Update Docker Images #1127
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update Docker Images | ||
| on: | ||
| schedule: | ||
| - cron: "0 1 * * 0" # run every week at 01:00 UTC on Sunday | ||
| workflow_dispatch: | ||
| inputs: | ||
| tag: | ||
| description: "Update images with tag" | ||
| required: true | ||
| dry_run: | ||
| type: boolean | ||
| default: false | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| concurrency: | ||
| group: ${{ github.ref_name }}-update | ||
| cancel-in-progress: true | ||
| permissions: | ||
| contents: read | ||
| jobs: | ||
| variables: | ||
| name: Set variables for workflow | ||
| runs-on: ubuntu-22.04 | ||
| outputs: | ||
| tag: ${{ steps.kic.outputs.tag }} | ||
| short_tag: ${{ steps.kic.outputs.short }} | ||
| date: ${{ steps.kic.outputs.date }} | ||
| matrix: ${{ steps.kic.outputs.matrix }} | ||
| steps: | ||
| - name: Checkout Repository | ||
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Set variables | ||
| id: kic | ||
| run: | | ||
| tag="$(git tag --sort=-version:refname | head -n1)" | ||
| if [ -n "${{ inputs.tag }}" ]; then | ||
| echo "tag=${{ inputs.tag }}" >> $GITHUB_OUTPUT | ||
| else | ||
| tag=${tag//v} | ||
| echo "tag=${tag//v}" >> $GITHUB_OUTPUT | ||
| fi | ||
| date=$(date "+%Y%m%d") | ||
| echo "date=${date}" >> $GITHUB_OUTPUT | ||
| short="${tag%.*}" | ||
| echo "short=$short" >> $GITHUB_OUTPUT | ||
| echo "matrix=$(cat .github/data/patch-images.json" >> $GITHUB_OUTPUT | ||
| cat $GITHUB_OUTPUT | ||
| patch-images: | ||
| name: Patch Images | ||
| needs: [variables] | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| include: ${{ fromJSON( needs.variables.outputs.matrix ) }} | ||
| uses: ./.github/workflows/patch-image.yml | ||
| with: | ||
| platforms: ${{ matrix.platforms }} | ||
| image: ${{ matrix.source_image }} | ||
| tag: ${{ matrix.source_os == 'debian' && needs.variables.outputs.tag || format('{0}-{1}', needs.variables.outputs.tag, matrix.source_os) }} | ||
| ic_version: ${{ needs.variables.outputs.tag }} | ||
| target_image: ${{ matrix.target_image }} | ||
| target_tag: ${{ matrix.source_os == 'debian' && format('{0}-{1}', needs.variables.outputs.tag, needs.variables.outputs.date) || format('{0}-{1}-{2}', needs.variables.outputs.tag, needs.variables.outputs.date, matrix.source_os) }} | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| secrets: inherit | ||
| release-oss-internal: | ||
|
Check failure on line 78 in .github/workflows/update-docker-images.yml
|
||
| name: "Publish Docker OSS ${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }} to internal release Registries" | ||
| needs: [variables, patch-images] | ||
| uses: ./.github/workflows/oss-release.yml | ||
| with: | ||
| gcr_release_registry: true | ||
| ecr_public_registry: false | ||
| dockerhub_public_registry: false | ||
| quay_public_registry: false | ||
| github_public_registry: false | ||
| source_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | ||
| target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | ||
| branch: "release-${{ needs.variables.outputs.short_tag }}" | ||
| dry_run: ${{ inputs.dry_run || false }} | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| secrets: inherit | ||
| release-oss-public: | ||
| name: Publish Docker OSS ${{ matrix.tag }} to Public Registries | ||
| needs: [variables, patch-images] | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| tag: | ||
| - "${{ needs.variables.outputs.tag }}" | ||
| - "${{ needs.variables.outputs.short_tag }}" | ||
| - "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | ||
| - "latest" | ||
| uses: ./.github/workflows/oss-release.yml | ||
| with: | ||
| gcr_release_registry: false | ||
| ecr_public_registry: true | ||
| dockerhub_public_registry: true | ||
| quay_public_registry: true | ||
| github_public_registry: true | ||
| source_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | ||
| target_tag: ${{ matrix.tag }} | ||
| branch: "release-${{ needs.variables.outputs.short_tag }}" | ||
| dry_run: ${{ inputs.dry_run || false }} | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| packages: write | ||
| secrets: inherit | ||
| release-plus-nginx-gcr: | ||
| name: Publish Docker Plus ${{ matrix.tag }} to NGINX & GCR Marketplace registries | ||
| needs: [variables, patch-images] | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| tag: | ||
| - "${{ needs.variables.outputs.tag }}" | ||
| - "${{ needs.variables.outputs.short_tag }}" | ||
| - "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | ||
| - "latest" | ||
| uses: ./.github/workflows/plus-release.yml | ||
| with: | ||
| nginx_registry: true | ||
| gcr_release_registry: false | ||
| gcr_mktpl_registry: true | ||
| ecr_mktpl_registry: false | ||
| az_mktpl_registry: false | ||
| source_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | ||
| target_tag: ${{ matrix.tag }} | ||
| branch: "release-${{ needs.variables.outputs.short_tag }}" | ||
| dry_run: ${{ inputs.dry_run || false }} | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| secrets: inherit | ||
| release-plus-azure-ecr-marketplace: | ||
| name: Publish Docker Plus ${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }} to Azure & ECR Marketplace registries | ||
| needs: [variables, patch-images] | ||
| uses: ./.github/workflows/plus-release.yml | ||
| with: | ||
| nginx_registry: false | ||
| gcr_release_registry: false | ||
| gcr_mktpl_registry: false | ||
| ecr_mktpl_registry: true | ||
| az_mktpl_registry: true | ||
| source_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | ||
| target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | ||
| branch: "release-${{ needs.variables.outputs.short_tag }}" | ||
| dry_run: ${{ inputs.dry_run || false }} | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| secrets: inherit | ||
| release-plus-internal: | ||
| name: Publish Docker Plus ${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }} to internal release Registries | ||
| needs: [variables, patch-images] | ||
| uses: ./.github/workflows/plus-release.yml | ||
| with: | ||
| nginx_registry: false | ||
| gcr_release_registry: true | ||
| gcr_mktpl_registry: false | ||
| ecr_mktpl_registry: false | ||
| az_mktpl_registry: false | ||
| source_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | ||
| target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" | ||
| branch: "release-${{ needs.variables.outputs.short_tag }}" | ||
| dry_run: ${{ inputs.dry_run || false }} | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| secrets: inherit | ||
| certify-openshift-images: | ||
| name: Certify OpenShift UBI images | ||
| runs-on: ubuntu-22.04 | ||
| needs: [variables, release-oss-public] | ||
| steps: | ||
| - name: Checkout Repository | ||
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | ||
| - name: Certify UBI OSS images in quay | ||
| uses: ./.github/actions/certify-openshift-image | ||
| with: | ||
| image: quay.io/nginx/nginx-ingress:${{ needs.variables.outputs.tag }}-ubi | ||
| project_id: ${{ secrets.CERTIFICATION_PROJECT_ID }} | ||
| pyxis_token: ${{ secrets.PYXIS_API_TOKEN }} | ||
| platforms: "" | ||
| if: ${{ ! inputs.dry_run || false }} | ||
