged:1.27.4-alpine-slim FROM $IMAGE -ENV NJS_VERSION=0.8.8 +ENV NJS_VERSION=0.8.9 ENV NJS_RELEASE=1 ARG UID=101 @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index b817371..dba8a65 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.27.3 +ARG IMAGE=nginxinc/nginx-unprivileged:1.27.4 FROM $IMAGE ARG UID=101 @@ -51,10 +51,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="0286c5190d972a49bffc9bf247885dd510ce8181" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index e3f573c..9b4f325 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -8,8 +8,8 @@ FROM $IMAGE LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION=1.27.3 -ENV NJS_VERSION=0.8.8 +ENV NGINX_VERSION=1.27.4 +ENV NJS_VERSION=0.8.9 ENV NJS_RELEASE=1~bookworm ENV PKG_RELEASE=1~bookworm ENV DYNPKG_RELEASE=1~bookworm @@ -78,10 +78,10 @@ RUN set -x \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="0286c5190d972a49bffc9bf247885dd510ce8181" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 46f883c..6394b32 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.26.2-alpine +ARG IMAGE=nginxinc/nginx-unprivileged:1.26.3-alpine FROM $IMAGE ARG UID=101 @@ -51,16 +51,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ - && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 51431a1..e1a8c97 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -8,7 +8,7 @@ FROM $IMAGE LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION=1.26.2 +ENV NGINX_VERSION=1.26.3 ENV PKG_RELEASE=1 ENV DYNPKG_RELEASE=2 @@ -62,16 +62,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ - && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 9bb5845..724df6c 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,10 +3,10 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.26.2-alpine-slim +ARG IMAGE=nginxinc/nginx-unprivileged:1.26.3-alpine-slim FROM $IMAGE -ENV NJS_VERSION=0.8.8 +ENV NJS_VERSION=0.8.9 ENV NJS_RELEASE=1 ARG UID=101 @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ - && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 2375109..5973b2b 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.26.2 +ARG IMAGE=nginxinc/nginx-unprivileged:1.26.3 FROM $IMAGE ARG UID=101 @@ -51,10 +51,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="f43e929dc7a6111ef5d9ecb281a75749f7934261" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index ff20d50..9f9aad0 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,8 +8,8 @@ FROM $IMAGE LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION=1.26.2 -ENV NJS_VERSION=0.8.8 +ENV NGINX_VERSION=1.26.3 +ENV NJS_VERSION=0.8.9 ENV NJS_RELEASE=1~bookworm ENV PKG_RELEASE=1~bookworm ENV DYNPKG_RELEASE=2~bookworm @@ -78,10 +78,10 @@ RUN set -x \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="f43e929dc7a6111ef5d9ecb281a75749f7934261" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/update.sh b/update.sh index b29cb51..243d915 100755 --- a/update.sh +++ b/update.sh @@ -2,7 +2,7 @@ set -Eeuo pipefail shopt -s nullglob -cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" +cd "$(dirname "$(greadlink -f "$BASH_SOURCE")")" declare branches=( "stable" @@ -12,14 +12,14 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.27.3' - [stable]='1.26.2' + [mainline]='1.27.4' + [stable]='1.26.3' ) # Current njs versions declare -A njs=( - [mainline]='0.8.8' - [stable]='0.8.8' + [mainline]='0.8.9' + [stable]='0.8.9' ) # Current njs patchlevel version @@ -49,7 +49,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.20' + [mainline]='3.21' [stable]='3.20' ) @@ -58,16 +58,16 @@ declare -A alpine=( # when building packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='0286c5190d972a49bffc9bf247885dd510ce8181' - [stable]='f43e929dc7a6111ef5d9ecb281a75749f7934261' + [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' + [stable]='${NGINX_VERSION}-${PKG_RELEASE}' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535' - [stable]='315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6' + [mainline]='973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845' + [stable]='3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea' ) get_packages() { @@ -210,7 +210,7 @@ for branch in "${branches[@]}"; do dynpkgver=$(get_packagever "$variant" "$branch" "dyn") buildtarget=$(get_buildtarget "$variant") - sed -i \ + gsed -i \ -e 's,%%ALPINE_VERSION%%,'"$alpinever"',' \ -e 's,%%DEBIAN_VERSION%%,'"$debianver"',' \ -e 's,%%DYNPKG_RELEASE%%,'"$dynpkgver"',' \ From 65d4bac3f6290fa9377d3f514510b0d1bf3b9f5d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Feb 2025 03:12:39 -0900 Subject: [PATCH 12/60] Bump aws-actions/configure-aws-credentials from 4.0.2 to 4.1.0 (#285) Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) from 4.0.2 to 4.1.0. - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws-actions/configure-aws-credentials/compare/e3dd6a429d7300a6a4c196c26e071d42e0343502...ececac1a45f3b08a01d2dd070d28d111c5fe6722) --- updated-dependencies: - dependency-name: aws-actions/configure-aws-credentials dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 6 +++--- .github/workflows/alpine-stable.yml | 6 +++--- .github/workflows/debian-mainline.yml | 4 ++-- .github/workflows/debian-stable.yml | 4 ++-- .github/workflows/image-cleanup.yml | 2 +- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 91ee2d2..f644457 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -48,7 +48,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -166,7 +166,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -284,7 +284,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index 48f4bb1..4f0c020 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -48,7 +48,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -158,7 +158,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -268,7 +268,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index 03095e0..251ceaf 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -48,7 +48,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -167,7 +167,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index a8f9e60..3263988 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -48,7 +48,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -159,7 +159,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} diff --git a/.github/workflows/image-cleanup.yml b/.github/workflows/image-cleanup.yml index e0cda00..afcbb3a 100644 --- a/.github/workflows/image-cleanup.yml +++ b/.github/workflows/image-cleanup.yml @@ -17,7 +17,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} From 5e0c7c560989d827f15a2659c72026cf341bb541 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Feb 2025 03:13:04 -0900 Subject: [PATCH 13/60] Bump stumpylog/image-cleaner-action from 0.9.0 to 0.10.0 (#284) Bumps [stumpylog/image-cleaner-action](https://github.com/stumpylog/image-cleaner-action) from 0.9.0 to 0.10.0. - [Release notes](https://github.com/stumpylog/image-cleaner-action/releases) - [Changelog](https://github.com/stumpylog/image-cleaner-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/stumpylog/image-cleaner-action/compare/5e55abae6a73c6b494013c4314e08e69298f4dc1...48f1aa2111ae929cea4a0e056045f7de0e1b2618) --- updated-dependencies: - dependency-name: stumpylog/image-cleaner-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/image-cleanup.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-cleanup.yml b/.github/workflows/image-cleanup.yml index afcbb3a..7394166 100644 --- a/.github/workflows/image-cleanup.yml +++ b/.github/workflows/image-cleanup.yml @@ -28,7 +28,7 @@ jobs: .github/workflows/scripts/delete-untagged-amazon-public-ecr-images.sh - name: Delete untagged NGINX Unprivileged Docker images on the GitHub Container Registry - uses: stumpylog/image-cleaner-action/untagged@5e55abae6a73c6b494013c4314e08e69298f4dc1 # v0.9.0 + uses: stumpylog/image-cleaner-action/untagged@48f1aa2111ae929cea4a0e056045f7de0e1b2618 # v0.10.0 with: is_org: true owner: nginxinc From 37ecde63e95e0a17dd2be2f69bbbdd11b7bf13a6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Feb 2025 16:34:44 -0900 Subject: [PATCH 14/60] Bump docker/build-push-action from 6.11.0 to 6.13.0 (#274) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.11.0 to 6.13.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/b32b51a8eda65d6793cd0494a773d4f6bcef32dc...ca877d9245402d1537745e0e356eab47c3520991) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 6 +++--- .github/workflows/alpine-stable.yml | 6 +++--- .github/workflows/debian-mainline.yml | 4 ++-- .github/workflows/debian-stable.yml | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index f644457..e723812 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -108,7 +108,7 @@ jobs: - name: Build and push NGINX mainline slim Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:mainline/alpine-slim" @@ -226,7 +226,7 @@ jobs: - name: Build and push NGINX mainline Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:mainline/alpine" @@ -344,7 +344,7 @@ jobs: - name: Build and push NGINX mainline perl Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:mainline/alpine-perl" diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index 4f0c020..cc4fb96 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -104,7 +104,7 @@ jobs: - name: Build and push NGINX stable slim Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:stable/alpine-slim" @@ -214,7 +214,7 @@ jobs: - name: Build and push NGINX stable Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:stable/alpine" @@ -324,7 +324,7 @@ jobs: - name: Build and push NGINX stable perl Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:stable/alpine-perl" diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index 251ceaf..29f6269 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -108,7 +108,7 @@ jobs: - name: Build and push NGINX mainline Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x @@ -227,7 +227,7 @@ jobs: - name: Build and push NGINX mainline perl Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index 3263988..50ed07f 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -104,7 +104,7 @@ jobs: - name: Build and push NGINX stable Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x @@ -215,7 +215,7 @@ jobs: - name: Build and push NGINX stable perl Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x From b98b2e0eb68ffebca7c7f57c10c91fc77b31a6a9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Feb 2025 16:34:54 -0900 Subject: [PATCH 15/60] Bump docker/setup-qemu-action from 3.3.0 to 3.4.0 (#280) Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/53851d14592bedcffcf25ea515637cff71ef929a...4574d27a4764455b42196d70a065bc6853246a25) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 6 +++--- .github/workflows/alpine-stable.yml | 6 +++--- .github/workflows/debian-mainline.yml | 4 ++-- .github/workflows/debian-stable.yml | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index e723812..d5f278e 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -41,7 +41,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 + uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 @@ -159,7 +159,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 + uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 @@ -277,7 +277,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 + uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index cc4fb96..5741d8e 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -41,7 +41,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 + uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 @@ -151,7 +151,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 + uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 @@ -261,7 +261,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 + uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index 29f6269..e882a82 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -41,7 +41,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 + uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 @@ -160,7 +160,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 + uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index 50ed07f..e39f2ca 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -41,7 +41,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 + uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 @@ -152,7 +152,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 + uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 From f94d0d63bf731c603b23b02d9abfa63207ffe914 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Feb 2025 16:35:11 -0900 Subject: [PATCH 16/60] Bump docker/setup-buildx-action from 3.8.0 to 3.9.0 (#279) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.8.0 to 3.9.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/6524bf65af31da8d45b59e8c27de4bd072b392f5...f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 6 +++--- .github/workflows/alpine-stable.yml | 6 +++--- .github/workflows/debian-mainline.yml | 4 ++-- .github/workflows/debian-stable.yml | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index d5f278e..dfe8670 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -44,7 +44,7 @@ jobs: uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 + uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -162,7 +162,7 @@ jobs: uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 + uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -280,7 +280,7 @@ jobs: uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 + uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index 5741d8e..bb6d0a2 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -44,7 +44,7 @@ jobs: uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 + uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -154,7 +154,7 @@ jobs: uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 + uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -264,7 +264,7 @@ jobs: uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 + uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index e882a82..469f466 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -44,7 +44,7 @@ jobs: uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 + uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -163,7 +163,7 @@ jobs: uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 + uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index e39f2ca..a6b5d38 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -44,7 +44,7 @@ jobs: uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 + uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -155,7 +155,7 @@ jobs: uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 + uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} From a3619811871697cbe0bd55797ed72c6757f5b2c6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Mar 2025 08:06:32 -0800 Subject: [PATCH 17/60] Bump docker/build-push-action from 6.13.0 to 6.15.0 (#292) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.13.0 to 6.15.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/ca877d9245402d1537745e0e356eab47c3520991...471d1dc4e07e5cdedd4c2171150001c434f0b7a4) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 6 +++--- .github/workflows/alpine-stable.yml | 6 +++--- .github/workflows/debian-mainline.yml | 4 ++-- .github/workflows/debian-stable.yml | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index dfe8670..f273cf0 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -108,7 +108,7 @@ jobs: - name: Build and push NGINX mainline slim Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:mainline/alpine-slim" @@ -226,7 +226,7 @@ jobs: - name: Build and push NGINX mainline Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:mainline/alpine" @@ -344,7 +344,7 @@ jobs: - name: Build and push NGINX mainline perl Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:mainline/alpine-perl" diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index bb6d0a2..15411e2 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -104,7 +104,7 @@ jobs: - name: Build and push NGINX stable slim Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:stable/alpine-slim" @@ -214,7 +214,7 @@ jobs: - name: Build and push NGINX stable Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:stable/alpine" @@ -324,7 +324,7 @@ jobs: - name: Build and push NGINX stable perl Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:stable/alpine-perl" diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index 469f466..c53e0cd 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -108,7 +108,7 @@ jobs: - name: Build and push NGINX mainline Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x @@ -227,7 +227,7 @@ jobs: - name: Build and push NGINX mainline perl Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index a6b5d38..2026c5f 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -104,7 +104,7 @@ jobs: - name: Build and push NGINX stable Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x @@ -215,7 +215,7 @@ jobs: - name: Build and push NGINX stable perl Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x From 425a025971d3c4675f33fd4ff10b2de687b89782 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Mar 2025 03:37:23 -0800 Subject: [PATCH 18/60] Bump docker/metadata-action from 5.6.1 to 5.7.0 (#289) Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/369eb591f429131d6889c46b94e711f089e6ca96...902fa8ec7d6ecbf8d84d538b9b233a880e428804) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 6 +++--- .github/workflows/alpine-stable.yml | 6 +++--- .github/workflows/debian-mainline.yml | 4 ++-- .github/workflows/debian-stable.yml | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index f273cf0..134e00c 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -85,7 +85,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: | docker.io/nginxinc/nginx-unprivileged @@ -203,7 +203,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: | docker.io/nginxinc/nginx-unprivileged @@ -321,7 +321,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: | docker.io/nginxinc/nginx-unprivileged diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index 15411e2..06bb177 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -85,7 +85,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: | docker.io/nginxinc/nginx-unprivileged @@ -195,7 +195,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: | docker.io/nginxinc/nginx-unprivileged @@ -305,7 +305,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: | docker.io/nginxinc/nginx-unprivileged diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index c53e0cd..515e43a 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -85,7 +85,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: | docker.io/nginxinc/nginx-unprivileged @@ -204,7 +204,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: | docker.io/nginxinc/nginx-unprivileged diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index 2026c5f..fd7f202 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -85,7 +85,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: | docker.io/nginxinc/nginx-unprivileged @@ -196,7 +196,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: | docker.io/nginxinc/nginx-unprivileged From 03815aa45265dfea6b7073f042405090250c743f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Mar 2025 03:37:36 -0800 Subject: [PATCH 19/60] Bump docker/setup-qemu-action from 3.4.0 to 3.6.0 (#290) Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.4.0 to 3.6.0. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/4574d27a4764455b42196d70a065bc6853246a25...29109295f81e9208d7d86ff1c6c12d2833863392) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 6 +++--- .github/workflows/alpine-stable.yml | 6 +++--- .github/workflows/debian-mainline.yml | 4 ++-- .github/workflows/debian-stable.yml | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 134e00c..acd88e9 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -41,7 +41,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 @@ -159,7 +159,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 @@ -277,7 +277,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index 06bb177..25910e5 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -41,7 +41,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 @@ -151,7 +151,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 @@ -261,7 +261,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index 515e43a..3d5e6f9 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -41,7 +41,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 @@ -160,7 +160,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index fd7f202..41ace07 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -41,7 +41,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 @@ -152,7 +152,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 From 3dd602719a37ff9b6095c44d4fd7f35b3c07b012 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Mar 2025 03:37:46 -0800 Subject: [PATCH 20/60] Bump docker/setup-buildx-action from 3.9.0 to 3.10.0 (#291) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.9.0 to 3.10.