Skip to content

JCU/Docker update#1345

Merged
milanmajchrak merged 5 commits into
customer/jcufrom
jcu/docker-update
Jun 29, 2026
Merged

JCU/Docker update#1345
milanmajchrak merged 5 commits into
customer/jcufrom
jcu/docker-update

Conversation

@Kasinhou

@Kasinhou Kasinhou commented Jun 25, 2026

Copy link
Copy Markdown

Problem description

Manual Testing (if applicable)

Copilot review

  • Requested review from Copilot

@Kasinhou Kasinhou self-assigned this Jun 25, 2026
@coderabbitai

coderabbitai Bot commented Jun 25, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9c027482-d5e8-40a1-85af-1e3e7ea9786e

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the project’s Docker images and GitHub Actions workflows to better support Dataquest’s publishing/release flow, adds new Postgres images with pgcrypto, and hardens the main runtime container to run as a non-root user.

Changes:

  • Add new Postgres Docker images to enable pgcrypto (including a curl/loadsql flavor) and wire them into the Docker CI workflow.
  • Adjust GitHub Actions Docker build/release workflows (tagging, registry login/push behavior, triggers) and add a small script to emit build/version metadata into the image build context.
  • Update the main backend Dockerfile to run DSpace as a dedicated numeric-UID user (Kubernetes-friendly).

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 16 comments.

Show a summary per file
File Description
scripts/sourceversion.py New helper script to print build timestamp + git hash and a build-run link (used by Docker CI).
dspace/src/main/docker/dspace-postgres-pgcrypto/install-pgcrypto.sh New init script to create extensions schema and enable pgcrypto.
dspace/src/main/docker/dspace-postgres-pgcrypto/Dockerfile New Postgres image definition which installs the pgcrypto init script.
dspace/src/main/docker/dspace-postgres-pgcrypto-curl/install-pgcrypto.sh Extends existing loadsql init script to also enable pgcrypto.
dspace/src/main/docker/dspace-postgres-pgcrypto-curl/Dockerfile New Postgres+curl image definition for loading SQL dumps + enabling pgcrypto.
dspace/src/main/docker/dspace-postgres-loadsql/Dockerfile Removes the previous postgres-loadsql image Dockerfile.
Dockerfile Switch runtime to a non-root dspace user with a fixed UID and ownership updates.
.github/workflows/tag-release.yml New workflow to retag sha-tagged images to a git tag and push to DockerHub.
.github/workflows/reusable-docker-build.yml Updates reusable Docker build workflow (tagging, registry, action versions, optional version file generation).
.github/workflows/docker.yml Updates Docker pipeline to Dataquest image names and adds pgcrypto image builds; changes triggers.
.github/workflows/build.yml Updates CI triggers and action versions for Java build/test workflow.
.dockerignore Updates ignored docker paths to match the new pgcrypto image directories.
Comments suppressed due to low confidence (2)

dspace/src/main/docker/dspace-postgres-pgcrypto-curl/install-pgcrypto.sh:48

  • This newly added pgcrypto setup block has the same issues as the standalone pgcrypto image: it hardcodes dspace as the database name and doesn't pass --dbname, so it won't work correctly if POSTGRES_DB is overridden. Also, $POSTGRES_USER is interpolated into SQL without identifier quoting.
    .github/workflows/reusable-docker-build.yml:177
  • The reusable Docker workflow currently skips the actual Docker build on pull_request events (if: ${{ ! matrix.isPr }}), so PR runs won't validate that images still build. If the intent is to avoid pushing on PRs, you can still build with push: false rather than skipping the build entirely.
      - name: Build and push image to ${{ env.DOCKER_BUILD_REGISTRY }}
        if: ${{ ! matrix.isPr }}
        id: docker_build
        uses: docker/build-push-action@v5
        with:
          build-contexts: |
            ${{ inputs.dockerfile_additional_contexts }}
          context: ${{ inputs.dockerfile_context }}
          file: ${{ inputs.dockerfile_path }}
          # Tell DSpace's Docker files to use the build registry instead of DockerHub
          build-args:
            DOCKER_REGISTRY=${{ env.DOCKER_BUILD_REGISTRY }}
          platforms: ${{ matrix.arch }}
          push: true
          # Use tags / labels provided by 'docker/metadata-action' above

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread scripts/sourceversion.py
Comment thread dspace/src/main/docker/dspace-postgres-pgcrypto/install-pgcrypto.sh
Comment thread dspace/src/main/docker/dspace-postgres-pgcrypto-curl/Dockerfile
Comment thread Dockerfile
Comment thread .github/workflows/docker.yml
Comment thread .github/workflows/docker.yml
Comment thread .github/workflows/build.yml
Comment thread .github/workflows/docker.yml
Comment thread .github/workflows/docker.yml
Comment thread .github/workflows/tag-release.yml
@Kasinhou Kasinhou requested a review from milanmajchrak June 29, 2026 10:23
Comment thread .github/workflows/build.yml Outdated
Comment thread .github/workflows/reusable-docker-build.yml Outdated
Comment thread dspace/src/main/docker-compose/db.entities.yml Outdated
Comment thread dspace/src/main/docker-compose/db.restore.yml Outdated
Comment thread .github/workflows/reusable-docker-build.yml Outdated
Comment thread .github/workflows/reusable-docker-build.yml Outdated
@Kasinhou Kasinhou requested a review from milanmajchrak June 29, 2026 12:39
@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown

Caution

Review failed

An error occurred during the review process. Please try again later.


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Comment thread .github/workflows/tag-release.yml Outdated
@milanmajchrak milanmajchrak merged commit 7c961d9 into customer/jcu Jun 29, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants