diff --git a/.github/actions/build-test-scan-push/action.yaml b/.github/actions/build-test-scan-push/action.yaml new file mode 100644 index 00000000..b9007bd7 --- /dev/null +++ b/.github/actions/build-test-scan-push/action.yaml @@ -0,0 +1,143 @@ +name: 'Build/Test/Scan/Push Image' +inputs: + context: + description: Path to the directory of the Dockerfile + required: true + type: string + os: + description: Target OS to build, the same as the extension of the Dockerfile + default: ubuntu2204 + type: string + product: + description: Product being built + type: string + build-args: + description: JSON list of build args for the built image + required: true + type: string + image-tags: + description: List of tags for the built image + required: true + type: string + test-image: + description: Flag to test image once built + default: true + type: boolean + snyk-token: + description: Username for authentication with Snyk for scanning images + type: string + snyk-org-id: + description: Snyk Organization ID to publish scans to + type: string + push-image: + description: Flag to push image once built + default: false + type: boolean + ghcr-token: + description: Username for authentication with GHCR.io + required: true + type: string + dockerhub-username: + description: Username for authentication with DockerHub + required: true + type: string + dockerhub-token: + description: Username for authentication with DockerHub + required: true + type: string + +runs: + using: "composite" + steps: + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Free Disk space + shell: bash + run: | + sudo rm -rf /usr/local/lib/android # will release about 10 GB + sudo rm -rf /usr/share/dotnet # will release about 20GB + + - name: Login to ghcr.io + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ inputs.ghcr-token }} + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ inputs.dockerhub-username }} + password: ${{ inputs.dockerhub-token }} + + - name: Build + id: image-build + uses: docker/build-push-action@v4 + with: + load: true + context: ${{ inputs.context }} + file: ${{ inputs.context }}/Dockerfile.${{ inputs.os }} + cache-from: type=gha + cache-to: type=gha + build-args: | + ${{ inputs.build-args }} + tags: ${{ inputs.image-tags }} + + - name: Get first tag + shell: bash + id: first-tag + run: | + IMG_TAGS="${{ inputs.image-tags }}" + FIRST_TAG=$(cut -d "," -f 1 <<< "${IMG_TAGS//$'\n'/}") + echo "$FIRST_TAG" + echo "FIRST_TAG=$FIRST_TAG" >> $GITHUB_OUTPUT + + # We have to use bash logic because step "if"s don't work in composite actions + - name: Test - ${{ inputs.test-image }} + shell: bash + run: | + if [[ "${{ inputs.test-image }}" == "true" ]]; then + echo "${{ inputs.build-args }}" > ${{ inputs.context }}/.env + echo "OS=${{ inputs.os }}" >> ${{ inputs.context }}/.env + cat ${{ inputs.context }}/.env + IMAGE_NAME=${{ steps.first-tag.outputs.FIRST_TAG }} docker-compose -f ${{ inputs.context }}/docker-compose.test.yml run sut + fi + + - name: Evaluate Snyk command + id: eval-snyk-command + shell: bash + run: | + if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then + SNYK_COMMAND="monitor" + else + SNYK_COMMAND="test" + fi + echo "SNYK_COMMAND=$SNYK_COMMAND" >> $GITHUB_OUTPUT + + - name: Run Snyk ${{ steps.eval-snyk-command.SNYK_COMMAND }} + continue-on-error: true + uses: snyk/actions/docker@master + env: + SNYK_TOKEN: ${{ inputs.snyk-token }} + with: + image: ${{ steps.first-tag.FIRST_TAG }} + args: | + --file=${{ inputs.context }}/Dockerfile.${{ inputs.os }} \ + --org=${{ inputs.snyk-org-id }} \ + --project-name=${{ steps.first-tag.FIRST_TAG }} \ + --tags=product=${{ inputs.product }},os=${{ inputs.os }} \ + --exclude-base-image-vulns \ + --app-vulns + command: ${{ steps.eval-snyk-command.SNYK_COMMAND }} + + - name: Push - ${{ inputs.push-image }} + uses: docker/build-push-action@v4 + with: + push: ${{ inputs.push-image }} + context: ${{ inputs.context }} + file: ${{ inputs.context }}/Dockerfile.${{ inputs.os }} + cache-from: type=gha + cache-to: type=gha + build-args: ${{ inputs.build-args }} + tags: ${{ inputs.image-tags }} diff --git a/.github/workflows/build-content.yaml b/.github/workflows/build-content.yaml index 79de5553..76a294cb 100644 --- a/.github/workflows/build-content.yaml +++ b/.github/workflows/build-content.yaml @@ -5,9 +5,8 @@ on: - dev pull_request: -name: build/push RStudio Content Images +name: Content Images - Build, Test, Scan, and Push jobs: - matrix: runs-on: ubuntu-latest outputs: @@ -22,7 +21,7 @@ jobs: build: runs-on: ubuntu-latest needs: matrix - name: r${{ matrix.config.r }} py${{ matrix.config.py }} ${{ matrix.config.os }} ${{ github.ref }} + name: content-base-${{ matrix.config.os }}-r${{ matrix.config.r }}-py${{ matrix.config.py }}--${{ github.ref }} strategy: fail-fast: false @@ -33,96 +32,86 @@ jobs: - name: Check Out Repo uses: actions/checkout@v3 - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v2 - - - name: Cache Docker layers - uses: actions/cache@v3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Build and Push - id: docker_build - uses: docker/build-push-action@v3 - with: - context: ./content/base - file: ./content/base/Dockerfile.${{ matrix.config.os }} - builder: ${{ steps.buildx.outputs.name }} - tags: | - rstudio/content-base:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os }} - ghcr.io/rstudio/content-base:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os }} - rstudio/content-base:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os_alt }} - ghcr.io/rstudio/content-base:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os_alt }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache - load: true - push: false - build-args: | - R_VERSION=${{ matrix.config.r }} - PYTHON_VERSION=${{ matrix.config.py }} - - - name: Image digest - run: echo ${{ steps.docker_build.outputs.digest }} - - - name: Show image size - run: | - docker image ls - - - name: Run Snyk to check Docker image for vulnerabilities (main) - if: ${{ github.ref == 'refs/heads/main' }} - continue-on-error: true - uses: snyk/actions/docker@master + - name: Set up Just + uses: extractions/setup-just@v1 env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - image: rstudio/content-base:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os }} - args: --file=./content/base/Dockerfile.${{ matrix.config.os }} --org=${{ secrets.SNYK_ORG_ID }} --project-name=rstudio/content-base:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os }} --tags=product=content-base,os=${{ matrix.config.os }} --app-vulns --exclude-base-image-vulns - command: monitor + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Run Snyk to check Docker image for vulnerabilities (branch) - if: ${{ github.ref != 'refs/heads/main' }} + - name: Get build args + id: get-build-args + run: | + EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) + BUILD_ARGS=$( \ + just -f ci.Justfile \ + get-content-args \ + ${{ matrix.config.r }} \ + ${{ matrix.config.py }} \ + ) + echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT + echo "$BUILD_ARGS" >> $GITHUB_OUTPUT + echo "$EOF" >> $GITHUB_OUTPUT + + - name: Get tags + id: get-tags + run: | + IMAGE_TAGS=$( \ + just -f ci.Justfile \ + get-content-tags \ + content-base \ + ${{ matrix.config.r }} \ + ${{ matrix.config.py }} \ + ${{ matrix.config.os }} \ + ) + echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT + + - name: Build/Test/Scan/Push content base image + id: build1 + uses: ./.github/actions/build-test-scan-push continue-on-error: true - uses: snyk/actions/docker@master - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: - image: rstudio/content-base:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os }} - args: --file=./content/base/Dockerfile.${{ matrix.config.os }} --org=${{ secrets.SNYK_ORG_ID }} --project-name=rstudio/content-base:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os }} --tags=product=content-base,os=${{ matrix.config.os }} --app-vulns --exclude-base-image-vulns - command: test - - - name: Login to Docker Hub - if: ${{ github.ref == 'refs/heads/main' }} - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - - - name: Login to ghcr.io - if: ${{ github.ref == 'refs/heads/main' }} - uses: docker/login-action@v2 + context: ./content/base + os: ${{ matrix.config.os }} + product: content-base + image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} + build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} + test-image: false + push-image: ${{ github.ref == 'refs/heads/main' }} + snyk-token: ${{ secrets.SNYK_TOKEN }} + snyk-org-id: ${{ secrets.SNYK_ORG_ID }} + ghcr-token: ${{ secrets.BUILD_PAT }} + dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + # Begin retry logic + + - name: Wait 60s on failure before retrying + if: steps.build1.outcome == 'failure' + run: sleep 60 + + - name: Retry - Build/Test/Scan/Push base pro image + id: build2 + if: steps.build1.outcome == 'failure' + uses: ./.github/actions/build-test-scan-push with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.BUILD_PAT }} - - - name: Push image(s) - if: ${{ github.ref == 'refs/heads/main' }} - run: | - docker push rstudio/content-base:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os }} - docker push ghcr.io/rstudio/content-base:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os }} - docker push rstudio/content-base:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os_alt }} - docker push ghcr.io/rstudio/content-base:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os_alt }} - - + context: ./content/base + os: ${{ matrix.config.os }} + product: content-base + image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} + build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} + test-image: false + push-image: ${{ github.ref == 'refs/heads/main' }} + snyk-token: ${{ secrets.SNYK_TOKEN }} + snyk-org-id: ${{ secrets.SNYK_ORG_ID }} + ghcr-token: ${{ secrets.BUILD_PAT }} + dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + # End retry logic build-pro: runs-on: ubuntu-latest needs: [ matrix, build ] - name: pro r${{ matrix.config.r }} py${{ matrix.config.py }} ${{ matrix.config.os }} ${{ github.ref }} + name: content-pro-${{ matrix.config.os }}-r${{ matrix.config.r }}-py${{ matrix.config.py }}--${{ github.ref }} strategy: fail-fast: false @@ -133,88 +122,79 @@ jobs: - name: Check Out Repo uses: actions/checkout@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Cache Docker layers - uses: actions/cache@v3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Build and Push - id: docker_build - uses: docker/build-push-action@v3 - with: - context: ./content/pro - file: ./content/pro/Dockerfile.