Update CKAN Dockerfile versions to 2.9.12

- Update workflows to generate a tag as: `2.9.12` instead of `ckan-2.9.12`. Align with the [`ckan-docker-spatial`(https://github.com/mjanez/ckan-docker-spatial#pre-configured-ckan-docker-images) and [`ckan-docker-base`(https://github.com/ckan/ckan-docker-base#pre-configured-ckan-docker-images)` tags.
mjanez · Aug 27, 2024 · 1e2f6cf · 1e2f6cf
1 parent bd13584
commit 1e2f6cf
Show file tree

Hide file tree

Showing 8 changed files with 63 additions and 32 deletions.
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
@@ -14,9 +14,9 @@ on:
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
-  TAG: ghcr.io/${{ github.repository }}:${{ github.head_ref }}
   CONTEXT: .
   BRANCH: ${{ github.head_ref }}
+  VERSION: ${{ github.head_ref }}
   DOCKERFILE_PATH: /ckan
   DOCKERFILE: Dockerfile
 
@@ -43,21 +43,29 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Extract tag version from branch name
+        id: extract_tag_version
+        run: echo "VERSION=$(echo ${{ github.head_ref }} | sed 's/^ckan-//')" >> $GITHUB_ENV
+
       - name: Extract Docker metadata
         id: meta
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           labels: |
             org.opencontainers.image.documentation=https://github.com/${{ github.repository }}/blob/${{ env.BRANCH }}/README.md
-            org.opencontainers.image.version=${{ env.BRANCH }}
+            org.opencontainers.image.version=${{ env.VERSION }}
+          annotations: |
+            org.opencontainers.image.description=This image contains CKAN based on a Docker Compose deployment. The container includes CKAN along with its dependencies and configurations for spatial data support.
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
 
       - name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           push: true
-          tags: ${{ env.TAG }}
+          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
           labels: ${{ steps.meta.outputs.labels }}
+          annotations: ${{ steps.meta.outputs.annotations }}
           context: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}
           file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}
 
@@ -68,14 +76,14 @@ jobs:
           no-fail: true
 
       - name: Run Trivy container image vulnerability scanner
-        uses: aquasecurity/trivy-action@0.18.0
+        uses: aquasecurity/trivy-action@0.24.0
         with:
-          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BRANCH }}
+          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
           format: sarif
           output: trivy-results.sarif
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         if: always()
         with:
           sarif_file: trivy-results.sarif
diff --git a/.github/workflows/docker-manual.yml b/.github/workflows/docker-manual.yml
@@ -5,9 +5,9 @@ on: workflow_dispatch
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
-  TAG: ghcr.io/${{ github.repository }}:${{ github.ref_name }}
   CONTEXT: .
   BRANCH: ${{ github.ref_name }}
+  VERSION: ${{ github.ref_name }}
   DOCKERFILE_PATH: /ckan
   DOCKERFILE: Dockerfile
 
@@ -33,21 +33,29 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Extract tag version from branch name
+        id: extract_tag_version
+        run: echo "VERSION=$(echo ${{ github.head_ref }} | sed 's/^ckan-//')" >> $GITHUB_ENV
+
       - name: Extract Docker metadata
         id: meta
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           labels: |
             org.opencontainers.image.documentation=https://github.com/${{ github.repository }}/blob/${{ env.BRANCH }}/README.md
-            org.opencontainers.image.version=${{ env.BRANCH }}
+            org.opencontainers.image.version=${{ env.VERSION }}
+          annotations: |
+            org.opencontainers.image.description=This image contains CKAN based on a Docker Compose deployment. The container includes CKAN along with its dependencies and configurations for spatial data support.
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
 
       - name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           push: true
-          tags: ${{ env.TAG }}
+          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
           labels: ${{ steps.meta.outputs.labels }}
+          annotations: ${{ steps.meta.outputs.annotations }}
           context: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}
           file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}
 
