Merge bdb553a25d into 112339b5c8

Update example tag version
28 will be released in december, maybe we can update the version, even when this one is not released yet.:)
2025-07-04 17:16:11 +00:00 · 2023-11-24 12:21:41 +01:00 · 2023-11-13 17:09:56 +01:00
7 changed files with 27 additions and 44 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -3,9 +3,7 @@ name: build
 on:
  workflow_dispatch:
  push:
-    branches:
-      - master
-      - version-*
+    branches: [ master ]
  schedule:
    # Build the image regularly (each Friday)
    - cron: '23 04 * * 5'
@ -29,17 +27,14 @@ jobs:

      - name: Extract version for tags
        run: |
-          BRANCH="${GITHUB_REF#refs/heads/}"
-          VERSION=$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile)
-          [ "$BRANCH" = "master" ] && echo "BRANCH_VERSION=latest" >> $GITHUB_ENV
-          echo "FULL_VERSION=${VERSION:0:7}" >> $GITHUB_ENV
-          echo "MAJOR_VERSION=${VERSION:0:2}" >> $GITHUB_ENV
+          echo "FULL_VERSION=$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c6)" >> $GITHUB_ENV
+          echo "MAJOR_VERSION=$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c2)" >> $GITHUB_ENV

      - name: Install cosign
        if: github.event_name != 'pull_request'
        uses: sigstore/cosign-installer@main
        with:
-          cosign-release: 'v2.2.2'
+          cosign-release: 'v1.13.1'

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
@ -58,7 +53,7 @@ jobs:
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
          tags: |
-            ${{ env.BRANCH_VERSION }}
+            latest
            ${{ env.FULL_VERSION }}
            ${{ env.MAJOR_VERSION }}

@ -75,4 +70,4 @@ jobs:
        if: ${{ github.event_name != 'pull_request' }}
        env:
          COSIGN_EXPERIMENTAL: "true"
-        run: cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
+        run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
--- a/18
+++ b/18
@ -1,24 +1,24 @@
 # -------------- Build-time variables --------------
-ARG NEXTCLOUD_VERSION=28.0.14
+ARG NEXTCLOUD_VERSION=27.1.4
 ARG PHP_VERSION=8.2
-ARG NGINX_VERSION=1.26
+ARG NGINX_VERSION=1.24

-ARG ALPINE_VERSION=3.20
+ARG ALPINE_VERSION=3.18
 ARG HARDENED_MALLOC_VERSION=11
 ARG SNUFFLEUPAGUS_VERSION=0.10.0

 ARG UID=1000
 ARG GID=1000

-# nextcloud-28.0.14.tar.bz2
-ARG SHA256_SUM="4a937f1882486426c9703e59ec4b293f621be8d080b7f85016f629903c3af336"
+# nextcloud-27.1.4.tar.bz2
+ARG SHA256_SUM="bec65f2166b82c9303baf476c1e424f71aa196dad010ffe4c0c39d03990d594c"

 # Nextcloud Security <security@nextcloud.com> (D75899B9A724937A)
 ARG GPG_FINGERPRINT="2880 6A87 8AE4 23A2 8372  792E D758 99B9 A724 937A"
 # ---------------------------------------------------

 ### Build PHP base
-FROM docker.io/library/php:${PHP_VERSION}-fpm-alpine${ALPINE_VERSION} as base
+FROM php:${PHP_VERSION}-fpm-alpine${ALPINE_VERSION} as base

 ARG SNUFFLEUPAGUS_VERSION

@ -43,7 +43,6 @@ RUN apk -U upgrade \
        gmp \
        icu \
        libjpeg-turbo \
-        librsvg \
        libpq \
        libpq \
        libwebp \
@ -59,7 +58,6 @@ RUN apk -U upgrade \
        bcmath \
        exif \
        gd \
-        bz2 \
        intl \
        ldap \
        opcache \
@ -85,7 +83,7 @@ RUN apk -U upgrade \

 ### Build Hardened Malloc
 ARG ALPINE_VERSION
-FROM docker.io/library/alpine:${ALPINE_VERSION} as build-malloc
+FROM alpine:${ALPINE_VERSION} as build-malloc

 ARG HARDENED_MALLOC_VERSION
 ARG CONFIG_NATIVE=false
@ -99,7 +97,7 @@ RUN apk --no-cache add build-base git gnupg && cd /tmp \


