docker-library
/
rabbitmq
mirror of https://github.com/docker-library/rabbitmq.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add initial jq-based templating engine 

This makes our templating much more sustainable, and will allow our commit automation to make better commit messages (`Update 3.8 to openssl 1.1.1i`, `Update 3.8 to 3.8.10`, etc).
This commit is contained in:
Tianon Gravi 2020-12-29 14:27:03 -08:00
parent 2a3ffff862
commit 7e63843da6
19 changed files with 393 additions and 204 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitattributes vendored Normal file
View File

@ -0,0 +1,3 @@
/*/**/Dockerfile linguist-generated
/*/**/docker-entrypoint.sh linguist-generated
/Dockerfile*.template linguist-language=Dockerfile

22
.github/workflows/verify-templating.yml vendored Normal file
View File

@ -0,0 +1,22 @@
name: Verify Templating
on:
pull_request:
push:
defaults:
run:
shell: 'bash -Eeuo pipefail -x {0}'
jobs:
apply-templates:
name: Check For Uncomitted Changes
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Apply Templates
run: ./apply-templates.sh
- name: Check Git Status
run: |
status="$(git status --short)"
[ -z "$status" ]

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.jq-template.awk

8
3.8-rc/alpine/Dockerfile generated
View File

@ -1,3 +1,9 @@
#
# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
#
# PLEASE DO NOT EDIT IT DIRECTLY.
#
# Alpine Linux is not officially supported by the RabbitMQ team -- use at your own risk!
FROM alpine:3.12
@ -15,13 +21,11 @@ ARG PGP_KEYSERVER=ha.pool.sks-keyservers.net
# run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.8 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.8/ubuntu
# For context, see https://github.com/docker-library/official-images/issues/4252
# Using the latest OpenSSL LTS release, with support until September 2023 - https://www.openssl.org/source/
ENV OPENSSL_VERSION 1.1.1i
ENV OPENSSL_SOURCE_SHA256="e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242"
# https://www.openssl.org/community/omc.html
ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0x5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33 0xED230BEC4D4F2518B9D7DF41F0DB4D21C1D35231 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D"
# Use the latest stable Erlang/OTP release (https://github.com/erlang/otp/tags)
ENV OTP_VERSION 23.2.1
# TODO add PGP checking when the feature will be added to Erlang/OTP's build system
# http://erlang.org/pipermail/erlang-questions/2019-January/097067.html

6
3.8-rc/alpine/management/Dockerfile generated
View File

@ -1,3 +1,9 @@
#
# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
#
# PLEASE DO NOT EDIT IT DIRECTLY.
#
FROM rabbitmq:3.8-rc-alpine
RUN rabbitmq-plugins enable --offline rabbitmq_management

8
3.8-rc/ubuntu/Dockerfile generated
View File

@ -1,3 +1,9 @@
#
# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
#
# PLEASE DO NOT EDIT IT DIRECTLY.
#
# The official Canonical Ubuntu Bionic image is ideal from a security perspective,
# especially for the enterprises that we, the RabbitMQ team, have to deal with
FROM ubuntu:18.04
@ -18,13 +24,11 @@ ARG PGP_KEYSERVER=ha.pool.sks-keyservers.net
# run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.8 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.8/ubuntu
# For context, see https://github.com/docker-library/official-images/issues/4252
# Using the latest OpenSSL LTS release, with support until September 2023 - https://www.openssl.org/source/
ENV OPENSSL_VERSION 1.1.1i
ENV OPENSSL_SOURCE_SHA256="e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242"
# https://www.openssl.org/community/omc.html
ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0x5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33 0xED230BEC4D4F2518B9D7DF41F0DB4D21C1D35231 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D"
# Use the latest stable Erlang/OTP release (https://github.com/erlang/otp/tags)
ENV OTP_VERSION 23.2.1
# TODO add PGP checking when the feature will be added to Erlang/OTP's build system
# http://erlang.org/pipermail/erlang-questions/2019-January/097067.html

