This is an automated email from the ASF dual-hosted git repository.
houston pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr-docker.git
The following commit(s) were added to refs/heads/main by this push:
new 0760333 SOLR-15102: Add Solr Docker release docs (#6)
0760333 is described below
commit 0760333093856a7f9249434a7947dc5701edc70c
Author: Houston Putman <[email protected]>
AuthorDate: Wed May 18 18:53:26 2022 -0400
SOLR-15102: Add Solr Docker release docs (#6)
---
README.md | 45 ++++++++++++---------------------------------
dev-docs/README.md | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 63 insertions(+), 33 deletions(-)
diff --git a/README.md b/README.md
index f34fdc6..fbeb522 100644
--- a/README.md
+++ b/README.md
@@ -1,30 +1,3 @@
-# NOTE: Not vulnerable to Log4J 2 "Log4shell"
-
-Some Docker images *were* vulnerable to one of a pair of vulnerabilities in
Log4J 2.
-But we have mitigated *[supported](https://hub.docker.com/_/solr?tab=tags)*
images (and some others) and re-published them.
-You may need to re-pull the image you are using.
-For those images prior to 8.11.1, Solr is using a popular technique to
mitigate the problem -- setting `log4j2.formatMsgNoLookups`.
-The Solr maintainers have deemed this adequate based specifically on how Solr
uses logging; it won't be adequate for all projects that use Log4J.
-canning software might alert you to the presence of an older Log4J JAR file,
however it can't know if your software (Solr) uses the artifacts in a
vulnerable way.
-To validate the mitigation being in place, look for
`-Dlog4j2.formatMsgNoLookups` in the Args section of Solr's front admin screen.
-As of Solr 9.0.0, Solr is using Log4J 2.17.1.
-
-References:
-* [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228): Solr
_was_ vulnerable to this.
-* [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046): Solr
_never was_ vulnerable to this.
-* [Solr's security
bulletin](https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228)
-
-
-# Supported tags and respective `Dockerfile` links
-
-See [Docker Hub](https://hub.docker.com/_/solr?tab=tags) for a list of image
tags available to pull.
-Note that the Apache Solr project doesn't actually support any releases older
than the current major release series, despite whatever tags are published.
-
-For more information about this image and its history and all currently
supported tags, please see [the relevant manifest file
(`library/solr`)](https://github.com/docker-library/official-images/blob/master/library/solr).
-This image is updated via pull requests to [the `apache/solr-docker` GitHub
repo](https://github.com/apache/solr-docker).
-However, the `Dockerfile`s are generated from official Apache Solr releases.
See [the `apache/solr` Github
repo](https://github.com/apache/solr/tree/main/solr/docker)
-for more information on how the Docker image is created, maintained and tested.
-
# What is Apache Solr™?
Apache Solr is highly reliable, scalable and fault tolerant, providing
distributed indexing, replication and load-balanced querying, automated
failover and recovery, centralized configuration and more.
@@ -32,18 +5,24 @@ Solr powers the search and navigation features of many of
the world's largest in
Learn more on [Solr's homepage](https://solr.apache.org) and in the [Solr
Reference Guide](https://solr.apache.org/guide/solr/).
-
-
-# Getting started with the Docker image
+# Supported tags and respective `Dockerfile` links
-For information on using the tags 9.0.0 and above, please refer to the [Docker
section in the Solr reference
guide](https://solr.apache.org/guide/solr/latest/deployment-guide/solr-in-docker.html).
+See [Docker Hub](https://hub.docker.com/_/solr?tab=tags) for a list of image
tags available to pull.
+Note that the Apache Solr project does not support any releases older than the
current major release series, despite whatever tags are published.
-For information on using tags 8 and before, please refer to the [docker-solr
repository](https://github.com/docker-solr/docker-solr).
+The official Dockerfile is released along-side Solr.
+Therefore the project has decided to not support changes to Dockerfiles after
release.
+Changes must be made to
[github.com/apache/solr](https://github.com/apache/solr), which will then be
included in the next targeted release.
# About this repository
This repository is available on
[github.com/apache/solr-docker](https://github.com/apache/solr-docker), and the
official build is on the [Docker Hub](https://hub.docker.com/_/solr/).
+The Dockerfiles are generated upon release from
[github.com/apache/solr](https://github.com/apache/solr).
+
+Please refer to the [developer documentation](dev-docs/README.md) for
information on how this repository is maintained & automated.
+**WARNING: Do not modify this repo manually unless you have read through the
developer documentation first.**
+
# License
Solr is licensed under the [Apache License, Version
2.0](https://www.apache.org/licenses/LICENSE-2.0).