${{ matrix.config.os }} - builder: ${{ steps.buildx.outputs.name }} - tags: | - rstudio/content-pro:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os }} - ghcr.io/rstudio/content-pro:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os }} - rstudio/content-pro:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os_alt }} - ghcr.io/rstudio/content-pro:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os_alt }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache - load: true - push: false - build-args: | - R_VERSION=${{ matrix.config.r }} - PYTHON_VERSION=${{ matrix.config.py }} - DRIVERS_VERSION=${{ matrix.config.drivers }} - BASE_IMAGE=rstudio/content-base:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os }} - - - name: Image digest - run: echo ${{ steps.docker_build.outputs.digest }} - - - name: Show image size - run: | - docker image ls - - - name: Run Snyk to check Docker image for vulnerabilities (main) - if: ${{ github.ref == 'refs/heads/main' }} - continue-on-error: true - uses: snyk/actions/docker@master + - name: Set up Just + uses: extractions/setup-just@v1 env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - image: rstudio/content-pro:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os }} - args: --file=./content/pro/${{ matrix.config.os }}/Dockerfile --org=${{ secrets.SNYK_ORG_ID }} --project-name=rstudio/content-pro:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os }} --tags=product=content-pro,os=${{ matrix.config.os }} --app-vulns --exclude-base-image-vulns - command: monitor + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Run Snyk to check Docker image for vulnerabilities (branch) - if: ${{ github.ref != 'refs/heads/main' }} + - name: Get build args + id: get-build-args + run: | + EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) + BUILD_ARGS=$( \ + just -f ci.Justfile \ + get-content-args \ + ${{ matrix.config.r }} \ + ${{ matrix.config.py }} \ + ${{ matrix.config.drivers }} \ + ) + echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT + echo "$BUILD_ARGS" >> $GITHUB_OUTPUT + echo "$EOF" >> $GITHUB_OUTPUT + + - name: Get tags + id: get-tags + run: | + IMAGE_TAGS=$( \ + just -f ci.Justfile \ + get-content-tags \ + content-pro \ + ${{ matrix.config.r }} \ + ${{ matrix.config.py }} \ + ${{ matrix.config.os }} \ + ) + echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT + + - name: Build/Test/Scan/Push content pro image + id: build1 + uses: ./.github/actions/build-test-scan-push continue-on-error: true - uses: snyk/actions/docker@master - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: - image: rstudio/content-pro:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os }} - args: --file=./content/pro/${{ matrix.config.os }}/Dockerfile --org=${{ secrets.SNYK_ORG_ID }} --project-name=rstudio/content-pro:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os }} --tags=product=content-pro,os=${{ matrix.config.os }} --app-vulns --exclude-base-image-vulns - command: test - - - name: Login to Docker Hub - if: ${{ github.ref == 'refs/heads/main' }} - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - - - name: Login to ghcr.io - if: ${{ github.ref == 'refs/heads/main' }} - uses: docker/login-action@v2 + context: ./content/pro + os: ${{ matrix.config.os }} + product: content-pro + image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} + build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} + test-image: false + push-image: ${{ github.ref == 'refs/heads/main' }} + snyk-token: ${{ secrets.SNYK_TOKEN }} + snyk-org-id: ${{ secrets.SNYK_ORG_ID }} + ghcr-token: ${{ secrets.BUILD_PAT }} + dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + # Begin retry logic + + - name: Wait 60s on failure before retrying + if: steps.build1.outcome == 'failure' + run: sleep 60 + + - name: Retry - Build/Test/Scan/Push base pro image + id: build2 + if: steps.build1.outcome == 'failure' + uses: ./.github/actions/build-test-scan-push with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.BUILD_PAT }} - - - name: Push image(s) - if: ${{ github.ref == 'refs/heads/main' }} - run: | - docker push rstudio/content-pro:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os }} - docker push ghcr.io/rstudio/content-pro:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os }} - docker push rstudio/content-pro:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os_alt }} - docker push ghcr.io/rstudio/content-pro:r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ matrix.config.os_alt }} - + context: ./content/pro + os: ${{ matrix.config.os }} + product: content-pro + image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} + build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} + test-image: false + push-image: ${{ github.ref == 'refs/heads/main' }} + snyk-token: ${{ secrets.SNYK_TOKEN }} + snyk-org-id: ${{ secrets.SNYK_ORG_ID }} + ghcr-token: ${{ secrets.BUILD_PAT }} + dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + # End retry logic diff --git a/.github/workflows/build-latest.yaml b/.github/workflows/build-latest.yaml deleted file mode 100644 index 26445ed0..00000000 --- a/.github/workflows/build-latest.yaml +++ /dev/null @@ -1,289 +0,0 @@ -on: - push: - branches: - - main - - dev - pull_request: - -name: build/test/push (latest) -jobs: - build-base: - runs-on: ubuntu-latest - name: build-${{ matrix.os }} - - strategy: - fail-fast: false - matrix: - os: ['ubuntu1804', 'ubuntu2204', 'centos7'] - lang: - - {r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"} - - {r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} - - steps: - - name: Check Out Repo - uses: actions/checkout@v3 - - - name: Set up Just - uses: extractions/setup-just@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - just-version: '1.11.0' - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v2 - - - name: Cache Docker layers - uses: actions/cache@v3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Build base image - id: build-base-image - run: | - TAGS=`just -f ci.Justfile BUILDX_PATH=${{ steps.buildx.outputs.name }} R_VERSION=${{ matrix.lang.r-primary }} R_VERSION_ALT=${{ matrix.lang.r-alternate }} PYTHON_VERSION=${{ matrix.lang.py-primary }} PYTHON_VERSION_ALT=${{ matrix.lang.py-alternate }} build-base ${{ matrix.os }} base` - echo "TAGS=$TAGS" >> $GITHUB_OUTPUT - - - name: Show image size - run: | - docker image ls - - - name: Test image - run: | - just -f ci.Justfile R_VERSION=${{ matrix.lang.r-primary }} R_VERSION_ALT=${{ matrix.lang.r-alternate }} PYTHON_VERSION=${{ matrix.lang.py-primary }} PYTHON_VERSION_ALT=${{ matrix.lang.py-alternate }} test-base ${{ matrix.os }} base - - - name: Run Snyk to check Docker image for vulnerabilities (main) - if: ${{ github.ref == 'refs/heads/main' }} - continue-on-error: true - uses: snyk/actions/docker@master - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - image: ${{ steps.build-base-image.outputs.TAGS }} - args: --file=./product/Dockerfile.${{ matrix.os }} - command: monitor - - - name: Run Snyk to check Docker image for vulnerabilities (branch) - if: ${{ github.ref != 'refs/heads/main' }} - continue-on-error: true - uses: snyk/actions/docker@master - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - image: ${{ steps.build-base-image.outputs.TAGS }} - args: --file=./product/Dockerfile.${{ matrix.os }} - command: test - - - name: Login to ghcr.io - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.BUILD_PAT }} - - - name: Push image(s) to registries - if: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' }} - run: | - just -f ci.Justfile push-images ${{ steps.build-base-image.outputs.TAGS }} - - - build-pro: - needs: build-base - runs-on: ubuntu-latest - name: build-pro-${{ matrix.os }} - - strategy: - fail-fast: false - matrix: - os: ['ubuntu1804', 'ubuntu2204', 'centos7'] - lang: - - {r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"} - - {r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} - - steps: - - name: Check Out Repo - uses: actions/checkout@v3 - - - name: Set up Just - uses: extractions/setup-just@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - just-version: '1.11.0' - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v2 - - - name: Cache Docker layers - uses: actions/cache@v3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Login to ghcr.io - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.BUILD_PAT }} - - - name: Build pro drivers image - id: build-pro-image - run: | - TAGS=`just -f ci.Justfile BUILDX_PATH=${{ steps.buildx.outputs.name }} R_VERSION=${{ matrix.lang.r-primary }} R_VERSION_ALT=${{ matrix.lang.r-alternate }} PYTHON_VERSION=${{ matrix.lang.py-primary }} PYTHON_VERSION_ALT=${{ matrix.lang.py-alternate }} build-base ${{ matrix.os }} pro` - echo "TAGS=$TAGS" >> $GITHUB_OUTPUT - - - name: Show image size - run: | - docker image ls - - - name: Test image - run: | - just -f ci.Justfile R_VERSION=${{ matrix.lang.r-primary }} R_VERSION_ALT=${{ matrix.lang.r-alternate }} PYTHON_VERSION=${{ matrix.lang.py-primary }} PYTHON_VERSION_ALT=${{ matrix.lang.py-alternate }} test-base ${{ matrix.os }} pro - - - name: Run Snyk to check Docker image for vulnerabilities (main) - if: ${{ github.ref == 'refs/heads/main' }} - continue-on-error: true - uses: snyk/actions/docker@master - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - image: ${{ steps.build-pro-image.outputs.TAGS }} - args: --file=./product/pro/Dockerfile.${{ matrix.os }} - command: monitor - - - name: Run Snyk to check Docker image for vulnerabilities (branch) - if: ${{ github.ref != 'refs/heads/main' }} - continue-on-error: true - uses: snyk/actions/docker@master - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - image: ${{ steps.build-pro-image.outputs.TAGS }} - args: --file=./product/pro/Dockerfile.${{ matrix.os }} - command: test - - - name: Push image(s) to registries - if: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' }} - run: | - just -f ci.Justfile push-images ${{ steps.build-pro-image.outputs.TAGS }} - - - build-products: - needs: [build-base, build-pro] - runs-on: ubuntu-latest - name: build-${{ matrix.config.product }}-${{ matrix.config.os }}-latest - - strategy: - fail-fast: false - matrix: - config: - - {product: 'workbench', os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} - - {product: 'connect', os: 'ubuntu2204', r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"} - - {product: 'connect-content-init', os: 'ubuntu2204', r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"} - - {product: 'package-manager', os: 'ubuntu1804', r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"} - - {product: 'package-manager', os: 'ubuntu2204', r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"} - - {product: 'r-session-complete', os: 'centos7', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} - - {product: 'r-session-complete', os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} - - {product: 'workbench-for-microsoft-azure-ml', os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} - - steps: - - name: Check Out Repo - uses: actions/checkout@v3 - - - name: Set up Just - uses: extractions/setup-just@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - just-version: '1.11.0' - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v2 - - - name: Cache Docker layers - uses: actions/cache@v3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Login to ghcr.io - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.BUILD_PAT }} - - - name: Get Version - id: get-version - run: | - VERSION=`just -f ci.Justfile get-version ${{ matrix.config.product }} --type=release --local` - echo "VERSION=$VERSION" >> $GITHUB_OUTPUT - - - name: Get default tag - id: get-default-tag - run: | - DEFAULT_TAG=`just -f ci.Justfile R_VERSION=${{ matrix.config.r-primary }} R_VERSION_ALT=${{ matrix.config.r-alternate }} PYTHON_VERSION=${{ matrix.config.py-primary }} PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} _get-default-tag ${{ matrix.config.product }} ${{ matrix.config.os }}` - echo "DEFAULT_TAG=$DEFAULT_TAG" >> $GITHUB_OUTPUT - - - name: Build Image - id: build-image - run: | - TAGS=`just -f ci.Justfile BUILDX_PATH=${{ steps.buildx.outputs.name }} R_VERSION=${{ matrix.config.r-primary }} R_VERSION_ALT=${{ matrix.config.r-alternate }} PYTHON_VERSION=${{ matrix.config.py-primary }} PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} build-release ${{ matrix.config.product }} ${{ matrix.config.os }} ${{ steps.get-version.outputs.VERSION }}` - echo "TAGS=$TAGS" >> $GITHUB_OUTPUT - - - name: Show image size - run: | - docker image ls - - - name: Test image - env: - RSC_LICENSE: ${{ secrets.RSC_LICENSE }} - RSPM_LICENSE: ${{ secrets.RSPM_LICENSE }} - RSW_LICENSE: ${{ secrets.RSW_LICENSE }} - run: | - just R_VERSION=${{ matrix.lang.r-primary }} R_VERSION=${{ matrix.config.r-primary }} R_VERSION_ALT=${{ matrix.config.r-alternate }} PYTHON_VERSION=${{ matrix.config.py-primary }} PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} test-image ${{ matrix.config.product }} ${{ steps.get-version.outputs.VERSION }} ${{ steps.build-image.outputs.TAGS }} - - - name: Run Snyk to check Docker image for vulnerabilities (main) - if: ${{ github.ref == 'refs/heads/main' }} - continue-on-error: true - uses: snyk/actions/docker@master - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - image: ${{ steps.get-default-tag.outputs.DEFAULT_TAG }} - args: --file=./${{ matrix.config.product }}/Dockerfile.${{ matrix.config.os }} --org=${{ secrets.SNYK_ORG_ID }} --project-name=${{ steps.get-default-tag.outputs.DEFAULT_TAG }} --tags=product=${{ matrix.config.product }},os=${{ matrix.config.os }} --exclude-base-image-vulns --app-vulns - command: monitor - - - name: Run Snyk to check Docker image for vulnerabilities (branch) - if: ${{ github.ref != 'refs/heads/main' }} - continue-on-error: true - uses: snyk/actions/docker@master - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - image: ${{ steps.get-default-tag.outputs.DEFAULT_TAG }} - args: --file=./${{ matrix.config.product }}/Dockerfile.