diff --git a/.github/workflows/cd-manual.yml b/.github/workflows/cd-manual.yml
deleted file mode 100644
index df6aa628..00000000
--- a/.github/workflows/cd-manual.yml
+++ /dev/null
@@ -1,58 +0,0 @@
-name: Create docker images (manual)
-
-on:
- workflow_dispatch:
- inputs:
- version:
- type: string
- description: Version
- required: true
-
-jobs:
- build:
- name: Build, push, and deploy
- runs-on: ubuntu-latest
-
- strategy:
- matrix:
- db-type: [postgresql]
-
- steps:
- - uses: actions/checkout@v3
-
- - name: Extract version parts from input
- id: extract_version
- run: |
- echo "version=$(echo ${{ github.event.inputs.version }})" >> $GITHUB_ENV
- echo "major=$(echo ${{ github.event.inputs.version }} | cut -d. -f1)" >> $GITHUB_ENV
- echo "minor=$(echo ${{ github.event.inputs.version }} | cut -d. -f2)" >> $GITHUB_ENV
-
- - name: Generate tags
- id: generate_tags
- run: |
- echo "tag_major=$(echo ${{ matrix.db-type }}-${{ env.major }})" >> $GITHUB_ENV
- echo "tag_minor=$(echo ${{ matrix.db-type }}-${{ env.major }}.${{ env.minor }})" >> $GITHUB_ENV
- echo "tag_patch=$(echo ${{ matrix.db-type }}-${{ env.version }})" >> $GITHUB_ENV
- echo "tag_latest=$(echo ${{ matrix.db-type }}-latest)" >> $GITHUB_ENV
-
- - uses: mr-smithers-excellent/docker-build-push@v6
- name: Build & push Docker image to ghcr.io for ${{ matrix.db-type }}
- with:
- image: umami
- tags: ${{ env.tag_major }}, ${{ env.tag_minor }}, ${{ env.tag_patch }}, ${{ env.tag_latest }}
- buildArgs: DATABASE_TYPE=${{ matrix.db-type }}
- registry: ghcr.io
- multiPlatform: true
- platform: linux/amd64,linux/arm64
- username: ${{ github.actor }}
- password: ${{ secrets.GITHUB_TOKEN }}
-
- - uses: mr-smithers-excellent/docker-build-push@v6
- name: Build & push Docker image to docker.io for ${{ matrix.db-type }}
- with:
- image: umamisoftware/umami
- tags: ${{ env.tag_major }}, ${{ env.tag_minor }}, ${{ env.tag_patch }}, ${{ env.tag_latest }}
- buildArgs: DATABASE_TYPE=${{ matrix.db-type }}
- registry: docker.io
- username: ${{ secrets.DOCKER_USERNAME }}
- password: ${{ secrets.DOCKER_PASSWORD }}
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index a02e9900..534b2321 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -5,6 +5,11 @@ on:
tags:
- 'v*.*.*'
workflow_dispatch:
+ inputs:
+ version:
+ description: 'Optional image version (e.g. 3.0.0, v3.0.0, or 3.0.0-beta.1)'
+ required: false
+ default: ''
jobs:
build:
@@ -15,20 +20,22 @@ jobs:
packages: write
id-token: write
- strategy:
- matrix:
- db-type: [postgresql]
-
steps:
- uses: actions/checkout@v5
- # Install cosign (for image signing)
- name: Install cosign
uses: sigstore/cosign-installer@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
+ - name: Log into GHCR
+ uses: docker/login-action@v3
+ with:
+ registry: ghcr.io
+ username: ${{ github.actor }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+
- name: Log into Docker Hub
if: github.repository == 'umami-software/umami'
uses: docker/login-action@v3
@@ -37,12 +44,28 @@ jobs:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- - name: Log into GHCR
- uses: docker/login-action@v3
- with:
- registry: ghcr.io
- username: ${{ github.actor }}
- password: ${{ secrets.GITHUB_TOKEN }}
+ # Compute tags for the image
+ - name: Compute version tags
+ id: compute
+ run: |
+ INPUT="${{ github.event.inputs.version }}"
+ TAGS=""
+
+ if [[ -n "$INPUT" ]]; then
+ VERSION="${INPUT#v}" # strip leading v
+ MAJOR=$(echo "$VERSION" | cut -d. -f1)
+ MINOR=$(echo "$VERSION" | cut -d. -f2)
+
+ # prereleases (e.g., 3.0.0-beta) do NOT get 'latest'
+ if [[ "$VERSION" == *-* ]]; then
+ TAGS="${VERSION}"
+ else
+ TAGS="${VERSION},${MAJOR}.${MINOR},${MAJOR},latest"
+ fi
+ fi
+
+ echo "tags=$TAGS" >> $GITHUB_OUTPUT
+ echo "Computed tags: $TAGS"
- name: Extract Docker metadata
id: meta
@@ -51,30 +74,32 @@ jobs:
images: |
umamisoftware/umami,enable=${{ github.repository == 'umami-software/umami' }}
ghcr.io/${{ github.repository }}
- flavor: |
- latest=auto
- prefix=${{ matrix.db-type }}-
tags: |
- type=semver,pattern={{version}}
- type=semver,pattern={{major}}.{{minor}}
- type=semver,pattern={{major}}
+ type=semver,pattern={{version}},enable=${{ github.ref_type == 'tag' }}
+ type=semver,pattern={{major}}.{{minor}},enable=${{ github.ref_type == 'tag' }}
+ type=semver,pattern={{major}},enable=${{ github.ref_type == 'tag' }}
+ type=raw,value=${{ steps.compute.outputs.tags }},enable=${{ steps.compute.outputs.tags != '' }}
+ type=ref,event=branch
+ type=sha
+ # Build and push images
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@v6
with:
context: .
