Closed TastyPi closed 1 year ago
How is this not automated? o.o
It's not automated because it's complicated and we're human. Each release is slightly different, depending on whether we need to drop support from old minor releases or not, whether we need to bump the xcaddy
version, whether we need to bump Go, alpine, etc. And then once the work is done in this repo, we must manually open a PR on https://github.com/docker-library/official-images, wait for a Docker maintainer to review and merge, then wait for the Docker Official Images jenkins pipeline to run https://doi-janky.infosiftr.net/
Also @hairyhenderson is unfortunately on vacation right now (was a long weekend here in Canada, it's that time of year), so this is delayed until he gets back.
As a workaround, you may build v2.7.3
using the builder
image variant like this:
FROM caddy:2.7.2-builder AS builder
RUN xcaddy build v2.7.3
FROM caddy:2.7.2
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
I was also wondering the same: 5 days ago the caddy release said not to use 2.7.2, and use 2.7.3 but docker pull shows it doesn't exist (and indeed it isn't on https://hub.docker.com/_/caddy).
The release notes does not mention the docker images being slightly out of sync, so for me the workaround was to just keep on using 2.6.4 for now. Perhaps just always adding a note in https://github.com/caddyserver/caddy/releases telling people to expect some delays in the docker image release would be nice.
Also, has it been considered to publish on github packages? (https://docs.github.com/en/actions/publishing-packages/publishing-docker-images#publishing-images-to-github-packages)
In the long term I'm concerned. True to Murphy's law caddy 2.7.x just about had everything go wrong with the silver lining it wasn't a 0-day exploit fix.
Now imagine this was a zero day exploit, that is 5 days so far without the fix being pushed to docker hub. Demonstrating a single point of failure and clear need to improve the process of how docker images are built.
This is now pending https://github.com/docker-library/official-images/pull/15189 being merged.
Thanks for being patient, everyone.
See https://github.com/caddyserver/caddy/releases/tag/v2.7.3