Docker/baseimage-docker
1
0
Fork 1
mirror of https://github.com/phusion/baseimage-docker.git synced 2026-03-26 04:18:46 +00:00
Code Issues Releases Wiki Activity

Compare commits

merge into: Docker:copilot/create-gh-releases-for-images
Branches Tags
Docker:master Docker:copilot/fix-gh-release-403-error Docker:copilot/create-gh-releases-for-images Docker:gh-pages
Docker:noble-1.0.2 Docker:noble-1.0.1 Docker:noble-1.0.0 Docker:jammy-1.0.4 Docker:jammy-1.0.3 Docker:jammy-1.0.2 Docker:jammy-1.0.1 Docker:dev-jammy-1.1.0 Docker:jammy-1.0.0 Docker:focal-1.2.0 Docker:focal-1.0.0 Docker:focal-1.0.0-alpha1 Docker:focal-1.0.0alpha1 Docker:18.04-1.0.0 Docker:bionic-1.0.0 Docker:0.11 Docker:0.10.2 Docker:0.9.19-armhf Docker:0.10.1 Docker:0.10.0 Docker:0.9.22 Docker:0.9.21 Docker:0.9.20 Docker:rel-0.9.19 Docker:rel-0.9.18 Docker:rel-0.9.17 Docker:rel-0.9.16 Docker:rel-0.9.15 Docker:rel-0.9.14 Docker:rel-0.9.13 Docker:rel-0.9.12 Docker:rel-0.9.11 Docker:rel-0.9.10 Docker:rel-0.9.9 Docker:rel-0.9.8 Docker:rel-0.9.7 Docker:rel-0.9.6 Docker:rel-0.9.5 Docker:rel-0.9.4 Docker:rel-0.9.3 Docker:rel-0.9.2 Docker:rel-0.9.1 Docker:rel-0.9.0
...
pull from: Docker:copilot/fix-gh-release-403-error
Branches Tags
Docker:master Docker:copilot/fix-gh-release-403-error Docker:copilot/create-gh-releases-for-images Docker:gh-pages
Docker:noble-1.0.2 Docker:noble-1.0.1 Docker:noble-1.0.0 Docker:jammy-1.0.4 Docker:jammy-1.0.3 Docker:jammy-1.0.2 Docker:jammy-1.0.1 Docker:dev-jammy-1.1.0 Docker:jammy-1.0.0 Docker:focal-1.2.0 Docker:focal-1.0.0 Docker:focal-1.0.0-alpha1 Docker:focal-1.0.0alpha1 Docker:18.04-1.0.0 Docker:bionic-1.0.0 Docker:0.11 Docker:0.10.2 Docker:0.9.19-armhf Docker:0.10.1 Docker:0.10.0 Docker:0.9.22 Docker:0.9.21 Docker:0.9.20 Docker:rel-0.9.19 Docker:rel-0.9.18 Docker:rel-0.9.17 Docker:rel-0.9.16 Docker:rel-0.9.15 Docker:rel-0.9.14 Docker:rel-0.9.13 Docker:rel-0.9.12 Docker:rel-0.9.11 Docker:rel-0.9.10 Docker:rel-0.9.9 Docker:rel-0.9.8 Docker:rel-0.9.7 Docker:rel-0.9.6 Docker:rel-0.9.5 Docker:rel-0.9.4 Docker:rel-0.9.3 Docker:rel-0.9.2 Docker:rel-0.9.1 Docker:rel-0.9.0

3 Commits
copilot/cr ... copilot/fi

Author SHA1 Message Date
copilot-swe-agent[bot]
012fe6b1fc Fix HTTP 403 when creating GitHub releases by adding workflow-level permissions 
Co-authored-by: samip5 <1703002+samip5@users.noreply.github.com>
 2026-02-27 13:55:50 +00:00
copilot-swe-agent[bot]
abf78de0f2 Initial plan 2026-02-27 13:49:54 +00:00
Copilot
c662980686 Add GitHub releases with patch version bumps for scheduled security builds (#653) 
- scheduled-build.yml: Create GitHub release after each weekly security
  rebuild with date-stamped tag (e.g. noble-1.0.2-security.20260227)
- scheduled-build.yml: Add date-stamped Docker image tags alongside
  existing version and codename tags
- scheduled-build.yml: Bump permissions to contents:write for release
  creation
- scheduled-build.yml: Exclude security-tagged releases from base
  version lookup to prevent nested tags
- main.yml: Update docker/build-push-action from v5 to v6
- scheduled-build.yml: Update docker/build-push-action from v5 to v6
- stale.yml: Remove deprecated repo-token parameter

Co-authored-by: samip5 <1703002+samip5@users.noreply.github.com>

* Replace security date tags with patch version bumps in scheduled builds

The scheduled weekly security build now bumps the patch version
(e.g. noble-1.0.2 -> noble-1.0.3) instead of appending
-security.YYYYMMDD. Each rebuild creates a proper GitHub release
with the new patch tag and pushes Docker images accordingly.

