admin/felhom.eu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: admin/felhom.eu:a964dc20a46c821b2e7636f74391b7cc205f4e89
Branches Tags
admin/felhom.eu:main admin/felhom.eu:fix/filebrowser-config-args admin/felhom.eu:feat/umami-v3-filebrowser-root admin/felhom.eu:fix/umami-sha-pin admin/felhom.eu:fix/filebrowser-revert admin/felhom.eu:fix/version-pins
...
compare: admin/felhom.eu:feat/umami-v3-filebrowser-root
Branches Tags
admin/felhom.eu:main admin/felhom.eu:fix/filebrowser-config-args admin/felhom.eu:feat/umami-v3-filebrowser-root admin/felhom.eu:fix/umami-sha-pin admin/felhom.eu:fix/filebrowser-revert admin/felhom.eu:fix/version-pins

3 Commits
a964dc20a4 ... feat/umami-v3-filebrowser-root

Author SHA1 Message Date
admin bd0531e4a8 manifests: umami -> 3.1.0 (v3 line) + filebrowser v2.63.13 with runAsUser:0 
umami:
  Switch from SHA-pinned v3.0.3 to the tagged v3.1.0 release (the v3
  line proper -- same schema lineage, normal Prisma minor-version
  migration). This is the documented forward path that the version-
  checker hint `postgresql-latest -> 3.1` indicated. The v1.x
  postgresql-vX.Y.Z line we briefly tried earlier today is a
  DIFFERENT image lineage with incompatible migrations -- avoid.

filebrowser:
  Re-pin to v2.63.13 (debian-based default) so Renovate can track
  future bumps. The non-root UID in that image can't write to the
  existing PVC contents (chowned to root by the previous v2-alpine
  image), so set pod-level securityContext runAsUser:0 + runAsGroup:0
  to keep using the same volume layout without a chown initContainer.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-06-06 14:17:20 +02:00
admin dc64bb2d79 Merge pull request 'fix(URGENT): pin umami to exact SHA (v1.38.0 has schema lineage mismatch)' (#3) from fix/umami-sha-pin into main 2026-06-06 11:53:55 +00:00
admin 7e6ea9d66c manifests: pin umami to exact image SHA (schema mismatch with v1.38.0) 
Previous PR pinned `ghcr.io/umami-software/umami:postgresql-v1.38.0`.
The new pod crashlooped on Prisma:

  ERROR: relation "event" does not exist
  Migration name: 02_add_event_data
  Database error code: 42P01

The 120-day-old working pod's actual image is:
  ghcr.io/umami-software/umami@sha256:28f263fe06f79ebffa5a6a6e9b...

It runs an older umami build whose schema doesn't have the `event`
table that the v1 migration `02_add_event_data` operates on. The DB
has migrations 10-14 applied (newer than 02 by name) but 02 isn't in
its applied set -- likely a schema fork between the line our 120d pod
runs and the postgresql-vX.Y.Z line that v1.38.0 advances toward.

Pin to the exact SHA that the working pod uses, so pod restarts +
ArgoCD syncs both keep producing pods on the same known-good image
(cached on the node, no registry pull needed). Renovate also stops
chasing the broken upgrade path.

Proper fix (deferred): plan a v3.x migration. The version-checker
dashboard hint `postgresql-latest → 3.1` suggests umami v3.x dropped
the `postgresql-` prefix and is what we'd want long-term. That needs
a real DB migration plan since the schema lineage is genuinely
different from this image.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-06-06 13:53:54 +02:00
2 changed files with 10 additions and 7 deletions
Expand all files Collapse all files
manifests/umami.yaml
+1 -1
View File
@@ -187,7 +187,7 @@ spec:
cpu: "50m" cpu: "50m"
containers: containers:
- name: umami - name: umami
image: ghcr.io/umami-software/umami:postgresql-v1.38.0 image: ghcr.io/umami-software/umami:3.1.0
ports: ports:
- containerPort: 3000 - containerPort: 3000
env: env:
manifests/webpage.yaml
+9 -6
View File
@@ -105,14 +105,17 @@ spec:
labels: labels:
app: filebrowser app: filebrowser
spec: spec:
# filebrowser v2.63.13 (debian default) runs as a non-root UID by default
# and can't write to PVC files left by the previous v2-alpine image (which
# ran as root). Force root explicitly so the existing PVC contents are
# readable + writable. (The alternative -- chown the PVC then drop perms --
# needs a one-shot initContainer; not worth the moving parts here.)
securityContext:
runAsUser: 0
runAsGroup: 0
containers: containers:
- name: filebrowser - name: filebrowser
# NOTE: v2-alpine is a moving tag (Renovate can't track it). image: filebrowser/filebrowser:v2.63.13
# Pinning to v2.63.13 (debian-based default) broke the PVC permissions
# (the image runs as a non-root UID and can't write to files left
# by the alpine variant). A clean re-pin needs either an initContainer
# to chown the PVC, or a fsGroup on the pod spec. Revisit when time permits.
image: filebrowser/filebrowser:v2-alpine
ports: ports:
- containerPort: 8080 - containerPort: 8080
volumeMounts: volumeMounts: