docs: add service annotation patching to example kustomization (#3020)

Co-authored-by: Geoff Bourne <itzgeoff@gmail.com>

.github/workflows/build-multiarch.yml

@@ -11,6 +11,7 @@ on:
       - "docs/**"
       - "examples/**"
       - "notes/**"
+      - "kustomize/**"
 
 jobs:
   build:
@@ -138,7 +139,7 @@ jobs:
         uses: docker/setup-qemu-action@v3.1.0
 
       - name: Build for test
-        uses: docker/build-push-action@v6.3.0
+        uses: docker/build-push-action@v6.4.1
         with:
           platforms: linux/amd64
           tags: ${{ env.IMAGE_TO_TEST }}
@@ -176,7 +177,7 @@ jobs:
           password: ${{ github.token }}
 
       - name: Build and push
-        uses: docker/build-push-action@v6.3.0
+        uses: docker/build-push-action@v6.4.1
         if: github.actor == github.repository_owner
         with:
           platforms: ${{ matrix.platforms }}

.github/workflows/verify-pr.yml

@@ -8,6 +8,7 @@ on:
       - "docs/**"
       - "examples/**"
       - "notes/**"
+      - "kustomize/**"
       - "docker-compose*.yml"
       - "mkdocs.yml"
 
@@ -55,7 +56,7 @@ jobs:
         uses: docker/setup-buildx-action@v3.4.0
 
       - name: Confirm multi-arch build
-        uses: docker/build-push-action@v6.3.0
+        uses: docker/build-push-action@v6.4.1
         with:
           platforms: ${{ matrix.platforms }}
           # ensure latest base image is used
@@ -65,7 +66,7 @@ jobs:
           cache-from: type=gha,scope=${{ matrix.variant }}
 
       - name: Build for test
-        uses: docker/build-push-action@v6.3.0
+        uses: docker/build-push-action@v6.4.1
         with:
           # Only build single platform since loading multi-arch image into daemon fails with
           # "docker exporter does not currently support exporting manifest lists"

Dockerfile

@@ -47,7 +47,7 @@ RUN easy-add --var os=${TARGETOS} --var arch=${TARGETARCH}${TARGETVARIANT} \
   --var version=${MC_SERVER_RUNNER_VERSION} --var app=mc-server-runner --file {{.app}} \
   --from ${GITHUB_BASEURL}/itzg/{{.app}}/releases/download/{{.version}}/{{.app}}_{{.version}}_{{.os}}_{{.arch}}.tar.gz
 
-ARG MC_HELPER_VERSION=1.39.7
+ARG MC_HELPER_VERSION=1.39.9
 ARG MC_HELPER_BASE_URL=${GITHUB_BASEURL}/itzg/mc-image-helper/releases/download/${MC_HELPER_VERSION}
 # used for cache busting local copy of mc-image-helper
 ARG MC_HELPER_REV=1

bin/rcon-cmds-daemon.sh

@@ -44,7 +44,7 @@ do
       if [[ "$RCON_CMDS_STARTUP" ]]; then
         while read -r cmd; do
           run_command "$cmd"
-        done <<< "$RCON_CMDS_STARTUP"
+        done <<< "$(echo -e "$RCON_CMDS_STARTUP")"
       fi
       if 
         [[ -z "$RCON_CMDS_ON_CONNECT" ]] && 
@@ -66,7 +66,7 @@ do
         logRcon "First Clients has Connected, running first connect cmds"
         while read -r cmd; do
           run_command "$cmd"
-        done <<< "$RCON_CMDS_FIRST_CONNECT"
+        done <<< "$(echo -e "$RCON_CMDS_FIRST_CONNECT")"
     fi
 
     # When a client joins
@@ -74,13 +74,13 @@ do
         logRcon "Clients have Connected, running connect cmds"
         while read -r cmd; do
           run_command "$cmd"
-        done <<< "$RCON_CMDS_ON_CONNECT"
+        done <<< "$(echo -e "$RCON_CMDS_ON_CONNECT")"
     # When a client leaves
     elif (( CURR_CLIENTCONNECTIONS < CLIENTCONNECTIONS )) && [[ "$RCON_CMDS_ON_DISCONNECT" ]]; then
         logRcon "Clients have Disconnected, running disconnect cmds"
         while read -r cmd; do
           run_command "$cmd"
-        done <<< "$RCON_CMDS_ON_DISCONNECT"
+        done <<< "$(echo -e "$RCON_CMDS_ON_DISCONNECT")"
     fi
 
