feat: change Docker build to download from GitHub releases instead of dl.rustfs.com (#398)

- Modified Dockerfile to download pre-built binaries from GitHub releases - For latest releases, use GitHub API to find the correct download URL - For specific versions, construct the GitHub release URL directly - Updated docker-buildx.sh script messages to reflect new download source - This change addresses security concerns about potential tampering with binaries from dl.rustfs.com Co-authored-by: Cursor Agent <cursoragent@cursor.com>
2026-01-17 01:30:33 +00:00 · 2025-08-13 22:00:41 +08:00
parent 2c7366038e
commit a693cb52f3
2 changed files with 15 additions and 15 deletions
--- a/16
+++ b/16
@@ -26,13 +26,21 @@ RUN ARCH=$(cat /tmp/arch) && \
        echo "Unsupported architecture: $TARGETARCH" && exit 1; \
    fi && \
    if [ "${RELEASE}" = "latest" ]; then \
-        VERSION="latest"; \
+        # For latest, download from GitHub releases using the -latest suffix
+        PACKAGE_NAME="rustfs-linux-${ARCH}-latest.zip"; \
+        # Use GitHub API to get the latest release URL
+        LATEST_RELEASE_URL=$(curl -s https://api.github.com/repos/rustfs/rustfs/releases/latest | grep -o '"browser_download_url": "[^"]*'"${PACKAGE_NAME}"'"' | cut -d'"' -f4 | head -1); \
+        if [ -z "$LATEST_RELEASE_URL" ]; then \
+            echo "Failed to find latest release for ${PACKAGE_NAME}" >&2; \
+            exit 1; \
+        fi; \
+        DOWNLOAD_URL="$LATEST_RELEASE_URL"; \
    else \
+        # For specific versions, construct the GitHub release URL directly
        VERSION="v${RELEASE#v}"; \
+        PACKAGE_NAME="rustfs-linux-${ARCH}-${VERSION}.zip"; \
+        DOWNLOAD_URL="https://github.com/rustfs/rustfs/releases/download/${VERSION}/${PACKAGE_NAME}"; \
    fi && \
-    BASE_URL="https://dl.rustfs.com/artifacts/rustfs/release" && \
-    PACKAGE_NAME="rustfs-linux-${ARCH}-${VERSION}.zip" && \
-    DOWNLOAD_URL="${BASE_URL}/${PACKAGE_NAME}" && \
    echo "Downloading ${PACKAGE_NAME} from ${DOWNLOAD_URL}" >&2 && \
    curl -f -L "${DOWNLOAD_URL}" -o rustfs.zip && \
    unzip rustfs.zip -d /build && \
--- a/docker-buildx.sh
+++ b/docker-buildx.sh
@@ -150,11 +150,7 @@ build_and_push() {
    else
        print_message $RED "❌ Failed to build latest variant"
        print_message $YELLOW "💡 Note: Make sure rustfs binaries are available at:"
-        if [ "$CHANNEL" = "dev" ]; then
-            print_message $YELLOW "   https://dl.rustfs.com/artifacts/rustfs/dev/"
-        else
-            print_message $YELLOW "   https://dl.rustfs.com/artifacts/rustfs/release/"
-        fi
+        print_message $YELLOW "   https://github.com/rustfs/rustfs/releases"
        exit 1
    fi

@@ -183,11 +179,7 @@ build_and_push() {
        else
            print_message $RED "❌ Failed to build release variant"
            print_message $YELLOW "💡 Note: Make sure rustfs binaries are available at:"
-            if [ "$CHANNEL" = "dev" ]; then
-                print_message $YELLOW "   https://dl.rustfs.com/artifacts/rustfs/dev/"
-            else
-                print_message $YELLOW "   https://dl.rustfs.com/artifacts/rustfs/release/"
-            fi
+            print_message $YELLOW "   https://github.com/rustfs/rustfs/releases"
            exit 1
        fi
    else
@@ -248,7 +240,7 @@ done
 # Main execution
 main() {
    print_message $BLUE "🐳 RustFS Docker Buildx Build Script"
-    print_message $YELLOW "📋 Build Strategy: Uses pre-built binaries from dl.rustfs.com"
+    print_message $YELLOW "📋 Build Strategy: Uses pre-built binaries from GitHub Releases"
    print_message $YELLOW "🚀 Production images only - optimized for distribution"
    echo ""