Update Docker Images #947
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Update Docker Images | |
on: | |
schedule: | |
- cron: "0 1 * * *" # run every day at 01:00 UTC | |
workflow_dispatch: | |
inputs: | |
force: | |
description: "Force update of all images" | |
required: false | |
default: "false" | |
defaults: | |
run: | |
shell: bash | |
concurrency: | |
group: ${{ github.ref_name }}-update | |
cancel-in-progress: true | |
permissions: | |
contents: read | |
jobs: | |
variables: | |
name: Get versions of base images | |
runs-on: ubuntu-22.04 | |
outputs: | |
kic-tag: ${{ steps.kic.outputs.tag }} | |
versions: ${{ steps.versions.outputs.matrix }} | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
- name: Set KIC version | |
id: kic | |
run: | | |
tag="$(git tag --sort=-version:refname | head -n1)" | |
echo "tag=${tag//v}" >> $GITHUB_OUTPUT | |
- name: Checkout Repository at ${{ steps.kic.outputs.tag }} | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
ref: refs/tags/v${{ steps.kic.outputs.tag }} | |
- name: Set NGINX versions | |
id: versions | |
run: | | |
nginx=library/$(grep -m1 "FROM nginx:" < build/Dockerfile | awk -F" " '{print $2}') | |
nginx_alpine=library/nginx:$(grep -m1 "FROM.*nginx:.*alpine" < build/Dockerfile | awk -F"[ :]" '{print $3}') | |
nginx_ubi=$(grep -m1 "FROM nginxcontrib/nginx:" < build/Dockerfile | awk -F" " '{print $2}') | |
echo "matrix=[{\"version\": \"${nginx}\", \"distro\": \"debian\"}, {\"version\": \"${nginx_alpine}\", \"distro\": \"alpine\"}, {\"version\": \"${nginx_ubi}\", \"distro\": \"ubi\"}]" >> $GITHUB_OUTPUT | |
check: | |
name: Check if updates are needed | |
runs-on: ubuntu-22.04 | |
needs: variables | |
outputs: | |
needs-updating-debian: ${{ steps.needs.outputs.debian }} | |
needs-updating-alpine: ${{ steps.needs.outputs.alpine }} | |
needs-updating-ubi: ${{ steps.needs.outputs.ubi }} | |
strategy: | |
matrix: | |
base_image: ${{ fromJson(needs.variables.outputs.versions) }} | |
steps: | |
- name: Build KIC tag | |
id: dist | |
run: | | |
if [ ${{ matrix.base_image.distro }} == "debian" ]; then dist=""; else dist="-${{ matrix.base_image.distro }}"; fi | |
echo "tag=${{ needs.variables.outputs.kic-tag }}${dist}" >> $GITHUB_OUTPUT | |
- name: Check if update available for ${{ matrix.base_image.version }} | |
id: update | |
uses: lucacome/docker-image-update-checker@f50d56412b948cfdbb842c5419372681e0db3df1 # v1.2.1 | |
with: | |
base-image: ${{ matrix.base_image.version}} | |
image: nginx/nginx-ingress:${{ steps.dist.outputs.tag }} | |
env: | |
DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }} | |
- id: needs | |
run: echo "${{ matrix.base_image.distro }}=${{ steps.update.outputs.needs-updating }}" >> $GITHUB_OUTPUT | |
binary: | |
if: ${{ needs.check.outputs.needs-updating-debian == 'true' || needs.check.outputs.needs-updating-alpine == 'true' || needs.check.outputs.needs-updating-ubi == 'true' || inputs.force == 'true' }} | |
name: Build binaries | |
runs-on: ubuntu-22.04 | |
needs: [check, variables] | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
ref: refs/tags/v${{ needs.variables.outputs.kic-tag }} | |
- name: Setup Golang Environment | |
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
with: | |
go-version-file: go.mod | |
- name: Determine GOPATH | |
id: go | |
run: echo "go_path=$(go env GOPATH)" >> $GITHUB_OUTPUT | |
- name: Build binaries | |
uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 | |
with: | |
version: latest | |
args: build --clean --id kubernetes-ingress | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GOPATH: ${{ steps.go.outputs.go_path }} | |
- name: Store Artifacts in Cache | |
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | |
with: | |
path: ${{ github.workspace }}/dist | |
key: nginx-ingress-${{ github.run_id }}-${{ github.run_number }} | |
release-docker-debian: | |
name: Release Debian Image | |
needs: [binary, check, variables] | |
uses: ./.github/workflows/build-oss.yml | |
with: | |
platforms: linux/arm,linux/arm64,linux/amd64,linux/ppc64le,linux/s390x | |
image: debian | |
tag: ${{ needs.variables.outputs.kic-tag }} | |
permissions: | |
contents: read | |
actions: read | |
security-events: write | |
id-token: write | |
packages: write | |
secrets: inherit | |
if: ${{ needs.check.outputs.needs-updating-debian == 'true' || inputs.force == 'true' }} | |
release-docker-alpine: | |
name: Release Alpine Image | |
needs: [binary, check, variables] | |
uses: ./.github/workflows/build-oss.yml | |
with: | |
platforms: linux/arm,linux/arm64,linux/amd64,linux/ppc64le,linux/s390x | |
image: alpine | |
tag: ${{ needs.variables.outputs.kic-tag }} | |
permissions: | |
contents: read | |
actions: read | |
security-events: write | |
id-token: write | |
packages: write | |
secrets: inherit | |
if: ${{ needs.check.outputs.needs-updating-alpine == 'true' || inputs.force == 'true' }} | |
release-docker-ubi: | |
name: Release UBI Image | |
needs: [binary, check, variables] | |
uses: ./.github/workflows/build-oss.yml | |
with: | |
platforms: linux/arm64,linux/amd64,linux/ppc64le,linux/s390x | |
image: ubi | |
tag: ${{ needs.variables.outputs.kic-tag }} | |
permissions: | |
contents: read | |
actions: read | |
security-events: write | |
id-token: write | |
packages: write | |
secrets: inherit | |
if: ${{ needs.check.outputs.needs-updating-ubi == 'true' || inputs.force == 'true' }} |