add OIDC_ALLOW_GROUP environment variable, use always latest version

Author: madebyTimo

.github/workflows/build-release.yaml

@@ -0,0 +1,104 @@
+name: "build and release"
+
+on:
+    pull_request:
+    push:
+        branches:
+            - "main"
+    schedule:
+        - cron: "00 01 * * *"
+    workflow_dispatch:
+
+jobs:
+    build:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Checkout
+              uses: actions/checkout@v4
+              with:
+                  fetch-depth: 0
+            - name: Create cache folder
+              run: |
+                  sudo mkdir --parents /media/saved-cache
+                  sudo chown -R "$(whoami)" /media/saved-cache
+            - name: Get cache
+              uses: actions/cache/restore@v4
+              with:
+                  path: /media/saved-cache
+                  key: docker-traccar-server-build-cache-${{ github.run_id }}
+                  restore-keys: docker-traccar-server-build-cache
+            - name: Import cache
+              run: |
+                  if (ls /media/saved-cache/*.tar.zst); then
+                      docker run --pull always --rm \
+                          --volume "/media/saved-cache:/media/saved-cache" \
+                          --volume \
+                          "docker-traccar-server-build-cache:/media/build-cache" \
+                          --workdir /media \
+                          madebytimo/scripts \
+                          compress.sh --decompress /media/saved-cache/*.tar.zst
+                      rm /media/saved-cache/*.tar.zst
+                  fi
+            - name: Set secrets and variables
+              run: |
+                  mkdir data-local
+                  echo "latest_version=$(git describe --tags --abbrev=0)" >> "$GITHUB_ENV"
+                  echo "version=$(cat Version.txt)" >> "$GITHUB_ENV"
+                  if [[ -n '${{ secrets.UNITY_LICENSE_FILE }}' ]]; then
+                      echo '${{ secrets.UNITY_LICENSE_FILE }}' > data-local/unity-license.ulf
+                  fi
+                  if [[ -n '${{ secrets.DOCKER_REGISTRY_USERNAME }}' ]]; then
+                      echo ${{ secrets.DOCKER_REGISTRY_PASSWORD }} | \
+                      docker login --username ${{ secrets.DOCKER_REGISTRY_USERNAME }} \
+                      --password-stdin ${{ secrets.DOCKER_REGISTRY_URL }}
+                  fi
+            - name: Prepare environment
+              run: |
+                  if [[ -f builder/docker.sh ]]; then
+                      docker buildx create --use
+                  fi
+            - name: Build
+              if: ${{ github.event_name != 'schedule'}}
+              run: |
+                  if [[ ${{ github.ref }} == 'refs/heads/main' ]]; then
+                      builder/build.sh --publish
+                  else
+                      builder/build.sh
+                  fi
+            - name: Build update base
+              if: ${{ github.event_name == 'schedule'}}
+              run: builder/build.sh --publish --update-base
+            - name: Upload
+              uses: actions/upload-artifact@v4
+              with:
+                  name: ${{ env.version }}
+                  path: builds/*
+            - name: Release
+              if: ${{ github.ref == 'refs/heads/main' && env.latest_version != env.version }}
+              uses: softprops/action-gh-release@v2
+              with:
+                  files: builds/*
+                  tag_name: ${{ env.version }}
+            - name: Export cache
+              run: |
+                  docker run --pull always --rm \
+                      --volume "/media/saved-cache:/media/saved-cache" \
+                      --volume \
+                      "docker-traccar-server-build-cache:/media/build-cache" \
+                      madebytimo/scripts \
+                      compress.sh --fast --output /media/saved-cache/build-cache /media/build-cache
+                  sudo chown -R "$(whoami)" /media/saved-cache
+            - name: Delete old caches
+              env:
+                GH_TOKEN: ${{ github.token }}
+              run: |
+                  for CACHE in $(gh cache list --key Factory-build-cache --ref ${{ github.ref}} \
+                      | cut --fields 1); do
+                      echo "Deleting cache \"$CACHE\"."
+                      gh cache delete "$CACHE"
+                  done
+            - name: Set cache
+              uses: actions/cache/save@v4
+              with:
+                  path: /media/saved-cache
+                  key: docker-traccar-server-build-cache-${{ github.run_id }}

.github/workflows/check-version-increment.yaml

@@ -10,27 +10,29 @@ jobs:
         runs-on: ubuntu-latest
         steps:
             - name: Checkout new
-              uses: actions/checkout@v3
+              uses: actions/checkout@v4
               with:
                   path: new
             - name: Checkout old
-              uses: actions/checkout@v3
+              uses: actions/checkout@v4
               with:
                   path: old
                   ref: refs/heads/main
             - name: Setup Node.js
-              uses: actions/setup-node@v3
+              uses: actions/setup-node@v4
             - name: Download script
               run: |
-                curl --silent --output check-version-increment.sh \
-                    https://gitlab.com/madebyTimo/scripts-development/-/raw/main/scripts/\
-                    check-version-increment.sh \
-                    && chmod +x check-version-increment.sh
+                  curl --silent --output check-version-increment.sh \
+                      https://gitlab.com/madebyTimo/scripts-development/-/raw/main/scripts/\
+                  check-version-increment.sh \
+                      && chmod +x check-version-increment.sh
             - name: Test version increment
-              if: startsWith(github.ref, '/refs/heads/feature/') ||
-                  startsWith(github.ref, '/refs/heads/bugfix/')
-              run: ./check-version-increment.sh --file --new new/Version.txt --old old/Version.txt
-            - name: Test version same
-              if: ${{ !( startsWith(github.ref, '/refs/heads/feature/') ||
-                  startsWith(github.ref, '/refs/heads/bugfix/') ) }}
-              run: "[[ $(cat new/Version.txt) == $(cat old/Version.txt) ]]"
+              run: |
+                  BRANCH="${GITHUB_HEAD_REF#/ref/head}"
+                  echo "Branch to check: $BRANCH"
+                  if [[ "$BRANCH" == @(feature|bugfix)/* ]]; then
+                      ./check-version-increment.sh --file --new new/Version.txt \
+                          --old old/Version.txt
+                  else
+                      [[ $(cat new/Version.txt) == $(cat old/Version.txt) ]]
+                  fi

.github/workflows/docker-build-and-push.yaml

@@ -9,29 +9,25 @@ jobs:
         runs-on: ubuntu-latest
         steps:
             - name: Get cache
-              uses: actions/cache/restore@v3
+              uses: actions/cache/restore@v4
               with:
                   path: /media/saved-cache
                   key: docker-traccar-server-build-cache-${{ github.run_id }}
                   restore-keys: docker-traccar-server-build-cache
             - name: Import cache
               run: |
-                  cat | \
+                  if (ls /media/saved-cache/*.tar.zst); then
                       docker run --pull always --rm \
                           --volume "/media/saved-cache:/media/saved-cache" \
-                          --volume "docker-traccar-server\
-                  -build-cache:\/media/build-cache" \
+                          --volume \
+                          "docker-traccar-server-build-cache:/media/build-cache" \
+                          --workdir /media \
                           madebytimo/scripts \
-                          bash \
-                      << EOF
-                  cd /media
-                  if (ls /media/saved-cache/*.tar.zst); then
-                      compress.sh --decompress /media/saved-cache/*.tar.zst
+                          compress.sh --decompress /media/saved-cache/*.tar.zst
                       rm /media/saved-cache/*.tar.zst
                   fi
-                  EOF
             - name: Checkout
-              uses: actions/checkout@v3
+              uses: actions/checkout@v4
             - name: Download script
               run: |
                 curl --silent --output /usr/local/bin/static-code-analysis.sh \
@@ -50,13 +46,22 @@ jobs:
               run: |
                   docker run --pull always --rm \
                       --volume "/media/saved-cache:/media/saved-cache" \
-                      --volume "docker-traccar-server\
-                  -build-cache:/media/build-cache" \
+                      --volume \
+                      "docker-traccar-server-build-cache:/media/build-cache" \
                       madebytimo/scripts \
                       compress.sh --fast --output /media/saved-cache/build-cache /media/build-cache
                   sudo chown -R "$(whoami)" /media/saved-cache
+            - name: Delete old caches
+              env:
+                GH_TOKEN: ${{ github.token }}
+              run: |
+                  for CACHE in $(gh cache list --key Factory-build-cache --ref ${{ github.ref}} \
+                      | cut --fields 1); do
+                      echo "Deleting cache \"$CACHE\"."
+                      gh cache delete "$CACHE"
+                  done
             - name: Set cache
-              uses: actions/cache/save@v3
+              uses: actions/cache/save@v4
               with:
                   path: /media/saved-cache
                   key: docker-traccar-server-build-cache-${{ github.run_id }}