${{ matrix.config.os }} --org=${{ secrets.SNYK_ORG_ID }} --project-name=${{ steps.get-default-tag.outputs.DEFAULT_TAG }} --tags=product=${{ matrix.config.product }},os=${{ matrix.config.os }} --exclude-base-image-vulns --app-vulns - command: test - - - name: Login to Docker Hub - if: ${{ github.ref == 'refs/heads/main' }} - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - - - name: Push image(s) to registries - if: ${{ github.ref == 'refs/heads/main' }} - run: | - just -f ci.Justfile push-images ${{ steps.build-image.outputs.TAGS }} diff --git a/.github/workflows/build-manual.yaml b/.github/workflows/build-manual.yaml new file mode 100644 index 00000000..5ad494d1 --- /dev/null +++ b/.github/workflows/build-manual.yaml @@ -0,0 +1,136 @@ +on: + workflow_dispatch: + inputs: + branch: + description: "Branch to build off." + default: "main" + type: choice + options: + - main + - dev + - dev-rspm + product: + description: "The product/path to build." + required: true + type: choice + options: + - connect + - connect-content-init + - content/base + - content/pro + - package-manager + - product/base + - product/pro + - r-session-complete + - workbench + - workbench-for-microsoft-azure-ml + os: + description: "Which OS to build. WARNING: Not all OSes may be present for all products." + required: false + default: "ubuntu2204" + type: choice + options: + - ubuntu2204 + - ubuntu1804 + - centos7 + type: + description: "The type of image being built." + required: false + default: "preview" + type: choice + options: + - preview + - daily + - release + version: + description: "The version to build. Use 'auto' to target the latest build." + required: false + default: "auto" + type: string + push: + description: "Flag to push the image after build." + required: false + default: false + type: boolean + +name: Manual - Build, Test, Scan, and Push +jobs: + build: + runs-on: ubuntu-latest + name: manual-build + + steps: + - name: Check Out Repo + uses: actions/checkout@v3 + with: + ref: ${{ inputs.branch }} + + - name: Set up Just + uses: extractions/setup-just@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Get Version + id: get-version + run: | + if [[ "${{ inputs.version }}" == "auto" ]]; then + VERSION=`just -f ci.Justfile get-version ${{ inputs.product }} --type=${{ inputs.type }} --local` + else + VERSION="${{ inputs.version }}" + fi + echo "VERSION=$VERSION" >> $GITHUB_OUTPUT + + - name: Get build args + id: get-build-args + run: | + EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) + ARGS_CMD="" + if [[ "${{ inputs.type }}" == "release" ]]; then + ARGS_CMD="get-product-args" + else + ARGS_CMD="get-prerelease-args ${{inputs.type}}" + fi + BUILD_ARGS=$( \ + just -f ci.Justfile \ + ${ARGS_CMD} \ + ${{ inputs.product }} \ + ${{ inputs.os }} \ + ${{ steps.get-version.outputs.VERSION }} \ + ) + echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT + echo "$BUILD_ARGS" >> $GITHUB_OUTPUT + echo "$EOF" >> $GITHUB_OUTPUT + + - name: Get tags + id: get-tags + run: | + ARGS_CMD="" + if [[ "${{ inputs.type }}" == "release" ]]; then + ARGS_CMD="get-product-tags" + else + ARGS_CMD="get-prerelease-tags ${{inputs.type}}" + fi + IMAGE_TAGS=$( \ + just -f ci.Justfile \ + ${ARGS_CMD} \ + ${{ inputs.product }} \ + ${{ inputs.os }} \ + ${{ steps.get-version.outputs.VERSION }} \ + ) + echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT + + - name: Build/Test/Scan/Push manual build image + uses: ./.github/actions/build-test-scan-push + with: + context: ./${{ inputs.product }} + os: ${{ inputs.os }} + product: ${{ inputs.product }} + image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} + build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} + push-image: ${{ inputs.push }} + snyk-token: ${{ secrets.SNYK_TOKEN }} + snyk-org-id: ${{ secrets.SNYK_ORG_ID }} + ghcr-token: ${{ secrets.BUILD_PAT }} + dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + diff --git a/.github/workflows/build-prerelease.yaml b/.github/workflows/build-prerelease.yaml new file mode 100644 index 00000000..9fddfec0 --- /dev/null +++ b/.github/workflows/build-prerelease.yaml @@ -0,0 +1,135 @@ +on: + schedule: + # every morning at 8am UTC + # https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#onschedule + # make sure to change the `if` commands below when changing the schedule + - cron: '0 8 * * *' + - cron: '0 9 * * *' + push: + branches: + - main + - dev + - dev-rspm + pull_request: + +name: Prerelease - Build, Test, Scan, and Push +jobs: + build: + runs-on: ubuntu-latest + name: build-${{ matrix.config.type }}-${{ matrix.config.product }}-${{ matrix.config.os }} + + strategy: + fail-fast: false + matrix: + config: + - {product: "workbench", type: "daily", os: "ubuntu2204", r-primary: "4.3.1", r-alternate: "4.2.3", py-primary: "3.11.4", py-alternate: "3.10.12"} + - {product: "workbench", type: "preview", os: "ubuntu2204", r-primary: "4.3.1", r-alternate: "4.2.3", py-primary: "3.11.4", py-alternate: "3.10.12"} + - {product: "connect", type: "daily", os: "ubuntu2204", r-primary: "4.3.1", r-alternate: "4.2.3", py-primary: "3.11.4", py-alternate: "3.10.12"} + - {product: "connect-content-init", type: "daily", os: "ubuntu2204", r-primary: "4.3.1", r-alternate: "4.2.3", py-primary: "3.11.4", py-alternate: "3.10.12"} + - {product: "package-manager", type: "daily", os: "ubuntu1804", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} + - {product: "package-manager", type: "daily", os: "ubuntu2204", r-primary: "4.3.1", r-alternate: "4.2.3", py-primary: "3.11.4", py-alternate: "3.10.12"} + - {product: "r-session-complete", type: "daily", os: "ubuntu2204", r-primary: "4.3.1", r-alternate: "4.2.3", py-primary: "3.11.4", py-alternate: "3.10.12"} + - {product: "r-session-complete", type: "daily", os: 'centos7', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} + - {product: "r-session-complete", type: "preview", os: "ubuntu2204", r-primary: "4.3.1", r-alternate: "4.2.3", py-primary: "3.11.4", py-alternate: "3.10.12"} + - {product: "r-session-complete", type: "preview", os: 'centos7', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} + + steps: + - name: Check Out main Branch + if: github.event.schedule == '0 8 * * *' + uses: actions/checkout@v3 + with: + ref: 'main' + + - name: Check Out Repo at Triggered Branch + if: github.event.schedule != '0 8 * * *' + uses: actions/checkout@v3 + + - name: Set up Just + uses: extractions/setup-just@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Get Version + id: get-version + run: | + VERSION=$(just -f ci.Justfile get-version ${{ matrix.config.product }} --type=${{ matrix.config.type }} --local) + echo "VERSION=$VERSION" >> $GITHUB_OUTPUT + + - name: Get build args + id: get-build-args + run: | + EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) + BUILD_ARGS=$( \ + just -f ci.Justfile \ + R_VERSION=${{ matrix.config.r-primary }} \ + R_VERSION_ALT=${{ matrix.config.r-alternate }} \ + PYTHON_VERSION=${{ matrix.config.py-primary }} \ + PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} \ + get-prerelease-args \ + ${{ matrix.config.type }} \ + ${{ matrix.config.product }} \ + ${{ matrix.config.os }} \ + ${{ steps.get-version.outputs.VERSION }} \ + ) + echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT + echo "$BUILD_ARGS" >> $GITHUB_OUTPUT + echo "$EOF" >> $GITHUB_OUTPUT + + - name: Get tags + id: get-tags + run: | + IMAGE_TAGS=$( \ + just -f ci.Justfile \ + R_VERSION=${{ matrix.config.r-primary }} \ + R_VERSION_ALT=${{ matrix.config.r-alternate }} \ + PYTHON_VERSION=${{ matrix.config.py-primary }} \ + PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} \ + get-prerelease-tags \ + ${{ matrix.config.type }} \ + ${{ matrix.config.product }} \ + ${{ matrix.config.os }} \ + ${{ steps.get-version.outputs.VERSION }} \ + ) + echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT + + - name: Build/Test/Scan/Push base pro image + id: build1 + uses: ./.github/actions/build-test-scan-push + continue-on-error: true + with: + context: ./${{ matrix.config.product }} + os: ${{ matrix.config.os }} + product: ${{ matrix.config.product }} + image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} + build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} + push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/dev-rspm' }} + snyk-token: ${{ secrets.SNYK_TOKEN }} + snyk-org-id: ${{ secrets.SNYK_ORG_ID }} + ghcr-token: ${{ secrets.BUILD_PAT }} + dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + # Begin retry logic + + - name: Wait 60s on failure before retrying + if: steps.build1.outcome == 'failure' + run: sleep 60 + + - name: Retry - Build/Test/Scan/Push base pro image + id: build2 + if: steps.build1.outcome == 'failure' + uses: ./.github/actions/build-test-scan-push + with: + context: ./product/base + os: ${{ matrix.config.os }} + product: product-base + image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} + build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} + push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' }} + snyk-token: ${{ secrets.SNYK_TOKEN }} + snyk-org-id: ${{ secrets.SNYK_ORG_ID }} + ghcr-token: ${{ secrets.BUILD_PAT }} + dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + # End retry logic diff --git a/.github/workflows/build-preview-webhook.yaml b/.github/workflows/build-preview-webhook.yaml deleted file mode 100644 index 2064fbbb..00000000 --- a/.github/workflows/build-preview-webhook.yaml +++ /dev/null @@ -1,95 +0,0 @@ -on: - workflow_dispatch: - inputs: - product: - description: "Which image to build. Options: 'connect', 'connect-content-init', 'package-manager', 'r-session-complete', 'workbench', 'workbench-for-microsoft-azure-ml'." - required: true - type: string - os: - description: "Which os to build. Default 'bionic'. Options: 'bionic|ubuntu1804', 'jammy|ubuntu2204', 'centos7'" - required: true - default: "bionic" - type: string - type: - description: "Which build type. Default 'preview'. Options: 'preview', 'daily'" - required: false - default: "preview" - type: string - version: - description: "The version to build. Default 'auto'. Can use any string, but must have which != 'all' if using something other than 'auto'" - required: false - default: "auto" - type: string - -name: build/test/push (adhoc preview) -jobs: - build: - runs-on: ubuntu-latest - name: build-${{ github.event.inputs.product }}:${{ github.event.inputs.os }}-${{ github.event.inputs.type }}-${{ github.event.inputs.version }} - - steps: - - name: Check Out Repo - uses: actions/checkout@v3 - - - name: Set up Just - uses: extractions/setup-just@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - just-version: '1.11.0' - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v2 - - - name: Cache Docker layers - uses: actions/cache@v3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Get Version - id: get-version - run: | - VERSION=`just -f ci.Justfile get-version ${{ github.event.inputs.product }} --type=${{ github.event.inputs.type }} --local --override=${{ github.event.inputs.version }}` - echo "VERSION=$VERSION" >> $GITHUB_OUTPUT - - - name: Build Image - id: build-image - run: | - TAGS=`just -f ci.Justfile BUILDX_PATH=${{ steps.buildx.outputs.name }} build-preview ${{ github.event.inputs.type }} ${{ github.event.inputs.product }} ${{ github.event.inputs.os }} ${{ steps.get-version.outputs.VERSION }}` - echo "TAGS=$TAGS" >> $GITHUB_OUTPUT - - - name: Show image size - run: | - docker image ls - - - name: Test image - env: - RSC_LICENSE: ${{ secrets.RSC_LICENSE }} - RSPM_LICENSE: ${{ secrets.RSPM_LICENSE }} - RSW_LICENSE: ${{ secrets.RSW_LICENSE }} - run: | - just test-image ${{ github.event.inputs.product }} ${{ steps.get-version.outputs.VERSION }} ${{ steps.build-image.outputs.TAGS }} - - - name: Login to Docker Hub - if: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/dev-rspm' }} - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - - - name: Login to ghcr.io - if: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/dev-rspm' }} - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.BUILD_PAT }} - - - name: Push image(s) to registries - if: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/dev-rspm' }} - run: | - just -f ci.Justfile push-images ${{ steps.build-image.outputs.TAGS }} diff --git a/.github/workflows/build-preview.yaml b/.github/workflows/build-preview.yaml deleted file mode 100644 index 8b995be9..00000000 --- a/.github/workflows/build-preview.yaml +++ /dev/null @@ -1,112 +0,0 @@ -on: - schedule: - # every morning at 8am UTC - # https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#onschedule - # make sure to change the `if` commands below when changing the schedule - - cron: '0 8 * * *' - - cron: '0 9 * * *' - push: - branches: - - main - - dev - - dev-rspm - pull_request: - -name: build/test/push (preview) -jobs: - - - build: - runs-on: ubuntu-latest - name: build-${{ matrix.config.product }}:${{ matrix.config.type }}:${{ matrix.config.os }} - - strategy: - fail-fast: false - matrix: - config: - - {product: "workbench", type: "daily", os: "ubuntu2204", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} - - {product: "workbench", type: "preview", os: "ubuntu2204", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} - - {product: "connect", type: "daily", os: "ubuntu2204", r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"} - - {product: "connect-content-init", type: "daily", os: "ubuntu2204", r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"} - - {product: "package-manager", type: "daily", os: "ubuntu1804", r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"} - - {product: "package-manager", type: "daily", os: "ubuntu2204", r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"} - - {product: "r-session-complete", type: "daily", os: "ubuntu2204", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} - - {product: "r-session-complete", type: "daily", os: "centos7", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} - - {product: "r-session-complete", type: "preview", os: "ubuntu2204", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} - - {product: "r-session-complete", type: "preview", os: "centos7", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} - - steps: - # the schedule triggers on the "default" branch (dev), so we have to specify "main" - # this schedule matching / specification is less than ideal at present and must be - # kept in sync with the schedule specification at the top of the file - - name: Check Out main Branch - if: github.event.schedule == '0 8 * * *' - uses: actions/checkout@v3 - with: - ref: 'main' - - - name: Check Out Repo at Triggered Branch - if: github.event.schedule != '0 8 * * *' - uses: actions/checkout@v3 - - - name: Set up Just - uses: extractions/setup-just@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - just-version: '1.11.0' - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v2 - - - name: Cache Docker layers - uses: actions/cache@v3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Login to ghcr.io - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.BUILD_PAT }} - - - name: Get Version - id: get-version - run: | - VERSION=`just -f ci.Justfile get-version ${{ matrix.config.product }} --type=${{ matrix.config.type }} --local` - echo "VERSION=$VERSION" >> $GITHUB_OUTPUT - - - name: Build Image - id: build-image - run: | - TAGS=`just -f ci.Justfile BUILDX_PATH=${{ steps.buildx.outputs.name }} R_VERSION=${{ matrix.config.r-primary }} R_VERSION_ALT=${{ matrix.config.r-alternate }} PYTHON_VERSION=${{ matrix.config.py-primary }} PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} build-preview ${{ matrix.config.type }} ${{ matrix.config.product }} ${{ matrix.config.os }} ${{ steps.get-version.outputs.VERSION }}` - echo "TAGS=$TAGS" >> $GITHUB_OUTPUT - - - name: Show image size - run: | - docker image ls - - - name: Test image - env: - RSC_LICENSE: ${{ secrets.RSC_LICENSE }} - RSPM_LICENSE: ${{ secrets.RSPM_LICENSE }} - RSW_LICENSE: ${{ secrets.RSW_LICENSE }} - run: | - just R_VERSION=${{ matrix.config.r-primary }} R_VERSION_ALT=${{ matrix.config.r-alternate }} PYTHON_VERSION=${{ matrix.config.py-primary }} PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} test-image ${{ matrix.config.product }} ${{ steps.get-version.outputs.VERSION }} ${{ steps.build-image.outputs.TAGS }} - - - name: Login to Docker Hub - if: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/dev-rspm' }} - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - - - name: Push image(s) to registries - if: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/dev-rspm' }} - run: | - just -f ci.Justfile push-images ${{ steps.build-image.outputs.TAGS }} diff --git a/.github/workflows/build-release.yaml b/.github/workflows/build-release.yaml new file mode 100644 index 00000000..d308062a --- /dev/null +++ b/.github/workflows/build-release.yaml @@ -0,0 +1,309 @@ +on: + schedule: + - cron: '0 12 * * 1' + push: + branches: + - main + - dev + pull_request: + +name: Release - Build, Test, Scan, and Push +jobs: + build-base: + runs-on: ubuntu-latest + name: product-base-build-${{ matrix.config.os }}-r${{ matrix.config.r-primary }}_${{ matrix.config.r-alternate }}-py${{ matrix.config.py-primary }}_${{ matrix.config.py-alternate }} + + strategy: + fail-fast: false + matrix: + config: + - {os: 'centos7', r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"} + - {os: 'centos7', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} + - {os: 'ubuntu1804', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} + - {os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} + - {os: 'ubuntu2204', r-primary: "4.3.1", r-alternate: "4.2.3", py-primary: "3.11.4", py-alternate: "3.10.12"} + + steps: + - name: Check Out Repo + uses: actions/checkout@v3 + + - name: Set up Just + uses: extractions/setup-just@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Get build args + id: get-build-args + run: | + EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) + BUILD_ARGS=$( \ + just -f ci.Justfile \ + R_VERSION=${{ matrix.config.r-primary }} \ + R_VERSION_ALT=${{ matrix.config.r-alternate }} \ + PYTHON_VERSION=${{ matrix.config.py-primary }} \ + PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} \ + get-base-args ${{ matrix.config.os }} product-base \ + ) + echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT + echo "$BUILD_ARGS" >> $GITHUB_OUTPUT + echo "$EOF" >> $GITHUB_OUTPUT + + - name: Get tags + id: get-tags + run: | + IMAGE_TAGS=$( \ + just -f ci.Justfile \ + R_VERSION=${{ matrix.config.r-primary }} \ + R_VERSION_ALT=${{ matrix.config.r-alternate }} \ + PYTHON_VERSION=${{ matrix.config.py-primary }} \ + PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} \ + get-base-tags ${{ matrix.config.os }} product-base \ + ) + echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT + + - name: Build/Test/Scan/Push base image + id: build1 + uses: ./.github/actions/build-test-scan-push + continue-on-error: true + with: + context: ./product/base + os: ${{ matrix.config.os }} + product: product-base + image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} + build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} + push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' }} + snyk-token: ${{ secrets.SNYK_TOKEN }} + snyk-org-id: ${{ secrets.SNYK_ORG_ID }} + ghcr-token: ${{ secrets.BUILD_PAT }} + dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + # Begin retry logic + + - name: Wait 60s on failure before retrying + if: steps.build1.outcome == 'failure' + run: sleep 60 + + - name: Retry - Build/Test/Scan/Push base pro image + id: build2 + if: steps.build1.outcome == 'failure' + uses: ./.github/actions/build-test-scan-push + with: + context: ./product/base + os: ${{ matrix.config.os }} + product: product-base + image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} + build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} + push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' }} + snyk-token: ${{ secrets.SNYK_TOKEN }} + snyk-org-id: ${{ secrets.SNYK_ORG_ID }} + ghcr-token: ${{ secrets.BUILD_PAT }} + dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + # End retry logic + + build-base-pro: + needs: build-base + runs-on: ubuntu-latest + name: product-base-pro-build-${{ matrix.config.os }}-r${{ matrix.config.r-primary }}_${{ matrix.config.r-alternate }}-py${{ matrix.config.py-primary }}_${{ matrix.config.py-alternate }} + + strategy: + fail-fast: false + matrix: + config: + - {os: 'centos7', r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"} + - {os: 'centos7', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} + - {os: 'ubuntu1804', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} + - {os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} + - {os: 'ubuntu2204', r-primary: "4.3.1", r-alternate: "4.2.3", py-primary: "3.11.4", py-alternate: "3.10.12"} + + steps: + - name: Check Out Repo + uses: actions/checkout@v3 + + - name: Set up Just + uses: extractions/setup-just@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Get build args + id: get-build-args + run: | + EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) + BUILD_ARGS=$( \ + just -f ci.Justfile \ + R_VERSION=${{ matrix.config.r-primary }} \ + R_VERSION_ALT=${{ matrix.config.r-alternate }} \ + PYTHON_VERSION=${{ matrix.config.py-primary }} \ + PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} \ + get-base-args ${{ matrix.config.os }} product-base-pro \ + ) + echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT + echo "$BUILD_ARGS" >> $GITHUB_OUTPUT + echo "$EOF" >> $GITHUB_OUTPUT + + - name: Get tags + id: get-tags + run: | + IMAGE_TAGS=$( \ + just -f ci.Justfile \ + R_VERSION=${{ matrix.config.r-primary }} \ + R_VERSION_ALT=${{ matrix.config.r-alternate }} \ + PYTHON_VERSION=${{ matrix.config.py-primary }} \ + PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} \ + get-base-tags ${{ matrix.config.os }} product-base-pro \ + ) + echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT + + - name: Build/Test/Scan/Push base pro image + id: build1 + uses: ./.github/actions/build-test-scan-push + continue-on-error: true + with: + context: ./product/pro + os: ${{ matrix.config.os }} + product: product-base-pro + image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} + build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} + push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' }} + snyk-token: ${{ secrets.SNYK_TOKEN }} + snyk-org-id: ${{ secrets.SNYK_ORG_ID }} + ghcr-token: ${{ secrets.BUILD_PAT }} + dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + # Begin retry logic + + - name: Wait 60s on failure before retrying + if: steps.build1.outcome == 'failure' + run: sleep 60 + + - name: Retry - Build/Test/Scan/Push base pro image + id: build2 + if: steps.build1.outcome == 'failure' + uses: ./.github/actions/build-test-scan-push + with: + context: ./product/pro + os: ${{ matrix.config.os }} + product: product-base-pro + image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} + build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} + push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' }} + snyk-token: ${{ secrets.SNYK_TOKEN }} + snyk-org-id: ${{ secrets.SNYK_ORG_ID }} + ghcr-token: ${{ secrets.BUILD_PAT }} + dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + # End retry logic + + build-products: + needs: [ build-base, build-base-pro ] + runs-on: ubuntu-latest + name: build-${{ matrix.config.product }}-${{ matrix.config.os }} + + strategy: + fail-fast: false + matrix: + config: + - {product: 'workbench', os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} + - {product: 'connect', os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} + - {product: 'connect-content-init', os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} + - {product: 'package-manager', os: 'ubuntu1804', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} + - {product: 'package-manager', os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} + - {product: 'r-session-complete', os: 'centos7', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} + - {product: 'r-session-complete', os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} + - {product: 'workbench-for-microsoft-azure-ml', os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} + + steps: + - name: Check Out Repo + uses: actions/checkout@v3 + + - name: Set up Just + uses: extractions/setup-just@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Get Version + id: get-version + run: | + VERSION=`just -f ci.Justfile get-version ${{ matrix.config.product }} --type=release --local` + echo "VERSION=$VERSION" >> $GITHUB_OUTPUT + + - name: Get build args + id: get-build-args + run: | + EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) + BUILD_ARGS=$( \ + just -f ci.Justfile \ + R_VERSION=${{ matrix.config.r-primary }} \ + R_VERSION_ALT=${{ matrix.config.r-alternate }} \ + PYTHON_VERSION=${{ matrix.config.py-primary }} \ + PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} \ + get-product-args \ + ${{ matrix.config.product }} \ + ${{ matrix.config.os }} \ + ${{ steps.get-version.outputs.VERSION }} \ + ) + echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT + echo "$BUILD_ARGS" >> $GITHUB_OUTPUT + echo "$EOF" >> $GITHUB_OUTPUT + + - name: Get tags + id: get-tags + run: | + IMAGE_TAGS=$( \ + just -f ci.Justfile \ + R_VERSION=${{ matrix.config.r-primary }} \ + R_VERSION_ALT=${{ matrix.config.r-alternate }} \ + PYTHON_VERSION=${{ matrix.config.py-primary }} \ + PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} \ + get-product-tags \ + ${{ matrix.config.product }} \ + ${{ matrix.config.os }} \ + ${{ steps.get-version.outputs.VERSION }} \ + ) + echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT + + - name: Build/Test/Scan/Push base pro image + id: build1 + uses: ./.github/actions/build-test-scan-push + continue-on-error: true + with: + context: ./${{ matrix.config.product }} + os: ${{ matrix.config.os }} + product: ${{ matrix.config.product }} + image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} + build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} + push-image: ${{ github.ref == 'refs/heads/main' }} + snyk-token: ${{ secrets.SNYK_TOKEN }} + snyk-org-id: ${{ secrets.SNYK_ORG_ID }} + ghcr-token: ${{ secrets.BUILD_PAT }} + dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + # Begin retry logic + + - name: Wait 60s on failure before retrying + if: steps.build1.outcome == 'failure' + run: sleep 60 + + - name: Retry - Build/Test/Scan/Push base pro image + id: build2 + if: steps.build1.outcome == 'failure' + uses: ./.github/actions/build-test-scan-push + with: + context: ./${{ matrix.config.product }} + os: ${{ matrix.config.os }} + product: ${{ matrix.config.product }} + image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} + build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} + push-image: ${{ github.ref == 'refs/heads/main' }} + snyk-token: ${{ secrets.SNYK_TOKEN }} + snyk-org-id: ${{ secrets.SNYK_ORG_ID }} + ghcr-token: ${{ secrets.BUILD_PAT }} + dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + # End retry logic diff --git a/.github/workflows/clean-registry.yaml b/.github/workflows/clean-registry.yaml index 3e0322bc..890614d8 100644 --- a/.github/workflows/clean-registry.yaml +++ b/.github/workflows/clean-registry.yaml @@ -2,7 +2,7 @@ on: schedule: - cron: 0 0 * * 2 -name: clean registries +name: Clean Registries jobs: cleanup: diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index d005b4fa..15f71f3e 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -5,7 +5,7 @@ on: - dev pull_request: -name: lint Dockerfiles +name: Lint Dockerfiles jobs: lint: diff --git a/Justfile b/Justfile index af14ef32..0076ea72 100644 --- a/Justfile +++ b/Justfile @@ -13,11 +13,15 @@ RSW_VERSION := "2023.06.1+524.pro1" DRIVERS_VERSION := "2023.05.0" DRIVERS_VERSION_RHEL := DRIVERS_VERSION + "-1" -R_VERSION := "3.6.2" -R_VERSION_ALT := "4.1.0" +R_VERSION := "4.2.3" +R_VERSION_ALT := "4.1.3" -PYTHON_VERSION := "3.9.5" -PYTHON_VERSION_ALT := "3.8.10" +PYTHON_VERSION := "3.9.17" +PYTHON_VERSION_ALT := "3.8.17" +PYTHON_VERSION_RHEL := "3.9.14" +PYTHON_VERSION_ALT_RHEL := "3.8.15" + +QUARTO_VERSION := "1.3.340" # just _get-tag-safe-version 2022.07.2+576.pro12 _get-tag-safe-version $VERSION: @@ -87,8 +91,11 @@ update-versions: R_VERSION_ALT={{R_VERSION_ALT}} \ PYTHON_VERSION={{PYTHON_VERSION}} \ PYTHON_VERSION_ALT={{PYTHON_VERSION_ALT}} \ + PYTHON_VERSION_RHEL={{PYTHON_VERSION_RHEL}} \ + PYTHON_VERSION_ALT_RHEL={{PYTHON_VERSION_ALT_RHEL}} \ DRIVERS_VERSION={{DRIVERS_VERSION}} \ - update-rsw-versions update-rspm-versions update-rsc-versions update-r-versions update-py-versions update-drivers-versions + QUARTO_VERSION={{QUARTO_VERSION}} \ + update-rsw-versions update-rspm-versions update-rsc-versions update-r-versions update-py-versions update-drivers-versions update-quarto-versions # just RSW_VERSION=1.2.3 update-rsw-versions update-rsw-versions: @@ -134,8 +141,6 @@ update-rsc-versions: set -euxo pipefail sed {{ sed_vars }} "s/RSC_VERSION=.*/RSC_VERSION={{ RSC_VERSION }}/g" \ connect/.env \ - connect/Dockerfile.ubuntu1804 \ - connect-content-init/Dockerfile.ubuntu1804 \ connect/Dockerfile.ubuntu2204 \ connect-content-init/Dockerfile.ubuntu2204 sed {{ sed_vars }} "s/RSC_VERSION:.*/RSC_VERSION: {{ RSC_VERSION }}/g" docker-compose.yml @@ -153,34 +158,42 @@ update-r-versions: #!/usr/bin/env bash set -euxo pipefail # Update primary R versions - sed {{ sed_vars }} "s/^R_VERSION=.*/R_VERSION={{ R_VERSION }}/g" \ + sed {{ sed_vars }} "s/R_VERSION=.*/R_VERSION={{ R_VERSION }}/g" \ workbench/.env \ connect/.env \ package-manager/.env \ - connect/Dockerfile.ubuntu1804 \ - package-manager/Dockerfile.ubuntu1804 \ + package-manager/Dockerfile.ubuntu* \ workbench/Dockerfile.ubuntu2204 \ connect/Dockerfile.ubuntu2204 \ - package-manager/Dockerfile.ubuntu2204 - sed {{ sed_vars }} "s|^RVersion.*=.*|RVersion = /opt/R/{{ R_VERSION }}/|g" package-manager/rstudio-pm.gcfg + product/base/Dockerfile.ubuntu* \ + product/pro/Dockerfile.ubuntu* sed {{ sed_vars }} "s/^R_VERSION := .*/R_VERSION := \"{{ R_VERSION }}\"/g" \ workbench/Justfile \ workbench-for-microsoft-azure-ml/Justfile \ - connect/Justfile package-manager/Justfile \ + connect/Justfile \ + package-manager/Justfile \ + product/base/Justfile \ + product/pro/Justfile \ Justfile \ ci.Justfile # Update alt R versions - sed {{ sed_vars }} "s/^R_VERSION_ALT=.*/R_VERSION_ALT={{ R_VERSION_ALT }}/g" \ + sed {{ sed_vars }} "s/R_VERSION_ALT=.*/R_VERSION_ALT={{ R_VERSION_ALT }}/g" \ workbench/.env \ connect/.env \ - connect/Dockerfile.ubuntu1804 \ + package-manager/.env \ + package-manager/Dockerfile.ubuntu* \ workbench/Dockerfile.ubuntu2204 \ - connect/Dockerfile.ubuntu2204 + connect/Dockerfile.ubuntu2204 \ + product/base/Dockerfile.ubuntu* \ + product/pro/Dockerfile.ubuntu* sed {{ sed_vars }} "s/^R_VERSION_ALT := .*/R_VERSION_ALT := \"{{ R_VERSION_ALT }}\"/g" \ workbench/Justfile \ workbench-for-microsoft-azure-ml/Justfile \ connect/Justfile \ + package-manager/Justfile \ + product/base/Justfile \ + product/pro/Justfile \ Justfile \ ci.Justfile @@ -189,33 +202,50 @@ update-py-versions: #!/usr/bin/env bash set -euxo pipefail # Update primary Python versions - sed {{ sed_vars }} "s/^PYTHON_VERSION=.*/PYTHON_VERSION={{ PYTHON_VERSION }}/g" \ + sed {{ sed_vars }} "s/PYTHON_VERSION=.*/PYTHON_VERSION={{ PYTHON_VERSION }}/g" \ workbench/Dockerfile.ubuntu2204 \ workbench/.env \ - connect/Dockerfile.ubuntu1804 \ connect/Dockerfile.ubuntu2204 \ connect/.env \ - package-manager/Dockerfile.ubuntu1804 \ - package-manager/Dockerfile.ubuntu2204 \ - package-manager/.env + package-manager/Dockerfile.ubuntu* \ + package-manager/.env \ + product/base/Dockerfile.ubuntu* \ + product/pro/Dockerfile.ubuntu* \ + r-session-complete/Dockerfile.ubuntu2204 + sed {{ sed_vars }} "s/PYTHON_VERSION=.*/PYTHON_VERSION={{ PYTHON_VERSION_RHEL }}/g" \ + product/base/Dockerfile.centos7 \ + product/pro/Dockerfile.centos7 \ + r-session-complete/Dockerfile.centos7 sed {{ sed_vars }} "s/^PYTHON_VERSION := .*/PYTHON_VERSION := \"{{ PYTHON_VERSION }}\"/g" \ workbench/Justfile \ workbench-for-microsoft-azure-ml/Justfile \ connect/Justfile \ + package-manager/Justfile \ + product/base/Justfile \ + product/pro/Justfile \ Justfile \ ci.Justfile # Update alt Python versions - sed {{ sed_vars }} "s/^PYTHON_VERSION_ALT=.*/PYTHON_VERSION_ALT={{ PYTHON_VERSION_ALT }}/g" \ + sed {{ sed_vars }} "s/PYTHON_VERSION_ALT=.*/PYTHON_VERSION_ALT={{ PYTHON_VERSION_ALT }}/g" \ workbench/Dockerfile.ubuntu2204 \ workbench/.env \ - connect/Dockerfile.ubuntu1804 \ connect/Dockerfile.ubuntu2204 \ - connect/.env + connect/.env \ + product/base/Dockerfile.ubuntu* \ + product/pro/Dockerfile.ubuntu* \ + r-session-complete/Dockerfile.ubuntu2204 + sed {{ sed_vars }} "s/PYTHON_VERSION_ALT=.*/PYTHON_VERSION_ALT={{ PYTHON_VERSION_ALT_RHEL }}/g" \ + product/base/Dockerfile.centos7 \ + product/pro/Dockerfile.centos7 \ + r-session-complete/Dockerfile.centos7 sed {{ sed_vars }} "s/^PYTHON_VERSION_ALT := .*/PYTHON_VERSION_ALT := \"{{ PYTHON_VERSION_ALT }}\"/g" \ workbench/Justfile \ workbench-for-microsoft-azure-ml/Justfile \ connect/Justfile \ + package-manager/Justfile \ + product/base/Justfile \ + product/pro/Justfile \ Justfile \ ci.Justfile @@ -239,6 +269,23 @@ update-drivers-versions: product/pro/Justfile \ ci.Justfile +update-quarto-versions: + #!/usr/bin/env bash + set -euxo pipefail + sed {{ sed_vars }} "s/^QUARTO_VERSION := .*/QUARTO_VERSION := \"{{ QUARTO_VERSION }}\"/g" \ + content/base/Justfile \ + product/base/Justfile \ + ci.Justfile \ + Justfile + sed {{ sed_vars }} "s/^QUARTO_VERSION=.*/QUARTO_VERSION={{ QUARTO_VERSION }}/g" \ + content/base/Dockerfile* \ + product/base/Dockerfile* + sed {{ sed_vars }} "s/^Executable = \/opt\/quarto\/.*\/bin\/quarto/Executable = \/opt\/quarto\/{{ QUARTO_VERSION }}\/bin\/quarto/g" \ + connect/rstudio-connect.gcfg + sed {{ sed_vars }} "s/qver=\${QUARTO_VERSION:-.*}/qver=\${QUARTO_VERSION:-{{ QUARTO_VERSION }}}/g" \ + content/base/maybe_install_quarto.sh + + # just test-image preview workbench 12.0.11-8 tag1 tag2 tag3 ... test-image $PRODUCT $VERSION +IMAGES: #!/usr/bin/env bash diff --git a/NEWS.md b/NEWS.md index 57e3f394..b71783f5 100644 --- a/NEWS.md +++ b/NEWS.md @@ -5,6 +5,14 @@ changed in each image. This file only captures pervasive, repository-wide changes. +# 2023-07-25 +- Overhauled the workflows for this repository to use official Github Actions over `just` targets for building, testing, +scanning, and pushing images. +- Universally updated Python versions to 3.9.17 and 3.8.17 for Ubuntu-based images and 3.9.14 and 3.8.15 for CentOS +images. +- **BREAKING:** Universally updated R versions to 4.2.3 and 4.1.3 from 3.6.2 and 4.2.0. +- Added scheduled builds for latest release images to keep images up to date with security patches. + # 2022-11-10 - We replaced Ubuntu codenames with explicit version numbers for ease of use. Images will still be tagged with *both* the OS version number and the codename to retain backwards compatibility. diff --git a/ci.Justfile b/ci.Justfile index 47777a9e..e1bddbc1 100644 --- a/ci.Justfile +++ b/ci.Justfile @@ -3,16 +3,18 @@ set positional-arguments BUILDX_PATH := "" REGISTRY_NAMESPACE := "rstudio" -R_VERSION := "3.6.2" -R_VERSION_ALT := "4.1.0" +R_VERSION := "4.2.3" +R_VERSION_ALT := "4.1.3" -PYTHON_VERSION := "3.9.5" -PYTHON_VERSION_ALT := "3.8.10" +PYTHON_VERSION := "3.9.17" +PYTHON_VERSION_ALT := "3.8.17" DRIVERS_VERSION := "2023.05.0" DRIVERS_VERSION_RHEL := DRIVERS_VERSION + "-1" -# just BUILDX_PATH=~/.buildx build-release workbench bionic 12.0.11-11 +QUARTO_VERSION := "1.3.340" + +# just _get-os-alias jammy _get-os-alias OS: #!/usr/bin/env bash if [[ "{{OS}}" == "bionic" || "{{OS}}" == "ubuntu1804" ]]; then @@ -23,6 +25,7 @@ _get-os-alias OS: echo "{{OS}}" fi +# just _get-default-tag connect ubuntu2204 _get-default-tag PRODUCT OS: #!/usr/bin/env bash set -euxo pipefail @@ -36,28 +39,40 @@ _get-default-tag PRODUCT OS: echo "{{ REGISTRY_NAMESPACE }}/${IMAGE_PREFIX}{{ PRODUCT }}:{{ OS }}" -# just BUILDX_PATH=~/.buildx build-base ubuntu1804 base -build-base $OS $TYPE="base" $BRANCH=`git branch --show`: +# just _get-rsw-download-url release ubuntu2204 +_get-rsw-download-url TYPE OS: #!/usr/bin/env bash - set -euxo pipefail + URL_OS="{{OS}}" + if [[ "{{OS}}" == "ubuntu1804" ]]; then + URL_OS="bionic" + elif [[ "{{OS}}" == "ubuntu2204" ]]; then + URL_OS="jammy" + fi - # variable placeholders - BUILDX_ARGS="" + if [[ "{{TYPE}}" == "release" ]]; then + echo "https://download2.rstudio.org/server/${URL_OS}/{{ if OS == "centos7" { "x86_64"} else { "amd64" } }}" + else + echo "https://s3.amazonaws.com/rstudio-ide-build/server/${URL_OS}/{{ if OS == "centos7" { "x86_64"} else { "amd64" } }}" + fi + +# just get-version workbench --type=preview --local +get-version +NARGS: + ./tools/get-version.py {{NARGS}} - # set short name +# just get-base-args ubuntu2204 base|pro +get-base-args $OS $TYPE="base" $BRANCH=`git branch --show`: + #!