Merge branch 'release/v1.29.4-1'

Author: Jenkins Agent User

CHANGELOG.md

@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v1.29.4-1] - 2025-12-16
+### Changed
+- [#132] Upgrade nginx to v1.29.4
+- [#132] Upgrade base to 3.22.0-5
+- [#132] Added pipe-build-lib
+
 ## [v1.28.0-3] - 2025-11-25
 ### Fixed
 - [#130] TLS 1.3 Ciphers require a different configuration key in ssl.conf

Dockerfile

@@ -2,7 +2,7 @@ FROM node:lts-alpine as templating
 
 ENV WORKDIR=/template \
     # Used in template to invalidate caches - do not remove. The release script will auto update this line
-    VERSION="1.28.0-3"
+    VERSION="1.29.4-1"
 
 RUN mkdir -p ${WORKDIR}
 WORKDIR ${WORKDIR}
@@ -14,12 +14,12 @@ RUN yarn install
 RUN node template-colors.js  ${WORKDIR}/resources/var/www/html/styles/default.css.tpl ${WORKDIR}/build/default.css
 RUN node template-error-pages.js ${WORKDIR}/resources/var/www/html/errors/error-page.html.tpl ${WORKDIR}/build/errors
 
-FROM registry.cloudogu.com/official/base:3.22.0-2 as builder
+FROM registry.cloudogu.com/official/base:3.22.0-5 as builder
 LABEL maintainer="hello@cloudogu.com"
 
 # dockerfile is based on https://github.com/dockerfile/nginx and https://github.com/bellycard/docker-loadbalancer
-ENV NGINX_VERSION=1.28.0 \
-    NGINX_TAR_SHA256="c6b5c6b086c0df9d3ca3ff5e084c1d0ef909e6038279c71c1c3e985f576ff76a" \
+ENV NGINX_VERSION=1.29.4 \
+    NGINX_TAR_SHA256="5a7d37eee505866fbab5810fa9f78247d6d5d9157a595c4e7a72043141ddab25" \
     CES_CONFD_VERSION=0.11.0 \
     CES_CONFD_TAR_SHA256="85809a3e9e0b56d58c53f958872809eab1026124a73a06eedfcdeba9ca73ec9a" \
     WARP_MENU_VERSION=2.0.3 \
@@ -65,14 +65,14 @@ RUN wget --progress=bar:force:noscroll -O /tmp/warp.zip https://github.com/cloud
     && echo "${WARP_MENU_ZIP_SHA256} */tmp/warp.zip" | sha256sum -c - \
     && unzip /tmp/warp.zip -d /build/var/www/html
 
-FROM registry.cloudogu.com/official/base:3.22.0-2
+FROM registry.cloudogu.com/official/base:3.22.0-5
 LABEL maintainer="hello@cloudogu.com" \
       NAME="official/nginx" \
-      VERSION="1.28.0-3"
+      VERSION="1.29.4-1"
 
 ENV CES_MAINTENANCE_MODE=false \
     # Used in template to invalidate caches - do not remove. The release script will auto update this line
-    VERSION="1.28.0-3"
+    VERSION="1.29.4-1"
 
