diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 00000000..14a11226 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,3 @@ +/*/**/Dockerfile linguist-generated +/*/**/docker-entrypoint.sh linguist-generated +/Dockerfile*.template linguist-language=Dockerfile diff --git a/.github/workflows/verify-templating.yml b/.github/workflows/verify-templating.yml new file mode 100644 index 00000000..7e833f1c --- /dev/null +++ b/.github/workflows/verify-templating.yml @@ -0,0 +1,22 @@ +name: Verify Templating + +on: + pull_request: + push: + +defaults: + run: + shell: 'bash -Eeuo pipefail -x {0}' + +jobs: + apply-templates: + name: Check For Uncomitted Changes + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Apply Templates + run: ./apply-templates.sh + - name: Check Git Status + run: | + status="$(git status --short)" + [ -z "$status" ] diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..d548f66d --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.jq-template.awk diff --git a/3.8-rc/alpine/Dockerfile b/3.8-rc/alpine/Dockerfile index c31b7347..918c29e7 100644 --- a/3.8-rc/alpine/Dockerfile +++ b/3.8-rc/alpine/Dockerfile @@ -1,3 +1,9 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + # Alpine Linux is not officially supported by the RabbitMQ team -- use at your own risk! FROM alpine:3.12 @@ -15,13 +21,11 @@ ARG PGP_KEYSERVER=ha.pool.sks-keyservers.net # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.8 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.8/ubuntu # For context, see https://github.com/docker-library/official-images/issues/4252 -# Using the latest OpenSSL LTS release, with support until September 2023 - https://www.openssl.org/source/ ENV OPENSSL_VERSION 1.1.1i ENV OPENSSL_SOURCE_SHA256="e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242" # https://www.openssl.org/community/omc.html ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0x5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33 0xED230BEC4D4F2518B9D7DF41F0DB4D21C1D35231 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D" -# Use the latest stable Erlang/OTP release (https://github.com/erlang/otp/tags) ENV OTP_VERSION 23.2.1 # TODO add PGP checking when the feature will be added to Erlang/OTP's build system # http://erlang.org/pipermail/erlang-questions/2019-January/097067.html diff --git a/3.8-rc/alpine/management/Dockerfile b/3.8-rc/alpine/management/Dockerfile index f0b66308..73e53cfd 100644 --- a/3.8-rc/alpine/management/Dockerfile +++ b/3.8-rc/alpine/management/Dockerfile @@ -1,3 +1,9 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM rabbitmq:3.8-rc-alpine RUN rabbitmq-plugins enable --offline rabbitmq_management diff --git a/3.8-rc/ubuntu/Dockerfile b/3.8-rc/ubuntu/Dockerfile index 9633519e..6986d137 100644 --- a/3.8-rc/ubuntu/Dockerfile +++ b/3.8-rc/ubuntu/Dockerfile @@ -1,3 +1,9 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + # The official Canonical Ubuntu Bionic image is ideal from a security perspective, # especially for the enterprises that we, the RabbitMQ team, have to deal with FROM ubuntu:18.04 @@ -18,13 +24,11 @@ ARG PGP_KEYSERVER=ha.pool.sks-keyservers.net # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.8 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.8/ubuntu # For context, see https://github.com/docker-library/official-images/issues/4252 -# Using the latest OpenSSL LTS release, with support until September 2023 - https://www.openssl.org/source/ ENV OPENSSL_VERSION 1.1.1i ENV OPENSSL_SOURCE_SHA256="e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242" # https://www.openssl.org/community/omc.html ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0x5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33 0xED230BEC4D4F2518B9D7DF41F0DB4D21C1D35231 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D" -# Use the latest stable Erlang/OTP release (https://github.com/erlang/otp/tags) ENV OTP_VERSION 23.2.1 # TODO add PGP checking when the feature will be added to Erlang/OTP's build system # http://erlang.org/pipermail/erlang-questions/2019-January/097067.html diff --git a/3.8-rc/ubuntu/management/Dockerfile b/3.8-rc/ubuntu/management/Dockerfile index 201bd4b1..cd99f5ae 100644 --- a/3.8-rc/ubuntu/management/Dockerfile +++ b/3.8-rc/ubuntu/management/Dockerfile @@ -1,3 +1,9 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM rabbitmq:3.8-rc RUN rabbitmq-plugins enable --offline rabbitmq_management @@ -24,7 +30,9 @@ RUN set -eux; \ ' -- /plugins/rabbitmq_management-*.ez > /usr/local/bin/rabbitmqadmin; \ [ -s /usr/local/bin/rabbitmqadmin ]; \ chmod +x /usr/local/bin/rabbitmqadmin; \ - apt-get update; apt-get install -y --no-install-recommends python3; rm -rf /var/lib/apt/lists/*; \ + apt-get update; \ + apt-get install -y --no-install-recommends python3; \ + rm -rf /var/lib/apt/lists/*; \ rabbitmqadmin --version EXPOSE 15671 15672 diff --git a/3.8/alpine/Dockerfile b/3.8/alpine/Dockerfile index 9c199c01..7b39a17b 100644 --- a/3.8/alpine/Dockerfile +++ b/3.8/alpine/Dockerfile @@ -1,3 +1,9 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + # Alpine Linux is not officially supported by the RabbitMQ team -- use at your own risk! FROM alpine:3.12 @@ -15,13 +21,11 @@ ARG PGP_KEYSERVER=ha.pool.sks-keyservers.net # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.8 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.8/ubuntu # For context, see https://github.com/docker-library/official-images/issues/4252 -# Using the latest OpenSSL LTS release, with support until September 2023 - https://www.openssl.org/source/ ENV OPENSSL_VERSION 1.1.1i ENV OPENSSL_SOURCE_SHA256="e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242" # https://www.openssl.org/community/omc.html ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0x5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33 0xED230BEC4D4F2518B9D7DF41F0DB4D21C1D35231 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D" -# Use the latest stable Erlang/OTP release (https://github.com/erlang/otp/tags) ENV OTP_VERSION 23.2.1 # TODO add PGP checking when the feature will be added to Erlang/OTP's build system # http://erlang.org/pipermail/erlang-questions/2019-January/097067.html diff --git a/3.8/alpine/management/Dockerfile b/3.8/alpine/management/Dockerfile index 40d77e11..44ef60be 100644 --- a/3.8/alpine/management/Dockerfile +++ b/3.8/alpine/management/Dockerfile @@ -1,3 +1,9 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM rabbitmq:3.8-alpine RUN rabbitmq-plugins enable --offline rabbitmq_management diff --git a/3.8/ubuntu/Dockerfile b/3.8/ubuntu/Dockerfile index 178a4dbb..85850179 100644 --- a/3.8/ubuntu/Dockerfile +++ b/3.8/ubuntu/Dockerfile @@ -1,3 +1,9 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + # The official Canonical Ubuntu Bionic image is ideal from a security perspective, # especially for the enterprises that we, the RabbitMQ team, have to deal with FROM ubuntu:18.04 @@ -18,13 +24,11 @@ ARG PGP_KEYSERVER=ha.pool.sks-keyservers.net # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.8 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.8/ubuntu # For context, see https://github.com/docker-library/official-images/issues/4252 -# Using the latest OpenSSL LTS release, with support until