10
3.8-rc/ubuntu/management/Dockerfile generated
View File

@ -1,3 +1,9 @@
#
# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
#
# PLEASE DO NOT EDIT IT DIRECTLY.
#
FROM rabbitmq:3.8-rc
RUN rabbitmq-plugins enable --offline rabbitmq_management
@ -24,7 +30,9 @@ RUN set -eux; \
' -- /plugins/rabbitmq_management-*.ez > /usr/local/bin/rabbitmqadmin; \
[ -s /usr/local/bin/rabbitmqadmin ]; \
chmod +x /usr/local/bin/rabbitmqadmin; \
apt-get update; apt-get install -y --no-install-recommends python3; rm -rf /var/lib/apt/lists/*; \
apt-get update; \
apt-get install -y --no-install-recommends python3; \
rm -rf /var/lib/apt/lists/*; \
rabbitmqadmin --version
EXPOSE 15671 15672

8
3.8/alpine/Dockerfile generated
View File

@ -1,3 +1,9 @@
#
# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
#
# PLEASE DO NOT EDIT IT DIRECTLY.
#
# Alpine Linux is not officially supported by the RabbitMQ team -- use at your own risk!
FROM alpine:3.12
@ -15,13 +21,11 @@ ARG PGP_KEYSERVER=ha.pool.sks-keyservers.net
# run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.8 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.8/ubuntu
# For context, see https://github.com/docker-library/official-images/issues/4252
# Using the latest OpenSSL LTS release, with support until September 2023 - https://www.openssl.org/source/
ENV OPENSSL_VERSION 1.1.1i
ENV OPENSSL_SOURCE_SHA256="e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242"
# https://www.openssl.org/community/omc.html
ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0x5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33 0xED230BEC4D4F2518B9D7DF41F0DB4D21C1D35231 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D"
# Use the latest stable Erlang/OTP release (https://github.com/erlang/otp/tags)
ENV OTP_VERSION 23.2.1
# TODO add PGP checking when the feature will be added to Erlang/OTP's build system
# http://erlang.org/pipermail/erlang-questions/2019-January/097067.html

6
3.8/alpine/management/Dockerfile generated
View File

@ -1,3 +1,9 @@
#
# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
#
# PLEASE DO NOT EDIT IT DIRECTLY.
#
FROM rabbitmq:3.8-alpine
RUN rabbitmq-plugins enable --offline rabbitmq_management

8
3.8/ubuntu/Dockerfile generated
View File

@ -1,3 +1,9 @@
#
# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
#
# PLEASE DO NOT EDIT IT DIRECTLY.
#
# The official Canonical Ubuntu Bionic image is ideal from a security perspective,
# especially for the enterprises that we, the RabbitMQ team, have to deal with
FROM ubuntu:18.04
@ -18,13 +24,11 @@ ARG PGP_KEYSERVER=ha.pool.sks-keyservers.net
# run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.8 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.8/ubuntu
# For context, see https://github.com/docker-library/official-images/issues/4252
# Using the latest OpenSSL LTS release, with support until September 2023 - https://www.openssl.org/source/
ENV OPENSSL_VERSION 1.1.1i
ENV OPENSSL_SOURCE_SHA256="e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242"
# https://www.openssl.org/community/omc.html
ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0x5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33 0xED230BEC4D4F2518B9D7DF41F0DB4D21C1D35231 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D"
# Use the latest stable Erlang/OTP release (https://github.com/erlang/otp/tags)
ENV OTP_VERSION 23.2.1
# TODO add PGP checking when the feature will be added to Erlang/OTP's build system
# http://erlang.org/pipermail/erlang-questions/2019-January/097067.html

10
3.8/ubuntu/management/Dockerfile generated
View File

@ -1,3 +1,9 @@
#
# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
#
# PLEASE DO NOT EDIT IT DIRECTLY.
#
FROM rabbitmq:3.8
RUN rabbitmq-plugins enable --offline rabbitmq_management
@ -24,7 +30,9 @@ RUN set -eux; \
' -- /plugins/rabbitmq_management-*.ez > /usr/local/bin/rabbitmqadmin; \
[ -s /usr/local/bin/rabbitmqadmin ]; \
chmod +x /usr/local/bin/rabbitmqadmin; \
apt-get update; apt-get install -y --no-install-recommends python3; rm -rf /var/lib/apt/lists/*; \
apt-get update; \
apt-get install -y --no-install-recommends python3; \
rm -rf /var/lib/apt/lists/*; \
rabbitmqadmin --version
EXPOSE 15671 15672

