diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml new file mode 100644 index 0000000..7152c11 --- /dev/null +++ b/.forgejo/workflows/build.yml @@ -0,0 +1,49 @@ +name: Build and push image + +on: + push: + branches: [master] + schedule: + - cron: '0 4 * * *' # daily, picks up LSIO base image updates + workflow_dispatch: + +jobs: + build: + runs-on: docker + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + ref: master + fetch-depth: 0 + token: ${{ secrets.PUSH_TOKEN }} + + - name: Merge upstream + run: | + git config user.name "forgejo-runner" + git config user.email "runner@forge.jannis.wtf" + git fetch origin master + git reset --hard origin/master + git remote add upstream https://github.com/linuxserver/docker-plex + git fetch upstream + git merge upstream/master --no-edit + git push origin master + + - name: Set up Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Forgejo registry + uses: docker/login-action@v3 + with: + registry: forge.jannis.wtf + username: ${{ secrets.REGISTRY_USER }} + password: ${{ secrets.REGISTRY_TOKEN }} + + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + push: true + tags: | + forge.jannis.wtf/fej/plex-wireguard:latest + forge.jannis.wtf/fej/plex-wireguard:${{ github.sha }} \ No newline at end of file diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 4245cd8..7892606 100755 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -6,7 +6,7 @@ * Read, and fill the Pull Request template * If this is a fix for a typo (in code, documentation, or the README) please file an issue and let us sort it out. We do not need a PR * If the PR is addressing an existing issue include, closes #\, in the body of the PR commit message -* If you want to discuss changes, you can also bring it up in [#dev-talk](https://discordapp.com/channels/354974912613449730/757585807061155840) in our [Discord server](https://discord.gg/YWrKVTn) +* If you want to discuss changes, you can also bring it up in [#dev-talk](https://discordapp.com/channels/354974912613449730/757585807061155840) in our [Discord server](https://linuxserver.io/discord) ## Common files @@ -105,10 +105,10 @@ docker build \ -t linuxserver/plex:latest . ``` -The ARM variants can be built on x86_64 hardware using `multiarch/qemu-user-static` +The ARM variants can be built on x86_64 hardware and vice versa using `lscr.io/linuxserver/qemu-static` ```bash -docker run --rm --privileged multiarch/qemu-user-static:register --reset +docker run --rm --privileged lscr.io/linuxserver/qemu-static --reset ``` Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64`. diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index 404ea59..d0e43ea 100755 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -1,7 +1,7 @@ blank_issues_enabled: false contact_links: - name: Discord chat support - url: https://discord.gg/YWrKVTn + url: https://linuxserver.io/discord about: Realtime support / chat with the community and the team. - name: Discourse discussion forum diff --git a/.github/workflows/call_issue_pr_tracker.yml b/.github/workflows/call_issue_pr_tracker.yml index 2c30784..d07cf12 100755 --- a/.github/workflows/call_issue_pr_tracker.yml +++ b/.github/workflows/call_issue_pr_tracker.yml @@ -8,6 +8,9 @@ on: pull_request_review: types: [submitted,edited,dismissed] +permissions: + contents: read + jobs: manage-project: permissions: diff --git a/.github/workflows/call_issues_cron.yml b/.github/workflows/call_issues_cron.yml index e38dfc0..7763722 100755 --- a/.github/workflows/call_issues_cron.yml +++ b/.github/workflows/call_issues_cron.yml @@ -4,6 +4,9 @@ on: - cron: '33 12 * * *' workflow_dispatch: +permissions: + contents: read + jobs: stale: permissions: diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml index 1318d39..5cadde5 100644 --- a/.github/workflows/external_trigger.yml +++ b/.github/workflows/external_trigger.yml @@ -3,6 +3,9 @@ name: External Trigger Main on: workflow_dispatch: +permissions: + contents: read + jobs: external-trigger-master: runs-on: ubuntu-latest @@ -11,18 +14,28 @@ jobs: - name: External Trigger if: github.ref == 'refs/heads/master' + env: + SKIP_EXTERNAL_TRIGGER: ${{ vars.SKIP_EXTERNAL_TRIGGER }} run: | printf "# External trigger for docker-plex\n\n" >> $GITHUB_STEP_SUMMARY - if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_PLEX_MASTER }}" ]; then + if grep -q "^plex_master_" <<< "${SKIP_EXTERNAL_TRIGGER}"; then + echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY + echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` contains \`plex_master_\`; will skip trigger if version matches." >> $GITHUB_STEP_SUMMARY + elif grep -q "^plex_master" <<< "${SKIP_EXTERNAL_TRIGGER}"; then echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY - echo "> Github secret \`PAUSE_EXTERNAL_TRIGGER_PLEX_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY + echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` contains \`plex_master\`; skipping trigger." >> $GITHUB_STEP_SUMMARY exit 0 fi echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY - echo "> External trigger running off of master branch. To disable this trigger, set a Github secret named \`PAUSE_EXTERNAL_TRIGGER_PLEX_MASTER\`" >> $GITHUB_STEP_SUMMARY + echo "> External trigger running off of master branch. To disable this trigger, add \`plex_master\` into the Github organizational variable \`SKIP_EXTERNAL_TRIGGER\`." >> $GITHUB_STEP_SUMMARY printf "\n## Retrieving external version\n\n" >> $GITHUB_STEP_SUMMARY EXT_RELEASE=$(curl -s "https://plex.tv/api/downloads/5.json" | jq -r '. | .computer.Linux.version') echo "Type is \`custom_json\`" >> $GITHUB_STEP_SUMMARY + if grep -q "^plex_master_${EXT_RELEASE}" <<< "${SKIP_EXTERNAL_TRIGGER}"; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` matches current external release; skipping trigger." >> $GITHUB_STEP_SUMMARY + exit 0 + fi if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY echo "> Can't retrieve external version, exiting" >> $GITHUB_STEP_SUMMARY @@ -33,24 +46,43 @@ jobs: "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} exit 1 fi - EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g') - echo "External version: \`${EXT_RELEASE}\`" >> $GITHUB_STEP_SUMMARY + EXT_RELEASE_SANITIZED=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g') + echo "Sanitized external version: \`${EXT_RELEASE_SANITIZED}\`" >> $GITHUB_STEP_SUMMARY echo "Retrieving last pushed version" >> $GITHUB_STEP_SUMMARY image="linuxserver/plex" tag="latest" token=$(curl -sX GET \ "https://ghcr.io/token?scope=repository%3Alinuxserver%2Fplex%3Apull" \ | jq -r '.token') - multidigest=$(curl -s \ + multidigest=$(curl -s \ + --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ + --header "Accept: application/vnd.oci.image.index.v1+json" \ + --header "Authorization: Bearer ${token}" \ + "https://ghcr.io/v2/${image}/manifests/${tag}") + if jq -e '.layers // empty' <<< "${multidigest}" >/dev/null 2>&1; then + # If there's a layer element it's a single-arch manifest so just get that digest + digest=$(jq -r '.config.digest' <<< "${multidigest}") + else + # Otherwise it's multi-arch or has manifest annotations + if jq -e '.manifests[]?.annotations // empty' <<< "${multidigest}" >/dev/null 2>&1; then + # Check for manifest annotations and delete if found + multidigest=$(jq 'del(.manifests[] | select(.annotations))' <<< "${multidigest}") + fi + if [[ $(jq '.manifests | length' <<< "${multidigest}") -gt 1 ]]; then + # If there's still more than one digest, it's multi-arch + multidigest=$(jq -r ".manifests[] | select(.platform.architecture == \"amd64\").digest?" <<< "${multidigest}") + else + # Otherwise it's single arch + multidigest=$(jq -r ".manifests[].digest?" <<< "${multidigest}") + fi + if digest=$(curl -s \ --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ + --header "Accept: application/vnd.oci.image.manifest.v1+json" \ --header "Authorization: Bearer ${token}" \ - "https://ghcr.io/v2/${image}/manifests/${tag}" \ - | jq -r 'first(.manifests[].digest)') - digest=$(curl -s \ - --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ - --header "Authorization: Bearer ${token}" \ - "https://ghcr.io/v2/${image}/manifests/${multidigest}" \ - | jq -r '.config.digest') + "https://ghcr.io/v2/${image}/manifests/${multidigest}"); then + digest=$(jq -r '.config.digest' <<< "${digest}"); + fi + fi image_info=$(curl -sL \ --header "Authorization: Bearer ${token}" \ "https://ghcr.io/v2/${image}/blobs/${digest}") @@ -71,33 +103,45 @@ jobs: exit 1 fi echo "Last pushed version: \`${IMAGE_VERSION}\`" >> $GITHUB_STEP_SUMMARY - if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then - echo "Version \`${EXT_RELEASE}\` already pushed, exiting" >> $GITHUB_STEP_SUMMARY + if [ "${EXT_RELEASE_SANITIZED}" == "${IMAGE_VERSION}" ]; then + echo "Sanitized version \`${EXT_RELEASE_SANITIZED}\` already pushed, exiting" >> $GITHUB_STEP_SUMMARY exit 0 elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-plex/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then echo "New version \`${EXT_RELEASE}\` found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY exit 0 else - printf "\n## Trigger new build\n\n" >> $GITHUB_STEP_SUMMARY - echo "New version \`${EXT_RELEASE}\` found; old version was \`${IMAGE_VERSION}\`. Triggering new build" >> $GITHUB_STEP_SUMMARY - response=$(curl -iX POST \ - https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-plex/job/master/buildWithParameters?PACKAGE_CHECK=false \ - --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") - echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY - echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY - sleep 10 - buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') - buildurl="${buildurl%$'\r'}" - echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY - echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY - curl -iX POST \ - "${buildurl}submitDescription" \ - --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \ - --data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ - --data-urlencode "Submit=Submit" - echo "**** Notifying Discord ****" - TRIGGER_REASON="A version change was detected for plex tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE}" - curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, - "description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}], - "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} + if [[ "${artifacts_found}" == "false" ]]; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> New version detected, but not all artifacts are published yet; skipping trigger" >> $GITHUB_STEP_SUMMARY + FAILURE_REASON="New version ${EXT_RELEASE} for plex tag latest is detected, however not all artifacts are uploaded to upstream release yet. Will try again later." + curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, + "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}], + "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} + else + printf "\n## Trigger new build\n\n" >> $GITHUB_STEP_SUMMARY + echo "New sanitized version \`${EXT_RELEASE_SANITIZED}\` found; old version was \`${IMAGE_VERSION}\`. Triggering new build" >> $GITHUB_STEP_SUMMARY + if [[ "${artifacts_found}" == "true" ]]; then + echo "All artifacts seem to be uploaded." >> $GITHUB_STEP_SUMMARY + fi + response=$(curl -iX POST \ + https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-plex/job/master/buildWithParameters?PACKAGE_CHECK=false \ + --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") + echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY + echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY + sleep 10 + buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') + buildurl="${buildurl%$'\r'}" + echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY + echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY + curl -iX POST \ + "${buildurl}submitDescription" \ + --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \ + --data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ + --data-urlencode "Submit=Submit" + echo "**** Notifying Discord ****" + TRIGGER_REASON="A version change was detected for plex tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE_SANITIZED}" + curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, + "description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}], + "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} + fi fi diff --git a/.github/workflows/external_trigger_scheduler.yml b/.github/workflows/external_trigger_scheduler.yml index d1c45f1..b3649f8 100644 --- a/.github/workflows/external_trigger_scheduler.yml +++ b/.github/workflows/external_trigger_scheduler.yml @@ -5,6 +5,9 @@ on: - cron: '14 * * * *' workflow_dispatch: +permissions: + contents: read + jobs: external-trigger-scheduler: runs-on: ubuntu-latest diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml index 7a82d14..9f32b52 100755 --- a/.github/workflows/greetings.yml +++ b/.github/workflows/greetings.yml @@ -2,8 +2,14 @@ name: Greetings on: [pull_request_target, issues] +permissions: + contents: read + jobs: greeting: + permissions: + issues: write + pull-requests: write runs-on: ubuntu-latest steps: - uses: actions/first-interaction@v1 diff --git a/.github/workflows/package_trigger.yml b/.github/workflows/package_trigger.yml deleted file mode 100644 index 77b3e2f..0000000 --- a/.github/workflows/package_trigger.yml +++ /dev/null @@ -1,42 +0,0 @@ -name: Package Trigger Main - -on: - workflow_dispatch: - -jobs: - package-trigger-master: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4.1.1 - - - name: Package Trigger - if: github.ref == 'refs/heads/master' - run: | - printf "# Package trigger for docker-plex\n\n" >> $GITHUB_STEP_SUMMARY - if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_PLEX_MASTER }}" ]; then - echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY - echo "> Github secret \`PAUSE_PACKAGE_TRIGGER_PLEX_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY - exit 0 - fi - if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-plex/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then - echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY - echo "> There already seems to be an active build on Jenkins; skipping package trigger" >> $GITHUB_STEP_SUMMARY - exit 0 - fi - echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY - echo "> Package trigger running off of master branch. To disable, set a Github secret named \`PAUSE_PACKAGE_TRIGGER_PLEX_MASTER\`" >> $GITHUB_STEP_SUMMARY - response=$(curl -iX POST \ - https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-plex/job/master/buildWithParameters?PACKAGE_CHECK=true \ - --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") - echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY - echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY - sleep 10 - buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') - buildurl="${buildurl%$'\r'}" - echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY - echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY - curl -iX POST \ - "${buildurl}submitDescription" \ - --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \ - --data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ - --data-urlencode "Submit=Submit" diff --git a/.github/workflows/package_trigger_scheduler.yml b/.github/workflows/package_trigger_scheduler.yml index 131561d..be3abba 100644 --- a/.github/workflows/package_trigger_scheduler.yml +++ b/.github/workflows/package_trigger_scheduler.yml @@ -5,6 +5,9 @@ on: - cron: '0 9 * * 1' workflow_dispatch: +permissions: + contents: read + jobs: package-trigger-scheduler: runs-on: ubuntu-latest @@ -14,6 +17,8 @@ jobs: fetch-depth: '0' - name: Package Trigger Scheduler + env: + SKIP_PACKAGE_TRIGGER: ${{ vars.SKIP_PACKAGE_TRIGGER }} run: | printf "# Package trigger scheduler for docker-plex\n\n" >> $GITHUB_STEP_SUMMARY printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY @@ -24,27 +29,75 @@ jobs: continue fi printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY - ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-plex/${br}/jenkins-vars.yml | yq -r '.ls_branch') - if [ "${br}" == "${ls_branch}" ]; then + JENKINS_VARS=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-plex/${br}/jenkins-vars.yml) + if ! curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-plex/${br}/Jenkinsfile >/dev/null 2>&1; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> No Jenkinsfile found. Branch is either deprecated or is an early dev branch." >> $GITHUB_STEP_SUMMARY + skipped_branches="${skipped_branches}${br} " + elif [[ "${br}" == $(yq -r '.ls_branch' <<< "${JENKINS_VARS}") ]]; then echo "Branch appears to be live; checking workflow." >> $GITHUB_STEP_SUMMARY - if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-plex/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then - echo "Triggering package trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY - triggered_branches="${triggered_branches}${br} " - curl -iX POST \ - -H "Authorization: token ${{ secrets.CR_PAT }}" \ - -H "Accept: application/vnd.github.v3+json" \ - -d "{\"ref\":\"refs/heads/${br}\"}" \ - https://api.github.com/repos/linuxserver/docker-plex/actions/workflows/package_trigger.yml/dispatches - sleep 30 + README_VARS=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-plex/${br}/readme-vars.yml) + if [[ $(yq -r '.project_deprecation_status' <<< "${README_VARS}") == "true" ]]; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> Branch appears to be deprecated; skipping trigger." >> $GITHUB_STEP_SUMMARY + skipped_branches="${skipped_branches}${br} " + elif [[ $(yq -r '.skip_package_check' <<< "${JENKINS_VARS}") == "true" ]]; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> Skipping branch ${br} due to \`skip_package_check\` being set in \`jenkins-vars.yml\`." >> $GITHUB_STEP_SUMMARY + skipped_branches="${skipped_branches}${br} " + elif grep -q "^plex_${br}" <<< "${SKIP_PACKAGE_TRIGGER}"; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> Github organizational variable \`SKIP_PACKAGE_TRIGGER\` contains \`plex_${br}\`; skipping trigger." >> $GITHUB_STEP_SUMMARY + skipped_branches="${skipped_branches}${br} " + elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-plex/job/${br}/lastBuild/api/json | jq -r '.building' 2>/dev/null) == "true" ]; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> There already seems to be an active build on Jenkins; skipping package trigger for ${br}" >> $GITHUB_STEP_SUMMARY + skipped_branches="${skipped_branches}${br} " else - echo "Skipping branch ${br} due to no package trigger workflow present." >> $GITHUB_STEP_SUMMARY + echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY + echo "> Triggering package trigger for branch ${br}" >> $GITHUB_STEP_SUMMARY + printf "> To disable, add \`plex_%s\` into the Github organizational variable \`SKIP_PACKAGE_TRIGGER\`.\n\n" "${br}" >> $GITHUB_STEP_SUMMARY + triggered_branches="${triggered_branches}${br} " + response=$(curl -iX POST \ + https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-plex/job/${br}/buildWithParameters?PACKAGE_CHECK=true \ + --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") + if [[ -z "${response}" ]]; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> Jenkins build could not be triggered. Skipping branch." + continue + fi + echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY + echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY + sleep 10 + buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') + buildurl="${buildurl%$'\r'}" + echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY + echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY + if ! curl -ifX POST \ + "${buildurl}submitDescription" \ + --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \ + --data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ + --data-urlencode "Submit=Submit"; then + echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY + echo "> Unable to change the Jenkins job description." + fi + sleep 20 fi else echo "Skipping branch ${br} due to being detected as dev branch." >> $GITHUB_STEP_SUMMARY fi done - echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****" - echo "**** Notifying Discord ****" - curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, - "description": "**Package Check Build(s) Triggered for plex** \n**Branch(es):** '"${triggered_branches}"' \n**Build URL:** '"https://ci.linuxserver.io/blue/organizations/jenkins/Docker-Pipeline-Builders%2Fdocker-plex/activity/"' \n"}], - "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} + if [[ -n "${triggered_branches}" ]] || [[ -n "${skipped_branches}" ]]; then + if [[ -n "${triggered_branches}" ]]; then + NOTIFY_BRANCHES="**Triggered:** ${triggered_branches} \n" + NOTIFY_BUILD_URL="**Build URL:** https://ci.linuxserver.io/blue/organizations/jenkins/Docker-Pipeline-Builders%2Fdocker-plex/activity/ \n" + echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****" + fi + if [[ -n "${skipped_branches}" ]]; then + NOTIFY_BRANCHES="${NOTIFY_BRANCHES}**Skipped:** ${skipped_branches} \n" + fi + echo "**** Notifying Discord ****" + curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, + "description": "**Package Check Build(s) for plex** \n'"${NOTIFY_BRANCHES}"''"${NOTIFY_BUILD_URL}"'"}], + "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} + fi diff --git a/.gitignore b/.gitignore index 6e8ad97..b733b8b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ +# Wireguard configs, you never know +wg*.conf # Windows image file caches Thumbs.db ehthumbs.db diff --git a/Dockerfile b/Dockerfile index 43c7e49..9bd89c9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DA LABEL maintainer="thelamer" #Add needed nvidia environment variables for https://github.com/NVIDIA/nvidia-docker -ENV NVIDIA_DRIVER_CAPABILITIES="compute,video,utility" +ENV NVIDIA_DRIVER_CAPABILITIES="compute,video,utility,graphics" # global environment settings ENV DEBIAN_FRONTEND="noninteractive" \ @@ -23,14 +23,18 @@ ENV DEBIAN_FRONTEND="noninteractive" \ PLEX_MEDIA_SERVER_MAX_PLUGIN_PROCS="6" \ PLEX_MEDIA_SERVER_USER="abc" \ PLEX_MEDIA_SERVER_INFO_VENDOR="Docker" \ - PLEX_MEDIA_SERVER_INFO_DEVICE="Docker Container (LinuxServer.io)" + PLEX_MEDIA_SERVER_INFO_DEVICE="Docker Container (LinuxServer.io)" \ + TMPDIR=/run/plex-temp \ + ATTACHED_DEVICES_PERMS="/dev/dri /dev/dvb -type c" RUN \ - echo "**** install runtime packages ****" && \ + echo "**** install runtime packages & wireguard ****" && \ apt-get update && \ apt-get install -y \ udev \ - wget && \ + wget \ + iproute2 \ + wireguard-tools &&\ echo "**** install plex ****" && \ if [ -z ${PLEX_RELEASE+x} ]; then \ PLEX_RELEASE=$(curl -sX GET 'https://plex.tv/api/downloads/5.json' \ @@ -54,6 +58,7 @@ RUN \ # add local files COPY root/ / + # add unrar COPY --from=unrar /usr/bin/unrar-ubuntu /usr/bin/unrar diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 257ca96..50d9455 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -20,7 +20,9 @@ ENV DEBIAN_FRONTEND="noninteractive" \ PLEX_MEDIA_SERVER_MAX_PLUGIN_PROCS="6" \ PLEX_MEDIA_SERVER_USER="abc" \ PLEX_MEDIA_SERVER_INFO_VENDOR="Docker" \ - PLEX_MEDIA_SERVER_INFO_DEVICE="Docker Container (LinuxServer.io)" + PLEX_MEDIA_SERVER_INFO_DEVICE="Docker Container (LinuxServer.io)" \ + TMPDIR=/run/plex-temp \ + ATTACHED_DEVICES_PERMS="/dev/dri /dev/dvb -type c" RUN \ echo "**** install runtime packages ****" && \ diff --git a/Jenkinsfile b/Jenkinsfile index 2bcd4ae..f0e1f0d 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -8,7 +8,7 @@ pipeline { } // Input to determine if this is a package check parameters { - string(defaultValue: 'false', description: 'package check run', name: 'PACKAGE_CHECK') + string(defaultValue: 'false', description: 'package check run', name: 'PACKAGE_CHECK') } // Configuration for the variables used for this specific repo environment { @@ -58,13 +58,26 @@ pipeline { steps{ echo "Running on node: ${NODE_NAME}" sh '''#! /bin/bash - containers=$(docker ps -aq) + echo "Pruning builder" + docker builder prune -f --builder container || : + containers=$(docker ps -q) if [[ -n "${containers}" ]]; then - docker stop ${containers} + BUILDX_CONTAINER_ID=$(docker ps -qf 'name=buildx_buildkit') + for container in ${containers}; do + if [[ "${container}" == "${BUILDX_CONTAINER_ID}" ]]; then + echo "skipping buildx container in docker stop" + else + echo "Stopping container ${container}" + docker stop ${container} + fi + done fi - docker system prune -af --volumes || : ''' + docker system prune -f --volumes || : + docker image prune -af || : + ''' script{ env.EXIT_STATUS = '' + env.CI_TEST_ATTEMPTED = '' env.LS_RELEASE = sh( script: '''docker run --rm quay.io/skopeo/stable:v1 inspect docker://ghcr.io/${LS_USER}/${CONTAINER_NAME}:latest 2>/dev/null | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''', returnStdout: true).trim() @@ -83,8 +96,12 @@ pipeline { env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/' env.PULL_REQUEST = env.CHANGE_ID - env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml' + env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml' + if ( env.SYFT_IMAGE_TAG == null ) { + env.SYFT_IMAGE_TAG = 'latest' + } } + echo "Using syft image tag ${SYFT_IMAGE_TAG}" sh '''#! /bin/bash echo "The default github branch detected as ${GH_DEFAULT_BRANCH}" ''' script{ @@ -193,6 +210,8 @@ pipeline { env.VERSION_TAG = env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER env.META_TAG = env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN + env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache' + env.CITEST_IMAGETAG = 'latest' } } } @@ -217,6 +236,8 @@ pipeline { env.META_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DEV_DOCKERHUB_IMAGE + '/tags/' + env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache' + env.CITEST_IMAGETAG = 'develop' } } } @@ -241,6 +262,8 @@ pipeline { env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/pull/' + env.PULL_REQUEST env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.PR_DOCKERHUB_IMAGE + '/tags/' + env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache' + env.CITEST_IMAGETAG = 'develop' } } } @@ -263,7 +286,7 @@ pipeline { -v ${WORKSPACE}:/mnt \ -e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \ -e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \ - ghcr.io/linuxserver/baseimage-alpine:3.20 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\ + ghcr.io/linuxserver/baseimage-alpine:3.23 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\ apk add --no-cache python3 && \ python3 -m venv /lsiopy && \ pip install --no-cache-dir -U pip && \ @@ -313,7 +336,7 @@ pipeline { echo "Jenkinsfile is up to date." fi echo "Starting Stage 2 - Delete old templates" - OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml" + OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml .github/workflows/package_trigger.yml" for i in ${OLD_TEMPLATES}; do if [[ -f "${i}" ]]; then TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}" @@ -337,6 +360,35 @@ pipeline { else echo "No templates to delete" fi + echo "Starting Stage 2.5 - Update init diagram" + if ! grep -q 'init_diagram:' readme-vars.yml; then + echo "Adding the key 'init_diagram' to readme-vars.yml" + sed -i '\\|^#.*changelog.*$|d' readme-vars.yml + sed -i 's|^changelogs:|# init diagram\\ninit_diagram:\\n\\n# changelog\\nchangelogs:|' readme-vars.yml + fi + mkdir -p ${TEMPDIR}/d2 + docker run --rm -v ${TEMPDIR}/d2:/output -e PUID=$(id -u) -e PGID=$(id -g) -e RAW="true" ghcr.io/linuxserver/d2-builder:latest ${CONTAINER_NAME}:latest + ls -al ${TEMPDIR}/d2 + yq -ei ".init_diagram |= load_str(\\"${TEMPDIR}/d2/${CONTAINER_NAME}-latest.d2\\")" readme-vars.yml + if [[ $(md5sum readme-vars.yml | cut -c1-8) != $(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/readme-vars.yml | cut -c1-8) ]]; then + echo "'init_diagram' has been updated. Updating repo and exiting build, new one will trigger based on commit." + mkdir -p ${TEMPDIR}/repo + git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO} + cd ${TEMPDIR}/repo/${LS_REPO} + git checkout -f master + cp ${WORKSPACE}/readme-vars.yml ${TEMPDIR}/repo/${LS_REPO}/readme-vars.yml + git add readme-vars.yml + git commit -m 'Bot Updating Templated Files' + git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git master + git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git master + echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} + echo "Updating templates and exiting build, new one will trigger based on commit" + rm -Rf ${TEMPDIR} + exit 0 + else + echo "false" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} + echo "Init diagram is unchanged" + fi echo "Starting Stage 3 - Update templates" CURRENTHASH=$(grep -hs ^ ${TEMPLATED_FILES} | md5sum | cut -c1-8) cd ${TEMPDIR}/docker-${CONTAINER_NAME} @@ -545,8 +597,45 @@ pipeline { --label \"org.opencontainers.image.title=Plex\" \ --label \"org.opencontainers.image.description=[Plex](https://plex.tv) organizes video, music and photos from personal media libraries and streams them to smart TVs, streaming boxes and mobile devices. This container is packaged as a standalone Plex Media Server. Straightforward design and bulk actions mean getting things done faster.\" \ --no-cache --pull -t ${IMAGE}:${META_TAG} --platform=linux/amd64 \ - --provenance=false --sbom=false \ + --provenance=true --sbom=true --builder=container --load \ --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." + sh '''#! /bin/bash + set -e + IFS=',' read -ra CACHE <<< "$BUILDCACHE" + for i in "${CACHE[@]}"; do + docker tag ${IMAGE}:${META_TAG} ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} + done + ''' + withCredentials([ + [ + $class: 'UsernamePasswordMultiBinding', + credentialsId: 'Quay.io-Robot', + usernameVariable: 'QUAYUSER', + passwordVariable: 'QUAYPASS' + ] + ]) { + retry_backoff(5,5) { + sh '''#! /bin/bash + set -e + echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin + echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin + echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin + echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin + + if [[ "${PACKAGE_CHECK}" != "true" ]]; then + declare -A pids + IFS=',' read -ra CACHE <<< "$BUILDCACHE" + for i in "${CACHE[@]}"; do + docker push ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} & + pids[$!]="$i" + done + for p in "${!pids[@]}"; do + wait "$p" || { [[ "${pids[$p]}" != *"quay.io"* ]] && exit 1; } + done + fi + ''' + } + } } } // Build MultiArch Docker containers for push to LS Repo @@ -577,8 +666,45 @@ pipeline { --label \"org.opencontainers.image.title=Plex\" \ --label \"org.opencontainers.image.description=[Plex](https://plex.tv) organizes video, music and photos from personal media libraries and streams them to smart TVs, streaming boxes and mobile devices. This container is packaged as a standalone Plex Media Server. Straightforward design and bulk actions mean getting things done faster.