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca...b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 6 +++--- .github/workflows/alpine-stable.yml | 6 +++--- .github/workflows/debian-mainline.yml | 4 ++-- .github/workflows/debian-stable.yml | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index acd88e9..bc2243d 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -44,7 +44,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -162,7 +162,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -280,7 +280,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index 25910e5..21f3470 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -44,7 +44,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -154,7 +154,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -264,7 +264,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index 3d5e6f9..bfe9105 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -44,7 +44,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -163,7 +163,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index 41ace07..75812d4 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -44,7 +44,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -155,7 +155,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} From 7ad36977ff51f66405298a9366400ba50881b3f3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Mar 2025 06:17:56 -0800 Subject: [PATCH 21/60] Bump docker/login-action from 3.3.0 to 3.4.0 (#294) Bumps [docker/login-action](https://github.com/docker/login-action) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/9780b0c442fbb1117ed29e0efdff1e18412f7567...74a5d142397b4f367a81961eba4e8cd7edddf772) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 24 ++++++++++++------------ .github/workflows/alpine-stable.yml | 24 ++++++++++++------------ .github/workflows/debian-mainline.yml | 16 ++++++++-------- .github/workflows/debian-stable.yml | 16 ++++++++-------- 4 files changed, 40 insertions(+), 40 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index bc2243d..b28d293 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -56,20 +56,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -77,7 +77,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} @@ -174,20 +174,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -195,7 +195,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} @@ -292,20 +292,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -313,7 +313,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index 21f3470..11c3c12 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -56,20 +56,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -77,7 +77,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} @@ -166,20 +166,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -187,7 +187,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} @@ -276,20 +276,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -297,7 +297,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index bfe9105..0b05c85 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -56,20 +56,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -77,7 +77,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} @@ -175,20 +175,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -196,7 +196,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index 75812d4..84ef9d2 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -56,20 +56,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -77,7 +77,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} @@ -167,20 +167,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -188,7 +188,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} From 25a2b8dd7ccda2be16a7379b4492c2131adac29c Mon Sep 17 00:00:00 2001 From: Dylen Turnbull <37633141+DylenTurnbull@users.noreply.github.com> Date: Tue, 25 Mar 2025 07:17:45 -0700 Subject: [PATCH 22/60] docs: Update community files Co-Authored-By: Alessandro Fael Garcia --- .github/CODEOWNERS | 5 ++ .github/ISSUE_TEMPLATE/bug_report.md | 32 ---------- .github/ISSUE_TEMPLATE/bug_report.yml | 67 ++++++++++++++++++++ .github/ISSUE_TEMPLATE/config.yml | 12 ++++ .github/ISSUE_TEMPLATE/feature_request.md | 22 ------- .github/ISSUE_TEMPLATE/feature_request.yml | 41 ++++++++++++ .github/ISSUE_TEMPLATE/security_report.md | 27 -------- .github/ISSUE_TEMPLATE/security_report.yml | 35 ++++++++++ .github/pull_request_template.md | 9 +-- .github/scorecard.yml | 7 ++ .github/workflows/f5_cla.yml | 42 ++++++++++++ .github/workflows/ossf_scorecard.yml | 52 +++++++++++++++ CODE_OF_CONDUCT.md | 21 +++--- CONTRIBUTING.md | 74 ++++++++++------------ README.md | 39 ++++++------ SECURITY.md | 24 +++---- SUPPORT.md | 20 +++--- 17 files changed, 350 insertions(+), 179 deletions(-) create mode 100644 .github/CODEOWNERS delete mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/bug_report.yml create mode 100644 .github/ISSUE_TEMPLATE/config.yml delete mode 100644 .github/ISSUE_TEMPLATE/feature_request.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.yml delete mode 100644 .github/ISSUE_TEMPLATE/security_report.md create mode 100644 .github/ISSUE_TEMPLATE/security_report.yml create mode 100644 .github/scorecard.yml create mode 100644 .github/workflows/f5_cla.yml create mode 100644 .github/workflows/ossf_scorecard.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..268b223 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,5 @@ +##################### +# Main global owner # +##################### + +* diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index d67363b..0000000 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,32 +0,0 @@ ---- -name: Bug report -about: Create a bug report to help us improve -title: "" -labels: "" -assignees: "" ---- -### Describe the bug - -A clear and concise description of what the bug is. - -### To reproduce - -Steps to reproduce the behavior: - -1. Deploy NGINX Unprivileged Docker image -2. View output/logs/configuration on '...' -3. See error - -### Expected behavior - -A clear and concise description of what you expected to happen. - -### Your environment - -- Version of Docker and method of installation (e.g. Docker Desktop / Docker Server) -- Version/tag of the NGINX Unprivileged Docker image (e.g. `nginxinc/nginx-unprivileged:alpine`) -- Target deployment environment/platform (e.g. OpenShift / Kubernetes / Docker Compose / etc...) - -### Additional context - -Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 0000000..b9048c2 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,67 @@ +--- +name: 🐛 Bug report +description: Create a report to help us improve +labels: bug +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! + + Before you continue filling out this report, please take a moment to check that your bug has not been [already reported on GitHub][issue search] 🙌 + + Remember to redact any sensitive information such as authentication credentials and/or license keys! + + **Note:** If you are seeking community support or have a question, please consider starting a new thread via [GitHub discussions][discussions] or the [NGINX Community forum][forum]. + + [issue search]: ../search?q=is%3Aissue&type=issues + + [discussions]: ../discussions + [forum]: https://community.nginx.org + + - type: textarea + id: overview + attributes: + label: Bug Overview + description: A clear and concise overview of the bug. + placeholder: When I do "X" with the NGINX unprivileged Docker image, "Y" happens instead of "Z". + validations: + required: true + + - type: textarea + id: behavior + attributes: + label: Expected Behavior + description: A clear and concise description of what you expected to happen. + placeholder: When I do "X" with the NGINX unprivileged Docker image, I expect "Z" to happen. + validations: + required: true + + - type: textarea + id: steps + attributes: + label: Steps to Reproduce the Bug + description: Detail the series of steps required to reproduce the bug. Deploy NGINX Unprivileged Docker image, View output/logs/configuration on '...', See error. + placeholder: When I run the NGINX Docker unprivileged image using [...], the image fails with an error message. If I check the terminal outputs and/or logs, I see the following error info. + validations: + required: true + + - type: textarea + id: environment + attributes: + label: Environment Details + description: Please provide details about your environment. + value: | + - Version of Docker and method of installation: [e.g. Docker Desktop / Docker Server] + - Version/tag of the NGINX Docker unprivileged image or specific commit: [e.g. 1.4.3/commit hash] + - Target deployment platform: [e.g. OpenShift/Kubernetes/Docker Compose/local cluster/etc...] + - Target OS: [e.g. RHEL 9/Ubuntu 24.04/etc...] + validations: + required: true + + - type: textarea + id: context + attributes: + label: Additional Context + description: Add any other context about the problem here. + placeholder: Feel free to add any other context/information/screenshots/etc... that you think might be relevant to this issue in here. diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..3f7850f --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,12 @@ +--- +blank_issues_enabled: false +contact_links: + - name: 💬 Talk to the NGINX community! + url: https://community.nginx.org + about: A community forum for NGINX users, developers, and contributors + - name: 📝 Code of Conduct + url: https://www.contributor-covenant.org/version/2/1/code_of_conduct + about: NGINX follows the Contributor Covenant Code of Conduct to ensure a safe and inclusive community + - name: 💼 For commercial & enterprise users + url: https://www.f5.com/products/nginx + about: F5 offers a wide range of NGINX products for commercial & enterprise users diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md deleted file mode 100644 index bb6fb0f..0000000 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -name: Feature request -about: Suggest an idea for this project -title: "" -labels: "" -assignees: "" ---- -### Is your feature request related to a problem? Please describe - -A clear and concise description of what the problem is. Ex. I'm always frustrated when ... - -### Describe the solution you'd like - -A clear and concise description of what you want to happen. - -### Describe alternatives you've considered - -A clear and concise description of any alternative solutions or features you've considered. - -### Additional context - -Add any other context or screenshots about the feature request here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 0000000..b1a3fcb --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,41 @@ +--- +name: ✨ Feature request +description: Suggest an idea for this project +labels: enhancement +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this feature request! + + Before you continue filling out this request, please take a moment to check that your feature has not been [already requested on GitHub][issue search] 🙌 + + **Note:** If you are seeking community support or have a question, please consider starting a new thread via [GitHub discussions][discussions] or the [NGINX Community forum][forum]. + + [issue search]: ../search?q=is%3Aissue&type=issues + + [discussions]: ../discussions + [forum]: https://community.nginx.org + + - type: textarea + id: overview + attributes: + label: Feature Overview + description: A clear and concise description of what the feature request is. + placeholder: I would like the NGINX Docker unprivileged image to be able to do "X". + validations: + required: true + + - type: textarea + id: alternatives + attributes: + label: Alternatives Considered + description: Detail any potential alternative solutions/workarounds you've used or considered. + placeholder: I have done/might be able to do "X" using the NGINX Docker unprivileged image by doing "Y". + + - type: textarea + id: context + attributes: + label: Additional Context + description: Add any other context about the problem here. + placeholder: Feel free to add any other context/information/screenshots/etc... that you think might be relevant to this feature request here. diff --git a/.github/ISSUE_TEMPLATE/security_report.md b/.github/ISSUE_TEMPLATE/security_report.md deleted file mode 100644 index 0e79284..0000000 --- a/.github/ISSUE_TEMPLATE/security_report.md +++ /dev/null @@ -1,27 +0,0 @@ ---- -name: Security report -about: Create a security report to help us improve -title: "" -labels: "" -assignees: "" ---- -### Describe the bug - -A clear and concise description of what the security vulnerability is. - -### To reproduce - -Steps to reproduce the behavior: - -1. Deploy NGINX Unprivileged Docker image -2. View output/logs/configuration on '...' -3. See error - -### Your environment - -- Version of the NGINX Unprivileged Docker image -- Target deployment environment/platform - -### Additional context - -Does this security vulnerability relate to one of the NGINX libraries specified in the [`SECURITY`](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/SECURITY.md) doc? diff --git a/.github/ISSUE_TEMPLATE/security_report.yml b/.github/ISSUE_TEMPLATE/security_report.yml new file mode 100644 index 0000000..7f73b00 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/security_report.yml @@ -0,0 +1,35 @@ +--- +name: ⚠️ Security advisory +description: Warn of a security advisory +labels: security +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this security advisory! + + Before you continue filling out this request, please take a moment to check that your advisory complies with the guidance in the [security documentation][security] and has not been [already reported on GitHub][issue search] 🙌 + + **Note:** If you are seeking community support or have a question, please consider starting a new thread via [GitHub discussions][discussions] or the [NGINX Community forum][forum]. + + [security]: https://github.com/nginx/docker-nginx-unprivileged/blob/main/SECURITY.md + [issue search]: ../search?q=is%3Aissue&type=issues + + [discussions]: ../discussions + [forum]: https://community.nginx.org + + - type: textarea + id: overview + attributes: + label: Security advisory overview + description: A clear and concise description of what the security advisory is. + placeholder: The NGINX Docker unprivileged image is vulnerable to CVE "X". + validations: + required: true + + - type: textarea + id: context + attributes: + label: Additional Context + description: Add any other context about the problem here. + placeholder: Feel free to add any other context/information/screenshots/etc... that you think might be relevant to this security advisory here. diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index a054d33..87a9619 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -6,7 +6,8 @@ Describe the use case and detail of the change. If this PR addresses an issue on Before creating a PR, run through this checklist and mark each as complete: -- [ ] I have read the [`CONTRIBUTING`](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/CONTRIBUTING.md) document -- [ ] I have run `./update.sh` and ensured all entrypoint/Dockerfile template changes have been applied to the relevant image entrypoint scripts & Dockerfiles -- [ ] I have tested that the NGINX Unprivileged Docker images build and run correctly on all supported architectures on an unprivileged environment (check out the [`README`](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/README.md) for more details) -- [ ] I have updated any relevant documentation ([`README`](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/README.md)) +- [ ] I have read the [contributing guidelines](/CONTRIBUTING.md) +- [ ] I have signed the [F5 Contributor License Agreement (CLA)](https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md) +- [ ] I have run the [`update.sh`](/update.sh) script and ensured all entrypoint/Dockerfile template changes have been applied to the relevant image entrypoint scripts & Dockerfiles +- [ ] I have tested that the NGINX Docker unprivileged image builds and runs correctly on all supported architectures on an unprivileged environment (check out the [`README`](/README.md) for more details) +- [ ] I have updated any relevant documentation ([`README.md`](/README.md)) diff --git a/.github/scorecard.yml b/.github/scorecard.yml new file mode 100644 index 0000000..3bae359 --- /dev/null +++ b/.github/scorecard.yml @@ -0,0 +1,7 @@ +--- +annotations: + - checks: + - fuzzing + - sast + reasons: + - reason: not-applicable diff --git a/.github/workflows/f5_cla.yml b/.github/workflows/f5_cla.yml new file mode 100644 index 0000000..fd93801 --- /dev/null +++ b/.github/workflows/f5_cla.yml @@ -0,0 +1,42 @@ +--- +name: F5 CLA +on: + issue_comment: + types: [created] + pull_request_target: + types: [opened, closed, synchronize] +permissions: read-all +jobs: + f5-cla: + name: F5 CLA + runs-on: ubuntu-24.04 + permissions: + actions: write + pull-requests: write + statuses: write + steps: + - name: Run F5 Contributor License Agreement (CLA) assistant + if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have hereby read the F5 CLA and agree to its terms') || github.event_name == 'pull_request_target' + uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 # v2.6.1 + with: + # Any pull request targeting the following branch will trigger a CLA check. + # NOTE: You might need to edit this value to 'master'. + branch: main + # Path to the CLA document. + path-to-document: https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md + # Custom CLA messages. + custom-notsigned-prcomment: '🎉 Thank you for your contribution! It appears you have not yet signed the [F5 Contributor License Agreement (CLA)](https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md), which is required for your changes to be incorporated into an F5 Open Source Software (OSS) project. Please kindly read the [F5 CLA](https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md) and reply on a new comment with the following text to agree:' + custom-pr-sign-comment: 'I have hereby read the F5 CLA and agree to its terms' + custom-allsigned-prcomment: '✅ All required contributors have signed the F5 CLA for this PR. Thank you!' + # Remote repository storing CLA signatures. + remote-organization-name: f5 + remote-repository-name: f5-cla-data + path-to-signatures: signatures/signatures.json + # Comma separated list of usernames for maintainers or any other individuals who should not be prompted for a CLA. + # NOTE: You will want to edit the usernames to suit your project needs. + allowlist: bot* + # Do not lock PRs after a merge. + lock-pullrequest-aftermerge: false + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PERSONAL_ACCESS_TOKEN: ${{ secrets.F5_CLA_TOKEN }} diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml new file mode 100644 index 0000000..21d114a --- /dev/null +++ b/.github/workflows/ossf_scorecard.yml @@ -0,0 +1,52 @@ +--- +# This workflow uses actions that are not certified by GitHub. They are provided by a third-party and are governed by separate terms of service, privacy policy, and support documentation. +name: OSSF Scorecard +on: + # For Branch-Protection check. Only the default branch is supported. See https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection. + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained. + schedule: + - cron: "0 0 * * 1" + push: + branches: [main] + workflow_dispatch: +# Declare default permissions as read only. +permissions: read-all +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-24.04 + # Delete the conditional below if you are using the OSSF Scorecard on a private repository. + if: ${{ github.event.repository.private == false }} + permissions: + # Needed if using Code Scanning alerts. + security-events: write + # Needed for GitHub OIDC token if publish_results is true. + id-token: write + steps: + - name: Check out the codebase + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + + - name: Run analysis + uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 + with: + results_file: results.sarif + results_format: sarif + # Publish the results for public repositories to enable scorecard badges. For more details, see https://github.com/ossf/scorecard-action#publishing-results. + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF format to the repository Actions tab. + - name: Upload artifact + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard. + - name: Upload SARIF results to code scanning + uses: github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12 + with: + sarif_file: results.sarif diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 0c6130c..e18d370 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -10,20 +10,19 @@ We pledge to act and interact in ways that contribute to an open, welcoming, div Examples of behavior that contributes to a positive environment for our community include: -- Demonstrating empathy and kindness toward other people -- Being respectful of differing opinions, viewpoints, and experiences -- Giving and gracefully accepting constructive feedback -- Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience -- Focusing on what is best not just for us as individuals, but for the overall community +- Demonstrating empathy and kindness toward other people. +- Being respectful of differing opinions, viewpoints, and experiences. +- Giving and gracefully accepting constructive feedback. +- Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience. +- Focusing on what is best not just for us as individuals, but for the overall community. Examples of unacceptable behavior include: -- The use of sexualized language or imagery, and sexual attention or advances of - any kind -- Trolling, insulting or derogatory comments, and personal or political attacks -- Public or private harassment -- Publishing others' private information, such as a physical or email address, without their explicit permission -- Other conduct which could reasonably be considered inappropriate in a professional setting +- The use of sexualized language or imagery, and sexual attention or advances of any kind. +- Trolling, insulting or derogatory comments, and personal or political attacks. +- Public or private harassment. +- Publishing others' private information, such as a physical or email address, without their explicit permission. +- Other conduct which could reasonably be considered inappropriate in a professional setting. ## Enforcement Responsibilities diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 8b4d720..38f28e1 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,67 +1,59 @@ # Contributing Guidelines -The following is a set of guidelines for contributing to the Docker Unprivileged NGINX image. We really appreciate that you are considering contributing! +The following is a set of guidelines for contributing to the NGINX Docker unprivileged image. We really appreciate that you are considering contributing! #### Table Of Contents -[Ask a Question](#ask-a-question) +- [Getting Started](#getting-started) +- [Contributing](#contributing) +- [Code Guidelines](#code-guidelines) -[Project Overview](#project-overview) +## Getting Started -[Contributing](#contributing) - -[Code Guidelines](#code-guidelines) - -* [Docker NGINX Unprivileged Guidelines](#docker-nginx-unprivileged-guidelines) -* [Git Guidelines](#git-guidelines) - -[Code of Conduct](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/CODE_OF_CONDUCT.md) - -## Ask a Question - -Don't know how something works? Curious if the role can achieve your desired functionality? Please open an Issue on GitHub with the label `question`. - -### Project Overview - -* The Docker Unprivileged NGINX repository is a mirror image of the [Docker NGINX image](https://github.com/nginxinc/docker-nginx). Changes have been made in order to support running NGINX in an unprivileged environment. -* New Docker Unprivileged NGINX images are built on a weekly basis using GitHub actions. +Look at the upstream Docker image [how to use this image guide](https://hub.docker.com/_/nginx/) to get the NGINX Docker unprivileged image up and running. ## Contributing ### Report a Bug -To report a bug, open an issue on GitHub with the label `bug` using the available bug report issue template. Please ensure the issue has not already been reported. +To report a bug, open an issue on GitHub with the label `bug` using the available [bug report issue form](/.github/ISSUE_TEMPLATE/bug_report.yml). Please ensure the bug has not already been reported. **If the bug is a potential security vulnerability, please report it using our [security policy](/SECURITY.md).