From 69591bdcb28fdb9fbcd4eabcf86baa529a389b92 Mon Sep 17 00:00:00 2001 From: Adrian Dvergsdal Date: Sat, 13 Jul 2024 21:49:39 +0200 Subject: [PATCH] Refactor build workflow and add check for update --- .github/actions/build-image/action.yml | 87 ++++++++++++++++++++++++++ .github/workflows/build.yml | 87 ++++++++------------------ 2 files changed, 113 insertions(+), 61 deletions(-) create mode 100644 .github/actions/build-image/action.yml diff --git a/.github/actions/build-image/action.yml b/.github/actions/build-image/action.yml new file mode 100644 index 00000000..0fef0647 --- /dev/null +++ b/.github/actions/build-image/action.yml @@ -0,0 +1,87 @@ +name: Push image +description: Push image to image repos +inputs: + image: + description: image to push + required: true + tag: + description: tag to push + required: true + update-check: + description: command to run on old image and check for updates + required: true + github-token: + description: token for pushing image to GitHub + required: true + dockerhub-username: + description: username for pushing image to Docker Hub + required: true + dockerhub-password: + description: password for pushing image to Docker Hub + required: true +runs: + using: "composite" + steps: + - name: Check for changes or updates + id: changes + shell: bash + run: | + latest_tag="docker.pkg.github.com/${{ inputs.image }}/${{ inputs.tag }}" + echo "${{ inputs.github-token }}" | docker login docker.pkg.github.com \ + -u ${{ github.actor }} --password-stdin + docker pull "$latest_tag" + docker logout docker.pkg.github.com + packages="$(docker run --rm "$latest_tag" sh -c "${{ inputs.update-check }}")" + echo "$packages" + + revision="$(docker image inspect --format \ + '{{index .Labels "org.opencontainers.image.revision"}}' \ + "$latest_tag")" + echo "$revision" + + if [ "$revision" != "$GITHUB_SHA" ] || [ "${#packages}" -gt 0 ]; then + echo "Changes detected" + echo "::set-output name=detected::true" + else + echo "No change detected" + echo "::set-output name=detected::false" + fi + + - name: Build image + if: steps.changes.outputs.detected == 'true' + shell: bash + run: | + docker build . \ + --pull=true \ + --file=Dockerfile-alpine \ + --tag="${{ inputs.image }}:${{ inputs.tag }}" \ + --label="org.opencontainers.image.source=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \ + --label="org.opencontainers.image.revision=$GITHUB_SHA" \ + --label="org.opencontainers.image.created=$(date --rfc-3339=seconds)" + + - name: Test image + if: steps.changes.outputs.detected == 'true' + shell: bash + run: tests/run "${{ inputs.image }}:${{ inputs.tag }}" + + - name: Push image to GitHub registry + if: steps.changes.outputs.detected == 'true' + shell: bash + run: | + echo "${{ inputs.github-token }}" | docker login docker.pkg.github.com \ + -u ${{ github.actor }} --password-stdin + + github_tag=docker.pkg.github.com/${{ inputs.image }}/${{ inputs.tag }} + docker tag "${{ inputs.image }}:${{ inputs.tag }}" $github_tag + docker push "$github_tag" + docker logout docker.pkg.github.com + + - name: Push images to Docker Hub registry + if: steps.changes.outputs.detected == 'true' + shell: bash + run: | + echo "${{ inputs.dockerhub-password }}" | docker login \ + -u ${{ inputs.dockerhub-username }} --password-stdin + + docker push "${{ inputs.image }}:${{ inputs.tag }}" + docker logout diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cafe9165..f4d6008e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -10,77 +10,42 @@ on: - "*.png" pull_request: -env: - IMAGE_NAME: atmoz/sftp - jobs: - build: + build-images: runs-on: ubuntu-latest - steps: - uses: actions/checkout@v2 with: - fetch-depth: 0 # for proper signature verification submodules: true # for shunit2 - - - name: Run ShellCheck - uses: ludeeus/action-shellcheck@master - with: - ignore_paths: tests/shunit2 - - - name: Build debian image - run: | - docker build . \ - --pull=true \ - --file=Dockerfile \ - --tag="$IMAGE_NAME:latest" \ - --tag="$IMAGE_NAME:debian" \ - --label="org.opencontainers.image.source=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \ - --label="org.opencontainers.image.revision=$GITHUB_SHA" \ - --label="org.opencontainers.image.created=$(date --rfc-3339=seconds)" - - - name: Test debian image - run: tests/run $IMAGE_NAME:debian - - - name: Build alpine image - run: | - docker build . \ - --pull=true \ - --file=Dockerfile-alpine \ - --tag="$IMAGE_NAME:alpine" \ - --label="org.opencontainers.image.source=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \ - --label="org.opencontainers.image.revision=$GITHUB_SHA" \ - --label="org.opencontainers.image.created=$(date --rfc-3339=seconds)" - - - name: Test alpine image - run: tests/run $IMAGE_NAME:alpine + fetch-depth: 0 # for proper signature verification - name: Verify signature - if: github.ref == 'refs/heads/master' + if: github.repository == 'atmoz/sftp' uses: atmoz/git-verify-ref@master with: import-github-users: atmoz - - name: Push images to Docker Hub registry - if: github.ref == 'refs/heads/master' - run: | - echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login \ - -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin - - docker push --all-tags $IMAGE_NAME - docker logout - - - name: Push images to GitHub registry - if: github.ref == 'refs/heads/master' - run: | - echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com \ - -u ${{ github.actor }} --password-stdin - - TAG_DEBIAN=docker.pkg.github.com/$GITHUB_REPOSITORY/debian - TAG_ALPINE=docker.pkg.github.com/$GITHUB_REPOSITORY/alpine - docker tag $IMAGE_NAME:debian $TAG_DEBIAN - docker tag $IMAGE_NAME:alpine $TAG_ALPINE - docker push $TAG_DEBIAN - docker push $TAG_ALPINE - docker logout docker.pkg.github.com + - name: Run ShellCheck + uses: ludeeus/action-shellcheck@master + with: + ignore_paths: tests/shunit2 + - name: alpine + uses: ./.github/actions/build-image + with: + image: $GITHUB_REPOSITORY + tag: alpine + update-check: apk update &>/dev/null && apk version -q -l '>' + github-token: ${{ secrets.GITHUB_TOKEN }} + dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} + dockerhub-password: ${{ secrets.DOCKER_HUB_PASSWORD }} + + - name: debian + uses: ./.github/actions/build-image + with: + image: $GITHUB_REPOSITORY + tag: debian + update-check: apt-get update &>/dev/null && apt-get upgrade -s | grep ^Inst + github-token: ${{ secrets.GITHUB_TOKEN }} + dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} + dockerhub-password: ${{ secrets.DOCKER_HUB_PASSWORD }}