bump sysInfo from 9.8 to 10.4

.github/workflows/release_branch.yml

@@ -55,10 +55,21 @@ jobs:
             ${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:${{ github.ref_name }}
             ghcr.io/${{ env.GITHUB_REPOSITORY }}:${{ github.ref_name }}
           build-args: CANAL=stable
-          platforms: linux/386,linux/amd64,linux/arm64,linux/arm/V7
+          platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
+      - name: Docker Scout
+        id: docker-scout
+        uses: docker/scout-action@v1.16.1
+        with:
+          command: environment,quickview,cves,recommendations
+          image: ${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:${{ github.ref_name }}
+          environment: stable
+          organization: ${{ env.DOCKER_NAMESPACE }}
+          write-comment: true
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Send Telegram Message Ok
         uses: appleboy/telegram-action@master
         env:

.github/workflows/release_stable.yml

@@ -59,6 +59,12 @@ jobs:
           SUMMARY=$'Image ${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:${{ steps.dotclear.outputs.tag }} found.'
           echo "$SUMMARY" >> $GITHUB_STEP_SUMMARY
 
+      - name: rebuild
+        if: ((steps.registry.outputs.image_exists == 'true') && (github.event.inputs.force_rebuild == 'true'))
+        run: |
+          SUMMARY=$'Rebuilding image ${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:${{ steps.dotclear.outputs.tag }} is forced.'
+          echo "$SUMMARY" >> $GITHUB_STEP_SUMMARY
+
       - name: Check repository branch
         id: branch
         uses: GuillaumeFalourd/branch-exists@v1.1
@@ -140,10 +146,32 @@ jobs:
             ghcr.io/${{ env.GITHUB_REPOSITORY }}:${{ needs.check_image.outputs.version }}
             ghcr.io/${{ env.GITHUB_REPOSITORY }}:latest
           build-args: CANAL=${{ env.DOTCLEAR_CANAL }}
-          platforms: linux/386,linux/amd64,linux/arm64,linux/arm/V7
+          platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
+      - name: Docker Scout stable
+        id: docker-scout
+        uses: docker/scout-action@v1.16.1
+        with:
+          command: environment,quickview,cves,recommendations
+          image: ${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:${{ needs.check_image.outputs.version }}
+          environment: stable
+          organization: ${{ env.DOCKER_NAMESPACE }}
+          write-comment: true
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Docker Scout latest
+        id: docker-scout2
+        uses: docker/scout-action@v1.16.1
+        with:
+          command: environment,quickview,cves,recommendations
+          image: ${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:latest
+          environment: latest
+          organization: ${{ env.DOCKER_NAMESPACE }}
+          write-comment: true
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Send Telegram Message Ok
         uses: appleboy/telegram-action@master
         env:

.github/workflows/release_testing.yml

@@ -2,7 +2,7 @@ name: Build and push testing image
 
 on:
   schedule:
-  - cron: '0 1 * * *'
+  - cron: '15 4 * * *'
   workflow_dispatch:
 
 env:
@@ -88,10 +88,21 @@ jobs:
             ${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:${{ env.DOTCLEAR_CANAL }}
             ghcr.io/${{ env.GITHUB_REPOSITORY }}:${{ env.DOTCLEAR_CANAL }}
           build-args: CANAL=${{ env.DOTCLEAR_CANAL }}
-          platforms: linux/386,linux/amd64,linux/arm64,linux/arm/V7
+          platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
+      - name: Docker Scout
+        id: docker-scout
+        uses: docker/scout-action@v1.16.1
+        with:
+          command: environment,quickview,cves,recommendations
+          image: ${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:${{ env.DOTCLEAR_CANAL }}
+          environment: testing
+          organization: ${{ env.DOCKER_NAMESPACE }}
+          write-comment: true
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Send Telegram Message Ok
         uses: appleboy/telegram-action@master
         env:

.github/workflows/release_unstable.yml

@@ -2,7 +2,7 @@ name: Build and push dev image
 
 on:
   schedule:
-  - cron: '0 1 * * *'
+  - cron: '15 4 * * *'
   workflow_dispatch:
 
 env:
@@ -55,10 +55,21 @@ jobs:
             ${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:dev
             ghcr.io/${{ env.GITHUB_REPOSITORY }}:dev
           build-args: CANAL=${{ env.DOTCLEAR_CANAL }}
-          platforms: linux/386,linux/amd64,linux/arm64,linux/arm/V7
+          platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
+      - name: Docker Scout
+        id: docker-scout
+        uses: docker/scout-action@v1.16.1
+        with:
+          command: environment,quickview,cves,recommendations
+          image: ${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:dev
+          environment: unstable
+          organization: ${{ env.DOCKER_NAMESPACE }}
+          write-comment: true
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Send Telegram Message Ok
         uses: appleboy/telegram-action@master
         env:

Dockerfile

@@ -6,7 +6,7 @@
 ##
 
 # Use latest Alpine docker release
-FROM alpine:latest
+FROM alpine:3.21.0
 
 # Set system timezone
 RUN echo "UTC" > /etc/timezone
@@ -15,29 +15,30 @@ RUN echo "UTC" > /etc/timezone
 ARG CANAL stable
 ENV CNL_DOTCLEAR=$CANAL
 
+# Create user
+RUN adduser -D -g 'www' www
+
 # Image label
-LABEL org.opencontainers.image.source=https://github.com/JcDenis/docker-dotclear
-LABEL org.opencontainers.image.description="Dotclear docker image $CNL_DOTCLEAR"
-LABEL org.opencontainers.image.licenses=AGPL-3.0
+LABEL "org.opencontainers.image.authors"="Jean-Christian Paul Denis"
+LABEL "org.opencontainers.image.source"="https://github.com/JcDenis/docker-dotclear"
+LABEL "org.opencontainers.image.description"="Dotclear docker image $CNL_DOTCLEAR"
+LABEL "org.opencontainers.image.licenses"="AGPL-3.0"
 
 ##
 # Nginx
 ##
 
-# Create user
-RUN adduser -D -g 'www' www
-
 # Install required package
 RUN apk add --no-cache --update \
     nginx \
     curl \
     tar \
     unzip \
-    xq
+    libxml2-utils
 
 # Create directories structure
-RUN mkdir -p /var/www/dotclear
-RUN chown -R www:www /var/lib/nginx /var/www
+RUN mkdir -p /var/www/dotclear \
+    && chown -R www:www /var/lib/nginx /var/www
 
 # Copy nginx configuration
 COPY etc/nginx.conf /etc/nginx/nginx.conf
@@ -45,6 +46,9 @@ COPY etc/snippets_subfolder.conf /etc/nginx/snippets/snippets_subfolder.conf
 COPY etc/snippets_subdomain.conf /etc/nginx/snippets/snippets_subdomain.conf
 COPY etc/snippets_common.conf /etc/nginx/snippets/snippets_common.conf
 
+# Fix vuln alpine/curl 8.11.0-r2
+RUN apk upgrade curl
+
 ##
 # PHP
 ##
@@ -92,18 +96,14 @@ COPY etc/php-fpm.conf /etc/${VER_PHP}/php-fpm.d/www.conf
 
 # Download latest Dotclear version
 RUN curl -fsSL -o versions.xml "http://download.dotclear.org/versions.xml" \
-    && curl -fsSL -o dotclear.zip $(cat versions.xml | xq -x "//release[@name='$CNL_DOTCLEAR']/@href") \
-    && echo "$(cat versions.xml | xq -x "//release[@name='$CNL_DOTCLEAR']/@checksum") dotclear.zip" | md5sum -c - \
+    && curl -fsSL -o dotclear.zip $(xmllint --xpath "//release[@name='$CNL_DOTCLEAR']/@href" versions.xml | awk -F'[="]' '!/>/{print $(NF-1)}') \
+    && echo "$(xmllint --xpath "//release[@name='$CNL_DOTCLEAR']/@checksum" versions.xml | awk -F'[="]' '!/>/{print $(NF-1)}') dotclear.zip" | md5sum -c - \
     && mkdir -p /usr/src/dotclear \
     && unzip -d /usr/src dotclear.zip \
-    && rm dotclear.zip \
-    && chown -R www:www /usr/src/dotclear \
-    && chmod -R 755 /usr/src/dotclear/public /usr/src/dotclear/cache \
-    && rm -f /var/www/dotclear/app/*
+    && rm dotclear.zip
 
-# Create www structure
+# Create predefined www structure
 COPY www /var/lib/dotclear
-RUN chown -R www:www /var/lib/dotclear
 
