-
Notifications
You must be signed in to change notification settings - Fork 2k
190 lines (169 loc) · 6.77 KB
/
update-docker-images.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
name: Update Docker Images
on:
schedule:
- cron: "0 1 * * *" # run every day at 01:00 UTC
workflow_dispatch:
inputs:
force:
description: "Force update of all images"
required: false
default: "false"
defaults:
run:
shell: bash
concurrency:
group: ${{ github.ref_name }}-update
cancel-in-progress: true
permissions:
contents: read
jobs:
variables:
name: Get versions of base images
runs-on: ubuntu-22.04
outputs:
kic-tag: ${{ steps.kic.outputs.tag }}
versions: ${{ steps.versions.outputs.matrix }}
go-md5: ${{ steps.md5.outputs.go_code_md5 }}
binary-cache-hit: ${{ steps.binary-cache.outputs.cache-hit }}
steps:
- name: Checkout Repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Set KIC version
id: kic
run: |
tag="$(git tag --sort=-version:refname | head -n1)"
echo "tag=${tag//v}" >> $GITHUB_OUTPUT
- name: Checkout Repository at ${{ steps.kic.outputs.tag }}
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: refs/tags/v${{ steps.kic.outputs.tag }}
- name: Set NGINX versions
id: versions
run: |
nginx=library/$(grep -E "FROM nginx.*debian" < build/Dockerfile | awk -F" " '{print $2}' | cut -d '@' -f 1)
nginx_alpine=library/$(grep -E "FROM nginx.*alpine" < build/Dockerfile | awk -F" " '{print $2}' | cut -d '@' -f 1)
nginx_ubi=$(grep -m1 "FROM nginx.*ubi" < build/Dockerfile | awk -F" " '{print $2}' | cut -d '@' -f 1)
echo "matrix=[{\"version\": \"${nginx}\", \"distro\": \"debian\"}, {\"version\": \"${nginx_alpine}\", \"distro\": \"alpine\"}, {\"version\": \"${nginx_ubi}\", \"distro\": \"ubi\"}]" >> $GITHUB_OUTPUT
- name: Set Go MD5sums
id: md5
run: echo go_code_md5=$(find . -type f \( -name "*.go" -o -name go.mod -o -name go.sum -o -name "*.tmpl" \) -not -path "./docs*" -exec md5sum {} + | LC_ALL=C sort | md5sum | awk '{ print $1 }') >> $GITHUB_OUTPUT
- name: Fetch Cached Binary Artifacts
id: binary-cache
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with:
path: ${{ github.workspace }}/dist
key: nginx-ingress-${{ steps.md5.outputs.go_code_md5 }}
lookup-only: true
check:
name: Check if updates are needed
runs-on: ubuntu-22.04
needs: variables
outputs:
needs-updating-debian: ${{ steps.needs.outputs.debian }}
needs-updating-alpine: ${{ steps.needs.outputs.alpine }}
needs-updating-ubi: ${{ steps.needs.outputs.ubi }}
strategy:
matrix:
base_image: ${{ fromJson(needs.variables.outputs.versions) }}
steps:
- name: Build KIC tag
id: dist
run: |
if [ ${{ matrix.base_image.distro }} == "debian" ]; then dist=""; else dist="-${{ matrix.base_image.distro }}"; fi
echo "tag=${{ needs.variables.outputs.kic-tag }}${dist}" >> $GITHUB_OUTPUT
- name: Check if update available for ${{ matrix.base_image.version }}
id: update
uses: lucacome/docker-image-update-checker@f50d56412b948cfdbb842c5419372681e0db3df1 # v1.2.1
with:
base-image: ${{ matrix.base_image.version}}
image: nginx/nginx-ingress:${{ steps.dist.outputs.tag }}
env:
DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
- id: needs
run: echo "${{ matrix.base_image.distro }}=${{ steps.update.outputs.needs-updating }}" >> $GITHUB_OUTPUT
binary:
if: ${{ needs.check.outputs.needs-updating-debian == 'true' || needs.check.outputs.needs-updating-alpine == 'true' || needs.check.outputs.needs-updating-ubi == 'true' || inputs.force == 'true' }}
name: Build binaries
runs-on: ubuntu-22.04
needs: [check, variables]
steps:
- name: Checkout Repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
ref: refs/tags/v${{ needs.variables.outputs.kic-tag }}
- name: Setup Golang Environment
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version-file: go.mod
- name: Determine GOPATH
id: go
run: echo "go_path=$(go env GOPATH)" >> $GITHUB_OUTPUT
- name: Build binaries
uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
with:
version: latest
args: build --clean --id kubernetes-ingress
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GOPATH: ${{ steps.go.outputs.go_path }}
if: ${{ needs.variables.outputs.binary-cache-hit != 'true' }}
- name: Store Artifacts in Cache
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with:
path: ${{ github.workspace }}/dist
key: nginx-ingress-${{ needs.variables.outputs.go-md5 }}
if: ${{ needs.variables.outputs.binary-cache-hit != 'true' }}
release-docker-debian:
name: Release Debian Image
needs: [binary, check, variables]
uses: ./.github/workflows/build-oss.yml
with:
platforms: linux/arm,linux/arm64,linux/amd64,linux/ppc64le,linux/s390x
image: debian
tag: ${{ needs.variables.outputs.kic-tag }}
go-md5: ${{ needs.variables.outputs.go-md5 }}
permissions:
contents: read
actions: read
security-events: write
id-token: write
packages: write
secrets: inherit
if: ${{ needs.check.outputs.needs-updating-debian == 'true' || inputs.force == 'true' }}
release-docker-alpine:
name: Release Alpine Image
needs: [binary, check, variables]
uses: ./.github/workflows/build-oss.yml
with:
platforms: linux/arm,linux/arm64,linux/amd64,linux/ppc64le,linux/s390x
image: alpine
tag: ${{ needs.variables.outputs.kic-tag }}
go-md5: ${{ needs.variables.outputs.go-md5 }}
permissions:
contents: read
actions: read
security-events: write
id-token: write
packages: write
secrets: inherit
if: ${{ needs.check.outputs.needs-updating-alpine == 'true' || inputs.force == 'true' }}
release-docker-ubi:
name: Release UBI Image
needs: [binary, check, variables]
uses: ./.github/workflows/build-oss.yml
with:
platforms: linux/arm64,linux/amd64,linux/ppc64le,linux/s390x
image: ubi
tag: ${{ needs.variables.outputs.kic-tag }}
go-md5: ${{ needs.variables.outputs.go-md5 }}
permissions:
contents: read
actions: read
security-events: write
id-token: write
packages: write
secrets: inherit
if: ${{ needs.check.outputs.needs-updating-ubi == 'true' || inputs.force == 'true' }}