From b53c0bc7a434bce5d72d8bef54405cf0188047a7 Mon Sep 17 00:00:00 2001 From: Neal Richardson Date: Mon, 30 Oct 2023 09:32:21 -0400 Subject: [PATCH 1/9] Update language in connect readme to say Posit --- connect/README.md | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/connect/README.md b/connect/README.md index 6b847f85..ccc7e44c 100644 --- a/connect/README.md +++ b/connect/README.md @@ -2,16 +2,16 @@ * Maintained by: [the Posit Docker team](https://github.com/rstudio/rstudio-docker-products) * Where to get help: [our Github Issues page](https://github.com/rstudio/rstudio-docker-products/issues) -* RStudio Connect image: [Docker Hub](https://hub.docker.com/r/rstudio/rstudio-connect) -* RStudio Connect Content Init image: [Docker Hub](https://hub.docker.com/r/rstudio/rstudio-connect-content-init) +* Posit Connect image: [Docker Hub](https://hub.docker.com/r/rstudio/rstudio-connect) +* Posit Connect Content Init image: [Docker Hub](https://hub.docker.com/r/rstudio/rstudio-connect-content-init) # Supported tags and respective Dockerfile links * [`jammy`, `ubuntu2204`, `jammy-2023.09.0`, `ubuntu2204-2023.09.0`](https://github.com/rstudio/rstudio-docker-products/blob/main/connect/Dockerfile.2204) -# What is RStudio Connect? +# What is Posit Connect? -RStudio Connect connects you and the work you do with others as never before. Only RStudio Connect provides: +Posit Connect connects you and the work you do with others as never before. Only Posit Connect provides: * "One button" deployment into a single environment for Shiny applications, R Markdown documents, Plumber APIs, Python Jupyter notebooks, Quarto documents and projects, or any static R plot or graph. @@ -21,8 +21,8 @@ RStudio Connect connects you and the work you do with others as never before. On with you. * "Hands free" scheduling of updates to your documents and automatic email distribution. -For more information on running RStudio Connect in your organization please visit -https://www.rstudio.com/products/connect/. +For more information on running Posit Connect in your organization please visit +https://posit.co/products/enterprise/connect/. # Notice for support @@ -57,8 +57,8 @@ Once running, open [http://localhost:3939](http://localhost:3939) to access RStu ## Overview This Docker container is built following -the [RStudio Connect admin guide](https://docs.rstudio.com/connect/admin/index.html), please -see [Server Guide/Docker](https://docs.rstudio.com/connect/admin/server-management/#docker) for more details on the +the [Posit Connect admin guide](https://docs.posit.co/connect/admin/index.html), please +see [Server Guide/Docker](https://docs.posit.co/connect/admin/server-management/#docker) for more details on the requirements and how to extend this image. This container includes: @@ -66,19 +66,19 @@ This container includes: 1. Two versions of R 2. Two versions of Python 3. Posit Professional Drivers -4. RStudio Connect +4. Posit Connect -Note that running the RStudio Connect Docker image requires the container to run using the `--privileged` flag and a -valid RStudio Connect license. +Note that running the Posit Connect Docker image requires the container to run using the `--privileged` flag and a +valid Posit Connect license. -> IMPORTANT: to use RStudio Connect with more than one user, you will need to +> IMPORTANT: to use Posit Connect with more than one user, you will need to > define `Server.Address` in the `rstudio-connect.gcfg` file. To do so, update > your configuration file with the URL that users will use to visit Connect. > Then start or restart the container. ## Configuration -The configuration of RStudio Connect is made on the `/etc/rstudio-connect/rstudio-connect.gcfg` file, mount this file as +The configuration of Posit Connect is made on the `/etc/rstudio-connect/rstudio-connect.gcfg` file, mount this file as volume with an external file on the host machine to change the configuration and restart the container for changes to take effect. @@ -103,11 +103,11 @@ orchestration system to be available at `/data`. Should you wish to move this to ### Licensing -Using the RStudio Connect docker image requires to have a valid License. You can set the RSC license in three ways: +Using the Posit Connect docker image requires to have a valid License. You can set the license in three ways: 1. Setting the `RSC_LICENSE` environment variable to a valid license key inside the container 2. Setting the `RSC_LICENSE_SERVER` environment variable to a valid license server / port inside the container -3. Mounting a `/etc/rstudio-connect/license.lic` single file that contains a valid license for RStudio Connect +3. Mounting a `/etc/rstudio-connect/license.lic` single file that contains a valid license for Posit Connect **NOTE:** the "offline activation process" is not supported by this image today. Offline installations will need to explore using a license server, license file, or custom image with manual intervention. @@ -116,14 +116,14 @@ to explore using a license server, license file, or custom image with manual int | Variable | Description | Default | |-----|---|---| -| `RSC_LICENSE` | License key for RStudio Connect, format should be: `XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX` | None | +| `RSC_LICENSE` | License key for Posit Connect, format should be: `XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX` | None | | `RSC_LICENSE_SERVER` | Floating license server, format should be: `my.url.com:port` | None | ### Ports | Variable | Description | |-----|---| -| `3939` | Default HTTP Port for RStudio Connect | +| `3939` | Default HTTP Port for Posit Connect | ### Example usage @@ -147,7 +147,7 @@ docker run -it --privileged \ rstudio/rstudio-connect:ubuntu2204 ``` -Open [http://localhost:3939](http://localhost:3939) to access RStudio Connect. +Open [http://localhost:3939](http://localhost:3939) to access Posit Connect. ## Caveats of product licensing in containers @@ -187,7 +187,7 @@ While neither of these solutions will eliminate the problem, they should help mi long-term solution. # Licensing -The license associated with the RStudio Docker Products repository is located +The license associated with the Posit Docker Products repository is located [in LICENSE.md](https://github.com/rstudio/rstudio-docker-products/blob/main/LICENSE.md). As is the case with all container images, the images themselves also contain other software which may be under other From d9ffb06771c1db894ccd65470edf9049dfd8721c Mon Sep 17 00:00:00 2001 From: Ian Pittwood Date: Tue, 31 Oct 2023 08:18:51 -0700 Subject: [PATCH 2/9] Replace `BUILD_PAT` with `GITHUB_TOKEN` --- .github/workflows/build-content.yaml | 8 ++++---- .github/workflows/build-manual.yaml | 2 +- .github/workflows/build-prerelease.yaml | 4 ++-- .github/workflows/build-release.yaml | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-content.yaml b/.github/workflows/build-content.yaml index de31f625..bd841db1 100644 --- a/.github/workflows/build-content.yaml +++ b/.github/workflows/build-content.yaml @@ -81,7 +81,7 @@ jobs: push-image: ${{ github.ref == 'refs/heads/main' }} snyk-token: ${{ secrets.SNYK_TOKEN }} snyk-org-id: ${{ secrets.SNYK_ORG_ID }} - ghcr-token: ${{ secrets.BUILD_PAT }} + ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} @@ -105,7 +105,7 @@ jobs: push-image: ${{ github.ref == 'refs/heads/main' }} snyk-token: ${{ secrets.SNYK_TOKEN }} snyk-org-id: ${{ secrets.SNYK_ORG_ID }} - ghcr-token: ${{ secrets.BUILD_PAT }} + ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} @@ -175,7 +175,7 @@ jobs: push-image: ${{ github.ref == 'refs/heads/main' }} snyk-token: ${{ secrets.SNYK_TOKEN }} snyk-org-id: ${{ secrets.SNYK_ORG_ID }} - ghcr-token: ${{ secrets.BUILD_PAT }} + ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} @@ -199,7 +199,7 @@ jobs: push-image: ${{ github.ref == 'refs/heads/main' }} snyk-token: ${{ secrets.SNYK_TOKEN }} snyk-org-id: ${{ secrets.SNYK_ORG_ID }} - ghcr-token: ${{ secrets.BUILD_PAT }} + ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} diff --git a/.github/workflows/build-manual.yaml b/.github/workflows/build-manual.yaml index 5ad494d1..8fa68cc7 100644 --- a/.github/workflows/build-manual.yaml +++ b/.github/workflows/build-manual.yaml @@ -130,7 +130,7 @@ jobs: push-image: ${{ inputs.push }} snyk-token: ${{ secrets.SNYK_TOKEN }} snyk-org-id: ${{ secrets.SNYK_ORG_ID }} - ghcr-token: ${{ secrets.BUILD_PAT }} + ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} diff --git a/.github/workflows/build-prerelease.yaml b/.github/workflows/build-prerelease.yaml index 66addbdf..dc828c76 100644 --- a/.github/workflows/build-prerelease.yaml +++ b/.github/workflows/build-prerelease.yaml @@ -109,7 +109,7 @@ jobs: push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/dev-rspm' }} snyk-token: ${{ secrets.SNYK_TOKEN }} snyk-org-id: ${{ secrets.SNYK_ORG_ID }} - ghcr-token: ${{ secrets.BUILD_PAT }} + ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} @@ -132,7 +132,7 @@ jobs: push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' }} snyk-token: ${{ secrets.SNYK_TOKEN }} snyk-org-id: ${{ secrets.SNYK_ORG_ID }} - ghcr-token: ${{ secrets.BUILD_PAT }} + ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} diff --git a/.github/workflows/build-release.yaml b/.github/workflows/build-release.yaml index 08c23ab9..61e87b86 100644 --- a/.github/workflows/build-release.yaml +++ b/.github/workflows/build-release.yaml @@ -399,7 +399,7 @@ jobs: push-image: ${{ github.ref == 'refs/heads/main' || github.event.schedule == '0 12 * * 1' }} snyk-token: ${{ secrets.SNYK_TOKEN }} snyk-org-id: ${{ secrets.SNYK_ORG_ID }} - ghcr-token: ${{ secrets.BUILD_PAT }} + ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' @@ -423,7 +423,7 @@ jobs: push-image: ${{ github.ref == 'refs/heads/main' || github.event.schedule == '0 12 * * 1' }} snyk-token: ${{ secrets.SNYK_TOKEN }} snyk-org-id: ${{ secrets.SNYK_ORG_ID }} - ghcr-token: ${{ secrets.BUILD_PAT }} + ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' From a3b3e1e2b76a8a226b587a28bded7bfb066012ff Mon Sep 17 00:00:00 2001 From: Ian Pittwood Date: Tue, 31 Oct 2023 10:05:41 -0700 Subject: [PATCH 3/9] Grant action permission --- .github/workflows/build-release.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-release.yaml b/.github/workflows/build-release.yaml index 61e87b86..dac27889 100644 --- a/.github/workflows/build-release.yaml +++ b/.github/workflows/build-release.yaml @@ -12,6 +12,10 @@ jobs: build-base: runs-on: ubuntu-latest name: product-base-build-${{ matrix.config.os }}-r${{ matrix.config.r-primary }}_${{ matrix.config.r-alternate }}-py${{ matrix.config.py-primary }}_${{ matrix.config.py-alternate }} + + permissions: + packages: write + concurrency: group: base-build-${{ matrix.config.os }}-r${{ matrix.config.r-primary }}_${{ matrix.config.r-alternate }}-py${{ matrix.config.py-primary }}_${{ matrix.config.py-alternate }}-${{ github.ref }} cancel-in-progress: true @@ -81,7 +85,8 @@ jobs: product: product-base image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} - push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.event.schedule == '0 12 * * 1' }} + #push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.event.schedule == '0 12 * * 1' }} + push-image: true snyk-token: ${{ secrets.SNYK_TOKEN }} snyk-org-id: ${{ secrets.SNYK_ORG_ID }} ghcr-token: ${{ secrets.BUILD_PAT }} From 3fd3e79701e6bc3a31c69e6e06b8e56ae2e1259a Mon Sep 17 00:00:00 2001 From: Ian Pittwood Date: Tue, 31 Oct 2023 11:45:22 -0700 Subject: [PATCH 4/9] Try new action update --- .../actions/build-test-scan-push/action.yaml | 44 +++++++++++++------ .github/workflows/build-release.yaml | 12 ++--- 2 files changed, 36 insertions(+), 20 deletions(-) diff --git a/.github/actions/build-test-scan-push/action.yaml b/.github/actions/build-test-scan-push/action.yaml index 6e120ff2..73dfc462 100644 --- a/.github/actions/build-test-scan-push/action.yaml +++ b/.github/actions/build-test-scan-push/action.yaml @@ -63,33 +63,49 @@ runs: sudo rm -rf /usr/share/dotnet # will release about 20GB - name: Login to ghcr.io - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ inputs.ghcr-token }} - name: Login to Docker Hub - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ inputs.dockerhub-username }} password: ${{ inputs.dockerhub-token }} - - name: Authenticate to Google Cloud + - name: Login to GCAR us-central1 continue-on-error: true - uses: google-github-actions/auth@v1 + uses: docker/login-action@v3 with: - credentials_json: '${{ inputs.gcp-json }}' + registry: us-central1-docker.pkg.dev + username: _json_key + password: '${{ inputs.gcp-json }}' - - name: Authenticate GCAR - shell: bash - run: | - if [[ "${{ inputs.gcp-json != '' }}" == "true" ]]; then - gcloud auth configure-docker -q us-central1-docker.pkg.dev - gcloud auth configure-docker -q us-docker.pkg.dev - gcloud auth configure-docker -q asia-docker.pkg.dev - gcloud auth configure-docker -q europe-docker.pkg.dev - fi + - name: Login to GCAR us + continue-on-error: true + uses: docker/login-action@v3 + with: + registry: us-docker.pkg.dev + username: _json_key + password: '${{ inputs.gcp-json }}' + + - name: Login to GCAR asia + continue-on-error: true + uses: docker/login-action@v3 + with: + registry: asia-docker.pkg.dev + username: _json_key + password: '${{ inputs.gcp-json }}' + + - name: Login to GCAR europe + continue-on-error: true + uses: docker/login-action@v3 + with: + registry: europe-docker.pkg.dev + username: _json_key + password: '${{ inputs.gcp-json }}' - name: Build id: image-build diff --git a/.github/workflows/build-release.yaml b/.github/workflows/build-release.yaml index dac27889..1b3ee176 100644 --- a/.github/workflows/build-release.yaml +++ b/.github/workflows/build-release.yaml @@ -89,7 +89,7 @@ jobs: push-image: true snyk-token: ${{ secrets.SNYK_TOKEN }} snyk-org-id: ${{ secrets.SNYK_ORG_ID }} - ghcr-token: ${{ secrets.BUILD_PAT }} + ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} @@ -112,7 +112,7 @@ jobs: push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.event.schedule == '0 12 * * 1' }} snyk-token: ${{ secrets.SNYK_TOKEN }} snyk-org-id: ${{ secrets.SNYK_ORG_ID }} - ghcr-token: ${{ secrets.BUILD_PAT }} + ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} @@ -195,7 +195,7 @@ jobs: push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.event.schedule == '0 12 * * 1' }} snyk-token: ${{ secrets.SNYK_TOKEN }} snyk-org-id: ${{ secrets.SNYK_ORG_ID }} - ghcr-token: ${{ secrets.BUILD_PAT }} + ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} @@ -218,7 +218,7 @@ jobs: push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.event.schedule == '0 12 * * 1' }} snyk-token: ${{ secrets.SNYK_TOKEN }} snyk-org-id: ${{ secrets.SNYK_ORG_ID }} - ghcr-token: ${{ secrets.BUILD_PAT }} + ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} @@ -316,7 +316,7 @@ jobs: push-image: ${{ github.ref == 'refs/heads/main' || github.event.schedule == '0 12 * * 1' }} snyk-token: ${{ secrets.SNYK_TOKEN }} snyk-org-id: ${{ secrets.SNYK_ORG_ID }} - ghcr-token: ${{ secrets.BUILD_PAT }} + ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} @@ -339,7 +339,7 @@ jobs: push-image: ${{ github.ref == 'refs/heads/main' || github.event.schedule == '0 12 * * 1' }} snyk-token: ${{ secrets.SNYK_TOKEN }} snyk-org-id: ${{ secrets.SNYK_ORG_ID }} - ghcr-token: ${{ secrets.BUILD_PAT }} + ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} From 5cfac6a3e5461d06db261f33cfa40e8913140998 Mon Sep 17 00:00:00 2001 From: Ian Pittwood Date: Tue, 31 Oct 2023 12:43:03 -0700 Subject: [PATCH 5/9] Upgrade build action --- .github/actions/build-test-scan-push/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/build-test-scan-push/action.yaml b/.github/actions/build-test-scan-push/action.yaml index 73dfc462..ebd4b1fe 100644 --- a/.github/actions/build-test-scan-push/action.yaml +++ b/.github/actions/build-test-scan-push/action.yaml @@ -109,7 +109,7 @@ runs: - name: Build id: image-build - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: load: true context: ${{ inputs.context }} @@ -166,7 +166,7 @@ runs: command: ${{ steps.eval-snyk-command.outputs.SNYK_COMMAND }} - name: Push - ${{ inputs.push-image }} - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: push: ${{ inputs.push-image }} context: ${{ inputs.context }} From fd2ba6e0c1681c3bb4105e37ed0df997d4ac13f1 