36
Dockerfile-alpine.template
View File

@ -15,17 +15,37 @@ ARG PGP_KEYSERVER=ha.pool.sks-keyservers.net
# run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.8 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.8/ubuntu
# For context, see https://github.com/docker-library/official-images/issues/4252
# Using the latest OpenSSL LTS release, with support until September 2023 - https://www.openssl.org/source/
ENV OPENSSL_VERSION %%OPENSSL_VERSION%%
ENV OPENSSL_SOURCE_SHA256="%%OPENSSL_SOURCE_SHA256%%"
ENV OPENSSL_VERSION {{ .openssl.version }}
ENV OPENSSL_SOURCE_SHA256="{{ .openssl.sha256 }}"
# https://www.openssl.org/community/omc.html
ENV OPENSSL_PGP_KEY_IDS="%%OPENSSL_PGP_KEY_IDS%%"
ENV OPENSSL_PGP_KEY_IDS="{{
[
# Matt Caswell
"8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491",
# Use the latest stable Erlang/OTP release (https://github.com/erlang/otp/tags)
ENV OTP_VERSION %%OTP_VERSION%%
# Mark J. Cox
"5B25 45DA B219 95F4 088C EFAA 36CE E4DE B00C FE33",
# Paul Dale
"ED23 0BEC 4D4F 2518 B9D7 DF41 F0DB 4D21 C1D3 5231",
# Tim Hudson
"C1F3 3DD8 CE1D 4CC6 13AF 14DA 9195 C482 41FB F7DD",
# Richard Levitte
"7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C",
# Kurt Roeckx
"E5E5 2560 DD91 C556 DDBD A5D0 2064 C536 41C2 5E5D"
]
# TODO auto-generate / scrape this list from the canonical upstream source instead (check the signature file and add an entry in the .openssl object with just the one signature that we expect to have signed this release, after cross-referencing the official OMC list?)
| map("0x" + gsub(" "; "")) | join(" ")
}}"
ENV OTP_VERSION {{ .otp.version }}
# TODO add PGP checking when the feature will be added to Erlang/OTP's build system
# http://erlang.org/pipermail/erlang-questions/2019-January/097067.html
ENV OTP_SOURCE_SHA256="%%OTP_SOURCE_SHA256%%"
ENV OTP_SOURCE_SHA256="{{ .otp.sha256 }}"
# Install dependencies required to build Erlang/OTP from source
# http://erlang.org/doc/installation_guide/INSTALL.html
@ -180,7 +200,7 @@ RUN set -eux; \
ln -sf "$RABBITMQ_DATA_DIR/.erlang.cookie" /root/.erlang.cookie
# Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
ENV RABBITMQ_VERSION %%RABBITMQ_VERSION%%
ENV RABBITMQ_VERSION {{ .version }}
# https://www.rabbitmq.com/signatures.html#importing-gpg
ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA"
ENV RABBITMQ_HOME=/opt/rabbitmq

13
Dockerfile-management.template
View File

@ -1,4 +1,7 @@
FROM %%FROM%%
FROM {{
"rabbitmq:" + env.version
+ if env.variant == "alpine" then "-alpine" else "" end
}}
RUN rabbitmq-plugins enable --offline rabbitmq_management
@ -24,7 +27,13 @@ RUN set -eux; \
' -- /plugins/rabbitmq_management-*.ez > /usr/local/bin/rabbitmqadmin; \
[ -s /usr/local/bin/rabbitmqadmin ]; \
chmod +x /usr/local/bin/rabbitmqadmin; \
%%INSTALL_PYTHON%%; \
{{ if env.variant == "alpine" then ( -}}
apk add --no-cache python3; \
{{ ) else ( -}}
apt-get update; \
apt-get install -y --no-install-recommends python3; \
rm -rf /var/lib/apt/lists/*; \
{{ ) end -}}
rabbitmqadmin --version
EXPOSE 15671 15672