     # Last client connection
@@ -89,7 +89,7 @@ do
         logRcon "ALL Clients have Disconnected, running last disconnect cmds"
         while read -r cmd; do
           run_command "$cmd"
-        done <<< "$RCON_CMDS_LAST_DISCONNECT"
+        done <<< "$(echo -e "$RCON_CMDS_LAST_DISCONNECT")"
     fi
     CLIENTCONNECTIONS=$CURR_CLIENTCONNECTIONS
     ;;

build/alpine/install-packages.sh

@@ -3,6 +3,7 @@
 set -e
 set -o pipefail
 
+# Install necessary packages
 apk add --no-cache -U \
     openssl \
     imagemagick \
@@ -14,7 +15,8 @@ apk add --no-cache -U \
     procps \
     shadow \
     bash \
-    curl iputils \
+    curl \
+    iputils \
     git \
     jq \
     mysql-client \
@@ -29,11 +31,15 @@ apk add --no-cache -U \
     libwebp \
     libcap
 
-# Patched knockd
+# Download and install patched knockd
 curl -fsSL -o /tmp/knock.tar.gz https://github.com/Metalcape/knock/releases/download/0.8.1/knock-0.8.1-alpine-amd64.tar.gz
 tar -xf /tmp/knock.tar.gz -C /usr/local/ && rm /tmp/knock.tar.gz
 ln -s /usr/local/sbin/knockd /usr/sbin/knockd
 setcap cap_net_raw=ep /usr/local/sbin/knockd
 
-# Set git credentials
-echo -e "[user]\n       name = Minecraft Server on Docker\n     email = server@example.com" >> /etc/gitconfig
+# Set Git credentials globally
+cat <<EOF >> /etc/gitconfig
+[user]
+	name = Minecraft Server on Docker
+	email = server@example.com
+EOF

build/ol/install-gosu.sh

@@ -1,12 +1,22 @@
 #!/bin/bash
 
-if [[ $(uname -m) == "aarch64" ]]; then 
-    curl -sL -o /bin/gosu https://github.com/tianon/gosu/releases/download/1.16/gosu-arm64
-    chmod +x /bin/gosu
-elif [[ $(uname -m) == "x86_64" ]]; then 
-    curl -sL -o /bin/gosu https://github.com/tianon/gosu/releases/download/1.16/gosu-amd64
-    chmod +x /bin/gosu
-else
-    echo "Not supported!"
-    exit 1
-fi  
+set -euo pipefail
+
+GOSU_VERSION="1.16"
+GOSU_BASE_URL="https://github.com/tianon/gosu/releases/download/$GOSU_VERSION"
+
+case $(uname -m) in
+    "aarch64")
+        GOSU_ARCH="gosu-arm64"
+        ;;
+    "x86_64")
+        GOSU_ARCH="gosu-amd64"
+        ;;
+    *)
+        echo "Architecture not supported!"
+        exit 1
+        ;;
+esac
+
+curl -sL -o /bin/gosu "${GOSU_BASE_URL}/${GOSU_ARCH}"
+chmod +x /bin/gosu

build/ol/install-packages.sh

@@ -4,20 +4,25 @@ export TARGET
 
 set -euo pipefail
 
+# Install and configure dnf
 microdnf install dnf -y
-
 dnf install 'dnf-command(config-manager)' -y
 dnf config-manager --set-enabled ol8_codeready_builder
-tee /etc/yum.repos.d/ol8-epel.repo<<EOF
+
+# Add EPEL repository
+tee /etc/yum.repos.d/ol8-epel.repo <<EOF
 [ol8_developer_EPEL]
-name= Oracle Linux \$releasever EPEL (\$basearch)
+name=Oracle Linux \$releasever EPEL (\$basearch)
 baseurl=https://yum.oracle.com/repo/OracleLinux/OL8/developer/EPEL/\$basearch/
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
 gpgcheck=1
 enabled=1
 EOF
+
+# Update system
 dnf update -y
 
+# Install necessary packages
 dnf install -y \
   ImageMagick \
   file \
@@ -26,7 +31,6 @@ dnf install -y \
   iputils \
   curl \
   git \
-  git-lfs \
   jq \
   dos2unix \
   mysql \
@@ -42,18 +46,26 @@ dnf install -y \
   findutils \
   which
 