Mon Sep 17 00:00:00 2001 From: Ian Pittwood Date: Tue, 31 Oct 2023 12:45:18 -0700 Subject: [PATCH 6/9] Append gcp creds to all builds to silence errors --- .github/workflows/build-content.yaml | 4 ++++ .github/workflows/build-manual.yaml | 1 + .github/workflows/build-prerelease.yaml | 2 ++ .github/workflows/build-release.yaml | 9 +++++++-- 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-content.yaml b/.github/workflows/build-content.yaml index bd841db1..3a6fc0b8 100644 --- a/.github/workflows/build-content.yaml +++ b/.github/workflows/build-content.yaml @@ -84,6 +84,7 @@ jobs: ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' # Begin retry logic @@ -108,6 +109,7 @@ jobs: ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' # End retry logic @@ -178,6 +180,7 @@ jobs: ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' # Begin retry logic @@ -202,5 +205,6 @@ jobs: ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' # End retry logic diff --git a/.github/workflows/build-manual.yaml b/.github/workflows/build-manual.yaml index 8fa68cc7..3868dcf7 100644 --- a/.github/workflows/build-manual.yaml +++ b/.github/workflows/build-manual.yaml @@ -133,4 +133,5 @@ jobs: ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' diff --git a/.github/workflows/build-prerelease.yaml b/.github/workflows/build-prerelease.yaml index dc828c76..7c2787c0 100644 --- a/.github/workflows/build-prerelease.yaml +++ b/.github/workflows/build-prerelease.yaml @@ -112,6 +112,7 @@ jobs: ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' # Begin retry logic @@ -135,5 +136,6 @@ jobs: ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' # End retry logic diff --git a/.github/workflows/build-release.yaml b/.github/workflows/build-release.yaml index 1b3ee176..3eba6f4f 100644 --- a/.github/workflows/build-release.yaml +++ b/.github/workflows/build-release.yaml @@ -85,13 +85,13 @@ jobs: product: product-base image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} - #push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.event.schedule == '0 12 * * 1' }} - push-image: true + push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.event.schedule == '0 12 * * 1' }} snyk-token: ${{ secrets.SNYK_TOKEN }} snyk-org-id: ${{ secrets.SNYK_ORG_ID }} ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' # Begin retry logic @@ -115,6 +115,7 @@ jobs: ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' # End retry logic @@ -198,6 +199,7 @@ jobs: ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' # Begin retry logic @@ -221,6 +223,7 @@ jobs: ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' # End retry logic @@ -319,6 +322,7 @@ jobs: ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' # Begin retry logic @@ -342,6 +346,7 @@ jobs: ghcr-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' # End retry logic From 85d52c2d73dde247969a78e3261c78282bd1153e Mon Sep 17 00:00:00 2001 From: Ian Pittwood Date: Tue, 31 Oct 2023 12:49:13 -0700 Subject: [PATCH 7/9] Explicitly define action permissions --- .github/workflows/build-content.yaml | 5 +++++ .github/workflows/build-manual.yaml | 4 ++++ .github/workflows/build-prerelease.yaml | 4 ++++ .github/workflows/build-release.yaml | 13 +++++++++++++ 4 files changed, 26 insertions(+) diff --git a/.github/workflows/build-content.yaml b/.github/workflows/build-content.yaml index 3a6fc0b8..4b7db4e1 100644 --- a/.github/workflows/build-content.yaml +++ b/.github/workflows/build-content.yaml @@ -22,6 +22,11 @@ jobs: runs-on: ubuntu-latest needs: matrix name: content-base-${{ matrix.config.os }}-r${{ matrix.config.r }}-py${{ matrix.config.py }}--${{ github.ref }} + + permissions: + contents: read + packages: write + concurrency: group: content-base-${{ matrix.config.os }}-r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/build-manual.yaml b/.github/workflows/build-manual.yaml index 3868dcf7..5525f677 100644 --- a/.github/workflows/build-manual.yaml +++ b/.github/workflows/build-manual.yaml @@ -59,6 +59,10 @@ jobs: runs-on: ubuntu-latest name: manual-build + permissions: + contents: read + packages: write + steps: - name: Check Out Repo uses: actions/checkout@v3 diff --git a/.github/workflows/build-prerelease.yaml b/.github/workflows/build-prerelease.yaml index 7c2787c0..fed12d32 100644 --- a/.github/workflows/build-prerelease.yaml +++ b/.github/workflows/build-prerelease.yaml @@ -18,6 +18,10 @@ jobs: runs-on: ubuntu-latest name: build-${{ matrix.config.type }}-${{ matrix.config.product }}-${{ matrix.config.os }} + permissions: + contents: read + packages: write + strategy: fail-fast: false matrix: diff --git a/.github/workflows/build-release.yaml b/.github/workflows/build-release.yaml index 3eba6f4f..d48dbc99 100644 --- a/.github/workflows/build-release.yaml +++ b/.github/workflows/build-release.yaml @@ -14,6 +14,7 @@ jobs: name: product-base-build-${{ matrix.config.os }}-r${{ matrix.config.r-primary }}_${{ matrix.config.r-alternate }}-py${{ matrix.config.py-primary }}_${{ matrix.config.py-alternate }} permissions: + contents: read packages: write concurrency: @@ -124,6 +125,10 @@ jobs: runs-on: ubuntu-latest name: product-base-pro-build-${{ matrix.config.os }}-r${{ matrix.config.r-primary }}_${{ matrix.config.r-alternate }}-py${{ matrix.config.py-primary }}_${{ matrix.config.py-alternate }} + permissions: + contents: read + packages: write + strategy: fail-fast: false matrix: @@ -232,6 +237,10 @@ jobs: runs-on: ubuntu-latest name: build-${{ matrix.config.product }}-${{ matrix.config.os }} + permissions: + contents: read + packages: write + strategy: fail-fast: false matrix: @@ -355,6 +364,10 @@ jobs: runs-on: ubuntu-latest name: build-workbench-for-google-cloud-workstations + permissions: + contents: read + packages: write + concurrency: group: build-products-${{ matrix.config.product }}-${{ matrix.config.os }}-${{ github.ref }} cancel-in-progress: true From 3127525811e0758e22b048a77a39afa2719d711c Mon Sep 17 00:00:00 2001 From: Greg Lin Date: Tue, 31 Oct 2023 19:03:54 -0500 Subject: [PATCH 8/9] Update PPM to 2023.08.4-20 --- Justfile | 2 +- docker-compose.yml | 4 ++-- package-manager/.env | 2 +- package-manager/Dockerfile.ubuntu1804 | 8 ++++---- package-manager/Dockerfile.ubuntu2204 | 8 ++++---- package-manager/Justfile | 2 +- package-manager/README.md | 4 ++-- 7 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Justfile b/Justfile index cd052445..2a1bf8aa 100644 --- a/Justfile +++ b/Justfile @@ -7,7 +7,7 @@ sed_vars := if os() == "macos" { "-i ''" } else { "-i" } BUILDX_PATH := "" RSC_VERSION := "2023.09.0" -RSPM_VERSION := "2023.08.0-16" +RSPM_VERSION := "2023.08.4-20" RSW_VERSION := "2023.09.1+494.pro2" DRIVERS_VERSION := "2023.05.0" diff --git a/docker-compose.yml b/docker-compose.yml index 5ab39b04..0bd23109 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -43,8 +43,8 @@ services: context: ./package-manager dockerfile: "Dockerfile.${IMAGE_OS:-ubuntu1804}" args: - RSPM_VERSION: 2023.08.0-16 - image: rstudio/rstudio-package-manager:2023.08.0 + RSPM_VERSION: 2023.08.4-20 + image: rstudio/rstudio-package-manager:2023.08.4 environment: RSPM_LICENSE: ${RSPM_LICENSE} LICENSE_SERVER: ${RSPM_LICENSE_SERVER} diff --git a/package-manager/.env b/package-manager/.env index 2942ce76..0cd44ebc 100644 --- a/package-manager/.env +++ b/package-manager/.env @@ -1,3 +1,3 @@ -RSPM_VERSION=2023.08.0-16 +RSPM_VERSION=2023.08.4-20 R_VERSION=4.2.3 R_VERSION_ALT=4.1.3 diff --git a/package-manager/Dockerfile.ubuntu1804 b/package-manager/Dockerfile.ubuntu1804 index 61a8321e..448c3f80 100644 --- a/package-manager/Dockerfile.ubuntu1804 +++ b/package-manager/Dockerfile.ubuntu1804 @@ -1,8 +1,8 @@ -ARG R_VERSION=4.2.0 +ARG R_VERSION=4.2.3 FROM rstudio/r-base:${R_VERSION}-bionic LABEL maintainer="RStudio Docker " -ARG R_VERSION=4.2.0 +ARG R_VERSION=4.2.3 # Locale configuration --------------------------------------------------------# RUN localedef -i en_US -f UTF-8 en_US.UTF-8 @@ -39,7 +39,7 @@ RUN gpg --update-trustdb \ && ln -s /tini /usr/local/bin/tini # Add another R version -------------------------------------------------------# -ARG R_VERSION_ALT=3.6.2 +ARG R_VERSION_ALT=4.1.3 RUN apt-get update -qq && \ curl -O