From fa1d7cdaa01e9fc15df2f67fd1bb3a6d10068ae8 Mon Sep 17 00:00:00 2001 From: Jon Froehlich Date: Mon, 22 Jun 2026 08:31:21 -0700 Subject: [PATCH] fix(version): populate /version/ git_sha and built_at in deployed envs (#1366) The /version/ endpoint reported git_sha and built_at as "unknown" on the servers. Two root causes in the build-info capture: - git was never installed in the image, so `git rev-parse` in docker-entrypoint.sh always failed -> git_sha "unknown". - Even with git present, /code/.git is apache:makelab-owned on the servers while the container runs as root, so git's "dubious ownership" guard would refuse to run rev-parse. Installs git in the Dockerfile and runs `git -c safe.directory=/code -C /code rev-parse`. The Dockerfile change also forces an image rebuild on the next deploy, so the entrypoint re-runs and actually writes build-info.json (the live container predated #1366, hence built_at was unknown too). Verified locally: the entrypoint commands now write a real short SHA + timestamp and /version.json reflects both. build-info.json stays gitignored. Bumps version to 2.17.2. Co-Authored-By: Claude Opus 4.8 (1M context) --- Dockerfile | 3 +++ docker-entrypoint.sh | 7 ++++++- makeabilitylab/settings.py | 4 ++-- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index d012a91d..42a3a483 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,6 +26,8 @@ RUN pip install --upgrade pip # - imagemagick: Image processing for thumbnails and conversions # - ghostscript: PDF processing (required by imagemagick for PDFs) # - sqlite3: Useful for debugging, though we use PostgreSQL in production +# - git: lets docker-entrypoint.sh capture the deployed commit SHA into +# build-info.json for the /version/ endpoint (#1366) # # We clean up the apt cache afterward to reduce the final image size. RUN apt-get update \ @@ -33,6 +35,7 @@ RUN apt-get update \ imagemagick \ ghostscript \ sqlite3 \ + git \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 74c8b003..49f9ced3 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -52,10 +52,15 @@ echo "" # capture the short SHA + a timestamp ONCE here (not per request) into a small # build-info.json that website/views/version.py reads. Falls back to "unknown" # if git isn't available (the view also tolerates a missing file). +# +# On the servers /code is a bind-mount whose .git is owned by apache:makelab +# while this script runs as root, so git's "dubious ownership" guard would +# otherwise refuse to run -- mark /code safe first (-c is process-local, no +# global config side effects). git is installed in the Dockerfile. echo "****************** STEP -1/5: docker-entrypoint.sh ************************" echo "-1. Writing build-info.json (git sha + build timestamp) for /version/" echo "******************************************" -GIT_SHA=$(git rev-parse --short HEAD 2>/dev/null || echo "unknown") +GIT_SHA=$(git -c safe.directory=/code -C /code rev-parse --short HEAD 2>/dev/null || echo "unknown") BUILT_AT=$(date --iso-8601=seconds 2>/dev/null || echo "unknown") printf '{"git_sha": "%s", "built_at": "%s"}\n' "$GIT_SHA" "$BUILT_AT" > build-info.json cat build-info.json diff --git a/makeabilitylab/settings.py b/makeabilitylab/settings.py index a47ac9ae..91576495 100644 --- a/makeabilitylab/settings.py +++ b/makeabilitylab/settings.py @@ -86,8 +86,8 @@ SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') # Makeability Lab Global Variables, including Makeability Lab version -ML_WEBSITE_VERSION = "2.17.1" # Keep this updated with each release and also change the short description below -ML_WEBSITE_VERSION_DESCRIPTION = "Add an admin Data Health check, 'Artifacts not linked to a project' (/admin/data-health/), that surfaces every talk, paper, video, and poster with no project assigned so the backlog stays visible and shrinks over time. Pre-Makeability-Lab work (before settings.DATE_MAKEABILITYLAB_FORMED) is excluded, rows whose parent publication is already linked are flagged as quick wins (inherit its projects), and each row deep-links to its admin edit page. Read-only with CSV export. Also keeps data-health row-action buttons from wrapping mid-word in narrow columns (#649)." +ML_WEBSITE_VERSION = "2.17.2" # Keep this updated with each release and also change the short description below +ML_WEBSITE_VERSION_DESCRIPTION = "Fix the /version/ endpoint reporting git_sha and built_at as 'unknown' in deployed environments. The build-info capture in docker-entrypoint.sh needs git (it wasn't installed in the image) and trips git's 'dubious ownership' guard because /code/.git is apache:makelab-owned while the container runs as root. Installs git in the Dockerfile and runs rev-parse with -c safe.directory=/code. The Dockerfile change also forces an image rebuild on deploy, so the entrypoint actually re-runs and writes build-info.json (#1366)." DATE_MAKEABILITYLAB_FORMED = datetime.date(2012, 1, 1) # Date Makeability Lab was formed MAX_BANNERS = 7 # Maximum number of banners on a page