36
Dockerfile-ubuntu.template
View File

@ -18,17 +18,37 @@ ARG PGP_KEYSERVER=ha.pool.sks-keyservers.net
# run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.8 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.8/ubuntu
# For context, see https://github.com/docker-library/official-images/issues/4252
# Using the latest OpenSSL LTS release, with support until September 2023 - https://www.openssl.org/source/
ENV OPENSSL_VERSION %%OPENSSL_VERSION%%
ENV OPENSSL_SOURCE_SHA256="%%OPENSSL_SOURCE_SHA256%%"
ENV OPENSSL_VERSION {{ .openssl.version }}
ENV OPENSSL_SOURCE_SHA256="{{ .openssl.sha256 }}"
# https://www.openssl.org/community/omc.html
ENV OPENSSL_PGP_KEY_IDS="%%OPENSSL_PGP_KEY_IDS%%"
ENV OPENSSL_PGP_KEY_IDS="{{
[
# Matt Caswell
"8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491",
# Use the latest stable Erlang/OTP release (https://github.com/erlang/otp/tags)
ENV OTP_VERSION %%OTP_VERSION%%
# Mark J. Cox
"5B25 45DA B219 95F4 088C EFAA 36CE E4DE B00C FE33",
# Paul Dale
"ED23 0BEC 4D4F 2518 B9D7 DF41 F0DB 4D21 C1D3 5231",
# Tim Hudson
"C1F3 3DD8 CE1D 4CC6 13AF 14DA 9195 C482 41FB F7DD",
# Richard Levitte
"7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C",
# Kurt Roeckx
"E5E5 2560 DD91 C556 DDBD A5D0 2064 C536 41C2 5E5D"
]
# TODO auto-generate / scrape this list from the canonical upstream source instead (check the signature file and add an entry in the .openssl object with just the one signature that we expect to have signed this release, after cross-referencing the official OMC list?)
| map("0x" + gsub(" "; "")) | join(" ")
}}"
ENV OTP_VERSION {{ .otp.version }}
# TODO add PGP checking when the feature will be added to Erlang/OTP's build system
# http://erlang.org/pipermail/erlang-questions/2019-January/097067.html
ENV OTP_SOURCE_SHA256="%%OTP_SOURCE_SHA256%%"
ENV OTP_SOURCE_SHA256="{{ .otp.sha256 }}"
# Install dependencies required to build Erlang/OTP from source
# http://erlang.org/doc/installation_guide/INSTALL.html
@ -191,7 +211,7 @@ RUN set -eux; \
ln -sf "$RABBITMQ_DATA_DIR/.erlang.cookie" /root/.erlang.cookie
# Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
ENV RABBITMQ_VERSION %%RABBITMQ_VERSION%%
ENV RABBITMQ_VERSION {{ .version }}
# https://www.rabbitmq.com/signatures.html#importing-gpg
ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA"
ENV RABBITMQ_HOME=/opt/rabbitmq

57
apply-templates.sh Executable file
View File

@ -0,0 +1,57 @@
#!/usr/bin/env bash
set -Eeuo pipefail
[ -f versions.json ] # run "versions.sh" first
cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
jqt='.jq-template.awk'
if [ -n "${BASHBREW_SCRIPTS:-}" ]; then
jqt="$BASHBREW_SCRIPTS/jq-template.awk"
elif [ "$BASH_SOURCE" -nt "$jqt" ]; then
wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/5f0c26381fb7cc78b2d217d58007800bdcfbcfa1/scripts/jq-template.awk'
fi
if [ "$#" -eq 0 ]; then
versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)"
eval "set -- $versions"
fi
generated_warning() {
cat <<-EOH
#
# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
#
# PLEASE DO NOT EDIT IT DIRECTLY.
#
EOH
}
for version; do
export version
for variant in alpine ubuntu; do
export variant
echo "processing $version/$variant ..."
{
generated_warning
gawk -f "$jqt" "Dockerfile-$variant.template"
} > "$version/$variant/Dockerfile"
cp -a docker-entrypoint.sh "$version/$variant/"
if [ "$variant" = 'alpine' ]; then
sed -i -e 's/gosu/su-exec/g' "$version/$variant/docker-entrypoint.sh"
fi
echo "processing $version/$variant/management ..."
{
generated_warning
gawk -f "$jqt" Dockerfile-management.template
} > "$version/$variant/management/Dockerfile"
done
done

