From c4bd6a1fbf57295adc64bf0bb150a269df8988d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BCller?= <1005065+DeepDiver1975@users.noreply.github.com> Date: Fri, 8 May 2026 13:25:25 +0200 Subject: [PATCH] chore: post-review improvements MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Dockerfile: add VERSION guard and tighten sha256sum grep pattern - Add .dockerignore to reduce build context - README: update release workflow to use PRs instead of direct push Signed-off-by: Thomas Müller <1005065+DeepDiver1975@users.noreply.github.com> --- .dockerignore | 8 ++++++++ Dockerfile.multiarch | 5 +++-- README.md | 9 ++++----- 3 files changed, 15 insertions(+), 7 deletions(-) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..d93f5a8 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,8 @@ +.git +.github +.claude +docs +README.md +.editorconfig +.gitignore +.trivyignore diff --git a/Dockerfile.multiarch b/Dockerfile.multiarch index f631f5e..dde32af 100644 --- a/Dockerfile.multiarch +++ b/Dockerfile.multiarch @@ -4,10 +4,11 @@ ARG VERSION RUN apk add --no-cache curl -RUN BASE_URL="https://github.com/owncloud/web/releases/download/v${VERSION}" && \ +RUN test -n "${VERSION}" || { echo "ERROR: VERSION build-arg is required"; exit 1; } && \ + BASE_URL="https://github.com/owncloud/web/releases/download/v${VERSION}" && \ curl -fsSL "${BASE_URL}/web.tar.gz" -o /tmp/web.tar.gz && \ curl -fsSL "${BASE_URL}/sha256sum.txt" -o /tmp/sha256sum.txt && \ - cd /tmp && grep "web.tar.gz" sha256sum.txt | sha256sum -c - && \ + cd /tmp && grep "^[0-9a-f]\{64\} web\.tar\.gz$" sha256sum.txt | sha256sum -c - && \ mkdir -p /var/lib/nginx/html && \ tar -xzf /tmp/web.tar.gz -C /var/lib/nginx/html diff --git a/README.md b/README.md index 5081547..01dbc44 100644 --- a/README.md +++ b/README.md @@ -20,14 +20,13 @@ The web UI is served on port 8080. ## Releasing a new version -1. Update `version` and `extra-tags` in the matrix in `.github/workflows/main.yml` -2. Commit and push a matching tag: +1. On a feature branch, update `version` and `extra-tags` in the matrix in `.github/workflows/main.yml` +2. Open a PR, get it reviewed and merged into `master` +3. Tag the merge commit and push the tag: ```bash -git add .github/workflows/main.yml -git commit -s -m "chore: release v" git tag v -git push origin master v +git push origin v ``` The CI workflow builds multi-arch images (`linux/amd64`, `linux/arm64`), runs a Trivy security scan, and pushes to Docker Hub only on tag events.