Update Docker Images #1107
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Update Docker Images | |
on: | |
schedule: | |
- cron: "0 1 * * 0" # run every week at 01:00 UTC on Sunday | |
workflow_dispatch: | |
inputs: | |
tag: | |
description: "Update images with tag" | |
required: true | |
dry_run: | |
type: boolean | |
default: false | |
defaults: | |
run: | |
shell: bash | |
concurrency: | |
group: ${{ github.ref_name }}-update | |
cancel-in-progress: true | |
permissions: | |
contents: read | |
jobs: | |
variables: | |
name: Set variables for workflow | |
runs-on: ubuntu-22.04 | |
outputs: | |
tag: ${{ steps.kic.outputs.tag }} | |
short_tag: ${{ steps.kic.outputs.short }} | |
date: ${{ steps.kic.outputs.date }} | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
fetch-depth: 0 | |
- name: Set variables | |
id: kic | |
run: | | |
tag="$(git tag --sort=-version:refname | head -n1)" | |
if [ -n "${{ inputs.tag }}" ]; then | |
echo "tag=${{ inputs.tag }}" >> $GITHUB_OUTPUT | |
else | |
tag=${tag//v} | |
echo "tag=${tag//v}" >> $GITHUB_OUTPUT | |
fi | |
date=$(date "+%Y%m%d") | |
echo "date=${date}" >> $GITHUB_OUTPUT | |
short="${tag%.*}" | |
echo "short=$short" >> $GITHUB_OUTPUT | |
cat $GITHUB_OUTPUT | |
patch-oss-images: | |
name: Build OSS Images | |
needs: [variables] | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- tag: ${{ needs.variables.outputs.tag }} | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | |
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-ingress | |
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress" | |
platforms: "linux/arm, linux/arm64, linux/amd64, linux/ppc64le, linux/s390x" | |
- tag: ${{ needs.variables.outputs.tag }}-alpine | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-alpine" | |
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-ingress | |
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress" | |
platforms: "linux/arm, linux/arm64, linux/amd64, linux/ppc64le, linux/s390x" | |
- tag: ${{ needs.variables.outputs.tag }}-ubi | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-ubi" | |
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-ingress | |
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress" | |
platforms: "linux/arm64, linux/amd64, linux/ppc64le, linux/s390x" | |
uses: ./.github/workflows/patch-image.yml | |
with: | |
platforms: ${{ matrix.platforms }} | |
image: ${{ matrix.image }} | |
tag: ${{ matrix.tag }} | |
ic_version: ${{ needs.variables.outputs.tag }} | |
target_image: ${{ matrix.target_image }} | |
target_tag: ${{ matrix.target_tag }} | |
permissions: | |
contents: read | |
id-token: write | |
secrets: inherit | |
patch-plus-images: | |
name: Build Plus Images | |
needs: [variables] | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- tag: ${{ needs.variables.outputs.tag }} | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | |
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress | |
target_image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress | |
platforms: "linux/arm64, linux/amd64" | |
- tag: ${{ needs.variables.outputs.tag }}-alpine | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-alpine" | |
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress | |
target_image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress | |
platforms: "linux/arm64, linux/amd64" | |
- tag: ${{ needs.variables.outputs.tag }}-mktpl | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-mktpl" | |
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress | |
target_image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress | |
platforms: "linux/arm64, linux/amd64" | |
- tag: ${{ needs.variables.outputs.tag }}-alpine-mktpl | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-alpine-mktpl" | |
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress | |
target_image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress | |
platforms: "linux/arm64, linux/amd64" | |
- tag: ${{ needs.variables.outputs.tag }}-ubi | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-ubi" | |
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress | |
target_image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress | |
platforms: "linux/arm64, linux/amd64, linux/s390x" | |
uses: ./.github/workflows/patch-image.yml | |
with: | |
platforms: ${{ matrix.platforms }} | |
image: ${{ matrix.image }} | |
tag: ${{ matrix.tag }} | |
ic_version: ${{ needs.variables.outputs.tag }} | |
target_image: ${{ matrix.target_image }} | |
target_tag: ${{ matrix.target_tag }} | |
permissions: | |
contents: read | |
id-token: write | |
secrets: inherit | |
patch-plus-nap-images: | |
name: Build Plus NAP Images | |
needs: [variables] | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- tag: "${{ needs.variables.outputs.tag }}" | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | |
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap/nginx-plus-ingress" | |
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress" | |
platforms: "linux/amd64" | |
- tag: "${{ needs.variables.outputs.tag }}-ubi" | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-ubi" | |
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap/nginx-plus-ingress" | |
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress" | |
platforms: "linux/amd64" | |
- tag: "${{ needs.variables.outputs.tag }}-mktpl" | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-mktpl" | |
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap/nginx-plus-ingress" | |
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress" | |
platforms: "linux/amd64" | |
- tag: "${{ needs.variables.outputs.tag }}-ubi-mktpl" | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-ubi-mktpl" | |
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap/nginx-plus-ingress" | |
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress" | |
platforms: "linux/amd64" | |
- tag: "${{ needs.variables.outputs.tag }}" | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | |
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap-v5/nginx-plus-ingress" | |
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress" | |
platforms: "linux/amd64" | |
- tag: "${{ needs.variables.outputs.tag }}-ubi" | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-ubi" | |
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap-v5/nginx-plus-ingress" | |
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress" | |
platforms: "linux/amd64" | |
- tag: "${{ needs.variables.outputs.tag }}" | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | |
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos/nginx-plus-ingress" | |
