feat: apt upgrade on rebuild + dated Docker Hub tag#281
Merged
Conversation
Run `apt-get upgrade -y` in both Dockerfiles so rebuilds pull in the latest package versions instead of staying pinned to the base image's original package set. Add an opt-in `build-date-tag` input to the reusable docker-build workflow that additionally publishes an immutable `<tag>-<YYYYMMDD>` (UTC) tag, and enable it from main.yml. Existing floating tags (22.04, 24.04) are kept unchanged. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Signed-off-by: Thomas Müller <1005065+DeepDiver1975@users.noreply.github.com>
phil-davis
approved these changes
Jun 11, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
apt-get upgrade -yon rebuild — bothv22.04/Dockerfile.multiarchandv24.04/Dockerfile.multiarchpreviously ran onlyapt-get update+install, so rebuilds stayed pinned to the base image's original package set. Addingapt-get upgrade -ypulls in the latest package versions (including security fixes) on every rebuild.Immutable dated Docker Hub tag — adds an opt-in
build-date-tagboolean input to the reusabledocker-build.yml, enabled frommain.yml. On each publish, an additional<docker-tag>-<YYYYMMDD>(UTC) tag is pushed alongside the existing floating tags.Result
Per matrix version, on merge to
masterand the weekly cron rebuild, Docker Hub receives:owncloud/ubuntu:22.04/owncloud/ubuntu:24.04— unchanged floating tagsowncloud/ubuntu:22.04-<YYYYMMDD>/owncloud/ubuntu:24.04-<YYYYMMDD>— new immutable dated tagsThis gives traceability: you can tell which dated build a container came from and pin to a specific historical build.
Notes
build-date-tagdefaults tofalse, so other consumers of the reusable workflow are unaffected.build-nativeself-test job is untouched (push: false, never publishes).owncloud/ubuntu:22.04+owncloud/ubuntu:22.04-<date>.🤖 Generated with Claude Code