September 2023 - https://www.openssl.org/source/ ENV OPENSSL_VERSION 1.1.1i ENV OPENSSL_SOURCE_SHA256="e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242" # https://www.openssl.org/community/omc.html ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0x5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33 0xED230BEC4D4F2518B9D7DF41F0DB4D21C1D35231 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D" -# Use the latest stable Erlang/OTP release (https://github.com/erlang/otp/tags) ENV OTP_VERSION 23.2.1 # TODO add PGP checking when the feature will be added to Erlang/OTP's build system # http://erlang.org/pipermail/erlang-questions/2019-January/097067.html diff --git a/3.8/ubuntu/management/Dockerfile b/3.8/ubuntu/management/Dockerfile index e66d8ee5..e1a3aea9 100644 --- a/3.8/ubuntu/management/Dockerfile +++ b/3.8/ubuntu/management/Dockerfile @@ -1,3 +1,9 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM rabbitmq:3.8 RUN rabbitmq-plugins enable --offline rabbitmq_management @@ -24,7 +30,9 @@ RUN set -eux; \ ' -- /plugins/rabbitmq_management-*.ez > /usr/local/bin/rabbitmqadmin; \ [ -s /usr/local/bin/rabbitmqadmin ]; \ chmod +x /usr/local/bin/rabbitmqadmin; \ - apt-get update; apt-get install -y --no-install-recommends python3; rm -rf /var/lib/apt/lists/*; \ + apt-get update; \ + apt-get install -y --no-install-recommends python3; \ + rm -rf /var/lib/apt/lists/*; \ rabbitmqadmin --version EXPOSE 15671 15672 diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 71887c77..8e0d20a0 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -15,17 +15,37 @@ ARG PGP_KEYSERVER=ha.pool.sks-keyservers.net # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.8 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.8/ubuntu # For context, see https://github.com/docker-library/official-images/issues/4252 -# Using the latest OpenSSL LTS release, with support until September 2023 - https://www.openssl.org/source/ -ENV OPENSSL_VERSION %%OPENSSL_VERSION%% -ENV OPENSSL_SOURCE_SHA256="%%OPENSSL_SOURCE_SHA256%%" +ENV OPENSSL_VERSION {{ .openssl.version }} +ENV OPENSSL_SOURCE_SHA256="{{ .openssl.sha256 }}" # https://www.openssl.org/community/omc.html -ENV OPENSSL_PGP_KEY_IDS="%%OPENSSL_PGP_KEY_IDS%%" +ENV OPENSSL_PGP_KEY_IDS="{{ +[ + # Matt Caswell + "8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491", -# Use the latest stable Erlang/OTP release (https://github.com/erlang/otp/tags) -ENV OTP_VERSION %%OTP_VERSION%% + # Mark J. Cox + "5B25 45DA B219 95F4 088C EFAA 36CE E4DE B00C FE33", + + # Paul Dale + "ED23 0BEC 4D4F 2518 B9D7 DF41 F0DB 4D21 C1D3 5231", + + # Tim Hudson + "C1F3 3DD8 CE1D 4CC6 13AF 14DA 9195 C482 41FB F7DD", + + # Richard Levitte + "7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C", + + # Kurt Roeckx + "E5E5 2560 DD91 C556 DDBD A5D0 2064 C536 41C2 5E5D" +] +# TODO auto-generate / scrape this list from the canonical upstream source instead (check the signature file and add an entry in the .openssl object with just the one signature that we expect to have signed this release, after cross-referencing the official OMC list?) +| map("0x" + gsub(" "; "")) | join(" ") +}}" + +ENV OTP_VERSION {{ .otp.version }} # TODO add PGP checking when the feature will be added to Erlang/OTP's build system # http://erlang.org/pipermail/erlang-questions/2019-January/097067.html -ENV OTP_SOURCE_SHA256="%%OTP_SOURCE_SHA256%%" +ENV OTP_SOURCE_SHA256="{{ .otp.sha256 }}" # Install dependencies required to build Erlang/OTP from source # http://erlang.org/doc/installation_guide/INSTALL.html @@ -180,7 +200,7 @@ RUN set -eux; \ ln -sf "$RABBITMQ_DATA_DIR/.erlang.cookie" /root/.erlang.cookie # Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html) -ENV RABBITMQ_VERSION %%RABBITMQ_VERSION%% +ENV RABBITMQ_VERSION {{ .version }} # https://www.rabbitmq.com/signatures.html#importing-gpg ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA" ENV RABBITMQ_HOME=/opt/rabbitmq diff --git a/Dockerfile-management.template b/Dockerfile-management.template index fa1edfea..dabcd649 100644 --- a/Dockerfile-management.template +++ b/Dockerfile-management.template @@ -1,4 +1,7 @@ -FROM %%FROM%% +FROM {{ + "rabbitmq:" + env.version + + if env.variant == "alpine" then "-alpine" else "" end +}} RUN rabbitmq-plugins enable --offline rabbitmq_management @@ -24,7 +27,13 @@ RUN set -eux; \ ' -- /plugins/rabbitmq_management-*.ez > /usr/local/bin/rabbitmqadmin; \ [ -s /usr/local/bin/rabbitmqadmin ]; \ chmod +x /usr/local/bin/rabbitmqadmin; \ - %%INSTALL_PYTHON%%; \ +{{ if env.variant == "alpine" then ( -}} + apk add --no-cache python3; \ +{{ ) else ( -}} + apt-get update; \ + apt-get install -y --no-install-recommends python3; \ + rm -rf /var/lib/apt/lists/*; \ +{{ ) end -}} rabbitmqadmin --version EXPOSE 15671 15672 diff --git a/Dockerfile-ubuntu.template b/Dockerfile-ubuntu.template index 434e72a0..d2946529 100644 --- a/Dockerfile-ubuntu.template +++ b/Dockerfile-ubuntu.template @@ -18,17 +18,37 @@ ARG PGP_KEYSERVER=ha.pool.sks-keyservers.net # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.8 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.8/ubuntu # For context, see https://github.com/docker-library/official-images/issues/4252 -# Using the latest OpenSSL LTS release, with support until September 2023 - https://www.openssl.org/source/ -ENV OPENSSL_VERSION %%OPENSSL_VERSION%% -ENV OPENSSL_SOURCE_SHA256="%%OPENSSL_SOURCE_SHA256%%" +ENV OPENSSL_VERSION {{ .openssl.version }} +ENV OPENSSL_SOURCE_SHA256="{{ .openssl.sha256 }}" # https://www.openssl.org/community/omc.html -ENV OPENSSL_PGP_KEY_IDS="%%OPENSSL_PGP_KEY_IDS%%" +ENV OPENSSL_PGP_KEY_IDS="{{ +[ + # Matt Caswell + "8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491", -# Use the latest stable Erlang/OTP release (https://github.com/erlang/otp/tags) -ENV OTP_VERSION %%OTP_VERSION%% + # Mark J. Cox + "5B25 45DA B219 95F4 088C EFAA 36CE E4DE B00C FE33", + + # Paul Dale + "ED23 0BEC 4D4F 2518 B9D7 DF41 F0DB 4D21 C1D3 5231", + + # Tim Hudson + "C1F3 3DD8 CE1D 4CC6 13AF 14DA 9195 C482 41FB F7DD", + + # Richard Levitte + "7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C", + + # Kurt Roeckx + "E5E5 2560 DD91 C556 DDBD A5D0 2064 C536 41C2 5E5D" +] +# TODO auto-generate / scrape this list from the canonical upstream source instead (check the signature file and add an entry in the .openssl object with just the one signature that we expect to have signed this release, after cross-referencing the official OMC list?) +| map("0x" + gsub(" "; "")) | join(" ") +}}" + +ENV OTP_VERSION {{ .otp.version }} # TODO add PGP checking when the feature will be added to Erlang/OTP's build system # http://erlang.org/pipermail/erlang-questions/2019-January/097067.html -ENV OTP_SOURCE_SHA256="%%OTP_SOURCE_SHA256%%" +ENV OTP_SOURCE_SHA256="{{ .otp.sha256 }}" # Install dependencies required to build Erlang/OTP from source # http://erlang.org/doc/installation_guide/INSTALL.html @@ -191,7 +211,7 @@ RUN set -eux; \ ln -sf "$RABBITMQ_DATA_DIR/.erlang.cookie" /root/.erlang.cookie # Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html) -ENV RABBITMQ_VERSION %%RABBITMQ_VERSION%% +ENV RABBITMQ_VERSION {{ .version }} # https://www.rabbitmq.com/signatures.html#importing-gpg ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA" ENV