-
Notifications
You must be signed in to change notification settings - Fork 822
143 lines (125 loc) · 4.51 KB
/
build-image.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
name: Push image
on:
workflow_call:
inputs:
containerfile:
description: Which containerfile/dockerfile to build
required: true
type: string
image:
description: image name
required: true
type: string
tag:
description: image tag
required: true
type: string
update-check:
description: command to run on old image and check for updates
required: true
type: string
jobs:
detect-changes:
runs-on: ubuntu-latest
outputs:
detected: ${{ steps.result.outputs.detected }}
steps:
- uses: actions/checkout@v4
- name: Pull latest image
run: |
latest_tag="docker.pkg.github.com/${{ inputs.image }}/${{ inputs.tag }}"
echo "latest_tag=$latest_tag" >> "$GITHUB_ENV"
echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com \
-u ${{ github.actor }} --password-stdin
docker pull "$latest_tag"
docker logout docker.pkg.github.com
- name: Check if git revision has changed
id: revision
run: |
revision="$(docker image inspect --format \
'{{index .Config.Labels "org.opencontainers.image.revision"}}' \
"$latest_tag")"
echo "$revision"
if [ "$revision" != "$GITHUB_SHA" ]; then
echo "Latest image revision ($revision) is not the same as current revision ($GITHUB_SHA)"
echo "changed_revision=true" >> result
else
echo "Latest image revision is the same as current revision ($GITHUB_SHA)"
echo "changed_revision=false" >> result
fi
- name: Check for new updates
id: updates
run: |
packages="$(docker run --rm --entrypoint=/bin/sh "$latest_tag" -c "${{ inputs.update-check }}")"
echo "$packages"
if [ "${#packages}" -gt 0 ]; then
echo "Updates available"
echo "new_updates=true" >> result
else
echo "No new updates"
echo "new_updates=false" >> result
fi
- name: Results
id: result
run: |
cat result
if grep -q "=true" result; then
echo "Result: changes detected"
echo "detected=true" >> "$GITHUB_OUTPUT"
else
echo "Result: no change detected"
echo "detected=false" >> "$GITHUB_OUTPUT"
fi
build:
runs-on: ubuntu-latest
needs: detect-changes
if: needs.detect-changes.outputs.detected == 'true'
steps:
- uses: actions/checkout@v4
with:
submodules: true # for shunit2
- name: Build image
run: |
docker build . \
--pull=true \
--file="${{ inputs.containerfile }}" \
--tag="${{ inputs.image }}:${{ inputs.tag }}" \
--label="org.opencontainers.image.source=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \
--label="org.opencontainers.image.revision=$GITHUB_SHA" \
--label="org.opencontainers.image.created=$(date --rfc-3339=seconds)"
- name: Test image
run: tests/run "${{ inputs.image }}:${{ inputs.tag }}"
- name: Save image
run: docker save -o "${{ inputs.tag }}.tar" "${{ inputs.image }}:${{ inputs.tag }}"
- name: Upload image as artifact
uses: actions/upload-artifact@v4
with:
name: ${{ inputs.tag }}
path: "${{ inputs.tag }}.tar"
retention-days: 1
push:
runs-on: ubuntu-latest
needs: build
if: github.ref == 'refs/heads/master'
steps:
- uses: actions/checkout@v4
- name: Download image
uses: actions/download-artifact@v4
with:
name: ${{ inputs.tag }}
- name: Load image
run: docker load -i "${{ inputs.tag }}.tar"
- name: Push image to GitHub registry
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com \
-u ${{ github.actor }} --password-stdin
github_tag=docker.pkg.github.com/${{ inputs.image }}/${{ inputs.tag }}
docker tag "${{ inputs.image }}:${{ inputs.tag }}" $github_tag
docker push "$github_tag"
docker logout docker.pkg.github.com
- name: Push images to Docker Hub registry
run: |
echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login \
-u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
docker push "${{ inputs.image }}:${{ inputs.tag }}"
docker logout