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress" | |
platforms: "linux/amd64" | |
- tag: "${{ needs.variables.outputs.tag }}-ubi" | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-ubi" | |
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos/nginx-plus-ingress" | |
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress" | |
platforms: "linux/amd64" | |
- tag: "${{ needs.variables.outputs.tag }}-ubi-mktpl" | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-ubi-mktpl" | |
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos/nginx-plus-ingress" | |
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress" | |
platforms: "linux/amd64" | |
- tag: "${{ needs.variables.outputs.tag }}-mktpl" | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-mktpl" | |
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos/nginx-plus-ingress" | |
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress" | |
platforms: "linux/amd64" | |
- tag: "${{ needs.variables.outputs.tag }}" | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | |
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos-nap/nginx-plus-ingress" | |
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress" | |
platforms: "linux/amd64" | |
- tag: "${{ needs.variables.outputs.tag }}-ubi" | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-ubi" | |
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos-nap/nginx-plus-ingress" | |
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress" | |
platforms: "linux/amd64" | |
- tag: "${{ needs.variables.outputs.tag }}-ubi-mktpl" | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-ubi-mktpl" | |
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos-nap/nginx-plus-ingress" | |
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress" | |
platforms: "linux/amd64" | |
- tag: "${{ needs.variables.outputs.tag }}-mktpl" | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-mktpl" | |
image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos-nap/nginx-plus-ingress" | |
target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress" | |
platforms: "linux/amd64" | |
uses: ./.github/workflows/patch-image.yml | |
with: | |
platforms: ${{ matrix.platforms }} | |
image: ${{ matrix.image }} | |
tag: ${{ matrix.tag }} | |
ic_version: ${{ needs.variables.outputs.tag }} | |
target_image: ${{ matrix.target_image }} | |
target_tag: ${{ matrix.target_tag }} | |
permissions: | |
contents: read | |
id-token: write | |
secrets: inherit | |
release-oss-internal: | |
name: "Publish Docker OSS ${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }} to internal release Registries" | |
needs: [variables, patch-oss-images] | |
uses: ./.github/workflows/oss-release.yml | |
with: | |
gcr_release_registry: true | |
ecr_public_registry: false | |
dockerhub_public_registry: false | |
quay_public_registry: false | |
github_public_registry: false | |
source_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | |
dry_run: ${{ inputs.dry_run || false }} | |
permissions: | |
contents: read | |
id-token: write | |
packages: write | |
secrets: inherit | |
release-oss-public: | |
name: Publish Docker OSS ${{ needs.variables.outputs.tag }} to Public Registries | |
needs: [variables, patch-oss-images] | |
strategy: | |
fail-fast: false | |
matrix: | |
tag: | |
- "${{ needs.variables.outputs.tag }}" | |
- "${{ needs.variables.outputs.short_tag }}" | |
- "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | |
- "latest" | |
uses: ./.github/workflows/oss-release.yml | |
with: | |
gcr_release_registry: false | |
ecr_public_registry: true | |
dockerhub_public_registry: true | |
quay_public_registry: true | |
github_public_registry: true | |
source_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | |
target_tag: ${{ matrix.tag }} | |
dry_run: ${{ inputs.dry_run || false }} | |
permissions: | |
contents: read | |
id-token: write | |
packages: write | |
secrets: inherit | |
release-plus-nginx-gcr: | |
name: Publish Docker Plus ${{ needs.variables.outputs.tag }} to NGINX & GCR Marketplace registries | |
needs: [variables, patch-plus-images, patch-plus-nap-images] | |
strategy: | |
fail-fast: false | |
matrix: | |
tag: | |
- "${{ needs.variables.outputs.tag }}" | |
- "${{ needs.variables.outputs.short_tag }}" | |
- "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | |
- "latest" | |
uses: ./.github/workflows/plus-release.yml | |
with: | |
nginx_registry: true | |
gcr_release_registry: false | |
gcr_mktpl_registry: true | |
ecr_mktpl_registry: false | |
az_mktpl_registry: false | |
source_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | |
target_tag: ${{ matrix.tag }} | |
dry_run: ${{ inputs.dry_run || false }} | |
permissions: | |
contents: read | |
id-token: write | |
secrets: inherit | |
release-plus-azure-ecr-marketplace: | |
name: Publish Docker Plus ${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }} to Azure & ECR Marketplace registries | |
needs: [variables, patch-plus-images, patch-plus-nap-images] | |
uses: ./.github/workflows/plus-release.yml | |
with: | |
nginx_registry: false | |
gcr_release_registry: false | |
gcr_mktpl_registry: false | |
ecr_mktpl_registry: true | |
az_mktpl_registry: true | |
source_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | |
dry_run: ${{ inputs.dry_run || false }} | |
permissions: | |
contents: read | |
id-token: write | |
secrets: inherit | |
release-plus-internal: | |
name: Publish Docker Plus ${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }} to internal release Registries | |
needs: [variables, patch-plus-images, patch-plus-nap-images] | |
uses: ./.github/workflows/plus-release.yml | |
with: | |
nginx_registry: false | |
gcr_release_registry: true | |
gcr_mktpl_registry: false | |
ecr_mktpl_registry: false | |
az_mktpl_registry: false | |
source_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | |
target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | |
dry_run: ${{ inputs.dry_run || false }} | |
permissions: | |
contents: read | |
id-token: write | |
secrets: inherit | |
certify-openshift-images: | |
name: Certify OpenShift UBI images | |
runs-on: ubuntu-22.04 | |
needs: [variables, release-oss-public] | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Certify UBI OSS images in quay | |
uses: ./.github/actions/certify-openshift-image | |
with: | |
image: quay.io/nginx/nginx-ingress:${{ needs.variables.outputs.tag }}-ubi | |
project_id: ${{ secrets.CERTIFICATION_PROJECT_ID }} | |
pyxis_token: ${{ secrets.PYXIS_API_TOKEN }} | |
platforms: "" | |
if: ${{ ! inputs.dry_run || false }} |