RABBITMQ_HOME=/opt/rabbitmq diff --git a/apply-templates.sh b/apply-templates.sh new file mode 100755 index 00000000..d032025c --- /dev/null +++ b/apply-templates.sh @@ -0,0 +1,57 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +[ -f versions.json ] # run "versions.sh" first + +cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" + +jqt='.jq-template.awk' +if [ -n "${BASHBREW_SCRIPTS:-}" ]; then + jqt="$BASHBREW_SCRIPTS/jq-template.awk" +elif [ "$BASH_SOURCE" -nt "$jqt" ]; then + wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/5f0c26381fb7cc78b2d217d58007800bdcfbcfa1/scripts/jq-template.awk' +fi + +if [ "$#" -eq 0 ]; then + versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)" + eval "set -- $versions" +fi + +generated_warning() { + cat <<-EOH + # + # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" + # + # PLEASE DO NOT EDIT IT DIRECTLY. + # + + EOH +} + +for version; do + export version + + for variant in alpine ubuntu; do + export variant + + echo "processing $version/$variant ..." + + { + generated_warning + gawk -f "$jqt" "Dockerfile-$variant.template" + } > "$version/$variant/Dockerfile" + + cp -a docker-entrypoint.sh "$version/$variant/" + + if [ "$variant" = 'alpine' ]; then + sed -i -e 's/gosu/su-exec/g' "$version/$variant/docker-entrypoint.sh" + fi + + echo "processing $version/$variant/management ..." + + { + generated_warning + gawk -f "$jqt" Dockerfile-management.template + } > "$version/$variant/management/Dockerfile" + done +done diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 4d3c3545..388cd168 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -1,5 +1,5 @@ -#!/bin/bash -set -eu +#!/usr/bin/env bash +set -Eeuo pipefail declare -A aliases=( [3.8]='3 latest' @@ -9,11 +9,13 @@ defaultVariant='ubuntu' self="$(basename "$BASH_SOURCE")" cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" -versions=( */ ) -versions=( "${versions[@]%/}" ) +if [ "$#" -eq 0 ]; then + versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)" + eval "set -- $versions" +fi # sort version numbers with highest first -IFS=$'\n'; versions=( $(echo "${versions[*]}" | sort -rV) ); unset IFS +IFS=$'\n'; set -- $(sort -rV <<<"$*"); unset IFS # get the most recent commit which modified any of "$@" fileCommit() { @@ -68,37 +70,39 @@ join() { echo "${out#$sep}" } -for version in "${versions[@]}"; do +for version; do + export version rcVersion="${version%-rc}" - for variant in ubuntu alpine; do - commit="$(dirCommit "$version/$variant")" - - fullVersion="$(git show "$commit":"$version/$variant/Dockerfile" | awk '$1 == "ENV" && $2 == "RABBITMQ_VERSION" { print $3; exit }')" + fullVersion="$(jq -r '.[env.version].version' versions.json)" - if [ "$rcVersion" != "$version" ] && [ -e "$rcVersion/$variant/Dockerfile" ]; then - # if this is a "-rc" release, let's make sure the release it contains isn't already GA (and thus something we should not publish anymore) - rcFullVersion="$(git show HEAD:"$rcVersion/$variant/Dockerfile" | awk '$1 == "ENV" && $2 == "RABBITMQ_VERSION" { print $3; exit }')" - latestVersion="$({ echo "$fullVersion"; echo "$rcFullVersion"; } | sort -V | tail -1)" - if [[ "$fullVersion" == "$rcFullVersion"* ]] || [ "$latestVersion" = "$rcFullVersion" ]; then - # "x.y.z-rc1" == x.y.z* - continue - fi + # if this is a "-rc" release, let's make sure the release it contains isn't already GA (and thus something we should not publish anymore) + export rcVersion + if [ "$rcVersion" != "$version" ] && rcFullVersion="$(jq -r '.