From c54998a21a74080bc03153fde0ce26afab88b85f Mon Sep 17 00:00:00 2001 From: Adrian Dvergsdal Date: Sat, 13 Jul 2024 21:49:39 +0200 Subject: [PATCH] Refactor build workflow and add check for update --- .github/actions/build-image/action.yml | 69 +++++++++++++++++++++ .github/workflows/build.yml | 84 ++++++++------------------ 2 files changed, 95 insertions(+), 58 deletions(-) create mode 100644 .github/actions/build-image/action.yml diff --git a/.github/actions/build-image/action.yml b/.github/actions/build-image/action.yml new file mode 100644 index 00000000..8302bfca --- /dev/null +++ b/.github/actions/build-image/action.yml @@ -0,0 +1,69 @@ +name: Push image +description: Push image to image repos +inputs: + image: + description: image to push + required: true + tag: + description: tag to push + required: true + update-check: + description: command to run on old image and check for updates + required: true +runs: + using: "composite" + steps: + - name: Check for changes or updates + id: changes + run: | + latest_tag="docker.pkg.github.com/${{ inputs.image }}/${{ inputs.tag }}" + packages="$(docker run --rm "$latest_tag" sh -c "${{ inputs.update-check }}")" + echo "$packages" + + revision="$(docker image inspect --format \ + '{{index .Labels "org.opencontainers.image.revision"}}' \ + "$latest_tag")" + echo "$revision" + + if [ "$revision" != "$GITHUB_SHA" ] || [ "${#packages}" -gt 0 ]; then + echo "Changes detected" + echo "::set-output name=detected::true" + else + echo "No change detected" + echo "::set-output name=detected::false" + fi + + - name: Build image + if: steps.changes.outputs.detected == "true" + run: | + docker build . \ + --pull=true \ + --file=Dockerfile-alpine \ + --tag="${{ inputs.image }}:${{ inputs.tag }}" \ + --label="org.opencontainers.image.source=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \ + --label="org.opencontainers.image.revision=$GITHUB_SHA" \ + --label="org.opencontainers.image.created=$(date --rfc-3339=seconds)" + + - name: Test image + if: steps.changes.outputs.detected == "true" + run: tests/run "${{ inputs.image }}:${{ inputs.tag }}" + + - name: Push image to GitHub registry + if: steps.changes.outputs.detected == "true" + run: | + echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com \ + -u ${{ github.actor }} --password-stdin + + github_tag=docker.pkg.github.com/${{ inputs.image }}/${{ inputs.tag }} + docker tag "${{ inputs.image }}:${{ inputs.tag }}" $github_tag + docker push "$github_tag" + docker logout docker.pkg.github.com + + - name: Push images to Docker Hub registry + if: steps.changes.outputs.detected == "true" + run: | + echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login \ + -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin + + docker push "${{ inputs.image }}:${{ inputs.tag }}" + docker logout diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cafe9165..308a3c66 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -10,77 +10,45 @@ on: - "*.png" pull_request: -env: - IMAGE_NAME: atmoz/sftp - jobs: - build: + linting: runs-on: ubuntu-latest - steps: - uses: actions/checkout@v2 - with: - fetch-depth: 0 # for proper signature verification - submodules: true # for shunit2 - - name: Run ShellCheck uses: ludeeus/action-shellcheck@master with: ignore_paths: tests/shunit2 - - name: Build debian image - run: | - docker build . \ - --pull=true \ - --file=Dockerfile \ - --tag="$IMAGE_NAME:latest" \ - --tag="$IMAGE_NAME:debian" \ - --label="org.opencontainers.image.source=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \ - --label="org.opencontainers.image.revision=$GITHUB_SHA" \ - --label="org.opencontainers.image.created=$(date --rfc-3339=seconds)" - - - name: Test debian image - run: tests/run $IMAGE_NAME:debian - - - name: Build alpine image - run: | - docker build . \ - --pull=true \ - --file=Dockerfile-alpine \ - --tag="$IMAGE_NAME:alpine" \ - --label="org.opencontainers.image.source=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \ - --label="org.opencontainers.image.revision=$GITHUB_SHA" \ - --label="org.opencontainers.image.created=$(date --rfc-3339=seconds)" - - - name: Test alpine image - run: tests/run $IMAGE_NAME:alpine - + verify-signature: + runs-on: ubuntu-latest + if: github.repository == 'atmoz/sftp' + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 # for proper signature verification - name: Verify signature - if: github.ref == 'refs/heads/master' uses: atmoz/git-verify-ref@master with: import-github-users: atmoz - - name: Push images to Docker Hub registry - if: github.ref == 'refs/heads/master' - run: | - echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login \ - -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin - - docker push --all-tags $IMAGE_NAME - docker logout - - - name: Push images to GitHub registry - if: github.ref == 'refs/heads/master' - run: | - echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com \ - -u ${{ github.actor }} --password-stdin + build-images: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + submodules: true # for shunit2 - TAG_DEBIAN=docker.pkg.github.com/$GITHUB_REPOSITORY/debian - TAG_ALPINE=docker.pkg.github.com/$GITHUB_REPOSITORY/alpine - docker tag $IMAGE_NAME:debian $TAG_DEBIAN - docker tag $IMAGE_NAME:alpine $TAG_ALPINE - docker push $TAG_DEBIAN - docker push $TAG_ALPINE - docker logout docker.pkg.github.com + - name: alpine + uses: ./.github/actions/build-image + with: + image: $GITHUB_REPOSITORY + tag: alpine + update-check: apk update &>/dev/null && apk version -q -l '>' + - name: debian + uses: ./.github/actions/build-image + with: + image: $GITHUB_REPOSITORY + tag: debian + update-check: apt-get update &>/dev/null && apt-get upgrade -s | grep ^Inst