Update pinned container SHAs, triggered from schedule by @pdabelf5 #70
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Update pinned container SHAs" | |
| run-name: Update pinned container SHAs, triggered from ${{ github.event_name }} by @${{ github.actor }} | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| source_branch: | |
| required: true | |
| type: string | |
| default: "main" | |
| excludes: | |
| description: Comma separated list of strings to exclude images from the update | |
| required: false | |
| type: string | |
| default: "" | |
| dry_run: | |
| type: boolean | |
| default: false | |
| schedule: | |
| - cron: "0 1 * * 1-5" # 01:00 UTC Mon-Fri | |
| defaults: | |
| run: | |
| shell: bash | |
| permissions: | |
| contents: read | |
| jobs: | |
| vars: | |
| permissions: | |
| contents: read | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| source_branch: ${{ steps.vars.outputs.source_branch }} | |
| steps: | |
| - name: Set vars | |
| id: vars | |
| run: | | |
| source_branch=main | |
| if [ -n "${{ inputs.source_branch }}" ]; then | |
| source_branch=${{ inputs.source_branch }} | |
| fi | |
| echo "source_branch=${source_branch}" >> $GITHUB_OUTPUT | |
| update-docker-sha: | |
| permissions: | |
| contents: write | |
| runs-on: ubuntu-22.04 | |
| needs: [vars] | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| ref: ${{ needs.vars.outputs.source_branch }} | |
| - name: Update images | |
| id: update_images | |
| run: | | |
| docker_md5=$(find . -type f \( -wholename "build/Dockerfile" -o -wholename "tests/Dockerfile" \) -exec md5sum {} + | LC_ALL=C sort | md5sum | awk '{ print $1 }') | |
| echo "docker_md5=${docker_md5:0:8}" >> $GITHUB_OUTPUT | |
| ARGS="" | |
| if [ -n ${{ github.event.inputs.excludes }} ]; then | |
| ARGS="--exclude ${{ github.event.inputs.excludes }}" | |
| fi | |
| .github/scripts/docker-updater.sh ./build/Dockerfile $ARGS | |
| .github/scripts/docker-updater.sh ./tests/Dockerfile $ARGS | |
| files=$(git diff --name-only) | |
| if [[ $files == *"Dockerfile"* ]]; then | |
| echo "change_detected=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "change_detected=false" >> $GITHUB_OUTPUT | |
| fi | |
| echo $GITHUB_OUTPUT | |
| - name: Create Pull Request | |
| uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 | |
| with: | |
| token: ${{ secrets.NGINX_PAT }} | |
| commit-message: Update docker images ${{ steps.update_images.outputs.docker_md5 }} | |
| title: Docker image update ${{ steps.update_images.outputs.docker_md5 }} | |
| branch: deps/image-update-${{ needs.vars.outputs.source_branch }}-${{ steps.update_images.outputs.docker_md5 }} | |
| author: nginx-bot <[email protected]> | |
| labels: | | |
| dependencies | |
| docker | |
| body: | | |
| This automated PR updates pinned container image SHAs to latest. | |
| if: ${{ !inputs.dry_run && steps.update_images.outputs.change_detected == 'true' }} |