[env.rcVersion].version // ""' versions.json)" && [ -n "$rcFullVersion" ]; then + latestVersion="$({ echo "$fullVersion"; echo "$rcFullVersion"; } | sort -V | tail -1)" + if [[ "$fullVersion" == "$rcFullVersion"* ]] || [ "$latestVersion" = "$rcFullVersion" ]; then + # "x.y.z-rc1" == x.y.z* + continue fi + fi - versionAliases=() - if [ "$version" = "$rcVersion" ]; then - while [ "$fullVersion" != "$version" -a "${fullVersion%[.-]*}" != "$fullVersion" ]; do - versionAliases+=( $fullVersion ) - fullVersion="${fullVersion%[.-]*}" - done - else + versionAliases=() + if [ "$version" = "$rcVersion" ]; then + while [ "$fullVersion" != "$version" -a "${fullVersion%[.-]*}" != "$fullVersion" ]; do versionAliases+=( $fullVersion ) - fi - versionAliases+=( - $version - ${aliases[$version]:-} - ) + fullVersion="${fullVersion%[.-]*}" + done + else + versionAliases+=( $fullVersion ) + fi + versionAliases+=( + $version + ${aliases[$version]:-} + ) + + for variant in ubuntu alpine; do + dir="$version/$variant" + commit="$(dirCommit "$dir")" if [ "$variant" = "$defaultVariant" ]; then variantAliases=( "${versionAliases[@]}" ) @@ -107,7 +111,7 @@ for version in "${versions[@]}"; do variantAliases=( "${variantAliases[@]//latest-/}" ) fi - variantParent="$(awk 'toupper($1) == "FROM" { print $2 }' "$version/$variant/Dockerfile")" + variantParent="$(awk 'toupper($1) == "FROM" { print $2 }' "$dir/Dockerfile")" variantArches="${parentRepoToArches[$variantParent]}" echo @@ -115,11 +119,12 @@ for version in "${versions[@]}"; do Tags: $(join ', ' "${variantAliases[@]}") Architectures: $(join ', ' $variantArches) GitCommit: $commit - Directory: $version/$variant + Directory: $dir EOE for subVariant in management; do - commit="$(dirCommit "$version/$variant/$subVariant")" + subDir="$dir/$subVariant" + commit="$(dirCommit "$subDir")" subVariantAliases=( "${versionAliases[@]/%/-$subVariant}" ) subVariantAliases=( "${subVariantAliases[@]//latest-/}" ) @@ -133,7 +138,7 @@ for version in "${versions[@]}"; do Tags: $(join ', ' "${subVariantAliases[@]}") Architectures: $(join ', ' $variantArches) GitCommit: $commit - Directory: $version/$variant/$subVariant + Directory: $subDir EOE done done diff --git a/update.sh b/update.sh index 9cde49ba..bac2d758 100755 --- a/update.sh +++ b/update.sh @@ -3,145 +3,5 @@ set -Eeuo pipefail cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" -versions=( "$@" ) -if [ ${#versions[@]} -eq 0 ]; then - versions=( */ ) -fi -versions=( "${versions[@]%/}" ) - -# https://www.rabbitmq.com/which-erlang.html ("Maximum supported Erlang/OTP") -declare -A otpMajors=( - [3.8]='23' -) -declare -A otpHashCache=() - -# https://www.openssl.org/policies/releasestrat.html -# https://www.openssl.org/source/ -declare -A opensslMajors=( - [3.8]='1.1' -) - -# https://www.openssl.org/community/omc.html -opensslPgpKeys=( - # Matt Caswell - 0x8657ABB260F056B1E5190839D9C4D26D0E604491 - - # Mark J. Cox - 0x5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33 - - # Paul Dale - 0xED230BEC4D4F2518B9D7DF41F0DB4D21C1D35231 - - # Tim Hudson - 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD - - # Richard Levitte - 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C - - # Kurt Roeckx - 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D -) -# TODO auto-generate / scrape this list from the canonical upstream source instead - -for version in "${versions[@]}"; do - rcVersion="${version%-rc}" - rcGrepV='-v' - if [ "$rcVersion" != "$version" ]; then - rcGrepV= - fi - rcGrepV+=' -E' - rcGrepExpr='beta|milestone|rc' - - githubTags=( $( - git ls-remote --tags https://github.com/rabbitmq/rabbitmq-server.git \ - "refs/tags/v${rcVersion}"{'','.