 # These variables are only used for first install, see inc/config.php, from dotclear 2.32
 # Custom path for dotclear config file
@@ -120,29 +120,29 @@ ENV DC_VAR=/var/www/dotclear/var
 ##
 
 # DotclearWatch
-ENV VER_DW=0.9.3
-RUN curl -fsSL -o plugin.zip "https://github.com/JcDenis/DotclearWatch/releases/download/v$VER_DW/plugin-DotclearWatch.zip" \
+ENV VER_PLUGIN_DW=0.9.3
+RUN curl -fsSL -o plugin.zip "https://github.com/JcDenis/DotclearWatch/releases/download/v$VER_PLUGIN_DW/plugin-DotclearWatch.zip" \
     && mkdir -p /var/lib/dotclear/plugins/DotclearWatch \
     && unzip -d /var/lib/dotclear/plugins plugin.zip \
-    && chown -R www:www /var/lib/dotclear/plugins \
     && rm plugin.zip
 
 # dcLog
-ENV VER_DL=1.7.3
-RUN curl -fsSL -o plugin.zip "https://github.com/JcDenis/dcLog/releases/download/v$VER_DL/plugin-dcLog.zip" \
+ENV VER_PLUGIN_DL=1.7.3
+RUN curl -fsSL -o plugin.zip "https://github.com/JcDenis/dcLog/releases/download/v$VER_PLUGIN_DL/plugin-dcLog.zip" \
     && mkdir -p /var/lib/dotclear/plugins/dcLog \
     && unzip -d /var/lib/dotclear/plugins plugin.zip \
-    && chown -R www:www /var/lib/dotclear/plugins \
     && rm plugin.zip
 
 # sysInfo
-ENV VER_SI=9.8
-RUN curl -fsSL -o plugin.zip "https://github.com/franck-paul/sysInfo/releases/download/$VER_SI/plugin-sysInfo-$VER_SI.zip" \
+ENV VER_PLUGIN_SI=10.4
+RUN curl -fsSL -o plugin.zip "https://github.com/franck-paul/sysInfo/releases/download/$VER_PLUGIN_SI/plugin-sysInfo-$VER_PLUGIN_SI.zip" \
     && mkdir -p /var/lib/dotclear/plugins/sysInfo \
     && unzip -d /var/lib/dotclear/plugins plugin.zip \
-    && chown -R www:www /var/lib/dotclear/plugins \
     && rm plugin.zip
 
+# Fix ownership
+RUN chown -R www:www /var/lib/dotclear /usr/src/dotclear
+
 
 ##
 # END

docker-entrypoint.sh

@@ -82,17 +82,22 @@ rm -f /var/www/dotclear/servers/default.conf
 # Fix www permissions
 echo >&2 "Setting up permissions..."
 chown -R www:www /var/www/dotclear
+[ -e /var/www/dotclear/config.php ] && chmod 600 /var/www/dotclear/config.php
+chmod 600 -R /var/www/dotclear/servers
 
 # Print summary to docker logs
 VERSION_INSTALLED=$(sed -n "s/^\s*\"release_version\":\s*\"\(.*\)\",/\1/p" release.json)
-echo >&2 "| Summary: "
-echo >&2 "| Alpine $(cat /etc/alpine-release)"
-echo >&2 "| Nginx $(nginx -v 2>&1 | sed 's/nginx version: nginx\///')"
-echo >&2 "| PHP $(php -r "echo PHP_VERSION;")"
-echo >&2 "| Dotclear ${VERSION_INSTALLED}"
+echo >&2 '┌──'
+echo >&2 "│ Summary: "
+echo >&2 "│ ◦ Alpine $(cat /etc/alpine-release)"
+echo >&2 "│ ◦ Nginx $(nginx -v 2>&1 | sed 's/nginx version: nginx\///')"
+echo >&2 "│ ◦ PHP $(php83 -r "echo PHP_VERSION;")"
+echo >&2 "│ ◦ Dotclear ${VERSION_INSTALLED}"
+echo >&2 '└──'
 
 # Start web server
 php-fpm83 -D # FPM must start first in daemon mode
 nginx # Then nginx in no daemon mode
 
-exec "$@"
+# Switch from user root to wwww
+exec runuser -u www "$@"