From 973234e385f13dca47355e1f2ba5cded66210d47 Mon Sep 17 00:00:00 2001 From: Joe Corall Date: Mon, 29 Jul 2024 09:44:02 -0400 Subject: [PATCH 1/4] docker pin update script --- Dockerfile | 6 +++--- ci/update-docker.sh | 34 +++++++++++++++++++++++++++++++++ examples/coverpage/Dockerfile | 4 ++-- examples/libreoffice/Dockerfile | 4 ++-- 4 files changed, 41 insertions(+), 7 deletions(-) create mode 100755 ci/update-docker.sh diff --git a/Dockerfile b/Dockerfile index bf18b1a..0c03b56 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,10 +6,10 @@ SHELL ["/bin/ash", "-o", "pipefail", "-c"] RUN apk update && \ apk add --no-cache \ - curl==8.8.0-r0 \ + curl==8.9.0-r0 \ bash==5.2.26-r0 \ - ca-certificates==20240226-r0 \ - openssl==3.3.1-r1 && \ + ca-certificates==20240705-r0 \ + openssl==3.3.1-r3 && \ openssl s_client -connect helloworld.letsencrypt.org:443 -showcerts /dev/null | sed -e '/-----BEGIN/,/-----END/!d' | tee "/usr/local/share/ca-certificates/letsencrypt.crt" >/dev/null && \ update-ca-certificates diff --git a/ci/update-docker.sh b/ci/update-docker.sh new file mode 100755 index 0000000..586bc57 --- /dev/null +++ b/ci/update-docker.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash + +set -eou pipefail + +get_latest_version() { + PACKAGE_NAME=$1 + # TODO: is there really no JSON API for this? + PACKAGE_REPO_URL="https://pkgs.alpinelinux.org/package/v3.20/main/x86_64/$PACKAGE_NAME" + PACKAGE_INFO=$(curl -s "$PACKAGE_REPO_URL") + if echo "$PACKAGE_INFO" | grep -q "404 Page not found"; then + PACKAGE_INFO=$(curl -s "https://pkgs.alpinelinux.org/package/v3.20/community/x86_64/$PACKAGE_NAME") + fi + LATEST_VERSION=$(echo "$PACKAGE_INFO" | grep -A 2 'Version' | tail -n 1 | xargs) + + echo "$LATEST_VERSION" +} + +find . -name 'Dockerfile' | while read -r DOCKERFILE; do + echo "Checking $DOCKERFILE" + grep -s '==' "$DOCKERFILE" > /dev/null || continue + ggrep -soP '[a-zA-Z0-9_\-]+==[a-zA-Z0-9_\-\.]+' "$DOCKERFILE" | tr -d '\\' | while read -r PACKAGE; do + echo -e "\tChecking $PACKAGE" + PACKAGE_NAME=$(echo "$PACKAGE" | cut -d'=' -f1|awk '{print $1}') + CURRENT_VERSION=$(echo "$PACKAGE" | cut -d'=' -f3|awk '{print $1}') + LATEST_VERSION=$(get_latest_version "$PACKAGE_NAME") + if [[ "$LATEST_VERSION" != "$CURRENT_VERSION" ]]; then + echo -e "\t\tUpdating to $LATEST_VERSION" + sed -E "s/($PACKAGE_NAME)==$CURRENT_VERSION/\1==$LATEST_VERSION/" "$DOCKERFILE" > "${DOCKERFILE}.bak" + mv "${DOCKERFILE}.bak" "$DOCKERFILE" + else + echo -e "\t\t$PACKAGE_NAME is already up to date." + fi + done +done diff --git a/examples/coverpage/Dockerfile b/examples/coverpage/Dockerfile index 80428ce..8d677a5 100644 --- a/examples/coverpage/Dockerfile +++ b/examples/coverpage/Dockerfile @@ -5,8 +5,8 @@ FROM pandoc/latex:3.2.0 AS pandoc RUN apk update && \ apk add --no-cache \ - bash==5.2.21-r0 \ - curl==8.5.0-r0 \ + bash==5.2.26-r0 \ + curl==8.9.0-r0 \ ghostscript==10.03.1-r0 \ jq==1.7.1-r0 diff --git a/examples/libreoffice/Dockerfile b/examples/libreoffice/Dockerfile index 9cc8a59..8624305 100644 --- a/examples/libreoffice/Dockerfile +++ b/examples/libreoffice/Dockerfile @@ -7,6 +7,6 @@ COPY cmd.sh /app/ RUN apk update && \ apk add --no-cache \ - openjdk17-jre==17.0.11_p9-r0 \ + openjdk17-jre==17.0.12_p7-r0 \ libreoffice==7.6.7.2-r0 \ - ttf-dejavu==2.37-r5 + ttf-dejavu== From 097654386db5c8e52e288eda1a869126e752c5f7 