.github/workflows/docker-update-base-and-push.yaml

@@ -5,8 +5,13 @@ RUN apt update -qq && apt install -y -qq unzip \
 
 WORKDIR /root/builder
 
-RUN download.sh --name traccar-server.zip \
-    https://github.com/traccar/traccar/releases/download/v5.12/traccar-other-5.12.zip \
+
+RUN VERSION="$(download.sh --output - \
+        "https://api.github.com/repos/traccar/traccar/releases/latest" \
+        | sed --silent 's|^\s*"tag_name": "\(.*\)".*$|\1|p' \
+        | head --lines 1)" \
+    && download.sh --name traccar-server.zip \
+    "https://github.com/traccar/traccar/releases/download/$VERSION/traccar-other-${VERSION#v}.zip" \
     && compress.sh --decompress traccar-server.zip \
     && rm traccar-server.zip conf/traccar.xml README.txt
 
@@ -28,15 +33,20 @@ ENV FILTER_ACCURACY=""
 ENV FILTER_SKIP_LIMIT=""
 ENV FRONTEND_URL=""
 ENV OIDC_ADMIN_GROUP=""
+ENV OIDC_ALLOW_GROUP=""
 ENV OIDC_CLIENT_ID=""
 ENV OIDC_CLIENT_SECRET=""
 ENV OIDC_FORCE=""
 ENV OIDC_ISSUER_URL=""
 
-COPY entrypoint.sh /entrypoint.sh
+COPY files/entrypoint.sh files/healthcheck.sh /usr/local/bin/
 
 USER user
 WORKDIR /opt/traccar-server/
-ENTRYPOINT [ "/entrypoint.sh" ]
-CMD [ "java", "-jar", "tracker-server.jar", \
-    "conf/traccar.xml" ]
+ENTRYPOINT [ "entrypoint.sh" ]
+CMD [ "java", "-jar", "tracker-server.jar", "conf/traccar.xml" ]
+
+HEALTHCHECK CMD [ "healthcheck.sh" ]
+
+LABEL org.opencontainers.image.licenses="MIT"
+LABEL org.opencontainers.image.source="https://github.com/mbT-Infrastructure/docker-traccar-server"

.github/workflows/static-code-analysis.yaml

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2024 Timo Schnaible
+Copyright (c) 2024 - 2025 Timo Schnaible
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

Dockerfile

@@ -1,10 +1,14 @@
 # traccar-server image
 
-This Container image extends the [Java image](https://github.com/mbT-Infrastructure/docker-java).
+This Container image extends the [Java image].
 
 This image contains a traccar-server installation. It allows configuration via environment
 variables.
 
+## Installation
+
+1. Pull from [Docker Hub], download the package from [Releases] or build using `builder/build.sh`
+
 ## Environment variables
 
 -   `DATABASE_PASSWORD`
@@ -31,6 +35,8 @@ variables.
     -   The base URL where the application is accessable.
 -   `OIDC_ADMIN_GROUP`
     -   The group in the OIDC scope `groups` to grant admin access to.
+-   `OIDC_ALLOW_GROUP`
+    - The group in the OIDC scope `groups` to restrict access to.
 -   `OIDC_CLIENT_ID`
     -   Client ID from the identity provider for OIDC.
 -   `OIDC_CLIENT_SECRET`
@@ -42,14 +48,12 @@ variables.
 
 ## Development
 
-To build and run for development run:
+To run for development execute:
 
 ```bash
 docker compose --file docker-compose-dev.yaml up --build
 ```
 
-To build the image locally run:
-
-```bash
-./docker-build.sh
-```
+[Java image]: https://github.com/mbT-Infrastructure/docker-java
+[Docker Hub]: https://hub.docker.com/r/madebytimo/traccar-server
+[Releases]: https://github.com/mbT-Infrastructure/docker-traccar-server/releases

LICENSE.txt

@@ -1 +1 @@
-v0.0.3
+v0.1.0

Readme.md

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+set -e -o pipefail
+
+SCRIPT_DIR="$(dirname "$(realpath "$0")")"
+
+# help message
+for ARGUMENT in "$@"; do
+    if [ "$ARGUMENT" == "-h" ] || [ "$ARGUMENT" == "--help" ]; then
+        echo "usage: $(basename "$0")"
+        echo "Run all scripts in the same folder."
+        echo "All arguments are passed to the build scripts."
+        exit
+    fi
+done
+
+mapfile -t BUILD_SCRIPTS -d '' < <(find "$SCRIPT_DIR" -name '*.sh' -not -name "$(basename "$0")")
+for BUILD_SCRIPT in "${BUILD_SCRIPTS[@]}"; do
+    echo "Start \"$(basename "${BUILD_SCRIPT}")\""
+    "$BUILD_SCRIPT" "$@"
+    echo "Finished \"$(basename "${BUILD_SCRIPT}")\""
+done