@@ -72,5 +51,5 @@ If you want to contribute to Solr, see the [How To
Contribute](http://solr.apach
# History
-This project was started in 2015 by [Martijn
Koster](https://github.com/makuk66). In 2019 maintainership and copyright was
transferred to the Apache Lucene/Solr project. Many thanks to Martijn for all
your contributions over the years!
+This project was started in 2015 by [Martijn
Koster](https://github.com/makuk66). In 2019 maintainership and copyright was
transferred to the Apache Solr project. Many thanks to Martijn for all your
contributions over the years!
diff --git a/dev-docs/README.md b/dev-docs/README.md
new file mode 100644
index 0000000..1c6642c
--- /dev/null
+++ b/dev-docs/README.md
@@ -0,0 +1,51 @@
+# Official Solr Dockerfile Management
+
+In general most interactions with this repository should be done via the Solr
Release Wizard, not manually.
+
+## How an Official Solr Dockerfile is released
+
+1. In the Solr Release Wizard, an **official** Dockerfile will be created as a
part of the release candidate.
+ The official Dockerfile is tested as a part of the release candidate.
+ 1. But importantly, the official Dockerfile is not voted on because small
changes _may_ be requested by the Official Images team.
+ We need to be able to make changes for these requests **after** a vote
succeeds.
+2. If the vote succeeds:
+ 1. As a part of the artifact-uploading steps, the Release Wizard will clone
this repo (`apache/solr-docker`) locally.
+ 2. It will then add the successfully voted on `Dockerfile` to the
respective folder for the released version (`<major>.<minor>`).
+ 3. If it is a patch release, the existing `Dockerfile` for that version
will be over-written.
+ 4. It will commit this `Dockerfile`, and push to the `main` branch of this
repo. No PR or reviews required.
+3. Now that this repo has the new `Dockerfile` committed to main, the [Github
Actions Workflow](../.github/workflows/pr-for-official-repo.yml) will kick-off.
+ 1. It will use
[`generate-stackbrew-library.sh`](../generate-stackbrew-library.sh) to build
the [Solr
metadata](https://github.com/docker-library/official-images/blob/master/library/solr)
for the latest `main` branch commit.
+ 2. After generating a new version of this file, it will create a PR in
[docker-library/official-images](https://github.com/docker-library/official-images)
to update the official image.
+ 3. This PR will have to be reviewed and merged by the Docker Official
Images team before the release will be available.
+ 1. If a change to the Dockerfile/metadata is required by the
maintainers, make further PRs/commits to this repo.
+ Refer to the [section on making fixes for an open
PR](#make-fixes-for-an-open-automated-pr) for more information.
+ 4. Before the PR can be approved, one of the listed Solr maintainers must
comment their approval of the PR.
+4. The Official Docker image should now be available
+
+## How does the automated PR work?
+
+The [Github Actions Workflow](../.github/workflows/pr-for-official-repo.yml)
is triggered on commits to the `main` branch that touch the following files:
+- `generate-stackbrew-library.sh`
+- `*.*/Dockerfile`
+
+The PR in
[docker-library/official-images](https://github.com/docker-library/official-images)
is generated through:
+- Creating a branch in the
[docker-solr/official-images](https://github.com/docker-solr/official-images).
+ - We have to use this repo, because Apache does not allow forks in their
organization.
+- This commit is made by the
[@docker-solr-builder](https://github.com/docker-solr-builder), which has
credentials saved in this repo.
+ - These credentials were added by emailing them to the Apache infra-team
(`root@`)
+ - If you need access to this account or credentials, reach out to the
private mailing list.
+- Once the commit and branch are created, the Github Action will create a PR
in the official repo.
+
+### Make fixes for an open automated PR
+
+If the PR in
[docker-library/official-images](https://github.com/docker-library/official-images)
is already created & open,
+any commit you make to this repo will auto-update the existing PR.
+The commit has to change the files that the Github Actions Workflow is
listening on, which are [listed above](#how-does-the-automated-pr-work).
+
+The PR name will change to reflect the most recent commit message, and the pr
description will link to this commit instead.
+The PR contents will be updated to reflect the generated solr image metadata
made from the latest commit.
+There is no need to close an existing PR to make further changes.
+
+**Make sure that all changes to Dockerfiles are reflected in the official
source of these dockerfiles, [apache/solr](https://github.com/apache/solr).
+This will ensure that the official-images team does not ask for the same
changes in future releases.
+This speeds up the release process and ensures that the Dockerfile provided in
the binary-release is as similar as possible to the official Solr Dockerfile.**
