owncloud-docker · DeepDiver1975 · May 8, 2026 · May 8, 2026
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,8 @@
+.git
+.github
+.claude
+docs
+README.md
+.editorconfig
+.gitignore
+.trivyignore
diff --git a/Dockerfile.multiarch b/Dockerfile.multiarch
@@ -4,10 +4,11 @@ ARG VERSION
 
 RUN apk add --no-cache curl
 
-RUN BASE_URL="https://github.com/owncloud/web/releases/download/v${VERSION}" && \
+RUN test -n "${VERSION}" || { echo "ERROR: VERSION build-arg is required"; exit 1; } && \
+  BASE_URL="https://github.com/owncloud/web/releases/download/v${VERSION}" && \
   curl -fsSL "${BASE_URL}/web.tar.gz" -o /tmp/web.tar.gz && \
   curl -fsSL "${BASE_URL}/sha256sum.txt" -o /tmp/sha256sum.txt && \
-  cd /tmp && grep "web.tar.gz" sha256sum.txt | sha256sum -c - && \
+  cd /tmp && grep "^[0-9a-f]\{64\}  web\.tar\.gz$" sha256sum.txt | sha256sum -c - && \
   mkdir -p /var/lib/nginx/html && \
   tar -xzf /tmp/web.tar.gz -C /var/lib/nginx/html
 

diff --git a/README.md b/README.md
@@ -20,14 +20,13 @@ The web UI is served on port 8080.
 
 ## Releasing a new version
 
-1. Update `version` and `extra-tags` in the matrix in `.github/workflows/main.yml`
-2. Commit and push a matching tag:
+1. On a feature branch, update `version` and `extra-tags` in the matrix in `.github/workflows/main.yml`
+2. Open a PR, get it reviewed and merged into `master`
+3. Tag the merge commit and push the tag:
 
 ```bash
-git add .github/workflows/main.yml
-git commit -s -m "chore: release v<VERSION>"
 git tag v<VERSION>
-git push origin master v<VERSION>
+git push origin v<VERSION>
 ```
 
 The CI workflow builds multi-arch images (`linux/amd64`, `linux/arm64`), runs a Trivy security scan, and pushes to Docker Hub only on tag events.