/usr/bin/env bash + set -euxo pipefail if [[ $TYPE == "base" || $TYPE == "product-base" ]]; then - IMAGE_NAME="product-base" SRC_IMAGE_NAME="" CTX_PATH="./product/base" FILE_PATH="./product/base/Dockerfile.${OS}" elif [[ $TYPE == "base-pro" || $TYPE == "pro" || $TYPE == "product-base-pro" ]]; then - IMAGE_NAME="product-base-pro" SRC_IMAGE_NAME="product-base" CTX_PATH="./product/pro" FILE_PATH="./product/pro/Dockerfile.${OS}" fi if [[ $BRANCH != "main" ]]; then - IMAGE_NAME="${IMAGE_NAME}-dev" SRC_IMAGE_NAME="${SRC_IMAGE_NAME}-dev" fi @@ -67,84 +82,87 @@ build-base $OS $TYPE="base" $BRANCH=`git branch --show`: _DRIVERS_VERSION="{{ DRIVERS_VERSION }}" fi - # set buildx args - if [[ "{{BUILDX_PATH}}" != "" ]]; then - BUILDX_ARGS="--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,dest=/tmp/.buildx-cache" - fi + printf "R_VERSION={{ R_VERSION }} + R_VERSION_ALT={{ R_VERSION_ALT }} + PYTHON_VERSION={{ PYTHON_VERSION }} + PYTHON_VERSION_ALT={{ PYTHON_VERSION_ALT }} + QUARTO_VERSION={{ QUARTO_VERSION }} + DRIVERS_VERSION=${_DRIVERS_VERSION} + SRC_IMAGE_NAME=${SRC_IMAGE_NAME}" - docker buildx --builder="{{BUILDX_PATH}}" build --load $BUILDX_ARGS \ - -t rstudio/${IMAGE_NAME}:${OS} \ - -t rstudio/${IMAGE_NAME}:${OS}-r{{R_VERSION}}-py{{PYTHON_VERSION}} \ - -t rstudio/${IMAGE_NAME}:${OS}-r{{R_VERSION}}_{{R_VERSION_ALT}}-py{{PYTHON_VERSION}}_{{PYTHON_VERSION_ALT}} \ - -t ghcr.io/rstudio/${IMAGE_NAME}:${OS} \ - -t ghcr.io/rstudio/${IMAGE_NAME}:${OS}-r{{R_VERSION}}-py{{PYTHON_VERSION}} \ - -t ghcr.io/rstudio/${IMAGE_NAME}:${OS}-r{{R_VERSION}}_{{R_VERSION_ALT}}-py{{PYTHON_VERSION}}_{{PYTHON_VERSION_ALT}} \ - --build-arg R_VERSION="{{ R_VERSION }}" \ - --build-arg R_VERSION_ALT="{{ R_VERSION_ALT }}" \ - --build-arg PYTHON_VERSION="{{ PYTHON_VERSION }}" \ - --build-arg PYTHON_VERSION_ALT="{{ PYTHON_VERSION_ALT }}" \ - --build-arg DRIVERS_VERSION="${_DRIVERS_VERSION}" \ - --build-arg SRC_IMAGE_NAME="${SRC_IMAGE_NAME}" \ - --file "${FILE_PATH}" "${CTX_PATH}" - - # echo rstudio/${IMAGE_NAME}:${OS} \ - # rstudio/${IMAGE_NAME}:${OS}-r{{R_VERSION}}-py{{PYTHON_VERSION}} \ - # rstudio/${IMAGE_NAME}:${OS}-r{{R_VERSION}}_{{R_VERSION_ALT}}-py{{PYTHON_VERSION}}_{{PYTHON_VERSION_ALT}} \ - # ghcr.io/rstudio/${IMAGE_NAME}:${OS} \ - # ghcr.io/rstudio/${IMAGE_NAME}:${OS}-r{{R_VERSION}}-py{{PYTHON_VERSION}} \ - # ghcr.io/rstudio/${IMAGE_NAME}:${OS}-r{{R_VERSION}}_{{R_VERSION_ALT}}-py{{PYTHON_VERSION}}_{{PYTHON_VERSION_ALT}} - - echo ghcr.io/rstudio/${IMAGE_NAME}:${OS} \ - ghcr.io/rstudio/${IMAGE_NAME}:${OS}-r{{R_VERSION}}-py{{PYTHON_VERSION}} \ - ghcr.io/rstudio/${IMAGE_NAME}:${OS}-r{{R_VERSION}}_{{R_VERSION_ALT}}-py{{PYTHON_VERSION}}_{{PYTHON_VERSION_ALT}} - -# just BUILDX_PATH=~/.buildx test-base ubuntu1804 base -test-base $OS $TYPE="base" $BRANCH=`git branch --show`: +# just get-base-tags ubuntu2204 base|pro +get-base-tags $OS $TYPE="base" $BRANCH=`git branch --show`: #!/usr/bin/env bash set -euxo pipefail - - # set short name - if [[ $TYPE == "base" ]]; then + IMAGE_NAME="" + if [[ $TYPE == "base" || $TYPE == "product-base" ]]; then IMAGE_NAME="product-base" - if [[ $BRANCH != "main" ]]; then - IMAGE_NAME="${IMAGE_NAME}-dev" - fi - just IMAGE_OS="${OS}" R_VERSION={{R_VERSION}} R_VERSION_ALT={{R_VERSION_ALT}} PYTHON_VERSION={{PYTHON_VERSION}} PYTHON_VERSION_ALT={{PYTHON_VERSION_ALT}} product/base/test ghcr.io/rstudio/${IMAGE_NAME}:${OS}-r{{R_VERSION}}_{{R_VERSION_ALT}}-py{{PYTHON_VERSION}}_{{PYTHON_VERSION_ALT}} - elif [[ $TYPE == "base-pro" || $TYPE == "pro" ]]; then + elif [[ $TYPE == "base-pro" || $TYPE == "pro" || $TYPE == "product-base-pro" ]]; then IMAGE_NAME="product-base-pro" - if [[ $BRANCH != "main" ]]; then - IMAGE_NAME="${IMAGE_NAME}-dev" - fi - just IMAGE_OS="${OS}" R_VERSION={{R_VERSION}} R_VERSION_ALT={{R_VERSION_ALT}} PYTHON_VERSION={{PYTHON_VERSION}} PYTHON_VERSION_ALT={{PYTHON_VERSION_ALT}} product/pro/test ghcr.io/rstudio/${IMAGE_NAME}:${OS}-r{{R_VERSION}}_{{R_VERSION_ALT}}-py{{PYTHON_VERSION}}_{{PYTHON_VERSION_ALT}} fi + if [[ $BRANCH != "main" ]]; then + IMAGE_NAME="${IMAGE_NAME}-dev" + fi + + echo ghcr.io/rstudio/${IMAGE_NAME}:${OS}-r{{R_VERSION}}_{{R_VERSION_ALT}}-py{{PYTHON_VERSION}}_{{PYTHON_VERSION_ALT}},\ + ghcr.io/rstudio/${IMAGE_NAME}:${OS}-r{{R_VERSION}}-py{{PYTHON_VERSION}},\ + ghcr.io/rstudio/${IMAGE_NAME}:${OS} -# just BUILDX_PATH=~/.buildx build-release workbench ubuntu1804 12.0.11-11 -build-release $PRODUCT $OS $VERSION $BRANCH=`git branch --show` $SHA_SHORT=`git rev-parse --short HEAD`: +# just get-product-args connect ubuntu2204 2023.05.0 +get-product-args $PRODUCT $OS $VERSION $BRANCH=`git branch --show` $SHA_SHORT=`git rev-parse --short HEAD`: #!/usr/bin/env bash set -euxo pipefail + RSW_DOWNLOAD_URL=$(just -f ci.Justfile _get-rsw-download-url release $OS) - # variable placeholders - RSW_DOWNLOAD_URL=`just -f ci.Justfile _get-rsw-download-url release $OS` - BUILDX_ARGS="" - SHORT_NAME="" - TAG_CLEAN_VERSION=`just _get-clean-version $VERSION` - - # set short name and source image name - SRC_IMAGE_NAME="" if [[ $PRODUCT == "workbench" || $PRODUCT == "r-session-complete" || $PRODUCT == "workbench-for-microsoft-azure-ml" ]]; then SHORT_NAME="RSW" + elif [[ $PRODUCT == "connect" || $PRODUCT == "connect-content-init" ]]; then + SHORT_NAME="RSC" + elif [[ $PRODUCT == "package-manager" ]]; then + SHORT_NAME="RSPM" + fi + + # set source image name + SRC_IMAGE_NAME="" + if [[ $PRODUCT == "workbench" || $PRODUCT == "r-session-complete" || $PRODUCT == "workbench-for-microsoft-azure-ml" || $PRODUCT == "connect" ]]; then if [[ $BRANCH == "main" ]]; then SRC_IMAGE_NAME="product-base-pro" else SRC_IMAGE_NAME="product-base-pro-dev" fi + fi + + if [[ "${OS}" == "centos7" ]]; then + _DRIVERS_VERSION="{{ DRIVERS_VERSION_RHEL }}" + else + _DRIVERS_VERSION="{{ DRIVERS_VERSION }}" + fi + + printf "${SHORT_NAME}_VERSION=${VERSION} + R_VERSION={{ R_VERSION }} + R_VERSION_ALT={{ R_VERSION_ALT }} + PYTHON_VERSION={{ PYTHON_VERSION }} + PYTHON_VERSION_ALT={{ PYTHON_VERSION_ALT }} + PYTHON_VERSION_JUPYTER={{ PYTHON_VERSION_ALT }} + QUARTO_VERSION={{ QUARTO_VERSION }} + DRIVERS_VERSION=${_DRIVERS_VERSION} + SRC_IMAGE_NAME=${SRC_IMAGE_NAME} + RSW_DOWNLOAD_URL=${RSW_DOWNLOAD_URL}" + +# just get-product-tags connect ubuntu2204 2023.05.0 +get-product-tags $PRODUCT $OS $VERSION $BRANCH=`git branch --show` $SHA_SHORT=`git rev-parse --short HEAD`: + #!/usr/bin/env bash + set -euxo pipefail + + # variable placeholders + SHORT_NAME="" + TAG_CLEAN_VERSION=$(just _get-clean-version $VERSION) + + # set short name and source image name + if [[ $PRODUCT == "workbench" || $PRODUCT == "r-session-complete" || $PRODUCT == "workbench-for-microsoft-azure-ml" ]]; then + SHORT_NAME="RSW" elif [[ $PRODUCT == "connect" ]]; then SHORT_NAME="RSC" - if [[ $BRANCH == "main" ]]; then - SRC_IMAGE_NAME="product-base-pro" - else - SRC_IMAGE_NAME="product-base-pro-dev" - fi elif [[ $PRODUCT == "package-manager" ]]; then SHORT_NAME="RSPM" fi @@ -161,71 +179,72 @@ build-release $PRODUCT $OS $VERSION $BRANCH=`git branch --show` $SHA_SHORT=`git for os_name in ${OS_ALIASES[@]}; do tag_array+=( - "-t" "rstudio/${IMAGE_PREFIX}${PRODUCT}:${os_name}" - "-t" "rstudio/${IMAGE_PREFIX}${PRODUCT}:${os_name}-${TAG_CLEAN_VERSION}" - "-t" "rstudio/${IMAGE_PREFIX}${PRODUCT}:${os_name}-${TAG_CLEAN_VERSION}--${SHA_SHORT}" - "-t" "ghcr.io/rstudio/${IMAGE_PREFIX}${PRODUCT}:${os_name}" - "-t" "ghcr.io/rstudio/${IMAGE_PREFIX}${PRODUCT}:${os_name}-${TAG_CLEAN_VERSION}" - "-t" "ghcr.io/rstudio/${IMAGE_PREFIX}${PRODUCT}:${os_name}-${TAG_CLEAN_VERSION}--${SHA_SHORT}" + "rstudio/${IMAGE_PREFIX}${PRODUCT}:${os_name}-${TAG_CLEAN_VERSION}--${SHA_SHORT}" + "rstudio/${IMAGE_PREFIX}${PRODUCT}:${os_name}-${TAG_CLEAN_VERSION}" + "rstudio/${IMAGE_PREFIX}${PRODUCT}:${os_name}" + "ghcr.io/rstudio/${IMAGE_PREFIX}${PRODUCT}:${os_name}-${TAG_CLEAN_VERSION}--${SHA_SHORT}" + "ghcr.io/rstudio/${IMAGE_PREFIX}${PRODUCT}:${os_name}-${TAG_CLEAN_VERSION}" + "ghcr.io/rstudio/${IMAGE_PREFIX}${PRODUCT}:${os_name}" ) done + tags=$(IFS="," ; echo "${tag_array[*]}") + echo "${tags}" - # set buildx args - if [[ "{{BUILDX_PATH}}" != "" ]]; then - BUILDX_ARGS="--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,dest=/tmp/.buildx-cache" - fi - - docker buildx --builder="{{BUILDX_PATH}}" build --load $BUILDX_ARGS \ - ${tag_array[@]} \ - --build-arg "$SHORT_NAME"_VERSION=$VERSION \ - --build-arg RSW_DOWNLOAD_URL=$RSW_DOWNLOAD_URL \ - --build-arg R_VERSION="{{ R_VERSION }}" \ - --build-arg R_VERSION_ALT="{{ R_VERSION_ALT }}" \ - --build-arg PYTHON_VERSION="{{ PYTHON_VERSION }}" \ - --build-arg PYTHON_VERSION_ALT="{{ PYTHON_VERSION_ALT }}" \ - --build-arg SRC_IMAGE_NAME="${SRC_IMAGE_NAME}" \ - --file=./${PRODUCT}/Dockerfile.$(just _parse-os ${OS}) ${PRODUCT} - - echo ${tag_array[*]//-t/} - -# just BUILDX_PATH=~/.buildx build-preview preview workbench ubuntu1804 12.0.11-11 -build-preview $TYPE $PRODUCT $OS $VERSION $BRANCH=`git branch --show`: +# just get-prerelease-args preview|daily connect ubuntu2204 2023.05.0 +get-prerelease-args $TYPE $PRODUCT $OS $VERSION $BRANCH=`git branch --show`: #!/usr/bin/env bash set -euxo pipefail - # variable placeholders - BRANCH_PREFIX="" - RSW_DOWNLOAD_URL=`just -f ci.Justfile _get-rsw-download-url $TYPE $OS` - BUILDX_ARGS="" - SHORT_NAME="" - TAG_CLEAN_VERSION=`just _get-clean-version $VERSION` - TAG_VERSION=`just _get-tag-safe-version $VERSION` + RSW_DOWNLOAD_URL=$(just -f ci.Justfile _get-rsw-download-url $TYPE $OS) - # set branch prefix - if [[ $BRANCH == "dev" ]]; then - BRANCH_PREFIX="dev-" - elif [[ $BRANCH == "dev-rspm" ]]; then - BRANCH_PREFIX="dev-rspm-" + if [[ $PRODUCT == "workbench" || $PRODUCT == "r-session-complete" || $PRODUCT == "workbench-for-microsoft-azure-ml" ]]; then + SHORT_NAME="RSW" + elif [[ $PRODUCT == "connect" || $PRODUCT == "connect-content-init" ]]; then + SHORT_NAME="RSC" + elif [[ $PRODUCT == "package-manager" ]]; then + SHORT_NAME="RSPM" fi - # set short name + # set source image name SRC_IMAGE_NAME="" - if [[ $PRODUCT == "workbench" || $PRODUCT == "r-session-complete" || $PRODUCT == "workbench-for-microsoft-azure-ml" ]]; then - SHORT_NAME="RSW" + if [[ $PRODUCT == "workbench" || $PRODUCT == "r-session-complete" || $PRODUCT == "workbench-for-microsoft-azure-ml" || $PRODUCT == "connect" ]]; then if [[ $BRANCH == "main" ]]; then SRC_IMAGE_NAME="product-base-pro" else SRC_IMAGE_NAME="product-base-pro-dev" fi - elif [[ $PRODUCT == "connect" || $PRODUCT == "connect-content-init" ]]; then - SHORT_NAME="RSC" - if [[ $BRANCH == "main" ]]; then - SRC_IMAGE_NAME="product-base" - else - SRC_IMAGE_NAME="product-base-dev" - fi - elif [[ $PRODUCT == "package-manager" ]]; then - SHORT_NAME="RSPM" + fi + + if [[ "${OS}" == "centos7" ]]; then + _DRIVERS_VERSION="{{ DRIVERS_VERSION_RHEL }}" + else + _DRIVERS_VERSION="{{ DRIVERS_VERSION }}" + fi + + printf "${SHORT_NAME}_VERSION=${VERSION} + R_VERSION={{ R_VERSION }} + R_VERSION_ALT={{ R_VERSION_ALT }} + PYTHON_VERSION={{ PYTHON_VERSION }} + PYTHON_VERSION_ALT={{ PYTHON_VERSION_ALT }} + PYTHON_VERSION_JUPYTER={{ PYTHON_VERSION_ALT }} + QUARTO_VERSION={{ QUARTO_VERSION }} + DRIVERS_VERSION=${_DRIVERS_VERSION} + SRC_IMAGE_NAME=${SRC_IMAGE_NAME} + RSW_DOWNLOAD_URL=${RSW_DOWNLOAD_URL}" + +# just get-prerelease-tags preview|daily connect ubuntu2204 2023.05.0 +get-prerelease-tags $TYPE $PRODUCT $OS $VERSION $BRANCH=`git branch --show`: + #!