Merge pull request #1379 from netbox-community/develop

Version 3.1.1

.github/workflows/push.yml

@@ -55,7 +55,7 @@ jobs:
           - ./build-latest.sh
           - PRERELEASE=true ./build-latest.sh
           - ./build.sh feature
-          - ./build.sh develop
+          - ./build.sh main
         os:
           - ubuntu-latest
           - self-hosted

.github/workflows/release.yml

@@ -17,7 +17,7 @@ jobs:
           - ./build-latest.sh
           - PRERELEASE=true ./build-latest.sh
           - ./build.sh feature
-          - ./build.sh develop
+          - ./build.sh main
         platform:
           - linux/amd64,linux/arm64
       fail-fast: false
@@ -35,19 +35,11 @@ jobs:
         name: Get Version of NetBox Docker
         run: echo "version=$(cat VERSION)" >>"$GITHUB_OUTPUT"
         shell: bash
-      - id: qemu-setup
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      - id: buildx-setup
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      - id: docker-build
-        name: Build the image with '${{ matrix.build_cmd }}'
+      - id: check-build-needed
+        name: Check if the build is needed for '${{ matrix.build_cmd }}'
+        env:
+          CHECK_ONLY: "true"
         run: ${{ matrix.build_cmd }}
-      - id: test-image
-        name: Test the image
-        run: IMAGE="${FINAL_DOCKER_TAG}" ./test.sh
-        if: steps.docker-build.outputs.skipped != 'true'
       # docker.io
       - id: docker-io-login
         name: Login to docker.io
@@ -56,7 +48,15 @@ jobs:
           registry: docker.io
           username: ${{ secrets.dockerhub_username }}
           password: ${{ secrets.dockerhub_password }}
-        if: steps.docker-build.outputs.skipped != 'true'
+        if: steps.check-build-needed.outputs.skipped != 'true'
+      - id: buildx-setup
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: "lab:latest"
+          driver: cloud
+          endpoint: "netboxcommunity/netbox-default"
+        if: steps.check-build-needed.outputs.skipped != 'true'
       # quay.io
       - id: quay-io-login
         name: Login to Quay.io
@@ -65,7 +65,7 @@ jobs:
           registry: quay.io
           username: ${{ secrets.quayio_username }}
           password: ${{ secrets.quayio_password }}
-        if: steps.docker-build.outputs.skipped != 'true'
+        if: steps.check-build-needed.outputs.skipped != 'true'
       # ghcr.io
       - id: ghcr-io-login
         name: Login to GitHub Container Registry
@@ -74,11 +74,11 @@ jobs:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
-        if: steps.docker-build.outputs.skipped != 'true'
+        if: steps.check-build-needed.outputs.skipped != 'true'
       - id: build-and-push
         name: Push the image
         run: ${{ matrix.build_cmd }} --push
-        if: steps.docker-build.outputs.skipped != 'true'
+        if: steps.check-build-needed.outputs.skipped != 'true'
         env:
           BUILDX_PLATFORM: ${{ matrix.platform }}
           BUILDX_BUILDER_NAME: ${{ steps.buildx-setup.outputs.name }}

Dockerfile

@@ -1,5 +1,5 @@
 ARG FROM
-FROM ${FROM} as builder
+FROM ${FROM} AS builder
 
 RUN export DEBIAN_FRONTEND=noninteractive \
     && apt-get update -qq \
@@ -46,7 +46,7 @@ RUN \
 ###
 
 ARG FROM
-FROM ${FROM} as main
+FROM ${FROM} AS main
 
 RUN export DEBIAN_FRONTEND=noninteractive \
     && apt-get update -qq \
@@ -64,15 +64,15 @@ RUN export DEBIAN_FRONTEND=noninteractive \
       openssl \
       python3 \
       tini \
-    && curl --silent --output /etc/apt/keyrings/nginx-keyring.gpg \
+    && curl --silent --output /usr/share/keyrings/nginx-keyring.gpg \
       https://unit.nginx.org/keys/nginx-keyring.gpg \
-    && echo "deb [signed-by=/etc/apt/keyrings/nginx-keyring.gpg] https://packages.nginx.org/unit/ubuntu/ mantic unit" \
+    && echo "deb [signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://packages.nginx.org/unit/ubuntu/ noble unit" \
       > /etc/apt/sources.list.d/unit.list \
     && apt-get update -qq \
     && apt-get install \
       --yes -qq --no-install-recommends \
-      unit=1.32.1-1~mantic \
-      unit-python3.12=1.32.1-1~mantic \
+      unit=1.34.1-1~noble \
+      unit-python3.12=1.34.1-1~noble \
     && rm -rf /var/lib/apt/lists/*
 
