Update Docker Images #972
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update Docker Images | |
| on: | |
| schedule: | |
| - cron: "0 1 * * *" # run every day at 01:00 UTC | |
| workflow_dispatch: | |
| inputs: | |
| force: | |
| description: "Force update of all images" | |
| required: false | |
| default: "false" | |
| defaults: | |
| run: | |
| shell: bash | |
| concurrency: | |
| group: ${{ github.ref_name }}-update | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| jobs: | |
| variables: | |
| name: Get versions of base images | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| kic-tag: ${{ steps.kic.outputs.tag }} | |
| versions: ${{ steps.versions.outputs.matrix }} | |
| go-md5: ${{ steps.md5.outputs.go_code_md5 }} | |
| binary-cache-hit: ${{ steps.binary-cache.outputs.cache-hit }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set KIC version | |
| id: kic | |
| run: | | |
| tag="$(git tag --sort=-version:refname | head -n1)" | |
| echo "tag=${tag//v}" >> $GITHUB_OUTPUT | |
| - name: Checkout Repository at ${{ steps.kic.outputs.tag }} | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| ref: refs/tags/v${{ steps.kic.outputs.tag }} | |
| - name: Set NGINX versions | |
| id: versions | |
| run: | | |
| nginx=library/$(grep -E "FROM nginx.*debian" < build/Dockerfile | awk -F" " '{print $2}') | |
| nginx_alpine=library/$(grep -E "FROM nginx.*alpine" < build/Dockerfile | awk -F" " '{print $2}') | |
| nginx_ubi=$(grep -m1 "FROM nginx.*ubi" < build/Dockerfile | awk -F" " '{print $2}') | |
| echo "matrix=[{\"version\": \"${nginx}\", \"distro\": \"debian\"}, {\"version\": \"${nginx_alpine}\", \"distro\": \"alpine\"}, {\"version\": \"${nginx_ubi}\", \"distro\": \"ubi\"}]" >> $GITHUB_OUTPUT | |
| - name: Set Go MD5sums | |
| id: md5 | |
| run: echo go_code_md5=$(find . -type f \( -name "*.go" -o -name go.mod -o -name go.sum -o -name "*.tmpl" \) -not -path "./docs*" -exec md5sum {} + | LC_ALL=C sort | md5sum | awk '{ print $1 }') >> $GITHUB_OUTPUT | |
| - name: Fetch Cached Binary Artifacts | |
| id: binary-cache | |
| uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 | |
| with: | |
| path: ${{ github.workspace }}/dist | |
| key: nginx-ingress-${{ steps.md5.outputs.go_code_md5 }} | |
| lookup-only: true | |
| check: | |
| name: Check if updates are needed | |
| runs-on: ubuntu-22.04 | |
| needs: variables | |
| outputs: | |
| needs-updating-debian: ${{ steps.needs.outputs.debian }} | |
| needs-updating-alpine: ${{ steps.needs.outputs.alpine }} | |
| needs-updating-ubi: ${{ steps.needs.outputs.ubi }} | |
| strategy: | |
| matrix: | |
| base_image: ${{ fromJson(needs.variables.outputs.versions) }} | |
| steps: | |
| - name: Build KIC tag | |
| id: dist | |
| run: | | |
| if [ ${{ matrix.base_image.distro }} == "debian" ]; then dist=""; else dist="-${{ matrix.base_image.distro }}"; fi | |
| echo "tag=${{ needs.variables.outputs.kic-tag }}${dist}" >> $GITHUB_OUTPUT | |
| - name: Check if update available for ${{ matrix.base_image.version }} | |
| id: update | |
| uses: lucacome/docker-image-update-checker@f50d56412b948cfdbb842c5419372681e0db3df1 # v1.2.1 | |
| with: | |
| base-image: ${{ matrix.base_image.version}} | |
| image: nginx/nginx-ingress:${{ steps.dist.outputs.tag }} | |
| env: | |
| DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }} | |
| - id: needs | |
| run: echo "${{ matrix.base_image.distro }}=${{ steps.update.outputs.needs-updating }}" >> $GITHUB_OUTPUT | |
| binary: | |
| if: ${{ needs.check.outputs.needs-updating-debian == 'true' || needs.check.outputs.needs-updating-alpine == 'true' || needs.check.outputs.needs-updating-ubi == 'true' || inputs.force == 'true' }} | |
| name: Build binaries | |
| runs-on: ubuntu-22.04 | |
| needs: [check, variables] | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| fetch-depth: 0 | |
| ref: refs/tags/v${{ needs.variables.outputs.kic-tag }} | |
| - name: Setup Golang Environment | |
| uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
| with: | |
| go-version-file: go.mod | |
| - name: Determine GOPATH | |
| id: go | |
| run: echo "go_path=$(go env GOPATH)" >> $GITHUB_OUTPUT | |
| - name: Build binaries | |
| uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 | |
| with: | |
| version: latest | |
| args: build --clean --id kubernetes-ingress | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GOPATH: ${{ steps.go.outputs.go_path }} | |
| if: ${{ needs.variables.outputs.binary-cache-hit != 'true' }} | |
| - name: Store Artifacts in Cache | |
| uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 | |
| with: | |
| path: ${{ github.workspace }}/dist | |
| key: nginx-ingress-${{ needs.variables.outputs.go-md5 }} | |
| if: ${{ needs.variables.outputs.binary-cache-hit != 'true' }} | |
| release-docker-debian: | |
| name: Release Debian Image | |
| needs: [binary, check, variables] | |
| uses: ./.github/workflows/build-oss.yml | |
| with: | |
| platforms: linux/arm,linux/arm64,linux/amd64,linux/ppc64le,linux/s390x | |
| image: debian | |
| tag: ${{ needs.variables.outputs.kic-tag }} | |
| go-md5: ${{ needs.variables.outputs.go-md5 }} | |
| permissions: | |
| contents: read | |
| actions: read | |
| security-events: write | |
| id-token: write | |
| packages: write | |
| secrets: inherit | |
| if: ${{ needs.check.outputs.needs-updating-debian == 'true' || inputs.force == 'true' }} | |
| release-docker-alpine: | |
| name: Release Alpine Image | |
| needs: [binary, check, variables] | |
| uses: ./.github/workflows/build-oss.yml | |
| with: | |
| platforms: linux/arm,linux/arm64,linux/amd64,linux/ppc64le,linux/s390x | |
| image: alpine | |
| tag: ${{ needs.variables.outputs.kic-tag }} | |
| go-md5: ${{ needs.variables.outputs.go-md5 }} | |
| permissions: | |
| contents: read | |
| actions: read | |
| security-events: write | |
| id-token: write | |
| packages: write | |
| secrets: inherit | |
| if: ${{ needs.check.outputs.needs-updating-alpine == 'true' || inputs.force == 'true' }} | |
| release-docker-ubi: | |
| name: Release UBI Image | |
| needs: [binary, check, variables] | |
| uses: ./.github/workflows/build-oss.yml | |
| with: | |
| platforms: linux/arm64,linux/amd64,linux/ppc64le,linux/s390x | |
| image: ubi | |
| tag: ${{ needs.variables.outputs.kic-tag }} | |
| go-md5: ${{ needs.variables.outputs.go-md5 }} | |
| permissions: | |
| contents: read | |
| actions: read | |
| security-events: write | |
| id-token: write | |
| packages: write | |
| secrets: inherit | |
| if: ${{ needs.check.outputs.needs-updating-ubi == 'true' || inputs.force == 'true' }} |