Skip to content

Update Docker Images #1107

Update Docker Images

Update Docker Images #1107

name: Update Docker Images
on:
schedule:
- cron: "0 1 * * 0" # run every week at 01:00 UTC on Sunday
workflow_dispatch:
inputs:
tag:
description: "Update images with tag"
required: true
dry_run:
type: boolean
default: false
defaults:
run:
shell: bash
concurrency:
group: ${{ github.ref_name }}-update
cancel-in-progress: true
permissions:
contents: read
jobs:
variables:
name: Set variables for workflow
runs-on: ubuntu-22.04
outputs:
tag: ${{ steps.kic.outputs.tag }}
short_tag: ${{ steps.kic.outputs.short }}
date: ${{ steps.kic.outputs.date }}
steps:
- name: Checkout Repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: Set variables
id: kic
run: |
tag="$(git tag --sort=-version:refname | head -n1)"
if [ -n "${{ inputs.tag }}" ]; then
echo "tag=${{ inputs.tag }}" >> $GITHUB_OUTPUT
else
tag=${tag//v}
echo "tag=${tag//v}" >> $GITHUB_OUTPUT
fi
date=$(date "+%Y%m%d")
echo "date=${date}" >> $GITHUB_OUTPUT
short="${tag%.*}"
echo "short=$short" >> $GITHUB_OUTPUT
cat $GITHUB_OUTPUT
patch-oss-images:
name: Build OSS Images
needs: [variables]
strategy:
fail-fast: false
matrix:
include:
- tag: ${{ needs.variables.outputs.tag }}
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-ingress
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress"
platforms: "linux/arm, linux/arm64, linux/amd64, linux/ppc64le, linux/s390x"
- tag: ${{ needs.variables.outputs.tag }}-alpine
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-alpine"
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-ingress
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress"
platforms: "linux/arm, linux/arm64, linux/amd64, linux/ppc64le, linux/s390x"
- tag: ${{ needs.variables.outputs.tag }}-ubi
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-ubi"
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-ingress
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress"
platforms: "linux/arm64, linux/amd64, linux/ppc64le, linux/s390x"
uses: ./.github/workflows/patch-image.yml
with:
platforms: ${{ matrix.platforms }}
image: ${{ matrix.image }}
tag: ${{ matrix.tag }}
ic_version: ${{ needs.variables.outputs.tag }}
target_image: ${{ matrix.target_image }}
target_tag: ${{ matrix.target_tag }}
permissions:
contents: read
id-token: write
secrets: inherit
patch-plus-images:
name: Build Plus Images
needs: [variables]
strategy:
fail-fast: false
matrix:
include:
- tag: ${{ needs.variables.outputs.tag }}
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress
target_image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress
platforms: "linux/arm64, linux/amd64"
- tag: ${{ needs.variables.outputs.tag }}-alpine
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-alpine"
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress
target_image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress
platforms: "linux/arm64, linux/amd64"
- tag: ${{ needs.variables.outputs.tag }}-mktpl
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-mktpl"
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress
target_image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress
platforms: "linux/arm64, linux/amd64"
- tag: ${{ needs.variables.outputs.tag }}-alpine-mktpl
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-alpine-mktpl"
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress
target_image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress
platforms: "linux/arm64, linux/amd64"
- tag: ${{ needs.variables.outputs.tag }}-ubi
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-ubi"
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress
target_image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress
platforms: "linux/arm64, linux/amd64, linux/s390x"
uses: ./.github/workflows/patch-image.yml
with:
platforms: ${{ matrix.platforms }}
image: ${{ matrix.image }}
tag: ${{ matrix.tag }}
ic_version: ${{ needs.variables.outputs.tag }}
target_image: ${{ matrix.target_image }}
target_tag: ${{ matrix.target_tag }}
permissions:
contents: read
id-token: write
secrets: inherit
patch-plus-nap-images:
name: Build Plus NAP Images
needs: [variables]
strategy:
fail-fast: false
matrix:
include:
- tag: "${{ needs.variables.outputs.tag }}"
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap/nginx-plus-ingress"
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress"
platforms: "linux/amd64"
- tag: "${{ needs.variables.outputs.tag }}-ubi"
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-ubi"
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap/nginx-plus-ingress"
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress"
platforms: "linux/amd64"
- tag: "${{ needs.variables.outputs.tag }}-mktpl"
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-mktpl"
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap/nginx-plus-ingress"
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress"
platforms: "linux/amd64"
- tag: "${{ needs.variables.outputs.tag }}-ubi-mktpl"
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-ubi-mktpl"
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap/nginx-plus-ingress"
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress"
platforms: "linux/amd64"
- tag: "${{ needs.variables.outputs.tag }}"
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap-v5/nginx-plus-ingress"
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress"
platforms: "linux/amd64"
- tag: "${{ needs.variables.outputs.tag }}-ubi"
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-ubi"
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap-v5/nginx-plus-ingress"
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress"
platforms: "linux/amd64"
- tag: "${{ needs.variables.outputs.tag }}"
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos/nginx-plus-ingress"
