Update Docker Images #1141

Workflow file for this run

.github/workflows/update-docker-images.yml at 93eec0d

	name: Update Docker Images

	on:
	schedule:
	- cron: "0 1 * * 0" # run every week at 01:00 UTC on Sunday
	workflow_dispatch:
	inputs:
	tag:
	description: "Update images with tag"
	required: true
	dry_run:
	type: boolean
	default: false

	defaults:
	run:
	shell: bash

	concurrency:
	group: ${{ github.ref_name }}-update
	cancel-in-progress: true

	permissions:
	contents: read

	jobs:
	variables:
	name: Set variables for workflow
	runs-on: ubuntu-24.04
	outputs:
	tag: ${{ steps.kic.outputs.tag }}
	short_tag: ${{ steps.kic.outputs.short }}
	date: ${{ steps.kic.outputs.date }}
	matrix: ${{ steps.kic.outputs.matrix }}
	steps:
	- name: Checkout Repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	fetch-depth: 0

	- name: Set variables
	id: kic
	run: \|
	tag="$(git tag --sort=-version:refname \| head -n1)"
	if [ -n "${{ inputs.tag }}" ]; then
	tag=${{ inputs.tag }}
	else
	tag=${tag//v}
	fi
	echo "tag=${tag}" >> $GITHUB_OUTPUT
	date=$(date "+%Y%m%d")
	echo "date=${date}" >> $GITHUB_OUTPUT
	short="${tag%.*}"
	echo "short=$short" >> $GITHUB_OUTPUT
	echo "matrix=$(cat .github/data/patch-images.json \| jq -c)" >> $GITHUB_OUTPUT
	cat $GITHUB_OUTPUT

	patch-images:
	name: Patch Images
	needs: [variables]
	strategy:
	fail-fast: false
	matrix:
	include: ${{ fromJSON( needs.variables.outputs.matrix ) }}
	uses: ./.github/workflows/patch-image.yml
	with:
	platforms: ${{ matrix.platforms }}
	image: ${{ matrix.source_image }}
	tag: ${{ matrix.source_os == 'debian' && needs.variables.outputs.tag \|\| format('{0}-{1}', needs.variables.outputs.tag, matrix.source_os) }}
	ic_version: ${{ needs.variables.outputs.tag }}
	target_image: ${{ matrix.target_image }}
	target_tag: ${{ matrix.source_os == 'debian' && format('{0}-{1}', needs.variables.outputs.tag, needs.variables.outputs.date) \|\| format('{0}-{1}-{2}', needs.variables.outputs.tag, needs.variables.outputs.date, matrix.source_os) }}
	permissions:
	contents: read
	id-token: write
	secrets: inherit

	release-oss-internal:
	name: "Publish Docker OSS ${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }} to internal release Registries"
	needs: [variables, patch-images]
	uses: ./.github/workflows/oss-release.yml
	with:
	gcr_release_registry: true
	ecr_public_registry: false
	dockerhub_public_registry: false
	quay_public_registry: false
	github_public_registry: false
	source_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
	target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
	branch: "release-${{ needs.variables.outputs.short_tag }}"
	dry_run: ${{ inputs.dry_run \|\| false }}
	permissions:
	contents: read
	id-token: write
	packages: write
	secrets: inherit

	release-oss-public:
	name: Publish Docker OSS ${{ matrix.tag }} to Public Registries
	needs: [variables, patch-images]
	strategy:
	fail-fast: false
	matrix:
	tag:
	- "${{ needs.variables.outputs.tag }}"
	- "${{ needs.variables.outputs.short_tag }}"
	- "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
	- "latest"
	uses: ./.github/workflows/oss-release.yml
	with:
	gcr_release_registry: false
	ecr_public_registry: true
	dockerhub_public_registry: true
	quay_public_registry: true
	github_public_registry: true
	source_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
	target_tag: ${{ matrix.tag }}
	branch: "release-${{ needs.variables.outputs.short_tag }}"
	dry_run: ${{ inputs.dry_run \|\| false }}
	permissions:
	contents: read
	id-token: write
	packages: write
	secrets: inherit

	release-plus-nginx:
	name: Publish Docker Plus ${{ matrix.tag }} to NGINX registry
	needs: [variables, patch-images]
	strategy:
	fail-fast: false
	matrix:
	tag:
	- "${{ needs.variables.outputs.tag }}"
	- "${{ needs.variables.outputs.short_tag }}"
	- "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
	- "latest"
	uses: ./.github/workflows/plus-release.yml
	with:
	nginx_registry: true
	gcr_release_registry: false
	gcr_mktpl_registry: false
	ecr_mktpl_registry: false
	az_mktpl_registry: false
	source_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
	target_tag: ${{ matrix.tag }}
	branch: "release-${{ needs.variables.outputs.short_tag }}"
	dry_run: ${{ inputs.dry_run \|\| false }}
	permissions:
	contents: read
	id-token: write
	secrets: inherit

	release-plus-internal:
	name: Publish Docker Plus ${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }} to internal release Registries
	needs: [variables, patch-images]
	uses: ./.github/workflows/plus-release.yml
	with:
	nginx_registry: false
	gcr_release_registry: true
	gcr_mktpl_registry: false
	ecr_mktpl_registry: false
	az_mktpl_registry: false
	source_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
	target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}"
	branch: "release-${{ needs.variables.outputs.short_tag }}"
	dry_run: ${{ inputs.dry_run \|\| false }}
	permissions:
	contents: read
	id-token: write
	secrets: inherit

	certify-openshift-images:
	name: Certify OpenShift UBI images
	runs-on: ubuntu-24.04
	needs: [variables, release-oss-public]
	steps:
	- name: Checkout Repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Certify UBI OSS images in quay
	uses: ./.github/actions/certify-openshift-image
	with:
	image: quay.io/nginx/nginx-ingress:${{ needs.variables.outputs.tag }}-ubi
	project_id: ${{ secrets.CERTIFICATION_PROJECT_ID }}
	pyxis_token: ${{ secrets.PYXIS_API_TOKEN }}
	platforms: ""
	preflight_version: 1.11.1
	submit: ${{ ! inputs.dry_run \|\| true }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update Docker Images #1141

Workflow file

Update Docker Images #1141

Jobs

Run details

Workflow file for this run