Periodically rebuild & publish containers (auto update) #575
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Periodically rebuild & publish containers (auto update) | |
on: | |
schedule: | |
# run once a day at 21:20 UTC | |
- cron: '20 21 * * *' | |
concurrency: build | |
env: | |
CI_TOOLS_SETUP: https://raw.githubusercontent.com/SGSGermany/ci-tools/main/setup.sh | |
defaults: | |
run: | |
shell: bash -eu -o pipefail {0} | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
strategy: | |
matrix: | |
BUILD_REF: | |
- refs/heads/main | |
BASE_IMAGE: | |
- docker.io/ubuntu:jammy | |
- docker.io/ubuntu:focal | |
fail-fast: false | |
max-parallel: 1 | |
env: | |
REGISTRY: ghcr.io | |
OWNER: sgsgermany | |
IMAGE: ubuntu | |
BUILD_REF: ${{ matrix.BUILD_REF }} | |
BASE_IMAGE: ${{ matrix.BASE_IMAGE }} | |
steps: | |
- name: Setup CI tools | |
run: | | |
. <(curl -fsS -L "$CI_TOOLS_SETUP" | bash -s ~/ci-tools) | |
echo "CI_TOOLS=$CI_TOOLS" | tee -a "$GITHUB_ENV" | |
echo "CI_TOOLS_PATH=$CI_TOOLS_PATH" | tee -a "$GITHUB_ENV" | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.BUILD_REF }} | |
- name: Log into container registry ${{ env.REGISTRY }} | |
uses: redhat-actions/podman-login@v1 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Generate container image tags | |
run: | | |
source <(./tags.sh "$GITHUB_RUN_ID.$GITHUB_RUN_NUMBER") | |
echo "MILESTONE=$MILESTONE" | tee -a "$GITHUB_ENV" | |
echo "VERSION=$VERSION" | tee -a "$GITHUB_ENV" | |
echo "TAGS=$TAGS" | tee -a "$GITHUB_ENV" | |
- name: Check end of life | |
run: | | |
"$CI_TOOLS_PATH/containers/check-end-of-life.sh" "Ubuntu" "$MILESTONE" | |
- name: Check for updates | |
run: | | |
BUILD_ACTION="$(./check-for-updates.sh)" | |
echo "BUILD_ACTION=$BUILD_ACTION" | tee -a "$GITHUB_ENV" | |
- name: Build container image | |
if: ${{ env.BUILD_ACTION != '' }} | |
run: | | |
buildah unshare ./build.sh | |
# Workaround for https://github.com/redhat-actions/push-to-registry/issues/66 | |
- name: Delete base image | |
if: ${{ env.BUILD_ACTION != '' }} | |
run: | | |
podman rmi "$(. ./container.env ; echo "$BASE_IMAGE")" | |
- name: Container image metadata | |
run: | | |
"$CI_TOOLS_PATH/containers/get-metadata.sh" "$REGISTRY/$OWNER" "$IMAGE:${TAGS%% *}" | |
- name: Push container image | |
if: ${{ env.BUILD_ACTION != '' }} | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ env.IMAGE }} | |
registry: ${{ env.REGISTRY }}/${{ env.OWNER }} | |
tags: ${{ env.TAGS }} |