Add rolling semver tags, remove latest tag (#4600)

Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
This commit is contained in:
Patrick Schratz 2024-12-21 11:52:56 +01:00 committed by GitHub
parent 9402e4b582
commit e6aa0d839a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 26 additions and 22 deletions

View file

@ -197,8 +197,7 @@ steps:
repo: *publish_repos_server repo: *publish_repos_server
dockerfile: docker/Dockerfile.server.multiarch dockerfile: docker/Dockerfile.server.multiarch
platforms: *platforms_server platforms: *platforms_server
# remove 'latest' on older version branches to avoid accidental downgrade tag: ['${CI_COMMIT_TAG%%.*}', '${CI_COMMIT_TAG%.*}-alpine', '${CI_COMMIT_TAG}']
tag: [latest, '${CI_COMMIT_TAG}']
logins: *publish_logins logins: *publish_logins
when: &when-release when: &when-release
event: tag event: tag
@ -211,8 +210,7 @@ steps:
repo: *publish_repos_server repo: *publish_repos_server
dockerfile: docker/Dockerfile.server.alpine.multiarch dockerfile: docker/Dockerfile.server.alpine.multiarch
platforms: *platforms_alpine platforms: *platforms_alpine
# remove 'latest-alpine' on older version branches to avoid accidental downgrade tag: ['${CI_COMMIT_TAG%%.*}-alpine', '${CI_COMMIT_TAG%.*}-alpine', '${CI_COMMIT_TAG}-alpine']
tag: [latest-alpine, '${CI_COMMIT_TAG}-alpine']
logins: *publish_logins logins: *publish_logins
when: *when-release when: *when-release
@ -292,8 +290,7 @@ steps:
repo: *publish_repos_agent repo: *publish_repos_agent
dockerfile: docker/Dockerfile.agent.multiarch dockerfile: docker/Dockerfile.agent.multiarch
platforms: *platforms_release platforms: *platforms_release
# remove 'latest' on older version branches to avoid accidental downgrade tag: ['${CI_COMMIT_TAG%%.*}', '${CI_COMMIT_TAG%.*}', '${CI_COMMIT_TAG}']
tag: [latest, '${CI_COMMIT_TAG}']
logins: *publish_logins logins: *publish_logins
build_args: *build_args build_args: *build_args
when: *when-release when: *when-release
@ -309,8 +306,7 @@ steps:
repo: *publish_repos_agent repo: *publish_repos_agent
dockerfile: docker/Dockerfile.agent.alpine.multiarch dockerfile: docker/Dockerfile.agent.alpine.multiarch
platforms: *platforms_alpine platforms: *platforms_alpine
# remove 'latest-alpine' on older version branches to avoid accidental downgrade tag: ['${CI_COMMIT_TAG%%.*}-alpine', '${CI_COMMIT_TAG%.*}-alpine', '${CI_COMMIT_TAG}-alpine']
tag: [latest-alpine, '${CI_COMMIT_TAG}-alpine']
logins: *publish_logins logins: *publish_logins
build_args: *build_args build_args: *build_args
when: *when-release when: *when-release
@ -388,8 +384,7 @@ steps:
repo: *publish_repos_cli repo: *publish_repos_cli
dockerfile: docker/Dockerfile.cli.multiarch dockerfile: docker/Dockerfile.cli.multiarch
platforms: *platforms_release platforms: *platforms_release
# remove 'latest' on older version branches to avoid accidental downgrade tag: ['${CI_COMMIT_TAG%%.*}', '${CI_COMMIT_TAG%.*}', '${CI_COMMIT_TAG}']
tag: [latest, '${CI_COMMIT_TAG}']
logins: *publish_logins logins: *publish_logins
build_args: *build_args build_args: *build_args
when: *when-release when: *when-release
@ -405,8 +400,7 @@ steps:
repo: *publish_repos_cli repo: *publish_repos_cli
dockerfile: docker/Dockerfile.cli.alpine.multiarch dockerfile: docker/Dockerfile.cli.alpine.multiarch
platforms: *platforms_alpine platforms: *platforms_alpine
# remove 'latest-alpine' on older version branches to avoid accidental downgrade tag: ['${CI_COMMIT_TAG%%.*}-alpine', '${CI_COMMIT_TAG%.*}-alpine', '${CI_COMMIT_TAG}-alpine']
tag: [latest-alpine, '${CI_COMMIT_TAG}-alpine']
logins: *publish_logins logins: *publish_logins
build_args: *build_args build_args: *build_args
when: *when-release when: *when-release

