Update file Dockerfile

- /update.py
- /.gitlab-ci.yml

.gitlab-ci.yml

@@ -1,46 +1,27 @@
 stages:
-  - generate
-  - build
-
+- release
+- test
 variables:
-  #CI_DEBUG_TRACE: "true"
-  CACHE_TTL: 2190h0m0s
-
-generate:
-  stage: generate
-  image: python:3.11-alpine
-  script:
-    - pip install -r requirements.txt
-    - ./update.py > tags.txt
-  artifacts:
-    expire_in: 1 hour
-    paths:
-      - tags.txt
-
-
-build:
-  needs:
-    - job: generate
-      artifacts: true
-  image: docker:latest
-  stage: build
-  services:
-    - docker:dind
-  variables:
-    DOCKER_HOST: tcp://docker:2376
-    DOCKER_TLS_CERTDIR: "/certs"
-    DOCKER_TLS_VERIFY: 1
-    DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client"
+  CI_APPLICATION_REPOSITORY: "$CI_REGISTRY_IMAGE"
+release-image:
+  image: docker:24.0.6
+  stage: release
+  rules:
+  - if: "$CI_APPLICATION_TAG"
   before_script:
-    - until docker info; do sleep 1; done
   - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
-    - docker info
   script:
-    - |
-      for tag in $(cat tags.txt); do
-        export IMAGE_TAG=$CI_REGISTRY_IMAGE:$tag
+  - |-
+    export IMAGE_TAG=$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG
     echo $IMAGE_TAG
-        sed "s/latest/$tag/g" Dockerfile > Dockerfile.tmp
+    sed "s/latest/$CI_APPLICATION_TAG/g" Dockerfile > Dockerfile.tmp
     docker build . --pull -f Dockerfile.tmp -t $IMAGE_TAG
     docker push $IMAGE_TAG
-      done
+container_scanning:
+  rules:
+  - if: "$CI_APPLICATION_TAG"
+  needs:
+  - release-image
+include:
+- template: Jobs/Container-Scanning.gitlab-ci.yml
+- template: Security/Secret-Detection.gitlab-ci.yml

Dockerfile

@@ -1,6 +1,6 @@
-FROM ghcr.dockerproxy.com/coder/coder:latest as base
+FROM ghcr.io/coder/coder:latest as base
 
-FROM dockerproxy.com/library/python:3.10-alpine3.14 as replacer
+FROM python:3.10-alpine3.14 as replacer
 
 COPY --from=base /opt/coder /coder
 

generate.py

@@ -33,7 +33,7 @@ def create_ed25519_pair(is_save=False):
             f.write(public_key)
     return public_key, private_key
 
-
+# https://github.com/coder/coder/blob/e029df61ffbb15ada24bc1c25958fc16e364d740/codersdk/deployment.go#L37C1-L51C2
 data = {
     "exp": 1706356587,
     "nbf": 1674820527,
@@ -53,6 +53,10 @@ data = {
         "multiple_git_auth": 1,
         "scim": 1,
         "template_rbac": 1,
+        "workspace_proxy": 1,
+        "template_restart_requirement": 1
+        "advanced_template_scheduling": 1,
+        "user_role_management": 1,
         "user_limit": 114514
     }
 }

update.py

@@ -1,24 +0,0 @@
-#!/usr/bin/env python3
-import re
-from dxf import DXF
-from os import environ
-
-dxf = DXF('ghcr.io', "coder/coder")
-dxf.authenticate(actions=["pull"])
-tags = dxf.list_aliases()
-tags = [tag for tag in tags if re.match(
-    r"^v\d+\.\d+\.\d+$", tag) and int(tag.split('.')[1]) >= 27]
-
-
-try:
-    local_dxf = DXF(environ['CI_REGISTRY'], environ['CI_PROJECT_PATH'])
-    local_dxf.authenticate(
-        environ['CI_REGISTRY_USER'], environ['CI_REGISTRY_PASSWORD'], actions=["pull"])
-    local_tags = local_dxf.list_aliases()
-except:
-    local_tags = []
-
-update_tags = set(tags) - set(local_tags)
-update_tags.add('latest')
-
-print(' '.join(update_tags))