Merge pull request #2 from linuxserver/version

use upstream version as tag

Author: thelamer

.github/workflows/external_trigger.yml

@@ -15,11 +15,130 @@ jobs:
           SKIP_EXTERNAL_TRIGGER: ${{ vars.SKIP_EXTERNAL_TRIGGER }}
         run: |
           printf "# External trigger for docker-chrome\n\n" >> $GITHUB_STEP_SUMMARY
-          echo "Type is \`os\`" >> $GITHUB_STEP_SUMMARY
-          echo "No external release, exiting" >> $GITHUB_STEP_SUMMARY
-          exit 0
+          if grep -q "^chrome_master_" <<< "${SKIP_EXTERNAL_TRIGGER}"; then
+            echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
+            echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` contains \`chrome_master_\`; will skip trigger if version matches." >> $GITHUB_STEP_SUMMARY
+          elif grep -q "^chrome_master" <<< "${SKIP_EXTERNAL_TRIGGER}"; then
+            echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+            echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` contains \`chrome_master\`; skipping trigger." >> $GITHUB_STEP_SUMMARY
+            exit 0
+          fi
+          echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
+          echo "> External trigger running off of master branch. To disable this trigger, add \`chrome_master\` into the Github organizational variable \`SKIP_EXTERNAL_TRIGGER\`." >> $GITHUB_STEP_SUMMARY
+          printf "\n## Retrieving external version\n\n" >> $GITHUB_STEP_SUMMARY
+          EXT_RELEASE=$(curl -sX GET http://dl.google.com/linux/chrome/deb/dists/stable/main/binary-amd64/Packages | grep -A 7 -m 1 'Package: google-chrome-stable' | awk -F ': ' '/Version/{print $2;exit}')
+          echo "Type is \`custom_version_command\`" >> $GITHUB_STEP_SUMMARY
           if grep -q "^chrome_master_${EXT_RELEASE}" <<< "${SKIP_EXTERNAL_TRIGGER}"; then
             echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
             echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` matches current external release; skipping trigger." >> $GITHUB_STEP_SUMMARY
             exit 0
           fi
+          if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
+            echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+            echo "> Can't retrieve external version, exiting" >> $GITHUB_STEP_SUMMARY
+            FAILURE_REASON="Can't retrieve external version for chrome branch master"
+            GHA_TRIGGER_URL="https://github.com/linuxserver/docker-chrome/actions/runs/${{ github.run_id }}"
+            curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
+              "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n**Trigger URL:** '"${GHA_TRIGGER_URL}"' \n"}],
+              "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
+            exit 1
+          fi
+          EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g')
+          echo "External version: \`${EXT_RELEASE}\`" >> $GITHUB_STEP_SUMMARY
+          echo "Retrieving last pushed version" >> $GITHUB_STEP_SUMMARY
+          image="linuxserver/chrome"
+          tag="latest"
+          token=$(curl -sX GET \
+            "https://ghcr.io/token?scope=repository%3Alinuxserver%2Fchrome%3Apull" \
+            | jq -r '.token')
+          multidigest=$(curl -s \
+            --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+            --header "Accept: application/vnd.oci.image.index.v1+json" \
+            --header "Authorization: Bearer ${token}" \
+            "https://ghcr.io/v2/${image}/manifests/${tag}")
+          if jq -e '.layers // empty' <<< "${multidigest}" >/dev/null 2>&1; then
+            # If there's a layer element it's a single-arch manifest so just get that digest
+            digest=$(jq -r '.config.digest' <<< "${multidigest}")
+          else
+            # Otherwise it's multi-arch or has manifest annotations
+            if jq -e '.manifests[]?.annotations // empty' <<< "${multidigest}" >/dev/null 2>&1; then
+              # Check for manifest annotations and delete if found
+              multidigest=$(jq 'del(.manifests[] | select(.annotations))' <<< "${multidigest}")
+            fi
+            if [[ $(jq '.manifests | length' <<< "${multidigest}") -gt 1 ]]; then
+              # If there's still more than one digest, it's multi-arch
+              multidigest=$(jq -r ".manifests[] | select(.platform.architecture == \"amd64\").digest?" <<< "${multidigest}")
+            else
+              # Otherwise it's single arch
+              multidigest=$(jq -r ".manifests[].digest?" <<< "${multidigest}")
+            fi
+            if digest=$(curl -s \
+              --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+              --header "Accept: application/vnd.oci.image.manifest.v1+json" \
+              --header "Authorization: Bearer ${token}" \
+              "https://ghcr.io/v2/${image}/manifests/${multidigest}"); then
+              digest=$(jq -r '.config.digest' <<< "${digest}");
+            fi
+          fi
+          image_info=$(curl -sL \
+            --header "Authorization: Bearer ${token}" \
+            "https://ghcr.io/v2/${image}/blobs/${digest}")
+          if [[ $(echo $image_info | jq -r '.container_config') == "null" ]]; then
+            image_info=$(echo $image_info | jq -r '.config')
+          else
+            image_info=$(echo $image_info | jq -r '.container_config')
+          fi
+          IMAGE_RELEASE=$(echo ${image_info} | jq -r '.Labels.build_version' | awk '{print $3}')
+          IMAGE_VERSION=$(echo ${IMAGE_RELEASE} | awk -F'-ls' '{print $1}')
+          if [ -z "${IMAGE_VERSION}" ]; then
+            echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+            echo "Can't retrieve last pushed version, exiting" >> $GITHUB_STEP_SUMMARY
+            FAILURE_REASON="Can't retrieve last pushed version for chrome tag latest"
+            curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
+              "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
+              "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
+            exit 1
+          fi
+          echo "Last pushed version: \`${IMAGE_VERSION}\`" >> $GITHUB_STEP_SUMMARY
+          if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then
+            echo "Version \`${EXT_RELEASE}\` already pushed, exiting" >> $GITHUB_STEP_SUMMARY
+            exit 0
+          elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-chrome/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
+            echo "New version \`${EXT_RELEASE}\` found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY
+            exit 0
+          else
+            if [[ "${artifacts_found}" == "false" ]]; then
+              echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+              echo "> New version detected, but not all artifacts are published yet; skipping trigger" >> $GITHUB_STEP_SUMMARY
+              FAILURE_REASON="New version ${EXT_RELEASE} for chrome tag latest is detected, however not all artifacts are uploaded to upstream release yet. Will try again later."
+              curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
+                "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
+                "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
+            else
+              printf "\n## Trigger new build\n\n" >> $GITHUB_STEP_SUMMARY
+              echo "New version \`${EXT_RELEASE}\` found; old version was \`${IMAGE_VERSION}\`. Triggering new build" >> $GITHUB_STEP_SUMMARY
+              if [[ "${artifacts_found}" == "true" ]]; then
+                echo "All artifacts seem to be uploaded." >> $GITHUB_STEP_SUMMARY
+              fi
+              response=$(curl -iX POST \
+                https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-chrome/job/master/buildWithParameters?PACKAGE_CHECK=false \
+                --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
+              echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY
+              echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY
+              sleep 10
+              buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
+              buildurl="${buildurl%$'\r'}"
+              echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY
+              echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY
+              curl -iX POST \
+                "${buildurl}submitDescription" \
+                --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
+                --data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
+                --data-urlencode "Submit=Submit"
+              echo "**** Notifying Discord ****"
+              TRIGGER_REASON="A version change was detected for chrome tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE}"
+              curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
+                "description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}],
+                "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
+            fi
+          fi