/usr/bin/env bash + set -euxo pipefail + + # variable placeholders + BRANCH_PREFIX="" + TAG_CLEAN_VERSION=$(just _get-clean-version $VERSION) + TAG_VERSION=$(just _get-tag-safe-version $VERSION) + + # set branch prefix + if [[ ! -z $BRANCH ]] && [[ $BRANCH != "main" ]]; then + BRANCH_PREFIX="${BRANCH}-" fi # set image prefix @@ -240,59 +259,30 @@ build-preview $TYPE $PRODUCT $OS $VERSION $BRANCH=`git branch --show`: for os_name in ${OS_ALIASES[@]}; do tag_array+=( - "-t" "rstudio/${IMAGE_PREFIX}${PRODUCT}-preview:${BRANCH_PREFIX}${os_name}-${TAG_VERSION}" - "-t" "rstudio/${IMAGE_PREFIX}${PRODUCT}-preview:${BRANCH_PREFIX}${os_name}-${TAG_CLEAN_VERSION}" - "-t" "rstudio/${IMAGE_PREFIX}${PRODUCT}-preview:${BRANCH_PREFIX}${os_name}-${TYPE}" - "-t" "ghcr.io/rstudio/${IMAGE_PREFIX}${PRODUCT}-preview:${BRANCH_PREFIX}${os_name}-${TAG_VERSION}" - "-t" "ghcr.io/rstudio/${IMAGE_PREFIX}${PRODUCT}-preview:${BRANCH_PREFIX}${os_name}-${TAG_CLEAN_VERSION}" - "-t" "ghcr.io/rstudio/${IMAGE_PREFIX}${PRODUCT}-preview:${BRANCH_PREFIX}${os_name}-${TYPE}" + "rstudio/${IMAGE_PREFIX}${PRODUCT}-preview:${BRANCH_PREFIX}${os_name}-${TAG_VERSION}" + "rstudio/${IMAGE_PREFIX}${PRODUCT}-preview:${BRANCH_PREFIX}${os_name}-${TAG_CLEAN_VERSION}" + "rstudio/${IMAGE_PREFIX}${PRODUCT}-preview:${BRANCH_PREFIX}${os_name}-${TYPE}" + "ghcr.io/rstudio/${IMAGE_PREFIX}${PRODUCT}-preview:${BRANCH_PREFIX}${os_name}-${TAG_VERSION}" + "ghcr.io/rstudio/${IMAGE_PREFIX}${PRODUCT}-preview:${BRANCH_PREFIX}${os_name}-${TAG_CLEAN_VERSION}" + "ghcr.io/rstudio/${IMAGE_PREFIX}${PRODUCT}-preview:${BRANCH_PREFIX}${os_name}-${TYPE}" ) done + tags=$(IFS="," ; echo "${tag_array[*]}") + echo "${tags}" - # set buildx args - if [[ "{{BUILDX_PATH}}" != "" ]]; then - BUILDX_ARGS="--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,dest=/tmp/.buildx-cache" - fi - - docker buildx --builder="{{BUILDX_PATH}}" build --load $BUILDX_ARGS \ - ${tag_array[@]} \ - --build-arg ${SHORT_NAME}_VERSION=$VERSION \ - --build-arg RSW_DOWNLOAD_URL=$RSW_DOWNLOAD_URL \ - --build-arg R_VERSION="{{ R_VERSION }}" \ - --build-arg R_VERSION_ALT="{{ R_VERSION_ALT }}" \ - --build-arg PYTHON_VERSION="{{ PYTHON_VERSION }}" \ - --build-arg PYTHON_VERSION_ALT="{{ PYTHON_VERSION_ALT }}" \ - --build-arg SRC_IMAGE_NAME="${SRC_IMAGE_NAME}" \ - --file=./${PRODUCT}/Dockerfile.$(just _parse-os ${OS}) ${PRODUCT} - - # These tags are propogated forward to test-images and push-images in builds. It is important that these tags match the build tags above. - echo ${tag_array[*]//-t/} - -# just push-images tag1 tag2 ... -push-images +IMAGES: +# just get-content-args 4.2.3 3.9.17 +get-content-args r-ver py-ver drivers-ver="": #!/usr/bin/env bash - set -euxo pipefail - for IMAGE in {{IMAGES}} - do - docker push $IMAGE - done + printf "R_VERSION={{r-ver}} + PYTHON_VERSION={{py-ver}} + DRIVERS_VERSION={{drivers-ver}}" -# just _get-rsw-download-url release ubuntu1804 -_get-rsw-download-url TYPE OS: +# just get-content-tags content-base|content-pro 4.2.3 3.9.17 ubuntu2204 +get-content-tags image-name r-ver py-ver os: #!/usr/bin/env bash - URL_OS="{{OS}}" - if [[ "{{OS}}" == "ubuntu1804" ]]; then - URL_OS="bionic" - elif [[ "{{OS}}" == "ubuntu2204" ]]; then - URL_OS="jammy" - fi - - if [[ "{{TYPE}}" == "release" ]]; then - echo "https://download2.rstudio.org/server/${URL_OS}/{{ if OS == "centos7" { "x86_64"} else { "amd64" } }}" - else - echo "https://s3.amazonaws.com/rstudio-ide-build/server/${URL_OS}/{{ if OS == "centos7" { "x86_64"} else { "amd64" } }}" - fi - -# just get-version workbench --type=preview --local -get-version +NARGS: - ./tools/get-version.py {{NARGS}} + OS=$(just _parse-os {{os}}) + OS_ALT=$(just _rev-parse-os {{os}}) + echo rstudio/{{image-name}}:r{{r-ver}}-py{{py-ver}}-${OS},\ + ghcr.io/rstudio/{{image-name}}:r{{r-ver}}-py{{py-ver}}-${OS},\ + rstudio/{{image-name}}:r{{r-ver}}-py{{py-ver}}-${OS_ALT},\ + ghcr.io/rstudio/{{image-name}}:r{{r-ver}}-py{{py-ver}}-${OS_ALT} diff --git a/connect/.env b/connect/.env index ab47694b..f49808f4 100644 --- a/connect/.env +++ b/connect/.env @@ -1,5 +1,5 @@ RSC_VERSION=2023.06.0 -R_VERSION=3.6.2 -R_VERSION_ALT=4.1.0 -PYTHON_VERSION=3.9.5 -PYTHON_VERSION_ALT=3.8.10 +R_VERSION=4.2.3 +R_VERSION_ALT=4.1.3 +PYTHON_VERSION=3.9.17 +PYTHON_VERSION_ALT=3.8.17 diff --git a/connect/Dockerfile.ubuntu2204 b/connect/Dockerfile.ubuntu2204 index 83e8c41f..75968777 100644 --- a/connect/Dockerfile.ubuntu2204 +++ b/connect/Dockerfile.ubuntu2204 @@ -1,7 +1,7 @@ -ARG R_VERSION=4.2.0 -ARG R_VERSION_ALT=3.6.2 -ARG PYTHON_VERSION=3.9.5 -ARG PYTHON_VERSION_ALT=3.8.10 +ARG R_VERSION=4.2.3 +ARG R_VERSION_ALT=4.1.3 +ARG PYTHON_VERSION=3.9.17 +ARG PYTHON_VERSION_ALT=3.8.17 ARG SRC_IMAGE_NAME=product-base-pro ARG REGISTRY=ghcr.io FROM ${REGISTRY}/rstudio/${SRC_IMAGE_NAME}:ubuntu2204-r${R_VERSION}_${R_VERSION_ALT}-py${PYTHON_VERSION}_${PYTHON_VERSION_ALT} @@ -9,6 +9,10 @@ LABEL maintainer="RStudio Docker " COPY --chmod=0775 startup.sh /usr/local/bin/startup.sh +ARG R_VERSION=4.2.3 +ARG R_VERSION_ALT=4.1.3 +ARG PYTHON_VERSION=3.9.17 +ARG PYTHON_VERSION_ALT=3.8.17 ARG RSC_VERSION=2023.06.0 SHELL [ "/bin/bash", "-o", "pipefail", "-c"] RUN apt-get update --fix-missing \ @@ -30,6 +34,8 @@ EXPOSE 3939/tcp ENV RSC_LICENSE "" ENV RSC_LICENSE_SERVER "" COPY rstudio-connect.gcfg /etc/rstudio-connect/rstudio-connect.gcfg +RUN sed -i "s/{{PYTHON_VERSION}}/${PYTHON_VERSION}/g" /etc/rstudio-connect/rstudio-connect.gcfg \ + && sed -i "s/{{PYTHON_VERSION_ALT}}/${PYTHON_VERSION_ALT}/g" /etc/rstudio-connect/rstudio-connect.gcfg VOLUME ["/data"] ENTRYPOINT ["tini", "--"] diff --git a/connect/Justfile b/connect/Justfile index a5b77cc4..7a1d9a2c 100644 --- a/connect/Justfile +++ b/connect/Justfile @@ -10,11 +10,11 @@ RSC_VERSION := "2023.06.0" RSC_LICENSE := "" RSC_LICENSE_SERVER := "" -R_VERSION := "3.6.2" -R_VERSION_ALT := "4.1.0" +R_VERSION := "4.2.3" +R_VERSION_ALT := "4.1.3" -PYTHON_VERSION := "3.9.5" -PYTHON_VERSION_ALT := "3.8.10" +PYTHON_VERSION := "3.9.17" +PYTHON_VERSION_ALT := "3.8.17" PERSIST_LICENSE := "false" PERSIST_LICENSE_DIR := join(justfile_directory(), "tmp-lic") diff --git a/connect/NEWS.md b/connect/NEWS.md index 5710060f..691712a0 100644 --- a/connect/NEWS.md +++ b/connect/NEWS.md @@ -1,3 +1,6 @@ +# 2023-07-25 +- Changed `rstudio-connect.gcfg` Python version numbers behavior from statically defined to dynamically filled on build. + # 2023-07-10 - BREAKING: Deprecate the Ubuntu 18.04 (Bionic Beaver) images. diff --git a/connect/rstudio-connect.gcfg b/connect/rstudio-connect.gcfg index 99407028..376d08c2 100644 --- a/connect/rstudio-connect.gcfg +++ b/connect/rstudio-connect.gcfg @@ -30,8 +30,8 @@ Provider = password [Python] Enabled = true -Executable = /opt/python/3.8.10/bin/python -Executable = /opt/python/3.9.5/bin/python +Executable = /opt/python/{{PYTHON_VERSION}}/bin/python +Executable = /opt/python/{{PYTHON_VERSION_ALT}}/bin/python [Quarto] Enabled = true diff --git a/content/base/Justfile b/content/base/Justfile index d4b6d008..7744929a 100755 --- a/content/base/Justfile +++ b/content/base/Justfile @@ -10,7 +10,7 @@ R_VERSION := "3.6.3" PYTHON_VERSION := "3.9.5" -QUARTO_VERSION := "1.1.251" +QUARTO_VERSION := "1.3.340" DEFAULT_TAG := IMAGE_PREFIX + PRODUCT + ":r" + R_VERSION + "-py" + PYTHON_VERSION + "-" + IMAGE_OS diff --git a/content/base/maybe_install_quarto.sh b/content/base/maybe_install_quarto.sh index 8a0e6889..cb06e6c8 100755 --- a/content/base/maybe_install_quarto.sh +++ b/content/base/maybe_install_quarto.sh @@ -3,7 +3,7 @@ # on bionic, only install quarto if python 3.10 and R 4.1 # TODO: figure out a different hierarchy... if [[ `grep -oE bionic /etc/lsb-release` ]] && [[ `ls /opt/python/ | grep '3\.10\.'` ]] && [[ `ls /opt/R | grep '4\.1\.'` ]]; then - qver=${QUARTO_VERSION:-1.0.37} + qver=${QUARTO_VERSION:-1.3.340} echo '--> Installing Quarto' curl -L -o /quarto.deb https://github.com/quarto-dev/quarto-cli/releases/download/v${qver}/quarto-${qver}-linux-amd64.deb apt install /quarto.deb diff --git a/package-manager/.env b/package-manager/.env index 64dc554f..4c45a9de 100644 --- a/package-manager/.env +++ b/package-manager/.env @@ -1,3 +1,3 @@ RSPM_VERSION=2023.04.0-6 -R_VERSION=4.2.0 -R_VERSION_ALT=3.6.2 +R_VERSION=4.2.3 +R_VERSION_ALT=4.1.3 diff --git a/package-manager/Dockerfile.ubuntu1804 b/package-manager/Dockerfile.ubuntu1804 index 6217f999..dfd1b537 100644 --- a/package-manager/Dockerfile.ubuntu1804 +++ b/package-manager/Dockerfile.ubuntu1804 @@ -1,4 +1,4 @@ -ARG R_VERSION=4.2.0 +ARG R_VERSION=4.2.3 FROM rstudio/r-base:${R_VERSION}-bionic LABEL maintainer="RStudio Docker " @@ -18,7 +18,7 @@ RUN curl -L -o /usr/local/bin/tini https://github.com/krallin/tini/releases/down # Add another R version -------------------------------------------------------# -ARG R_VERSION_ALT=3.6.2 +ARG R_VERSION_ALT=4.1.3 RUN apt-get update -qq && \ curl -O https://cdn.rstudio.com/r/ubuntu-1804/pkgs/r-${R_VERSION_ALT}_1_amd64.deb && \ DEBIAN_FRONTEND=noninteractive apt-get install -y ./r-${R_VERSION_ALT}_1_amd64.deb && \ diff --git a/package-manager/Dockerfile.ubuntu1804.draft b/package-manager/Dockerfile.ubuntu1804.draft index d08e962b..88507a1d 100644 --- a/package-manager/Dockerfile.ubuntu1804.draft +++ b/package-manager/Dockerfile.ubuntu1804.draft @@ -1,6 +1,6 @@ -ARG R_VERSION=4.2.0 -ARG R_VERSION_ALT=3.6.2 -ARG PYTHON_VERSION=3.9.5 +ARG R_VERSION=4.2.3 +ARG R_VERSION_ALT=4.1.3 +ARG PYTHON_VERSION=3.9.17 ARG PYTHON_VERSION_ALT=3.8.10 ARG SRC_IMAGE_NAME=product-base ARG REGISTRY=ghcr.io diff --git a/package-manager/Dockerfile.ubuntu2204 b/package-manager/Dockerfile.ubuntu2204 index ec29a59a..aeffa1c6 100644 --- a/package-manager/Dockerfile.ubuntu2204 +++ b/package-manager/Dockerfile.ubuntu2204 @@ -1,4 +1,4 @@ -ARG R_VERSION=4.2.0 +ARG R_VERSION=4.2.3 FROM rstudio/r-base:${R_VERSION}-jammy LABEL maintainer="RStudio Docker " @@ -18,7 +18,7 @@ RUN curl -L -o /usr/local/bin/tini https://github.com/krallin/tini/releases/down # Add another R version -------------------------------------------------------# -ARG R_VERSION_ALT=3.6.2 +ARG R_VERSION_ALT=4.1.3 RUN apt-get update -qq && \ curl -O https://cdn.rstudio.com/r/ubuntu-2204/pkgs/r-${R_VERSION_ALT}_1_amd64.deb && \ DEBIAN_FRONTEND=noninteractive apt-get install -y ./r-${R_VERSION_ALT}_1_amd64.deb && \ diff --git a/package-manager/Dockerfile.ubuntu2204.draft b/package-manager/Dockerfile.ubuntu2204.draft index 20b47705..67b63c97 100644 --- a/package-manager/Dockerfile.ubuntu2204.draft +++ b/package-manager/Dockerfile.ubuntu2204.draft @@ -1,6 +1,6 @@ -ARG R_VERSION=4.2.0 -ARG R_VERSION_ALT=3.6.2 -ARG PYTHON_VERSION=3.9.5 +ARG R_VERSION=4.2.3 +ARG R_VERSION_ALT=4.1.3 +ARG PYTHON_VERSION=3.9.17 ARG PYTHON_VERSION_ALT=3.8.10 ARG SRC_IMAGE_NAME=product-base ARG REGISTRY=ghcr.io diff --git a/package-manager/Justfile b/package-manager/Justfile index 642ca504..4df263ed 100644 --- a/package-manager/Justfile +++ b/package-manager/Justfile @@ -10,11 +10,11 @@ RSPM_VERSION := "2023.04.0-6" RSPM_LICENSE := "" RSPM_LICENSE_SERVER := "" -R_VERSION := "3.6.2" -R_VERSION_ALT := "4.1.0" +R_VERSION := "4.2.3" +R_VERSION_ALT := "4.1.3" -PYTHON_VERSION := "3.9.5" -PYTHON_VERSION_ALT := "3.8.10" +PYTHON_VERSION := "3.9.17" +PYTHON_VERSION_ALT := "3.8.17" PERSIST_LICENSE := "false" PERSIST_LICENSE_DIR := join(justfile_directory(), "tmp-lic") diff --git a/package-manager/NEWS.md b/package-manager/NEWS.md index e59ffc4e..419b0847 100644 --- a/package-manager/NEWS.md +++ b/package-manager/NEWS.md @@ -1,3 +1,6 @@ +# 2023-07-25 +- Changed `rstudio-pm.gcfg` R version number behavior from statically defined to dynamically filled on build. + # 2022.11.4-20 - Mid-release, we accidentally bumped the version of R. To mitigate issues, we added another version of R, diff --git a/package-manager/README.md b/package-manager/README.md index fea1b0a1..5783f37c 100644 --- a/package-manager/README.md +++ b/package-manager/README.md @@ -7,7 +7,7 @@ # Supported tags and respective Dockerfile links * [`2023.04.0`, `bionic`, `ubuntu1804`, `bionic-2023.04.0`, `ubuntu1804-2023.04.0`](https://github.com/rstudio/rstudio-docker-products/blob/main/package-manager/Dockerfile.ubuntu1804) -* [`jammy`, `ubuntu2204`, `jammy-2022.11.4`, `ubuntu2204-2023.04.0`](https://github.com/rstudio/rstudio-docker-products/blob/main/package-manager/Dockerfile.ubuntu2204) +* [`jammy`, `ubuntu2204`, `jammy-2023.04.0`, `ubuntu2204-2023.04.0`](https://github.com/rstudio/rstudio-docker-products/blob/main/package-manager/Dockerfile.ubuntu2204) # What is RStudio Package Manager? diff --git a/package-manager/rstudio-pm.gcfg b/package-manager/rstudio-pm.gcfg index ae878c46..1f1c62cf 100644 --- a/package-manager/rstudio-pm.gcfg +++ b/package-manager/rstudio-pm.gcfg @@ -11,7 +11,7 @@ Address = ; ; Git sources require a configured R installation. R is often installed at `/usr/lib/R` ; or `/usr/lib64/R`. -RVersion = /opt/R/3.6.2/ +RVersion = /opt/R/4.2.3/ ; ; Customize the data directory if