Mon Sep 17 00:00:00 2001 From: Joe Corall Date: Mon, 29 Jul 2024 09:47:44 -0400 Subject: [PATCH 2/4] Fixup 404 --- ci/update-docker.sh | 3 +++ examples/libreoffice/Dockerfile | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ci/update-docker.sh b/ci/update-docker.sh index 586bc57..dac091f 100755 --- a/ci/update-docker.sh +++ b/ci/update-docker.sh @@ -23,6 +23,9 @@ find . -name 'Dockerfile' | while read -r DOCKERFILE; do PACKAGE_NAME=$(echo "$PACKAGE" | cut -d'=' -f1|awk '{print $1}') CURRENT_VERSION=$(echo "$PACKAGE" | cut -d'=' -f3|awk '{print $1}') LATEST_VERSION=$(get_latest_version "$PACKAGE_NAME") + if [ "$LATEST_VERSION" = "" ]; then + continue + fi if [[ "$LATEST_VERSION" != "$CURRENT_VERSION" ]]; then echo -e "\t\tUpdating to $LATEST_VERSION" sed -E "s/($PACKAGE_NAME)==$CURRENT_VERSION/\1==$LATEST_VERSION/" "$DOCKERFILE" > "${DOCKERFILE}.bak" diff --git a/examples/libreoffice/Dockerfile b/examples/libreoffice/Dockerfile index 8624305..ae26019 100644 --- a/examples/libreoffice/Dockerfile +++ b/examples/libreoffice/Dockerfile @@ -9,4 +9,4 @@ RUN apk update && \ apk add --no-cache \ openjdk17-jre==17.0.12_p7-r0 \ libreoffice==7.6.7.2-r0 \ - ttf-dejavu== + ttf-dejavu==2.37-r5 From 184f0ddf0025ba36ce54e7c2243d73c055ecaa7c Mon Sep 17 00:00:00 2001 From: Joe Corall Date: Mon, 29 Jul 2024 09:53:05 -0400 Subject: [PATCH 3/4] bash and curl already in base image --- examples/coverpage/Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/examples/coverpage/Dockerfile b/examples/coverpage/Dockerfile index 8d677a5..976a6d9 100644 --- a/examples/coverpage/Dockerfile +++ b/examples/coverpage/Dockerfile @@ -5,8 +5,6 @@ FROM pandoc/latex:3.2.0 AS pandoc RUN apk update && \ apk add --no-cache \ - bash==5.2.26-r0 \ - curl==8.9.0-r0 \ ghostscript==10.03.1-r0 \ jq==1.7.1-r0 From bac42d19a63976d30d9b65b3828b9c349d67b6f9 Mon Sep 17 00:00:00 2001 From: Joe Corall Date: Mon, 29 Jul 2024 09:53:16 -0400 Subject: [PATCH 4/4] don't use ARG anymore --- examples/tesseract/Dockerfile | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/examples/tesseract/Dockerfile b/examples/tesseract/Dockerfile index 392a0c1..434dde1 100644 --- a/examples/tesseract/Dockerfile +++ b/examples/tesseract/Dockerfile @@ -2,21 +2,19 @@ ARG TAG=main ARG DOCKER_REPOSITORY=local FROM ${DOCKER_REPOSITORY}/scyllaridae:${TAG} -ARG TESSERACT_VERSION=5.3.4-r0 - RUN apk update && \ apk add --no-cache \ leptonica-dev==1.84.1-r0 \ - tesseract-ocr==${TESSERACT_VERSION} \ - tesseract-ocr-data-eng==${TESSERACT_VERSION} \ - tesseract-ocr-data-fra==${TESSERACT_VERSION} \ - tesseract-ocr-data-spa==${TESSERACT_VERSION} \ - tesseract-ocr-data-ita==${TESSERACT_VERSION} \ - tesseract-ocr-data-por==${TESSERACT_VERSION} \ - tesseract-ocr-data-hin==${TESSERACT_VERSION} \ - tesseract-ocr-data-deu==${TESSERACT_VERSION} \ - tesseract-ocr-data-jpn==${TESSERACT_VERSION} \ - tesseract-ocr-data-rus==${TESSERACT_VERSION} \ + tesseract-ocr==5.3.4-r0 \ + tesseract-ocr-data-eng==5.3.4-r0 \ + tesseract-ocr-data-fra==5.3.4-r0 \ + tesseract-ocr-data-spa==5.3.4-r0 \ + tesseract-ocr-data-ita==5.3.4-r0 \ + tesseract-ocr-data-por==5.3.4-r0 \ + tesseract-ocr-data-hin==5.3.4-r0 \ + tesseract-ocr-data-deu==5.3.4-r0 \ + tesseract-ocr-data-jpn==5.3.4-r0 \ + tesseract-ocr-data-rus==5.3.4-r0 \ poppler-utils==24.02.0-r1 COPY scyllaridae.yml /app/scyllaridae.yml