Skip to content

Commit

Permalink
Refactor build workflow and add check for update
Browse files Browse the repository at this point in the history
  • Loading branch information
@atmoz
atmoz committed Jul 14, 2024
1 parent c3c949d commit 3d2bed2
Show file tree
Hide file tree
Showing 2 changed files with 120 additions and 61 deletions.
94 changes: 94 additions & 0 deletions .github/workflows/build-image.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
name: Push image
on:
workflow_call:
inputs:
containerfile:
description: Which containerfile/dockerfile to build
required: true
type: string
image:
description: image name
required: true
type: string
tag:
description: image tag
required: true
type: string
update-check:
description: command to run on old image and check for updates
required: true
type: string

jobs:
check-for-changes:
runs-on: ubuntu-latest
outputs:
detected: ${{ steps.changes.outputs.detected }}
steps:
- uses: actions/checkout@v2

- name: Check for changes or updates
id: changes
run: |
latest_tag="docker.pkg.github.com/${{ inputs.image }}/${{ inputs.tag }}"
echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com \
-u ${{ github.actor }} --password-stdin
docker pull "$latest_tag"
docker logout docker.pkg.github.com
packages="$(docker run --rm "$latest_tag" --entrypoint=/bin/sh -c "${{ inputs.update-check }}")"
echo "$packages"
revision="$(docker image inspect --format \
'{{index .Config.Labels "org.opencontainers.image.revision"}}' \
"$latest_tag")"
echo "$revision"
if [ "$revision" != "$GITHUB_SHA" ] || [ "${#packages}" -gt 0 ]; then
echo "Changes detected"
echo "detected=true" >> "$GITHUB_OUTPUT"
else
echo "No change detected"
echo "detected=false" >> "$GITHUB_OUTPUT"
fi
build-and-push:
runs-on: ubuntu-latest
needs: check-for-changes
if: needs.check-for-changes.outputs.detected == 'true'
steps:
- uses: actions/checkout@v2
with:
submodules: true # for shunit2

- name: Build image
run: |
docker build . \
--pull=true \
--file="${{ inputs.containerfile }}" \
--tag="${{ inputs.image }}:${{ inputs.tag }}" \
--label="org.opencontainers.image.source=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \
--label="org.opencontainers.image.revision=$GITHUB_SHA" \
--label="org.opencontainers.image.created=$(date --rfc-3339=seconds)"
- name: Test image
run: tests/run "${{ inputs.image }}:${{ inputs.tag }}"

- name: Push image to GitHub registry
if: github.ref == 'refs/heads/master'
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com \
-u ${{ github.actor }} --password-stdin
github_tag=docker.pkg.github.com/${{ inputs.image }}/${{ inputs.tag }}
docker tag "${{ inputs.image }}:${{ inputs.tag }}" $github_tag
echo docker push "$github_tag"
docker logout docker.pkg.github.com
- name: Push images to Docker Hub registry
if: github.ref == 'refs/heads/master'
run: |
echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login \
-u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
echo docker push "${{ inputs.image }}:${{ inputs.tag }}"
docker logout
87 changes: 26 additions & 61 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,78 +9,43 @@ on:
- "*.txt"
- "*.png"
pull_request:

env:
IMAGE_NAME: atmoz/sftp
workflow_dispatch:

jobs:
build:
verify:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0 # for proper signature verification
submodules: true # for shunit2

- name: Run ShellCheck
uses: ludeeus/action-shellcheck@master
with:
ignore_paths: tests/shunit2

- name: Build debian image
run: |
docker build . \
--pull=true \
--file=Dockerfile \
--tag="$IMAGE_NAME:latest" \
--tag="$IMAGE_NAME:debian" \
--label="org.opencontainers.image.source=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \
--label="org.opencontainers.image.revision=$GITHUB_SHA" \
--label="org.opencontainers.image.created=$(date --rfc-3339=seconds)"
- name: Test debian image
run: tests/run $IMAGE_NAME:debian

- name: Build alpine image
run: |
docker build . \
--pull=true \
--file=Dockerfile-alpine \
--tag="$IMAGE_NAME:alpine" \
--label="org.opencontainers.image.source=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \
--label="org.opencontainers.image.revision=$GITHUB_SHA" \
--label="org.opencontainers.image.created=$(date --rfc-3339=seconds)"
- name: Test alpine image
run: tests/run $IMAGE_NAME:alpine

- name: Verify signature
if: github.ref == 'refs/heads/master'
if: github.repository == 'atmoz/sftp'
uses: atmoz/git-verify-ref@master
with:
import-github-users: atmoz

- name: Push images to Docker Hub registry
if: github.ref == 'refs/heads/master'
run: |
echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login \
-u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
docker push --all-tags $IMAGE_NAME
docker logout
- name: Push images to GitHub registry
if: github.ref == 'refs/heads/master'
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com \
-u ${{ github.actor }} --password-stdin
TAG_DEBIAN=docker.pkg.github.com/$GITHUB_REPOSITORY/debian
TAG_ALPINE=docker.pkg.github.com/$GITHUB_REPOSITORY/alpine
docker tag $IMAGE_NAME:debian $TAG_DEBIAN
docker tag $IMAGE_NAME:alpine $TAG_ALPINE
docker push $TAG_DEBIAN
docker push $TAG_ALPINE
docker logout docker.pkg.github.com
- name: Run ShellCheck
uses: ludeeus/action-shellcheck@master
with:
ignore_paths: tests/shunit2

alpine:
needs: verify
uses: ./.github/workflows/build-image.yml
with:
containerfile: Dockerfile-alpine
image: $GITHUB_REPOSITORY
tag: alpine
update-check: "apk update &>/dev/null && apk version -q -l '>'"
secrets: inherit

debian:
needs: verify
uses: ./.github/workflows/build-image.yml
with:
containerfile: Dockerfile
image: $GITHUB_REPOSITORY
tag: debian
update-check: "apt-get update &>/dev/null && apt-get upgrade -s | grep '^Inst'"
secrets: inherit

0 comments on commit 3d2bed2

Please sign in to comment.