Check Dockerfile Base Image Updates and Validate with Image Digest #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check Dockerfile Base Image Updates | |
| on: | |
| schedule: | |
| - cron: '0 0 * * *' # Run daily | |
| workflow_dispatch: # Allows manual triggering of the workflow | |
| jobs: | |
| check-updates: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Check for base image updates | |
| id: check | |
| run: | | |
| # Read the current base image from the Dockerfile | |
| BASE_IMAGE=$(grep -oP 'FROM \K.*' Dockerfile) | |
| echo "Base image from Dockerfile: $BASE_IMAGE" | |
| IMAGE_NAME=$(echo $BASE_IMAGE | cut -d':' -f1) | |
| echo "Image name extracted: $IMAGE_NAME" | |
| CURRENT_TAG=$(echo $BASE_IMAGE | cut -d':' -f2) | |
| echo "Current tag extracted: $CURRENT_TAG" | |
| # Fetch tags from Docker Hub | |
| TAGS_JSON=$(wget -q https://registry.hub.docker.com/v1/repositories/$IMAGE_NAME/tags -O -) | |
| echo "Tags fetched from Docker Hub: $TAGS_JSON" | |
| # Parse the tags and find the latest one | |
| LATEST_TAG=$(echo $TAGS_JSON | jq -r "[.[] | select(.name | test(\"^$CURRENT_TAG[.]\")) | .name] | max_by(split(\".\") | map(tonumber))") | |
| if [ -z "$LATEST_TAG" ]; then | |
| echo "No newer tags found for the image $IMAGE_NAME with the tag starting $CURRENT_TAG." | |
| echo "updated=false" >> $GITHUB_ENV | |
| else | |
| echo "A newer base image tag is available: $LATEST_TAG" | |
| sed -i "s|$BASE_IMAGE|$IMAGE_NAME:$LATEST_TAG|g" Dockerfile | |
| # Check the Dockerfile after sed operation | |
| echo "Dockerfile updated content:" | |
| cat Dockerfile | |
| # Use environment file to set the output | |
| echo "updated=true" >> $GITHUB_ENV | |
| echo "new_tag=$LATEST_TAG" >> $GITHUB_ENV | |
| fi | |
| - name: Commit and push if Dockerfile changed | |
| if: env.updated == 'true' | |
| run: | | |
| git config --global user.name 'github-actions' | |
| git config --global user.email 'github-actions@github.com' | |
| git add Dockerfile | |
| git commit -m " |