73
generate-stackbrew-library.sh
View File

@ -1,5 +1,5 @@
#!/bin/bash
set -eu
#!/usr/bin/env bash
set -Eeuo pipefail
declare -A aliases=(
[3.8]='3 latest'
@ -9,11 +9,13 @@ defaultVariant='ubuntu'
self="$(basename "$BASH_SOURCE")"
cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
versions=( */ )
versions=( "${versions[@]%/}" )
if [ "$#" -eq 0 ]; then
versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)"
eval "set -- $versions"
fi
# sort version numbers with highest first
IFS=$'\n'; versions=( $(echo "${versions[*]}" | sort -rV) ); unset IFS
IFS=$'\n'; set -- $(sort -rV <<<"$*"); unset IFS
# get the most recent commit which modified any of "$@"
fileCommit() {
@ -68,37 +70,39 @@ join() {
echo "${out#$sep}"
}
for version in "${versions[@]}"; do
for version; do
export version
rcVersion="${version%-rc}"
for variant in ubuntu alpine; do
commit="$(dirCommit "$version/$variant")"
fullVersion="$(jq -r '.[env.version].version' versions.json)"
fullVersion="$(git show "$commit":"$version/$variant/Dockerfile" | awk '$1 == "ENV" && $2 == "RABBITMQ_VERSION" { print $3; exit }')"
if [ "$rcVersion" != "$version" ] && [ -e "$rcVersion/$variant/Dockerfile" ]; then
# if this is a "-rc" release, let's make sure the release it contains isn't already GA (and thus something we should not publish anymore)
rcFullVersion="$(git show HEAD:"$rcVersion/$variant/Dockerfile" | awk '$1 == "ENV" && $2 == "RABBITMQ_VERSION" { print $3; exit }')"
latestVersion="$({ echo "$fullVersion"; echo "$rcFullVersion"; } | sort -V | tail -1)"
if [[ "$fullVersion" == "$rcFullVersion"* ]] || [ "$latestVersion" = "$rcFullVersion" ]; then
# "x.y.z-rc1" == x.y.z*
continue
fi
# if this is a "-rc" release, let's make sure the release it contains isn't already GA (and thus something we should not publish anymore)
export rcVersion
if [ "$rcVersion" != "$version" ] && rcFullVersion="$(jq -r '.[env.rcVersion].version // ""' versions.json)" && [ -n "$rcFullVersion" ]; then
latestVersion="$({ echo "$fullVersion"; echo "$rcFullVersion"; } | sort -V | tail -1)"
if [[ "$fullVersion" == "$rcFullVersion"* ]] || [ "$latestVersion" = "$rcFullVersion" ]; then
# "x.y.z-rc1" == x.y.z*
continue
fi
fi
versionAliases=()
if [ "$version" = "$rcVersion" ]; then
while [ "$fullVersion" != "$version" -a "${fullVersion%[.-]*}" != "$fullVersion" ]; do
versionAliases+=( $fullVersion )
fullVersion="${fullVersion%[.-]*}"
done
else
versionAliases=()
if [ "$version" = "$rcVersion" ]; then
while [ "$fullVersion" != "$version" -a "${fullVersion%[.-]*}" != "$fullVersion" ]; do
versionAliases+=( $fullVersion )
fi
versionAliases+=(
$version
${aliases[$version]:-}
)
fullVersion="${fullVersion%[.-]*}"
done
else
versionAliases+=( $fullVersion )
fi
versionAliases+=(
$version
${aliases[$version]:-}
)
for variant in ubuntu alpine; do
dir="$version/$variant"
commit="$(dirCommit "$dir")"
if [ "$variant" = "$defaultVariant" ]; then
variantAliases=( "${versionAliases[@]}" )
@ -107,7 +111,7 @@ for version in "${versions[@]}"; do
variantAliases=( "${variantAliases[@]//latest-/}" )
fi
variantParent="$(awk 'toupper($1) == "FROM" { print $2 }' "$version/$variant/Dockerfile")"
variantParent="$(awk 'toupper($1) == "FROM" { print $2 }' "$dir/Dockerfile")"
variantArches="${parentRepoToArches[$variantParent]}"
echo
@ -115,11 +119,12 @@ for version in "${versions[@]}"; do
Tags: $(join ', ' "${variantAliases[@]}")
Architectures: $(join ', ' $variantArches)
GitCommit: $commit
Directory: $version/$variant
Directory: $dir
EOE
for subVariant in management; do
commit="$(dirCommit "$version/$variant/$subVariant")"
subDir="$dir/$subVariant"
commit="$(dirCommit "$subDir")"
subVariantAliases=( "${versionAliases[@]/%/-$subVariant}" )
subVariantAliases=( "${subVariantAliases[@]//latest-/}" )
@ -133,7 +138,7 @@ for version in "${versions[@]}"; do
Tags: $(join ', ' "${subVariantAliases[@]}")
Architectures: $(join ', ' $variantArches)
GitCommit: $commit
Directory: $version/$variant/$subVariant
Directory: $subDir
EOE
done
done