View file

@ -2,7 +2,7 @@ version: '3'
services: services:
woodpecker-server: woodpecker-server:
image: woodpeckerci/woodpecker-server:latest image: woodpeckerci/woodpecker-server:v3
ports: ports:
- 8000:8000 - 8000:8000
networks: networks:
@ -21,7 +21,7 @@ services:
depends_on: depends_on:
woodpecker-server: woodpecker-server:
condition: service_healthy condition: service_healthy
image: woodpeckerci/woodpecker-agent:latest image: woodpeckerci/woodpecker-agent:v3
networks: networks:
- woodpecker - woodpecker
volumes: volumes:

View file

@ -115,21 +115,26 @@ The server and agents use a shared secret to authenticate communication. This sh
Image variants: Image variants:
- The `latest` image is the latest stable release
- The `vX.X.X` images are stable releases - The `vX.X.X` images are stable releases
- The `vX.X` images are based on the current release branch (e.g. `release/v1.0`) and can be used to get bugfixes asap - The `vX.X` images are based on the current release branch (e.g. `release/v1.0`) and can be used to get bug fixes asap
- The `vX` same as `vX.X` variant but also includes feature releases
- The `next` images are based on the current `main` branch - The `next` images are based on the current `main` branch
:::note
The `latest` tag is not available on purpose (and has been dropped with the 3.x release) to prevent accidental major version upgrades.
Hence, users are forced to specify a fixed or rolling tag, omitting the tag identifier (which equals to pulling `latest` implicitly) won't work.
:::
```bash ```bash
# server # server
docker pull woodpeckerci/woodpecker-server:latest docker pull woodpeckerci/woodpecker-server:v3
docker pull woodpeckerci/woodpecker-server:latest-alpine docker pull woodpeckerci/woodpecker-server:v3-alpine
# agent # agent
docker pull woodpeckerci/woodpecker-agent:latest docker pull woodpeckerci/woodpecker-agent:v3
docker pull woodpeckerci/woodpecker-agent:latest-alpine docker pull woodpeckerci/woodpecker-agent:v3-alpine
# cli # cli
docker pull woodpeckerci/woodpecker-cli:latest docker pull woodpeckerci/woodpecker-cli:v3
docker pull woodpeckerci/woodpecker-cli:latest-alpine docker pull woodpeckerci/woodpecker-cli:v3-alpine
``` ```

View file

@ -135,6 +135,11 @@ The following restructuring was done to achieve a more consistent grouping:
### Admin-facing migrations ### Admin-facing migrations
#### Image tags
- The `latest` tag has been dropped to avoid accidental major version upgrades.
A dedicated semver tag specification must be used, i.e., either a fixed version (like `v3.0.0`) or a rolling tag (e.g. `v3.0` or `v3`).
- Previously, some (official) plugins were granted the `privileged` option by default to allow simplified usage. - Previously, some (official) plugins were granted the `privileged` option by default to allow simplified usage.
To streamline this process and enhance security transparency, no plugin is granted the `privileged` options by default anymore. To streamline this process and enhance security transparency, no plugin is granted the `privileged` options by default anymore.
To allow the use of these plugins in >= 3.0, they must be set explicitly through `WOODPECKER_PLUGINS_PRIVILEGED` on the admin side. To allow the use of these plugins in >= 3.0, they must be set explicitly through `WOODPECKER_PLUGINS_PRIVILEGED` on the admin side.