mirror of
https://github.com/hoellen/docker-nextcloud.git
synced 2026-01-16 11:57:04 +00:00
Compare commits
23 Commits
version-30
...
fef4cd4a28
| Author | SHA1 | Date | |
|---|---|---|---|
| fef4cd4a28 | |||
|
4a46899d8c | ||
|
|
9c8f6c8edb | ||
|
|
69000e35c3 | ||
|
aae170a54d | ||
|
|
0205f7afeb | ||
|
db1eaf50ed | ||
|
|
d16bcc9a32 | ||
|
|
0c6f92a628 | ||
| b4b8e7f154 | |||
| fd021043c4 | |||
|
|
f623065f7a | ||
|
|
a277e11505 | ||
|
|
42b36e3c9b | ||
|
|
51b19a1236 | ||
|
|
4270518e02 | ||
|
|
78e4175f7f | ||
|
|
46828aed43 | ||
|
|
19dc754372 | ||
|
|
54e9f1feda | ||
|
|
2892342326 | ||
|
|
a15384e7e5 | ||
| 5d5b8ebc1a |
24
.github/workflows/build.yml
vendored
24
.github/workflows/build.yml
vendored
@@ -62,12 +62,28 @@ jobs:
|
||||
${{ env.FULL_VERSION }}
|
||||
${{ env.MAJOR_VERSION }}
|
||||
|
||||
- name: Build and push Docker image
|
||||
id: build-and-push
|
||||
- name: Build and export Docker image to Docker
|
||||
id: build
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
load: true
|
||||
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:testing
|
||||
context: .
|
||||
|
||||
- name: Test Docker image
|
||||
id: test
|
||||
run: |
|
||||
docker run -d -p 8888:8888 --name nextcloud --rm ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:testing && \
|
||||
docker exec nextcloud occ status && \
|
||||
nc -z localhost 8888
|
||||
|
||||
- name: Push Docker image
|
||||
id: push
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: .
|
||||
push: ${{ github.event_name != 'pull_request' }}
|
||||
push: true
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
|
||||
@@ -75,4 +91,4 @@ jobs:
|
||||
if: ${{ github.event_name != 'pull_request' }}
|
||||
env:
|
||||
COSIGN_EXPERIMENTAL: "true"
|
||||
run: cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
|
||||
run: cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.push.outputs.digest }}
|
||||
|
||||
2
.github/workflows/scan.yml
vendored
2
.github/workflows/scan.yml
vendored
@@ -8,7 +8,7 @@ on:
|
||||
jobs:
|
||||
build:
|
||||
name: Scan current image & report results
|
||||
runs-on: "ubuntu-20.04"
|
||||
runs-on: "ubuntu-24.04"
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
21
Dockerfile
21
Dockerfile
@@ -1,7 +1,7 @@
|
||||
# -------------- Build-time variables --------------
|
||||
ARG NEXTCLOUD_VERSION=30.0.6
|
||||
ARG NEXTCLOUD_VERSION=32.0.3
|
||||
ARG PHP_VERSION=8.3
|
||||
ARG NGINX_VERSION=1.26
|
||||
ARG NGINX_VERSION=1.28
|
||||
|
||||
ARG ALPINE_VERSION=3.21
|
||||
ARG HARDENED_MALLOC_VERSION=11
|
||||
@@ -10,20 +10,18 @@ ARG SNUFFLEUPAGUS_VERSION=0.10.0
|
||||
ARG UID=1000
|
||||
ARG GID=1000
|
||||
|
||||
# nextcloud-30.0.6.tar.bz2
|
||||
ARG SHA256_SUM="ac0e091be6920965dc0c82f149b632d6b5ade7adee84a7b3c8cfd847450a8ddc"
|
||||
# nextcloud-32.0.3.tar.bz2
|
||||
ARG SHA256_SUM="9b71ac96c910b4a350d986bd3a92ea06f02a161fa586334b56d87d8acafc62d4"
|
||||
|
||||
# Nextcloud Security <security@nextcloud.com> (D75899B9A724937A)
|
||||
ARG GPG_FINGERPRINT="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A"
|
||||
# ---------------------------------------------------
|
||||
|
||||
### Build PHP base
|
||||
FROM docker.io/library/php:${PHP_VERSION}-fpm-alpine${ALPINE_VERSION} as base
|
||||
FROM docker.io/library/php:${PHP_VERSION}-fpm-alpine${ALPINE_VERSION} AS base
|
||||
|
||||
ARG SNUFFLEUPAGUS_VERSION
|
||||
|
||||
ENV IMAGICK_SHA 28f27044e435a2b203e32675e942eb8de620ee58
|
||||
|
||||
RUN apk -U upgrade \
|
||||
&& apk add -t build-deps \
|
||||
$PHPIZE_DEPS \
|
||||
@@ -74,8 +72,7 @@ RUN apk -U upgrade \