144
update.sh
View File

@ -3,145 +3,5 @@ set -Eeuo pipefail
cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
versions=( "$@" )
if [ ${#versions[@]} -eq 0 ]; then
versions=( */ )
fi
versions=( "${versions[@]%/}" )
# https://www.rabbitmq.com/which-erlang.html ("Maximum supported Erlang/OTP")
declare -A otpMajors=(
[3.8]='23'
)
declare -A otpHashCache=()
# https://www.openssl.org/policies/releasestrat.html
# https://www.openssl.org/source/
declare -A opensslMajors=(
[3.8]='1.1'
)
# https://www.openssl.org/community/omc.html
opensslPgpKeys=(
# Matt Caswell
0x8657ABB260F056B1E5190839D9C4D26D0E604491
# Mark J. Cox
0x5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33
# Paul Dale
0xED230BEC4D4F2518B9D7DF41F0DB4D21C1D35231
# Tim Hudson
0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD
# Richard Levitte
0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C
# Kurt Roeckx
0xE5E52560DD91C556DDBDA5D02064C53641C25E5D
)
# TODO auto-generate / scrape this list from the canonical upstream source instead
for version in "${versions[@]}"; do
rcVersion="${version%-rc}"
rcGrepV='-v'
if [ "$rcVersion" != "$version" ]; then
rcGrepV=
fi
rcGrepV+=' -E'
rcGrepExpr='beta|milestone|rc'
githubTags=( $(
git ls-remote --tags https://github.com/rabbitmq/rabbitmq-server.git \
"refs/tags/v${rcVersion}"{'','.*','-*','^*'} \
| cut -d'/' -f3- \
| cut -d'^' -f1 \
| grep $rcGrepV -- "$rcGrepExpr" \
| sort -urV
) )
fullVersion=
githubTag=
for possibleTag in "${githubTags[@]}"; do
fullVersion="$(
wget -qO- "https://github.com/rabbitmq/rabbitmq-server/releases/tag/$possibleTag" \
| grep -oE "/rabbitmq-server-generic-unix-${rcVersion}([.-].+)?[.]tar[.]xz" \
| head -1 \
| sed -r "s/^.*(${rcVersion}.*)[.]tar[.]xz/\1/" \
|| :
)"
if [ -n "$fullVersion" ]; then
githubTag="$possibleTag"
break
fi
done
if [ -z "$fullVersion" ] || [ -z "$githubTag" ]; then
echo >&2 "warning: failed to get full version for '$version'; skipping"
continue
fi
otpMajor="${otpMajors[$rcVersion]}"
otpVersion="$(
git ls-remote --tags https://github.com/erlang/otp.git \
"refs/tags/OTP-$otpMajor.*"\
| cut -d'/' -f3- \
| cut -d'^' -f1 \
| cut -d- -f2- \
| sort -uV \
| tail -1
)"
if [ -z "$otpVersion" ]; then
echo >&2 "warning: failed to get Erlang/OTP version for '$version' ($fullVersion); skipping"
continue
fi
otpSourceSha256="${otpHashCache[$otpVersion]:-}"
if [ -z "$otpSourceSha256" ]; then
