[solr-docker] branch main updated: SOLR-15102: Add Solr Docker release docs (#6)

[ho...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

houston pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr-docker.git


The following commit(s) were added to refs/heads/main by this push:
     new 0760333  SOLR-15102: Add Solr Docker release docs (#6)
0760333 is described below

commit 0760333093856a7f9249434a7947dc5701edc70c
Author: Houston Putman <ho...@apache.org>
AuthorDate: Wed May 18 18:53:26 2022 -0400

    SOLR-15102: Add Solr Docker release docs (#6)
---
 README.md          | 45 ++++++++++++---------------------------------
 dev-docs/README.md | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 63 insertions(+), 33 deletions(-)

diff --git a/README.md b/README.md
index f34fdc6..fbeb522 100644
--- a/README.md
+++ b/README.md
@@ -1,30 +1,3 @@
-# NOTE: Not vulnerable to Log4J 2 "Log4shell"
-
-Some Docker images *were* vulnerable to one of a pair of vulnerabilities in Log4J 2.
-But we have mitigated *[supported](https://hub.docker.com/_/solr?tab=tags)* images (and some others) and re-published them.
-You may need to re-pull the image you are using.
-For those images prior to 8.11.1, Solr is using a popular technique to mitigate the problem -- setting `log4j2.formatMsgNoLookups`.
-The Solr maintainers have deemed this adequate based specifically on how Solr uses logging; it won't be adequate for all projects that use Log4J. 
-canning software might alert you to the presence of an older Log4J JAR file, however it can't know if your software (Solr) uses the artifacts in a vulnerable way.
-To validate the mitigation being in place, look for `-Dlog4j2.formatMsgNoLookups` in the Args section of Solr's front admin screen.
-As of Solr 9.0.0, Solr is using Log4J 2.17.1.
-
-References:
-* [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228): Solr _was_ vulnerable to this.
-* [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046): Solr _never was_ vulnerable to this.
-* [Solr's security bulletin](https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228)
-
-
-# Supported tags and respective `Dockerfile` links
-
-See [Docker Hub](https://hub.docker.com/_/solr?tab=tags) for a list of image tags available to pull.
-Note that the Apache Solr project doesn't actually support any releases older than the current major release series, despite whatever tags are published.
-
-For more information about this image and its history and all currently supported tags, please see [the relevant manifest file (`library/solr`)](https://github.com/docker-library/official-images/blob/master/library/solr).
-This image is updated via pull requests to [the `apache/solr-docker` GitHub repo](https://github.com/apache/solr-docker).
-However, the `Dockerfile`s are generated from official Apache Solr releases. See [the `apache/solr` Github repo](https://github.com/apache/solr/tree/main/solr/docker)
-for more information on how the Docker image is created, maintained and tested.
-
 # What is Apache Solr™?
 
 Apache Solr is highly reliable, scalable and fault tolerant, providing distributed indexing, replication and load-balanced querying, automated failover and recovery, centralized configuration and more.
@@ -32,18 +5,24 @@ Solr powers the search and navigation features of many of the world's largest in
 
 Learn more on [Solr's homepage](https://solr.apache.org) and in the [Solr Reference Guide](https://solr.apache.org/guide/solr/).
 
-![logo](https://raw.githubusercontent.com/docker-library/docs/master/solr/logo.png)
-
-# Getting started with the Docker image
+# Supported tags and respective `Dockerfile` links
 
-For information on using the tags 9.0.0 and above, please refer to the [Docker section in the Solr reference guide](https://solr.apache.org/guide/solr/latest/deployment-guide/solr-in-docker.html).
+See [Docker Hub](https://hub.docker.com/_/solr?tab=tags) for a list of image tags available to pull.
+Note that the Apache Solr project does not support any releases older than the current major release series, despite whatever tags are published.
 
-For information on using tags 8 and before, please refer to the [docker-solr repository](https://github.com/docker-solr/docker-solr).
+The official Dockerfile is released along-side Solr.
+Therefore the project has decided to not support changes to Dockerfiles after release.
+Changes must be made to [github.com/apache/solr](https://github.com/apache/solr), which will then be included in the next targeted release.
 
 # About this repository
 
 This repository is available on [github.com/apache/solr-docker](https://github.com/apache/solr-docker), and the official build is on the [Docker Hub](https://hub.docker.com/_/solr/).
 