- platforms: linux/amd64,linux/arm64
- build-args: DATABASE_TYPE=${{ matrix.db-type }}
push: true
+ platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
+ provenance: false # disable automatic registry attestations
- # Sign the published image digest
- - name: Sign the published Docker image
- env:
- TAGS: ${{ steps.meta.outputs.tags }}
- DIGEST: ${{ steps.build-and-push.outputs.digest }}
- run: echo "${TAGS}" | xargs -I {} cosign sign --yes "{}@${DIGEST}"
+ # Generate a local provenance attestation (not uploaded)
+ - name: Generate local provenance attestation
+ run: |
+ cosign attest --yes \
+ --predicate <(echo '{"build":"github-actions","repo":"${{ github.repository }}","run_id":"${{ github.run_id }}"}') \
+ --type slsaprovenance \
+ ${{ steps.meta.outputs.tags }}
diff --git a/.github/workflows/delete-untagged-images.yml b/.github/workflows/delete-untagged-images.yml
deleted file mode 100644
index a23a1bd2..00000000
--- a/.github/workflows/delete-untagged-images.yml
+++ /dev/null
@@ -1,22 +0,0 @@
-name: Delete untagged GHCR images
-
-on:
- workflow_dispatch: # Run manually from the Actions tab
-
-jobs:
- cleanup:
- name: Delete all untagged images
- runs-on: ubuntu-latest
-
- permissions:
- packages: write
- contents: read
-
- steps:
- - name: Delete untagged GHCR images
- uses: actions/delete-package-versions@v5
- with:
- package-name: "umami" # 👈 change if your GHCR package name differs
- package-type: "container"
- delete-only-untagged-versions: true
- min-versions-to-keep: 0
diff --git a/README.md b/README.md
index d529a3b6..2d1ea62e 100644
--- a/README.md
+++ b/README.md
@@ -89,7 +89,7 @@ docker compose up -d
Alternatively, to pull just the Umami Docker image with PostgreSQL support:
```bash
-docker pull docker.umami.is/umami-software/umami:postgresql-latest
+docker pull docker.umami.is/umami-software/umami:latest
```
---
diff --git a/docker-compose.yml b/docker-compose.yml
index 7b51db66..8c8a47a6 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,7 @@
---
services:
umami:
- image: ghcr.io/umami-software/umami:postgresql-latest
+ image: ghcr.io/umami-software/umami:latest
ports:
- "3000:3000"
environment:
diff --git a/src/app/(main)/UpdateNotice.tsx b/src/app/(main)/UpdateNotice.tsx
index 35728791..81e2ca3a 100644
--- a/src/app/(main)/UpdateNotice.tsx
+++ b/src/app/(main)/UpdateNotice.tsx
@@ -1,5 +1,5 @@
import { useEffect, useCallback, useState } from 'react';
-import { Button, AlertBanner, Flexbox } from '@umami/react-zen';
+import { Button, AlertBanner, Column, Row } from '@umami/react-zen';
import { setItem } from '@/lib/storage';
import { useVersion, checkVersion } from '@/store/version';
import { REPO_URL, VERSION_CHECK } from '@/lib/constants';
@@ -47,13 +47,15 @@ export function UpdateNotice({ user, config }) {
}
return (
-
-
-
-
-
-
+
+
+
+
+
+
+
+
);
}
diff --git a/src/lib/__tests__/detect.test.ts b/src/lib/__tests__/detect.test.ts
index fcf706af..f02ac839 100644
--- a/src/lib/__tests__/detect.test.ts
+++ b/src/lib/__tests__/detect.test.ts
@@ -1,4 +1,4 @@
-import * as detect from '../detect';
+import { getIpAddress } from '../ip';
const IP = '127.0.0.1';
const BAD_IP = '127.127.127.127';
@@ -6,23 +6,23 @@ const BAD_IP = '127.127.127.127';
test('getIpAddress: Custom header', () => {
process.env.CLIENT_IP_HEADER = 'x-custom-ip-header';
- expect(detect.getIpAddress(new Headers({ 'x-custom-ip-header': IP }))).toEqual(IP);
+ expect(getIpAddress(new Headers({ 'x-custom-ip-header': IP }))).toEqual(IP);
});
test('getIpAddress: CloudFlare header', () => {
- expect(detect.getIpAddress(new Headers({ 'cf-connecting-ip': IP }))).toEqual(IP);
+ expect(getIpAddress(new Headers({ 'cf-connecting-ip': IP }))).toEqual(IP);
});
test('getIpAddress: Standard header', () => {
- expect(detect.getIpAddress(new Headers({ 'x-forwarded-for': IP }))).toEqual(IP);
+ expect(getIpAddress(new Headers({ 'x-forwarded-for': IP }))).toEqual(IP);
});
test('getIpAddress: CloudFlare header is lower priority than standard header', () => {
- expect(
- detect.getIpAddress(new Headers({ 'cf-connecting-ip': BAD_IP, 'x-forwarded-for': IP })),
- ).toEqual(IP);
+ expect(getIpAddress(new Headers({ 'cf-connecting-ip': BAD_IP, 'x-forwarded-for': IP }))).toEqual(
+ IP,
+ );
});
test('getIpAddress: No header', () => {
- expect(detect.getIpAddress(new Headers())).toEqual(null);
+ expect(getIpAddress(new Headers())).toEqual(null);
});