# TODO these aren't published anywhere (nor is the tarball we download even provided by Erlang -- it's simply a "git archive" tar provided by GitHub)...
otpSourceSha256="$(wget -qO- "https://github.com/erlang/otp/archive/OTP-$otpVersion.tar.gz" | sha256sum | cut -d' ' -f1)"
otpHashCache[$otpVersion]="$otpSourceSha256"
fi
opensslMajor="${opensslMajors[$rcVersion]}"
opensslVersion="$(
wget -qO- 'https://www.openssl.org/source/' \
| grep -oE 'href="openssl-'"$opensslMajor"'[^"]+[.]tar[.]gz"' \
| sed -e 's/^href="openssl-//' -e 's/[.]tar[.]gz"//' \
| sort -uV \
| tail -1
)"
if [ -z "$opensslVersion" ]; then
echo >&2 "warning: failed to get OpenSSL version for '$version' ($fullVersion); skipping"
continue
fi
opensslSourceSha256="$(wget -qO- "https://www.openssl.org/source/openssl-$opensslVersion.tar.gz.sha256")"
echo "$version: $fullVersion"
for variant in alpine ubuntu; do
[ -f "$version/$variant/Dockerfile" ] || continue
sed -e "s!%%OPENSSL_VERSION%%!$opensslVersion!g" \
-e "s!%%OPENSSL_SOURCE_SHA256%%!$opensslSourceSha256!g" \
-e "s!%%OPENSSL_PGP_KEY_IDS%%!${opensslPgpKeys[*]}!g" \
-e "s!%%OTP_VERSION%%!$otpVersion!g" \
-e "s!%%OTP_SOURCE_SHA256%%!$otpSourceSha256!g" \
-e "s!%%RABBITMQ_VERSION%%!$fullVersion!g" \
"Dockerfile-$variant.template" \
> "$version/$variant/Dockerfile"
cp -a docker-entrypoint.sh "$version/$variant/"
managementFrom="rabbitmq:$version"
installPython='apt-get update; apt-get install -y --no-install-recommends python3; rm -rf /var/lib/apt/lists/*'
if [ "$variant" = 'alpine' ]; then
managementFrom+='-alpine'
installPython='apk add --no-cache python3'
sed -i 's/gosu/su-exec/g' "$version/$variant/docker-entrypoint.sh"
fi
sed -e "s!%%FROM%%!$managementFrom!g" \
-e "s!%%INSTALL_PYTHON%%!$installPython!g" \
Dockerfile-management.template \
> "$version/$variant/management/Dockerfile"
done
done
./versions.sh "$@"
./apply-templates.sh "$@"

24
versions.json Normal file
View File

@ -0,0 +1,24 @@
{
"3.8": {
"openssl": {
"sha256": "e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242",
"version": "1.1.1i"
},
"otp": {
"sha256": "e7034e2cfe50d7570ac8f70ea7ba69ea013f10863043e25132f0a5d3d0d8d3a7",
"version": "23.2.1"
},
"version": "3.8.9"
},
"3.8-rc": {
"openssl": {
"sha256": "e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242",
"version": "1.1.1i"
},
"otp": {
"sha256": "e7034e2cfe50d7570ac8f70ea7ba69ea013f10863043e25132f0a5d3d0d8d3a7",
"version": "23.2.1"
},
"version": "3.8.10-beta.1"
}
}