@@ -58,14 +66,14 @@ jobs:
           no-fail: true
 
       - name: Run Trivy container image vulnerability scanner
-        uses: aquasecurity/trivy-action@0.18.0
+        uses: aquasecurity/trivy-action@0.24.0
         with:
-          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BRANCH }}
+          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
           format: sarif
           output: trivy-results.sarif
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         if: always()
         with:
           sarif_file: trivy-results.sarif
diff --git a/.github/workflows/docker-master.yml b/.github/workflows/docker-master.yml
@@ -9,6 +9,8 @@ env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
   CONTEXT: .
+  BRANCH: master
+  VERSION: master
   DOCKERFILE_PATH: /ckan
   DOCKERFILE: Dockerfile
 
@@ -29,32 +31,36 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Get highest ckan branch excluding -dev
-        id: getbranch
-        run: echo "VERSION=$(git branch -r | grep -o 'ckan-[0-9]*\.[0-9]*\.[0-9]*[^-dev]$' | sort -V | tail -n 1)" >> $GITHUB_ENV
-
       - name: Login to registry
         uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Get highest ckan branch excluding -dev
+        id: getbranch
+        run: echo "VERSION=$(git branch -r | grep -o 'ckan-[0-9]*\.[0-9]*\.[0-9]*[^-dev]$' | sort -V | tail -n 1)" >> $GITHUB_ENV
+
       - name: Extract Docker metadata
         id: meta
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           labels: |
-            org.opencontainers.image.documentation=https://github.com/${{ github.repository }}/blob/master/README.md
+            org.opencontainers.image.documentation=https://github.com/${{ github.repository }}/blob/${{ env.BRANCH }}/README.md
             org.opencontainers.image.version=${{ env.VERSION }}
+          annotations: |
+            org.opencontainers.image.description=This image contains CKAN based on a Docker Compose deployment. The container includes CKAN along with its dependencies and configurations for spatial data support.
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
 
       - name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           push: true
           tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
           labels: ${{ steps.meta.outputs.labels }}
+          annotations: ${{ steps.meta.outputs.annotations }}
           context: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}
           file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}
 
@@ -65,14 +71,14 @@ jobs:
           no-fail: true
 
       - name: Run Trivy container image vulnerability scanner
-        uses: aquasecurity/trivy-action@0.18.0
+        uses: aquasecurity/trivy-action@0.24.0
         with:
           image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
           format: sarif
           output: trivy-results.sarif
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         if: always()
         with:
           sarif_file: trivy-results.sarif
diff --git a/.github/workflows/docker-pr.yml b/.github/workflows/docker-pr.yml
@@ -30,43 +30,43 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Checkout
+      - name: Check out code
         uses: actions/checkout@v4
 
       -  name: NGINX build
-         uses: docker/build-push-action@v5
+         uses: docker/build-push-action@v6
          with:
             context: ./nginx
             file: ./nginx/Dockerfile
             push: false
             tags: mjanez/ckan-docker-nginx:test-build-only
 
       -  name: Apache HTTP Server build
-         uses: docker/build-push-action@v5
+         uses: docker/build-push-action@v6
          with:
             context: ./apache
             file: ./apache/Dockerfile
             push: false
             tags: mjanez/ckan-docker-apache:test-build-only
 
       -  name: PostgreSQL build
-         uses: docker/build-push-action@v5
+         uses: docker/build-push-action@v6
          with:
               context: ./postgresql
               file: ./postgresql/Dockerfile
               push: false
               tags: mjanez/ckan-docker-postgresql:test-build-only
 
       -  name: Solr build
-         uses: docker/build-push-action@v5
+         uses: docker/build-push-action@v6
          with:
               context: ./solr
               file: ./solr/Dockerfile
               push: false
               tags: mjanez/ckan-docker-solr:test-build-only
 
       -  name: ckan-pycsw build
-         uses: docker/build-push-action@v4
+         uses: docker/build-push-action@v6
          with:
               context: ./ckan-pycsw
               file: ./ckan-pycsw/Dockerfile

diff --git a/README.md b/README.md
@@ -42,12 +42,18 @@ Available components:
 
