From 2386a2648eb9f5fdd5da0197dfaad4dd6e854c51 Mon Sep 17 00:00:00 2001 From: fragoler Date: Fri, 13 Feb 2026 21:29:55 +0300 Subject: [PATCH 01/11] docker pipeline --- .dockerignore | 2 + .github/workflows/publish-changelog.yml | 29 ---------- .github/workflows/publish-testing.yml | 45 --------------- .github/workflows/publish.yml | 57 ++++++++++++++----- Dockerfile | 27 +++++++++ Tools/publish_client.py | 74 +++++++++++++++++++++++++ 6 files changed, 147 insertions(+), 87 deletions(-) create mode 100644 .dockerignore delete mode 100644 .github/workflows/publish-changelog.yml delete mode 100644 .github/workflows/publish-testing.yml create mode 100644 Dockerfile create mode 100644 Tools/publish_client.py diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000000..65f08d6bb8a --- /dev/null +++ b/.dockerignore @@ -0,0 +1,2 @@ +./* +!release/ diff --git a/.github/workflows/publish-changelog.yml b/.github/workflows/publish-changelog.yml deleted file mode 100644 index c0d280a208c..00000000000 --- a/.github/workflows/publish-changelog.yml +++ /dev/null @@ -1,29 +0,0 @@ -# # SPDX-FileCopyrightText: 2023 Debug -# # SPDX-FileCopyrightText: 2025 Redrover1760 -# # -# # SPDX-License-Identifier: AGPL-3.0-or-later - -# name: Publish Changelog - -# on: -# workflow_dispatch: -# schedule: -# - cron: '0 10 * * *' - -# jobs: -# publish_changelog: -# runs-on: ubuntu-latest -# steps: - -# - name: checkout -# uses: actions/checkout@v3 -# with: -# token: ${{secrets.GITHUB_TOKEN}} -# ref: main - -# - name: Publish changelog -# run: Tools/actions_changelogs_since_last_run.py -# env: -# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} -# DISCORD_WEBHOOK_URL: ${{ secrets.CHANGELOG_DISCORD_WEBHOOK }} -# continue-on-error: true diff --git a/.github/workflows/publish-testing.yml b/.github/workflows/publish-testing.yml deleted file mode 100644 index 89881e8fdb2..00000000000 --- a/.github/workflows/publish-testing.yml +++ /dev/null @@ -1,45 +0,0 @@ -name: Publish Testing - -concurrency: - group: publish-testing - -on: - workflow_dispatch: -# schedule: # Frontier: disable auto-schedule -# - cron: '0 10 * * *' - -jobs: - build: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3.6.0 - with: - submodules: 'recursive' - - name: Setup .NET Core - uses: actions/setup-dotnet@v3.2.0 - with: - dotnet-version: 9.0.x - - - name: Get Engine Tag - run: | - cd RobustToolbox - git fetch --depth=1 - - - name: Install dependencies - run: dotnet restore - - - name: Build Packaging - run: dotnet build Content.Packaging --configuration Release --no-restore /m - - - name: Package server - run: dotnet run --project Content.Packaging server --platform win-x64 --platform linux-x64 --platform osx-x64 --platform linux-arm64 - - - name: Package client - run: dotnet run --project Content.Packaging client --no-wipe-release - - - name: Publish version - run: Tools/publish_multi_request.py --fork-id wizards-testing - env: - PUBLISH_TOKEN: ${{ secrets.PUBLISH_TOKEN }} - GITHUB_REPOSITORY: ${{ vars.GITHUB_REPOSITORY }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index fc5f58029fd..162e1e0732a 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -39,20 +39,51 @@ jobs: - name: Package client run: dotnet run --project Content.Packaging client --no-wipe-release + + # --- Publish artifacts --- + - name: Upload server artifact + uses: actions/upload-artifact@v4 + with: + name: ss14-server-linux + path: ./release/SS14.Server_linux-x64.zip - - name: Publish version - run: Tools/publish_multi_request.py + - name: Publish version # Push client to CDN + run: Tools/publish_client.py env: - PUBLISH_TOKEN: ${{ secrets.PUBLISH_TOKEN }} - GITHUB_REPOSITORY: ${{ vars.GITHUB_REPOSITORY }} + PUBLISH_TOKEN : ${{ secrets.PUBLISH_TOKEN }} + ROBUST_CDN_URL: ${{ vars.ROBUST_CDN_URL }} + FORK_ID : ${{ vars.FORK_ID }} + + docker: + runs-on: ubuntu-latest + needs: build + + steps: + - name: Checkout repository + uses: actions/checkout@v3.6.0 - - name: Publish changelog (Discord) - run: Tools/actions_changelogs_since_last_run.py - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - DISCORD_WEBHOOK_URL: ${{ secrets.CHANGELOG_DISCORD_WEBHOOK }} + - name: Download server artifact + uses: actions/download-artifact@v4 + with: + name: ss14-server-linux + path: docker-build + + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - #- name: Publish changelog (RSS) - # run: Tools/actions_changelog_rss.py - # env: - # CHANGELOG_RSS_KEY: ${{ secrets.CHANGELOG_RSS_KEY }} + - name: Build and push Docker image + uses: docker/build-push-action@v6 + with: + context: . + file: ./Dockerfile + build-args: | + SERVER_ZIP=./docker-build/SS14.Server_linux-x64.zip + push: true + tags: | + ghcr.io/${{ github.repository_owner }}/monolith-server:latest + ghcr.io/${{ github.repository_owner }}/monolith-server:${{ github.sha }} + diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000000..ac1bc9e7505 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,27 @@ +FROM debian:trixie-slim AS build +WORKDIR /src + +RUN apt update \ + && apt install -y --no-install-recommends \ + unzip \ + ca-certificates \ + curl \ + && rm -rf /var/lib/apt/lists/* + + +COPY release/SS14.Server_linux-x64.zip . +RUN unzip SS14.Server_linux-x64.zip -d server/ \ + && rm SS14.Server_linux-x64.zip + + +RUN find /src/server/ -type f -name "*.zip" -delete \ + && find /src/server/ -type f -name "*.tar.gz" -delete \ + && chmod +x /src/server/Robust.Server + + +FROM mcr.microsoft.com/dotnet/runtime:9.0 AS final +WORKDIR /app + +COPY --from=build /src/server/ . + +ENTRYPOINT [ "./Robust.Server" ] diff --git a/Tools/publish_client.py b/Tools/publish_client.py new file mode 100644 index 00000000000..1084880f0f0 --- /dev/null +++ b/Tools/publish_client.py @@ -0,0 +1,74 @@ +#!/usr/bin/env python3 + +import argparse +import requests +import os +import subprocess +from typing import Iterable + +PUBLISH_TOKEN : str = os.environ["PUBLISH_TOKEN"] +ROBUST_CDN_URL: str = os.environ["CDN_URL"] +FORK_ID : str = os.environ["FORK_ID"] +VERSION : str = os.environ["GITHUB_SHA"] + + +RELEASE_DIR : str = "release" +CLIENT_FILE_NAME: str = "SS14.Client.zip" + +def main(): + parser = argparse.ArgumentParser() + parser.add_argument("--fork-id", default=FORK_ID) + + args = parser.parse_args() + fork_id = args.fork_id + + session = requests.Session() + session.headers = { + "Authorization": f"Bearer {PUBLISH_TOKEN}", + } + + print(f"Starting publish on Robust.Cdn for version {VERSION}") + + data = { + "version": VERSION, + "engineVersion": get_engine_version(), + } + headers = { + "Content-Type": "application/json" + } + resp = session.post(f"{ROBUST_CDN_URL}fork/{fork_id}/publish/start", json=data, headers=headers) + resp.raise_for_status() + print("Publish successfully started!...") + + file = os.path.join(RELEASE_DIR, CLIENT_FILE_NAME) + print(f"Publishing {file} ...") + + with open(file, "rb") as f: + headers = { + "Content-Type": "application/octet-stream", + "Robust-Cdn-Publish-File": os.path.basename(file), + "Robust-Cdn-Publish-Version": VERSION + } + resp = session.post(f"{ROBUST_CDN_URL}fork/{fork_id}/publish/file", data=f, headers=headers) + resp.raise_for_status() + print("Successfully pushed files, finishing publish...") + + data = { + "version": VERSION + } + headers = { + "Content-Type": "application/json" + } + resp = session.post(f"{ROBUST_CDN_URL}fork/{fork_id}/publish/finish", json=data, headers=headers) + resp.raise_for_status() + + print("SUCCESS!") + +def get_engine_version() -> str: + proc = subprocess.run(["git", "describe","--tags", "--abbrev=0"], stdout=subprocess.PIPE, cwd="RobustToolbox", check=True, encoding="UTF-8") + tag = proc.stdout.strip() + assert tag.startswith("v") + return tag[1:] # Cut off v prefix. + +if __name__ == '__main__': + main() From 87092be4a52ecbaa3fde0f2841c1f1345bf9f2ef Mon Sep 17 00:00:00 2001 From: Fragoler Date: Fri, 13 Feb 2026 23:22:24 +0300 Subject: [PATCH 02/11] to hybrid-acz --- .github/workflows/publish.yml | 5 +-- Dockerfile | 12 ++---- Tools/publish_client.py | 74 ----------------------------------- 3 files changed, 5 insertions(+), 86 deletions(-) delete mode 100644 Tools/publish_client.py diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 162e1e0732a..393b528db88 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -35,10 +35,7 @@ jobs: run: dotnet build Content.Packaging --configuration Release --no-restore /m - name: Package server - run: dotnet run --project Content.Packaging server --platform win-x64 --platform linux-x64 --platform osx-x64 --platform linux-arm64 - - - name: Package client - run: dotnet run --project Content.Packaging client --no-wipe-release + run: dotnet run --project Content.Packaging server --platform linux-x64 --hybrid-acz # --- Publish artifacts --- - name: Upload server artifact diff --git a/Dockerfile b/Dockerfile index ac1bc9e7505..90fe24af5b2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,15 +9,11 @@ RUN apt update \ && rm -rf /var/lib/apt/lists/* -COPY release/SS14.Server_linux-x64.zip . -RUN unzip SS14.Server_linux-x64.zip -d server/ \ - && rm SS14.Server_linux-x64.zip - - -RUN find /src/server/ -type f -name "*.zip" -delete \ - && find /src/server/ -type f -name "*.tar.gz" -delete \ - && chmod +x /src/server/Robust.Server +COPY release/SS14.Server_linux-x64.zip /tmp/server.zip +RUN unzip /tmp/server.zip -d server/ \ + && rm /tmp/server.zip +RUN chmod +x /src/server/Robust.Server FROM mcr.microsoft.com/dotnet/runtime:9.0 AS final WORKDIR /app diff --git a/Tools/publish_client.py b/Tools/publish_client.py deleted file mode 100644 index 1084880f0f0..00000000000 --- a/Tools/publish_client.py +++ /dev/null @@ -1,74 +0,0 @@ -#!/usr/bin/env python3 - -import argparse -import requests -import os -import subprocess -from typing import Iterable - -PUBLISH_TOKEN : str = os.environ["PUBLISH_TOKEN"] -ROBUST_CDN_URL: str = os.environ["CDN_URL"] -FORK_ID : str = os.environ["FORK_ID"] -VERSION : str = os.environ["GITHUB_SHA"] - - -RELEASE_DIR : str = "release" -CLIENT_FILE_NAME: str = "SS14.Client.zip" - -def main(): - parser = argparse.ArgumentParser() - parser.add_argument("--fork-id", default=FORK_ID) - - args = parser.parse_args() - fork_id = args.fork_id - - session = requests.Session() - session.headers = { - "Authorization": f"Bearer {PUBLISH_TOKEN}", - } - - print(f"Starting publish on Robust.Cdn for version {VERSION}") - - data = { - "version": VERSION, - "engineVersion": get_engine_version(), - } - headers = { - "Content-Type": "application/json" - } - resp = session.post(f"{ROBUST_CDN_URL}fork/{fork_id}/publish/start", json=data, headers=headers) - resp.raise_for_status() - print("Publish successfully started!...") - - file = os.path.join(RELEASE_DIR, CLIENT_FILE_NAME) - print(f"Publishing {file} ...") - - with open(file, "rb") as f: - headers = { - "Content-Type": "application/octet-stream", - "Robust-Cdn-Publish-File": os.path.basename(file), - "Robust-Cdn-Publish-Version": VERSION - } - resp = session.post(f"{ROBUST_CDN_URL}fork/{fork_id}/publish/file", data=f, headers=headers) - resp.raise_for_status() - print("Successfully pushed files, finishing publish...") - - data = { - "version": VERSION - } - headers = { - "Content-Type": "application/json" - } - resp = session.post(f"{ROBUST_CDN_URL}fork/{fork_id}/publish/finish", json=data, headers=headers) - resp.raise_for_status() - - print("SUCCESS!") - -def get_engine_version() -> str: - proc = subprocess.run(["git", "describe","--tags", "--abbrev=0"], stdout=subprocess.PIPE, cwd="RobustToolbox", check=True, encoding="UTF-8") - tag = proc.stdout.strip() - assert tag.startswith("v") - return tag[1:] # Cut off v prefix. - -if __name__ == '__main__': - main() From 6b09b73279851f40625d1ad57306decd2faca3c8 Mon Sep 17 00:00:00 2001 From: Fragoler Date: Sat, 14 Feb 2026 00:20:29 +0300 Subject: [PATCH 03/11] update for docker --- .github/workflows/publish.yml | 140 +++++++++++++++++++++------------- Dockerfile | 29 +++++-- 2 files changed, 112 insertions(+), 57 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 393b528db88..231f6de2da2 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -2,32 +2,62 @@ name: Publish on: workflow_dispatch: - # Frontier: re-enabled autopublish bawk + push: + tags: + - 'v*.*.*-*' + - 'v*.*.*' concurrency: group: publish + cancel-in-progress: false + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository_owner }}/monolith-server jobs: build: runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + outputs: + image_tag: ${{ steps.meta.outputs.tags }} + image_digest: ${{ steps.build.outputs.digest }} - steps: - - name: Install dependencies - run: sudo apt-get install -y python3-paramiko python3-lxml - - uses: actions/checkout@v3.6.0 + steps: + - uses: actions/checkout@v4 with: submodules: 'recursive' + + - name: Extract version from tag + id: version + run: | + if [[ ${{ github.ref }} == refs/tags/* ]]; then + VERSION=${GITHUB_REF#refs/tags/} + VERSION=${VERSION#v} # Убираем 'v' если есть + echo "version=${VERSION}" >> $GITHUB_OUTPUT + echo "tag_with_v=v${VERSION}" >> $GITHUB_OUTPUT + else + echo "version=dev-${{ github.sha }}" >> $GITHUB_OUTPUT + echo "tag_with_v=dev" >> $GITHUB_OUTPUT + fi + - name: Setup .NET Core - uses: actions/setup-dotnet@v3.2.0 + uses: actions/setup-dotnet@v5.1.0 with: dotnet-version: 9.0.x - + cache: true + cache-dependency-path: '**/packages.lock.json' + - name: Get Engine Tag run: | cd RobustToolbox git fetch --depth=1 + # --- Packaging - name: Install dependencies run: dotnet restore @@ -36,51 +66,57 @@ jobs: - name: Package server run: dotnet run --project Content.Packaging server --platform linux-x64 --hybrid-acz + # --- - # --- Publish artifacts --- - - name: Upload server artifact - uses: actions/upload-artifact@v4 - with: - name: ss14-server-linux - path: ./release/SS14.Server_linux-x64.zip - - - name: Publish version # Push client to CDN - run: Tools/publish_client.py - env: - PUBLISH_TOKEN : ${{ secrets.PUBLISH_TOKEN }} - ROBUST_CDN_URL: ${{ vars.ROBUST_CDN_URL }} - FORK_ID : ${{ vars.FORK_ID }} - - docker: - runs-on: ubuntu-latest - needs: build - - steps: - - name: Checkout repository - uses: actions/checkout@v3.6.0 + # --- Dockerized + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - - name: Download server artifact - uses: actions/download-artifact@v4 - with: - name: ss14-server-linux - path: docker-build - - - name: Log in to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=semver,pattern={{version}},value=${{ steps.version.outputs.version }} + type=semver,pattern={{major}}.{{minor}},value=${{ steps.version.outputs.version }} + type=semver,pattern={{major}},value=${{ steps.version.outputs.version }} + type=ref,event=branch + type=sha,prefix={{branch}}- + type=raw,value=latest,enable={{is_default_branch}} - - name: Build and push Docker image - uses: docker/build-push-action@v6 - with: - context: . - file: ./Dockerfile - build-args: | - SERVER_ZIP=./docker-build/SS14.Server_linux-x64.zip - push: true - tags: | - ghcr.io/${{ github.repository_owner }}/monolith-server:latest - ghcr.io/${{ github.repository_owner }}/monolith-server:${{ github.sha }} - + - name: Build and push Docker image + id: build + uses: docker/build-push-action@v6 + with: + context: . + file: ./Dockerfile + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + build-args: | + VERSION=${{ steps.version.outputs.version }} + BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') + VCS_REF=${{ github.sha }} + + - name: Create Release (only on tag) + if: startsWith(github.ref, 'refs/tags/') + uses: ncipollo/release-action@v1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + name: Release ${{ steps.version.outputs.tag_with_v }} + body: | + Docker image: `${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}` + SHA: `${{ github.sha }}` + draft: false + prerelease: false + # --- diff --git a/Dockerfile b/Dockerfile index 90fe24af5b2..37e971a2582 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,16 @@ +# syntax=docker/dockerfile:1 + FROM debian:trixie-slim AS build WORKDIR /src -RUN apt update \ - && apt install -y --no-install-recommends \ - unzip \ - ca-certificates \ - curl \ +ARG VERSION=dev +ARG BUILD_DATE +ARG VCS_REF + +RUN apt-get update && apt-get install -y --no-install-recommends \ + unzip \ + ca-certificates \ + curl \ && rm -rf /var/lib/apt/lists/* @@ -15,9 +20,23 @@ RUN unzip /tmp/server.zip -d server/ \ RUN chmod +x /src/server/Robust.Server + FROM mcr.microsoft.com/dotnet/runtime:9.0 AS final WORKDIR /app +ARG VERSION=dev +ARG BUILD_DATE +ARG VCS_REF + +LABEL org.opencontainers.image.version="${VERSION}" \ + org.opencontainers.image.created="${BUILD_DATE}" \ + org.opencontainers.image.revision="${VCS_REF}" \ + org.opencontainers.image.title="Exodus Monolith Server" \ + org.opencontainers.image.description="SS14 Exodus Monolith Server" + COPY --from=build /src/server/ . +HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ + CMD curl -f http://localhost:1212/status || exit 1 + ENTRYPOINT [ "./Robust.Server" ] From 4ee1ae17300fa690d2ac26840a7a2ec22fe24595 Mon Sep 17 00:00:00 2001 From: Fragoler Date: Sat, 14 Feb 2026 00:38:53 +0300 Subject: [PATCH 04/11] fix setup dotnet --- .github/workflows/publish.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 231f6de2da2..610d7e7b67b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -49,8 +49,6 @@ jobs: uses: actions/setup-dotnet@v5.1.0 with: dotnet-version: 9.0.x - cache: true - cache-dependency-path: '**/packages.lock.json' - name: Get Engine Tag run: | From 8df160ca983d70013172ec51c1b810f83235a41e Mon Sep 17 00:00:00 2001 From: Fragoler Date: Sat, 14 Feb 2026 00:42:47 +0300 Subject: [PATCH 05/11] minor changes --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 610d7e7b67b..53a78782d4a 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -37,7 +37,7 @@ jobs: run: | if [[ ${{ github.ref }} == refs/tags/* ]]; then VERSION=${GITHUB_REF#refs/tags/} - VERSION=${VERSION#v} # Убираем 'v' если есть + VERSION=${VERSION#v} echo "version=${VERSION}" >> $GITHUB_OUTPUT echo "tag_with_v=v${VERSION}" >> $GITHUB_OUTPUT else From 655a1498568792ac705f989eb9ff18a1cf53d56e Mon Sep 17 00:00:00 2001 From: Fragoler Date: Sat, 14 Feb 2026 00:52:33 +0300 Subject: [PATCH 06/11] remove branch-sha --- .github/workflows/publish.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 53a78782d4a..f1e04b7adc5 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -87,7 +87,6 @@ jobs: type=semver,pattern={{major}}.