124
versions.sh Executable file
View File

@ -0,0 +1,124 @@
#!/usr/bin/env bash
set -Eeuo pipefail
# https://www.rabbitmq.com/which-erlang.html ("Maximum supported Erlang/OTP")
declare -A otpMajors=(
[3.8]='23'
)
declare -A otpHashCache=()
# https://www.openssl.org/policies/releasestrat.html
# https://www.openssl.org/source/
declare -A opensslMajors=(
[3.8]='1.1'
)
cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
versions=( "$@" )
if [ ${#versions[@]} -eq 0 ]; then
versions=( */ )
json='{}'
else
json="$(< versions.json)"
fi
versions=( "${versions[@]%/}" )
for version in "${versions[@]}"; do
export version
rcVersion="${version%-rc}"
rcGrepV='-v'
if [ "$rcVersion" != "$version" ]; then
rcGrepV=
fi
rcGrepV+=' -E'
rcGrepExpr='beta|milestone|rc'
githubTags=( $(
git ls-remote --tags https://github.com/rabbitmq/rabbitmq-server.git \
"refs/tags/v${rcVersion}"{'','.*','-*','^*'} \
| cut -d'/' -f3- \
| cut -d'^' -f1 \
| grep $rcGrepV -- "$rcGrepExpr" \
| sort -urV
) )
fullVersion=
githubTag=
for possibleTag in "${githubTags[@]}"; do
fullVersion="$(
wget -qO- "https://github.com/rabbitmq/rabbitmq-server/releases/tag/$possibleTag" \
| grep -oE "/rabbitmq-server-generic-unix-${rcVersion}([.-].+)?[.]tar[.]xz" \
| head -1 \
| sed -r "s/^.*(${rcVersion}.*)[.]tar[.]xz/\1/" \
|| :
)"
if [ -n "$fullVersion" ]; then
githubTag="$possibleTag"
break
fi
done
if [ -z "$fullVersion" ] || [ -z "$githubTag" ]; then
echo >&2 "warning: failed to get full version for '$version'; skipping"
continue
fi
export fullVersion
otpMajor="${otpMajors[$rcVersion]}"
otpVersion="$(
git ls-remote --tags https://github.com/erlang/otp.git \
"refs/tags/OTP-$otpMajor.*"\
| cut -d'/' -f3- \
| cut -d'^' -f1 \
| cut -d- -f2- \
| sort -uV \
| tail -1
)"
if [ -z "$otpVersion" ]; then
echo >&2 "warning: failed to get Erlang/OTP version for '$version' ($fullVersion); skipping"
continue
fi
otpSourceSha256="${otpHashCache[$otpVersion]:-}"
if [ -z "$otpSourceSha256" ]; then
# TODO these aren't published anywhere (nor is the tarball we download even provided by Erlang -- it's simply a "git archive" tar provided by GitHub)...
otpSourceSha256="$(wget -qO- "https://github.com/erlang/otp/archive/OTP-$otpVersion.tar.gz" | sha256sum | cut -d' ' -f1)"
otpHashCache[$otpVersion]="$otpSourceSha256"
fi
export otpVersion otpSourceSha256
opensslMajor="${opensslMajors[$rcVersion]}"
opensslVersion="$(
wget -qO- 'https://www.openssl.org/source/' \
| grep -oE 'href="openssl-'"$opensslMajor"'[^"]+[.]tar[.]gz"' \
| sed -e 's/^href="openssl-//' -e 's/[.]tar[.]gz"//' \
| sort -uV \
| tail -1
)"
if [ -z "$opensslVersion" ]; then
echo >&2 "warning: failed to get OpenSSL version for '$version' ($fullVersion); skipping"
continue
fi
opensslSourceSha256="$(wget -qO- "https://www.openssl.org/source/openssl-$opensslVersion.tar.gz.sha256")"
export opensslVersion opensslSourceSha256
echo "$version: $fullVersion (otp $otpVersion, openssl $opensslVersion)"
json="$(
jq <<<"$json" -c '
.[env.version] = {
version: env.fullVersion,
openssl: {
version: env.opensslVersion,
sha256: env.opensslSourceSha256,
},
otp: {
version: env.otpVersion,
sha256: env.otpSourceSha256,
},
}
'
)"
done
jq <<<"$json" -S . > versions.json