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress"
platforms: "linux/amd64"
- tag: "${{ needs.variables.outputs.tag }}-ubi"
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-ubi"
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos/nginx-plus-ingress"
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress"
platforms: "linux/amd64"
- tag: "${{ needs.variables.outputs.tag }}-ubi-mktpl"
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-ubi-mktpl"
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos/nginx-plus-ingress"
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress"
platforms: "linux/amd64"
- tag: "${{ needs.variables.outputs.tag }}-mktpl"
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-mktpl"
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos/nginx-plus-ingress"
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress"
platforms: "linux/amd64"
- tag: "${{ needs.variables.outputs.tag }}"
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos-nap/nginx-plus-ingress"
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress"
platforms: "linux/amd64"
- tag: "${{ needs.variables.outputs.tag }}-ubi"
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-ubi"
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos-nap/nginx-plus-ingress"
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress"
platforms: "linux/amd64"
- tag: "${{ needs.variables.outputs.tag }}-ubi-mktpl"
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-ubi-mktpl"
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos-nap/nginx-plus-ingress"
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress"
platforms: "linux/amd64"
- tag: "${{ needs.variables.outputs.tag }}-mktpl"
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-mktpl"
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos-nap/nginx-plus-ingress"
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress"
platforms: "linux/amd64"
uses: ./.github/workflows/patch-image.yml
with:
platforms: ${{ matrix.platforms }}
image: ${{ matrix.image }}
tag: ${{ matrix.tag }}
ic_version: ${{ needs.variables.outputs.tag }}
target_image: ${{ matrix.target_image }}
target_tag: ${{ matrix.target_tag }}
permissions:
contents: read
id-token: write
secrets: inherit
release-oss-internal:
name: "Publish Docker OSS ${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }} to internal release Registries"
needs: [variables, patch-oss-images]
uses: ./.github/workflows/oss-release.yml
with:
gcr_release_registry: true
ecr_public_registry: false
dockerhub_public_registry: false
quay_public_registry: false
github_public_registry: false
source_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
dry_run: ${{ inputs.dry_run || false }}
permissions:
contents: read
id-token: write
packages: write
secrets: inherit
release-oss-public:
name: Publish Docker OSS ${{ needs.variables.outputs.tag }} to Public Registries
needs: [variables, patch-oss-images]
strategy:
fail-fast: false
matrix:
tag:
- "${{ needs.variables.outputs.tag }}"
- "${{ needs.variables.outputs.short_tag }}"
- "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
- "latest"
uses: ./.github/workflows/oss-release.yml
with:
gcr_release_registry: false
ecr_public_registry: true
dockerhub_public_registry: true
quay_public_registry: true
github_public_registry: true
source_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
target_tag: ${{ matrix.tag }}
dry_run: ${{ inputs.dry_run || false }}
permissions:
contents: read
id-token: write
packages: write
secrets: inherit
release-plus-nginx-gcr:
name: Publish Docker Plus ${{ needs.variables.outputs.tag }} to NGINX & GCR Marketplace registries
needs: [variables, patch-plus-images, patch-plus-nap-images]
strategy:
fail-fast: false
matrix:
tag:
- "${{ needs.variables.outputs.tag }}"
- "${{ needs.variables.outputs.short_tag }}"
- "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
- "latest"
uses: ./.github/workflows/plus-release.yml
with:
nginx_registry: true
gcr_release_registry: false
gcr_mktpl_registry: true
ecr_mktpl_registry: false
az_mktpl_registry: false
source_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
target_tag: ${{ matrix.tag }}
dry_run: ${{ inputs.dry_run || false }}
permissions:
contents: read
id-token: write
secrets: inherit
release-plus-azure-ecr-marketplace:
name: Publish Docker Plus ${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }} to Azure & ECR Marketplace registries
needs: [variables, patch-plus-images, patch-plus-nap-images]
uses: ./.github/workflows/plus-release.yml
with:
nginx_registry: false
gcr_release_registry: false
gcr_mktpl_registry: false
ecr_mktpl_registry: true
az_mktpl_registry: true
source_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
dry_run: ${{ inputs.dry_run || false }}
permissions:
contents: read
id-token: write
secrets: inherit
release-plus-internal:
name: Publish Docker Plus ${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }} to internal release Registries
needs: [variables, patch-plus-images, patch-plus-nap-images]
uses: ./.github/workflows/plus-release.yml
with:
nginx_registry: false
gcr_release_registry: true
gcr_mktpl_registry: false
ecr_mktpl_registry: false
az_mktpl_registry: false
source_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
dry_run: ${{ inputs.dry_run || false }}
permissions:
contents: read
id-token: write
secrets: inherit
certify-openshift-images:
name: Certify OpenShift UBI images
runs-on: ubuntu-22.04
needs: [variables, release-oss-public]
steps:
- name: Checkout Repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Certify UBI OSS images in quay
uses: ./.github/actions/certify-openshift-image
with:
image: quay.io/nginx/nginx-ingress:${{ needs.variables.outputs.tag }}-ubi
project_id: ${{ secrets.CERTIFICATION_PROJECT_ID }}
pyxis_token: ${{ secrets.PYXIS_API_TOKEN }}
platforms: ""
if: ${{ ! inputs.dry_run || false }}