** -### Report a Security vulnerability +### Suggest a Feature or Enhancement -To report a security vulnerability, open an issue on GitHub with the label `security` using the available security report issue template. Please ensure the security vulnerability directly impacts one of the NGINX dependencies listed in the [`SECURITY`](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/SECURITY.md) doc. Other security vulnerabilities should be addressed by the weekly Monday night build and as such will be promptly closed. +To suggest a feature or enhancement, please create an issue on GitHub with the label `enhancement` using the available [feature request issue form](/.github/ISSUE_TEMPLATE/feature_request.yml). Please ensure the feature or enhancement has not already been suggested. -### Suggest a Feature or Enhancement +### Open a Pull Request (PR) -To suggest an enhancement, please create an issue on GitHub with the label `feature` or `enhancement` using the available feature issue template. +- Fork the repo, create a branch, implement your changes, test that the corresponding Docker images can be built and run as intended, and submit a PR when your changes are **tested** and ready for review. +- Fill in the [PR template](/.github/pull_request_template.md). +- This repository is a mirror image of the upstream [NGINX Docker image](https://github.com/nginxinc/docker-nginx) with minor changes in order to support running NGINX in an unprivileged environment. As such only two types of PRs will be considered: -### Open a Pull Request + 1. PRs that incorporate changes made to the upstream image that have not yet been ported to this image (e.g. there's a new NGINX release). + 2. PRs that add a critical feature or a nice-to-have enhancement for running these images on an unprivileged environment (e.g. allowing users specify to the UID/GID of the image user). -* Fork the repo, create a branch, implement your changes, test that the corresponding Docker images can be built and run as intended, and submit a PR when your changes are **tested** and ready for review. -* Fill in [our pull request template](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/.github/pull_request_template.md). +**Note:** If you'd like to implement a new feature, please consider creating a [feature request issue](/.github/ISSUE_TEMPLATE/feature_request.yml) first to start a discussion about the feature. -Note: if you'd like to implement a new feature, please consider creating a feature request issue first to start a discussion about the feature. +#### F5 Contributor License Agreement (CLA) -## Code Guidelines +F5 requires all contributors to agree to the terms of the F5 CLA (available [here](https://github.com/f5/f5-cla/.github/blob/main/docs/f5_cla.md)) before any of their changes can be incorporated into an F5 Open Source repository (even contributions to the F5 CLA itself!). + +If you have not yet agreed to the F5 CLA terms and submit a PR to this repository, a bot will prompt you to view and agree to the F5 CLA. You will have to agree to the F5 CLA terms through a comment in the PR before any of your changes can be merged. Your agreement signature will be safely stored by F5 and no longer be required in future PRs. -### Docker NGINX Unprivileged Guidelines +## Code Guidelines -Given this repository is a mirror image of the upstream [Docker NGINX image](https://github.com/nginxinc/docker-nginx), only two types of PRs will be considered: +### Docker Guidelines -1. PRs that incorporate changes made to upstream images (e.g. there's a new NGINX release). -2. PRs that add a critical feature or a nice-to-have enhancement for running these images on an unprivileged environment (e.g. allowing users specify to the UID/GID of the image user). +- Update any entrypoint scripts via the the scripts contained in the [`/entrypoint`](/entrypoint) directory. +- Update any Dockerfiles via the Dockerfile templates in the root directory (e.g. [`Dockerfile-alpine.template`](/Dockerfile-alpine.template)). +- Run the [`./update.sh`](/update.sh) script to apply all entrypoint/Dockerfile template changes to the relevant image entrypoints & Dockerfiles. ### Git Guidelines -* Keep a clean, concise and meaningful git commit history on your branch (within reason), rebasing locally and squashing before submitting a PR. -* Follow the guidelines of writing a good commit message as described here and summarised in the next few points: - * In the subject line, use the present tense ("Add feature" not "Added feature"). - * In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to..."). - * Limit the subject line to 72 characters or less. - * Reference issues and pull requests liberally after the subject line. - * Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in your text editor to write a good message instead of `git commit -am`). +- Keep a clean, concise and meaningful git commit history on your branch (within reason), rebasing locally and squashing before submitting a PR. +- If possible and/or relevant, use the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) format when writing a commit message, so that changelogs can be automatically generated. +- Follow the guidelines of writing a good commit message as described here and summarized in the next few points: + - In the subject line, use the present tense ("Add feature" not "Added feature"). + - In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to..."). + - Limit the subject line to 72 characters or less. + - Reference issues and pull requests liberally after the subject line. + - Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in your text editor to write a good message instead of `git commit -am`). diff --git a/README.md b/README.md index 8beb898..8b98139 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,18 @@ +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/nginx/docker-nginx-unprivileged/badge)](https://securityscorecards.dev/viewer/?uri=github.com/nginx/docker-nginx-unprivileged) [![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active) -[![Community Support](https://badgen.net/badge/support/community/cyan?icon=awesome)](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/SUPPORT.md) -[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg)](https://github.com/nginxinc/docker-nginx-unprivileged/main/CODE_OF_CONDUCT.md) +[![Community Support](https://badgen.net/badge/support/community/cyan?icon=awesome)](/SUPPORT.md) +[![Community Forum](https://img.shields.io/badge/community-forum-009639?logo=discourse&link=https%3A%2F%2Fcommunity.nginx.org)](https://community.nginx.org) +[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/license/apache-2-0) +[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg)](/CODE_OF_CONDUCT.md) # NGINX Unprivileged Docker Image This repo contains a series of Dockerfiles to create an NGINX Docker image that runs NGINX as a non root, unprivileged user. Notable differences with respect to the official [NGINX Docker](https://github.com/nginxinc/docker-nginx) image include: -* The default NGINX listen port is now `8080` instead of `80` (this is no longer necessary as of Docker `20.03` but it's still required in other container runtimes) -* The default NGINX user directive in `/etc/nginx/nginx.conf` has been removed -* The default NGINX PID has been moved from `/var/run/nginx.pid` to `/tmp/nginx.pid` -* Change `*_temp_path` variables to `/tmp/*` +- The default NGINX listen port is now `8080` instead of `80` (this is no longer necessary as of Docker `20.03` but it's still required in other container runtimes) +- The default NGINX user directive in `/etc/nginx/nginx.conf` has been removed +- The default NGINX PID has been moved from `/var/run/nginx.pid` to `/tmp/nginx.pid` +- Change `*_temp_path` variables to `/tmp/*` New images are built and pushed to on a weekly basis (every Monday night). @@ -21,10 +24,10 @@ Check out the [docs](https://hub.docker.com/_/nginx) for the upstream Docker NGI You can find pre-built images in each of the following registries: -* Amazon ECR - -* Docker Hub - -* GitHub Container Registry - -* Quay - +- Amazon ECR - +- Docker Hub - +- GitHub Container Registry - +- Quay - ### Architectures @@ -32,15 +35,15 @@ Most images are built for the `amd64`, `arm32v5` (for Debian), `arm32v6` (for Al ## Troubleshooting Tips -* If you wish to use a different user ID and/or group ID when running the Docker Unprivileged image, rebuild the image using the following Docker build arguments: +- If you wish to use a different user ID and/or group ID when running the Docker Unprivileged image, rebuild the image using the following Docker build arguments: ```bash docker build --build-arg UID= --build-arg GID= -t nginx-unprivileged . ``` -* If you override the default `nginx.conf` file you may encounter various types of error messages: - * To fix `nginx: [emerg] open() "/var/run/nginx.pid" failed (13: Permission denied)`, you have to specify a valid `pid` location by adding the line `pid /tmp/nginx.pid;` at the top level of your config. - * To fix `nginx: [emerg] mkdir() "/var/cache/nginx/client_temp" failed (30: Read-only file system)`, you have to specify a valid location for the various NGINX temporary paths by adding these lines within the `http` context: +- If you override the default `nginx.conf` file you may encounter various types of error messages: + - To fix `nginx: [emerg] open() "/var/run/nginx.pid" failed (13: Permission denied)`, you have to specify a valid `pid` location by adding the line `pid /tmp/nginx.pid;` at the top level of your config. + - To fix `nginx: [emerg] mkdir() "/var/cache/nginx/client_temp" failed (30: Read-only file system)`, you have to specify a valid location for the various NGINX temporary paths by adding these lines within the `http` context: ```nginx http { @@ -53,7 +56,7 @@ Most images are built for the `amd64`, `arm32v5` (for Debian), `arm32v6` (for Al } ``` -## On Reporting Issues +## On Reporting Issues and Opening PRs Whilst issues and PRs are welcome, please do note that: @@ -63,10 +66,10 @@ Whilst issues and PRs are welcome, please do note that: ## Contributing -Please see the [contributing guide](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/CONTRIBUTING.md) for guidelines on how to best contribute to this project. +Please see the [contributing guide](/CONTRIBUTING.md) for guidelines on how to best contribute to this project. ## License -[Apache License, Version 2.0](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/LICENSE) +[Apache License, Version 2.0](/LICENSE) -© [F5, Inc.](https://www.f5.com/) 2018 - 2024 +© [F5, Inc.](https://www.f5.com/) 2018 - 2025 diff --git a/SECURITY.md b/SECURITY.md index 75d58e3..3e3607a 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,13 +2,20 @@ ## Latest Versions -We advise users to run or update to the most recent release of the NGINX Docker Unprivileged image. Older versions of the NGINX Docker Unprivileged image may not have all enhancements and/or bug fixes applied to them. +We advise users to run or update to the most recent release of the NGINX Docker unprivileged image. Older versions of the NGINX Docker unprivileged image may not have all enhancements and/or bug fixes applied to them. ## Reporting a Vulnerability -### Docker NGINX Unprivileged Image +The F5 Security Incident Response Team (F5 SIRT) offers two methods to easily report potential security vulnerabilities: -If you find a security vulnerability that directly affects a direct NGINX library dependency we encourage you open an issue detailing the security vulnerability. +- If you’re an F5 customer with an active support contract, please contact [F5 Technical Support](https://www.f5.com/support). +- If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities in any F5 product to the F5 Security Incident Response Team at . + +For more information, please read the F5 SIRT vulnerability reporting guidelines available at [https://www.f5.com/support/report-a-vulnerability](https://www.f5.com/support/report-a-vulnerability). + +## CVEs to be considered + +If you find a security vulnerability that directly affects a direct NGINX library dependency we encourage you open an issue detailing the security vulnerability. ***Only vulnerabilities related to to direct NGINX library dependencies will be considered. Other security vulnerabilities will be addressed by the weekly Monday night build and as such will be ignored/promptly closed.*** For reference, the direct NGINX library dependencies are: @@ -25,14 +32,3 @@ For reference, the direct NGINX library dependencies are: - `libpcre2` - `libssl` - `libz` - -***Note: Only vulnerabilities related to direct NGINX library dependencies will be considered. Other security vulnerabilities should be addressed by the weekly Monday night build and as such will be promptly closed.*** - -### Codebase - -If you find a security vulnerability that affects the codebase, we encourage you to report it to the F5 Security Incident Response Team (F5 SIRT): - -- If you’re an F5 customer with an active support contract, please contact [F5 Technical Support](https://www.f5.com/services/support). -- If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities with any F5 product to the F5 Security Incident Response Team at . - -For more information visit [https://www.f5.com/services/support/report-a-vulnerability](https://www.f5.com/services/support/report-a-vulnerability). diff --git a/SUPPORT.md b/SUPPORT.md index bbcd998..0d9c8b4 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -4,25 +4,21 @@ We use GitHub for tracking bugs and feature requests related to all the Docker NGINX images (including all variants and container registries). -Don't know how something in this project works? Curious if this project can achieve your desired functionality? Please open an issue on GitHub with the label `question`. +Don't know how something in this project works? Curious if this project can achieve your desired functionality? Please open an issue on GitHub with the label `question`. Alternatively, start a GitHub discussion! ## NGINX Specific Questions and/or Issues This isn't the right place to get support for NGINX specific questions, but the following resources are available below. Thanks for your understanding! -### Community Slack +### Community Forum -We have a community [Slack](https://nginxcommunity.slack.com/)! - -If you are not a member, click [here](https://community.nginx.org/joinslack) to sign up (and let us know if the link does not seem to be working!) - -Once you join, check out the `#beginner-questions` and `nginx-users` channels :) +We have a community [forum](https://community.nginx.org/)! If you have any questions and/or issues, try checking out the [`Troubleshooting`](https://community.nginx.org/c/troubleshooting/8) and [`How do I...?`](https://community.nginx.org/c/how-do-i/9) categories. Both fellow community members and NGINXers might be able to help you! :) ### Documentation For a comprehensive list of all NGINX directives, check out . -For a comprehensive list of admin and deployment guides for all NGINX products, check out . +For a comprehensive list of administration and deployment guides for all NGINX products, check out . ### Mailing List @@ -30,8 +26,12 @@ Want to get in touch with the NGINX development team directly? Try using the rel ## Contributing -Please see the [contributing guide](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/CONTRIBUTING.md) for guidelines on how to best contribute to this project. +Please see the [contributing guide](/CONTRIBUTING.md) for guidelines on how to best contribute to this project. ## Commercial Support -Commercial support for this project may be available. Please get in touch with [NGINX sales](https://www.nginx.com/contact-sales/) or check your contract details for more info! +Commercial support for this project may be available. Please get in touch with [NGINX sales](https://www.f5.com/products/get-f5/) or check your contract details for more info! + +## Community Support + +Community support is offered on a best effort basis through either GitHub issues/PRs/discussions or through any of our active communities. From 930b61180424f34e50d187c80b448686d7b44262 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 26 Mar 2025 15:24:16 +0100 Subject: [PATCH 23/60] fix: Only delete untagged images over 2 years old in AWS ECR and GHCR (#297) --- .github/workflows/image-cleanup.yml | 13 ++++++++----- .../delete-untagged-amazon-public-ecr-images.sh | 8 ++++---- README.md | 14 +++++++++++--- 3 files changed, 23 insertions(+), 12 deletions(-) diff --git a/.github/workflows/image-cleanup.yml b/.github/workflows/image-cleanup.yml index 7394166..ee9c6df 100644 --- a/.github/workflows/image-cleanup.yml +++ b/.github/workflows/image-cleanup.yml @@ -28,10 +28,13 @@ jobs: .github/workflows/scripts/delete-untagged-amazon-public-ecr-images.sh - name: Delete untagged NGINX Unprivileged Docker images on the GitHub Container Registry - uses: stumpylog/image-cleaner-action/untagged@48f1aa2111ae929cea4a0e056045f7de0e1b2618 # v0.10.0 + uses: dataaxiom/ghcr-cleanup-action@cd0cdb900b5dbf3a6f2cc869f0dbb0b8211f50c4 # v1.0.16 with: - is_org: true - owner: nginxinc - package_name: nginx-unprivileged - do_delete: true + package: nginx-unprivileged + delete-ghost-images: true + delete-untagged: true + delete-partial-images: true + delete-orphaned-images: true + older-than: 2 years token: ${{ secrets.GITHUB_TOKEN }} + validate: true diff --git a/.github/workflows/scripts/delete-untagged-amazon-public-ecr-images.sh b/.github/workflows/scripts/delete-untagged-amazon-public-ecr-images.sh index 53bba9b..bbc5ccc 100755 --- a/.github/workflows/scripts/delete-untagged-amazon-public-ecr-images.sh +++ b/.github/workflows/scripts/delete-untagged-amazon-public-ecr-images.sh @@ -5,7 +5,8 @@ set -eu REPOSITORY_NAME=nginx-unprivileged -BATCH_DELETE_SIZE=100 # The max delete size allowed by the 'batch-delete-image' aws CLI command is 100 +BATCH_DELETE_SIZE=100 # The max delete size allowed by the 'batch-delete-image' AWS CLI command is 100 +CUTOFF_DATE=$(date -d '2 years ago' +%Y-%m-%d) function batch_delete { while read -r batch; do @@ -23,7 +24,7 @@ function batch_delete { # otherwise any referenced untagged images can not be deleted. IMAGE_DIGESTS=$(aws ecr-public describe-images \ --repository-name "${REPOSITORY_NAME}" \ - --query 'imageDetails[?!imageTags && (contains(imageManifestMediaType, `manifest.list.v2`) || contains(imageManifestMediaType, `image.index.v1`))].{imageDigest: join(`=`, [`imageDigest`, imageDigest])}' \ + --query 'imageDetails[?!imageTags && (contains(imageManifestMediaType, `manifest.list.v2`) || contains(imageManifestMediaType, `image.index.v1`)) && imagePushedAt < `'$CUTOFF_DATE'`].{imageDigest: join(`=`, [`imageDigest`, imageDigest])}' \ --output text) batch_delete "${IMAGE_DIGESTS}" @@ -31,8 +32,7 @@ batch_delete "${IMAGE_DIGESTS}" # Find untagged images and delete them. IMAGE_DIGESTS=$(aws ecr-public describe-images \ --repository-name "${REPOSITORY_NAME}" \ - --query 'imageDetails[?!imageTags].{imageDigest: join(`=`, [`imageDigest`, imageDigest])}' \ + --query 'imageDetails[?!imageTags && imagePushedAt < `'$CUTOFF_DATE'` ].