diff --git a/.github/workflows/call_issue_pr_tracker.yml b/.github/workflows/call_issue_pr_tracker.yml index 2c30784..d07cf12 100755 --- a/.github/workflows/call_issue_pr_tracker.yml +++ b/.github/workflows/call_issue_pr_tracker.yml @@ -8,6 +8,9 @@ on: pull_request_review: types: [submitted,edited,dismissed] +permissions: + contents: read + jobs: manage-project: permissions: diff --git a/.github/workflows/call_issues_cron.yml b/.github/workflows/call_issues_cron.yml index e38dfc0..7763722 100755 --- a/.github/workflows/call_issues_cron.yml +++ b/.github/workflows/call_issues_cron.yml @@ -4,6 +4,9 @@ on: - cron: '33 12 * * *' workflow_dispatch: +permissions: + contents: read + jobs: stale: permissions: diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml index f502b3a..5cadde5 100644 --- a/.github/workflows/external_trigger.yml +++ b/.github/workflows/external_trigger.yml @@ -3,6 +3,9 @@ name: External Trigger Main on: workflow_dispatch: +permissions: + contents: read + jobs: external-trigger-master: runs-on: ubuntu-latest @@ -43,8 +46,8 @@ jobs: "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} exit 1 fi - EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g') - echo "External version: \`${EXT_RELEASE}\`" >> $GITHUB_STEP_SUMMARY + EXT_RELEASE_SANITIZED=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g') + echo "Sanitized external version: \`${EXT_RELEASE_SANITIZED}\`" >> $GITHUB_STEP_SUMMARY echo "Retrieving last pushed version" >> $GITHUB_STEP_SUMMARY image="linuxserver/plex" tag="latest" @@ -100,8 +103,8 @@ jobs: exit 1 fi echo "Last pushed version: \`${IMAGE_VERSION}\`" >> $GITHUB_STEP_SUMMARY - if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then - echo "Version \`${EXT_RELEASE}\` already pushed, exiting" >> $GITHUB_STEP_SUMMARY + if [ "${EXT_RELEASE_SANITIZED}" == "${IMAGE_VERSION}" ]; then + echo "Sanitized version \`${EXT_RELEASE_SANITIZED}\` already pushed, exiting" >> $GITHUB_STEP_SUMMARY exit 0 elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-plex/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then echo "New version \`${EXT_RELEASE}\` found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY @@ -116,7 +119,7 @@ jobs: "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} else printf "\n## Trigger new build\n\n" >> $GITHUB_STEP_SUMMARY - echo "New version \`${EXT_RELEASE}\` found; old version was \`${IMAGE_VERSION}\`. Triggering new build" >> $GITHUB_STEP_SUMMARY + echo "New sanitized version \`${EXT_RELEASE_SANITIZED}\` found; old version was \`${IMAGE_VERSION}\`. Triggering new build" >> $GITHUB_STEP_SUMMARY if [[ "${artifacts_found}" == "true" ]]; then echo "All artifacts seem to be uploaded." >> $GITHUB_STEP_SUMMARY fi @@ -136,7 +139,7 @@ jobs: --data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ --data-urlencode "Submit=Submit" echo "**** Notifying Discord ****" - TRIGGER_REASON="A version change was detected for plex tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE}" + TRIGGER_REASON="A version change was detected for plex tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE_SANITIZED}" curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, "description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}], "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} diff --git a/.github/workflows/external_trigger_scheduler.yml b/.github/workflows/external_trigger_scheduler.yml index d1c45f1..b3649f8 100644 --- a/.github/workflows/external_trigger_scheduler.yml +++ b/.github/workflows/external_trigger_scheduler.yml @@ -5,6 +5,9 @@ on: - cron: '14 * * * *' workflow_dispatch: +permissions: + contents: read + jobs: external-trigger-scheduler: runs-on: ubuntu-latest diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml index 7a82d14..9f32b52 100755 --- a/.github/workflows/greetings.yml +++ b/.github/workflows/greetings.yml @@ -2,8 +2,14 @@ name: Greetings on: [pull_request_target, issues] +permissions: + contents: read + jobs: greeting: + permissions: + issues: write + pull-requests: write runs-on: ubuntu-latest steps: - uses: actions/first-interaction@v1 diff --git a/.github/workflows/package_trigger_scheduler.yml b/.github/workflows/package_trigger_scheduler.yml index abaf63d..be3abba 100644 --- a/.github/workflows/package_trigger_scheduler.yml +++ b/.github/workflows/package_trigger_scheduler.yml @@ -5,6 +5,9 @@ on: - cron: '0 9 * * 1' workflow_dispatch: +permissions: + contents: read + jobs: package-trigger-scheduler: runs-on: ubuntu-latest diff --git a/Jenkinsfile b/Jenkinsfile index 1f446e8..7c4bb8d 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -96,7 +96,11 @@ pipeline { env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/' env.PULL_REQUEST = env.CHANGE_ID env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml' + if ( env.SYFT_IMAGE_TAG == null ) { + env.SYFT_IMAGE_TAG = 'latest' + } } + echo "Using syft image tag ${SYFT_IMAGE_TAG}" sh '''#! /bin/bash echo "The default github branch detected as ${GH_DEFAULT_BRANCH}" ''' script{ @@ -782,7 +786,7 @@ pipeline { docker run --rm \ -v /var/run/docker.sock:/var/run/docker.sock:ro \ -v ${TEMPDIR}:/tmp \ - ghcr.io/anchore/syft:v1.26.1 \ + ghcr.io/anchore/syft:${SYFT_IMAGE_TAG} \ ${LOCAL_CONTAINER} -o table=/tmp/package_versions.txt NEW_PACKAGE_TAG=$(md5sum ${TEMPDIR}/package_versions.txt | cut -c1-8 ) echo "Package tag sha from current packages in buit container is ${NEW_PACKAGE_TAG} comparing to old ${PACKAGE_TAG} from github" @@ -892,6 +896,7 @@ pipeline { -e WEB_AUTH=\"${CI_AUTH}\" \ -e WEB_PATH=\"${CI_WEBPATH}\" \ -e NODE_NAME=\"${NODE_NAME}\" \ + -e SYFT_IMAGE_TAG=\"${CI_SYFT_IMAGE_TAG:-${SYFT_IMAGE_TAG}}\" \ -t ghcr.io/linuxserver/ci:latest \ python3 test_build.py''' } diff --git a/README.md b/README.md index 5634907..2fd38ef 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,6 @@ wireguard onfig file has to be mounted in /etc/wireguard/wg0.conf. e.g.: [![Blog](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Blog)](https://blog.linuxserver.io "all the things you can do with our containers including How-To guides, opinions and much more!") [![Discord](https://img.shields.io/discord/354974912613449730.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Discord&logo=discord)](https://linuxserver.io/discord "realtime support / chat with the community and the team.") [![Discourse](https://img.shields.io/discourse/https/discourse.linuxserver.io/topics.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=discourse)](https://discourse.linuxserver.io "post on our community forum.") -[![Fleet](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Fleet)](https://fleet.linuxserver.io "an online web interface which displays all of our maintained images.") [![GitHub](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub&logo=github)](https://github.com/linuxserver "view the source for all of our repositories.") [![Open Collective](https://img.shields.io/opencollective/all/linuxserver.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Supporters&logo=open%20collective)](https://opencollective.com/linuxserver "please consider helping us by either donating or contributing to our budget") @@ -36,7 +35,6 @@ Find us at: * [Blog](https://blog.linuxserver.io) - all the things you can do with our containers including How-To guides, opinions and much more! * [Discord](https://linuxserver.io/discord) - realtime support / chat with the community and the team. * [Discourse](https://discourse.linuxserver.io) - post on our community forum. -* [Fleet](https://fleet.linuxserver.io) - an online web interface which displays all of our maintained images. * [GitHub](https://github.com/linuxserver) - view the source for all of our repositories. * [Open Collective](https://opencollective.com/linuxserver) - please consider helping us by either donating or contributing to our budget @@ -69,7 +67,6 @@ The architectures supported by this image are: | :----: | :----: | ---- | | x86-64 | ✅ | amd64-\ | | arm64 | ✅ | arm64v8-\ | -| armhf | ❌ | | ## Application Setup diff --git a/package_versions.txt b/package_versions.txt index 0b4106c..1d3e312 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -5,7 +5,7 @@ apt-utils 2.8.3 deb base-files 13ubuntu10.2 deb base-passwd 3.6.3build1 deb bash 5.2.21-2ubuntu4 deb -bsdutils 1:2.39.3-9ubuntu6.2 deb +bsdutils 1:2.39.3-9ubuntu6.3 deb ca-certificates 20240203 deb catatonit 0.1.7-1 deb coreutils 9.4-3ubuntu6 deb @@ -16,26 +16,26 @@ dash 0.5.12-6ubuntu5 deb debconf 1.5.86ubuntu1 deb debianutils 5.17build1 deb diffutils 1:3.10-1build1 deb -dirmngr 2.4.4-2ubuntu17.2 deb +dirmngr 2.4.4-2ubuntu17.3 deb dpkg 1.22.6ubuntu6.1 deb e2fsprogs 1.47.0-2.4~exp1ubuntu4.1 deb findutils 4.9.0-5build1 deb gcc-14-base 14.2.0-4ubuntu2~24.04 deb -gnupg 2.4.4-2ubuntu17.2 deb -gnupg-l10n 2.4.4-2ubuntu17.2 deb -gnupg-utils 2.4.4-2ubuntu17.2 deb -gpg 2.4.4-2ubuntu17.2 deb -gpg-agent 2.4.4-2ubuntu17.2 deb -gpg-wks-client 2.4.4-2ubuntu17.2 deb -gpgconf 2.4.4-2ubuntu17.2 deb -gpgsm 2.4.4-2ubuntu17.2 deb -gpgv 2.4.4-2ubuntu17.2 deb +gnupg 2.4.4-2ubuntu17.3 deb +gnupg-l10n 2.4.4-2ubuntu17.3 deb +gnupg-utils 2.4.4-2ubuntu17.3 deb +gpg 2.4.4-2ubuntu17.3 deb +gpg-agent 2.4.4-2ubuntu17.3 deb +gpg-wks-client 2.4.4-2ubuntu17.3 deb +gpgconf 2.4.4-2ubuntu17.3 deb +gpgsm 2.4.4-2ubuntu17.3 deb +gpgv 2.4.4-2ubuntu17.3 deb grep 3.11-4build1 deb -gzip 1.12-1ubuntu3 deb +gzip 1.12-1ubuntu3.1 deb hostname 3.23+nmu2ubuntu2 deb init-system-helpers 1.66ubuntu1 deb jq 1.7.1-3build1 deb -keyboxd 2.4.4-2ubuntu17.2 deb +keyboxd 2.4.4-2ubuntu17.3 deb krb5-locales 1.20.1-6ubuntu2.6 deb libacl1 2.3.2-1build1.1 deb libapt-pkg6.0t64 2.8.3 deb @@ -43,7 +43,7 @@ libassuan0 2.5.6-1build1 deb libattr1 1:2.5.2-1build1.1 deb libaudit-common 1:3.1.2-2.1build1.1 deb libaudit1 1:3.1.2-2.1build1.1 deb -libblkid1 2.39.3-9ubuntu6.2 deb +libblkid1 2.39.3-9ubuntu6.3 deb libbrotli1 1.1.0-2build2 deb libbsd0 0.12.1-1build1.1 deb libbz2-1.0 1.0.8-5.1build0.1 deb @@ -78,7 +78,7 @@ libldap2 2.6.7+dfsg-1~exp1ubuntu8.2 deb liblz4-1 1.9.4-1build1.1 deb liblzma5 5.6.1+really5.4.5-1ubuntu0.2 deb libmd0 1.1.0-2build1.1 deb -libmount1 2.39.3-9ubuntu6.2 deb +libmount1 2.39.3-9ubuntu6.3 deb libncursesw6 6.4+20240113-1ubuntu2 deb libnettle8t64 3.9.1-2.2build1.1 deb libnghttp2-14 1.59.0-1ubuntu0.2 deb @@ -102,10 +102,10 @@ libselinux1 3.5-2ubuntu2.1 deb libsemanage-common 3.5-1build5 deb libsemanage2 3.5-1build5 deb libsepol2 3.5-2build1 deb -libsmartcols1 2.39.3-9ubuntu6.2 deb +libsmartcols1 2.39.3-9ubuntu6.3 deb libsqlite3-0 3.45.1-1ubuntu2.3 deb libss2 1.47.0-2.4~exp1ubuntu4.1 deb -libssh-4 0.10.6-2build2 deb +libssh-4 0.10.6-2ubuntu0.1 deb libssl3t64 3.0.13-0ubuntu3.5 deb libstdc++6 14.2.0-4ubuntu2~24.04 deb libsystemd0 255.4-1ubuntu8.8 deb @@ -113,14 +113,14 @@ libtasn1-6 4.19.0-3ubuntu0.24.04.1 deb libtinfo6 6.4+20240113-1ubuntu2 deb libudev1 255.4-1ubuntu8.8 deb libunistring5 1.1-2build1.1 deb -libuuid1 2.39.3-9ubuntu6.2 deb +libuuid1 2.39.3-9ubuntu6.3 deb libxxhash0 0.8.2-2build1 deb libzstd1 1.5.5+dfsg2-2build1.1 deb locales 2.39-0ubuntu8.4 deb login 1:4.13+dfsg1-4ubuntu3.2 deb logsave 1.47.0-2.4~exp1ubuntu4.1 deb mawk 1.3.4.20240123-1build1 deb -mount 2.39.3-9ubuntu6.2 deb +mount 2.39.3-9ubuntu6.3 deb ncurses-base 6.4+20240113-1ubuntu2 deb ncurses-bin 6.4+20240113-1ubuntu2 deb netcat-openbsd 1.226-1ubuntu2 deb @@ -128,7 +128,7 @@ openssl 3.0.13-0ubuntu3.5 deb passwd 1:4.13+dfsg1-4ubuntu3.2 deb perl-base 5.38.2-3.2ubuntu0.1 deb pinentry-curses 1.2.1-3ubuntu5 deb -plexmediaserver 1.41.8.9834-071366d65 deb +plexmediaserver 1.41.9.9961-46083195d deb procps 2:4.0.4-4ubuntu3.2 deb publicsuffix 20231001.0357-0.1 deb readline-common 8.2-4build1 deb @@ -143,6 +143,6 @@ tzdata 2025b-0ubuntu0.24.04.1 deb ubuntu-keyring 2023.11.28.1 deb udev 255.4-1ubuntu8.8 deb unminimize 0.2.1 deb -util-linux 2.39.3-9ubuntu6.2 deb +util-linux 2.39.3-9ubuntu6.3 deb wget 1.21.4-1ubuntu4.1 deb zlib1g 1:1.3.dfsg-3.1ubuntu2.1 deb