\" \ --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} --platform=linux/amd64 \ - --provenance=false --sbom=false \ + --provenance=true --sbom=true --builder=container --load \ --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." + sh '''#! /bin/bash + set -e + IFS=',' read -ra CACHE <<< "$BUILDCACHE" + for i in "${CACHE[@]}"; do + docker tag ${IMAGE}:amd64-${META_TAG} ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} + done + ''' + withCredentials([ + [ + $class: 'UsernamePasswordMultiBinding', + credentialsId: 'Quay.io-Robot', + usernameVariable: 'QUAYUSER', + passwordVariable: 'QUAYPASS' + ] + ]) { + retry_backoff(5,5) { + sh '''#! /bin/bash + set -e + echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin + echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin + echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin + echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin + + if [[ "${PACKAGE_CHECK}" != "true" ]]; then + declare -A pids + IFS=',' read -ra CACHE <<< "$BUILDCACHE" + for i in "${CACHE[@]}"; do + docker push ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} & + pids[$!]="$i" + done + for p in "${!pids[@]}"; do + wait "$p" || { [[ "${pids[$p]}" != *"quay.io"* ]] && exit 1; } + done + fi + ''' + } + } } } stage('Build ARM64') { @@ -587,10 +713,6 @@ pipeline { } steps { echo "Running on node: ${NODE_NAME}" - echo 'Logging into Github' - sh '''#! /bin/bash - echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin - ''' sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile.aarch64" sh "docker buildx build \ --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \ @@ -606,18 +728,52 @@ pipeline { --label \"org.opencontainers.image.title=Plex\" \ --label \"org.opencontainers.image.description=[Plex](https://plex.tv) organizes video, music and photos from personal media libraries and streams them to smart TVs, streaming boxes and mobile devices. This container is packaged as a standalone Plex Media Server. Straightforward design and bulk actions mean getting things done faster.\" \ --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} --platform=linux/arm64 \ - --provenance=false --sbom=false \ + --provenance=true --sbom=true --builder=container --load \ --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." - sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" - retry_backoff(5,5) { - sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" + sh '''#! /bin/bash + set -e + IFS=',' read -ra CACHE <<< "$BUILDCACHE" + for i in "${CACHE[@]}"; do + docker tag ${IMAGE}:arm64v8-${META_TAG} ${i}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} + done + ''' + withCredentials([ + [ + $class: 'UsernamePasswordMultiBinding', + credentialsId: 'Quay.io-Robot', + usernameVariable: 'QUAYUSER', + passwordVariable: 'QUAYPASS' + ] + ]) { + retry_backoff(5,5) { + sh '''#! /bin/bash + set -e + echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin + echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin + echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin + echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin + if [[ "${PACKAGE_CHECK}" != "true" ]]; then + declare -A pids + IFS=',' read -ra CACHE <<< "$BUILDCACHE" + for i in "${CACHE[@]}"; do + docker push ${i}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} & + pids[$!]="$i" + done + for p in "${!pids[@]}"; do + wait "$p" || { [[ "${pids[$p]}" != *"quay.io"* ]] && exit 1; } + done + fi + ''' + } } sh '''#! /bin/bash containers=$(docker ps -aq) if [[ -n "${containers}" ]]; then docker stop ${containers} fi - docker system prune -af --volumes || : ''' + docker system prune -f --volumes || : + docker image prune -af || : + ''' } } } @@ -642,7 +798,7 @@ pipeline { docker run --rm \ -v /var/run/docker.sock:/var/run/docker.sock:ro \ -v ${TEMPDIR}:/tmp \ - ghcr.io/anchore/syft:latest \ + ghcr.io/anchore/syft:${SYFT_IMAGE_TAG} \ ${LOCAL_CONTAINER} -o table=/tmp/package_versions.txt NEW_PACKAGE_TAG=$(md5sum ${TEMPDIR}/package_versions.txt | cut -c1-8 ) echo "Package tag sha from current packages in buit container is ${NEW_PACKAGE_TAG} comparing to old ${PACKAGE_TAG} from github" @@ -718,10 +874,19 @@ pipeline { script{ env.CI_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/index.html' env.CI_JSON_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/report.json' + env.CI_TEST_ATTEMPTED = 'true' } sh '''#! /bin/bash set -e - docker pull ghcr.io/linuxserver/ci:latest + if grep -q 'docker-baseimage' <<< "${LS_REPO}"; then + echo "Detected baseimage, setting LSIO_FIRST_PARTY=true" + if [ -n "${CI_DOCKERENV}" ]; then + CI_DOCKERENV="LSIO_FIRST_PARTY=true|${CI_DOCKERENV}" + else + CI_DOCKERENV="LSIO_FIRST_PARTY=true" + fi + fi + docker pull ghcr.io/linuxserver/ci:${CITEST_IMAGETAG} if [ "${MULTIARCH}" == "true" ]; then docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} --platform=arm64 docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG} @@ -733,6 +898,7 @@ pipeline { -e DOCKER_LOGS_TIMEOUT=\"${CI_DELAY}\" \ -e TAGS=\"${CI_TAGS}\" \ -e META_TAG=\"${META_TAG}\" \ + -e RELEASE_TAG=\"latest\" \ -e PORT=\"${CI_PORT}\" \ -e SSL=\"${CI_SSL}\" \ -e BASE=\"${DIST_IMAGE}\" \ @@ -742,7 +908,11 @@ pipeline { -e WEB_SCREENSHOT=\"${CI_WEB}\" \ -e WEB_AUTH=\"${CI_AUTH}\" \ -e WEB_PATH=\"${CI_WEBPATH}\" \ - -t ghcr.io/linuxserver/ci:latest \ + -e NODE_NAME=\"${NODE_NAME}\" \ + -e SYFT_IMAGE_TAG=\"${CI_SYFT_IMAGE_TAG:-${SYFT_IMAGE_TAG}}\" \ + -e COMMIT_SHA=\"${COMMIT_SHA}\" \ + -e BUILD_NUMBER=\"${BUILD_NUMBER}\" \ + -t ghcr.io/linuxserver/ci:${CITEST_IMAGETAG} \ python3 test_build.py''' } } @@ -757,37 +927,25 @@ pipeline { environment name: 'EXIT_STATUS', value: '' } steps { - withCredentials([ - [ - $class: 'UsernamePasswordMultiBinding', - credentialsId: 'Quay.io-Robot', - usernameVariable: 'QUAYUSER', - passwordVariable: 'QUAYPASS' - ] - ]) { - retry_backoff(5,5) { - sh '''#! /bin/bash - set -e - echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin - echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin - echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin - echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin - for PUSHIMAGE in "${GITHUBIMAGE}" "${GITLABIMAGE}" "${QUAYIMAGE}" "${IMAGE}"; do - docker tag ${IMAGE}:${META_TAG} ${PUSHIMAGE}:${META_TAG} - docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:latest - docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:${EXT_RELEASE_TAG} - if [ -n "${SEMVER}" ]; then - docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:${SEMVER} - fi - docker push ${PUSHIMAGE}:latest - docker push ${PUSHIMAGE}:${META_TAG} - docker push ${PUSHIMAGE}:${EXT_RELEASE_TAG} - if [ -n "${SEMVER}" ]; then - docker push ${PUSHIMAGE}:${SEMVER} - fi + retry_backoff(5,5) { + sh '''#! /bin/bash + set -e + for PUSHIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do + [[ ${PUSHIMAGE%%/*} =~ \\. ]] && PUSHIMAGEPLUS="${PUSHIMAGE}" || PUSHIMAGEPLUS="docker.io/${PUSHIMAGE}" + IFS=',' read -ra CACHE <<< "$BUILDCACHE" + for i in "${CACHE[@]}"; do + if [[ "${PUSHIMAGEPLUS}" == "$(cut -d "/" -f1 <<< ${i})"* ]]; then + CACHEIMAGE=${i} + fi done - ''' - } + docker buildx imagetools create --prefer-index=false -t ${PUSHIMAGE}:${META_TAG} -t ${PUSHIMAGE}:latest -t ${PUSHIMAGE}:${EXT_RELEASE_TAG} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \ + { if [[ "${PUSHIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + if [ -n "${SEMVER}" ]; then + docker buildx imagetools create --prefer-index=false -t ${PUSHIMAGE}:${SEMVER} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \ + { if [[ "${PUSHIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + fi + done + ''' } } } @@ -798,57 +956,41 @@ pipeline { environment name: 'EXIT_STATUS', value: '' } steps { - withCredentials([ - [ - $class: 'UsernamePasswordMultiBinding', - credentialsId: 'Quay.io-Robot', - usernameVariable: 'QUAYUSER', - passwordVariable: 'QUAYPASS' - ] - ]) { - retry_backoff(5,5) { - sh '''#! /bin/bash - set -e - echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin - echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin - echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin - echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin - if [ "${CI}" == "false" ]; then - docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} --platform=arm64 - docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG} + retry_backoff(5,5) { + sh '''#! /bin/bash + set -e + for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do + [[ ${MANIFESTIMAGE%%/*} =~ \\. ]] && MANIFESTIMAGEPLUS="${MANIFESTIMAGE}" || MANIFESTIMAGEPLUS="docker.io/${MANIFESTIMAGE}" + IFS=',' read -ra CACHE <<< "$BUILDCACHE" + for i in "${CACHE[@]}"; do + if [[ "${MANIFESTIMAGEPLUS}" == "$(cut -d "/" -f1 <<< ${i})"* ]]; then + CACHEIMAGE=${i} + fi + done + docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:amd64-${META_TAG} -t ${MANIFESTIMAGE}:amd64-latest -t ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \ + { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:arm64v8-${META_TAG} -t ${MANIFESTIMAGE}:arm64v8-latest -t ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} ${CACHEIMAGE}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || \ + { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + if [ -n "${SEMVER}" ]; then + docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:amd64-${SEMVER} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \ + { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:arm64v8-${SEMVER} ${CACHEIMAGE}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || \ + { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } fi - for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do - docker tag ${IMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} - docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-latest - docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} - docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} - docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-latest - docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} - if [ -n "${SEMVER}" ]; then - docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${SEMVER} - docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${SEMVER} - fi - docker push ${MANIFESTIMAGE}:amd64-${META_TAG} - docker push ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} - docker push ${MANIFESTIMAGE}:amd64-latest - docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG} - docker push ${MANIFESTIMAGE}:arm64v8-latest - docker push ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} - if [ -n "${SEMVER}" ]; then - docker push ${MANIFESTIMAGE}:amd64-${SEMVER} - docker push ${MANIFESTIMAGE}:arm64v8-${SEMVER} - fi - done - for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do - docker buildx imagetools create -t ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm64v8-latest - docker buildx imagetools create -t ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} - docker buildx imagetools create -t ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} - if [ -n "${SEMVER}" ]; then - docker buildx imagetools create -t ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} - fi - done - ''' - } + done + for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do + docker buildx imagetools create -t ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm64v8-latest || \ + { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + docker buildx imagetools create -t ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} || \ + { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + docker buildx imagetools create -t ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} || \ + { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + if [ -n "${SEMVER}" ]; then + docker buildx imagetools create -t ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} || \ + { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + fi + done + ''' } } } @@ -863,23 +1005,41 @@ pipeline { environment name: 'EXIT_STATUS', value: '' } steps { - echo "Pushing New tag for current commit ${META_TAG}" - sh '''curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/git/tags \ - -d '{"tag":"'${META_TAG}'",\ - "object": "'${COMMIT_SHA}'",\ - "message": "Tagging Release '${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}' to master",\ - "type": "commit",\ - "tagger": {"name": "LinuxServer-CI","email": "ci@linuxserver.io","date": "'${GITHUB_DATE}'"}}' ''' - echo "Pushing New release for Tag" sh '''#! /bin/bash + echo "Auto-generating release notes" + if [ "$(git tag --points-at HEAD)" != "" ]; then + echo "Existing tag points to current commit, suggesting no new LS changes" + AUTO_RELEASE_NOTES="No changes" + else + AUTO_RELEASE_NOTES=$(curl -fsL -H "Authorization: token ${GITHUB_TOKEN}" -H "Accept: application/vnd.github+json" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases/generate-notes \ + -d '{"tag_name":"'${META_TAG}'",\ + "target_commitish": "master"}' \ + | jq -r '.body' | sed 's|## What.s Changed||') + fi + echo "Pushing New tag for current commit ${META_TAG}" + curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/git/tags \ + -d '{"tag":"'${META_TAG}'",\ + "object": "'${COMMIT_SHA}'",\ + "message": "Tagging Release '${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}' to master",\ + "type": "commit",\ + "tagger": {"name": "LinuxServer-CI","email": "ci@linuxserver.io","date": "'${GITHUB_DATE}'"}}' + echo "Pushing New release for Tag" echo "Data change at JSON endpoint ${JSON_URL}" > releasebody.json - echo '{"tag_name":"'${META_TAG}'",\ - "target_commitish": "master",\ - "name": "'${META_TAG}'",\ - "body": "**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n\\n**Remote Changes:**\\n\\n' > start - printf '","draft": false,"prerelease": false}' >> releasebody.json - paste -d'\\0' start releasebody.json > releasebody.json.done - curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done''' + jq -n \ + --arg tag_name "$META_TAG" \ + --arg target_commitish "master" \ + --arg ci_url "${CI_URL:-N/A}" \ + --arg ls_notes "$AUTO_RELEASE_NOTES" \ + --arg remote_notes "$(cat releasebody.json)" \ + '{ + "tag_name": $tag_name, + "target_commitish": $target_commitish, + "name": $tag_name, + "body": ("**CI Report:**\\n\\n" + $ci_url + "\\n\\n**LinuxServer Changes:**\\n\\n" + $ls_notes + "\\n\\n**Remote Changes:**\\n\\n" + $remote_notes), + "draft": false, + "prerelease": false }' > releasebody.json.done + curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done + ''' } } // Add protection to the release branch @@ -917,90 +1077,129 @@ EOF ) ''' } } - // If this is a Pull request send the CI link as a comment on it - stage('Pull Request Comment') { - when { - not {environment name: 'CHANGE_ID', value: ''} - environment name: 'EXIT_STATUS', value: '' - } - steps { - sh '''#! /bin/bash - # Function to retrieve JSON data from URL - get_json() { - local url="$1" - local response=$(curl -s "$url") - if [ $? -ne 0 ]; then - echo "Failed to retrieve JSON data from $url" - return 1 - fi - local json=$(echo "$response" | jq .) - if [ $? -ne 0 ]; then - echo "Failed to parse JSON data from $url" - return 1 - fi - echo "$json" - } - - build_table() { - local data="$1" - - # Get the keys in the JSON data - local keys=$(echo "$data" | jq -r 'to_entries | map(.key) | .[]') - - # Check if keys are empty - if [ -z "$keys" ]; then - echo "JSON report data does not contain any keys or the report does not exist." - return 1 - fi - - # Build table header - local header="| Tag | Passed |\\n| --- | --- |\\n" - - # Loop through the JSON data to build the table rows - local rows="" - for build in $keys; do - local status=$(echo "$data" | jq -r ".[\\"$build\\"].test_success") - if [ "$status" = "true" ]; then - status="✅" - else - status="❌" - fi - local row="| "$build" | "$status" |\\n" - rows="${rows}${row}" - done - - local table="${header}${rows}" - local escaped_table=$(echo "$table" | sed 's/\"/\\\\"/g') - echo "$escaped_table" - } - - if [[ "${CI}" = "true" ]]; then - # Retrieve JSON data from URL - data=$(get_json "$CI_JSON_URL") - # Create table from JSON data - table=$(build_table "$data") - echo -e "$table" - - curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ - -H "Accept: application/vnd.github.v3+json" \ - "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ - -d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}" - else - curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ - -H "Accept: application/vnd.github.v3+json" \ - "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ - -d "{\\"body\\": \\"I am a bot, here is the pushed image/manifest for this PR: \\n\\n\\`${GITHUBIMAGE}:${META_TAG}\\`\\"}" - fi - ''' - - } - } } /* ###################### - Send status to Discord + Comment on PR and Send status to Discord ###################### */ post { always { + script { + env.JOB_DATE = sh( + script: '''date '+%Y-%m-%dT%H:%M:%S%:z' ''', + returnStdout: true).trim() + if (env.EXIT_STATUS == "ABORTED"){ + sh 'echo "build aborted"' + }else{ + if (currentBuild.currentResult == "SUCCESS"){ + if (env.GITHUBIMAGE =~ /lspipepr/){ + env.JOB_WEBHOOK_STATUS='Success' + env.JOB_WEBHOOK_COLOUR=3957028 + env.JOB_WEBHOOK_FOOTER='PR Build' + }else if (env.GITHUBIMAGE =~ /lsiodev/){ + env.JOB_WEBHOOK_STATUS='Success' + env.JOB_WEBHOOK_COLOUR=3957028 + env.JOB_WEBHOOK_FOOTER='Dev Build' + }else{ + env.JOB_WEBHOOK_STATUS='Success' + env.JOB_WEBHOOK_COLOUR=1681177 + env.JOB_WEBHOOK_FOOTER='Live Build' + } + }else{ + if (env.GITHUBIMAGE =~ /lspipepr/){ + env.JOB_WEBHOOK_STATUS='Failure' + env.JOB_WEBHOOK_COLOUR=12669523 + env.JOB_WEBHOOK_FOOTER='PR Build' + }else if (env.GITHUBIMAGE =~ /lsiodev/){ + env.JOB_WEBHOOK_STATUS='Failure' + env.JOB_WEBHOOK_COLOUR=12669523 + env.JOB_WEBHOOK_FOOTER='Dev Build' + }else{ + env.JOB_WEBHOOK_STATUS='Failure' + env.JOB_WEBHOOK_COLOUR=16711680 + env.JOB_WEBHOOK_FOOTER='Live Build' + } + } + sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"'color'": '${JOB_WEBHOOK_COLOUR}',\ + "footer": {"text" : "'"${JOB_WEBHOOK_FOOTER}"'"},\ + "timestamp": "'${JOB_DATE}'",\ + "description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** '${JOB_WEBHOOK_STATUS}'\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\ + "username": "Jenkins"}' ${BUILDS_DISCORD} ''' + } + } + script { + if (env.GITHUBIMAGE =~ /lspipepr/){ + if (env.CI_TEST_ATTEMPTED == "true"){ + sh '''#! /bin/bash + # Function to retrieve JSON data from URL + get_json() { + local url="$1" + local response=$(curl -s "$url") + if [ $? -ne 0 ]; then + echo "Failed to retrieve JSON data from $url" + return 1 + fi + local json=$(echo "$response" | jq .) + if [ $? -ne 0 ]; then + echo "Failed to parse JSON data from $url" + return 1 + fi + echo "$json" + } + + build_table() { + local data="$1" + + # Get the keys in the JSON data + local keys=$(echo "$data" | jq -r 'to_entries | map(.key) | .[]') + + # Check if keys are empty + if [ -z "$keys" ]; then + echo "JSON report data does not contain any keys or the report does not exist." + return 1 + fi + + # Build table header + local header="| Tag | Passed |\\n| --- | --- |\\n" + + # Loop through the JSON data to build the table rows + local rows="" + for build in $keys; do + local status=$(echo "$data" | jq -r ".[\\"$build\\"].test_success") + if [ "$status" = "true" ]; then + status="✅" + else + status="❌" + fi + local row="| "$build" | "$status" |\\n" + rows="${rows}${row}" + done + + local table="${header}${rows}" + local escaped_table=$(echo "$table" | sed 's/\"/\\\\"/g') + echo "$escaped_table" + } + + if [[ "${CI}" = "true" ]]; then + # Retrieve JSON data from URL + data=$(get_json "$CI_JSON_URL") + # Create table from JSON data + table=$(build_table "$data") + echo -e "$table" + + curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ + -H "Accept: application/vnd.github.v3+json" \ + "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ + -d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}" + else + curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ + -H "Accept: application/vnd.github.v3+json" \ + "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ + -d "{\\"body\\": \\"I am a bot, here is the pushed image/manifest for this PR: \\n\\n\\`${GITHUBIMAGE}:${META_TAG}\\`\\"}" + fi + ''' + } + } + } sh '''#!