 COPY --from=builder /opt/netbox/venv /opt/netbox/venv

VERSION

@@ -1 +1 @@
-3.0.0
+3.1.1

build.sh

@@ -39,9 +39,8 @@ SKIP_GIT    If defined, git is not invoked and \${NETBOX_PATH} will not be alter
 
 TAG         The version part of the image tag.
             ${_GREEN}Default:${_CLEAR}
-              When <branch>=master:  latest
-              When <branch>=develop: snapshot
-              Else:                  same as <branch>
+              When <branch>=main: snapshot
+              Else:               same as <branch>
 
 IMAGE_NAMES The names used for the image including the registry
             Used for tagging the image.
@@ -103,23 +102,22 @@ GH_ACTION   If defined, special 'echo' statements are enabled that set the
             - FINAL_DOCKER_TAG: The final value of the DOCKER_TAG env variable
             ${_GREEN}Default:${_CLEAR} undefined
 
+CHECK_ONLY  Only checks if the build is needed and sets the GH Action output.
+            ${_GREEN}Default:${_CLEAR} undefined
+
 ${_BOLD}Examples:${_CLEAR}
 
-${0} master
-            This will fetch the latest 'master' branch, build a Docker Image and tag it
-            'netboxcommunity/netbox:latest'.
-
-${0} develop
-            This will fetch the latest 'develop' branch, build a Docker Image and tag it
+${0} main
+            This will fetch the latest 'main' branch, build a Docker Image and tag it
             'netboxcommunity/netbox:snapshot'.
 
-${0} v2.6.6
-            This will fetch the 'v2.6.6' tag, build a Docker Image and tag it
-            'netboxcommunity/netbox:v2.6.6' and 'netboxcommunity/netbox:v2.6'.
+${0} v4.2.0
+            This will fetch the 'v4.2.0' tag, build a Docker Image and tag it
+            'netboxcommunity/netbox:v4.2.0' and 'netboxcommunity/netbox:v4.2'.
 
-${0} develop-2.7
-            This will fetch the 'develop-2.7' branch, build a Docker Image and tag it
-            'netboxcommunity/netbox:develop-2.7'.
+${0} feature
+            This will fetch the 'feature' branch, build a Docker Image and tag it
+            'netboxcommunity/netbox:feature'.
 
 SRC_ORG=cimnine ${0} feature-x
             This will fetch the 'feature-x' branch from https://github.com/cimnine/netbox.git,
@@ -257,10 +255,7 @@ DOCKER_REGISTRY="${DOCKER_REGISTRY-docker.io}"
 DOCKER_ORG="${DOCKER_ORG-netboxcommunity}"
 DOCKER_REPO="${DOCKER_REPO-netbox}"
 case "${NETBOX_BRANCH}" in
-master)
-  TAG="${TAG-latest}"
-  ;;
-develop)
+main)
   TAG="${TAG-snapshot}"
   ;;
 *)
@@ -276,7 +271,7 @@ TARGET_DOCKER_TAG_PROJECT="${TARGET_DOCKER_TAG}-${PROJECT_VERSION}"
 
 ###
 # composing the additional DOCKER_SHORT_TAG,
-# i.e. "v2.6.1" becomes "v2.6",
+# i.e. "v4.2.0" becomes "v4.2",
 # which is only relevant for version tags
 # Also let "latest" follow the highest version
 ###
@@ -355,6 +350,11 @@ else
 fi
 gh_echo "::endgroup::"
 
+if [ "${CHECK_ONLY}" = "true" ]; then
+  echo "Only check if build needed was requested. Exiting"
+  exit 0
+fi
+
 ###
 # Build the image
 ###

configuration/configuration.py

@@ -348,3 +348,5 @@ SESSION_FILE_PATH = environ.get('SESSION_FILE_PATH', environ.get('SESSIONS_ROOT'
 # Time zone (default: UTC)
 TIME_ZONE = environ.get('TIME_ZONE', 'UTC')
 