*','-*','^*'} \ - | cut -d'/' -f3- \ - | cut -d'^' -f1 \ - | grep $rcGrepV -- "$rcGrepExpr" \ - | sort -urV - ) ) - - fullVersion= - githubTag= - for possibleTag in "${githubTags[@]}"; do - fullVersion="$( - wget -qO- "https://github.com/rabbitmq/rabbitmq-server/releases/tag/$possibleTag" \ - | grep -oE "/rabbitmq-server-generic-unix-${rcVersion}([.-].+)?[.]tar[.]xz" \ - | head -1 \ - | sed -r "s/^.*(${rcVersion}.*)[.]tar[.]xz/\1/" \ - || : - )" - if [ -n "$fullVersion" ]; then - githubTag="$possibleTag" - break - fi - done - if [ -z "$fullVersion" ] || [ -z "$githubTag" ]; then - echo >&2 "warning: failed to get full version for '$version'; skipping" - continue - fi - - otpMajor="${otpMajors[$rcVersion]}" - otpVersion="$( - git ls-remote --tags https://github.com/erlang/otp.git \ - "refs/tags/OTP-$otpMajor.*"\ - | cut -d'/' -f3- \ - | cut -d'^' -f1 \ - | cut -d- -f2- \ - | sort -uV \ - | tail -1 - )" - if [ -z "$otpVersion" ]; then - echo >&2 "warning: failed to get Erlang/OTP version for '$version' ($fullVersion); skipping" - continue - fi - otpSourceSha256="${otpHashCache[$otpVersion]:-}" - if [ -z "$otpSourceSha256" ]; then - # TODO these aren't published anywhere (nor is the tarball we download even provided by Erlang -- it's simply a "git archive" tar provided by GitHub)... - otpSourceSha256="$(wget -qO- "https://github.com/erlang/otp/archive/OTP-$otpVersion.tar.gz" | sha256sum | cut -d' ' -f1)" - otpHashCache[$otpVersion]="$otpSourceSha256" - fi - - opensslMajor="${opensslMajors[$rcVersion]}" - opensslVersion="$( - wget -qO- 'https://www.openssl.org/source/' \ - | grep -oE 'href="openssl-'"$opensslMajor"'[^"]+[.]tar[.]gz"' \ - | sed -e 's/^href="openssl-//' -e 's/[.]tar[.]gz"//' \ - | sort -uV \ - | tail -1 - )" - if [ -z "$opensslVersion" ]; then - echo >&2 "warning: failed to get OpenSSL version for '$version' ($fullVersion); skipping" - continue - fi - opensslSourceSha256="$(wget -qO- "https://www.openssl.org/source/openssl-$opensslVersion.tar.gz.sha256")" - - echo "$version: $fullVersion" - - for variant in alpine ubuntu; do - [ -f "$version/$variant/Dockerfile" ] || continue - - sed -e "s!%%OPENSSL_VERSION%%!$opensslVersion!g" \ - -e "s!%%OPENSSL_SOURCE_SHA256%%!$opensslSourceSha256!g" \ - -e "s!%%OPENSSL_PGP_KEY_IDS%%!${opensslPgpKeys[*]}!g" \ - -e "s!%%OTP_VERSION%%!$otpVersion!g" \ - -e "s!%%OTP_SOURCE_SHA256%%!$otpSourceSha256!g" \ - -e "s!%%RABBITMQ_VERSION%%!$fullVersion!g" \ - "Dockerfile-$variant.template" \ - > "$version/$variant/Dockerfile" - - cp -a docker-entrypoint.sh "$version/$variant/" - - managementFrom="rabbitmq:$version" - installPython='apt-get update; apt-get install -y --no-install-recommends python3; rm -rf /var/lib/apt/lists/*' - if [ "$variant" = 'alpine' ]; then - managementFrom+='-alpine' - installPython='apk add --no-cache python3' - sed -i 's/gosu/su-exec/g' "$version/$variant/docker-entrypoint.sh" - fi - sed -e "s!%%FROM%%!$managementFrom!g" \ - -e "s!%%INSTALL_PYTHON%%!$installPython!g" \ - Dockerfile-management.template \ - > "$version/$variant/management/Dockerfile" - done -done +./versions.sh "$@" +./apply-templates.sh "$@" diff --git a/versions.json b/versions.json new file mode 100644 index 00000000..03ea3555 --- /dev/null +++ b/versions.json @@ -0,0 +1,24 @@ +{ + "3.8": { + "openssl": { + "sha256": "e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242", + "version": "1.1.1i" + }, + "otp": { + "sha256": "e7034e2cfe50d7570ac8f70ea7ba69ea013f10863043e25132f0a5d3d0d8d3a7", + "version": "23.2.1" + }, + "version": "3.8.9" + }, + "3.8-rc": { + "openssl": { + "sha256": "e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242", + "version": "1.1.1i" + }, + "otp": { + "sha256": "e7034e2cfe50d7570ac8f70ea7ba69ea013f10863043e25132f0a5d3d0d8d3a7", + "version": "23.2.1" + }, + "version": "3.8.10-beta.1" + } +} diff --git a/versions.sh b/versions.sh new file mode 100755 index 00000000..c3cbc03c --- /dev/null +++ b/versions.sh @@ -0,0 +1,124 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# https://www.rabbitmq.com/which-erlang.html ("Maximum supported Erlang/OTP") +declare -A otpMajors=( + [3.8]='23' +) +declare -A otpHashCache=() + +# https://www.openssl.org/policies/releasestrat.html +# https://www.openssl.org/source/ +declare -A opensslMajors=( + [3.8]='1.1' +) + +cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" + +versions=( "$@" ) +if [ ${#versions[@]} -eq 0 ]; then + versions=( */ ) + json='{}' +else + json="$(< versions.json)" +fi +versions=( "${versions[@]%/}" ) + +for version in "${versions[@]}"; do + export version + + rcVersion="${version%-rc}" + rcGrepV='-v' + if [ "$rcVersion" != "$version" ]; then + rcGrepV= + fi + rcGrepV+=' -E' + rcGrepExpr='beta|milestone|rc' + + githubTags=( $( + git ls-remote --tags https://github.com/rabbitmq/rabbitmq-server.git \ + "refs/tags/v${rcVersion}"{'','.*','-*','^*'} \ + | cut -d'/' -f3- \ + | cut -d'^' -f1 \ + | grep $rcGrepV -- "$rcGrepExpr" \ + | sort -urV + ) ) + + fullVersion= + githubTag= + for possibleTag in "${githubTags[@]}"; do + fullVersion="$( + wget -qO- "https://github.com/rabbitmq/rabbitmq-server/releases/tag/$possibleTag" \ + | grep -oE "/rabbitmq-server-generic-unix-${rcVersion}([.-].+)?[.]tar[.]xz" \ + | head -1 \ + | sed -r "s/^.*(${rcVersion}.*)[.]tar[.]xz/\1/" \ + || : + )" + if [ -n "$fullVersion" ]; then + githubTag="$possibleTag" + break + fi + done + if [ -z "$fullVersion" ] || [ -z "$githubTag" ]; then + echo >&2 "warning: failed to get full version for '$version'; skipping" + continue + fi + export fullVersion + + otpMajor="${otpMajors[$rcVersion]}" + otpVersion="$( + git ls-remote --tags https://github.com/erlang/otp.git \ + "refs/tags/OTP-$otpMajor.*"\ + | cut -d'/' -f3- \ + | cut -d'^' -f1 \ + | cut -d- -f2- \ + | sort -uV \ + | tail -1 + )" + if [ -z "$otpVersion" ]; then + echo >&2 "warning: failed to get Erlang/OTP version for '$version' ($fullVersion); skipping" + continue + fi + otpSourceSha256="${otpHashCache[$otpVersion]:-}" + if [ -z "$otpSourceSha256" ]; then + # TODO these aren't published anywhere (nor is the tarball we download even provided by Erlang -- it's simply a "git archive" tar provided by GitHub)... + otpSourceSha256="$(wget -qO- "https://github.com/erlang/otp/archive/OTP-$otpVersion.tar.gz" | sha256sum | cut -d' ' -f1)" + otpHashCache[$otpVersion]="$otpSourceSha256" + fi + export otpVersion otpSourceSha256 + + opensslMajor="${opensslMajors[$rcVersion]}" + opensslVersion="$( + wget -qO- 'https://www.openssl.org/source/' \ + | grep -oE 'href="openssl-'"$opensslMajor"'[^"]+[.]tar[.]gz"' \ + | sed -e 's/^href="openssl-//' -e 's/[.]tar[.]gz"//' \ + | sort -uV \ + | tail -1 + )" + if [ -z "$opensslVersion" ]; then + echo >&2 "warning: failed to get OpenSSL version for '$version' ($fullVersion); skipping" + continue + fi + opensslSourceSha256="$(wget -qO- "https://www.openssl.org/source/openssl-$opensslVersion.tar.gz.sha256")" + export opensslVersion opensslSourceSha256 + + echo "$version: $fullVersion (otp $otpVersion, openssl $opensslVersion)" + + json="$( + jq <<<"$json" -c ' + .[env.version] = { + version: env.fullVersion, + openssl: { + version: env.opensslVersion, + sha256: env.opensslSourceSha256, + }, + otp: { + version: env.otpVersion, + sha256: env.otpSourceSha256, + }, + } + ' + )" +done + +jq <<<"$json" -S . > versions.json