/bin/bash rm -rf /config/.ssh/id_sign rm -rf /config/.ssh/id_sign.pub @@ -1008,30 +1207,25 @@ EOF git config --global --unset user.signingkey git config --global --unset commit.gpgsign ''' - script{ - if (env.EXIT_STATUS == "ABORTED"){ - sh 'echo "build aborted"' - } - else if (currentBuild.currentResult == "SUCCESS"){ - sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 1681177,\ - "description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** Success\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\ - "username": "Jenkins"}' ${BUILDS_DISCORD} ''' - } - else { - sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 16711680,\ - "description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** failure\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\ - "username": "Jenkins"}' ${BUILDS_DISCORD} ''' - } - } } cleanup { sh '''#! /bin/bash - echo "Performing docker system prune!!" - containers=$(docker ps -aq) + echo "Pruning builder!!" + docker builder prune -f --builder container || : + containers=$(docker ps -q) if [[ -n "${containers}" ]]; then - docker stop ${containers} + BUILDX_CONTAINER_ID=$(docker ps -qf 'name=buildx_buildkit') + for container in ${containers}; do + if [[ "${container}" == "${BUILDX_CONTAINER_ID}" ]]; then + echo "skipping buildx container in docker stop" + else + echo "Stopping container ${container}" + docker stop ${container} + fi + done fi - docker system prune -af --volumes || : + docker system prune -f --volumes || : + docker image prune -af || : ''' cleanWs() } diff --git a/README.md b/README.md index f73eae5..e30016f 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,24 @@ +<<<<<<< HEAD +======= +due to the recent purge of Hosters by plex, this fork adds wireguard functionallity to the plex container as a quick workaround. all traffic gets tunneled. + +wireguard onfig file has to be mounted in /etc/wireguard/wg0.conf. e.g.: +``` + volumes: + - ./wg0.conf:/etc/wireguard/wg0.conf +``` + + + + +>>>>>>> 72bdfaa (Update README.md) [![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)](https://linuxserver.io) [![Blog](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Blog)](https://blog.linuxserver.io "all the things you can do with our containers including How-To guides, opinions and much more!") -[![Discord](https://img.shields.io/discord/354974912613449730.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Discord&logo=discord)](https://discord.gg/YWrKVTn "realtime support / chat with the community and the team.") +[![Discord](https://img.shields.io/discord/354974912613449730.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Discord&logo=discord)](https://linuxserver.io/discord "realtime support / chat with the community and the team.") [![Discourse](https://img.shields.io/discourse/https/discourse.linuxserver.io/topics.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=discourse)](https://discourse.linuxserver.io "post on our community forum.") -[![Fleet](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Fleet)](https://fleet.linuxserver.io "an online web interface which displays all of our maintained images.") [![GitHub](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub&logo=github)](https://github.com/linuxserver "view the source for all of our repositories.") [![Open Collective](https://img.shields.io/opencollective/all/linuxserver.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Supporters&logo=open%20collective)](https://opencollective.com/linuxserver "please consider helping us by either donating or contributing to our budget") @@ -20,9 +33,8 @@ The [LinuxServer.io](https://linuxserver.io) team brings you another container r Find us at: * [Blog](https://blog.linuxserver.io) - all the things you can do with our containers including How-To guides, opinions and much more! -* [Discord](https://discord.gg/YWrKVTn) - realtime support / chat with the community and the team. +* [Discord](https://linuxserver.io/discord) - realtime support / chat with the community and the team. * [Discourse](https://discourse.linuxserver.io) - post on our community forum. -* [Fleet](https://fleet.linuxserver.io) - an online web interface which displays all of our maintained images. * [GitHub](https://github.com/linuxserver) - view the source for all of our repositories. * [Open Collective](https://opencollective.com/linuxserver) - please consider helping us by either donating or contributing to our budget @@ -55,19 +67,21 @@ The architectures supported by this image are: | :----: | :----: | ---- | | x86-64 | ✅ | amd64-\ | | arm64 | ✅ | arm64v8-\ | -| armhf | ❌ | | ## Application Setup Webui can be found at `:32400/web` -**note**: If there is no value set for the VERSION variable, then no updates will take place. +>[!NOTE] +>If there is no value set for the VERSION variable, then no updates will take place. -**note**: For new users, no updates will take place on the first run of the container as there is no preferences file to read your token from, to update restart the Docker container after logging in through the webui. +>[!NOTE] +>For new users, no updates will take place on the first run of the container as there is no preferences file to read your token from, to update restart the Docker container after logging in through the webui. Valid settings for VERSION are:- -**info**: YOU CANNOT UPDATE TO A PLEXPASS ONLY (BETA) VERSION IF YOU ARE NOT LOGGED IN WITH A PLEXPASS ACCOUNT. +>[!NOTE] +>YOU CANNOT UPDATE TO A PLEXPASS ONLY (BETA) VERSION IF YOU ARE NOT LOGGED IN WITH A PLEXPASS ACCOUNT. + **`docker`**: Let Docker handle the Plex Version, we keep our Dockerhub Endpoint up to date with the latest public builds. This is the same as leaving this setting out of your create command. + **`latest`**: will update plex to the latest version available that you are entitled to. @@ -99,10 +113,31 @@ We automatically add the necessary environment variable that will utilise all th Best effort is made to install tools to allow mounting in /dev/dri on Arm devices. In most cases if /dev/dri exists on the host it should just work. If running a Raspberry Pi 4 be sure to enable `dtoverlay=vc4-fkms-v3d` in your usercfg.txt. +## Read-Only Operation + +This image can be run with a read-only container filesystem. For details please [read the docs](https://docs.linuxserver.io/misc/read-only/). + +### Caveats + +* Runtime update of Plex (and thus Plexpass builds) is not supported. +* Transcode directory must be mounted to a host path or tmpfs. + +## Non-Root Operation + +This image can be run with a non-root user. For details please [read the docs](https://docs.linuxserver.io/misc/non-root/). + +### Caveats + +* Runtime update of Plex (and thus Plexpass builds) is not supported. +* Transcode directory must be mounted to a host path or tmpfs. + ## Usage To help you get started creating a container from this image you can either use docker-compose or the docker cli. +>[!NOTE] +>Unless a parameter is flagged as 'optional', it is *mandatory* and a value must be provided. + ### docker-compose (recommended, [click here for more info](https://docs.linuxserver.io/general/docker-compose)) ```yaml @@ -158,6 +193,8 @@ Containers are configured using parameters passed at runtime (such as those abov | `-v /config` | Plex library location. *This can grow very large, 50gb+ is likely for a large collection.* | | `-v /tv` | Media goes here. Add as many as needed e.g. `/movies`, `/tv`, etc. | | `-v /movies` | Media goes here. Add as many as needed e.g. `/movies`, `/tv`, etc. | +| `--read-only=true` | Run container with a read-only filesystem. Please [read the docs](https://docs.linuxserver.io/misc/read-only/). | +| `--user=1000:1000` | Run container with a non-root user. Please [read the docs](https://docs.linuxserver.io/misc/non-root/). | ## Environment variables from files (Docker secrets) @@ -322,7 +359,8 @@ Below are the instructions for updating containers: ### Image Update Notifications - Diun (Docker Image Update Notifier) -**tip**: We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported. +>[!TIP] +>We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported. ## Building locally @@ -337,16 +375,19 @@ docker build \ -t lscr.io/linuxserver/plex:latest . ``` -The ARM variants can be built on x86_64 hardware using `multiarch/qemu-user-static` +The ARM variants can be built on x86_64 hardware and vice versa using `lscr.io/linuxserver/qemu-static` ```bash -docker run --rm --privileged multiarch/qemu-user-static:register --reset +docker run --rm --privileged lscr.io/linuxserver/qemu-static --reset ``` Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64`. ## Versions +* **15.03.26:** - Allow TMPDIR to be changed to better support read-only containers +* **15.03.26:** - Fix initial claim setup on non-root containers +* **04.11.24:** - Add Nvidia capability needed for h265 * **18.07.24:** - Rebase to Ubuntu Noble. * **12.02.24:** - Use universal hardware acceleration blurb * **09.01.24:** - Set ownership on TranscoderTempDirectory when it's been saved in Preferences. diff --git a/package_versions.txt b/package_versions.txt index a8a3141..d36b5b4 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -1,147 +1,148 @@ NAME VERSION TYPE adduser 3.137ubuntu1 deb -apt 2.7.14build2 deb -apt-utils 2.7.14build2 deb -base-files 13ubuntu10 deb +apt 2.8.3 deb +apt-utils 2.8.3 deb +base-files 13ubuntu10.4 deb base-passwd 3.6.3build1 deb bash 5.2.21-2ubuntu4 deb -bsdutils 1:2.39.3-9ubuntu6 deb +bsdutils 1:2.39.3-9ubuntu6.5 deb ca-certificates 20240203 deb catatonit 0.1.7-1 deb -coreutils 9.4-3ubuntu6 deb +coreutils 9.4-3ubuntu6.2 deb cron 3.0pl1-184ubuntu2 deb cron-daemon-common 3.0pl1-184ubuntu2 deb -curl 8.5.0-2ubuntu10.2 deb +curl 8.5.0-2ubuntu10.8 deb dash 0.5.12-6ubuntu5 deb debconf 1.5.86ubuntu1 deb debianutils 5.17build1 deb diffutils 1:3.10-1build1 deb -dirmngr 2.4.4-2ubuntu17 deb -dpkg 1.22.6ubuntu6.1 deb -e2fsprogs 1.47.0-2.4~exp1ubuntu4 deb +dirmngr 2.4.4-2ubuntu17.4 deb +dpkg 1.22.6ubuntu6.5 deb +e2fsprogs 1.47.0-2.4~exp1ubuntu4.1 deb findutils 4.9.0-5build1 deb -gcc-14-base 14-20240412-0ubuntu1 deb -gnupg 2.4.4-2ubuntu17 deb -gnupg-l10n 2.4.4-2ubuntu17 deb -gnupg-utils 2.4.4-2ubuntu17 deb -gpg 2.4.4-2ubuntu17 deb -gpg-agent 2.4.4-2ubuntu17 deb -gpg-wks-client 2.4.4-2ubuntu17 deb -gpgconf 2.4.4-2ubuntu17 deb -gpgsm 2.4.4-2ubuntu17 deb -gpgv 2.4.4-2ubuntu17 deb +gcc-14-base 14.2.0-4ubuntu2~24.04.1 deb +gnupg 2.4.4-2ubuntu17.4 deb +gnupg-l10n 2.4.4-2ubuntu17.4 deb +gnupg-utils 2.4.4-2ubuntu17.4 deb +gpg 2.4.4-2ubuntu17.4 deb +gpg-agent 2.4.4-2ubuntu17.4 deb +gpg-wks-client 2.4.4-2ubuntu17.4 deb +gpgconf 2.4.4-2ubuntu17.4 deb +gpgsm 2.4.4-2ubuntu17.4 deb +gpgv 2.4.4-2ubuntu17.4 deb grep 3.11-4build1 deb -gzip 1.12-1ubuntu3 deb +gzip 1.12-1ubuntu3.1 deb hostname 3.23+nmu2ubuntu2 deb init-system-helpers 1.66ubuntu1 deb -jq 1.7.1-3build1 deb -keyboxd 2.4.4-2ubuntu17 deb -krb5-locales 1.20.1-6ubuntu2.1 deb -libacl1 2.3.2-1build1 deb -libapt-pkg6.0t64 2.7.14build2 deb +jq 1.7.1-3ubuntu0.24.04.2 deb +keyboxd 2.4.4-2ubuntu17.4 deb +krb5-locales 1.20.1-6ubuntu2.6 deb +libacl1 2.3.2-1build1.1 deb +libapt-pkg6.0t64 2.8.3 deb libassuan0 2.5.6-1build1 deb -libattr1 1:2.5.2-1build1 deb -libaudit-common 1:3.1.2-2.1build1 deb -libaudit1 1:3.1.2-2.1build1 deb -libblkid1 2.39.3-9ubuntu6 deb +libattr1 1:2.5.2-1build1.1 deb +libaudit-common 1:3.1.2-2.1build1.1 deb +libaudit1 1:3.1.2-2.1build1.1 deb +libblkid1 2.39.3-9ubuntu6.5 deb libbrotli1 1.1.0-2build2 deb -libbsd0 0.12.1-1build1 deb -libbz2-1.0 1.0.8-5.1 deb -libc-bin 2.39-0ubuntu8.2 deb -libc6 2.39-0ubuntu8.2 deb +libbsd0 0.12.1-1build1.1 deb +libbz2-1.0 1.0.8-5.1build0.1 deb +libc-bin 2.39-0ubuntu8.7 deb +libc6 2.39-0ubuntu8.7 deb libcap-ng0 0.8.4-2build2 deb -libcap2 1:2.66-5ubuntu2 deb -libcom-err2 1.47.0-2.4~exp1ubuntu4 deb +libcap2 1:2.66-5ubuntu2.4 deb +libcom-err2 1.47.0-2.4~exp1ubuntu4.1 deb libcrypt1 1:4.4.36-4build1 deb -libcurl4t64 8.5.0-2ubuntu10.2 deb +libcurl4t64 8.5.0-2ubuntu10.8 deb libdb5.3t64 5.3.28+dfsg2-7 deb libdebconfclient0 0.271ubuntu3 deb -libext2fs2t64 1.47.0-2.4~exp1ubuntu4 deb +libext2fs2t64 1.47.0-2.4~exp1ubuntu4.1 deb libffi8 3.4.6-1build1 deb -libgcc-s1 14-20240412-0ubuntu1 deb +libgcc-s1 14.2.0-4ubuntu2~24.04.1 deb libgcrypt20 1.10.3-2build1 deb -libgmp10 2:6.3.0+dfsg-2ubuntu6 deb -libgnutls30t64 3.8.3-1.1ubuntu3.1 deb -libgpg-error0 1.47-3build2 deb -libgssapi-krb5-2 1.20.1-6ubuntu2.1 deb -libhogweed6t64 3.9.1-2.2build1 deb -libidn2-0 2.3.7-2build1 deb -libjq1 1.7.1-3build1 deb -libk5crypto3 1.20.1-6ubuntu2.1 deb +libgmp10 2:6.3.0+dfsg-2ubuntu6.1 deb +libgnutls30t64 3.8.3-1.1ubuntu3.5 deb +libgpg-error0 1.47-3build2.1 deb +libgssapi-krb5-2 1.20.1-6ubuntu2.6 deb +libhogweed6t64 3.9.1-2.2build1.1 deb +libidn2-0 2.3.7-2build1.1 deb +libjq1 1.7.1-3ubuntu0.24.04.2 deb +libk5crypto3 1.20.1-6ubuntu2.6 deb libkeyutils1 1.6.3-3build1 deb -libkmod2 31+20240202-2ubuntu7 deb -libkrb5-3 1.20.1-6ubuntu2.1 deb -libkrb5support0 1.20.1-6ubuntu2.1 deb +libkmod2 31+20240202-2ubuntu7.2 deb +libkrb5-3 1.20.1-6ubuntu2.6 deb +libkrb5support0 1.20.1-6ubuntu2.6 deb libksba8 1.6.6-1build1 deb -libldap-common 2.6.7+dfsg-1~exp1ubuntu8 deb -libldap2 2.6.7+dfsg-1~exp1ubuntu8 deb -liblz4-1 1.9.4-1build1 deb -liblzma5 5.6.1+really5.4.5-1 deb -libmd0 1.1.0-2build1 deb -libmount1 2.39.3-9ubuntu6 deb +libldap-common 2.6.10+dfsg-0ubuntu0.24.04.1 deb +libldap2 2.6.10+dfsg-0ubuntu0.24.04.1 deb +liblz4-1 1.9.4-1build1.1 deb +liblzma5 5.6.1+really5.4.5-1ubuntu0.2 deb +libmd0 1.1.0-2build1.1 deb +libmount1 2.39.3-9ubuntu6.5 deb libncursesw6 6.4+20240113-1ubuntu2 deb -libnettle8t64 3.9.1-2.2build1 deb -libnghttp2-14 1.59.0-1ubuntu0.1 deb +libnettle8t64 3.9.1-2.2build1.1 deb +libnghttp2-14 1.59.0-1ubuntu0.2 deb libnpth0t64 1.6-3.1build1 deb libonig5 6.9.9-1build1 deb -libp11-kit0 0.25.3-4ubuntu2 deb -libpam-modules 1.5.3-5ubuntu5.1 deb -libpam-modules-bin 1.5.3-5ubuntu5.1 deb -libpam-runtime 1.5.3-5ubuntu5.1 deb -libpam0g 1.5.3-5ubuntu5.1 deb -libpcre2-8-0 10.42-4ubuntu2 deb -libproc2-0 2:4.0.4-4ubuntu3 deb +libp11-kit0 0.25.3-4ubuntu2.1 deb +libpam-modules 1.5.3-5ubuntu5.5 deb +libpam-modules-bin 1.5.3-5ubuntu5.5 deb +libpam-runtime 1.5.3-5ubuntu5.5 deb +libpam0g 1.5.3-5ubuntu5.5 deb +libpcre2-8-0 10.42-4ubuntu2.1 deb +libproc2-0 2:4.0.4-4ubuntu3.2 deb libpsl5t64 0.21.2-1.1build1 deb libreadline8t64 8.2-4build1 deb librtmp1 2.4+20151223.gitfa8646d.1-2build7 deb -libsasl2-2 2.1.28+dfsg1-5ubuntu3 deb -libsasl2-modules 2.1.28+dfsg1-5ubuntu3 deb -libsasl2-modules-db 2.1.28+dfsg1-5ubuntu3 deb -libseccomp2 2.5.5-1ubuntu3 deb -libselinux1 3.5-2ubuntu2 deb +libsasl2-2 2.1.28+dfsg1-5ubuntu3.1 deb +libsasl2-modules 2.1.28+dfsg1-5ubuntu3.1 deb +libsasl2-modules-db 2.1.28+dfsg1-5ubuntu3.1 deb +libseccomp2 2.5.5-1ubuntu3.1 deb +libselinux1 3.5-2ubuntu2.1 deb libsemanage-common 3.5-1build5 deb libsemanage2 3.5-1build5 deb libsepol2 3.5-2build1 deb -libsmartcols1 2.39.3-9ubuntu6 deb -libsqlite3-0 3.45.1-1ubuntu2 deb -libss2 1.47.0-2.4~exp1ubuntu4 deb -libssh-4 0.10.6-2build2 deb -libssl3t64 3.0.13-0ubuntu3.2 deb -libstdc++6 14-20240412-0ubuntu1 deb -libsystemd0 255.4-1ubuntu8.4 deb -libtasn1-6 4.19.0-3build1 deb +libsmartcols1 2.39.3-9ubuntu6.5 deb +libsqlite3-0 3.45.1-1ubuntu2.5 deb +libss2 1.47.0-2.4~exp1ubuntu4.1 deb +libssh-4 0.10.6-2ubuntu0.4 deb +libssl3t64 3.0.13-0ubuntu3.9 deb +libstdc++6 14.2.0-4ubuntu2~24.04.1 deb +libsystemd0 255.4-1ubuntu8.15 deb +libtasn1-6 4.19.0-3ubuntu0.24.04.2 deb libtinfo6 6.4+20240113-1ubuntu2 deb -libudev1 255.4-1ubuntu8.4 deb -libunistring5 1.1-2build1 deb -libuuid1 2.39.3-9ubuntu6 deb +libudev1 255.4-1ubuntu8.15 deb +libunistring5 1.1-2build1.1 deb +libuuid1 2.39.3-9ubuntu6.5 deb libxxhash0 0.8.2-2build1 deb -libzstd1 1.5.5+dfsg2-2build1 deb -locales 2.39-0ubuntu8.2 deb -login 1:4.13+dfsg1-4ubuntu3 deb -logsave 1.47.0-2.4~exp1ubuntu4 deb +libzstd1 1.5.5+dfsg2-2build1.1 deb +locales 2.39-0ubuntu8.7 deb +login 1:4.13+dfsg1-4ubuntu3.2 deb +logsave 1.47.0-2.4~exp1ubuntu4.1 deb mawk 1.3.4.20240123-1build1 deb -mount 2.39.3-9ubuntu6 deb +mount 2.39.3-9ubuntu6.5 deb ncurses-base 6.4+20240113-1ubuntu2 deb ncurses-bin 6.4+20240113-1ubuntu2 deb netcat-openbsd 1.226-1ubuntu2 deb -openssl 3.0.13-0ubuntu3.2 deb -passwd 1:4.13+dfsg1-4ubuntu3 deb -perl-base 5.38.2-3.2build2 deb +openssl 3.0.13-0ubuntu3.9 deb +passwd 1:4.13+dfsg1-4ubuntu3.2 deb +perl-base 5.38.2-3.2ubuntu0.2 deb pinentry-curses 1.2.1-3ubuntu5 deb -plexmediaserver 1.40.5.8897-e5987a19d deb -procps 2:4.0.4-4ubuntu3 deb +plexmediaserver 1.43.1.10611-1e34174b1 deb +procps 2:4.0.4-4ubuntu3.2 deb publicsuffix 20231001.0357-0.1 deb readline-common 8.2-4build1 deb sed 4.9-2build1 deb sensible-utils 0.0.22 deb -systemd-dev 255.4-1ubuntu8.4 deb -systemd-hwe-hwdb 255.1.3 deb -systemd-standalone-sysusers 255.4-1ubuntu8.4 deb +systemd-dev 255.4-1ubuntu8.15 deb +systemd-hwe-hwdb 255.1.7 deb +systemd-standalone-sysusers 255.4-1ubuntu8.15 deb sysvinit-utils 3.08-6ubuntu3 deb tar 1.35+dfsg-3build1 deb -tzdata 2024a-3ubuntu1.1 deb +tzdata 2026a-0ubuntu0.24.04.1 deb ubuntu-keyring 2023.11.28.1 deb -udev 255.4-1ubuntu8.4 deb -util-linux 2.39.3-9ubuntu6 deb +udev 255.4-1ubuntu8.15 deb +unminimize 0.2.1 deb +util-linux 2.39.3-9ubuntu6.5 deb wget 1.21.4-1ubuntu4.1 deb -zlib1g 1:1.3.dfsg-3.1ubuntu2 deb +zlib1g 1:1.3.dfsg-3.1ubuntu2.1 deb diff --git a/readme-vars.yml b/readme-vars.yml index 43f14de..9f7a516 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -6,6 +6,7 @@ project_url: "https://plex.tv" project_logo: "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/plex-logo.png" project_blurb: "[{{ project_name|capitalize }}]({{ project_url }}) organizes video, music and photos from personal media libraries and streams them to smart TVs, streaming boxes and mobile devices. This container is packaged as a standalone Plex Media Server. Straightforward design and bulk actions mean getting things done faster." project_lsio_github_repo_url: "https://github.com/linuxserver/docker-{{ project_name }}" +project_categories: "Media Servers,Music,Audiobooks" # supported architectures available_architectures: - {arch: "{{ arch_x86_64 }}", tag: "amd64-latest"} @@ -70,10 +71,63 @@ app_setup_block: | + **`latest`**: will update plex to the latest version available that you are entitled to. + **`public`**: will update plexpass users to the latest public version, useful for plexpass users that don't want to be on the bleeding edge but still want the latest public updates. + **``**: will select a specific version (eg 0.9.12.4.1192-9a47d21) of plex to install, note you cannot use this to access plexpass versions if you do not have plexpass. - readme_hwaccel: true +readonly_supported: true +readonly_message: | + * Runtime update of Plex (and thus Plexpass builds) is not supported. + * Transcode directory must be mounted to a host path or tmpfs. +nonroot_supported: true +nonroot_message: | + * Runtime update of Plex (and thus Plexpass builds) is not supported. + * Transcode directory must be mounted to a host path or tmpfs. +# init diagram +init_diagram: | + "plex:latest": { + docker-mods + base { + fix-attr +\nlegacy cont-init + } + docker-mods -> base + legacy-services + custom services + init-services -> legacy-services + init-services -> custom services + custom services -> legacy-services + legacy-services -> ci-service-check + init-migrations -> init-adduser + init-os-end -> init-config + init-config -> init-config-end + init-crontab-config -> init-config-end + init-plex-update -> init-config-end + init-config -> init-crontab-config + init-mods-end -> init-custom-files + init-adduser -> init-device-perms + base -> init-envfile + base -> init-migrations + init-config-end -> init-mods + init-mods-package-install -> init-mods-end + init-mods -> init-mods-package-install + init-adduser -> init-os-end + init-device-perms -> init-os-end + init-envfile -> init-os-end + init-config -> init-plex-chown + init-plex-chown -> init-plex-claim + init-plex-claim -> init-plex-update + init-custom-files -> init-services + init-services -> svc-cron + svc-cron -> legacy-services + init-services -> svc-plex + svc-plex -> legacy-services + } + Base Images: { + "baseimage-ubuntu:noble" + } + "plex:latest" <- Base Images # changelog changelogs: + - {date: "15.03.26:", desc: "Allow TMPDIR to be changed to better support read-only containers"} + - {date: "15.03.26:", desc: "Fix initial claim setup on non-root containers"} + - {date: "04.11.24:", desc: "Add Nvidia capability needed for h265"} - {date: "18.07.24:", desc: "Rebase to Ubuntu Noble."