+# Install Git LFS
 curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.rpm.sh | sudo bash
 dnf update -y
-dnf install -y \
-  git-lfs
+dnf install -y git-lfs
 
+# Clean up DNF when done
+dnf clean all
+
+# Install gosu (assuming the script /build/ol/install-gosu.sh exists and is executable)
 bash /build/ol/install-gosu.sh
 
-# Patched knockd
+# Download and install patched knockd
 curl -fsSL -o /tmp/knock.tar.gz https://github.com/Metalcape/knock/releases/download/0.8.1/knock-0.8.1-$TARGET.tar.gz
 tar -xf /tmp/knock.tar.gz -C /usr/local/ && rm /tmp/knock.tar.gz
 ln -s /usr/local/sbin/knockd /usr/sbin/knockd
 setcap cap_net_raw=ep /usr/local/sbin/knockd
 
-# Set git credentials
-echo -e "[user]\n       name = Minecraft Server on Docker\n     email = server@example.com" >> /etc/gitconfig
+# Set git credentials globally
+cat <<EOF >> /etc/gitconfig
+[user]
+	name = Minecraft Server on Docker
+	email = server@example.com
+EOF

build/ubuntu/install-packages.sh

@@ -4,8 +4,8 @@ export TARGET
 
 set -euo pipefail
 
+# Update and install packages
 apt-get update
-
 DEBIAN_FRONTEND=noninteractive \
 apt-get install -y \
   imagemagick \
@@ -26,22 +26,26 @@ apt-get install -y \
   zstd \
   lbzip2 \
   nfs-common \
-  libpcap0.8 \
-  webp
+  libpcap0.8
 
+# Install Git LFS
 curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | sudo bash
 apt-get update
-apt-get install -y \
-  git-lfs
+apt-get install -y git-lfs
 
+# Clean up APT when done
 apt-get clean
 
-# Patched knockd
+# Download and install patched knockd
 curl -fsSL -o /tmp/knock.tar.gz https://github.com/Metalcape/knock/releases/download/0.8.1/knock-0.8.1-$TARGET.tar.gz
 tar -xf /tmp/knock.tar.gz -C /usr/local/ && rm /tmp/knock.tar.gz
 ln -s /usr/local/sbin/knockd /usr/sbin/knockd
 setcap cap_net_raw=ep /usr/local/sbin/knockd
 find /usr/lib -name 'libpcap.so.0.8' -execdir cp '{}' libpcap.so.1 \;
 
-# Set git credentials
-echo -e "[user]\n	name = Minecraft Server on Docker\n	email = server@example.com" >> /etc/gitconfig
+# Set git credentials globally
+cat <<EOF >> /etc/gitconfig
+[user]
+	name = Minecraft Server on Docker
+	email = server@example.com
+EOF

build/ubuntu/setup-user.sh

@@ -2,5 +2,9 @@
 
 set -e
 
+if id ubuntu > /dev/null 2>&1; then
+  deluser ubuntu
+fi
+
 addgroup --gid 1000 minecraft
 adduser --system --shell /bin/false --uid 1000 --ingroup minecraft --home /data minecraft

docs/requirements.txt

@@ -1,4 +1,4 @@
-mkdocs-material == 9.5.28
+mkdocs-material == 9.5.29
 mkdocs-autorefs == 1.0.1
 mkdocstrings == 0.25.1
 mkdocs-literate-nav == 0.6.1

docs/types-and-platforms/server-types/paper.md

@@ -16,6 +16,14 @@ To allow for the selection of experimental builds, set `PAPER_CHANNEL` to "exper
     docker run ... -e TYPE=PAPER -e PAPER_CHANNEL=experimental ... 
     ```
 
+!!! tip
+
+    If you see the following error, it likely means you need to set the env var `PAPER_CHANNEL` to "experimental"
+    
+    ```
+    No build found for version 1.21 with channel 'default'
+    ```
+
 If you are hosting your own copy of Paper you can override the download URL with `PAPER_DOWNLOAD_URL=<url>`.
 
