Update docker #1542

Workflow file for this run

	name: Update docker

	on:
	push:
	branches:
	- "releases/**"
	paths:
	- ".gitleaks/**"
	- "Dockerfile"
	- "entrypoint.sh"
	- "action.yml"
	# repository_dispatch:
	# types: [gitleaks-release]
	schedule:
	- cron: "0 0 * * *"
	workflow_dispatch:

	jobs:
	docker:
	name: Cache latest docker image
	runs-on: ubuntu-latest
	steps:
	- name: Get repo owner
	uses: actions/github-script@v7
	id: repo_owner
	with:
	result-encoding: string
	script: return context.repo.owner.toLowerCase()

	- name: Get repo name
	uses: actions/github-script@v7
	id: repo_name
	with:
	result-encoding: string
	script: return context.repo.repo.toLowerCase()

	- name: Fetch Gitleaks the latest release
	id: gitleaks_latest_release
	run: \|
	gitleaks_latest_tag=$(gh api repos/gitleaks/gitleaks/releases/latest --jq .tag_name)
	gitleaks_latest_semver=$(echo ${gitleaks_latest_tag} \| tr -d "v")
	echo "tag=${gitleaks_latest_tag}" >>$GITHUB_OUTPUT
	echo "semver=${gitleaks_latest_semver}" >>$GITHUB_OUTPUT
	env:
	GITHUB_TOKEN: ${{ github.token }}

	- name: Check - upgrade Gitleaks or not
	id: gitleaks_upgrade
	if: ${{ github.event_name == 'schedule' }}
	run: \|
	pkgs=$(gh api /users/${{ steps.repo_owner.outputs.result }}/packages/container/${{ steps.repo_name.outputs.result }}/versions --jq '[.[] \| select(.metadata.container.tags \| index("${{ steps.gitleaks_latest_release.outputs.semver }}"))] \| length')
	if [ $pkgs = 0 ]
	then
	echo "upgrade=true" >>$GITHUB_OUTPUT
	fi
	env:
	GITHUB_TOKEN: ${{ github.token }}

	- name: Check - upgrade Docker image or not
	id: upgrade
	if: ${{ github.event_name == 'push' \|\| github.event_name == 'workflow_dispatch' \|\| (github.event_name == 'schedule' && steps.gitleaks_upgrade.outputs.upgrade == 'true') }}
	run: \|
	echo "upgrade=true" >>$GITHUB_OUTPUT

	- name: Checkout Git repo
	if: ${{ steps.upgrade.outputs.upgrade == 'true' }}
	uses: actions/checkout@v4

	# - name: Update config to the release version
	# if: ${{ steps.upgrade.outputs.upgrade == 'true' }}
	# run: \|
	# curl --output "${GITHUB_WORKSPACE}/.gitleaks/gitleaks.toml" https://raw.githubusercontent.com/zricethezav/gitleaks/${{ steps.gitleaks_latest_release.outputs.tag }}/config/gitleaks.toml

	- name: Login to ghcr.io
	uses: docker/login-action@v3
	if: ${{ steps.upgrade.outputs.upgrade == 'true' }}
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ github.token }}

	- name: Prepare Docker image metadata
	uses: docker/metadata-action@v5
	if: ${{ steps.upgrade.outputs.upgrade == 'true' }}
	with:
	images: "ghcr.io/${{ steps.repo_owner.outputs.result }}/${{ steps.repo_name.outputs.result }}"
	flavor: latest=true
	tags: \|
	type=raw,value=${{ github.run_id }}
	type=raw,value=${{ steps.gitleaks_latest_release.outputs.tag }}
	type=semver,pattern={{version}},value=${{ steps.gitleaks_latest_release.outputs.semver }}
	id: docker_image_metadata

	- name: Build and push Docker image
	if: ${{ steps.upgrade.outputs.upgrade == 'true' }}
	uses: docker/build-push-action@v5
	with:
	tags: ${{ steps.docker_image_metadata.outputs.tags }}
	labels: ${{ steps.docker_image_metadata.outputs.labels }}
	push: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update docker #1542

Workflow file

Update docker #1542

Jobs

Run details

Workflow file for this run