} - {date: "12.02.24:", desc: "Use universal hardware acceleration blurb"} - {date: "09.01.24:", desc: "Set ownership on TranscoderTempDirectory when it's been saved in Preferences."} diff --git a/root/etc/s6-overlay/s6-rc.d/init-plex-chown/run b/root/etc/s6-overlay/s6-rc.d/init-plex-chown/run index e7863da..47b1c1e 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-plex-chown/run +++ b/root/etc/s6-overlay/s6-rc.d/init-plex-chown/run @@ -1,19 +1,18 @@ #!/usr/bin/with-contenv bash # shellcheck shell=bash +# remove plex temporary directory after unclean stop +if [[ -d "${TMPDIR}" ]]; then + rm -rf "${TMPDIR}" +fi +mkdir -p ${TMPDIR} + # create folders if [[ ! -d "${PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR}" ]]; then mkdir -p "${PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR}" - lsiown -R abc:abc /config -fi - -# check Library permissions -PUID=${PUID:-911} -if [[ ! "$(stat -c %u /config/Library)" == "${PUID}" ]]; then - echo "Change in ownership detected, please be patient while we chown existing files" - echo "This could take some time" - lsiown abc:abc -R \ - /config/Library + if [[ -z ${LSIO_NON_ROOT_USER} ]]; then + lsiown -R abc:abc /config + fi fi # remove plex pid after unclean stop @@ -21,19 +20,31 @@ if [[ -f "/config/Library/Application Support/Plex Media Server/plexmediaserver. rm -f "/config/Library/Application Support/Plex Media Server/plexmediaserver.pid" fi -# set permissions on Plex Transcoder Temp Directory -PLEX_MEDIA_SERVER_PREFERENCES="${PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR}/Plex Media Server/Preferences.xml" -if [[ -f "${PLEX_MEDIA_SERVER_PREFERENCES}" ]]; then - TranscoderTempDirectory='\bTranscoderTempDirectory="([^"]+)"' - while IFS= read -r line; do - if [[ ${line} =~ ${TranscoderTempDirectory} ]] && [[ -d "${BASH_REMATCH[1]}" ]]; then - echo "Setting permissions on ${BASH_REMATCH[1]}" - lsiown -R abc:abc "${BASH_REMATCH[1]}" - fi - done <"${PLEX_MEDIA_SERVER_PREFERENCES}" -fi +if [[ -z ${LSIO_NON_ROOT_USER} ]]; then + # check Library permissions + PUID=${PUID:-911} + if [[ ! "$(stat -c %u /config/Library)" == "${PUID}" ]]; then + echo "Change in ownership detected, please be patient while we chown existing files" + echo "This could take some time" + lsiown -R abc:abc \ + /config/Library + fi -# permissions (non-recursive) on config root and folders -lsiown abc:abc \ - /config \ - /config/* + # set permissions on Plex Transcoder Temp Directory + PLEX_MEDIA_SERVER_PREFERENCES="${PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR}/Plex Media Server/Preferences.xml" + if [[ -f "${PLEX_MEDIA_SERVER_PREFERENCES}" ]]; then + TranscoderTempDirectory='\bTranscoderTempDirectory="([^"]+)"' + while IFS= read -r line; do + if [[ ${line} =~ ${TranscoderTempDirectory} ]] && [[ -d "${BASH_REMATCH[1]}" ]]; then + echo "Setting permissions on ${BASH_REMATCH[1]}" + lsiown -R abc:abc "${BASH_REMATCH[1]}" + fi + done <"${PLEX_MEDIA_SERVER_PREFERENCES}" + fi + + # permissions (non-recursive) on config root and folders + lsiown abc:abc \ + "${TMPDIR}" \ + /config \ + /config/* +fi diff --git a/root/etc/s6-overlay/s6-rc.d/init-plex-claim/run b/root/etc/s6-overlay/s6-rc.d/init-plex-claim/run index a94451e..700b1c0 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-plex-claim/run +++ b/root/etc/s6-overlay/s6-rc.d/init-plex-claim/run @@ -19,8 +19,15 @@ if [[ ! -f "${PLEX_MEDIA_SERVER_PREFERENCES}" ]]; then export PLEX_MEDIA_SERVER_INFO_MODEL PLEX_MEDIA_SERVER_INFO_PLATFORM_VERSION=$(uname -r) export PLEX_MEDIA_SERVER_INFO_PLATFORM_VERSION - s6-setuidgid abc /bin/bash -c \ - 'LD_LIBRARY_PATH=/usr/lib/plexmediaserver:/usr/lib/plexmediaserver/lib /usr/lib/plexmediaserver/Plex\ Media\ Server' & + + if [[ -z ${LSIO_NON_ROOT_USER} ]]; then + s6-setuidgid abc /bin/bash -c \ + 'LD_LIBRARY_PATH=/usr/lib/plexmediaserver:/usr/lib/plexmediaserver/lib /usr/lib/plexmediaserver/Plex\ Media\ Server' & + else + /bin/bash -c \ + 'LD_LIBRARY_PATH=/usr/lib/plexmediaserver:/usr/lib/plexmediaserver/lib /usr/lib/plexmediaserver/Plex\ Media\ Server' & + fi + PID=$! echo "Waiting for Plex to generate its config" DBNAME="/config/Library/Application Support/Plex Media Server/Plug-in Support/Databases/com.plexapp.plugins.library.db-wal" diff --git a/root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/run b/root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/run deleted file mode 100755 index cd01d81..0000000 --- a/root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/run +++ /dev/null @@ -1,35 +0,0 @@ -#!/usr/bin/with-contenv bash -# shellcheck shell=bash - -FILES=$(find /dev/dri /dev/dvb -type c -print 2>/dev/null) - -for i in ${FILES}; do - VIDEO_GID=$(stat -c '%g' "${i}") - VIDEO_UID=$(stat -c '%u' "${i}") - # check if user matches device - if id -u abc | grep -qw "${VIDEO_UID}"; then - echo "**** permissions for ${i} are good ****" - else - # check if group matches and that device has group rw - if id -G abc | grep -qw "${VIDEO_GID}" && [[ $(stat -c '%A' "${i}" | cut -b 5,6) == "rw" ]]; then - echo "**** permissions for ${i} are good ****" - # check if device needs to be added to video group - elif ! id -G abc | grep -qw "${VIDEO_GID}"; then - # check if video group needs to be created - VIDEO_NAME=$(getent group "${VIDEO_GID}" | awk -F: '{print $1}') - if [[ -z "${VIDEO_NAME}" ]]; then - VIDEO_NAME="video$(head /dev/urandom | tr -dc 'a-z0-9' | head -c4)" - groupadd "${VIDEO_NAME}" - groupmod -g "${VIDEO_GID}" "${VIDEO_NAME}" - echo "**** creating video group ${VIDEO_NAME} with id ${VIDEO_GID} ****" - fi - echo "**** adding ${i} to video group ${VIDEO_NAME} with id ${VIDEO_GID} ****" - usermod -a -G "${VIDEO_NAME}" abc - fi - # check if device has group rw - if [[ $(stat -c '%A' "${i}" | cut -b 5,6) != "rw" ]]; then - echo -e "**** The device ${i} does not have group read/write permissions, attempting to fix inside the container. ****" - chmod g+rw "${i}" - fi - fi -done diff --git a/root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/type b/root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/type deleted file mode 100644 index 3d92b15..0000000 --- a/root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/type +++ /dev/null @@ -1 +0,0 @@ -oneshot \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/up b/root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/up deleted file mode 100644 index 05f6fde..0000000 --- a/root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/up +++ /dev/null @@ -1 +0,0 @@ -/etc/s6-overlay/s6-rc.d/init-plex-gid-video/run \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/dependencies.d/init-plex-claim b/root/etc/s6-overlay/s6-rc.d/init-plex-update/dependencies.d/init-plex-claim similarity index 100% rename from root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/dependencies.d/init-plex-claim rename to root/etc/s6-overlay/s6-rc.d/init-plex-update/dependencies.d/init-plex-claim diff --git a/root/etc/s6-overlay/s6-rc.d/init-plex-update/run b/root/etc/s6-overlay/s6-rc.d/init-plex-update/run index 33b9968..44bab80 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-plex-update/run +++ b/root/etc/s6-overlay/s6-rc.d/init-plex-update/run @@ -1,6 +1,11 @@ #!/usr/bin/with-contenv bash # shellcheck shell=bash +if [[ -n ${LSIO_READ_ONLY_FS} ]] || [[ -n ${LSIO_NON_ROOT_USER} ]]; then + echo "Runtime update not supported with read-only or non-root operation, skipping." + exit 0 +fi + # If docker manages versioning exit if [[ -n "${VERSION}" ]] && [[ "${VERSION}" == "docker" ]]; then echo "Docker is used for versioning skip update check" diff --git a/root/etc/s6-overlay/s6-rc.d/init-plex-update/dependencies.d/init-plex-gid-video b/root/etc/s6-overlay/s6-rc.d/init-wireguard/dependencies.d/init-services similarity index 100% rename from root/etc/s6-overlay/s6-rc.d/init-plex-update/dependencies.d/init-plex-gid-video rename to root/etc/s6-overlay/s6-rc.d/init-wireguard/dependencies.d/init-services diff --git a/root/etc/s6-overlay/s6-rc.d/init-wireguard/run b/root/etc/s6-overlay/s6-rc.d/init-wireguard/run new file mode 100755 index 0000000..85ad6c3 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-wireguard/run @@ -0,0 +1,14 @@ +#!/usr/bin/with-contenv bash + +# Bring up WireGuard if not already up +if ! ip link show dev wg0 > /dev/null 2>&1; then + wg-quick up wg0 +fi + +# Monitor wireguard status +while true; do + if ! ip link show dev wg0 | grep -q "UP"; then + wg-quick up wg0 + fi + sleep 60 +done diff --git a/root/etc/s6-overlay/s6-rc.d/init-wireguard/type b/root/etc/s6-overlay/s6-rc.d/init-wireguard/type new file mode 100644 index 0000000..5883cff --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-wireguard/type @@ -0,0 +1 @@ +longrun diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-plex-gid-video b/root/etc/s6-overlay/s6-rc.d/init-wireguard/up similarity index 100% rename from root/etc/s6-overlay/s6-rc.d/user/contents.d/init-plex-gid-video rename to root/etc/s6-overlay/s6-rc.d/init-wireguard/up diff --git a/root/etc/s6-overlay/s6-rc.d/svc-plex/dependencies.d/init-wireguard b/root/etc/s6-overlay/s6-rc.d/svc-plex/dependencies.d/init-wireguard new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/svc-plex/run b/root/etc/s6-overlay/s6-rc.d/svc-plex/run index 09fe8df..c029d4d 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-plex/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-plex/run @@ -1,11 +1,20 @@ #!/usr/bin/with-contenv bash # shellcheck shell=bash +# Wait for WireGuard to be up + echo "Starting Plex Media Server. . . (you can ignore the libusb_init error)" PLEX_MEDIA_SERVER_INFO_MODEL=$(uname -m) export PLEX_MEDIA_SERVER_INFO_MODEL PLEX_MEDIA_SERVER_INFO_PLATFORM_VERSION=$(uname -r) export PLEX_MEDIA_SERVER_INFO_PLATFORM_VERSION -exec \ - s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 32400" \ - s6-setuidgid abc "/usr/lib/plexmediaserver/Plex Media Server" + +if [[ -z ${LSIO_NON_ROOT_USER} ]]; then + exec \ + s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 32400" \ + s6-setuidgid abc "/usr/lib/plexmediaserver/Plex Media Server" +else + exec \ + s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 32400" \ + "/usr/lib/plexmediaserver/Plex Media Server" +fi diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-wireguard b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-wireguard new file mode 100644 index 0000000..e69de29