 If you have attached a host directory to the `/data` volume, then you can install plugins via the `plugins` subdirectory. You can also [attach a `/plugins` volume](../../mods-and-plugins/index.md#optional-plugins-mods-and-config-attach-points). If you add plugins while the container is running, you'll need to restart it to pick those up.

files/cf-exclude-include.json

@@ -17,6 +17,7 @@
     "better-third-person",
     "biomeinfo",
     "block-drops-jei-addon",
+    "blur-forge",
     "cherished-worlds",
     "chunk-animator",
     "clickable-advancements",
@@ -53,6 +54,7 @@
     "inmisaddon",
     "irisshaders",
     "iris-flywheel-compat",
+    "itemphysic-lite",
     "item-obliterator",
     "itemzoom",
     "just-enough-harvestcraft",

kustomize/README.md

@@ -13,10 +13,24 @@ configMapGenerator:
   - name: mc
     envs:
       - mc.env
+patches:
+  # Example of using a patch to set external service name for mc-router to pick up
+  - path: set-external-servername.yml
 ```
 
 ### mc.env
 ```
 EULA=true
 TYPE=FORGE
+```
+
+###
+
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: mc
+  annotations:
+    mc-router.itzg.me/externalServerName: forge.example.com
 ```

scripts/start-deployPaper

@@ -52,6 +52,12 @@ else
 
 fi
 
+# Download default configs to allow for consistent patching
+for c in paper-global.yml paper-world-defaults.yml spigot.yml; do
+  DOWNLOAD_DEFAULT_CONFIGS+=",${PAPER_CONFIG_DEFAULTS_REPO}/${VERSION}/$c"
+done
+export DOWNLOAD_DEFAULT_CONFIGS
+
 # Normalize on Spigot for downstream operations
 export FAMILY=SPIGOT
 

scripts/start-finalExec

@@ -64,6 +64,9 @@ patchLog4jConfig() {
   canUseRollingLogs=false
 }
 
+# Temporarily disable debugging output
+oldState=$(shopt -po xtrace || true)
+shopt -u -o xtrace
 # Patch Log4j remote code execution vulnerability
 # See https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition
 if versionLessThan 1.7; then
@@ -80,6 +83,7 @@ elif isType PURPUR && versionLessThan 1.18.1; then
 elif versionLessThan 1.18.1; then
   useFallbackJvmFlag=true
 fi
+eval "$oldState"
 
 if ${useFallbackJvmFlag}; then
   JVM_OPTS="-Dlog4j2.formatMsgNoLookups=true ${JVM_OPTS}"

scripts/start-setupEnvVariables

@@ -4,6 +4,7 @@
 . "${SCRIPTS:-/}start-utils"
 
 set -e
+handleDebugMode
 
 : "${REPLACE_ENV_IN_PLACE:=${REPLACE_ENV_VARIABLES:-false}}"
 : "${REPLACE_ENV_PATHS:=/data}"
@@ -13,6 +14,7 @@ set -e
 : "${REPLACE_ENV_VARIABLES_EXCLUDE_PATHS:=}"
 : "${PATCH_DEFINITIONS:=}"
 : "${DEBUG:=false}"
+: "${DOWNLOAD_DEFAULT_CONFIGS:=}"
 
 if isTrue "${REPLACE_ENV_IN_PLACE}"; then
   log "Replacing env variables in ${REPLACE_ENV_PATHS} that match the prefix '$REPLACE_ENV_VARIABLE_PREFIX' ..."
@@ -25,6 +27,16 @@ if isTrue "${REPLACE_ENV_IN_PLACE}"; then
     "${REPLACE_ENV_PATHS[@]}"
 fi
 
+if [[ $DOWNLOAD_DEFAULT_CONFIGS ]]; then
+  log "Downloading default configs, if needed"
+  if ! mc-image-helper mcopy \
+    --to /data/config \
+    --skip-existing --skip-up-to-date=false \
+    "$DOWNLOAD_DEFAULT_CONFIGS" 2> /dev/null; then
+    log "WARN: one or more default config files were not available from $DOWNLOAD_DEFAULT_CONFIGS"
+  fi
+fi
+
 if [[ ${PATCH_DEFINITIONS} ]]; then
   log "Applying patch definitions from ${PATCH_DEFINITIONS}"
   mc-image-helper patch \

scripts/start-utils

@@ -265,10 +265,17 @@ function compare_version() {
 }
 
 function versionLessThan() {
+  local oldState
+  # The  return  status  when listing options is zero if all optnames are enabled, non- zero otherwise.
+  oldState=$(shopt -po xtrace || true)
+  shopt -u -o xtrace
+
   # Use if-else since strict mode might be enabled
   if compare_version "${VERSION}" "lt" "${1?}"; then
+    eval "$oldState"
     return 0
   else
+    eval "$oldState"
     return 1
   fi
 }