 ### Fetch nginx
-FROM docker.io/library/nginx:${NGINX_VERSION}-alpine as nginx
+FROM nginx:${NGINX_VERSION}-alpine as nginx


 ### Build Nextcloud (production environemnt)
--- a/SECURITY.md
+++ b/SECURITY.md
@ -7,16 +7,12 @@ and will receive the minor version updates and security patches.

 | Version | Supported          |
 | ------- | ------------------ |
-| 28. x   | :white_check_mark: |
-| 27. x   | :white_check_mark: |
-| 26. x   | :negative_squared_cross_mark: |
-| 25. x   | :negative_squared_cross_mark: |
-| 24. x   | :negative_squared_cross_mark: |
+| 25. x   | :white_check_mark: |
+| 24. x   | :white_check_mark: |
 | 23. x   | :negative_squared_cross_mark: |
 | 22. x   | :negative_squared_cross_mark: |

 Please update to the latest version available. Major migrations are always tested before being pushed.
-An up-to-date list of the currently maintained Nextcloud versions can also be found in the [Nextcloud Repository Wiki](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule).

 ## Automated vulnerability scanning

--- a/rootfs/etc/nginx/conf.d/default.conf
+++ b/rootfs/etc/nginx/conf.d/default.conf
@ -18,6 +18,7 @@ server {

        add_header Referrer-Policy "no-referrer" always;
        add_header X-Content-Type-Options "nosniff" always;
+        add_header X-Download-Options "noopen" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "noindex, nofollow" always;
@ -66,13 +67,13 @@ server {
            index index.php;
        }

-        location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|svg|gif|map)$ {
            try_files $uri /index.php$uri$is_args$args;
            expires 6M;
            access_log off;
        }

-        location ~ \.(otf|woff2)?$ {
+        location ~ \.woff2?$ {
            try_files $uri /index.php$uri$is_args$args;
            expires 7d;
            access_log off;
--- a/rootfs/etc/nginx/nginx.conf
+++ b/rootfs/etc/nginx/nginx.conf
@ -9,11 +9,6 @@ events {

 http {
    include /etc/nginx/mime.types;
-    # Add .mjs as a file extension for javascript
-    # https://github.com/nextcloud/server/pull/36057
-    types {
-        application/javascript mjs;
-    }
    default_type  application/octet-stream;

    access_log /nginx/logs/access.log combined;
--- a/rootfs/usr/local/bin/run.sh
+++ b/rootfs/usr/local/bin/run.sh
@ -15,16 +15,6 @@ if [ "$PHP_HARDENING" == "true" ] && [ ! -f /usr/local/etc/php/conf.d/snuffleupa
    cp /usr/local/etc/php/snuffleupagus/* /usr/local/etc/php/conf.d
 fi

-# Check if database is available
-if [ -n "${DB_TYPE}" ] && [ "${DB_TYPE}" != "sqlite3" ]; then
-  DB_PORT=${DB_PORT:-$( [ "${DB_TYPE}" = "pgsql" ] && echo 5432 || echo 3306 )}
-  until nc -z "${DB_HOST:-nextcloud-db}" "${DB_PORT}"
-  do
-    echo "waiting for the database container..."
-    sleep 1
-  done
-fi
-
 # If new install, run setup
 if [ ! -f /nextcloud/config/config.php ]; then
    touch /nextcloud/config/CAN_INSTALL
--- a/rootfs/usr/local/bin/setup.sh
+++ b/rootfs/usr/local/bin/setup.sh
@ -55,6 +55,14 @@ cat >> /nextcloud/config/autoconfig.php <<EOF;
 ?>
 EOF

+if [ ${DB_TYPE} != "sqlite3" ]; then
+  until nc -z "${DB_HOST:-nextcloud-db}" "${DB_PORT:-3306}"
+  do
+    echo "waiting for the database container..."
+    sleep 1
+  done
+fi
+
 echo "Starting automatic configuration..."
 # Execute setup
 (cd /nextcloud; php index.php &>/dev/null)
Author	SHA1	Message	Date
waja	e645e6a550	Merge `bdb553a25d` into `112339b5c8`	2023-11-24 12:21:41 +01:00
Jan Wagner	bdb553a25d	Update example tag version 28 will be released in december, maybe we can update the version, even when this one is not released yet.:)	2023-11-13 17:09:56 +01:00