+The Dockerfiles are generated upon release from [github.com/apache/solr](https://github.com/apache/solr).
+
+Please refer to the [developer documentation](dev-docs/README.md) for information on how this repository is maintained & automated.  
+**WARNING: Do not modify this repo manually unless you have read through the developer documentation first.**
+
 # License
 
 Solr is licensed under the [Apache License, Version 2.0](https://www.apache.org/licenses/LICENSE-2.0).
@@ -72,5 +51,5 @@ If you want to contribute to Solr, see the [How To Contribute](http://solr.apach
 
 # History
 
-This project was started in 2015 by [Martijn Koster](https://github.com/makuk66). In 2019 maintainership and copyright was transferred to the Apache Lucene/Solr project. Many thanks to Martijn for all your contributions over the years!
+This project was started in 2015 by [Martijn Koster](https://github.com/makuk66). In 2019 maintainership and copyright was transferred to the Apache Solr project. Many thanks to Martijn for all your contributions over the years!
 
diff --git a/dev-docs/README.md b/dev-docs/README.md
new file mode 100644
index 0000000..1c6642c
--- /dev/null
+++ b/dev-docs/README.md
@@ -0,0 +1,51 @@
+# Official Solr Dockerfile Management
+
+In general most interactions with this repository should be done via the Solr Release Wizard, not manually.
+
+## How an Official Solr Dockerfile is released
+
+1. In the Solr Release Wizard, an **official** Dockerfile will be created as a part of the release candidate.
+   The official Dockerfile is tested as a part of the release candidate.
+   1. But importantly, the official Dockerfile is not voted on because small changes _may_ be requested by the Official Images team.
+      We need to be able to make changes for these requests **after** a vote succeeds.
+2. If the vote succeeds:
+   1. As a part of the artifact-uploading steps, the Release Wizard will clone this repo (`apache/solr-docker`) locally.
+   2. It will then add the successfully voted on `Dockerfile` to the respective folder for the released version (`<major>.<minor>`).
+   3. If it is a patch release, the existing `Dockerfile` for that version will be over-written.
+   4. It will commit this `Dockerfile`, and push to the `main` branch of this repo. No PR or reviews required.
+3. Now that this repo has the new `Dockerfile` committed to main, the [Github Actions Workflow](../.github/workflows/pr-for-official-repo.yml) will kick-off.
+   1. It will use [`generate-stackbrew-library.sh`](../generate-stackbrew-library.sh) to build the [Solr metadata](https://github.com/docker-library/official-images/blob/master/library/solr) for the latest `main` branch commit.
+   2. After generating a new version of this file, it will create a PR in [docker-library/official-images](https://github.com/docker-library/official-images) to update the official image.
+   3. This PR will have to be reviewed and merged by the Docker Official Images team before the release will be available.
+      1. If a change to the Dockerfile/metadata is required by the maintainers, make further PRs/commits to this repo.
+         Refer to the [section on making fixes for an open PR](#make-fixes-for-an-open-automated-pr) for more information.
+   4. Before the PR can be approved, one of the listed Solr maintainers must comment their approval of the PR.
+4. The Official Docker image should now be available
+
+## How does the automated PR work?
+
+The [Github Actions Workflow](../.github/workflows/pr-for-official-repo.yml) is triggered on commits to the `main` branch that touch the following files:
+- `generate-stackbrew-library.sh`
+- `*.*/Dockerfile`
+
+The PR in [docker-library/official-images](https://github.com/docker-library/official-images) is generated through:
+- Creating a branch in the [docker-solr/official-images](https://github.com/docker-solr/official-images).
+  - We have to use this repo, because Apache does not allow forks in their organization.
+- This commit is made by the [@docker-solr-builder](https://github.com/docker-solr-builder), which has credentials saved in this repo.
+  - These credentials were added by emailing them to the Apache infra-team (`root@`)
+  - If you need access to this account or credentials, reach out to the private mailing list.
+- Once the commit and branch are created, the Github Action will create a PR in the official repo.
+
+### Make fixes for an open automated PR
+
+If the PR in [docker-library/official-images](https://github.com/docker-library/official-images) is already created & open,
+any commit you make to this repo will auto-update the existing PR.
+The commit has to change the files that the Github Actions Workflow is listening on, which are [listed above](#how-does-the-automated-pr-work).
+
+The PR name will change to reflect the most recent commit message, and the pr description will link to this commit instead.
+The PR contents will be updated to reflect the generated solr image metadata made from the latest commit.
+There is no need to close an existing PR to make further changes.
+
+**Make sure that all changes to Dockerfiles are reflected in the official source of these dockerfiles, [apache/solr](https://github.com/apache/solr).
+This will ensure that the official-images team does not ask for the same changes in future releases.
+This speeds up the release process and ensures that the Dockerfile provided in the binary-release is as similar as possible to the official Solr Dockerfile.**