From a5282e9748eac06f10b6eb0fa917abfa438fab55 Mon Sep 17 00:00:00 2001 From: lekt8 Date: Wed, 3 Jun 2026 02:56:54 +0800 Subject: [PATCH] Pin the SearXNG image so a broken :latest can't block startup (#1419) odysseus waits on searxng's healthcheck (depends_on: condition: service_healthy), so when the upstream `searxng:latest` tag is broken the whole app never starts. The 2026.6.2 image crashes on boot with `KeyError: 'default_doi_resolver'`, failing the healthcheck and blocking fresh Docker installs (issue #1414). Pin to the last known-good tag (2026.5.31-7159b8aed) instead of :latest, with a comment to bump it deliberately after verifying a newer tag boots clean. Co-authored-by: Claude Opus 4.8 (1M context) --- docker-compose.yml | 7 ++++++- tests/test_searxng_image_pinned.py | 26 ++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 tests/test_searxng_image_pinned.py diff --git a/docker-compose.yml b/docker-compose.yml index b2d50de..f3a8dcc 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -79,7 +79,12 @@ services: restart: unless-stopped searxng: - image: docker.io/searxng/searxng:latest + # Pinned, not :latest — odysseus waits on searxng's healthcheck + # (depends_on: condition: service_healthy), so a broken upstream `latest` + # tag blocks the whole app from starting. 2026.6.2 crashes on boot with + # `KeyError: 'default_doi_resolver'`, failing the healthcheck (issue #1414). + # Bump this deliberately after verifying a newer tag boots clean. + image: docker.io/searxng/searxng:2026.5.31-7159b8aed entrypoint: - /bin/sh - -c diff --git a/tests/test_searxng_image_pinned.py b/tests/test_searxng_image_pinned.py new file mode 100644 index 0000000..df9b1b5 --- /dev/null +++ b/tests/test_searxng_image_pinned.py @@ -0,0 +1,26 @@ +"""Regression guard for issue #1414 — a broken upstream `searxng:latest` tag +(2026.6.2 crashed on boot with KeyError: 'default_doi_resolver') failed the +searxng healthcheck, and because `odysseus` waits on it via +`depends_on: condition: service_healthy`, the whole app never started on fresh +Docker installs. + +Pin the SearXNG image to a known-good tag so a bad upstream `latest` can't block +startup. This guards that the pin stays in place. +""" +import re +from pathlib import Path + +COMPOSE = Path(__file__).resolve().parent.parent / "docker-compose.yml" + + +def test_searxng_image_is_pinned_not_latest(): + text = COMPOSE.read_text(encoding="utf-8") + m = re.search(r"image:\s*\S*searxng/searxng:(\S+)", text) + assert m, "searxng image line not found in docker-compose.yml" + tag = m.group(1) + assert tag != "latest", ( + "SearXNG must be pinned, not ':latest' — odysseus startup depends on its " + "healthcheck, so a broken upstream latest tag blocks the app (issue #1414)" + ) + # A real version tag (date-based, e.g. 2026.5.31-7159b8aed), not a moving ref. + assert re.match(r"\d{4}\.\d", tag), f"expected a versioned tag, got {tag!r}"