{{minor}},value=${{ steps.version.outputs.version }} type=semver,pattern={{major}},value=${{ steps.version.outputs.version }} type=ref,event=branch - type=sha,prefix={{branch}}- type=raw,value=latest,enable={{is_default_branch}} - name: Build and push Docker image From 4c492f2a5f2527c477ba9f8e143488c00c6168c4 Mon Sep 17 00:00:00 2001 From: Fragoler Date: Sat, 14 Feb 2026 01:09:52 +0300 Subject: [PATCH 07/11] fix permission --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index f1e04b7adc5..f46c22a4315 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,7 +19,7 @@ jobs: build: runs-on: ubuntu-latest permissions: - contents: read + contents: write packages: write outputs: From 369792b6d2a7db1e52d799c1c13e68e94cacb311 Mon Sep 17 00:00:00 2001 From: Fragoler Date: Sat, 21 Feb 2026 11:06:52 +0300 Subject: [PATCH 08/11] remove release creation --- .github/workflows/publish.yml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index f46c22a4315..9907b839ad6 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -104,16 +104,4 @@ jobs: VERSION=${{ steps.version.outputs.version }} BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') VCS_REF=${{ github.sha }} - - - name: Create Release (only on tag) - if: startsWith(github.ref, 'refs/tags/') - uses: ncipollo/release-action@v1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - name: Release ${{ steps.version.outputs.tag_with_v }} - body: | - Docker image: `${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}` - SHA: `${{ github.sha }}` - draft: false - prerelease: false # --- From 467e09afe2bcff89760b9ca28c1e0daaf501a789 Mon Sep 17 00:00:00 2001 From: Fragoler Date: Sat, 21 Feb 2026 11:13:12 +0300 Subject: [PATCH 09/11] fix potential vulnerability --- .github/workflows/publish.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 9907b839ad6..6df6f234289 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -35,7 +35,7 @@ jobs: - name: Extract version from tag id: version run: | - if [[ ${{ github.ref }} == refs/tags/* ]]; then + if [[ "${{ github.ref }}" == refs/tags/* ]]; then VERSION=${GITHUB_REF#refs/tags/} VERSION=${VERSION#v} echo "version=${VERSION}" >> $GITHUB_OUTPUT @@ -44,6 +44,10 @@ jobs: echo "version=dev-${{ github.sha }}" >> $GITHUB_OUTPUT echo "tag_with_v=dev" >> $GITHUB_OUTPUT fi + + - name: Get build date + id: date + run: echo "build_date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT - name: Setup .NET Core uses: actions/setup-dotnet@v5.1.0 @@ -102,6 +106,6 @@ jobs: cache-to: type=gha,mode=max build-args: | VERSION=${{ steps.version.outputs.version }} - BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') + BUILD_DATE=${{ steps.date.outputs.build_date }} VCS_REF=${{ github.sha }} # --- From bafed1b145b64d176b9c7c02dd5110b43581afa7 Mon Sep 17 00:00:00 2001 From: Fragoler Date: Sat, 21 Feb 2026 11:13:32 +0300 Subject: [PATCH 10/11] dockerfile tiny fixes --- Dockerfile | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 37e971a2582..3bbfe60c65c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,7 +24,7 @@ RUN chmod +x /src/server/Robust.Server FROM mcr.microsoft.com/dotnet/runtime:9.0 AS final WORKDIR /app -ARG VERSION=dev +ARG VERSION=release ARG BUILD_DATE ARG VCS_REF @@ -34,9 +34,11 @@ LABEL org.opencontainers.image.version="${VERSION}" \ org.opencontainers.image.title="Exodus Monolith Server" \ org.opencontainers.image.description="SS14 Exodus Monolith Server" +RUN groupadd -r ss14 && useradd -r -g ss14 -d /app ss14 + COPY --from=build /src/server/ . -HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ - CMD curl -f http://localhost:1212/status || exit 1 +RUN chown -R ss14:ss14 /app +USER ss14 ENTRYPOINT [ "./Robust.Server" ] From 68fe3662b7588024096b0f91ebb722bd7690f3fa Mon Sep 17 00:00:00 2001 From: Fragoler Date: Sat, 21 Feb 2026 11:22:15 +0300 Subject: [PATCH 11/11] remove unused build args --- Dockerfile | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3bbfe60c65c..b19aac215e6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,9 +3,6 @@ FROM debian:trixie-slim AS build WORKDIR /src -ARG VERSION=dev -ARG BUILD_DATE -ARG VCS_REF RUN apt-get update && apt-get install -y --no-install-recommends \ unzip \ @@ -24,7 +21,7 @@ RUN chmod +x /src/server/Robust.Server FROM mcr.microsoft.com/dotnet/runtime:9.0 AS final WORKDIR /app -ARG VERSION=release +ARG VERSION ARG BUILD_DATE ARG VCS_REF