{imageDigest: join(`=`, [`imageDigest`, imageDigest])}' \ --output text) batch_delete "${IMAGE_DIGESTS}" - diff --git a/README.md b/README.md index 8b98139..793a19c 100644 --- a/README.md +++ b/README.md @@ -14,8 +14,6 @@ This repo contains a series of Dockerfiles to create an NGINX Docker image that - The default NGINX PID has been moved from `/var/run/nginx.pid` to `/tmp/nginx.pid` - Change `*_temp_path` variables to `/tmp/*` -New images are built and pushed to on a weekly basis (every Monday night). - Check out the [docs](https://hub.docker.com/_/nginx) for the upstream Docker NGINX image for a detailed explanation on how to use this image. ## Supported Image Registries and Platforms @@ -29,6 +27,16 @@ You can find pre-built images in each of the following registries: - GitHub Container Registry - - Quay - +### Image Builds and Retention Policy + +#### Image Builds + +New images are built whenever there is a new NGINX release or a critical CVE is found and fixed (check the [`security documentation`](/SECURITY.md) for more details). New images are also built and pushed to on a weekly basis (every Monday night). Whenever a new image is built, the current NGINX mainline and stable tags get switched to the latest build, and the image that gets replaced will become untagged. If you wish to point your builds to a specific image over time, use the specific image digest instead of the tag. + +#### Image Retention Policy + +Untagged images on Amazon ECR and the GitHub Container Registry are cleaned up on a two year basis. Untagged images on Docker Hub are not cleaned up at this time (this might change with the incoming storage changes). Untagged images on Quay are continuously removed due to its built in garbage collector. The last built tag of every release is kept indefinitely in every of the aforementioned registries. + ### Architectures Most images are built for the `amd64`, `arm32v5` (for Debian), `arm32v6` (for Alpine), `arm32v7`, `arm64v8`, `i386`, `mips64le` (for Debian), `ppc64le` and `s390x` architectures. @@ -60,7 +68,7 @@ Most images are built for the `amd64`, `arm32v5` (for Debian), `arm32v6` (for Al Whilst issues and PRs are welcome, please do note that: -1. Issues related to security vulnerabilities will be promptly closed unless they are accompanied by a solid reasoning as to why the vulnerability poses a real security threat to this image. Check out the [`SECURITY`](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/SECURITY.md) doc for more details. +1. Issues related to security vulnerabilities will be promptly closed unless they are accompanied by a solid reasoning as to why the vulnerability poses a real security threat to this image. Check out the [`security documentation`](/SECURITY.md) for more details. 2. These images are unprivileged ports of the upstream [Docker NGINX](https://github.com/nginxinc/docker-nginx) images. Any changes that do not specifically involve the changes made to run NGINX on an unprivileged system should be reported in the [Docker NGINX](https://github.com/nginxinc/docker-nginx) upstream repo. They will not get addressed here. 3. Following from 2., base images (e.g. Alpine x.x or Debian x) in the [Docker NGINX](https://github.com/nginxinc/docker-nginx) upstream repo get updated when a new version of NGINX is released, never within the same release version. Similarly, new NGINX releases usually make their way to the [Docker NGINX](https://github.com/nginxinc/docker-nginx) image a couple days after their standard release. Please refrain from opening an issue or PR here if the upstream repo hasn't been updated -- it will be closed. From c93390317f5e5942a3e3f3240da1c8f7591541d5 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 26 Mar 2025 15:33:30 +0100 Subject: [PATCH 24/60] chore: Replace nginxinc org mentions with nginx --- .github/workflows/alpine-mainline.yml | 6 +++--- .github/workflows/alpine-stable.yml | 6 +++--- .github/workflows/debian-mainline.yml | 4 ++-- .github/workflows/debian-stable.yml | 4 ++-- CONTRIBUTING.md | 2 +- README.md | 8 ++++---- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index b28d293..128a26a 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -89,7 +89,7 @@ jobs: with: images: | docker.io/nginxinc/nginx-unprivileged - ghcr.io/nginxinc/nginx-unprivileged + ghcr.io/nginx/nginx-unprivileged public.ecr.aws/nginx/nginx-unprivileged quay.io/nginx/nginx-unprivileged tags: | @@ -207,7 +207,7 @@ jobs: with: images: | docker.io/nginxinc/nginx-unprivileged - ghcr.io/nginxinc/nginx-unprivileged + ghcr.io/nginx/nginx-unprivileged public.ecr.aws/nginx/nginx-unprivileged quay.io/nginx/nginx-unprivileged tags: | @@ -325,7 +325,7 @@ jobs: with: images: | docker.io/nginxinc/nginx-unprivileged - ghcr.io/nginxinc/nginx-unprivileged + ghcr.io/nginx/nginx-unprivileged public.ecr.aws/nginx/nginx-unprivileged quay.io/nginx/nginx-unprivileged tags: | diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index 11c3c12..90eb436 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -89,7 +89,7 @@ jobs: with: images: | docker.io/nginxinc/nginx-unprivileged - ghcr.io/nginxinc/nginx-unprivileged + ghcr.io/nginx/nginx-unprivileged public.ecr.aws/nginx/nginx-unprivileged quay.io/nginx/nginx-unprivileged tags: | @@ -199,7 +199,7 @@ jobs: with: images: | docker.io/nginxinc/nginx-unprivileged - ghcr.io/nginxinc/nginx-unprivileged + ghcr.io/nginx/nginx-unprivileged public.ecr.aws/nginx/nginx-unprivileged quay.io/nginx/nginx-unprivileged tags: | @@ -309,7 +309,7 @@ jobs: with: images: | docker.io/nginxinc/nginx-unprivileged - ghcr.io/nginxinc/nginx-unprivileged + ghcr.io/nginx/nginx-unprivileged public.ecr.aws/nginx/nginx-unprivileged quay.io/nginx/nginx-unprivileged tags: | diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index 0b05c85..05957ed 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -89,7 +89,7 @@ jobs: with: images: | docker.io/nginxinc/nginx-unprivileged - ghcr.io/nginxinc/nginx-unprivileged + ghcr.io/nginx/nginx-unprivileged public.ecr.aws/nginx/nginx-unprivileged quay.io/nginx/nginx-unprivileged tags: | @@ -208,7 +208,7 @@ jobs: with: images: | docker.io/nginxinc/nginx-unprivileged - ghcr.io/nginxinc/nginx-unprivileged + ghcr.io/nginx/nginx-unprivileged public.ecr.aws/nginx/nginx-unprivileged quay.io/nginx/nginx-unprivileged tags: | diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index 84ef9d2..bd3710d 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -89,7 +89,7 @@ jobs: with: images: | docker.io/nginxinc/nginx-unprivileged - ghcr.io/nginxinc/nginx-unprivileged + ghcr.io/nginx/nginx-unprivileged public.ecr.aws/nginx/nginx-unprivileged quay.io/nginx/nginx-unprivileged tags: | @@ -200,7 +200,7 @@ jobs: with: images: | docker.io/nginxinc/nginx-unprivileged - ghcr.io/nginxinc/nginx-unprivileged + ghcr.io/nginx/nginx-unprivileged public.ecr.aws/nginx/nginx-unprivileged quay.io/nginx/nginx-unprivileged tags: | diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 38f28e1..e20b494 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -26,7 +26,7 @@ To suggest a feature or enhancement, please create an issue on GitHub with the l - Fork the repo, create a branch, implement your changes, test that the corresponding Docker images can be built and run as intended, and submit a PR when your changes are **tested** and ready for review. - Fill in the [PR template](/.github/pull_request_template.md). -- This repository is a mirror image of the upstream [NGINX Docker image](https://github.com/nginxinc/docker-nginx) with minor changes in order to support running NGINX in an unprivileged environment. As such only two types of PRs will be considered: +- This repository is a mirror image of the upstream [NGINX Docker image](https://github.com/nginx/docker-nginx) with minor changes in order to support running NGINX in an unprivileged environment. As such only two types of PRs will be considered: 1. PRs that incorporate changes made to the upstream image that have not yet been ported to this image (e.g. there's a new NGINX release). 2. PRs that add a critical feature or a nice-to-have enhancement for running these images on an unprivileged environment (e.g. allowing users specify to the UID/GID of the image user). diff --git a/README.md b/README.md index 793a19c..551d7ea 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ # NGINX Unprivileged Docker Image -This repo contains a series of Dockerfiles to create an NGINX Docker image that runs NGINX as a non root, unprivileged user. Notable differences with respect to the official [NGINX Docker](https://github.com/nginxinc/docker-nginx) image include: +This repo contains a series of Dockerfiles to create an NGINX Docker image that runs NGINX as a non root, unprivileged user. Notable differences with respect to the official [NGINX Docker](https://github.com/nginx/docker-nginx) image include: - The default NGINX listen port is now `8080` instead of `80` (this is no longer necessary as of Docker `20.03` but it's still required in other container runtimes) - The default NGINX user directive in `/etc/nginx/nginx.conf` has been removed @@ -24,7 +24,7 @@ You can find pre-built images in each of the following registries: - Amazon ECR - - Docker Hub - -- GitHub Container Registry - +- GitHub Container Registry - - Quay - ### Image Builds and Retention Policy @@ -69,8 +69,8 @@ Most images are built for the `amd64`, `arm32v5` (for Debian), `arm32v6` (for Al Whilst issues and PRs are welcome, please do note that: 1. Issues related to security vulnerabilities will be promptly closed unless they are accompanied by a solid reasoning as to why the vulnerability poses a real security threat to this image. Check out the [`security documentation`](/SECURITY.md) for more details. -2. These images are unprivileged ports of the upstream [Docker NGINX](https://github.com/nginxinc/docker-nginx) images. Any changes that do not specifically involve the changes made to run NGINX on an unprivileged system should be reported in the [Docker NGINX](https://github.com/nginxinc/docker-nginx) upstream repo. They will not get addressed here. -3. Following from 2., base images (e.g. Alpine x.x or Debian x) in the [Docker NGINX](https://github.com/nginxinc/docker-nginx) upstream repo get updated when a new version of NGINX is released, never within the same release version. Similarly, new NGINX releases usually make their way to the [Docker NGINX](https://github.com/nginxinc/docker-nginx) image a couple days after their standard release. Please refrain from opening an issue or PR here if the upstream repo hasn't been updated -- it will be closed. +2. These images are unprivileged ports of the upstream [Docker NGINX](https://github.com/nginx/docker-nginx) images. Any changes that do not specifically involve the changes made to run NGINX on an unprivileged system should be reported in the [Docker NGINX](https://github.com/nginx/docker-nginx) upstream repo. They will not get addressed here. +3. Following from 2., base images (e.g. Alpine x.x or Debian x) in the [Docker NGINX](https://github.com/nginx/docker-nginx) upstream repo get updated when a new version of NGINX is released, never within the same release version. Similarly, new NGINX releases usually make their way to the [Docker NGINX](https://github.com/nginx/docker-nginx) image a couple days after their standard release. Please refrain from opening an issue or PR here if the upstream repo hasn't been updated -- it will be closed. ## Contributing From 22bed2344b841e2f588c1323ff4b8193b518819c Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 26 Mar 2025 19:08:38 +0100 Subject: [PATCH 25/60] chore: Update CODEOWNERS --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 268b223..84a8170 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -2,4 +2,4 @@ # Main global owner # ##################### -* +* @nginx/docker-unprivileged From a77ee70f3264dcea5415ebd79d1b7da0143cee90 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Mar 2025 15:53:32 -0800 Subject: [PATCH 26/60] Bump github/codeql-action from 3.28.12 to 3.28.13 (#298) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ossf_scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml index 21d114a..ed80989 100644 --- a/.github/workflows/ossf_scorecard.yml +++ b/.github/workflows/ossf_scorecard.yml @@ -47,6 +47,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload SARIF results to code scanning - uses: github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12 + uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 with: sarif_file: results.sarif From 8ead5cede31b9dc5a976d1b44bb1987226b48677 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 26 Mar 2025 21:54:48 +0100 Subject: [PATCH 27/60] docs: Add note re old images being hosted in the nginxinc org --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 551d7ea..f2684d7 100644 --- a/README.md +++ b/README.md @@ -25,13 +25,14 @@ You can find pre-built images in each of the following registries: - Amazon ECR - - Docker Hub - - GitHub Container Registry - + - **Note**: For releases prior to NGINX 1.27.4 (mainline branch) and 1.26.3 (stable branch), use the old registry link - Quay - ### Image Builds and Retention Policy #### Image Builds -New images are built whenever there is a new NGINX release or a critical CVE is found and fixed (check the [`security documentation`](/SECURITY.md) for more details). New images are also built and pushed to on a weekly basis (every Monday night). Whenever a new image is built, the current NGINX mainline and stable tags get switched to the latest build, and the image that gets replaced will become untagged. If you wish to point your builds to a specific image over time, use the specific image digest instead of the tag. +New images are built whenever there is a new NGINX release or a critical CVE is found and fixed (check the [security documentation](/SECURITY.md) for more details). New images are also built and pushed to all registries on a weekly basis every Monday night. Whenever a new image is built, the current NGINX mainline and stable tags get switched to the latest build, and the image that gets replaced will become untagged. If you wish to point your builds to a specific image over time, use the specific image digest instead of the tag. #### Image Retention Policy From d19306483031411d6a74a359826246933d6fa828 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Apr 2025 07:30:30 -0800 Subject: [PATCH 28/60] Bump github/codeql-action from 3.28.13 to 3.28.15 (#299) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ossf_scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml index ed80989..24da28d 100644 --- a/.github/workflows/ossf_scorecard.yml +++ b/.github/workflows/ossf_scorecard.yml @@ -47,6 +47,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload SARIF results to code scanning - uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 + uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 with: sarif_file: results.sarif From 8655fa1a12e630ba9a38620da88c7e7447cff8c9 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 25 Apr 2025 20:35:05 +0200 Subject: [PATCH 29/60] feat: Update mainline NGINX to 1.27.5 (#301) --- Dockerfile-alpine-slim.template | 19 ++----------------- SUPPORT.md | 2 +- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 23 ++++------------------- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine-slim/Dockerfile | 27 ++++++--------------------- stable/alpine/Dockerfile | 6 +++--- stable/debian-perl/Dockerfile | 4 ++-- stable/debian/Dockerfile | 8 ++++---- update.sh | 16 ++++++++-------- 13 files changed, 42 insertions(+), 87 deletions(-) diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 609c4ad..2ba937c 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -81,23 +81,8 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del --no-network .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ +# Add `envsubst` for templating environment variables + && apk add --no-cache gettext-envsubst \ # Bring in tzdata so users could set the timezones through the environment # variables && apk add --no-cache tzdata \ diff --git a/SUPPORT.md b/SUPPORT.md index 0d9c8b4..2c80438 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -2,7 +2,7 @@ ## Ask a Question -We use GitHub for tracking bugs and feature requests related to all the Docker NGINX images (including all variants and container registries). +We use GitHub for tracking bugs and feature requests related to all Docker NGINX unprivileged images (including all variants and container registries). Don't know how something in this project works? Curious if this project can achieve your desired functionality? Please open an issue on GitHub with the label `question`. Alternatively, start a GitHub discussion! diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index a4df043..24241c8 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.27.4-alpine +ARG IMAGE=nginxinc/nginx-unprivileged:1.27.5-alpine FROM $IMAGE ARG UID=101 @@ -52,7 +52,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index ccf7acb..5506f09 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -8,7 +8,7 @@ FROM $IMAGE LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION=1.27.4 +ENV NGINX_VERSION=1.27.5 ENV PKG_RELEASE=1 ENV DYNPKG_RELEASE=1 @@ -63,7 +63,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ @@ -87,23 +87,8 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del --no-network .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ +# Add `envsubst` for templating environment variables + && apk add --no-cache gettext-envsubst \ # Bring in tzdata so users could set the timezones through the environment # variables && apk add --no-cache tzdata \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index e9914fe..26dcf73 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,10 +3,10 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.27.4-alpine-slim +ARG IMAGE=nginxinc/nginx-unprivileged:1.27.5-alpine-slim FROM $IMAGE -ENV NJS_VERSION=0.8.9 +ENV NJS_VERSION=0.8.10 ENV NJS_RELEASE=1 ARG UID=101 @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index dba8a65..cf083b3 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.27.4 +ARG IMAGE=nginxinc/nginx-unprivileged:1.27.5 FROM $IMAGE ARG UID=101 @@ -54,7 +54,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 9b4f325..d78d860 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -8,8 +8,8 @@ FROM $IMAGE LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION=1.27.4 -ENV NJS_VERSION=0.8.9 +ENV NGINX_VERSION=1.27.5 +ENV NJS_VERSION=0.8.10 ENV NJS_RELEASE=1~bookworm ENV PKG_RELEASE=1~bookworm ENV DYNPKG_RELEASE=1~bookworm @@ -81,7 +81,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 6394b32..bdde677 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.26.3-alpine +ARG IMAGE=nginxinc/nginx-unprivileged:1.28.0-alpine FROM $IMAGE ARG UID=101 @@ -52,7 +52,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index e1a8c97..cda3a72 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -3,14 +3,14 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=alpine:3.20 +ARG IMAGE=alpine:3.21 FROM $IMAGE LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION=1.26.3 +ENV NGINX_VERSION=1.28.0 ENV PKG_RELEASE=1 -ENV DYNPKG_RELEASE=2 +ENV DYNPKG_RELEASE=1 ARG UID=101 ARG GID=101 @@ -63,7 +63,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ @@ -87,23 +87,8 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del --no-network .