From 883e655082216adafb5967b3eb899a106c1b4046 Mon Sep 17 00:00:00 2001
From: Adrian Dvergsdal <github.com@konto.atmoz.no>
Date: Sat, 13 Jul 2024 21:49:39 +0200
Subject: [PATCH] Refactor build workflow and add check for update

---
 .github/actions/build-image/action.yml | 89 ++++++++++++++++++++++++++
 .github/workflows/build.yml            | 87 ++++++++-----------------
 2 files changed, 115 insertions(+), 61 deletions(-)
 create mode 100644 .github/actions/build-image/action.yml

diff --git a/.github/actions/build-image/action.yml b/.github/actions/build-image/action.yml
new file mode 100644
index 00000000..8f3f5390
--- /dev/null
+++ b/.github/actions/build-image/action.yml
@@ -0,0 +1,89 @@
+name: Push image
+description: Push image to image repos
+inputs:
+  image:
+    description: image to push
+    required: true
+  tag:
+    description: tag to push
+    required: true
+  update-check:
+    description: command to run on old image and check for updates
+    required: true
+  github-token:
+    description: token for pushing image to GitHub
+    required: true
+  dockerhub-username:
+    description: username for pushing image to Docker Hub
+    required: true
+  dockerhub-password:
+    description: password for pushing image to Docker Hub
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - name: Check for changes or updates
+      id: changes
+      shell: bash
+      run: |
+        latest_tag="docker.pkg.github.com/${{ inputs.image }}/${{ inputs.tag }}"
+        echo "${{ inputs.github-token }}" | docker login docker.pkg.github.com \
+          -u ${{ github.actor }} --password-stdin
+        docker pull "$latest_tag"
+        docker logout docker.pkg.github.com
+        packages="$(docker run --rm "$latest_tag" sh -c "${{ inputs.update-check }}")"
+        echo "$packages"
+
+        revision="$(docker image inspect --format \
+          '{{index .Config.Labels "org.opencontainers.image.revision"}}' \
+          "$latest_tag")"
+        echo "$revision"
+
+        if [ "$revision" != "$GITHUB_SHA" ] || [ "${#packages}" -gt 0 ]; then
+          echo "Changes detected"
+          echo "detected=true" >> "$GITHUB_OUTPUT"
+        else
+          echo "No change detected"
+          echo "detected=false" >> "$GITHUB_OUTPUT"
+        fi
+
+    - name: Build image
+      if: steps.changes.outputs.detected == 'true'
+      shell: bash
+      run: |
+        docker build . \
+          --pull=true \
+          --file=Dockerfile-alpine \
+          --tag="${{ inputs.image }}:${{ inputs.tag }}" \
+          --label="org.opencontainers.image.source=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \
+          --label="org.opencontainers.image.revision=$GITHUB_SHA" \
+          --label="org.opencontainers.image.created=$(date --rfc-3339=seconds)"
+
+    - name: Test image
+      if: steps.changes.outputs.detected == 'true'
+      shell: bash
+      run: tests/run "${{ inputs.image }}:${{ inputs.tag }}"
+
+    - name: Push image to GitHub registry
+      if: >
+        steps.changes.outputs.detected == 'true' &&
+        github.ref == 'refs/heads/master'
+      shell: bash
+      run: |
+        echo "${{ inputs.github-token }}" | docker login docker.pkg.github.com \
+          -u ${{ github.actor }} --password-stdin
+
+        github_tag=docker.pkg.github.com/${{ inputs.image }}/${{ inputs.tag }}
+        docker tag "${{ inputs.image }}:${{ inputs.tag }}" $github_tag
+        docker push "$github_tag"
+        docker logout docker.pkg.github.com
+
+    - name: Push images to Docker Hub registry
+      if: steps.changes.outputs.detected == 'true'
+      shell: bash
+      run: |
+        echo "${{ inputs.dockerhub-password }}" | docker login \
+          -u ${{ inputs.dockerhub-username }} --password-stdin
+
+        docker push "${{ inputs.image }}:${{ inputs.tag }}"
+        docker logout
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index cafe9165..90a2dd10 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -10,77 +10,42 @@ on:
       - "*.png"
   pull_request:
 
-env:
-  IMAGE_NAME: atmoz/sftp
-
 jobs:
-  build:
+  build-images:
     runs-on: ubuntu-latest
-
     steps:
       - uses: actions/checkout@v2
         with:
-          fetch-depth: 0 # for proper signature verification
           submodules: true # for shunit2
-
-      - name: Run ShellCheck
-        uses: ludeeus/action-shellcheck@master
-        with:
-          ignore_paths: tests/shunit2
-
-      - name: Build debian image
-        run: |
-          docker build . \
-            --pull=true \
-            --file=Dockerfile \
-            --tag="$IMAGE_NAME:latest" \
-            --tag="$IMAGE_NAME:debian" \
-            --label="org.opencontainers.image.source=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \
-            --label="org.opencontainers.image.revision=$GITHUB_SHA" \
-            --label="org.opencontainers.image.created=$(date --rfc-3339=seconds)"
-
-      - name: Test debian image
-        run: tests/run $IMAGE_NAME:debian
-
-      - name: Build alpine image
-        run: |
-          docker build . \
-            --pull=true \
-            --file=Dockerfile-alpine \
-            --tag="$IMAGE_NAME:alpine" \
-            --label="org.opencontainers.image.source=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \
-            --label="org.opencontainers.image.revision=$GITHUB_SHA" \
-            --label="org.opencontainers.image.created=$(date --rfc-3339=seconds)"
-
-      - name: Test alpine image
-        run: tests/run $IMAGE_NAME:alpine
+          fetch-depth: 0 # for proper signature verification
 
       - name: Verify signature
-        if: github.ref == 'refs/heads/master'
+        if: github.repository == 'atmoz/sftp'
         uses: atmoz/git-verify-ref@master
         with:
           import-github-users: atmoz
 
-      - name: Push images to Docker Hub registry
-        if: github.ref == 'refs/heads/master'
-        run: |
-          echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login \
-            -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
-
-          docker push --all-tags $IMAGE_NAME
-          docker logout
-
-      - name: Push images to GitHub registry
-        if: github.ref == 'refs/heads/master'
-        run: |
-          echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com \
-            -u ${{ github.actor }} --password-stdin
-
-          TAG_DEBIAN=docker.pkg.github.com/$GITHUB_REPOSITORY/debian
-          TAG_ALPINE=docker.pkg.github.com/$GITHUB_REPOSITORY/alpine
-          docker tag $IMAGE_NAME:debian $TAG_DEBIAN
-          docker tag $IMAGE_NAME:alpine $TAG_ALPINE
-          docker push $TAG_DEBIAN
-          docker push $TAG_ALPINE
-          docker logout docker.pkg.github.com
+      - name: Run ShellCheck
+        uses: ludeeus/action-shellcheck@master
+        with:
+          ignore_paths: tests/shunit2
 
+      - name: alpine
+        uses: ./.github/actions/build-image
+        with:
+          image: $GITHUB_REPOSITORY
+          tag: alpine
+          update-check: "apk update &>/dev/null && apk version -q -l '>'"
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          dockerhub-password: ${{ secrets.DOCKER_HUB_PASSWORD }}
+
+      - name: debian
+        uses: ./.github/actions/build-image
+        with:
+          image: $GITHUB_REPOSITORY
+          tag: debian
+          update-check: "apt-get update &>/dev/null && apt-get upgrade -s | grep ^Inst"
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          dockerhub-password: ${{ secrets.DOCKER_HUB_PASSWORD }}