Fix update workflow #53
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: update | |
| on: | |
| schedule: | |
| - cron: '0 22 * * 0-4' | |
| pull_request: | |
| jobs: | |
| update: | |
| name: Update images | |
| env: | |
| GH_TOKEN: ${{ secrets.CYBOZU_NECO_PAT }} | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| matrix: | |
| ubuntu-version: [ "20.04", "22.04" ] | |
| defaults: | |
| run: | |
| working-directory: ${{ matrix.ubuntu-version }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| with: | |
| version: v0.9.1 | |
| - name: Check minimal image updates | |
| shell: bash -xe {0} | |
| run: | | |
| if [ "${{ matrix.ubuntu-version }}" = "20.04" ]; then | |
| codename=focal | |
| elif [ "${{ matrix.ubuntu-version }}" = "22.04" ]; then | |
| codename=jammy | |
| else | |
| echo "Unknown Ubuntu version: ${{ matrix.ubuntu-version }}" | |
| exit 1 | |
| fi | |
| TOKEN=$(curl -sSf "https://auth.docker.io/token?scope=repository%3Alibrary%2Fubuntu%3Apull&service=registry.docker.io"| jq -r .token) | |
| LATEST_TAG=$(curl -sSf -H "Authorization: Bearer $TOKEN" "https://registry-1.docker.io/v2/library/ubuntu/tags/list" | jq -r ".tags[] | select(. | test(\"$codename-.*\"))" | tail -n1) | |
| if [ -z "$LATEST_TAG" ]; then | |
| echo "Failed to get the latest tag for $codename" | |
| exit 1 | |
| fi | |
| TAG_MINIMAL=$(cat ./TAG_MINIMAL) | |
| sed -i -e "s/$codename-[0-9]\{8\}/$LATEST_TAG/g" ./TAG_MINIMAL | |
| echo "Update images for ${{ matrix.ubuntu-version }}" > ./BODY | |
| if [[ "$TAG_MINIMAL" != "$LATEST_TAG" ]]; then | |
| echo "NEED_UPDATE=1" >> $GITHUB_ENV | |
| echo "- Update minimal image from $TAG_MINIMAL to $LATEST_TAG" >> ./BODY | |
| fi | |
| - name: Check package updates | |
| shell: bash -xe {0} | |
| run: | | |
| TAG_MINIMAL=$(cat ./TAG_MINIMAL) | |
| TAG=$(cat ./TAG) | |
| docker buildx build -t quay.io/cybozu/ubuntu-minimal:${TAG_MINIMAL}-new --load --build-arg TAG_MINIMAL=$TAG_MINIMAL ubuntu-minimal | |
| docker images | |
| for img in ubuntu ubuntu-debug ubuntu-dev; do | |
| docker pull ghcr.io/cybozu/$img:$TAG | |
| docker buildx build --platform linux/amd64 -t $img:${{ matrix.ubuntu-version }}-new --load --no-cache=false --build-arg TAG_MINIMAL=${TAG_MINIMAL}-new --build-arg TAG=$TAG ./$img/ | |
| docker run --rm ghcr.io/cybozu/$img:$TAG dpkg -l > $img-$TAG | |
| docker run --rm $img:${{ matrix.ubuntu-version }}-new dpkg -l > $img-${{ matrix.ubuntu-version }}-new | |
| if ! diff -u $img-$TAG $img-${{ matrix.ubuntu-version }}-new; then | |
| echo "- Update $img:${{ matrix.ubuntu-version }} packages" >> ./BODY | |
| echo '```diff' >> ./BODY | |
| diff -u $img-$TAG $img-${{ matrix.ubuntu-version }}-new >> ./BODY || true | |
| echo -e '```\n' >> ./BODY | |
| if [ "$NEED_UPDATE" != "1" ]; then | |
| echo "NEED_UPDATE=1" >> $GITHUB_ENV | |
| fi | |
| fi | |
| done | |
| docker image rm quay.io/cybozu/ubuntu-minimal:${TAG_MINIMAL}-new | |
| for img in ubuntu ubuntu-debug ubuntu-dev; do | |
| docker image rm $img:${{ matrix.ubuntu-version }}-new | |
| done | |
| - name: Create PR | |
| if: env.NEED_UPDATE == '1' | |
| shell: bash -xe {0} | |
| run: | | |
| TODAY=$(date "+%Y%m%d") | |
| sed -i -e "s/${{ matrix.ubuntu-version }}\.[0-9]\{8\}/${{ matrix.ubuntu-version }}\.$TODAY/g" ./TAG | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "cybozu-neco" | |
| BRANCH=update-${{ matrix.ubuntu-version }}-$TODAY | |
| git checkout -b $BRANCH | |
| git add -u | |
| git commit -m "Update images for ${{ matrix.ubuntu-version }}" | |
| git push origin $BRANCH | |
| gh pr create --title "Update images for ${{ matrix.ubuntu-version }}" --body-file ./BODY |