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ +# Add `envsubst` for templating environment variables + && apk add --no-cache gettext-envsubst \ # Bring in tzdata so users could set the timezones through the environment # variables && apk add --no-cache tzdata \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 724df6c..fece7d1 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,10 +3,10 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.26.3-alpine-slim +ARG IMAGE=nginxinc/nginx-unprivileged:1.28.0-alpine-slim FROM $IMAGE -ENV NJS_VERSION=0.8.9 +ENV NJS_VERSION=0.8.10 ENV NJS_RELEASE=1 ARG UID=101 @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 5973b2b..9d11815 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.26.3 +ARG IMAGE=nginxinc/nginx-unprivileged:1.28.0 FROM $IMAGE ARG UID=101 @@ -54,7 +54,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 9f9aad0..f0c675d 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,11 +8,11 @@ FROM $IMAGE LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION=1.26.3 -ENV NJS_VERSION=0.8.9 +ENV NGINX_VERSION=1.28.0 +ENV NJS_VERSION=0.8.10 ENV NJS_RELEASE=1~bookworm ENV PKG_RELEASE=1~bookworm -ENV DYNPKG_RELEASE=2~bookworm +ENV DYNPKG_RELEASE=1~bookworm ARG UID=101 ARG GID=101 @@ -81,7 +81,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/update.sh b/update.sh index 243d915..1b5fcf0 100755 --- a/update.sh +++ b/update.sh @@ -12,14 +12,14 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.27.4' - [stable]='1.26.3' + [mainline]='1.27.5' + [stable]='1.28.0' ) # Current njs versions declare -A njs=( - [mainline]='0.8.9' - [stable]='0.8.9' + [mainline]='0.8.10' + [stable]='0.8.10' ) # Current njs patchlevel version @@ -40,7 +40,7 @@ declare -A pkg=( # Remember to update pkgosschecksum when changing this declare -A dynpkg=( [mainline]=1 - [stable]=2 + [stable]=1 ) declare -A debian=( @@ -50,7 +50,7 @@ declare -A debian=( declare -A alpine=( [mainline]='3.21' - [stable]='3.20' + [stable]='3.21' ) # When we bump njs version in a stable release we don't move the tag in the @@ -66,8 +66,8 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845' - [stable]='3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea' + [mainline]='c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745' + [stable]='517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4' ) get_packages() { From 862160b2a2ebecf171bfcd37dfcd83ac77b72168 Mon Sep 17 00:00:00 2001 From: Jan Grieb Date: Sun, 27 Apr 2025 20:34:10 +0200 Subject: [PATCH 30/60] fix: NGINX PID default path has changed in NGINX 1.27.5 and 1.28.0 (#303) --- Dockerfile-alpine-slim.template | 2 +- Dockerfile-debian.template | 2 +- README.md | 4 ++-- mainline/alpine-slim/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- stable/alpine-slim/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 2ba937c..0a550e9 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -95,7 +95,7 @@ RUN set -x \ # implement changes required to run NGINX as an unprivileged user RUN sed -i 's,listen 80;,listen 8080;,' /etc/nginx/conf.d/default.conf \ && sed -i '/user nginx;/d' /etc/nginx/nginx.conf \ - && sed -i 's,/var/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf \ + && sed -i 's,\(/var\)\{0\,1\}/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf \ && sed -i "/^http {/a \ proxy_temp_path /tmp/proxy_temp;\n client_body_temp_path /tmp/client_temp;\n fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n" /etc/nginx/nginx.conf \ # nginx user must own the cache and etc directory to write cache and tweak the nginx config && chown -R $UID:0 /var/cache/nginx \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index bc86447..92788e8 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -128,7 +128,7 @@ RUN set -x \ # implement changes required to run NGINX as an unprivileged user RUN sed -i 's,listen 80;,listen 8080;,' /etc/nginx/conf.d/default.conf \ && sed -i '/user nginx;/d' /etc/nginx/nginx.conf \ - && sed -i 's,/var/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf \ + && sed -i 's,\(/var\)\{0\,1\}/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf \ && sed -i "/^http {/a \ proxy_temp_path /tmp/proxy_temp;\n client_body_temp_path /tmp/client_temp;\n fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n" /etc/nginx/nginx.conf \ # nginx user must own the cache and etc directory to write cache and tweak the nginx config && chown -R $UID:0 /var/cache/nginx \ diff --git a/README.md b/README.md index f2684d7..d8c53ba 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ This repo contains a series of Dockerfiles to create an NGINX Docker image that - The default NGINX listen port is now `8080` instead of `80` (this is no longer necessary as of Docker `20.03` but it's still required in other container runtimes) - The default NGINX user directive in `/etc/nginx/nginx.conf` has been removed -- The default NGINX PID has been moved from `/var/run/nginx.pid` to `/tmp/nginx.pid` +- The default NGINX PID has been moved from `/var/run/nginx.pid` (prior to NGINX 1.27.5) and `/run/nginx.pid` (NGINX 1.27.5 and later) to `/tmp/nginx.pid` - Change `*_temp_path` variables to `/tmp/*` Check out the [docs](https://hub.docker.com/_/nginx) for the upstream Docker NGINX image for a detailed explanation on how to use this image. @@ -51,7 +51,7 @@ Most images are built for the `amd64`, `arm32v5` (for Debian), `arm32v6` (for Al ``` - If you override the default `nginx.conf` file you may encounter various types of error messages: - - To fix `nginx: [emerg] open() "/var/run/nginx.pid" failed (13: Permission denied)`, you have to specify a valid `pid` location by adding the line `pid /tmp/nginx.pid;` at the top level of your config. + - To fix `nginx: [emerg] open() "/var/run/nginx.pid" failed (13: Permission denied)`, you have to specify a valid `pid` location by adding the line `pid /tmp/nginx.pid;` at the top level of your config. NOTE: NGINX 1.27.5 will complain about permissions for `/run/nginx.pid` due to a policy change for this path. - To fix `nginx: [emerg] mkdir() "/var/cache/nginx/client_temp" failed (30: Read-only file system)`, you have to specify a valid location for the various NGINX temporary paths by adding these lines within the `http` context: ```nginx diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 5506f09..1bdbfbc 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -101,7 +101,7 @@ RUN set -x \ # implement changes required to run NGINX as an unprivileged user RUN sed -i 's,listen 80;,listen 8080;,' /etc/nginx/conf.d/default.conf \ && sed -i '/user nginx;/d' /etc/nginx/nginx.conf \ - && sed -i 's,/var/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf \ + && sed -i 's,\(/var\)\{0\,1\}/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf \ && sed -i "/^http {/a \ proxy_temp_path /tmp/proxy_temp;\n client_body_temp_path /tmp/client_temp;\n fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n" /etc/nginx/nginx.conf \ # nginx user must own the cache and etc directory to write cache and tweak the nginx config && chown -R $UID:0 /var/cache/nginx \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index d78d860..2cca5ea 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -138,7 +138,7 @@ RUN set -x \ # implement changes required to run NGINX as an unprivileged user RUN sed -i 's,listen 80;,listen 8080;,' /etc/nginx/conf.d/default.conf \ && sed -i '/user nginx;/d' /etc/nginx/nginx.conf \ - && sed -i 's,/var/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf \ + && sed -i 's,\(/var\)\{0\,1\}/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf \ && sed -i "/^http {/a \ proxy_temp_path /tmp/proxy_temp;\n client_body_temp_path /tmp/client_temp;\n fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n" /etc/nginx/nginx.conf \ # nginx user must own the cache and etc directory to write cache and tweak the nginx config && chown -R $UID:0 /var/cache/nginx \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index cda3a72..6c59108 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -101,7 +101,7 @@ RUN set -x \ # implement changes required to run NGINX as an unprivileged user RUN sed -i 's,listen 80;,listen 8080;,' /etc/nginx/conf.d/default.conf \ && sed -i '/user nginx;/d' /etc/nginx/nginx.conf \ - && sed -i 's,/var/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf \ + && sed -i 's,\(/var\)\{0\,1\}/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf \ && sed -i "/^http {/a \ proxy_temp_path /tmp/proxy_temp;\n client_body_temp_path /tmp/client_temp;\n fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n" /etc/nginx/nginx.conf \ # nginx user must own the cache and etc directory to write cache and tweak the nginx config && chown -R $UID:0 /var/cache/nginx \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index f0c675d..7217d8b 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -138,7 +138,7 @@ RUN set -x \ # implement changes required to run NGINX as an unprivileged user RUN sed -i 's,listen 80;,listen 8080;,' /etc/nginx/conf.d/default.conf \ && sed -i '/user nginx;/d' /etc/nginx/nginx.conf \ - && sed -i 's,/var/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf \ + && sed -i 's,\(/var\)\{0\,1\}/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf \ && sed -i "/^http {/a \ proxy_temp_path /tmp/proxy_temp;\n client_body_temp_path /tmp/client_temp;\n fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n" /etc/nginx/nginx.conf \ # nginx user must own the cache and etc directory to write cache and tweak the nginx config && chown -R $UID:0 /var/cache/nginx \ From 107776ad9187077f428cb156760ce0c4309958a7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 30 Apr 2025 11:08:44 -0800 Subject: [PATCH 31/60] Bump github/codeql-action from 3.28.15 to 3.28.16 (#305) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ossf_scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml index 24da28d..55724fe 100644 --- a/.github/workflows/ossf_scorecard.yml +++ b/.github/workflows/ossf_scorecard.yml @@ -47,6 +47,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload SARIF results to code scanning - uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 + uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16 with: sarif_file: results.sarif From 420549a50b39d5f15bd08521bae4c4138ae225a7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 30 Apr 2025 11:09:01 -0800 Subject: [PATCH 32/60] Bump docker/build-push-action from 6.15.0 to 6.16.0 (#306) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 6 +++--- .github/workflows/alpine-stable.yml | 6 +++--- .github/workflows/debian-mainline.yml | 4 ++-- .github/workflows/debian-stable.yml | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 128a26a..61cf536 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -108,7 +108,7 @@ jobs: - name: Build and push NGINX mainline slim Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:mainline/alpine-slim" @@ -226,7 +226,7 @@ jobs: - name: Build and push NGINX mainline Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:mainline/alpine" @@ -344,7 +344,7 @@ jobs: - name: Build and push NGINX mainline perl Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:mainline/alpine-perl" diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index 90eb436..7aef951 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -104,7 +104,7 @@ jobs: - name: Build and push NGINX stable slim Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:stable/alpine-slim" @@ -214,7 +214,7 @@ jobs: - name: Build and push NGINX stable Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:stable/alpine" @@ -324,7 +324,7 @@ jobs: - name: Build and push NGINX stable perl Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:stable/alpine-perl" diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index 05957ed..84a5f22 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -108,7 +108,7 @@ jobs: - name: Build and push NGINX mainline Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x @@ -227,7 +227,7 @@ jobs: - name: Build and push NGINX mainline perl Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index bd3710d..ef03d86 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -104,7 +104,7 @@ jobs: - name: Build and push NGINX stable Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x @@ -215,7 +215,7 @@ jobs: - name: Build and push NGINX stable perl Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x From f62e5894505585a9925e20c2413a238758e9a60d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 May 2025 13:31:43 -0800 Subject: [PATCH 33/60] Bump github/codeql-action from 3.28.16 to 3.28.17 (#309) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ossf_scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml index 55724fe..42aa731 100644 --- a/.github/workflows/ossf_scorecard.yml +++ b/.github/workflows/ossf_scorecard.yml @@ -47,6 +47,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload SARIF results to code scanning - uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16 + uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17 with: sarif_file: results.sarif From 8c57fb5da836c4a7244a0b186028d44c67d11a21 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 May 2025 04:48:13 -0800 Subject: [PATCH 34/60] Bump aws-actions/configure-aws-credentials from 4.1.0 to 4.2.0 (#310) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 6 +++--- .github/workflows/alpine-stable.yml | 6 +++--- .github/workflows/debian-mainline.yml | 4 ++-- .github/workflows/debian-stable.yml | 4 ++-- .github/workflows/image-cleanup.yml | 2 +- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 61cf536..12df6a1 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -48,7 +48,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -166,7 +166,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -284,7 +284,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index 7aef951..457ded6 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -48,7 +48,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -158,7 +158,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -268,7 +268,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index 84a5f22..6431ff8 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -48,7 +48,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -167,7 +167,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index ef03d86..4117cf4 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -48,7 +48,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -159,7 +159,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} diff --git a/.github/workflows/image-cleanup.yml b/.github/workflows/image-cleanup.yml index ee9c6df..953638f 100644 --- a/.github/workflows/image-cleanup.yml +++ b/.github/workflows/image-cleanup.yml @@ -17,7 +17,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} From f39ce339ecebd31f1c4b60c783b7a6c01bb836cf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 May 2025 10:17:35 -0800 Subject: [PATCH 35/60] Bump docker/build-push-action from 6.16.0 to 6.17.0 (#313) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 6 +++--- .github/workflows/alpine-stable.yml | 6 +++--- .github/workflows/debian-mainline.yml | 4 ++-- .github/workflows/debian-stable.yml | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 12df6a1..d5c1af8 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -108,7 +108,7 @@ jobs: - name: Build and push NGINX mainline slim Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 + uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:mainline/alpine-slim" @@ -226,7 +226,7 @@ jobs: - name: Build and push NGINX mainline Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 + uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:mainline/alpine" @@ -344,7 +344,7 @@ jobs: - name: Build and push NGINX mainline perl Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 + uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:mainline/alpine-perl" diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index 457ded6..f4b75fa 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -104,7 +104,7 @@ jobs: - name: Build and push NGINX stable slim Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 + uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:stable/alpine-slim" @@ -214,7 +214,7 @@ jobs: - name: Build and push NGINX stable Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 + uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:stable/alpine" @@ -324,7 +324,7 @@ jobs: - name: Build and push NGINX stable perl Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 + uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:stable/alpine-perl" diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index 6431ff8..ee18cdc 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -108,7 +108,7 @@ jobs: - name: Build and push NGINX mainline Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 + uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x @@ -227,7 +227,7 @@ jobs: - name: Build and push NGINX mainline perl Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 + uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index 4117cf4..7d4ae52 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -104,7 +104,7 @@ jobs: - name: Build and push NGINX stable Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 + uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x @@ -215,7 +215,7 @@ jobs: - name: Build and push NGINX stable perl Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 + uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x From 185dced56ac65961b90a3462f39f8e9b04f903fc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 May 2025 10:17:51 -0800 Subject: [PATCH 36/60] Bump aws-actions/configure-aws-credentials from 4.2.0 to 4.2.1 (#312) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 6 +++--- .github/workflows/alpine-stable.yml | 6 +++--- .github/workflows/debian-mainline.yml | 4 ++-- .github/workflows/debian-stable.yml | 4 ++-- .github/workflows/image-cleanup.yml | 2 +- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index d5c1af8..1ac07df 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -48,7 +48,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0 + uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -166,7 +166,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0 + uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -284,7 +284,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0 + uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index f4b75fa..afa9936 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -48,7 +48,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0 + uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -158,7 +158,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0 + uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -268,7 +268,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0 + uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index ee18cdc..510a3e6 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -48,7 +48,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0 + uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -167,7 +167,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0 + uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index 7d4ae52..c4e744b 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -48,7 +48,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0 + uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -159,7 +159,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0 + uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} diff --git a/.github/workflows/image-cleanup.yml b/.github/workflows/image-cleanup.yml index 953638f..eebee81 100644 --- a/.github/workflows/image-cleanup.yml +++ b/.github/workflows/image-cleanup.yml @@ -17,7 +17,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0 + uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} From 80a25854ce4d4038bda5c465fe0ccccceec822b6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 May 2025 10:18:05 -0800 Subject: [PATCH 37/60] Bump github/codeql-action from 3.28.17 to 3.28.18 (#311) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ossf_scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml index 42aa731..0f94803 100644 --- a/.github/workflows/ossf_scorecard.yml +++ b/.github/workflows/ossf_scorecard.yml @@ -47,6 +47,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload SARIF results to code scanning - uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17 + uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 with: sarif_file: results.sarif From 4af031ef2d456446d9ae72ecdd73c47453a7aa94 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Jun 2025 16:35:51 +0200 Subject: [PATCH 38/60] Bump ossf/scorecard-action from 2.4.1 to 2.4.2 (#315) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ossf_scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml index 0f94803..cd57e17 100644 --- a/.github/workflows/ossf_scorecard.yml +++ b/.github/workflows/ossf_scorecard.yml @@ -30,7 +30,7 @@ jobs: persist-credentials: false - name: Run analysis - uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 + uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 with: results_file: results.sarif results_format: sarif From 67331ce66af8fea80c6daef8d20f5612a5e41875 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Jun 2025 16:36:26 +0200 Subject: [PATCH 39/60] Bump docker/build-push-action from 6.17.0 to 6.18.0 (#314) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 6 +++--- .github/workflows/alpine-stable.yml | 6 +++--- .github/workflows/debian-mainline.yml | 4 ++-- .github/workflows/debian-stable.yml | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 1ac07df..1c2fad8 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -108,7 +108,7 @@ jobs: - name: Build and push NGINX mainline slim Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:mainline/alpine-slim" @@ -226,7 +226,7 @@ jobs: - name: Build and push NGINX mainline Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:mainline/alpine" @@ -344,7 +344,7 @@ jobs: - name: Build and push NGINX mainline perl Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:mainline/alpine-perl" diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index afa9936..717524b 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -104,7 +104,7 @@ jobs: - name: Build and push NGINX stable slim Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:stable/alpine-slim" @@ -214,7 +214,7 @@ jobs: - name: Build and push NGINX stable Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:stable/alpine" @@ -324,7 +324,7 @@ jobs: - name: Build and push NGINX stable perl Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/riscv64, linux/s390x context: "{{ defaultContext }}:stable/alpine-perl" diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index 510a3e6..339dda6 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -108,7 +108,7 @@ jobs: - name: Build and push NGINX mainline Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x @@ -227,7 +227,7 @@ jobs: - name: Build and push NGINX mainline perl Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index c4e744b..b969e79 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -104,7 +104,7 @@ jobs: - name: Build and push NGINX stable Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x @@ -215,7 +215,7 @@ jobs: - name: Build and push NGINX stable perl Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: platforms: linux/amd64, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x # platforms: linux/amd64, linux/arm/v5, linux/arm/v7, linux/arm64, linux/386, linux/mips64le, linux/ppc64le, linux/s390x From 0db8e3b1970d520378d402f50364595e979ec453 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Jun 2025 12:33:04 +0200 Subject: [PATCH 40/60] Bump github/codeql-action from 3.28.18 to 3.28.19 (#316) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ossf_scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml index cd57e17..24695fe 100644 --- a/.github/workflows/ossf_scorecard.yml +++ b/.github/workflows/ossf_scorecard.yml @@ -47,6 +47,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload SARIF results to code scanning - uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 + uses: github/codeql-action/upload-sarif@fca7ace96b7d713c7035871441bd52efbe39e27e # v3.28.19 with: sarif_file: results.sarif From bf3a1abb2d85622421a0ea7192de04a4d37325d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Jun 2025 15:50:26 +0200 Subject: [PATCH 41/60] Bump github/codeql-action from 3.28.19 to 3.29.0 (#319) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ossf_scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml index 24695fe..38be556 100644 --- a/.github/workflows/ossf_scorecard.yml +++ b/.github/workflows/ossf_scorecard.yml @@ -47,6 +47,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload SARIF results to code scanning - uses: github/codeql-action/upload-sarif@fca7ace96b7d713c7035871441bd52efbe39e27e # v3.28.19 + uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0 with: sarif_file: results.sarif From d5fb0119cf5c6a94cba03474ccc841bbe037fa87 Mon Sep 17 00:00:00 2001 From: hangy Date: Tue, 17 Jun 2025 18:57:48 +0200 Subject: [PATCH 42/60] feat: Add Dockerfile for OTEL enabled container images (#318) Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Alessandro Fael Garcia --- .github/workflows/alpine-mainline.yml | 120 +++++++++++++++++++++++++- .github/workflows/alpine-stable.yml | 111 +++++++++++++++++++++++- .github/workflows/debian-mainline.yml | 120 +++++++++++++++++++++++++- .github/workflows/debian-stable.yml | 114 +++++++++++++++++++++++- Dockerfile-alpine-otel.template | 74 ++++++++++++++++ Dockerfile-debian-otel.template | 97 +++++++++++++++++++++ Dockerfile-debian-perl.template | 2 +- Dockerfile-debian.template | 2 +- mainline/alpine-otel/Dockerfile | 85 ++++++++++++++++++ mainline/debian-otel/Dockerfile | 108 +++++++++++++++++++++++ mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- stable/alpine-otel/Dockerfile | 85 ++++++++++++++++++ stable/debian-otel/Dockerfile | 108 +++++++++++++++++++++++ stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- update.sh | 42 +++++++-- 17 files changed, 1057 insertions(+), 19 deletions(-) create mode 100644 Dockerfile-alpine-otel.template create mode 100644 Dockerfile-debian-otel.template create mode 100644 mainline/alpine-otel/Dockerfile create mode 100644 mainline/debian-otel/Dockerfile create mode 100644 stable/alpine-otel/Dockerfile create mode 100644 stable/debian-otel/Dockerfile diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 1c2fad8..527bf99 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -28,7 +28,7 @@ jobs: - name: Parse Alpine version id: distro_version run: | - echo "release=$(cat update.sh | grep -m7 '\[mainline\]=' | tail -n1 | cut -d"'" -f2)" >> "$GITHUB_OUTPUT" + echo "release=$(cat update.sh | grep -m8 '\[mainline\]=' | tail -n1 | cut -d"'" -f2)" >> "$GITHUB_OUTPUT" slim: name: Build Alpine NGINX mainline slim Docker image @@ -383,3 +383,121 @@ jobs: DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID }} DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} NOTARY_TARGETS_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} + + otel: + name: Build Alpine NGINX mainline otel Docker image + needs: [version, core] + runs-on: ubuntu-24.04 + strategy: + fail-fast: false + steps: + - name: Check out the codebase + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Set up QEMU + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + + - name: Configure AWS credentials + if: ${{ github.event_name != 'pull_request' }} + uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 + with: + aws-region: ${{ secrets.AWS_REGION }} + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + - name: Login to Amazon ECR Public Gallery + if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + with: + registry: public.ecr.aws + + - name: Login to Docker Hub + if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Login to GitHub Container Registry + if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Login to Quay + if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + with: + registry: quay.io + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_TOKEN }} + + - name: Extract metadata (annotations, labels, tags) for Docker + id: meta + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + with: + images: | + docker.io/nginxinc/nginx-unprivileged + ghcr.io/nginx/nginx-unprivileged + public.ecr.aws/nginx/nginx-unprivileged + quay.io/nginx/nginx-unprivileged + tags: | + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-otel + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-otel + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-otel + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-otel + type=raw,value=${{ needs.version.outputs.major }}-alpine-otel + type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-otel + type=raw,value=mainline-alpine-otel + type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-otel + type=raw,value=alpine-otel + type=raw,value=alpine${{ needs.version.outputs.distro }}-otel + env: + DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index + + - name: Build and push NGINX mainline otel Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay + id: build + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + with: + platforms: linux/amd64, linux/arm64 + context: "{{ defaultContext }}:mainline/alpine-otel" + labels: ${{ steps.meta.outputs.labels }} + annotations: ${{ steps.meta.outputs.annotations }} + tags: ${{ steps.meta.outputs.tags }} + push: ${{ github.event_name != 'pull_request' }} + # cache-from: type=gha,scope=alpine-otel + # cache-to: type=gha,mode=min,scope=alpine-otel + + - name: Sign Docker Hub Manifest + if: ${{ github.event_name != 'pull_request' }} + run: | + set -ex + sudo apt update + sudo apt install -y notary + mkdir -p ~/.docker/trust/private + echo "$DOCKER_CONTENT_TRUST_REPOSITORY_KEY" > ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key + chmod 0400 ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key + docker trust key load ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key --name nginx + DIGEST=$(printf '${{ steps.build.outputs.metadata }}' | jq -r '."containerimage.descriptor".digest' | cut -d ':' -f2) + SIZE=$(printf '${{ steps.build.outputs.metadata }}' | jq -r '."containerimage.descriptor".size') + export NOTARY_AUTH=$(printf "${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_TOKEN }}" | base64 -w0) + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine${{ needs.version.outputs.distro }}-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine${{ needs.version.outputs.distro }}-otel $SIZE --sha256 $DIGEST --publish --verbose + env: + DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }} + DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID }} + DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} + NOTARY_TARGETS_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index 717524b..6391d1a 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -28,7 +28,7 @@ jobs: - name: Parse Alpine version id: distro_version run: | - echo "release=$(cat update.sh | grep -m7 '\[stable\]=' | tail -n1 | cut -d"'" -f2)" >> "$GITHUB_OUTPUT" + echo "release=$(cat update.sh | grep -m8 '\[stable\]=' | tail -n1 | cut -d"'" -f2)" >> "$GITHUB_OUTPUT" slim: name: Build Alpine NGINX stable slim Docker image @@ -359,3 +359,112 @@ jobs: DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID }} DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} NOTARY_TARGETS_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} + otel: + name: Build Alpine NGINX stable otel Docker image + needs: [version, core] + runs-on: ubuntu-24.04 + strategy: + fail-fast: false + steps: + - name: Check out the codebase + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Set up QEMU + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + + - name: Configure AWS credentials + if: ${{ github.event_name != 'pull_request' }} + uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 + with: + aws-region: ${{ secrets.AWS_REGION }} + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + - name: Login to Amazon ECR Public Gallery + if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + with: + registry: public.ecr.aws + + - name: Login to Docker Hub + if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Login to GitHub Container Registry + if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Login to Quay + if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + with: + registry: quay.io + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_TOKEN }} + + - name: Extract metadata (annotations, labels, tags) for Docker + id: meta + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + with: + images: | + docker.io/nginxinc/nginx-unprivileged + ghcr.io/nginx/nginx-unprivileged + public.ecr.aws/nginx/nginx-unprivileged + quay.io/nginx/nginx-unprivileged + tags: | + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-otel + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-otel + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-otel + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-otel + type=raw,value=stable-alpine-otel + type=raw,value=stable-alpine${{ needs.version.outputs.distro }}-otel + env: + DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index + + - name: Build and push NGINX stable otel Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay + id: build + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + with: + platforms: linux/amd64, linux/arm64 + context: "{{ defaultContext }}:stable/alpine-otel" + labels: ${{ steps.meta.outputs.labels }} + annotations: ${{ steps.meta.outputs.annotations }} + tags: ${{ steps.meta.outputs.tags }} + push: ${{ github.event_name != 'pull_request' }} + # cache-from: type=gha,scope=stable-alpine-otel + # cache-to: type=gha,mode=min,scope=stable-alpine-otel + + - name: Sign Docker Hub Manifest + if: ${{ github.event_name != 'pull_request' }} + run: | + set -ex + sudo apt update + sudo apt install -y notary + mkdir -p ~/.docker/trust/private + echo "$DOCKER_CONTENT_TRUST_REPOSITORY_KEY" > ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key + chmod 0400 ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key + docker trust key load ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key --name nginx + DIGEST=$(printf '${{ steps.build.outputs.metadata }}' | jq -r '."containerimage.descriptor".digest' | cut -d ':' -f2) + SIZE=$(printf '${{ steps.build.outputs.metadata }}' | jq -r '."containerimage.descriptor".size') + export NOTARY_AUTH=$(printf "${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_TOKEN }}" | base64 -w0) + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged stable-alpine-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged stable-alpine${{ needs.version.outputs.distro }}-otel $SIZE --sha256 $DIGEST --publish --verbose + env: + DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }} + DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID }} + DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} + NOTARY_TARGETS_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index 339dda6..b94e8a5 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -28,7 +28,7 @@ jobs: - name: Parse Debian version id: distro_version run: | - echo "release=$(cat update.sh | grep -m6 '\[mainline\]=' | tail -n1 | cut -d"'" -f2)" >> "$GITHUB_OUTPUT" + echo "release=$(cat update.sh | grep -m7 '\[mainline\]=' | tail -n1 | cut -d"'" -f2)" >> "$GITHUB_OUTPUT" core: name: Build Debian NGINX mainline Docker image @@ -267,3 +267,121 @@ jobs: DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID }} DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} NOTARY_TARGETS_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} + + otel: + name: Build Debian NGINX mainline otel Docker image + needs: [version, core] + runs-on: ubuntu-24.04 + strategy: + fail-fast: false + steps: + - name: Check out the codebase + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Set up QEMU + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + + - name: Configure AWS credentials + if: ${{ github.event_name != 'pull_request' }} + uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 + with: + aws-region: ${{ secrets.AWS_REGION }} + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + - name: Login to Amazon ECR Public Gallery + if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + with: + registry: public.ecr.aws + + - name: Login to Docker Hub + if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Login to GitHub Container Registry + if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Login to Quay + if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + with: + registry: quay.io + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_TOKEN }} + + - name: Extract metadata (annotations, labels, tags) for Docker + id: meta + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + with: + images: | + docker.io/nginxinc/nginx-unprivileged + ghcr.io/nginx/nginx-unprivileged + public.ecr.aws/nginx/nginx-unprivileged + quay.io/nginx/nginx-unprivileged + tags: | + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-otel + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-${{ needs.version.outputs.distro }}-otel + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-otel + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-${{ needs.version.outputs.distro }}-otel + type=raw,value=${{ needs.version.outputs.major }}-otel + type=raw,value=${{ needs.version.outputs.major }}-${{ needs.version.outputs.distro }}-otel + type=raw,value=mainline-otel + type=raw,value=mainline-${{ needs.version.outputs.distro }}-otel + type=raw,value=otel + type=raw,value=${{ needs.version.outputs.distro }}-otel + env: + DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index + + - name: Build and push NGINX mainline otel Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay + id: build + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + with: + platforms: linux/amd64, linux/arm64 + context: "{{ defaultContext }}:mainline/debian-otel" + labels: ${{ steps.meta.outputs.labels }} + annotations: ${{ steps.meta.outputs.annotations }} + tags: ${{ steps.meta.outputs.tags }} + push: ${{ github.event_name != 'pull_request' }} + # cache-from: type=gha,scope=debian-otel + # cache-to: type=gha,mode=min,scope=debian-otel + + - name: Sign Docker Hub Manifest + if: ${{ github.event_name != 'pull_request' }} + run: | + set -ex + sudo apt update + sudo apt install -y notary + mkdir -p ~/.docker/trust/private + echo "$DOCKER_CONTENT_TRUST_REPOSITORY_KEY" > ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key + chmod 0400 ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key + docker trust key load ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key --name nginx + DIGEST=$(printf '${{ steps.build.outputs.metadata }}' | jq -r '."containerimage.descriptor".digest' | cut -d ':' -f2) + SIZE=$(printf '${{ steps.build.outputs.metadata }}' | jq -r '."containerimage.descriptor".size') + export NOTARY_AUTH=$(printf "${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_TOKEN }}" | base64 -w0) + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-${{ needs.version.outputs.distro }}-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-${{ needs.version.outputs.distro }}-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-${{ needs.version.outputs.distro }}-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-${{ needs.version.outputs.distro }}-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.distro }}-otel $SIZE --sha256 $DIGEST --publish --verbose + env: + DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }} + DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID }} + DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} + NOTARY_TARGETS_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index b969e79..7bb80e6 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -25,10 +25,10 @@ jobs: echo "minor=$(cat update.sh | grep -m1 '\[stable\]=' | cut -d"'" -f2 | cut -d"." -f2)" >> "$GITHUB_OUTPUT" echo "patch=$(cat update.sh | grep -m1 '\[stable\]=' | cut -d"'" -f2 | cut -d"." -f3)" >> "$GITHUB_OUTPUT" - - name: Parse Alpine version + - name: Parse Debian version id: distro_version run: | - echo "release=$(cat update.sh | grep -m6 '\[stable\]=' | tail -n1 | cut -d"'" -f2)" >> "$GITHUB_OUTPUT" + echo "release=$(cat update.sh | grep -m7 '\[stable\]=' | tail -n1 | cut -d"'" -f2)" >> "$GITHUB_OUTPUT" core: name: Build Debian NGINX stable Docker image @@ -251,3 +251,113 @@ jobs: DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID }} DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} NOTARY_TARGETS_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} + + otel: + name: Build Debian NGINX stable otel Docker image + needs: [version, core] + runs-on: ubuntu-24.04 + strategy: + fail-fast: false + steps: + - name: Check out the codebase + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Set up QEMU + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + + - name: Configure AWS credentials + if: ${{ github.event_name != 'pull_request' }} + uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 + with: + aws-region: ${{ secrets.AWS_REGION }} + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + - name: Login to Amazon ECR Public Gallery + if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + with: + registry: public.ecr.aws + + - name: Login to Docker Hub + if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Login to GitHub Container Registry + if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Login to Quay + if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + with: + registry: quay.io + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_TOKEN }} + + - name: Extract metadata (annotations, labels, tags) for Docker + id: meta + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + with: + images: | + docker.io/nginxinc/nginx-unprivileged + ghcr.io/nginx/nginx-unprivileged + public.ecr.aws/nginx/nginx-unprivileged + quay.io/nginx/nginx-unprivileged + tags: | + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-otel + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-${{ needs.version.outputs.distro }}-otel + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-otel + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-${{ needs.version.outputs.distro }}-otel + type=raw,value=stable-otel + type=raw,value=stable-${{ needs.version.outputs.distro }}-otel + env: + DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index + + - name: Build and push NGINX stable otel Debian image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay + id: build + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + with: + platforms: linux/amd64, linux/arm64 + context: "{{ defaultContext }}:stable/debian-otel" + labels: ${{ steps.meta.outputs.labels }} + annotations: ${{ steps.meta.outputs.annotations }} + tags: ${{ steps.meta.outputs.tags }} + push: ${{ github.event_name != 'pull_request' }} + # cache-from: type=gha,scope=stable-debian-otel + # cache-to: type=gha,mode=min,scope=stable-debian-otel + + - name: Sign Docker Hub Manifest + if: ${{ github.event_name != 'pull_request' }} + run: | + set -ex + sudo apt update + sudo apt install -y notary + mkdir -p ~/.docker/trust/private + echo "$DOCKER_CONTENT_TRUST_REPOSITORY_KEY" > ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key + chmod 0400 ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key + docker trust key load ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key --name nginx + DIGEST=$(printf '${{ steps.build.outputs.metadata }}' | jq -r '."containerimage.descriptor".digest' | cut -d ':' -f2) + SIZE=$(printf '${{ steps.build.outputs.metadata }}' | jq -r '."containerimage.descriptor".size') + export NOTARY_AUTH=$(printf "${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_TOKEN }}" | base64 -w0) + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-${{ needs.version.outputs.distro }}-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-${{ needs.version.outputs.distro }}-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged stable-otel $SIZE --sha256 $DIGEST --publish --verbose + notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged stable-${{ needs.version.outputs.distro }}-otel $SIZE --sha256 $DIGEST --publish --verbose + env: + DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }} + DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID }} + DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} + NOTARY_TARGETS_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} diff --git a/Dockerfile-alpine-otel.template b/Dockerfile-alpine-otel.template new file mode 100644 index 0000000..14212a0 --- /dev/null +++ b/Dockerfile-alpine-otel.template @@ -0,0 +1,74 @@ +ARG IMAGE=nginxinc/nginx-unprivileged:%%NGINX_VERSION%%-alpine +FROM $IMAGE + +ENV OTEL_VERSION=%%OTEL_VERSION%% + +ARG UID=101 +ARG GID=101 + +USER root + +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages="%%PACKAGES%% + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + cmake \ + bash \ + alpine-sdk \ + findutils \ + curl \ + xz \ + protobuf-dev \ + grpc-dev \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/%%REVISION%%.tar.gz \ + && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ + && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf %%REVISION%%.tar.gz \ + && cd pkg-oss-%%REVISION%% \ + && cd alpine \ + && make %%BUILDTARGET%% \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del --no-network .