Skip to content

chore(patch): update nginx:1.27.0 docker digest to cfe5f9a (#450) #1322

chore(patch): update nginx:1.27.0 docker digest to cfe5f9a (#450)

chore(patch): update nginx:1.27.0 docker digest to cfe5f9a (#450) #1322

Workflow file for this run

# Adapted from https://dev.to/cloudx/multi-arch-docker-images-the-easy-way-with-github-actions-4k54
name: Build
on:
workflow_dispatch:
inputs:
scope:
required: true
type: choice
description: The version bump for all images
options:
- major
- minor
- patch
push:
branches:
- main
pull_request:
permissions:
packages: write
jobs:
generate-matrix:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 2
- name: Get changed images
if: ${{ github.event_name != 'workflow_dispatch' }}
id: changed-files
uses: tj-actions/changed-files@c65cd883420fd2eb864698a825fc4162dd94482c # v44.5.7
with:
path: images
dir_names: true
dir_names_max_depth: 1
json: true
- name: Get all images
id: all-files
if: ${{ github.event_name == 'workflow_dispatch' }}
run: echo images=$(find images/ -mindepth 1 -maxdepth 1 -type d -printf '%f\n' | jq -R -s -c 'split("\n") | map(select(length > 0)) | tostring') >> $GITHUB_OUTPUT
- name: Set matrix
id: matrix
run: |
if [[ "${{ github.event_name }}" != "workflow_dispatch" ]]; then
echo matrix=${{ steps.changed-files.outputs.all_modified_files }}
echo matrix=${{ steps.changed-files.outputs.all_modified_files }} >> $GITHUB_OUTPUT
else
echo matrix=${{ steps.all-files.outputs.images }}
echo matrix=${{ steps.all-files.outputs.images }} >> $GITHUB_OUTPUT
fi
outputs:
matrix: ${{ steps.matrix.outputs.matrix }}
build:
runs-on: ubuntu-latest
needs: generate-matrix
if: ${{ needs.generate-matrix.outputs.matrix != '[]' }}
strategy:
fail-fast: false
matrix:
image: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
# This is needed to skip the job when an image is deleted
- name: Check if directory still exists
id: dir-check
run: |
if [ -d images/${{ matrix.image }} ]; then
echo exists=true >> $GITHUB_OUTPUT
else
echo exists=false >> $GITHUB_OUTPUT
fi
- name: Install semver tool
run: wget -O /usr/local/bin/semver https://raw.githubusercontent.com/fsaintjacques/semver-tool/3.4.0/src/semver && chmod +x /usr/local/bin/semver
- name: Set up QEMU
if: ${{ steps.dir-check.outputs.exists == 'true' }}
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Set up Docker Buildx
if: ${{ steps.dir-check.outputs.exists == 'true' }}
id: buildx
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
- name: Login to GHCR
if: github.event_name != 'pull_request' && steps.dir-check.outputs.exists == 'true'
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Get most recent tag
id: tag
# Some of our older tags are "sha-${checksum}", so we need to ignore them
run: echo tag=$(skopeo list-tags "docker://ghcr.io/community-tooling/oci-images/${{ matrix.image }}" | jq -r '.Tags | sort | .[] | select(contains("sha-") | not)' | tail -n 1) >> $GITHUB_OUTPUT
- name: Get commit scope
id: commit-scope
env:
# Use the workflow_dispatch input on workflow_dispatch
SCOPE: ${{ github.event.inputs.scope }}
# Use the PR title if it exists since we use this as the commit message on squashing (only exists on PRs)
# Use the head_commit message on all other events (does not exist on workflow_dispatch)
MESSAGE: ${{ github.event.pull_request.title || github.event.head_commit.message }}
run: |
if [[ $SCOPE != "" ]]; then
echo "Running with workflow_dispatch, using input directly"
echo scope=$SCOPE >> $GITHUB_OUTPUT
exit 0
fi
scope=$(echo $MESSAGE | head -n 1 | sed -E 's/^.*\(([a-z]+)\).*$/\1/g')
if [[ "$scope" =~ ^(major|minor|patch)$ ]]; then
echo scope=$scope >> $GITHUB_OUTPUT
else
echo "::error title=Invalid commit scope::The commit scope is not an allowed value, check the README section on versioning"
exit 1
fi
- name: Generate tag
if: ${{ steps.dir-check.outputs.exists == 'true' }}
id: version
run: |
echo version="$(semver bump ${{ steps.commit-scope.outputs.scope }} ${{ steps.tag.outputs.tag }})" >> $GITHUB_OUTPUT
- name: Docker meta
if: ${{ steps.dir-check.outputs.exists == 'true' }}
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
flavor: |
latest=false
images: |
ghcr.io/community-tooling/oci-images/${{ matrix.image }}
tags: |
type=raw,value=${{ steps.version.outputs.version }}
- name: Build and push
if: ${{ steps.dir-check.outputs.exists == 'true' }}
uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 # v6.6.1
with:
context: images/${{ matrix.image }}
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name == 'workflow_dispatch' || github.ref == 'refs/heads/main' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
# This is used so that we have one job that is successful once all the matrix builds are done
build-skip:
runs-on: ubuntu-latest
needs: generate-matrix
if: ${{ needs.generate-matrix.outputs.matrix == '[]' }}
steps:
- run: echo "No images changed, no build necessary"
# This is used so that we have one job that is successful once all the matrix builds are done
build-results:
if: ${{ always() }}
runs-on: ubuntu-latest
needs: [build, build-skip]
steps:
- run: exit 1
# see https://stackoverflow.com/a/67532120/4907315
if: >-
${{
contains(needs.*.result, 'failure')
|| contains(needs.*.result, 'cancelled')
}}