master #1

Merged

kevadesu merged 22 commits from Icycoide/searxng:master into master 2025-05-15 22:35:23 +02:00

Conversation 0 Commits 22 Files changed 51 +1995 -906

kevadesu commented 2025-05-15 22:35:07 +02:00

Owner

Copy link

What does this PR do?

Why is this change important?

How to test this PR locally?

Author's checklist

Related issues

## What does this PR do? <!-- MANDATORY --> <!-- explain the changes in your PR, algorithms, design, architecture --> ## Why is this change important? <!-- MANDATORY --> <!-- explain the motivation behind your PR --> ## How to test this PR locally? <!-- commands to run the tests or instructions to test the changes --> ## Author's checklist <!-- additional notes for reviewers --> ## Related issues <!-- Closes #234 -->

kevadesu added 22 commits 2025-05-15 22:35:07 +02:00

chore: docker + github-actions dependabot (#4754) ... 48456caeb3

* chore: docker dependabot

* Add github actions too

[fix] documentation should run on push/pr ... e982b9f732

Instead of executing the workflow after integration.yml completes correctly, let's run this workflow parallel to integration.yml restoring the original behaviour.

[mod] new l10n.yml workflow (#4734) ... 8e2e7774d7

l10n.yml will run after integration.yml finishes successfully (will defer anything depending on integration.yml until heavy loads like container building are moved to separate workflows) and in master branch.

* After every integration.yml workflow completes successfully, only the `update` job runs.
* Dispatch and Crontab triggers only the `pr` job.

Style changes, cleanup and improved integration with CI by leveraging the use of shared cache between all workflows (not functional until all workflows have been refactored).

[mod] refactor integration.yml (#4763) ... 1b787ed35e

Style changes, cleanup and improved integration with CI by leveraging the use of
shared cache between all workflows.

[mod] rework container deployment (#4764) ... d16854e67a

container.yml will run after integration.yml COMPLETES successfully and in master branch.

Style changes, cleanup and improved integration with CI by leveraging the use of
shared cache between all workflows.

* Podman is now supported to build the container images (Docker also received a refactor, merging both build and buildx)
* Container images are being built by Buildah instead of Docker BuildKit.
* Container images are tested before release.
* Splitting "modern" (amd64 & arm64) and "legacy" (armv7) arches on different Dockerfiles allowing future optimizations.

revert using null keyword ... da3c640cef

env.DOCKERHUB_USERNAME shouldn't be an empty string as it's defined and set (I think, I can't see this). Even if wasn't defined, GitHub Org/Repo wide envs/secrets should return an empty string (?)

[doc] add chapter on the purpose of (git) commits (#4729) ... 750a7b4d6f

Chapter on the purpose of (git) commits

The commits and their messages are elementary for the traceability of changes
and are unfortunately still too often given too little attention.

It therefore seems necessary to dedicate a chapter to this topic in the context
of development.

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>

[mod] CI: dependabot group updates by minor & patch and major updates (#4773) ... 346d7fe019

By default, Dependabot opens a new pull request to update each dependency and we
have a very large number of Dependabot pull requests to review and merge, which
can quickly become difficult to manage.

The intention of this patch to dependabot is to have:

- one PR for all minor & patch level updates
- one PR for every dependency with a major update

[1] https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates
[2] https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#groups

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>

[mod] lib_sxng_container.sh use required_commands() helper ... 64a5b6920f

Suggested-by: @return42 https://github.com/searxng/searxng/pull/4764#discussion_r2083564489

[mod] lib_sxng_container.sh: replace echo commands with heredoc ... 945b30a1c4

Suggested-by: @return42 https://github.com/searxng/searxng/pull/4764#discussion_r2083571202

[fix] DOCKERHUB_USERNAME env reference (#4778) ... 5d99373bc6

When making the container rework, I unknowingly deleted the section where an env with the same name as the secret was defined on the job scope, making it look like it was originally defined as an organization env.

Since we can't validate the secrets in a condition directly, it's better to let docker/login-action take care of failing the entire job if the credentials are invalid.

Reported in: https://github.com/searxng/searxng/issues/4777

[fix] engine archlinux: avoid Anubis challenge by User-Agent "SearXNG" (#4779) ... 9006866019

Of the archlinux wikis only wiki.archlinux.org has a has Anubis challenge.

About Anubis[1]:

> Anubis decides to present a challenge using this logic:
>
> - User-Agent contains "Mozilla"
> ...
> This should ensure that git clients, RSS readers, and other low-harm clients
> can get through without issue ..

