[fix] DOCKERHUB_USERNAME env reference (#4778 )

When making the container rework, I unknowingly deleted the section where an env with the same name as the secret was defined on the job scope, making it look like it was originally defined as an organization env. Since we can't validate the secrets in a condition directly, it's better to let docker/login-action take care of failing the entire job if the credentials are invalid. Reported in: https://github.com/searxng/searxng/issues/4777
[mod] lib_sxng_container.sh: replace echo commands with heredoc
2026-01-28 00:03:35 +00:00 · 2025-05-12 23:43:47 +02:00 · 2025-05-12 17:11:35 +02:00 · 2025-05-12 17:11:35 +02:00 · 2025-05-12 16:42:43 +02:00
3 changed files with 32 additions and 40 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -10,6 +10,12 @@ updates:
    target-branch: "master"
    commit-message:
      prefix: "[upd] pypi:"
+    groups:
+      minor:
+        applies-to: version-updates
+        update-types:
+          - "minor"
+          - "patch"

  - package-ecosystem: "npm"
    directory: "/client/simple"
@ -20,6 +26,12 @@ updates:
    target-branch: "master"
    commit-message:
      prefix: "[upd] web-client (simple):"
+    groups:
+      minor:
+        applies-to: version-updates
+        update-types:
+          - "minor"
+          - "patch"

  - package-ecosystem: "docker"
    directory: "/"
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@ -153,30 +153,26 @@ jobs:
      - test

    steps:
-      - if: env.DOCKERHUB_USERNAME != null
-        name: Checkout
+      - name: Checkout
        uses: actions/checkout@v4
        with:
          persist-credentials: "false"

-      - if: env.DOCKERHUB_USERNAME != null
-        name: Login to GHCR
+      - name: Login to GHCR
        uses: docker/login-action@v3
        with:
          registry: "ghcr.io"
          username: "${{ github.repository_owner }}"
          password: "${{ secrets.GITHUB_TOKEN }}"

-      - if: env.DOCKERHUB_USERNAME != null
-        name: Login to Docker Hub
+      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          registry: "docker.io"
-          username: "${{ env.DOCKERHUB_USERNAME }}"
+          username: "${{ secrets.DOCKERHUB_USERNAME }}"
          password: "${{ secrets.DOCKERHUB_TOKEN }}"

-      - if: env.DOCKERHUB_USERNAME != null
-        name: Release
+      - name: Release
        env:
          GIT_URL: "${{ needs.build.outputs.git_url }}"
          DOCKER_TAG: "${{ needs.build.outputs.docker_tag }}"
--- a/utils/lib_sxng_container.sh
+++ b/utils/lib_sxng_container.sh
@ -19,24 +19,14 @@ container.build() {
    local variant
    local platform

-    # Check if git is installed
-    if ! command -v git &>/dev/null; then
-        die 1 "Git is not installed"
-    fi
+    required_commands git

    # Check if podman or docker is installed
-    if [ "$1" = "docker" ]; then
-        if command -v docker &>/dev/null; then
-            container_engine="docker"
-        else
-            die 1 "Docker is not installed"
-        fi
-    elif [ "$1" = "podman" ]; then
-        if command -v podman &>/dev/null; then
-            container_engine="podman"
-        else
-            die 1 "Podman is not installed"
+    if [ "$1" = "podman" ] || [ "$1" = "docker" ]; then
+        if ! command -v "$1" &>/dev/null; then
+            die 42 "$1 is not installed"
        fi
+        container_engine="$1"
    else
        # If no explicit engine is passed, prioritize podman over docker
        if command -v podman &>/dev/null; then
@ -44,7 +34,7 @@ container.build() {
        elif command -v docker &>/dev/null; then
            container_engine="docker"
        else
-            die 1 "Podman/Docker is not installed"
+            die 42 "no compatible container engine is installed (podman or docker)"
        fi
    fi
    info_msg "Selected engine: $container_engine"
@ -146,13 +136,13 @@ container.build() {
            "$container_engine" push "ghcr.io/$CONTAINER_IMAGE_ORGANIZATION/cache:$CONTAINER_IMAGE_NAME-$arch$variant"

            # Output to GHA
-            {
-                echo "version_string=$VERSION_STRING"
-                echo "version_tag=$VERSION_TAG"
-                echo "docker_tag=$DOCKER_TAG"
-                echo "git_url=$GIT_URL"
-                echo "git_branch=$GIT_BRANCH"
-            } >>"$GITHUB_OUTPUT"
+            cat <<EOF >>"$GITHUB_OUTPUT"
+version_string=$VERSION_STRING
+version_tag=$VERSION_TAG
+docker_tag=$DOCKER_TAG
+git_url=$GIT_URL
+git_branch=$GIT_BRANCH
+EOF
        fi
    )
    dump_return $?
@ -168,10 +158,7 @@ container.test() {
        die 1 "This command is intended to be run in GitHub Actions"
    fi

-    # Check if podman is installed
-    if ! command -v podman &>/dev/null; then
-        die 1 "podman is not installed"
-    fi
+    required_commands podman

    # Setup arch specific
    case $parch in
@ -234,10 +221,7 @@ container.push() {
        die 1 "This command is intended to be run in GitHub Actions"
    fi

-    # Check if podman is installed
-    if ! command -v podman &>/dev/null; then
-        die 1 "podman is not installed"
-    fi
+    required_commands podman

    for arch in "${release_archs[@]}"; do
        case $arch in
Author	SHA1	Message	Date
Ivan Gabaldon	5d99373bc6	[fix] DOCKERHUB_USERNAME env reference (#4778 ) When making the container rework, I unknowingly deleted the section where an env with the same name as the secret was defined on the job scope, making it look like it was originally defined as an organization env. Since we can't validate the secrets in a condition directly, it's better to let docker/login-action take care of failing the entire job if the credentials are invalid. Reported in: https://github.com/searxng/searxng/issues/4777	2025-05-12 23:43:47 +02:00
Ivan Gabaldon	945b30a1c4	[mod] lib_sxng_container.sh: replace echo commands with heredoc Suggested-by: @return42 https://github.com/searxng/searxng/pull/4764#discussion_r2083571202	2025-05-12 17:11:35 +02:00
Ivan Gabaldon	64a5b6920f	[mod] lib_sxng_container.sh use required_commands() helper Suggested-by: @return42 https://github.com/searxng/searxng/pull/4764#discussion_r2083564489	2025-05-12 17:11:35 +02:00
Markus Heiser	346d7fe019	[mod] CI: dependabot group updates by minor & patch and major updates (#4773 ) By default, Dependabot opens a new pull request to update each dependency and we have a very large number of Dependabot pull requests to review and merge, which can quickly become difficult to manage. The intention of this patch to dependabot is to have: - one PR for all minor & patch level updates - one PR for every dependency with a major update [1] https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates [2] https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#groups Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>	2025-05-12 16:42:43 +02:00