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del --no-network .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi + +USER $UID diff --git a/Dockerfile-debian-otel.template b/Dockerfile-debian-otel.template new file mode 100644 index 0000000..93b8ea1 --- /dev/null +++ b/Dockerfile-debian-otel.template @@ -0,0 +1,97 @@ +ARG IMAGE=nginxinc/nginx-unprivileged:%%NGINX_VERSION%% +FROM $IMAGE + +ENV OTEL_VERSION=%%OTEL_VERSION%% + +ARG UID=101 +ARG GID=101 + +USER root + +RUN set -x; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ + dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages="%%PACKAGES%% + " \ + && case "$dpkgArch" in \ + amd64|arm64) \ +# arches officially built by upstream + echo "deb [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources +# new directory for storing sources and .deb files + tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's packaging sources + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ + && ( \ + cd "$tempDir" \ + && REVISION="%%REVISION%%" \ + && REVISION=${REVISION%~*} \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in %%BUILDTARGET%%; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make %%BUILDTARGET%% \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi + +USER $UID diff --git a/Dockerfile-debian-perl.template b/Dockerfile-debian-perl.template index 764c208..fa99560 100644 --- a/Dockerfile-debian-perl.template +++ b/Dockerfile-debian-perl.template @@ -13,7 +13,7 @@ RUN set -x; \ " \ && case "$dpkgArch" in \ amd64|arm64) \ -# arches officialy built by upstream +# arches officially built by upstream echo "deb [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 92788e8..ae3bd5b 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -41,7 +41,7 @@ RUN set -x \ " \ && case "$dpkgArch" in \ amd64|arm64) \ -# arches officialy built by upstream +# arches officially built by upstream echo "deb [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile new file mode 100644 index 0000000..2082114 --- /dev/null +++ b/mainline/alpine-otel/Dockerfile @@ -0,0 +1,85 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +ARG IMAGE=nginxinc/nginx-unprivileged:1.27.5-alpine +FROM $IMAGE + +ENV OTEL_VERSION=0.1.2 + +ARG UID=101 +ARG GID=101 + +USER root + +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ + nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + cmake \ + bash \ + alpine-sdk \ + findutils \ + curl \ + xz \ + protobuf-dev \ + grpc-dev \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && cd alpine \ + && make module-otel \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del --no-network .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del --no-network .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi + +USER $UID diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile new file mode 100644 index 0000000..9939d9f --- /dev/null +++ b/mainline/debian-otel/Dockerfile @@ -0,0 +1,108 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +ARG IMAGE=nginxinc/nginx-unprivileged:1.27.5 +FROM $IMAGE + +ENV OTEL_VERSION=0.1.2 + +ARG UID=101 +ARG GID=101 + +USER root + +RUN set -x; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ + dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ + nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ + " \ + && case "$dpkgArch" in \ + amd64|arm64) \ +# arches officially built by upstream + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources +# new directory for storing sources and .deb files + tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's packaging sources + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ + && ( \ + cd "$tempDir" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION=${REVISION%~*} \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in module-otel; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make module-otel \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi + +USER $UID diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index cf083b3..c724679 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -24,7 +24,7 @@ RUN set -x; \ " \ && case "$dpkgArch" in \ amd64|arm64) \ -# arches officialy built by upstream +# arches officially built by upstream echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 2cca5ea..9503ba7 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -51,7 +51,7 @@ RUN set -x \ " \ && case "$dpkgArch" in \ amd64|arm64) \ -# arches officialy built by upstream +# arches officially built by upstream echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile new file mode 100644 index 0000000..f3d1ea6 --- /dev/null +++ b/stable/alpine-otel/Dockerfile @@ -0,0 +1,85 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +ARG IMAGE=nginxinc/nginx-unprivileged:1.28.0-alpine +FROM $IMAGE + +ENV OTEL_VERSION=0.1.2 + +ARG UID=101 +ARG GID=101 + +USER root + +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ + nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + cmake \ + bash \ + alpine-sdk \ + findutils \ + curl \ + xz \ + protobuf-dev \ + grpc-dev \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && cd alpine \ + && make module-otel \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del --no-network .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del --no-network .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi + +USER $UID diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile new file mode 100644 index 0000000..4eb0b52 --- /dev/null +++ b/stable/debian-otel/Dockerfile @@ -0,0 +1,108 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +ARG IMAGE=nginxinc/nginx-unprivileged:1.28.0 +FROM $IMAGE + +ENV OTEL_VERSION=0.1.2 + +ARG UID=101 +ARG GID=101 + +USER root + +RUN set -x; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ + dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ + nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ + " \ + && case "$dpkgArch" in \ + amd64|arm64) \ +# arches officially built by upstream + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources +# new directory for storing sources and .deb files + tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's packaging sources + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ + && ( \ + cd "$tempDir" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION=${REVISION%~*} \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in module-otel; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make module-otel \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi + +USER $UID diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 9d11815..89777a7 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -24,7 +24,7 @@ RUN set -x; \ " \ && case "$dpkgArch" in \ amd64|arm64) \ -# arches officialy built by upstream +# arches officially built by upstream echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 7217d8b..ec7a4e9 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -51,7 +51,7 @@ RUN set -x \ " \ && case "$dpkgArch" in \ amd64|arm64) \ -# arches officialy built by upstream +# arches officially built by upstream echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ diff --git a/update.sh b/update.sh index 1b5fcf0..9db599a 100755 --- a/update.sh +++ b/update.sh @@ -29,6 +29,12 @@ declare -A njspkg=( [stable]='1' ) +# Current otel versions +declare -A otel=( + [mainline]='0.1.2' + [stable]='0.1.2' +) + # Current nginx package patchlevel version # Remember to update pkgosschecksum when changing this. declare -A pkg=( @@ -75,6 +81,8 @@ get_packages() { shift local branch="$1" shift + local bn="" + local otel= local perl= local r= local sep= @@ -93,6 +101,10 @@ get_packages() { *-perl) perl="nginx-module-perl" ;; + *-otel) + otel="nginx-module-otel" + bn="\n" + ;; esac echo -n ' \\\n' @@ -110,16 +122,21 @@ get_packages() { echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${DYNPKG_RELEASE} \\\n' done for p in nginx-module-njs; do - echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${NJS_RELEASE} \\' + echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${NJS_RELEASE} \\'"$bn" + done + for p in $otel; do + echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${OTEL_VERSION}-'"$r"'${PKG_RELEASE} \\' done ;; esac } get_packagerepo() { - local distro="${1%-perl}" - distro="${distro%-slim}" + local distro="$1" shift + distro="${distro%-perl}" + distro="${distro%-otel}" + distro="${distro%-slim}" local branch="$1" shift @@ -129,8 +146,11 @@ get_packagerepo() { } get_packagever() { - local distro="${1%-perl}" + local distro="$1" shift + distro="${distro%-perl}" + distro="${distro%-otel}" + distro="${distro%-slim}" local branch="$1" shift local package="$1" @@ -154,6 +174,7 @@ get_packagever() { get_buildtarget() { local distro="$1" + shift case "$distro" in alpine-slim) echo base @@ -167,6 +188,9 @@ get_buildtarget() { *-perl) echo module-perl ;; + *-otel) + echo module-otel + ;; esac } @@ -182,15 +206,15 @@ __EOF__ for branch in "${branches[@]}"; do for variant in \ - alpine{,-perl,-slim} \ - debian{,-perl}; do + alpine{,-perl,-otel,-slim} \ + debian{,-perl,-otel}; do echo "$branch: $variant dockerfiles" dir="$branch/$variant" variant="$(basename "$variant")" [ -d "$dir" ] || continue - template="Dockerfile-${variant%}.template" + template="Dockerfile-${variant}.template" { generated_warning cat "$template" @@ -200,6 +224,7 @@ for branch in "${branches[@]}"; do alpinever="${alpine[$branch]}" nginxver="${nginx[$branch]}" njsver="${njs[${branch}]}" + otelver="${otel[${branch}]}" revver="${rev[${branch}]}" pkgosschecksumver="${pkgosschecksum[${branch}]}" @@ -217,6 +242,7 @@ for branch in "${branches[@]}"; do -e 's,%%NGINX_VERSION%%,'"$nginxver"',' \ -e 's,%%NJS_VERSION%%,'"$njsver"',' \ -e 's,%%NJS_RELEASE%%,'"$njspkgver"',' \ + -e 's,%%OTEL_VERSION%%,'"$otelver"',' \ -e 's,%%PKG_RELEASE%%,'"$packagever"',' \ -e 's,%%PACKAGES%%,'"$packages"',' \ -e 's,%%PACKAGEREPO%%,'"$packagerepo"',' \ @@ -225,7 +251,7 @@ for branch in "${branches[@]}"; do -e 's,%%BUILDTARGET%%,'"$buildtarget"',' \ "$dir/Dockerfile" - done + done for variant in \ alpine-slim \ From 04c6eab26411ae76acf27eaf48517cff90b41950 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Jun 2025 13:22:28 +0200 Subject: [PATCH 43/60] chore(deps): Bump docker/setup-buildx-action from 3.10.0 to 3.11.1 (#320) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 8 ++++---- .github/workflows/alpine-stable.yml | 8 ++++---- .github/workflows/debian-mainline.yml | 6 +++--- .github/workflows/debian-stable.yml | 6 +++--- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 527bf99..7f01ac2 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -44,7 +44,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -162,7 +162,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -280,7 +280,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -398,7 +398,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index 6391d1a..1054a0d 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -44,7 +44,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -154,7 +154,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -264,7 +264,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -373,7 +373,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index b94e8a5..df41032 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -44,7 +44,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -163,7 +163,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -282,7 +282,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index 7bb80e6..5690c8b 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -44,7 +44,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -155,7 +155,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} @@ -266,7 +266,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} From 4f7239ffda496ef84bf3d773d5a279393a6e5ff1 Mon Sep 17 00:00:00 2001 From: Sergey <30203864+S1ealth@users.noreply.github.com> Date: Fri, 27 Jun 2025 15:21:37 +0300 Subject: [PATCH 44/60] fix: PID file location in init.d script (#323) --- Dockerfile-debian.template | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index ae3bd5b..86bcc08 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -130,6 +130,7 @@ RUN sed -i 's,listen 80;,listen 8080;,' /etc/nginx/conf.d/default.co && sed -i '/user nginx;/d' /etc/nginx/nginx.conf \ && sed -i 's,\(/var\)\{0\,1\}/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf \ && sed -i "/^http {/a \ proxy_temp_path /tmp/proxy_temp;\n client_body_temp_path /tmp/client_temp;\n fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n" /etc/nginx/nginx.conf \ + && sed -i 's,PIDFILE=${PIDFILE:-/run/nginx.pid},PIDFILE=${PIDFILE:-/tmp/nginx.pid},' /etc/init.d/nginx \ # nginx user must own the cache and etc directory to write cache and tweak the nginx config && chown -R $UID:0 /var/cache/nginx \ && chmod -R g+w /var/cache/nginx \ From 22cffb6294b957eeda50c9ed6a3decb15f46042a Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 27 Jun 2025 14:44:10 +0200 Subject: [PATCH 45/60] feat: Update mainline NGINX to 1.29.0 (#322) --- README.md | 2 +- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 6 +++--- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- update.sh | 12 ++++++------ 9 files changed, 24 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index d8c53ba..f784bff 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ Untagged images on Amazon ECR and the GitHub Container Registry are cleaned up o ### Architectures -Most images are built for the `amd64`, `arm32v5` (for Debian), `arm32v6` (for Alpine), `arm32v7`, `arm64v8`, `i386`, `mips64le` (for Debian), `ppc64le` and `s390x` architectures. +Most images are built for the `amd64`, `arm32v5` (for Debian), `arm32v6` (for Alpine), `arm32v7`, `arm64`, `i386`, `mips64le` (for Debian), `ppc64le` and `s390x` architectures. OTel images are built for `amd64` and `arm64`. ## Troubleshooting Tips diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 2082114..eeb69b4 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.27.5-alpine +ARG IMAGE=nginxinc/nginx-unprivileged:1.29.0-alpine FROM $IMAGE ENV OTEL_VERSION=0.1.2 @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 24241c8..8ed4a0c 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.27.5-alpine +ARG IMAGE=nginxinc/nginx-unprivileged:1.29.0-alpine FROM $IMAGE ARG UID=101 @@ -52,7 +52,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 1bdbfbc..d5f6f96 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -3,12 +3,12 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=alpine:3.21 +ARG IMAGE=alpine:3.22 FROM $IMAGE LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION=1.27.5 +ENV NGINX_VERSION=1.29.0 ENV PKG_RELEASE=1 ENV DYNPKG_RELEASE=1 @@ -63,7 +63,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 26dcf73..7543d5a 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,10 +3,10 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.27.5-alpine-slim +ARG IMAGE=nginxinc/nginx-unprivileged:1.29.0-alpine-slim FROM $IMAGE -ENV NJS_VERSION=0.8.10 +ENV NJS_VERSION=0.9.0 ENV NJS_RELEASE=1 ARG UID=101 @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 9939d9f..4f0ec48 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.27.5 +ARG IMAGE=nginxinc/nginx-unprivileged:1.29.0 FROM $IMAGE ENV OTEL_VERSION=0.1.2 @@ -56,7 +56,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index c724679..38cefa0 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.27.5 +ARG IMAGE=nginxinc/nginx-unprivileged:1.29.0 FROM $IMAGE ARG UID=101 @@ -54,7 +54,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 9503ba7..911c119 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -8,8 +8,8 @@ FROM $IMAGE LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION=1.27.5 -ENV NJS_VERSION=0.8.10 +ENV NGINX_VERSION=1.29.0 +ENV NJS_VERSION=0.9.0 ENV NJS_RELEASE=1~bookworm ENV PKG_RELEASE=1~bookworm ENV DYNPKG_RELEASE=1~bookworm @@ -81,7 +81,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/update.sh b/update.sh index 9db599a..bc2a408 100755 --- a/update.sh +++ b/update.sh @@ -2,7 +2,7 @@ set -Eeuo pipefail shopt -s nullglob -cd "$(dirname "$(greadlink -f "$BASH_SOURCE")")" +cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" declare branches=( "stable" @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.27.5' + [mainline]='1.29.0' [stable]='1.28.0' ) # Current njs versions declare -A njs=( - [mainline]='0.8.10' + [mainline]='0.9.0' [stable]='0.8.10' ) @@ -55,7 +55,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.21' + [mainline]='3.22' [stable]='3.21' ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745' + [mainline]='400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1' [stable]='517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4' ) @@ -235,7 +235,7 @@ for branch in "${branches[@]}"; do dynpkgver=$(get_packagever "$variant" "$branch" "dyn") buildtarget=$(get_buildtarget "$variant") - gsed -i \ + sed -i \ -e 's,%%ALPINE_VERSION%%,'"$alpinever"',' \ -e 's,%%DEBIAN_VERSION%%,'"$debianver"',' \ -e 's,%%DYNPKG_RELEASE%%,'"$dynpkgver"',' \ From d500b08421e95d58e15add1bc9f5c86e9af0f5f8 Mon Sep 17 00:00:00 2001 From: Sergey <30203864+S1ealth@users.noreply.github.com> Date: Tue, 1 Jul 2025 13:04:06 +0300 Subject: [PATCH 46/60] chore: Update Dockerfiles to match template from #323 (#325) --- mainline/debian/Dockerfile | 1 + stable/debian/Dockerfile | 1 + 2 files changed, 2 insertions(+) diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 911c119..7b4bb5c 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -140,6 +140,7 @@ RUN sed -i 's,listen 80;,listen 8080;,' /etc/nginx/conf.d/default.co && sed -i '/user nginx;/d' /etc/nginx/nginx.conf \ && sed -i 's,\(/var\)\{0\,1\}/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf \ && sed -i "/^http {/a \ proxy_temp_path /tmp/proxy_temp;\n client_body_temp_path /tmp/client_temp;\n fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n" /etc/nginx/nginx.conf \ + && sed -i 's,PIDFILE=${PIDFILE:-/run/nginx.pid},PIDFILE=${PIDFILE:-/tmp/nginx.pid},' /etc/init.d/nginx \ # nginx user must own the cache and etc directory to write cache and tweak the nginx config && chown -R $UID:0 /var/cache/nginx \ && chmod -R g+w /var/cache/nginx \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index ec7a4e9..63f1d24 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -140,6 +140,7 @@ RUN sed -i 's,listen 80;,listen 8080;,' /etc/nginx/conf.d/default.co && sed -i '/user nginx;/d' /etc/nginx/nginx.conf \ && sed -i 's,\(/var\)\{0\,1\}/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf \ && sed -i "/^http {/a \ proxy_temp_path /tmp/proxy_temp;\n client_body_temp_path /tmp/client_temp;\n fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n" /etc/nginx/nginx.conf \ + && sed -i 's,PIDFILE=${PIDFILE:-/run/nginx.pid},PIDFILE=${PIDFILE:-/tmp/nginx.pid},' /etc/init.d/nginx \ # nginx user must own the cache and etc directory to write cache and tweak the nginx config && chown -R $UID:0 /var/cache/nginx \ && chmod -R g+w /var/cache/nginx \ From 66d8da2dc39b0f41e05bcbfd77834836fecab38a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Jul 2025 18:46:24 +0200 Subject: [PATCH 47/60] chore(deps): Bump github/codeql-action from 3.29.0 to 3.29.1 (#324) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ossf_scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml index 38be556..e03ac36 100644 --- a/.github/workflows/ossf_scorecard.yml +++ b/.github/workflows/ossf_scorecard.yml @@ -47,6 +47,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload SARIF results to code scanning - uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0 + uses: github/codeql-action/upload-sarif@39edc492dbe16b1465b0cafca41432d857bdb31a # v3.29.1 with: sarif_file: results.sarif From 27f0e5517baa1ae4808766498d0de7932ff0cfa7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Jul 2025 19:10:02 +0200 Subject: [PATCH 48/60] chore(deps): Bump github/codeql-action from 3.29.1 to 3.29.2 (#326) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ossf_scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml index e03ac36..aafd042 100644 --- a/.github/workflows/ossf_scorecard.yml +++ b/.github/workflows/ossf_scorecard.yml @@ -47,6 +47,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload SARIF results to code scanning - uses: github/codeql-action/upload-sarif@39edc492dbe16b1465b0cafca41432d857bdb31a # v3.29.1 + uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2 with: sarif_file: results.sarif From c99493627c88c2a449f32809637e97278a4867e1 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 15 Jul 2025 06:29:49 -0700 Subject: [PATCH 49/60] fix: Pass GPG key ids as separate arguments when exporting (#328) --- Dockerfile-debian.template | 2 +- mainline/debian/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 86bcc08..1c41386 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -33,7 +33,7 @@ RUN set -x \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 7b4bb5c..64b01cd 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -38,7 +38,7 @@ RUN set -x \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 63f1d24..725908c 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -38,7 +38,7 @@ RUN set -x \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ From 13c35862aa5b9218395f776fb5d48878cb0a8c9b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 7 Aug 2025 17:38:07 +0200 Subject: [PATCH 50/60] chore(deps): Bump github/codeql-action from 3.29.2 to 3.29.5 (#332) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ossf_scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml index aafd042..258e687 100644 --- a/.github/workflows/ossf_scorecard.yml +++ b/.github/workflows/ossf_scorecard.yml @@ -47,6 +47,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload SARIF results to code scanning - uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2 + uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 with: sarif_file: results.sarif From b296a8b716c469606368761ec5b47c102a91f9b7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 7 Aug 2025 17:38:16 +0200 Subject: [PATCH 51/60] chore(deps): Bump docker/metadata-action from 5.7.0 to 5.8.0 (#333) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 8 ++++---- .github/workflows/alpine-stable.yml | 8 ++++---- .github/workflows/debian-mainline.yml | 6 +++--- .github/workflows/debian-stable.yml | 6 +++--- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 7f01ac2..6adc9b8 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -85,7 +85,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 with: images: | docker.io/nginxinc/nginx-unprivileged @@ -203,7 +203,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 with: images: | docker.io/nginxinc/nginx-unprivileged @@ -321,7 +321,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 with: images: | docker.io/nginxinc/nginx-unprivileged @@ -439,7 +439,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 with: images: | docker.io/nginxinc/nginx-unprivileged diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index 1054a0d..85e2aa0 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -85,7 +85,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 with: images: | docker.io/nginxinc/nginx-unprivileged @@ -195,7 +195,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 with: images: | docker.io/nginxinc/nginx-unprivileged @@ -305,7 +305,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 with: images: | docker.io/nginxinc/nginx-unprivileged @@ -414,7 +414,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 with: images: | docker.io/nginxinc/nginx-unprivileged diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index df41032..fa73b20 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -85,7 +85,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 with: images: | docker.io/nginxinc/nginx-unprivileged @@ -204,7 +204,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 with: images: | docker.io/nginxinc/nginx-unprivileged @@ -323,7 +323,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 with: images: | docker.io/nginxinc/nginx-unprivileged diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index 5690c8b..968859f 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -85,7 +85,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 with: images: | docker.io/nginxinc/nginx-unprivileged @@ -196,7 +196,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 with: images: | docker.io/nginxinc/nginx-unprivileged @@ -307,7 +307,7 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 with: images: | docker.io/nginxinc/nginx-unprivileged From fea724c10e665ed4bd188fa16dee4bc9396d8956 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 17 Aug 2025 17:19:27 +0200 Subject: [PATCH 52/60] chore(deps): Bump docker/login-action from 3.4.0 to 3.5.0 (#335) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 32 +++++++++++++-------------- .github/workflows/alpine-stable.yml | 32 +++++++++++++-------------- .github/workflows/debian-mainline.yml | 24 ++++++++++---------- .github/workflows/debian-stable.yml | 24 ++++++++++---------- 4 files changed, 56 insertions(+), 56 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 6adc9b8..9a7aa28 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -56,20 +56,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -77,7 +77,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} @@ -174,20 +174,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -195,7 +195,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} @@ -292,20 +292,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -313,7 +313,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} @@ -410,20 +410,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -431,7 +431,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index 85e2aa0..446af75 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -56,20 +56,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -77,7 +77,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} @@ -166,20 +166,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -187,7 +187,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} @@ -276,20 +276,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -297,7 +297,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} @@ -385,20 +385,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -406,7 +406,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index fa73b20..31330e5 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -56,20 +56,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -77,7 +77,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} @@ -175,20 +175,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -196,7 +196,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} @@ -294,20 +294,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -315,7 +315,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index 968859f..8cd2f3a 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -56,20 +56,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -77,7 +77,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} @@ -167,20 +167,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -188,7 +188,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} @@ -278,20 +278,20 @@ jobs: - name: Login to Amazon ECR Public Gallery if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: public.ecr.aws - name: Login to Docker Hub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -299,7 +299,7 @@ jobs: - name: Login to Quay if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} From 1210140c7218d353986f31f4f28664986617cd5f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 17 Aug 2025 17:20:40 +0200 Subject: [PATCH 53/60] chore(deps): Bump aws-actions/configure-aws-credentials from 4.2.1 to 4.3.1 (#336) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 8 ++++---- .github/workflows/alpine-stable.yml | 8 ++++---- .github/workflows/debian-mainline.yml | 6 +++--- .github/workflows/debian-stable.yml | 6 +++--- .github/workflows/image-cleanup.yml | 2 +- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 9a7aa28..a7f9764 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -48,7 +48,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -166,7 +166,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -284,7 +284,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -402,7 +402,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index 446af75..ecde7e3 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -48,7 +48,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -158,7 +158,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -268,7 +268,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -377,7 +377,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index 31330e5..81d2abb 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -48,7 +48,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -167,7 +167,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -286,7 +286,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index 8cd2f3a..614d587 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -48,7 +48,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -159,7 +159,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -270,7 +270,7 @@ jobs: - name: Configure AWS credentials if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} diff --git a/.github/workflows/image-cleanup.yml b/.github/workflows/image-cleanup.yml index eebee81..826656d 100644 --- a/.github/workflows/image-cleanup.yml +++ b/.github/workflows/image-cleanup.yml @@ -17,7 +17,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: aws-region: ${{ secrets.AWS_REGION }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} From 88cee8fa3fce7d35f9fbe62354f4ce72e8477e16 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 17 Aug 2025 17:20:58 +0200 Subject: [PATCH 54/60] chore(deps): Bump github/codeql-action from 3.29.7 to 3.29.8 (#337) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ossf_scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml index 258e687..90edef2 100644 --- a/.github/workflows/ossf_scorecard.yml +++ b/.github/workflows/ossf_scorecard.yml @@ -47,6 +47,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload SARIF results to code scanning - uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 + uses: github/codeql-action/upload-sarif@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 with: sarif_file: results.sarif From a773d561b235f57f1c2417dbdef42348631ab0e6 Mon Sep 17 00:00:00 2001 From: xaviergrandmougin <102046199+xaviergrandmougin@users.noreply.github.com> Date: Sun, 17 Aug 2025 17:21:45 +0200 Subject: [PATCH 55/60] fix: Minimum fix to not always write the config file (#331) --- entrypoint/10-listen-on-ipv6-by-default.sh | 2 +- mainline/alpine-slim/10-listen-on-ipv6-by-default.sh | 2 +- mainline/debian/10-listen-on-ipv6-by-default.sh | 2 +- stable/alpine-slim/10-listen-on-ipv6-by-default.sh | 2 +- stable/debian/10-listen-on-ipv6-by-default.sh | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/entrypoint/10-listen-on-ipv6-by-default.sh b/entrypoint/10-listen-on-ipv6-by-default.sh index 29898b1..1766079 100755 --- a/entrypoint/10-listen-on-ipv6-by-default.sh +++ b/entrypoint/10-listen-on-ipv6-by-default.sh @@ -27,7 +27,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::\]:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release diff --git a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh index 29898b1..1766079 100755 --- a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -27,7 +27,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::\]:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release diff --git a/mainline/debian/10-listen-on-ipv6-by-default.sh b/mainline/debian/10-listen-on-ipv6-by-default.sh index 29898b1..1766079 100755 --- a/mainline/debian/10-listen-on-ipv6-by-default.sh +++ b/mainline/debian/10-listen-on-ipv6-by-default.sh @@ -27,7 +27,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::\]:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release diff --git a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh index 29898b1..1766079 100755 --- a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -27,7 +27,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::\]:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release diff --git a/stable/debian/10-listen-on-ipv6-by-default.sh b/stable/debian/10-listen-on-ipv6-by-default.sh index 29898b1..1766079 100755 --- a/stable/debian/10-listen-on-ipv6-by-default.sh +++ b/stable/debian/10-listen-on-ipv6-by-default.sh @@ -27,7 +27,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::\]:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release From d04d68e04e2f9d118ce6ed091cd47a3c3a8a02f2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Aug 2025 14:06:07 +0200 Subject: [PATCH 56/60] chore(deps): Bump actions/checkout from 4.2.2 to 5.0.0 (#341) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/alpine-mainline.yml | 10 +++++----- .github/workflows/alpine-stable.yml | 10 +++++----- .github/workflows/debian-mainline.yml | 8 ++++---- .github/workflows/debian-stable.yml | 8 ++++---- .github/workflows/image-cleanup.yml | 2 +- .github/workflows/ossf_scorecard.yml | 2 +- 6 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index a7f9764..88a159b 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -16,7 +16,7 @@ jobs: distro: ${{ steps.distro_version.outputs.release }} steps: - name: Check out the codebase - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Parse NGINX mainline version id: nginx_version @@ -38,7 +38,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up QEMU uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 @@ -156,7 +156,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up QEMU uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 @@ -274,7 +274,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up QEMU uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 @@ -392,7 +392,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up QEMU uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index ecde7e3..3703d62 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -16,7 +16,7 @@ jobs: distro: ${{ steps.distro_version.outputs.release }} steps: - name: Check out the codebase - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Parse NGINX stable version id: nginx_version @@ -38,7 +38,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up QEMU uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 @@ -148,7 +148,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up QEMU uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 @@ -258,7 +258,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up QEMU uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 @@ -367,7 +367,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up QEMU uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index 81d2abb..bf52f26 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -16,7 +16,7 @@ jobs: distro: ${{ steps.distro_version.outputs.release }} steps: - name: Check out the codebase - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Parse NGINX mainline version id: nginx_version @@ -38,7 +38,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up QEMU uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 @@ -157,7 +157,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up QEMU uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 @@ -276,7 +276,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up QEMU uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index 614d587..6071b94 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -16,7 +16,7 @@ jobs: distro: ${{ steps.distro_version.outputs.release }} steps: - name: Check out the codebase - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Parse NGINX stable version id: nginx_version @@ -38,7 +38,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up QEMU uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 @@ -149,7 +149,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up QEMU uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 @@ -260,7 +260,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up QEMU uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 diff --git a/.github/workflows/image-cleanup.yml b/.github/workflows/image-cleanup.yml index 826656d..478c691 100644 --- a/.github/workflows/image-cleanup.yml +++ b/.github/workflows/image-cleanup.yml @@ -14,7 +14,7 @@ jobs: fail-fast: false steps: - name: Check out the codebase - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml index 90edef2..014a036 100644 --- a/.github/workflows/ossf_scorecard.yml +++ b/.github/workflows/ossf_scorecard.yml @@ -25,7 +25,7 @@ jobs: id-token: write steps: - name: Check out the codebase - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false From ac48fea40b9ad5bb33441ef021d21a130bbcd1d2 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Mon, 18 Aug 2025 16:10:43 +0200 Subject: [PATCH 57/60] ci: Add support for GitHub's merge queue (#338) --- .github/workflows/alpine-mainline.yml | 1 + .github/workflows/alpine-stable.yml | 1 + .github/workflows/debian-mainline.yml | 1 + .github/workflows/debian-stable.yml | 1 + 4 files changed, 4 insertions(+) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 88a159b..d3142cf 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -2,6 +2,7 @@ name: Alpine Mainline on: pull_request: + merge_group: schedule: - cron: "0 0 * * 1" workflow_dispatch: diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index 3703d62..3f9db23 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -2,6 +2,7 @@ name: Alpine Stable on: pull_request: + merge_group: schedule: - cron: "0 0 * * 1" workflow_dispatch: diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index bf52f26..90a3dfa 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -2,6 +2,7 @@ name: Debian Mainline on: pull_request: + merge_group: schedule: - cron: "0 0 * * 1" workflow_dispatch: diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index 6071b94..25081da 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -2,6 +2,7 @@ name: Debian Stable on: pull_request: + merge_group: schedule: - cron: "0 0 * * 1" workflow_dispatch: From 872c2c0617f10eecc31b7826168a759f24dc02d7 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Mon, 18 Aug 2025 16:11:01 +0200 Subject: [PATCH 58/60] feat: Update mainline NGINX to 1.29.1 (#339) --- Dockerfile-debian.template | 4 ++-- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 10 +++++----- stable/debian/Dockerfile | 4 ++-- update.sh | 6 +++--- 10 files changed, 25 insertions(+), 25 deletions(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 1c41386..ed3076d 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -29,11 +29,11 @@ RUN set -x \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --batch --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index eeb69b4..2e9fc25 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.29.0-alpine +ARG IMAGE=nginxinc/nginx-unprivileged:1.29.1-alpine FROM $IMAGE ENV OTEL_VERSION=0.1.2 @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 8ed4a0c..e317ec2 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.29.0-alpine +ARG IMAGE=nginxinc/nginx-unprivileged:1.29.1-alpine FROM $IMAGE ARG UID=101 @@ -52,7 +52,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index d5f6f96..360d319 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -8,7 +8,7 @@ FROM $IMAGE LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION=1.29.0 +ENV NGINX_VERSION=1.29.1 ENV PKG_RELEASE=1 ENV DYNPKG_RELEASE=1 @@ -63,7 +63,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 7543d5a..c27aad3 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,10 +3,10 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.29.0-alpine-slim +ARG IMAGE=nginxinc/nginx-unprivileged:1.29.1-alpine-slim FROM $IMAGE -ENV NJS_VERSION=0.9.0 +ENV NJS_VERSION=0.9.1 ENV NJS_RELEASE=1 ARG UID=101 @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 4f0ec48..6ba9604 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.29.0 +ARG IMAGE=nginxinc/nginx-unprivileged:1.29.1 FROM $IMAGE ENV OTEL_VERSION=0.1.2 @@ -56,7 +56,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 38cefa0..d3a9583 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -ARG IMAGE=nginxinc/nginx-unprivileged:1.29.0 +ARG IMAGE=nginxinc/nginx-unprivileged:1.29.1 FROM $IMAGE ARG UID=101 @@ -54,7 +54,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 64b01cd..7f2afa7 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -8,8 +8,8 @@ FROM $IMAGE LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION=1.29.0 -ENV NJS_VERSION=0.9.0 +ENV NGINX_VERSION=1.29.1 +ENV NJS_VERSION=0.9.1 ENV NJS_RELEASE=1~bookworm ENV PKG_RELEASE=1~bookworm ENV DYNPKG_RELEASE=1~bookworm @@ -34,11 +34,11 @@ RUN set -x \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --batch --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ @@ -81,7 +81,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 725908c..989b30e 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -34,11 +34,11 @@ RUN set -x \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --batch --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ diff --git a/update.sh b/update.sh index bc2a408..6adb4f7 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.29.0' + [mainline]='1.29.1' [stable]='1.28.0' ) # Current njs versions declare -A njs=( - [mainline]='0.9.0' + [mainline]='0.9.1' [stable]='0.8.10' ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1' + [mainline]='43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4' [stable]='517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4' ) From 013dcf4aa453a6e747adc60ce13ca7ffda683090 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Aug 2025 01:38:37 +0200 Subject: [PATCH 59/60] chore(deps): Bump github/codeql-action from 3.29.8 to 3.29.9 (#340) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ossf_scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml index 014a036..22c97d0 100644 --- a/.github/workflows/ossf_scorecard.yml +++ b/.github/workflows/ossf_scorecard.yml @@ -47,6 +47,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload SARIF results to code scanning - uses: github/codeql-action/upload-sarif@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 + uses: github/codeql-action/upload-sarif@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.5 with: sarif_file: results.sarif From 7cfcabbde5c391384332a2975f5e24ebc960c804 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Aug 2025 17:31:17 +0200 Subject: [PATCH 60/60] chore(deps): Bump github/codeql-action from 3.29.10 to 3.29.11 (#344) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ossf_scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml index 22c97d0..47f9e5a 100644 --- a/.github/workflows/ossf_scorecard.yml +++ b/.github/workflows/ossf_scorecard.yml @@ -47,6 +47,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload SARIF results to code scanning - uses: github/codeql-action/upload-sarif@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.5 + uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5 with: sarif_file: results.sarif