Co-authored-by: samip5 <1703002+samip5@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: samip5 <1703002+samip5@users.noreply.github.com>
 2026-02-27 15:27:06 +02:00
3 changed files with 44 additions and 10 deletions
Expand all files Collapse all files

7
.github/workflows/main.yml vendored
View File

@@ -4,6 +4,11 @@ on:
workflow_dispatch: workflow_dispatch:
release: release:
types: [published] types: [published]
permissions:
contents: read
packages: write
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@@ -76,7 +81,7 @@ jobs:
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and Push - name: Build and Push
uses: docker/build-push-action@v5 uses: docker/build-push-action@v6
with: with:
builder: ${{ steps.buildx.outputs.name }} builder: ${{ steps.buildx.outputs.name }}
context: image context: image

46
.github/workflows/scheduled-build.yml vendored
View File

@@ -5,11 +5,15 @@ on:
- cron: '0 2 * * 0' # Every Sunday at 02:00 UTC - cron: '0 2 * * 0' # Every Sunday at 02:00 UTC
workflow_dispatch: workflow_dispatch:
permissions:
contents: write
packages: write
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read contents: write
packages: write packages: write
strategy: strategy:
fail-fast: false fail-fast: false
@@ -20,7 +24,7 @@ jobs:
- ubuntu_codename: jammy - ubuntu_codename: jammy
base_image: ubuntu:22.04 base_image: ubuntu:22.04
steps: steps:
- name: Get latest release tag for this LTS track - name: Get latest release tag and compute next patch version
id: release id: release
run: | run: |
LATEST_TAG=$(gh release list \ LATEST_TAG=$(gh release list \
@@ -33,24 +37,34 @@ jobs:
echo "No release found for ${{ matrix.ubuntu_codename }} track" >&2 echo "No release found for ${{ matrix.ubuntu_codename }} track" >&2
exit 1 exit 1
fi fi
echo "tag=${LATEST_TAG}" >> $GITHUB_OUTPUT # Extract version and bump patch: noble-1.0.2 -> noble-1.0.3
if ! echo "${LATEST_TAG}" | grep -qE '^[a-z]+-[0-9]+\.[0-9]+\.[0-9]+$'; then
echo "Tag '${LATEST_TAG}' does not match expected format <codename>-<major>.<minor>.<patch>" >&2
exit 1
fi
PREFIX="${LATEST_TAG%.*}" # noble-1.0
PATCH="${LATEST_TAG##*.}" # 2
NEXT_PATCH=$((PATCH + 1))
NEXT_TAG="${PREFIX}.${NEXT_PATCH}" # noble-1.0.3
echo "current_tag=${LATEST_TAG}" >> $GITHUB_OUTPUT
echo "next_tag=${NEXT_TAG}" >> $GITHUB_OUTPUT
env: env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout release tag - name: Checkout release tag
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
ref: ${{ steps.release.outputs.tag }} ref: ${{ steps.release.outputs.current_tag }}
- name: Prepare - name: Prepare
id: prep id: prep
run: | run: |
DOCKER_IMAGE=phusion/baseimage DOCKER_IMAGE=phusion/baseimage
RELEASE_TAG=${{ steps.release.outputs.tag }} NEXT_TAG=${{ steps.release.outputs.next_tag }}
PLATFORMS=amd64,arm,arm64 PLATFORMS=amd64,arm,arm64
TAGS="${DOCKER_IMAGE}:${RELEASE_TAG}" TAGS="${DOCKER_IMAGE}:${NEXT_TAG}"
TAGS="${TAGS}, ${DOCKER_IMAGE}:${{ matrix.ubuntu_codename }}" TAGS="${TAGS}, ${DOCKER_IMAGE}:${{ matrix.ubuntu_codename }}"
TAGS="${TAGS}, ghcr.io/${{ github.repository_owner }}/baseimage:${RELEASE_TAG}" TAGS="${TAGS}, ghcr.io/${{ github.repository_owner }}/baseimage:${NEXT_TAG}"
TAGS="${TAGS}, ghcr.io/${{ github.repository_owner }}/baseimage:${{ matrix.ubuntu_codename }}" TAGS="${TAGS}, ghcr.io/${{ github.repository_owner }}/baseimage:${{ matrix.ubuntu_codename }}"
echo "tags=${TAGS}" >> $GITHUB_OUTPUT echo "tags=${TAGS}" >> $GITHUB_OUTPUT
echo "platforms=${PLATFORMS}" >> $GITHUB_OUTPUT echo "platforms=${PLATFORMS}" >> $GITHUB_OUTPUT
@@ -81,7 +95,7 @@ jobs:
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and Push - name: Build and Push
uses: docker/build-push-action@v5 uses: docker/build-push-action@v6
with: with:
context: image context: image
platforms: ${{ steps.prep.outputs.platforms }} platforms: ${{ steps.prep.outputs.platforms }}
@@ -89,3 +103,19 @@ jobs:
tags: ${{ steps.prep.outputs.tags }} tags: ${{ steps.prep.outputs.tags }}
build-args: BASE_IMAGE=${{ matrix.base_image }} build-args: BASE_IMAGE=${{ matrix.base_image }}
no-cache: true no-cache: true
- name: Create GitHub Release
run: |
gh release create "${{ steps.release.outputs.next_tag }}" \
--repo "${{ github.repository }}" \
--target "${{ steps.release.outputs.current_tag }}" \
--title "${{ steps.release.outputs.next_tag }}" \
--notes "Automated weekly security rebuild of \`${{ steps.release.outputs.current_tag }}\` with latest \`${{ matrix.base_image }}\` packages.
Images pushed:
- \`phusion/baseimage:${{ steps.release.outputs.next_tag }}\`
- \`phusion/baseimage:${{ matrix.ubuntu_codename }}\`
- \`ghcr.io/${{ github.repository_owner }}/baseimage:${{ steps.release.outputs.next_tag }}\`
- \`ghcr.io/${{ github.repository_owner }}/baseimage:${{ matrix.ubuntu_codename }}\`"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

1
.github/workflows/stale.yml vendored
View File

@@ -9,7 +9,6 @@ jobs:
steps: steps:
- uses: actions/stale@v9 - uses: actions/stale@v9
with: with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-issue-message: 'This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.' stale-issue-message: 'This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.'
stale-pr-message: 'This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thank you for your contribution.' stale-pr-message: 'This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thank you for your contribution.'
close-issue-message: 'Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.' close-issue-message: 'Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.'