chore(patch): update nginx:1.27.0 docker digest to 05ab172 (#437) #1293
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Adapted from https://dev.to/cloudx/multi-arch-docker-images-the-easy-way-with-github-actions-4k54 | |
name: Build | |
on: | |
workflow_dispatch: | |
inputs: | |
scope: | |
required: true | |
type: choice | |
description: The version bump for all images | |
options: | |
- major | |
- minor | |
- patch | |
push: | |
branches: | |
- main | |
pull_request: | |
permissions: | |
packages: write | |
jobs: | |
generate-matrix: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
fetch-depth: 2 | |
- name: Get changed images | |
if: ${{ github.event_name != 'workflow_dispatch' }} | |
id: changed-files | |
uses: tj-actions/changed-files@6b2903bdce6310cfbddd87c418f253cf29b2dec9 # v44.5.6 | |
with: | |
path: images | |
dir_names: true | |
dir_names_max_depth: 1 | |
json: true | |
- name: Get all images | |
id: all-files | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
run: echo images=$(find images/ -mindepth 1 -maxdepth 1 -type d -printf '%f\n' | jq -R -s -c 'split("\n") | map(select(length > 0)) | tostring') >> $GITHUB_OUTPUT | |
- name: Set matrix | |
id: matrix | |
run: | | |
if [[ "${{ github.event_name }}" != "workflow_dispatch" ]]; then | |
echo matrix=${{ steps.changed-files.outputs.all_modified_files }} | |
echo matrix=${{ steps.changed-files.outputs.all_modified_files }} >> $GITHUB_OUTPUT | |
else | |
echo matrix=${{ steps.all-files.outputs.images }} | |
echo matrix=${{ steps.all-files.outputs.images }} >> $GITHUB_OUTPUT | |
fi | |
outputs: | |
matrix: ${{ steps.matrix.outputs.matrix }} | |
build: | |
runs-on: ubuntu-latest | |
needs: generate-matrix | |
if: ${{ needs.generate-matrix.outputs.matrix != '[]' }} | |
strategy: | |
fail-fast: false | |
matrix: | |
image: ${{ fromJson(needs.generate-matrix.outputs.matrix) }} | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
# This is needed to skip the job when an image is deleted | |
- name: Check if directory still exists | |
id: dir-check | |
run: | | |
if [ -d images/${{ matrix.image }} ]; then | |
echo exists=true >> $GITHUB_OUTPUT | |
else | |
echo exists=false >> $GITHUB_OUTPUT | |
fi | |
- name: Install semver tool | |
run: wget -O /usr/local/bin/semver https://raw.githubusercontent.com/fsaintjacques/semver-tool/3.4.0/src/semver && chmod +x /usr/local/bin/semver | |
- name: Set up QEMU | |
if: ${{ steps.dir-check.outputs.exists == 'true' }} | |
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 | |
- name: Set up Docker Buildx | |
if: ${{ steps.dir-check.outputs.exists == 'true' }} | |
id: buildx | |
uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # v3.5.0 | |
- name: Login to GHCR | |
if: github.event_name != 'pull_request' && steps.dir-check.outputs.exists == 'true' | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get most recent tag | |
id: tag | |
# Some of our older tags are "sha-${checksum}", so we need to ignore them | |
run: echo tag=$(skopeo list-tags "docker://ghcr.io/community-tooling/oci-images/${{ matrix.image }}" | jq -r '.Tags | sort | .[] | select(contains("sha-") | not)' | tail -n 1) >> $GITHUB_OUTPUT | |
- name: Get commit scope | |
id: commit-scope | |
env: | |
# Use the workflow_dispatch input on workflow_dispatch | |
SCOPE: ${{ github.event.inputs.scope }} | |
# Use the PR title if it exists since we use this as the commit message on squashing (only exists on PRs) | |
# Use the head_commit message on all other events (does not exist on workflow_dispatch) | |
MESSAGE: ${{ github.event.pull_request.title || github.event.head_commit.message }} | |
run: | | |
if [[ $SCOPE != "" ]]; then | |
echo "Running with workflow_dispatch, using input directly" | |
echo scope=$SCOPE >> $GITHUB_OUTPUT | |
exit 0 | |
fi | |
scope=$(echo $MESSAGE | head -n 1 | sed -E 's/^.*\(([a-z]+)\).*$/\1/g') | |
if [[ "$scope" =~ ^(major|minor|patch)$ ]]; then | |
echo scope=$scope >> $GITHUB_OUTPUT | |
else | |
echo "::error title=Invalid commit scope::The commit scope is not an allowed value, check the README section on versioning" | |
exit 1 | |
fi | |
- name: Generate tag | |
if: ${{ steps.dir-check.outputs.exists == 'true' }} | |
id: version | |
run: | | |
echo version="$(semver bump ${{ steps.commit-scope.outputs.scope }} ${{ steps.tag.outputs.tag }})" >> $GITHUB_OUTPUT | |
- name: Docker meta | |
if: ${{ steps.dir-check.outputs.exists == 'true' }} | |
id: meta | |
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | |
with: | |
flavor: | | |
latest=false | |
images: | | |
ghcr.io/community-tooling/oci-images/${{ matrix.image }} | |
tags: | | |
type=raw,value=${{ steps.version.outputs.version }} | |
- name: Build and push | |
if: ${{ steps.dir-check.outputs.exists == 'true' }} | |
uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0 | |
with: | |
context: images/${{ matrix.image }} | |
platforms: linux/amd64,linux/arm64 | |
push: ${{ github.event_name == 'workflow_dispatch' || github.ref == 'refs/heads/main' }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
# This is used so that we have one job that is successful once all the matrix builds are done | |
build-skip: | |
runs-on: ubuntu-latest | |
needs: generate-matrix | |
if: ${{ needs.generate-matrix.outputs.matrix == '[]' }} | |
steps: | |
- run: echo "No images changed, no build necessary" | |
# This is used so that we have one job that is successful once all the matrix builds are done | |
build-results: | |
if: ${{ always() }} | |
runs-on: ubuntu-latest | |
needs: [build, build-skip] | |
steps: | |
- run: exit 1 | |
# see https://stackoverflow.com/a/67532120/4907315 | |
if: >- | |
${{ | |
contains(needs.*.result, 'failure') | |
|| contains(needs.*.result, 'cancelled') | |
}} |