https://cdn.rstudio.com/r/ubuntu-1804/pkgs/r-${R_VERSION_ALT}_1_amd64.deb && \ DEBIAN_FRONTEND=noninteractive apt-get install -y ./r-${R_VERSION_ALT}_1_amd64.deb && \ @@ -48,7 +48,7 @@ RUN apt-get update -qq && \ && rm -rf /var/lib/apt/lists/* # Download RStudio Package Manager ---------------------------------------------# -ARG RSPM_VERSION=2023.08.0-16 +ARG RSPM_VERSION=2023.08.4-20 ARG RSPM_DOWNLOAD_URL=https://cdn.rstudio.com/package-manager/deb/amd64 # Keys must be pulled using curl, gpg calls intermittently fail on 18.04 with "gpg: keyserver receive failed: Cannot assign requested address" RUN apt-get update --fix-missing \ diff --git a/package-manager/Dockerfile.ubuntu2204 b/package-manager/Dockerfile.ubuntu2204 index f7f9b09b..a6fc4966 100644 --- a/package-manager/Dockerfile.ubuntu2204 +++ b/package-manager/Dockerfile.ubuntu2204 @@ -1,8 +1,8 @@ -ARG R_VERSION=4.2.0 +ARG R_VERSION=4.2.3 FROM rstudio/r-base:${R_VERSION}-jammy LABEL maintainer="RStudio Docker " -ARG R_VERSION=4.2.0 +ARG R_VERSION=4.2.3 # Locale configuration --------------------------------------------------------# RUN localedef -i en_US -f UTF-8 en_US.UTF-8 @@ -35,7 +35,7 @@ RUN gpg --update-trustdb \ && ln -s /tini /usr/local/bin/tini # Add another R version -------------------------------------------------------# -ARG R_VERSION_ALT=3.6.2 +ARG R_VERSION_ALT=4.1.3 RUN apt-get update -qq && \ curl -O https://cdn.rstudio.com/r/ubuntu-2204/pkgs/r-${R_VERSION_ALT}_1_amd64.deb && \ DEBIAN_FRONTEND=noninteractive apt-get install -y ./r-${R_VERSION_ALT}_1_amd64.deb && \ @@ -44,7 +44,7 @@ RUN apt-get update -qq && \ && rm -rf /var/lib/apt/lists/* # Download RStudio Package Manager ---------------------------------------------# -ARG RSPM_VERSION=2023.08.0-16 +ARG RSPM_VERSION=2023.08.4-20 ARG RSPM_DOWNLOAD_URL=https://cdn.rstudio.com/package-manager/deb/amd64 RUN apt-get update --fix-missing \ && apt-get install -y --no-install-recommends ca-certificates gdebi-core gpg dpkg-sig \ diff --git a/package-manager/Justfile b/package-manager/Justfile index c126c802..7f99e5fc 100644 --- a/package-manager/Justfile +++ b/package-manager/Justfile @@ -6,7 +6,7 @@ IMAGE_PREFIX := "rstudio-" PRODUCT := "package-manager" IMAGE_OS := "ubuntu2204" -RSPM_VERSION := "2023.08.0-16" +RSPM_VERSION := "2023.08.4-20" RSPM_LICENSE := "" RSPM_LICENSE_SERVER := "" diff --git a/package-manager/README.md b/package-manager/README.md index c8ffaad9..e396b11f 100644 --- a/package-manager/README.md +++ b/package-manager/README.md @@ -6,8 +6,8 @@ # Supported tags and respective Dockerfile links -* [`2023.08.0`, `bionic`, `ubuntu1804`, `bionic-2023.08.0`, `ubuntu1804-2023.08.0`](https://github.com/rstudio/rstudio-docker-products/blob/main/package-manager/Dockerfile.ubuntu1804) -* [`jammy`, `ubuntu2204`, `jammy-2023.08.0`, `ubuntu2204-2023.08.0`](https://github.com/rstudio/rstudio-docker-products/blob/main/package-manager/Dockerfile.ubuntu2204) +* [`2023.08.4`, `bionic`, `ubuntu1804`, `bionic-2023.08.4`, `ubuntu1804-2023.08.4`](https://github.com/rstudio/rstudio-docker-products/blob/main/package-manager/Dockerfile.ubuntu1804) +* [`jammy`, `ubuntu2204`, `jammy-2023.08.4`, `ubuntu2204-2023.08.4`](https://github.com/rstudio/rstudio-docker-products/blob/main/package-manager/Dockerfile.ubuntu2204) # What is RStudio Package Manager? From 0b6a0a8faa63158e568e4791a6447b9df7b08073 Mon Sep 17 00:00:00 2001 From: Toni Noble Date: Wed, 1 Nov 2023 11:24:46 -0400 Subject: [PATCH 9/9] Bump Connect to version 2023.10.0 --- Justfile | 2 +- connect-content-init/Dockerfile.ubuntu2204 | 2 +- connect-content-init/Justfile | 2 +- connect-content-init/README.md | 6 +++--- connect/.env | 2 +- connect/Dockerfile.ubuntu2204 | 2 +- connect/Justfile | 2 +- connect/README.md | 2 +- docker-compose.yml | 4 ++-- 9 files changed, 12 insertions(+), 12 deletions(-) diff --git a/Justfile b/Justfile index 2a1bf8aa..ddb03dda 100644 --- a/Justfile +++ b/Justfile @@ -6,7 +6,7 @@ sed_vars := if os() == "macos" { "-i ''" } else { "-i" } BUILDX_PATH := "" -RSC_VERSION := "2023.09.0" +RSC_VERSION := "2023.10.0" RSPM_VERSION := "2023.08.4-20" RSW_VERSION := "2023.09.1+494.pro2" diff --git a/connect-content-init/Dockerfile.ubuntu2204 b/connect-content-init/Dockerfile.ubuntu2204 index 587482e3..f06de9c9 100644 --- a/connect-content-init/Dockerfile.ubuntu2204 +++ b/connect-content-init/Dockerfile.ubuntu2204 @@ -10,7 +10,7 @@ RUN apt-get update && \ apt-get install -y --no-install-recommends ca-certificates curl && \ rm -rf /var/lib/apt/lists/* -ARG RSC_VERSION=2023.09.0 +ARG RSC_VERSION=2023.10.0 SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN mkdir -p /rsc-staging && \ RSC_VERSION_URL=$(echo -n "${RSC_VERSION}" | sed 's/+/%2B/g') && \ diff --git a/connect-content-init/Justfile b/connect-content-init/Justfile index 0f45db73..8b7f08e2 100644 --- a/connect-content-init/Justfile +++ b/connect-content-init/Justfile @@ -6,7 +6,7 @@ IMAGE_PREFIX := "rstudio-" PRODUCT := "connect-content-init" IMAGE_OS := "ubuntu2204" -RSC_VERSION := "2023.09.0" +RSC_VERSION := "2023.10.0" RSC_TAG_SAFE_VERSION := replace(RSC_VERSION, "+", "-") RSC_LICENSE := "" diff --git a/connect-content-init/README.md b/connect-content-init/README.md index c9ef7b4d..cdd69831 100644 --- a/connect-content-init/README.md +++ b/connect-content-init/README.md @@ -9,7 +9,7 @@ # Supported tags and respective Dockerfile links -* [`jammy`, `ubuntu2204`, `jammy-2023.09.0`, `ubuntu2204-2023.09.0`](https://github.com/rstudio/rstudio-docker-products/blob/main/connect/Dockerfile.2204) +* [`jammy`, `ubuntu2204`, `jammy-2023.10.0`, `ubuntu2204-2023.10.0`](https://github.com/rstudio/rstudio-docker-products/blob/main/connect/Dockerfile.2204) # RStudio Connect Content Init Container @@ -31,7 +31,7 @@ The version of the release package to use can be overridden with the `RSC_VERSION` build arg. ```console -just build ubuntu2204 2023.09.0 +just build ubuntu2204 2023.10.0 ``` ## Testing @@ -56,7 +56,7 @@ just test You can see the different layers that make up the image: ```console -docker history rstudio/rstudio-connect-content-init-preview:2023.09.0-dev-326 +docker history rstudio/rstudio-connect-content-init-preview:2023.10.0-dev-326 ``` NOTE: almost all the image size is pandoc. diff --git a/connect/.env b/connect/.env index fa317a6c..084103b3 100644 --- a/connect/.env +++ b/connect/.env @@ -1,4 +1,4 @@ -RSC_VERSION=2023.09.0 +RSC_VERSION=2023.10.0 R_VERSION=4.2.3 R_VERSION_ALT=4.1.3 PYTHON_VERSION=3.9.17 diff --git a/connect/Dockerfile.ubuntu2204 b/connect/Dockerfile.ubuntu2204 index 675b9a46..6f6f3978 100644 --- a/connect/Dockerfile.ubuntu2204 +++ b/connect/Dockerfile.ubuntu2204 @@ -13,7 +13,7 @@ ARG R_VERSION=4.2.3 ARG R_VERSION_ALT=4.1.3 ARG PYTHON_VERSION=3.9.17 ARG PYTHON_VERSION_ALT=3.8.17 -ARG RSC_VERSION=2023.09.0 +ARG RSC_VERSION=2023.10.0 SHELL [ "/bin/bash", "-o", "pipefail", "-c"] RUN apt-get update --fix-missing \ && apt-get install -yq --no-install-recommends \ diff --git a/connect/Justfile b/connect/Justfile index 1b330a3b..a5cc999b 100644 --- a/connect/Justfile +++ b/connect/Justfile @@ -6,7 +6,7 @@ IMAGE_PREFIX := "rstudio-" PRODUCT := "connect" IMAGE_OS := "ubuntu2204" -RSC_VERSION := "2023.09.0" +RSC_VERSION := "2023.10.0" RSC_LICENSE := "" RSC_LICENSE_SERVER := "" diff --git a/connect/README.md b/connect/README.md index 6b847f85..85d0f8f1 100644 --- a/connect/README.md +++ b/connect/README.md @@ -7,7 +7,7 @@ # Supported tags and respective Dockerfile links -* [`jammy`, `ubuntu2204`, `jammy-2023.09.0`, `ubuntu2204-2023.09.0`](https://github.com/rstudio/rstudio-docker-products/blob/main/connect/Dockerfile.2204) +* [`jammy`, `ubuntu2204`, `jammy-2023.10.0`, `ubuntu2204-2023.10.0`](https://github.com/rstudio/rstudio-docker-products/blob/main/connect/Dockerfile.2204) # What is RStudio Connect? diff --git a/docker-compose.yml b/docker-compose.yml index 0bd23109..2a8098eb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -25,8 +25,8 @@ services: context: ./connect dockerfile: "Dockerfile.${IMAGE_OS:-ubuntu1804}" args: - RSC_VERSION: 2023.09.0 - image: rstudio/rstudio-connect:2023.09.0 + RSC_VERSION: 2023.10.0 + image: rstudio/rstudio-connect:2023.10.0 privileged: true environment: RSC_LICENSE: ${RSC_LICENSE}