Dockerfile

@@ -3,6 +3,7 @@ FROM ghcr.io/linuxserver/baseimage-selkies:debianbookworm
 # set version label
 ARG BUILD_DATE
 ARG VERSION
+ARG CHROME_VERSION
 LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
 LABEL maintainer="thelamer"
 
@@ -15,15 +16,18 @@ RUN \
     /usr/share/selkies/www/icon.png \
     https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/chrome-logo.png && \
   echo "**** setup repo ****" && \
-  curl -sL \
+  curl -fsSL \
     https://dl.google.com/linux/linux_signing_key.pub \
-    | apt-key add - && \
-  echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> \
-    /etc/apt/sources.list.d/google.list && \
+    | gpg --dearmor | tee /usr/share/keyrings/google-chrome.gpg >/dev/null && \
+  echo "deb [arch=amd64 signed-by=/usr/share/keyrings/google-chrome.gpg] http://dl.google.com/linux/chrome/deb/ stable main" >> \
+    /etc/apt/sources.list.d/google-chrome.list && \
   echo "**** install packages ****" && \
+  if [ -z "${CHROME_VERSION+x}" ]; then \
+    CHROME_VERSION=$(curl -sX GET http://dl.google.com/linux/chrome/deb/dists/stable/main/binary-amd64/Packages | grep -A 7 -m 1 'Package: google-chrome-stable' | awk -F ': ' '/Version/{print $2;exit}'); \
+  fi && \
   apt-get update && \
   apt-get install -y --no-install-recommends \
-    google-chrome-stable && \
+    google-chrome-stable=${CHROME_VERSION} && \
   echo "**** cleanup ****" && \
   apt-get autoclean && \
   rm -rf \

Jenkinsfile

@@ -138,12 +138,14 @@ pipeline {
     /* ########################
        External Release Tagging
        ######################## */
-    // If this is an os release set release type to none to indicate no external release
-    stage("Set ENV os"){
+    // If this is a custom command to determine version use that command
+    stage("Set tag custom bash"){
       steps{
         script{
-          env.EXT_RELEASE = env.PACKAGE_TAG
-          env.RELEASE_LINK = 'none'
+          env.EXT_RELEASE = sh(
+            script: ''' curl -sX GET http://dl.google.com/linux/chrome/deb/dists/stable/main/binary-amd64/Packages | grep -A 7 -m 1 'Package: google-chrome-stable' | awk -F ': ' '/Version/{print $2;exit}' ''',
+            returnStdout: true).trim()
+            env.RELEASE_LINK = 'custom_command'
         }
       }
     }
@@ -981,7 +983,7 @@ pipeline {
              "tagger": {"name": "LinuxServer-CI","email": "[email protected]","date": "'${GITHUB_DATE}'"}}' '''
         echo "Pushing New release for Tag"
         sh '''#! /bin/bash
-              echo "Updating base packages to ${PACKAGE_TAG}" > releasebody.json
+              echo "Updating to ${EXT_RELEASE_CLEAN}" > releasebody.json
               echo '{"tag_name":"'${META_TAG}'",\
                      "target_commitish": "master",\
                      "name": "'${META_TAG}'",\

jenkins-vars.yml

@@ -2,7 +2,8 @@
 
 # jenkins variables
 project_name: docker-chrome
-external_type: os
+external_type: na
+custom_version_command: "curl -sX GET http://dl.google.com/linux/chrome/deb/dists/stable/main/binary-amd64/Packages | grep -A 7 -m 1 'Package: google-chrome-stable' | awk -F ': ' '/Version/{print $2;exit}'"
 release_type: stable
 release_tag: latest
 ls_branch: master