|
||||
&& pecl install smbclient \
|
||||
&& pecl install APCu \
|
||||
&& pecl install redis \
|
||||
&& curl -L -o /tmp/imagick.tar.gz https://github.com/Imagick/imagick/archive/${IMAGICK_SHA}.tar.gz && tar --strip-components=1 -xf /tmp/imagick.tar.gz && phpize && ./configure && make && make install \
|
||||
&& apk add --no-cache --virtual .imagick-runtime-deps imagemagick \
|
||||
&& pecl install imagick \
|
||||
&& docker-php-ext-enable \
|
||||
smbclient \
|
||||
redis \
|
||||
@@ -88,7 +85,7 @@ RUN apk -U upgrade \
|
||||
|
||||
### Build Hardened Malloc
|
||||
ARG ALPINE_VERSION
|
||||
FROM docker.io/library/alpine:${ALPINE_VERSION} as build-malloc
|
||||
FROM docker.io/library/alpine:${ALPINE_VERSION} AS build-malloc
|
||||
|
||||
ARG HARDENED_MALLOC_VERSION
|
||||
ARG CONFIG_NATIVE=false
|
||||
@@ -102,11 +99,11 @@ RUN apk --no-cache add build-base git gnupg && cd /tmp \
|
||||
|
||||
|
||||
### Fetch nginx
|
||||
FROM docker.io/library/nginx:${NGINX_VERSION}-alpine as nginx
|
||||
FROM docker.io/library/nginx:${NGINX_VERSION}-alpine AS nginx
|
||||
|
||||
|
||||
### Build Nextcloud (production environemnt)
|
||||
FROM base as nextcloud
|
||||
FROM base AS nextcloud
|
||||
|
||||
COPY --from=nginx /usr/sbin/nginx /usr/sbin/nginx
|
||||
COPY --from=nginx /etc/nginx /etc/nginx
|
||||
|
||||
@@ -58,8 +58,8 @@ Verifying the signature isn't a requirement, and might not be as seamless as usi
|
||||
## Tags
|
||||
|
||||
- `latest` : latest Nextcloud version
|
||||
- `x` : latest Nextcloud x.x (e.g. `30`)
|
||||
- `x.x.x` : Nextcloud x.x.x (e.g. `30.0.0`)
|
||||
- `x` : latest Nextcloud x.x (e.g. `32`)
|
||||
- `x.x.x` : Nextcloud x.x.x (e.g. `32.0.0`)
|
||||
|
||||
You can always have a glance [here](https://github.com/users/hoellen/packages/container/package/nextcloud).
|
||||
Only the **latest stable version** will be maintained by myself.
|
||||
|
||||
17
SECURITY.md
17
SECURITY.md
@@ -2,14 +2,16 @@
|
||||
|
||||
## Supported versions
|
||||
|
||||
All versions of the Nextcloud community version which still receive updates will be supported
|
||||
All versions of the Nextcloud community version which still receive updates will be supported
|
||||
and will receive the minor version updates and security patches.
|
||||
|
||||
| Version | Supported |
|
||||
| ------- | ------------------ |
|
||||
| 30. x | :white_check_mark: |
|
||||
| 29. x | :white_check_mark: |
|
||||
| 28. x | :white_check_mark: |
|
||||
| Version | Supported |
|
||||
| ------- | ----------------------------- |
|
||||
| 32. x | :white_check_mark: |
|
||||
| 31. x | :white_check_mark: |
|
||||
| 30. x | :negative_squared_cross_mark: |
|
||||
| 29. x | :negative_squared_cross_mark: |
|
||||
| 28. x | :negative_squared_cross_mark: |
|
||||
| 27. x | :negative_squared_cross_mark: |
|
||||
| 26. x | :negative_squared_cross_mark: |
|
||||
| 25. x | :negative_squared_cross_mark: |
|
||||
@@ -26,9 +28,10 @@ Uploaded images are regularly scanned for [OS vulnerabilities](https://github.co
|
||||
|
||||
## Reporting a vulnerability
|
||||
|
||||
*Upstream* vulnerabilities should be reported to *upstream* projects according to their own security policies.
|
||||
_Upstream_ vulnerabilities should be reported to _upstream_ projects according to their own security policies.
|
||||
|
||||
Regarding vulnerabilities specific to this project:
|
||||
|
||||
- Faulty configuration files
|
||||
- Unsafe defaults
|
||||
- Dependencies security updates
|
||||
|
||||
@@ -78,7 +78,7 @@ server {
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user