[PR #1012] [MERGED] fix(minio): migrate to pgsty/minio community fork (upstream is source-only and archived) #16320

Closed
opened 2026-07-14 23:19:10 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/Dokploy/templates/pull/1012
Author: @Siumauricio
Created: 7/14/2026
Status: Merged
Merged: 7/14/2026
Merged by: @Siumauricio

Base: canaryHead: fix/minio-source-only


📝 Commits (1)

  • 030d9d1 fix(minio): migrate to pgsty/minio community fork (upstream is source-only and archived)

📊 Changes

3 files changed (+24 additions, -14 deletions)

View changed files

📝 blueprints/minio/docker-compose.yml (+12 -9)
📝 blueprints/minio/meta.json (+5 -5)
📝 blueprints/minio/template.toml (+7 -0)

📄 Description

Problem

MinIO went source-only and the template's image source is dead:

  • October 2025: MinIO Inc. stopped publishing Docker images and pre-built binaries for the community edition (minio/minio#21647). The critical security fix in RELEASE.2025-10-15T17-29-55Z (CVE-2025-62506) was released source-only — the GitHub release has 0 binary assets.
  • February 2026: MinIO Inc. archived the minio/minio repository entirely ("no longer maintained", pointing users to their commercial AIStor product).
  • The official minio/minio Docker Hub image is frozen at RELEASE.2025-09-07T16-13-09Z (last push 2025-09-07, verified via the Docker Hub API) and will never receive another security fix. The template currently pulls minio/minio (implicit latest), i.e. a permanently vulnerable image.

Decision: migrate to pgsty/minio

Candidates evaluated with real Docker Hub / GitHub data (as of 2026-07-14):

Option Verdict
pgsty/minio (Pigsty community fork) Chosen. GitHub pgsty/minio: 1.8k stars, active (last release RELEASE.2026-06-18T00-00-00Z, 2026-06-18, 20 binary assets). Docker Hub: 393k pulls, multi-arch (amd64+arm64), regular releases since Feb 2026. AGPLv3, drop-in replacement: same env vars, same server command, same /data on-disk format, and it restores the full web console upstream had gutted.
Pin last official minio/minio:RELEASE.2025-09-07T16-13-09Z Rejected as the primary fix: permanently misses the CVE-2025-62506 fix and everything after it.
coollabsio/minio Stalled: one-time rebuild of the 2025-10-15 release, last push 2025-10-27, 38k pulls.
OpenMaxIO Console-UI fork only (no server), no pushes since 2025-06-24.
Chainguard / Minimus Commercial registries, only latest on the free tier — unsuitable for a template.
Bitnami Deprecated.

The image is pinned to RELEASE.2026-06-18T00-00-00Z (the fork's latest release) so upgrades are explicit and reproducible.

Changes

  • docker-compose.yml: minio/miniopgsty/minio:RELEASE.2026-06-18T00-00-00Z, with a comment documenting the upstream situation. Removed the stale comment about the pre-2025-04-22 admin UI (the fork restores the full console). Replaced the 9000:9000 host port publish with expose + a dedicated S3 API domain, per repo conventions (same pattern as the alarik template).
  • template.toml: added a second domain for the S3 API on port 9000 (the previously unused api_domain variable now does something).
  • meta.json: version pinned, links point at the maintained fork, description explains the migration.

Data compatibility: the minio-data volume, /data path, credentials env vars and S3 API are unchanged — existing deployments' data keeps working after the image swap.

Deploy verification

Deployed on a Dokploy instance from this branch:

  • Web console (port 9001 via its domain): HTTP 200, MinIO Console loads.
  • S3 API (port 9000 via its domain): responds with Server: MinIO and a proper S3 XML AccessDenied for unauthenticated requests — API fully functional.
HTTP/1.1 403 Forbidden
Content-Type: application/xml
Server: MinIO
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code>...

node build-scripts/generate-meta.js --check passes (476 templates validated).

