Skip to content

Update Docker Images #1040

Update Docker Images

Update Docker Images #1040

name: Update Docker Images
on:
schedule:
- cron: "0 1 * * *" # run every day at 01:00 UTC
workflow_dispatch:
inputs:
force:
description: "Force update of all images"
required: false
default: "false"
defaults:
run:
shell: bash
concurrency:
group: ${{ github.ref_name }}-update
cancel-in-progress: true
permissions:
contents: read
jobs:
variables:
name: Get versions of base images
runs-on: ubuntu-22.04
outputs:
kic-tag: ${{ steps.kic.outputs.tag }}
versions: ${{ steps.versions.outputs.matrix }}
go-md5: ${{ steps.md5.outputs.go_code_md5 }}
binary-cache-hit: ${{ steps.binary-cache.outputs.cache-hit }}
base-image-md5: ${{ steps.md5.outputs.docker_md5 }}
steps:
- name: Checkout Repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
fetch-depth: 0
- name: Set KIC version
id: kic
run: |
tag="$(git tag --sort=-version:refname | head -n1)"
echo "tag=${tag//v}" >> $GITHUB_OUTPUT
- name: Checkout Repository at ${{ steps.kic.outputs.tag }}
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
ref: refs/tags/v${{ steps.kic.outputs.tag }}
- name: Set NGINX versions
id: versions
run: |
nginx=library/$(grep -E "FROM nginx.*debian" < build/Dockerfile | awk -F" " '{print $2}' | cut -d '@' -f 1)
nginx_alpine=library/$(grep -E "FROM nginx.*alpine" < build/Dockerfile | awk -F" " '{print $2}' | cut -d '@' -f 1)
nginx_ubi=$(grep -m1 "FROM nginx.*ubi" < build/Dockerfile | awk -F" " '{print $2}' | cut -d '@' -f 1)
echo "matrix=[{\"version\": \"${nginx}\", \"distro\": \"debian\"}, {\"version\": \"${nginx_alpine}\", \"distro\": \"alpine\"}, {\"version\": \"${nginx_ubi}\", \"distro\": \"ubi\"}]" >> $GITHUB_OUTPUT
- name: Set Go MD5sums
id: md5
run: |
./.github/scripts/variables.sh go_code_md5 >> $GITHUB_OUTPUT
./.github/scripts/variables.sh docker_md5 >> $GITHUB_OUTPUT
- name: Fetch Cached Binary Artifacts
id: binary-cache
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: ${{ github.workspace }}/dist
key: nginx-ingress-${{ steps.md5.outputs.go_code_md5 }}
lookup-only: true
check:
name: Check if updates are needed
runs-on: ubuntu-22.04
needs: variables
outputs:
needs-updating-debian: ${{ steps.needs.outputs.debian }}
needs-updating-alpine: ${{ steps.needs.outputs.alpine }}
needs-updating-ubi: ${{ steps.needs.outputs.ubi }}
strategy:
matrix:
base_image: ${{ fromJson(needs.variables.outputs.versions) }}
steps:
- name: Build KIC tag
id: dist
run: |
if [ ${{ matrix.base_image.distro }} == "debian" ]; then dist=""; else dist="-${{ matrix.base_image.distro }}"; fi
echo "tag=${{ needs.variables.outputs.kic-tag }}${dist}" >> $GITHUB_OUTPUT
- name: Check if update available for ${{ matrix.base_image.version }}
id: update
uses: lucacome/docker-image-update-checker@f50d56412b948cfdbb842c5419372681e0db3df1 # v1.2.1
with:
base-image: ${{ matrix.base_image.version}}
image: nginx/nginx-ingress:${{ steps.dist.outputs.tag }}
env:
DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
- id: needs
run: echo "${{ matrix.base_image.distro }}=${{ steps.update.outputs.needs-updating }}" >> $GITHUB_OUTPUT
binary:
if: ${{ needs.check.outputs.needs-updating-debian == 'true' || needs.check.outputs.needs-updating-alpine == 'true' || needs.check.outputs.needs-updating-ubi == 'true' || inputs.force == 'true' }}
name: Build binaries
runs-on: ubuntu-22.04
needs: [check, variables]
steps:
- name: Checkout Repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
fetch-depth: 0
ref: refs/tags/v${{ needs.variables.outputs.kic-tag }}
- name: Setup Golang Environment
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version-file: go.mod
- name: Determine GOPATH
id: go
run: echo "go_path=$(go env GOPATH)" >> $GITHUB_OUTPUT
- name: Build binaries
uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
with:
version: latest
args: build --clean --id kubernetes-ingress
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GOPATH: ${{ steps.go.outputs.go_path }}
if: ${{ needs.variables.outputs.binary-cache-hit != 'true' }}
- name: Store Artifacts in Cache
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: ${{ github.workspace }}/dist
key: nginx-ingress-${{ needs.variables.outputs.go-md5 }}
if: ${{ needs.variables.outputs.binary-cache-hit != 'true' }}
release-docker-debian:
name: Release Debian Image
needs: [binary, check, variables]
uses: ./.github/workflows/build-oss.yml
with:
platforms: linux/arm,linux/arm64,linux/amd64,linux/ppc64le,linux/s390x
image: debian
tag: ${{ needs.variables.outputs.kic-tag }}
go-md5: ${{ needs.variables.outputs.go-md5 }}
base-image-md5: ${{ needs.variables.outputs.base-image-md5 }}
permissions:
contents: read
actions: read
security-events: write
id-token: write
packages: write
secrets: inherit
if: ${{ needs.check.outputs.needs-updating-debian == 'true' || inputs.force == 'true' }}
release-docker-alpine:
name: Release Alpine Image
needs: [binary, check, variables]
uses: ./.github/workflows/build-oss.yml
with:
platforms: linux/arm,linux/arm64,linux/amd64,linux/ppc64le,linux/s390x
image: alpine
tag: ${{ needs.variables.outputs.kic-tag }}
go-md5: ${{ needs.variables.outputs.go-md5 }}
base-image-md5: ${{ needs.variables.outputs.base-image-md5 }}
permissions:
contents: read
actions: read
security-events: write
id-token: write
packages: write
secrets: inherit
if: ${{ needs.check.outputs.needs-updating-alpine == 'true' || inputs.force == 'true' }}
release-docker-ubi:
name: Release UBI Image
needs: [binary, check, variables]
uses: ./.github/workflows/build-oss.yml
with:
platforms: linux/arm64,linux/amd64,linux/ppc64le,linux/s390x
image: ubi
tag: ${{ needs.variables.outputs.kic-tag }}
go-md5: ${{ needs.variables.outputs.go-md5 }}
base-image-md5: ${{ needs.variables.outputs.base-image-md5 }}
permissions:
contents: read
actions: read
security-events: write
id-token: write
packages: write
secrets: inherit
if: ${{ needs.check.outputs.needs-updating-ubi == 'true' || inputs.force == 'true' }}