 | CKAN Version | Type | Docker tag | Notes |
 | --- | --- | --- | --- |
-| 2.9.8 | custom image | `ghcr.io/mjanez/ckan-spatial:ckan-2.9.8` | Stable version with CKAN 2.9.8 |
+| 2.9.8 | custom image | `ghcr.io/mjanez/ckan-spatial:ckan-2.9.8`, `ghcr.io/mjanez/ckan-spatial:ckan-2.9.8`,  `ghcr.io/mjanez/ckan-docker:ckan-2.9.9`, `ghcr.io/mjanez/ckan-docker:ckan-2.9.10`, `ghcr.io/mjanez/ckan-docker:ckan-2.9.11`, `ghcr.io/mjanez/ckan-docker:2.9.12`  | Stable official versions of CKAN `2.9.8`, `2.9.10` and `2.9.11`, also includes a security backport: `2.9.12` |
 | 2.9.9 | custom image | `ghcr.io/mjanez/ckan-docker:ckan-2.9.9` | Stable version with CKAN 2.9.9 |
 | 2.9.10 | custom image | `ghcr.io/mjanez/ckan-docker:ckan-2.9.10` | Stable version with CKAN 2.9.10 |
 | 2.9.11 | custom image | `ghcr.io/mjanez/ckan-docker:ckan-2.9.11` | Stable version with CKAN 2.9.11 |
 | 2.9.11 | latest custom image | `ghcr.io/mjanez/ckan-docker:master` | Latest `ckan-docker` image. |
 
+| CKAN Version | Type |  Base image | Docker tag | Notes |
+| --- | --- | --- | --- | --- |
+| 2.9.x  | custom spatial image | `alpine:3.15` | `ghcr.io/mjanez/ckan-spatial:ckan-2.9.8`, `ghcr.io/mjanez/ckan-spatial:ckan-2.9.8`,  `ghcr.io/mjanez/ckan-docker:ckan-2.9.9`, `ghcr.io/mjanez/ckan-docker:ckan-2.9.10`, `ghcr.io/mjanez/ckan-docker:ckan-2.9.11`, `ghcr.io/mjanez/ckan-docker:2.9.12` | Stable official versions of CKAN `2.9.8`, `2.9.10` and `2.9.11`, including a security backport: `2.9.12`. As of `2.9.12`, repo images are aligned with the [`ckan-docker-spatial`](https://github.com/mjanez/ckan-docker-spatial#pre-configured-ckan-docker-images) and [`ckan-docker-base](https://github.com/ckan/ckan-docker-base#pre-configured-ckan-docker-images)` tags. |
+| 2.10.x  | custom spatial image | `python:3.10-slim-bookworm` | `ghcr.io/mjanez/ckan-docker:2.10.5` | From `2.10` images only [Debian-based official Python images](https://hub.docker.com/_/python) rather than Alpine-based images will be provided. |
+
+
 The non-CKAN images are as follows:
 * PostgreSQL: [Custom image](/postgresql/Dockerfile) based on official PostgreSQL image. Database files are stored in a named volume.
 * Solr: [Custom image](/solr/Dockerfile.spatial) based on official CKAN [pre-configured Solr image](https://github.com/ckan/ckan-solr). The index data is stored in a named volume and has a custom spatial schema upgrades. [^2]
@@ -435,6 +441,9 @@ You can now set breakpoints and remote debug your CKAN development instance usin
 Add these lines to the `ckan-dev` service in the docker compose.dev.yml file
 
 ```yaml
+ports:
+  - "0.0.0.0:${CKAN_PORT}:5000"
+
 stdin_open: true
 tty: true
 ```

diff --git a/ckan/Dockerfile b/ckan/Dockerfile
@@ -1,4 +1,4 @@
-FROM ghcr.io/mjanez/ckan-base-spatial:ckan-2.9.11
+FROM ghcr.io/mjanez/ckan-spatial-base:2.9.12
 LABEL maintainer="[email protected]"
 
 # Set up environment variables

diff --git a/ckan/Dockerfile.dev b/ckan/Dockerfile.dev
@@ -1,4 +1,4 @@
-FROM ghcr.io/mjanez/ckan-base-spatial:ckan-2.9.11-dev
+FROM ghcr.io/mjanez/ckan-spatial-dev:2.9.12
 LABEL maintainer="[email protected]"
 
 # Set up environment variables

diff --git a/ckan/Dockerfile.ghcr b/ckan/Dockerfile.ghcr
@@ -1,4 +1,4 @@
-FROM ghcr.io/mjanez/ckan-docker:ckan-2.9.11
+FROM ghcr.io/mjanez/ckan-docker:2.9.12
 LABEL maintainer="[email protected]"
 
 # Set up environment variables