Closes #469

🤖 Generated with Claude Code


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/Dokploy/templates/pull/1012 **Author:** [@Siumauricio](https://github.com/Siumauricio) **Created:** 7/14/2026 **Status:** ✅ Merged **Merged:** 7/14/2026 **Merged by:** [@Siumauricio](https://github.com/Siumauricio) **Base:** `canary` ← **Head:** `fix/minio-source-only` --- ### 📝 Commits (1) - [`030d9d1`](https://github.com/Dokploy/templates/commit/030d9d1089aadaa248c3b896c17cdf239eff9ae5) fix(minio): migrate to pgsty/minio community fork (upstream is source-only and archived) ### 📊 Changes **3 files changed** (+24 additions, -14 deletions) <details> <summary>View changed files</summary> 📝 `blueprints/minio/docker-compose.yml` (+12 -9) 📝 `blueprints/minio/meta.json` (+5 -5) 📝 `blueprints/minio/template.toml` (+7 -0) </details> ### 📄 Description ## Problem MinIO went source-only and the template's image source is dead: - **October 2025**: MinIO Inc. stopped publishing Docker images and pre-built binaries for the community edition ([minio/minio#21647](https://github.com/minio/minio/issues/21647)). The critical security fix in `RELEASE.2025-10-15T17-29-55Z` (CVE-2025-62506) was released **source-only** — the GitHub release has 0 binary assets. - **February 2026**: MinIO Inc. archived the `minio/minio` repository entirely ("no longer maintained", pointing users to their commercial AIStor product). - The official `minio/minio` Docker Hub image is **frozen at `RELEASE.2025-09-07T16-13-09Z`** (last push 2025-09-07, verified via the Docker Hub API) and will never receive another security fix. The template currently pulls `minio/minio` (implicit `latest`), i.e. a permanently vulnerable image. ## Decision: migrate to `pgsty/minio` Candidates evaluated with real Docker Hub / GitHub data (as of 2026-07-14): | Option | Verdict | |---|---| | **`pgsty/minio`** (Pigsty community fork) | **Chosen.** GitHub [pgsty/minio](https://github.com/pgsty/minio): 1.8k stars, active (last release `RELEASE.2026-06-18T00-00-00Z`, 2026-06-18, 20 binary assets). Docker Hub: 393k pulls, multi-arch (amd64+arm64), regular releases since Feb 2026. AGPLv3, drop-in replacement: same env vars, same `server` command, same `/data` on-disk format, and it restores the full web console upstream had gutted. | | Pin last official `minio/minio:RELEASE.2025-09-07T16-13-09Z` | Rejected as the primary fix: permanently misses the CVE-2025-62506 fix and everything after it. | | `coollabsio/minio` | Stalled: one-time rebuild of the 2025-10-15 release, last push 2025-10-27, 38k pulls. | | OpenMaxIO | Console-UI fork only (no server), no pushes since 2025-06-24. | | Chainguard / Minimus | Commercial registries, only `latest` on the free tier — unsuitable for a template. | | Bitnami | Deprecated. | The image is pinned to `RELEASE.2026-06-18T00-00-00Z` (the fork's latest release) so upgrades are explicit and reproducible. ## Changes - `docker-compose.yml`: `minio/minio` → `pgsty/minio:RELEASE.2026-06-18T00-00-00Z`, with a comment documenting the upstream situation. Removed the stale comment about the pre-2025-04-22 admin UI (the fork restores the full console). Replaced the `9000:9000` host port publish with `expose` + a dedicated S3 API domain, per repo conventions (same pattern as the `alarik` template). - `template.toml`: added a second domain for the S3 API on port 9000 (the previously unused `api_domain` variable now does something). - `meta.json`: version pinned, links point at the maintained fork, description explains the migration. Data compatibility: the `minio-data` volume, `/data` path, credentials env vars and S3 API are unchanged — existing deployments' data keeps working after the image swap. ## Deploy verification Deployed on a Dokploy instance from this branch: - Web console (port 9001 via its domain): **HTTP 200**, MinIO Console loads. - S3 API (port 9000 via its domain): responds with `Server: MinIO` and a proper S3 XML `AccessDenied` for unauthenticated requests — API fully functional. ``` HTTP/1.1 403 Forbidden Content-Type: application/xml Server: MinIO <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code>... ``` `node build-scripts/generate-meta.js --check` passes (476 templates validated). Closes #469 🤖 Generated with [Claude Code](https://claude.com/claude-code) --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-07-14 23:19:10 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/templates#16320