 RUN set -x -o errexit \
  && set -o nounset \

Jenkinsfile

@@ -1,157 +1,38 @@
-#!groovy
-@Library(['github.com/cloudogu/dogu-build-lib@v3.2.0', 'github.com/cloudogu/ces-build-lib@4.2.0']) _
-import com.cloudogu.ces.dogubuildlib.*
-import com.cloudogu.ces.cesbuildlib.*
-
-node('vagrant') {
-    String doguName = "nginx"
-    timestamps{
-        properties([
-                // Keep only the last x builds to preserve space
-                buildDiscarder(logRotator(numToKeepStr: '10')),
-                // Don't run concurrent builds for a branch, because they use the same workspace directory
-                disableConcurrentBuilds(),
-                // Parameter to activate dogu upgrade test on demand
-                parameters([
-                        booleanParam(defaultValue: true, description: 'Enables cypress to record video of the integration tests.', name: 'EnableVideoRecording'),
-                        booleanParam(defaultValue: true, description: 'Enables cypress to take screenshots of failing integration tests.', name: 'EnableScreenshotRecording'),
-                        booleanParam(defaultValue: false, description: 'Test dogu upgrade from latest release or optionally from defined version below', name: 'TestDoguUpgrade'),
-                        string(defaultValue: '', description: 'Old Dogu version for the upgrade test (optional; e.g. 3.23.0-1)', name: 'OldDoguVersionForUpgradeTest'),
-                        choice(name: 'TrivySeverityLevels', choices: [TrivySeverityLevel.CRITICAL, TrivySeverityLevel.HIGH_AND_ABOVE, TrivySeverityLevel.MEDIUM_AND_ABOVE, TrivySeverityLevel.ALL], description: 'The levels to scan with trivy', defaultValue: TrivySeverityLevel.CRITICAL),
-                        choice(name: 'TrivyStrategy', choices: [TrivyScanStrategy.UNSTABLE, TrivyScanStrategy.FAIL, TrivyScanStrategy.IGNORE], description: 'Define whether the build should be unstable, fail or whether the error should be ignored if any vulnerability was found.', defaultValue: TrivyScanStrategy.UNSTABLE),
-                ])
-        ])
-
-        EcoSystem ecoSystem = new EcoSystem(this, "gcloud-ces-operations-internal-packer", "jenkins-gcloud-ces-operations-internal")
-        Git git = new Git(this, "cesmarvin")
-        git.committerName = 'cesmarvin'
-        git.committerEmail = 'cesmarvin@cloudogu.com'
-        GitFlow gitflow = new GitFlow(this, git)
-        GitHub github = new GitHub(this, git)
-        Changelog changelog = new Changelog(this)
-
-        stage('Checkout') {
-            checkout scm
-        }
-
-        stage('Lint') {
-            Dockerfile dockerfile = new Dockerfile(this)
-            dockerfile.lint()
-        }
-
-        stage('Check Markdown Links') {
-            Markdown markdown = new Markdown(this, "3.11.0")
-            markdown.check()
-        }
-
-        stage('Shellcheck'){
-            shellCheck('./resources/startup.sh ./nginx-build/build.sh')
-        }
-
-        try {
-
-            stage('Provision') {
-                // change namespace to prerelease_namespace if in develop-branch
-                if (gitflow.isPreReleaseBranch()) {
-                    sh "make prerelease_namespace"
-                }
-                ecoSystem.provision("/dogu")
-            }
-
-            stage('Setup') {
-                ecoSystem.loginBackend('cesmarvin-setup')
-                ecoSystem.setup()
-            }
-
-            stage('Build') {
-                // purge nginx from official namespace to prevent conflicts while building prerelease_official/nginx
-                if (gitflow.isPreReleaseBranch()) {
-                    ecoSystem.purgeDogu("nginx")
-                }
-                ecoSystem.build("/dogu")
-            }
-
-            stage('Trivy scan') {
-                ecoSystem.copyDoguImageToJenkinsWorker("/dogu")
-                Trivy trivy = new Trivy(this)
-                trivy.scanDogu(".", params.TrivySeverityLevels, params.TrivyStrategy)
-                trivy.saveFormattedTrivyReport(TrivyScanFormat.TABLE)
-                trivy.saveFormattedTrivyReport(TrivyScanFormat.JSON)
-                trivy.saveFormattedTrivyReport(TrivyScanFormat.HTML)
-            }
-
-            stage('Prepare integration tests') {
-                setIntegrationTestKeys(ecoSystem)
-            }
-
-            stage('Verify') {
-                ecoSystem.verify("/dogu")
-            }
-
-            stage('Wait for dependencies') {
-                timeout(15) {
-                    ecoSystem.waitForDogu("cas")
-                }
-            }
-
-            stage('Integration tests') {
-                ecoSystem.runCypressIntegrationTests([cypressImage     : "cypress/included:13.14.0",
-                                                      enableVideo      : params.EnableVideoRecording,
-                                                      enableScreenshots: params.EnableScreenshotRecording])
-            }
-
-            if (params.TestDoguUpgrade != null && params.TestDoguUpgrade) {
-                stage('Upgrade dogu') {
-                    ecoSystem.upgradeFromPreviousRelease(params.OldDoguVersionForUpgradeTest, doguName)
-                }
-
-                stage('Prepare integration tests - After Upgrade') {
-                  setIntegrationTestKeys(ecoSystem)
-                  ecoSystem.restartDogu("nginx")
-                }
-
-                stage('Wait for dependencies - After Upgrade') {
-                    timeout(15) {
-                        ecoSystem.waitForDogu("cas")
-                    }
-                }
-
-                stage('Integration Tests - After Upgrade'){
-                    // Run integration tests again to verify that the upgrade was successful
-                    ecoSystem.runCypressIntegrationTests([cypressImage     : "cypress/included:13.14.0",
-                                                          enableVideo      : params.EnableVideoRecording,
-                                                          enableScreenshots: params.EnableScreenshotRecording])
-                }
-            }
-            if (gitflow.isReleaseBranch()) {
-                String releaseVersion = git.getSimpleBranchName()
-
-                stage('Finish Release') {
-                    gitflow.finishRelease(releaseVersion)
-                }
-
-                stage('Push Dogu to registry') {
-                    ecoSystem.push("/dogu")
-                }
+@Library([
+  'pipe-build-lib',
+  'ces-build-lib',
+  'dogu-build-lib'
+]) _
+
+def pipe = new com.cloudogu.sos.pipebuildlib.DoguPipe(this, [
+    doguName            : "nginx",
+    shellScripts        : '''
+                            ./resources/startup.sh 
+                            ./nginx-build/build.sh
+                          ''',
+    checkMarkdown       : true,
+    cypressImage        : 'cypress/included:13.14.0',
+    runIntegrationTests : true,
+    dependedDogus       : ['cas']
+
+])
+com.cloudogu.ces.dogubuildlib.EcoSystem ecoSystem = pipe.ecoSystem
+
+pipe.setBuildProperties()
+pipe.addDefaultStages()
+
+pipe.insertStageAfter("trivy scan","Prepare integration tests") {
+    setIntegrationTestKeys(ecoSystem)
+}
 