necessary. This is where all packages and metadata are ; stored by default. Refer to Admin Guide for details. diff --git a/product/base/Dockerfile.centos7 b/product/base/Dockerfile.centos7 index cd9201ed..aa15f9c8 100644 --- a/product/base/Dockerfile.centos7 +++ b/product/base/Dockerfile.centos7 @@ -4,8 +4,8 @@ LABEL maintainer="Posit Docker " ### ARG declarations ### ARG R_VERSION=4.2.0 ARG R_VERSION_ALT=3.6.2 -ARG PYTHON_VERSION=3.9.5 -ARG PYTHON_VERSION_ALT=3.8.10 +ARG PYTHON_VERSION=3.9.14 +ARG PYTHON_VERSION_ALT=3.8.15 ARG TINI_VERSION=0.19.0 ARG QUARTO_VERSION=1.3.340 diff --git a/product/base/Dockerfile.ubuntu1804 b/product/base/Dockerfile.ubuntu1804 index 75a860c3..8c338887 100644 --- a/product/base/Dockerfile.ubuntu1804 +++ b/product/base/Dockerfile.ubuntu1804 @@ -3,10 +3,10 @@ LABEL maintainer="Posit Docker " ### ARG declarations ### ARG DEBIAN_FRONTEND=noninteractive -ARG R_VERSION=4.2.0 -ARG R_VERSION_ALT=3.6.2 -ARG PYTHON_VERSION=3.9.5 -ARG PYTHON_VERSION_ALT=3.8.10 +ARG R_VERSION=4.2.3 +ARG R_VERSION_ALT=4.1.3 +ARG PYTHON_VERSION=3.9.17 +ARG PYTHON_VERSION_ALT=3.8.17 ARG TINI_VERSION=0.19.0 ARG QUARTO_VERSION=1.3.340 diff --git a/product/base/Dockerfile.ubuntu2204 b/product/base/Dockerfile.ubuntu2204 index 49a8029f..b5f9daec 100644 --- a/product/base/Dockerfile.ubuntu2204 +++ b/product/base/Dockerfile.ubuntu2204 @@ -3,10 +3,10 @@ LABEL maintainer="Posit Docker " ### ARG declarations ### ARG DEBIAN_FRONTEND=noninteractive -ARG R_VERSION=4.2.0 -ARG R_VERSION_ALT=3.6.2 -ARG PYTHON_VERSION=3.9.5 -ARG PYTHON_VERSION_ALT=3.8.10 +ARG R_VERSION=4.2.3 +ARG R_VERSION_ALT=4.1.3 +ARG PYTHON_VERSION=3.9.17 +ARG PYTHON_VERSION_ALT=3.8.17 ARG TINI_VERSION=0.19.0 ARG QUARTO_VERSION=1.3.340 diff --git a/product/base/Justfile b/product/base/Justfile index 30626cae..b011a4ce 100755 --- a/product/base/Justfile +++ b/product/base/Justfile @@ -7,11 +7,11 @@ IMAGE_OS := "ubuntu1804" IMAGE_REGISTRY := "rstudio" -R_VERSION := "4.1.0" -R_VERSION_ALT := "3.6.2" +R_VERSION := "4.2.3" +R_VERSION_ALT := "4.1.3" -PYTHON_VERSION := "3.9.5" -PYTHON_VERSION_ALT := "3.8.10" +PYTHON_VERSION := "3.9.17" +PYTHON_VERSION_ALT := "3.8.17" TINI_VERSION := "0.19.0" QUARTO_VERSION := "1.3.340" diff --git a/product/pro/Dockerfile.centos7 b/product/pro/Dockerfile.centos7 index 1db485e2..641a3fd4 100644 --- a/product/pro/Dockerfile.centos7 +++ b/product/pro/Dockerfile.centos7 @@ -1,7 +1,7 @@ ARG R_VERSION=4.2.0 ARG R_VERSION_ALT=3.6.2 -ARG PYTHON_VERSION=3.9.5 -ARG PYTHON_VERSION_ALT=3.8.10 +ARG PYTHON_VERSION=3.9.14 +ARG PYTHON_VERSION_ALT=3.8.15 ARG SRC_IMAGE_NAME=product-base ARG REGISTRY=ghcr.io FROM ${REGISTRY}/rstudio/${SRC_IMAGE_NAME}:centos7-r${R_VERSION}_${R_VERSION_ALT}-py${PYTHON_VERSION}_${PYTHON_VERSION_ALT} @@ -9,8 +9,8 @@ LABEL maintainer="Posit Docker " ARG R_VERSION=4.2.0 ARG R_VERSION_ALT=3.6.2 -ARG PYTHON_VERSION=3.9.5 -ARG PYTHON_VERSION_ALT=3.8.10 +ARG PYTHON_VERSION=3.9.14 +ARG PYTHON_VERSION_ALT=3.8.15 ARG DRIVERS_VERSION=2023.05.0-1 RUN yum update -y \ diff --git a/product/pro/Dockerfile.ubuntu1804 b/product/pro/Dockerfile.ubuntu1804 index 3c0c5ad5..cca5be57 100644 --- a/product/pro/Dockerfile.ubuntu1804 +++ b/product/pro/Dockerfile.ubuntu1804 @@ -1,17 +1,17 @@ -ARG R_VERSION=4.2.0 -ARG R_VERSION_ALT=3.6.2 -ARG PYTHON_VERSION=3.9.5 -ARG PYTHON_VERSION_ALT=3.8.10 +ARG R_VERSION=4.2.3 +ARG R_VERSION_ALT=4.1.3 +ARG PYTHON_VERSION=3.9.17 +ARG PYTHON_VERSION_ALT=3.8.17 ARG SRC_IMAGE_NAME=product-base ARG REGISTRY=ghcr.io FROM ${REGISTRY}/rstudio/${SRC_IMAGE_NAME}:ubuntu1804-r${R_VERSION}_${R_VERSION_ALT}-py${PYTHON_VERSION}_${PYTHON_VERSION_ALT} LABEL maintainer="Posit Docker " ARG DEBIAN_FRONTEND=noninteractive -ARG R_VERSION=4.2.0 -ARG R_VERSION_ALT=3.6.2 -ARG PYTHON_VERSION=3.9.5 -ARG PYTHON_VERSION_ALT=3.8.10 +ARG R_VERSION=4.2.3 +ARG R_VERSION_ALT=4.1.3 +ARG PYTHON_VERSION=3.9.17 +ARG PYTHON_VERSION_ALT=3.8.17 ARG DRIVERS_VERSION=2023.05.0 RUN apt-get update \ diff --git a/product/pro/Dockerfile.ubuntu2204 b/product/pro/Dockerfile.ubuntu2204 index 2c6f9844..10f0981c 100644 --- a/product/pro/Dockerfile.ubuntu2204 +++ b/product/pro/Dockerfile.ubuntu2204 @@ -1,17 +1,17 @@ -ARG R_VERSION=4.2.0 -ARG R_VERSION_ALT=3.6.2 -ARG PYTHON_VERSION=3.9.5 -ARG PYTHON_VERSION_ALT=3.8.10 +ARG R_VERSION=4.2.3 +ARG R_VERSION_ALT=4.1.3 +ARG PYTHON_VERSION=3.9.17 +ARG PYTHON_VERSION_ALT=3.8.17 ARG SRC_IMAGE_NAME=product-base ARG REGISTRY=ghcr.io FROM ${REGISTRY}/rstudio/${SRC_IMAGE_NAME}:ubuntu2204-r${R_VERSION}_${R_VERSION_ALT}-py${PYTHON_VERSION}_${PYTHON_VERSION_ALT} LABEL maintainer="Posit Docker " ARG DEBIAN_FRONTEND=noninteractive -ARG R_VERSION=4.2.0 -ARG R_VERSION_ALT=3.6.2 -ARG PYTHON_VERSION=3.9.5 -ARG PYTHON_VERSION_ALT=3.8.10 +ARG R_VERSION=4.2.3 +ARG R_VERSION_ALT=4.1.3 +ARG PYTHON_VERSION=3.9.17 +ARG PYTHON_VERSION_ALT=3.8.17 ARG DRIVERS_VERSION=2023.05.0 RUN apt-get update \ diff --git a/product/pro/Justfile b/product/pro/Justfile index 1dab9599..f67f5ef1 100644 --- a/product/pro/Justfile +++ b/product/pro/Justfile @@ -7,11 +7,11 @@ IMAGE_OS := "ubuntu1804" IMAGE_REGISTRY := "rstudio" -R_VERSION := "4.1.0" -R_VERSION_ALT := "3.6.2" +R_VERSION := "4.2.3" +R_VERSION_ALT := "4.1.3" -PYTHON_VERSION := "3.9.5" -PYTHON_VERSION_ALT := "3.8.10" +PYTHON_VERSION := "3.9.17" +PYTHON_VERSION_ALT := "3.8.17" TINI_VERSION := "0.19.0" QUARTO_VERSION := "1.3.340" diff --git a/product/pro/test/goss.yaml b/product/pro/test/goss.yaml index d689e526..53ea2a34 100644 --- a/product/pro/test/goss.yaml +++ b/product/pro/test/goss.yaml @@ -22,7 +22,7 @@ package: rstudio-drivers: installed: true versions: - - "{{ .Env.DRIVERS_VERSION }}" + - {{ trimSuffix "-1" .Env.DRIVERS_VERSION }} # RHEL driver doesn't print the "-1" suffix in the package name file: /opt/R/{{.Env.R_VERSION}}/bin/R: diff --git a/r-session-complete/Dockerfile.ubuntu2204 b/r-session-complete/Dockerfile.ubuntu2204 index 14618c87..264c0f9e 100644 --- a/r-session-complete/Dockerfile.ubuntu2204 +++ b/r-session-complete/Dockerfile.ubuntu2204 @@ -1,7 +1,7 @@ ARG R_VERSION=4.2.3 ARG R_VERSION_ALT=4.1.3 -ARG PYTHON_VERSION=3.9.14 -ARG PYTHON_VERSION_ALT=3.8.15 +ARG PYTHON_VERSION=3.9.17 +ARG PYTHON_VERSION_ALT=3.8.17 ARG SRC_IMAGE_NAME=product-base-pro ARG REGISTRY=ghcr.io FROM ${REGISTRY}/rstudio/${SRC_IMAGE_NAME}:ubuntu2204-r${R_VERSION}_${R_VERSION_ALT}-py${PYTHON_VERSION}_${PYTHON_VERSION_ALT} @@ -10,8 +10,8 @@ LABEL maintainer="RStudio Docker " ARG DEBIAN_FRONTEND=noninteractive ARG R_VERSION=4.2.3 ARG R_VERSION_ALT=4.1.3 -ARG PYTHON_VERSION=3.9.14 -ARG PYTHON_VERSION_ALT=3.8.15 +ARG PYTHON_VERSION=3.9.17 +ARG PYTHON_VERSION_ALT=3.8.17 ARG RSW_VERSION=2023.06.1+524.pro1 ARG RSW_NAME=rstudio-workbench ARG RSW_DOWNLOAD_URL=https://download2.rstudio.org/server/jammy/amd64 diff --git a/workbench-for-microsoft-azure-ml/.env b/workbench-for-microsoft-azure-ml/.env index 9ec2b95b..1df43c24 100644 --- a/workbench-for-microsoft-azure-ml/.env +++ b/workbench-for-microsoft-azure-ml/.env @@ -3,6 +3,6 @@ RSW_DOWNLOAD_URL=https://download2.rstudio.org/server/bionic/amd64 RSW_NAME=rstudio-workbench PYTHON_VERSION=3.9.14 PYTHON_VERSION_ALT=3.8.15 -JUPYTER_PYTHON_VERSION=3.8.15 +PYTHON_VERSION_JUPYTER=3.8.15 R_VERSION_ALT=4.1.3 R_VERSION=4.2.3 diff --git a/workbench-for-microsoft-azure-ml/Dockerfile.ubuntu2204 b/workbench-for-microsoft-azure-ml/Dockerfile.ubuntu2204 index 4f609360..2a824290 100644 --- a/workbench-for-microsoft-azure-ml/Dockerfile.ubuntu2204 +++ b/workbench-for-microsoft-azure-ml/Dockerfile.ubuntu2204 @@ -1,7 +1,7 @@ ARG R_VERSION=4.2.3 ARG R_VERSION_ALT=4.1.3 -ARG PYTHON_VERSION=3.9.14 -ARG PYTHON_VERSION_ALT=3.8.15 +ARG PYTHON_VERSION=3.9.17 +ARG PYTHON_VERSION_ALT=3.8.17 ARG SRC_IMAGE_NAME=product-base-pro ARG REGISTRY=ghcr.io FROM ${REGISTRY}/rstudio/${SRC_IMAGE_NAME}:ubuntu2204-r${R_VERSION}_${R_VERSION_ALT}-py${PYTHON_VERSION}_${PYTHON_VERSION_ALT} AS workbench @@ -10,9 +10,9 @@ LABEL maintainer="RStudio Docker " ARG DEBIAN_FRONTEND=noninteractive ARG R_VERSION=4.2.3 ARG R_VERSION_ALT=4.1.3 -ARG PYTHON_VERSION=3.9.14 -ARG PYTHON_VERSION_ALT=3.8.15 -ARG PYTHON_VERSION_JUPYTER=3.8.15 +ARG PYTHON_VERSION=3.9.17 +ARG PYTHON_VERSION_ALT=3.8.17 +ARG PYTHON_VERSION_JUPYTER=3.8.17 ARG RSW_VERSION=2023.06.1+524.pro1 ARG RSW_NAME=rstudio-workbench ARG RSW_DOWNLOAD_URL=https://download2.rstudio.org/server/jammy/amd64 diff --git a/workbench-for-microsoft-azure-ml/Justfile b/workbench-for-microsoft-azure-ml/Justfile index 8b8b6497..56232d54 100644 --- a/workbench-for-microsoft-azure-ml/Justfile +++ b/workbench-for-microsoft-azure-ml/Justfile @@ -12,8 +12,8 @@ RSW_LICENSE := "" R_VERSION := "4.2.3" R_VERSION_ALT := "4.1.3" -PYTHON_VERSION := "3.9.14" -PYTHON_VERSION_ALT := "3.8.15" +PYTHON_VERSION := "3.9.17" +PYTHON_VERSION_ALT := "3.8.17" _make-default-tag OS=IMAGE_OS: echo "{{IMAGE_PREFIX}}{{PRODUCT}}:{{OS}}-$(just -f ../Justfile _get-tag-safe-version {{RSW_VERSION}})" diff --git a/workbench-for-microsoft-azure-ml/docker-compose.test.yml b/workbench-for-microsoft-azure-ml/docker-compose.test.yml index 87338f04..53a1d86d 100644 --- a/workbench-for-microsoft-azure-ml/docker-compose.test.yml +++ b/workbench-for-microsoft-azure-ml/docker-compose.test.yml @@ -11,7 +11,7 @@ services: - R_VERSION - PYTHON_VERSION - PYTHON_VERSION_ALT - - JUPYTER_PYTHON_VERSION + - PYTHON_VERSION_JUPYTER - R_VERSION_ALT - RSW_LICENSE volumes: diff --git a/workbench-for-microsoft-azure-ml/test/goss.yaml b/workbench-for-microsoft-azure-ml/test/goss.yaml index 09e898da..b7553054 100644 --- a/workbench-for-microsoft-azure-ml/test/goss.yaml +++ b/workbench-for-microsoft-azure-ml/test/goss.yaml @@ -120,7 +120,7 @@ command: title: jupyter_python_version_matches exit-status: 0 stdout: [ - "{{.Env.JUPYTER_PYTHON_VERSION}}" + "{{.Env.PYTHON_VERSION_JUPYTER}}" ] "which openssl": title: uses_system_openssl diff --git a/workbench/.env b/workbench/.env index 9ec2b95b..9459434a 100644 --- a/workbench/.env +++ b/workbench/.env @@ -1,8 +1,8 @@ RSW_VERSION=2023.06.1+524.pro1 RSW_DOWNLOAD_URL=https://download2.rstudio.org/server/bionic/amd64 RSW_NAME=rstudio-workbench -PYTHON_VERSION=3.9.14 -PYTHON_VERSION_ALT=3.8.15 -JUPYTER_PYTHON_VERSION=3.8.15 +PYTHON_VERSION=3.9.17 +PYTHON_VERSION_ALT=3.8.17 +PYTHON_VERSION_JUPYTER=3.8.15 R_VERSION_ALT=4.1.3 R_VERSION=4.2.3 diff --git a/workbench/Dockerfile.ubuntu2204 b/workbench/Dockerfile.ubuntu2204 index c1fe7614..81b3d839 100644 --- a/workbench/Dockerfile.ubuntu2204 +++ b/workbench/Dockerfile.ubuntu2204 @@ -1,7 +1,7 @@ ARG R_VERSION=4.2.3 ARG R_VERSION_ALT=4.1.3 -ARG PYTHON_VERSION=3.9.14 -ARG PYTHON_VERSION_ALT=3.8.15 +ARG PYTHON_VERSION=3.9.17 +ARG PYTHON_VERSION_ALT=3.8.17 ARG SRC_IMAGE_NAME=product-base-pro ARG REGISTRY=ghcr.io FROM ${REGISTRY}/rstudio/${SRC_IMAGE_NAME}:ubuntu2204-r${R_VERSION}_${R_VERSION_ALT}-py${PYTHON_VERSION}_${PYTHON_VERSION_ALT} @@ -10,8 +10,8 @@ LABEL maintainer="RStudio Docker " ARG DEBIAN_FRONTEND=noninteractive ARG R_VERSION=4.2.3 ARG R_VERSION_ALT=4.1.3 -ARG PYTHON_VERSION=3.9.14 -ARG PYTHON_VERSION_ALT=3.8.15 +ARG PYTHON_VERSION=3.9.17 +ARG PYTHON_VERSION_ALT=3.8.17 ARG PYTHON_VERSION_JUPYTER=3.8.15 ARG RSW_VERSION=2023.06.1+524.pro1 ARG RSW_NAME=rstudio-workbench diff --git a/workbench/Justfile b/workbench/Justfile index 88203fa3..4937dc9d 100644 --- a/workbench/Justfile +++ b/workbench/Justfile @@ -13,8 +13,8 @@ RSW_LICENSE_SERVER := "" R_VERSION := "4.2.3" R_VERSION_ALT := "4.1.3" -PYTHON_VERSION := "3.9.14" -PYTHON_VERSION_ALT := "3.8.15" +PYTHON_VERSION := "3.9.17" +PYTHON_VERSION_ALT := "3.8.17" PERSIST_LICENSE := "false" PERSIST_LICENSE_DIR := join(justfile_directory(), "tmp-lic") diff --git a/workbench/docker-compose.test.yml b/workbench/docker-compose.test.yml index b28c6f5f..db54a879 100644 --- a/workbench/docker-compose.test.yml +++ b/workbench/docker-compose.test.yml @@ -11,7 +11,7 @@ services: - R_VERSION - PYTHON_VERSION - PYTHON_VERSION_ALT - - JUPYTER_PYTHON_VERSION + - PYTHON_VERSION_JUPYTER - R_VERSION_ALT - RSW_LICENSE - RSW_LICENSE_SERVER diff --git a/workbench/test/goss.yaml b/workbench/test/goss.yaml index 86a47063..ccce2166 100644 --- a/workbench/test/goss.yaml +++ b/workbench/test/goss.yaml @@ -123,7 +123,7 @@ command: title: jupyter_python_version_matches exit-status: 0 stdout: [ - "{{.Env.JUPYTER_PYTHON_VERSION}}" + "{{.Env.PYTHON_VERSION_JUPYTER}}" ] "which openssl": title: uses_system_openssl