Merge remote-tracking branch 'upstream/master' into readme

Author: Greelan

.github/workflows/apps.yml

@@ -0,0 +1,109 @@
+name: build apps
+on:
+  workflow_dispatch:
+  workflow_run:
+    workflows: [build base]
+    types: [completed]
+    branches:
+      - master
+  push:
+    branches:
+      - master
+    paths:
+      - apps/**
+      - scripts/apps/**
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  check_changes:
+    runs-on: ubuntu-latest
+    outputs:
+      apps_json: ${{ steps.emit.outputs.apps_json }}
+    steps:
+      - if: ${{ github.event_name == 'push' }}
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - if: ${{ github.event_name == 'push' }}
+        id: filter
+        uses: dorny/paths-filter@v3
+        with:
+          filters: |
+            postgresql_changed:
+              - 'apps/postgresql/**'
+              - 'scripts/apps/postgresql/**'
+            uptime_kuma_2_changed:
+              - 'apps/uptime-kuma-2/**'
+              - 'scripts/apps/uptime-kuma-2/**'
+            base_changed:
+              - 'base/**'
+              - 'scripts/base/ampstart.sh'
+
+      - id: emit
+        shell: bash
+        run: |
+          set -euo pipefail
+          # Default matrix when not a push: build all apps
+          if [ "${{ github.event_name }}" != "push" ]; then
+            echo 'apps_json=["postgresql","uptime-kuma-2"]' >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          # On push: if base changed, build nothing (let base workflow handle rebuilds)
+          if [ "${{ steps.filter.outputs.base_changed || 'false' }}" = "true" ]; then
+            echo 'apps_json=[]' >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          apps=()
+          if [ "${{ steps.filter.outputs.postgresql_changed || 'false' }}" = "true" ]; then apps+=('"postgresql"'); fi
+          if [ "${{ steps.filter.outputs.uptime_kuma_2_changed || 'false' }}" = "true" ]; then apps+=('"uptime-kuma-2"'); fi
+
+          if [ "${#apps[@]}" -eq 0 ]; then
+            echo 'apps_json=[]' >> "$GITHUB_OUTPUT"
+          else
+            printf 'apps_json=[%s]\n' "$(IFS=,; echo "${apps[*]}")" >> "$GITHUB_OUTPUT"
+          fi
+
+  build_and_push:
+    needs: [check_changes]
+    if: ${{ github.repository_owner == 'CubeCoders' && github.ref == 'refs/heads/master' && (github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success') }}
+    name: 'amp:apps-${{ matrix.app }}'
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        app: ${{ fromJSON(needs.check_changes.outputs.apps_json) }}
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.head_sha || github.sha }}
+
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
+
+      - uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./apps/${{ matrix.app }}/Dockerfile
+          platforms: linux/amd64,linux/arm64/v8
+          push: true
+          pull: true
+          tags: cubecoders/ampbase:${{ matrix.app }}
+          cache-from: type=registry,ref=cubecoders/ampbase:${{ matrix.app }}
+          cache-to: type=inline
+          provenance: mode=max
+          sbom: true
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false

.github/workflows/base.yml

@@ -48,15 +48,17 @@ jobs:
           push: true
           tags: |
             cubecoders/ampbase:${{ matrix.base }}
-          cache-from: type=gha,scope=${{ github.workflow }}-${{ matrix.base }}
-          cache-to: type=gha,mode=max,scope=${{ github.workflow }}-${{ matrix.base }}
+          cache-from: type=registry,ref=cubecoders/ampbase:${{ matrix.base }}
+          cache-to: type=inline
           provenance: mode=max
           sbom: true
 
   update_description:
     if: ${{ github.repository_owner == 'CubeCoders' && github.ref == 'refs/heads/master' && always() }}
     needs: [build_and_push]
     runs-on: ubuntu-latest
+    continue-on-error: true
+
     steps:
       - uses: peter-evans/dockerhub-description@v4
         with:

.github/workflows/cleanup.yml

@@ -0,0 +1,64 @@
+name: cleanup tags
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+    paths:
+      - .github/workflows/cleanup.yml
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  cleanup:
+    if: ${{ github.repository_owner == 'CubeCoders' && github.ref == 'refs/heads/master' }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+    steps:
+      - name: Delete named tags if they exist
+        shell: bash
+        env:
+          ORG: cubecoders
+          REPO: ampbase
+          TAGS: 'debian-13'
+        run: |
+          set -u
+
+          TOKEN=$(
+            curl -s -H "Content-Type: application/json" -X POST \
+              -d "{\"username\":\"${{ vars.DOCKERHUB_USERNAME }}\",\"password\":\"${{ secrets.DOCKERHUB_TOKEN }}\"}" \
+              https://hub.docker.com/v2/users/login/ | jq -r .token
+          )
+
+          for tag in $TAGS; do
+            echo "Processing tag: $tag"
+
+            check_code=$(curl -s -o /dev/null -w "%{http_code}" \
+              -H "Authorization: JWT $TOKEN" \
+              "https://hub.docker.com/v2/repositories/$ORG/$REPO/tags/$tag/")
+
+            if [[ "$check_code" == "200" ]]; then
+              echo "Tag exists. Deleting…"
+              del_code=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE \
+                -H "Authorization: JWT $TOKEN" \
+                "https://hub.docker.com/v2/repositories/$ORG/$REPO/tags/$tag/")
+
+              if [[ "$del_code" == "204" || "$del_code" == "202" ]]; then
+                echo "Deleted: $tag"
+              else
+                echo "WARNING: Failed to delete $tag (HTTP $del_code). Continuing."
+              fi
+
+            elif [[ "$check_code" == "404" ]]; then
+              echo "Tag not found: $tag — skipping."
+
+            else
+              echo "WARNING: Could not verify tag $tag (HTTP $check_code). Skipping."
+            fi
+          done
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false

.github/workflows/java.yml

@@ -70,8 +70,8 @@ jobs:
           push: true
           pull: true
           tags: cubecoders/ampbase:java-${{ matrix.java }}
-          cache-from: type=gha,scope=${{ github.workflow }}-${{ matrix.java }}
-          cache-to: type=gha,mode=max,scope=${{ github.workflow }}-${{ matrix.java }}
+          cache-from: type=registry,ref=cubecoders/ampbase:java-${{ matrix.java }}
+          cache-to: type=inline
           provenance: mode=max
           sbom: true
 

.github/workflows/mono.yml

@@ -70,8 +70,8 @@ jobs:
           push: true
           pull: true
           tags: cubecoders/ampbase:mono-${{ matrix.mono }}
-          cache-from: type=gha,scope=${{ github.workflow }}-${{ matrix.mono }}
-          cache-to: type=gha,mode=max,scope=${{ github.workflow }}-${{ matrix.mono }}
+          cache-from: type=registry,ref=cubecoders/ampbase:mono-${{ matrix.mono }}
+          cache-to: type=inline
           provenance: mode=max
           sbom: true
 

.github/workflows/python.yml

@@ -76,8 +76,8 @@ jobs:
           push: true
           pull: true
           tags: cubecoders/ampbase:python-${{ matrix.python }}
-          cache-from: type=gha,scope=${{ github.workflow }}-${{ matrix.python }}
-          cache-to: type=gha,mode=max,scope=${{ github.workflow }}-${{ matrix.python }}
+          cache-from: type=registry,ref=cubecoders/ampbase:python-${{ matrix.python }}
+          cache-to: type=inline
           provenance: mode=max
           sbom: true
 

.github/workflows/wine.yml

@@ -69,8 +69,8 @@ jobs:
           push: true
           pull: true
           tags: cubecoders/ampbase:wine-common
-          cache-from: type=gha,scope=${{ github.workflow }}-common
-          cache-to: type=gha,mode=max,scope=${{ github.workflow }}-common
+          cache-from: type=registry,ref=cubecoders/ampbase:wine-common
+          cache-to: type=inline
           provenance: mode=max
           sbom: true
 