[1] 6c0ff3f4d5/docs/docs/design/how-anubis-works.mdx (challenge-presentation)


Suggested-by: @unixfox https://github.com/searxng/searxng/issues/4646#issuecomment-2855322406
Closes: https://github.com/searxng/searxng/issues/4646

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>

[enh] tidy: clean old morty, filtron, searx references ... 2cfd3fc44b

Everyone should have already switched from legacy methods

[upd] web-client (simple): Bump the minor group (#4775) ... c303da55b0

Bumps the minor group in /client/simple with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.25.1` | `9.26.0` |
| [eslint](https://github.com/eslint/eslint) | `9.25.1` | `9.26.0` |
| [globals](https://github.com/sindresorhus/globals) | `16.0.0` | `16.1.0` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.4` | `6.3.5` |
| [webpack](https://github.com/webpack/webpack) | `5.99.7` | `5.99.8` |


Updates `@eslint/js` from 9.25.1 to 9.26.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.26.0/packages/js)

Updates `eslint` from 9.25.1 to 9.26.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.25.1...v9.26.0)

Updates `globals` from 16.0.0 to 16.1.0
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](https://github.com/sindresorhus/globals/compare/v16.0.0...v16.1.0)

Updates `vite` from 6.3.4 to 6.3.5
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.3.5/packages/vite)

Updates `webpack` from 5.99.7 to 5.99.8
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.99.7...v5.99.8)

[upd] pypi: Bump the minor group with 2 updates (#4776) ... 4fb29aae81

Bumps the minor group with 2 updates: [selenium](https://github.com/SeleniumHQ/Selenium) and [redis](https://github.com/redis/redis-py).


Updates `selenium` from 4.31.0 to 4.32.0
- [Release notes](https://github.com/SeleniumHQ/Selenium/releases)
- [Commits](https://github.com/SeleniumHQ/Selenium/compare/selenium-4.31.0...selenium-4.32.0)

Updates `redis` from 5.0.8 to 5.2.1
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](https://github.com/redis/redis-py/compare/v5.0.8...v5.2.1)

[enh] tidy: clean old morty, filtron, searx references ... 1a8884fa26

Everyone should have already switched from legacy methods.

Bump flask from 3.1.0 to 3.1.1 (#4780) ... c73b469ce7

Bumps [flask](https://github.com/pallets/flask) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/flask/compare/3.1.0...3.1.1)

[fix] CI: handle old cache images from registry ... b42f812c57

Currently, we have 1100~ cache images uploaded to GHCR that weigh more than 300 MB each (most of them are layers from the second phase of the Dockerfile that were uploaded by mistake, read below). To avoid problems, I have set up a new job in a new workflow to be run weekly purging all images older than 1 week, but leaving always the 100 most recent ones.

Only the builder images should be uploaded to cache, the actual behaviour not only slows down the time for building the container, but also wastes lots of space by saving large and useless layers to GHCR that will never be used again.

[fix] CI: container-mounts bad hash ... d0b7f26f4b

This is a typo, but if there are multiple patterns in hashFiles, they should be separated by commas.

https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions#examples-with-multiple-patterns

[fix] CI: prevent race condition ... bec76bc2e3

`checker.yml` and `integration.yml` are the only workflows that are currently safe to be executed simultaneously, the others present a risk that the order of completion may not be expected. The ones that are chained from `integration.yml` can be called as many times as `integration.yml` workflows are running at that moment, the same with the trigger "workflow_dispatch".

This can be fatal for workflows like `container.yml` that use a centralized cache to store and load the candidate images in a common tag called "searxng-<arch>".

* For example, a `container.yml` workflow is executed after being chained from `integration.yml` (called "~1"), and seconds later it may be triggered again because another PR merged some breaking changes (called "~2"). While "~1" has already passed the test job successfully and is about to start the release job, "~2" finishes building the container and overwrites the references on the common tag. When "~1" in the release job loads the images using the common tag, it will load the container of "~2" instead of "~1" having skipped the whole test job process.

The example is only set for the container workflow, but the other workflows might occur in a similar way.

[fix] CI: commit author should be searxng-bot ... 743f24d8c6

If the workflow is executed with the "workflow_dispatch" trigger, the user who executed the workflow becomes the author of the commit on the PR, this is not intended.

It also reverts the body param so that the default text of the action does not appear.

[enh] container: support multiple registries ... cd64fb966e

Allows to push the manifests to other registries, this allows to push both docker.io and ghcr.io registries.

kevadesu merged commit 9f29131161 into master 2025-05-15 22:35:23 +02:00

kevadesu referenced this pull request from a commit 2025-05-15 22:35:23 +02:00

Merge pull request 'master' (#1) from Icycoide/searxng:master into master

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: kevadesu/costmikuSearch#1

No description provided.