-                stage ('Add Github-Release'){
-                    github.createReleaseWithChangelog(releaseVersion, changelog)
-                }
-            } else if (gitflow.isPreReleaseBranch()) {
-                // push to registry in prerelease_namespace
-                stage('Push Prerelease Dogu to registry') {
-                    ecoSystem.pushPreRelease("/dogu")
-                }
-            }
 
-        } finally {
-            stage('Clean') {
-                ecoSystem.destroy()
-            }
-        }
-    }
+pipe.insertStageAfter("upgrade dogu","Prepare integration tests") {
+    setIntegrationTestKeys(ecoSystem)
+    ecoSystem.restartDogu("nginx")
 }
 
+pipe.run()
+
 void setIntegrationTestKeys(ecoSystem){
   // static HTML config
   ecoSystem.vagrant.ssh "sudo cp /dogu/integrationTests/privacy_policies.html /var/lib/ces/nginx/volumes/customhtml/"

docs/gui/release_notes_de.md

@@ -6,6 +6,9 @@ Technische Details zu einem Release finden Sie im zugehörigen [Changelog](https
 
 ## [Unreleased]
 
+## [v1.29.4-1] - 2025-12-16
+- Wir haben nur technische Änderungen vorgenommen. Näheres finden Sie in den Changelogs.
+
 ## [v1.28.0-3] - 2025-11-25
 - Nginx unterstützt TLS v1.3
 - Für TLS v1.2 und v1.3 werden nur Ciphers benutzt die mit den BSI-Richtlinien kompatibel sind

docs/gui/release_notes_en.md

@@ -6,6 +6,9 @@ Technical details on a release can be found in the corresponding [Changelog](htt
 
 ## [Unreleased]
 
+## [v1.29.4-1] - 2025-12-16
+- We have only made technical changes. You can find more details in the changelogs.
+
 ## [v1.28.0-3] - 2025-11-25
 - Nginx supports TLS v1.3
 - For TLS v1.2 and v1.3 only ciphers that are recommended by the BSI Guidelines are used

dogu.json

@@ -1,6 +1,6 @@
 {
   "Name": "official/nginx",
-  "Version": "1.28.0-3",
+  "Version": "1.29.4-1",
   "DisplayName": "Nginx",
   "Description": "Nginx WebServer.",
   "Logo": "https://cloudogu.com/images/dogus/nginx.png",