+# If true disables miscellaneous functionality which depends on access to the Internet.
+ISOLATED_DEPLOYMENT = _environ_get_and_map('ISOLATED_DEPLOYMENT', 'False', _AS_BOOL)

docker-compose.test.yml

@@ -9,9 +9,9 @@ services:
       redis-cache:
         condition: service_healthy
     env_file: env/netbox.env
-    user: 'unit:root'
+    user: "unit:root"
     volumes:
-    - ./test-configuration/test_config.py:/etc/netbox/config/test_config.py:z,ro
+      - ./test-configuration/test_config.py:/etc/netbox/config/test_config.py:z,ro
     healthcheck:
       test: curl -f http://localhost:8080/login/ || exit 1
       start_period: ${NETBOX_START_PERIOD-120s}
@@ -20,9 +20,9 @@ services:
   netbox-worker:
     <<: *netbox
     command:
-    - /opt/netbox/venv/bin/python
-    - /opt/netbox/netbox/manage.py
-    - rqworker
+      - /opt/netbox/venv/bin/python
+      - /opt/netbox/netbox/manage.py
+      - rqworker
     healthcheck:
       test: ps -aux | grep -v grep | grep -q rqworker || exit 1
       start_period: 40s
@@ -31,7 +31,7 @@ services:
   netbox-housekeeping:
     <<: *netbox
     command:
-    - /opt/netbox/housekeeping.sh
+      - /opt/netbox/housekeeping.sh
     healthcheck:
       test: ps -aux | grep -v grep | grep -q housekeeping || exit 1
       start_period: 40s
@@ -39,7 +39,7 @@ services:
       interval: 15s
 
   postgres:
-    image: docker.io/postgres:16-alpine
+    image: docker.io/postgres:17-alpine
     env_file: env/postgres.env
     healthcheck:
       test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER ## $$ because of docker-compose
@@ -51,12 +51,12 @@ services:
   redis: &redis
     image: docker.io/valkey/valkey:8.0-alpine
     command:
-    - sh
-    - -c # this is to evaluate the $REDIS_PASSWORD from the env
-    - valkey-server --save "" --appendonly no --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
+      - sh
+      - -c # this is to evaluate the $REDIS_PASSWORD from the env
+      - valkey-server --save "" --appendonly no --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
     env_file: env/redis.env
     healthcheck:
-      test: "[ $$(valkey-cli --pass \"$${REDIS_PASSWORD}\" ping) = 'PONG' ]"
+      test: '[ $$(valkey-cli --pass "$${REDIS_PASSWORD}" ping) = ''PONG'' ]'
       start_period: 5s
       timeout: 3s
       interval: 1s

docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   netbox: &netbox
-    image: docker.io/netboxcommunity/netbox:${VERSION-v4.1-3.0.0}
+    image: docker.io/netboxcommunity/netbox:${VERSION-v4.2-3.1.1}
     depends_on:
       - postgres
       - redis
@@ -46,7 +46,7 @@ services:
 
   # postgres
   postgres:
-    image: docker.io/postgres:16-alpine
+    image: docker.io/postgres:17-alpine
     healthcheck:
       test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER
       start_period: 20s

docker/nginx-unit.json

@@ -1,16 +1,20 @@
 {
   "listeners": {
-    "0.0.0.0:8080": {
-      "pass": "routes/main"
+    "*:8080": {
+      "pass": "routes/main",
+      "forwarded": {
+        "client_ip": "X-Forwarded-For",
+        "protocol": "X-Forwarded-Proto",
+        "source": ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
+      }
     },
-    "[::]:8080": {
-      "pass": "routes/main"
-    },
-    "0.0.0.0:8081": {
-      "pass": "routes/status"
-    },
-    "[::]:8081": {
-      "pass": "routes/status"
+    "*:8081": {
+      "pass": "routes/status",
+      "forwarded": {
+        "client_ip": "X-Forwarded-For",
+        "protocol": "X-Forwarded-Proto",
+        "source": ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
+      }
     }
   },
   "routes": {

requirements-container.txt

@@ -1,5 +1,5 @@
-django-auth-ldap==4.8.0
+django-auth-ldap==5.1.0
 django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.14.4
-dulwich==0.22.1
+dulwich==0.22.7
 python3-saml==1.16.0 --no-binary lxml,xmlsec
-sentry-sdk[django]==2.12.0
+sentry-sdk[django]==2.20.0

test-configuration/test_config.py

@@ -4,4 +4,3 @@ LOGGING = {
 }
 
 DEFAULT_PERMISSIONS = {}
-LOGIN_REQUIRED = False