@@ -107,9 +107,9 @@ jobs:
           pull: true
           tags: cubecoders/ampbase:wine-${{ matrix.version }}
           cache-from: |
-            type=gha,scope=${{ github.workflow }}-wine-common
-            type=gha,scope=${{ github.workflow }}-wine-${{ matrix.version }}
-          cache-to: type=gha,mode=max,scope=${{ github.workflow }}-${{ matrix.version }}
+            type=registry,ref=cubecoders/ampbase:wine-common
+            type=registry,ref=cubecoders/ampbase:wine-${{ matrix.version }}
+          cache-to: type=inline
           provenance: mode=max
           sbom: true
 

apps/postgresql/Dockerfile

@@ -0,0 +1,16 @@
+# PostgreSQL image for AMP containers
+# cubecoders/ampbase:postgresql
+
+FROM        cubecoders/ampbase:debian
+
+LABEL       org.opencontainers.image.licenses=MIT
+
+ENV         DEBIAN_FRONTEND="noninteractive"
+
+# Install required packages
+RUN         set -eux; \
+            apt-get update; \
+            apt-get install -o APT::Keep-Downloaded-Packages="false" -y --no-install-recommends \
+                make build-essential flex bison perl libreadline-dev libicu-dev; \
+            apt-get clean; \
+            rm -rf /var/lib/apt/lists/*

apps/uptime-kuma-2/Dockerfile

@@ -0,0 +1,41 @@
+# Uptime Kuma 2 image for AMP containers
+# Based on https://github.com/louislam/uptime-kuma/blob/223cde831f09a49a317bc4e5926cc8a38a6fa3f2/docker/debian-base.dockerfile
+# cubecoders/ampbase:uptime-kuma-2
+
+FROM        cubecoders/ampbase:debian
+
+LABEL       org.opencontainers.image.licenses=MIT
+
+ENV         UPTIME_KUMA_ENABLE_EMBEDDED_MARIADB="1"
+ENV         AMP_ADDITIONAL_ENV_VARS="UPTIME_KUMA_ENABLE_EMBEDDED_MARIADB"
+ENV         DEBIAN_FRONTEND="noninteractive"
+
+# Install required packages
+RUN         set -eux; \
+            apt-get update; \
+            # Install base dependencies
+            apt-get install -o APT::Keep-Downloaded-Packages="false" -y --no-install-recommends \
+                sqlite3 ca-certificates iputils-ping util-linux; \
+            # Install Apprise for notifications
+            wget -qO- http://ftp.debian.org/debian/pool/main/a/apprise/ | grep -oP 'href="apprise_.*?all\.deb"' | sed 's/href="//;s/"//' | sort -V | tail -n 1 | xargs -I {} wget -qO apprise.deb http://ftp.debian.org/debian/pool/main/a/apprise/{}; \
+            apt-get install -o APT::Keep-Downloaded-Packages="false" -y --no-install-recommends \
+                ./apprise.deb python3-paho-mqtt; \
+            rm -f apprise.deb; \
+            # Install cloudflared
+            install -d -m 0755 /etc/apt/keyrings; \
+            wget -qO- https://pkg.cloudflare.com/cloudflare-main.gpg | gpg --dearmor -o /etc/apt/keyrings/cloudflare-main.gpg; \
+            printf 'Types: deb\nURIs: https://pkg.cloudflare.com/cloudflared\nSuites: any\nComponents: main\nSigned-By: /etc/apt/keyrings/cloudflare-main.gpg\n' | tee /etc/apt/sources.list.d/cloudflared.sources >/dev/null; \
+            apt-get update; \
+            apt-get install -o APT::Keep-Downloaded-Packages="false" -y --no-install-recommends -t stable \
+                cloudflared; \
+            # Install remaining dependencies
+            apt-get install -o APT::Keep-Downloaded-Packages="false" -y --no-install-recommends \
+                chromium fonts-indic fonts-noto fonts-noto-cjk mariadb-server; \
+            apt-get clean; \
+            rm -rf /var/lib/apt/lists/*
+ 
+COPY        ./scripts/apps/uptime-kuma-2/ampstart.sh /ampstart.sh
+RUN         chmod +x /ampstart.sh
+ENTRYPOINT  ["/usr/bin/tini", "-g", "--", "/ampstart.sh"]
+CMD         []
+            

python/3.10/Dockerfile

@@ -17,6 +17,7 @@ FROM        cubecoders/ampbase:debian
 LABEL       org.opencontainers.image.licenses=MIT
 
 ENV         PIP_DISABLE_PIP_VERSION_CHECK="1"
+ENV         AMP_ADDITIONAL_ENV_VARS="PIP_DISABLE_PIP_VERSION_CHECK"
 ENV         DEBIAN_FRONTEND="noninteractive"
 
 ARG         PYTHON_VERSION="3.10"