Periodically rebuild & publish containers (auto update) #1520
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Periodically rebuild & publish containers (auto update) | |
on: | |
schedule: | |
# run once a day at 21:50 UTC | |
- cron: '50 21 * * *' | |
concurrency: build | |
env: | |
GIT_REMOTE_URL: ${{ github.server_url }}/${{ github.repository }}.git | |
CI_TOOLS_SETUP: https://raw.githubusercontent.com/SGSGermany/ci-tools/main/setup.sh | |
defaults: | |
run: | |
shell: bash -eu -o pipefail {0} | |
jobs: | |
generate-jobs: | |
name: Generate jobs | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
outputs: | |
BUILD_MATRIX: ${{ steps.generate-jobs.outputs.BUILD_MATRIX }} | |
env: | |
RUN_ON_BRANCHES: 'main' | |
RUN_ON_TAGS_LATEST: 'v*.*.*' | |
steps: | |
- name: Setup CI tools | |
run: | | |
. <(curl -fsS -L "$CI_TOOLS_SETUP" | bash -s ~/ci-tools) | |
echo "CI_TOOLS=$CI_TOOLS" | tee -a "$GITHUB_ENV" | |
echo "CI_TOOLS_PATH=$CI_TOOLS_PATH" | tee -a "$GITHUB_ENV" | |
- name: Generate jobs | |
id: generate-jobs | |
run: | | |
BUILD_REF="$("$CI_TOOLS_PATH/containers/generate-scheduled-jobs.sh")" | |
echo ::group::Jobs list | |
echo "$BUILD_REF" | |
echo ::endgroup:: | |
echo "BUILD_MATRIX=$(jq -R . <<< "$BUILD_REF" | jq -c -s '{"BUILD_REF": .}')" >> $GITHUB_OUTPUT | |
build: | |
name: Build & publish container | |
needs: generate-jobs | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
strategy: | |
matrix: ${{ fromJSON(needs.generate-jobs.outputs.BUILD_MATRIX) }} | |
fail-fast: false | |
max-parallel: 1 | |
env: | |
REGISTRY: ghcr.io | |
OWNER: sgsgermany | |
IMAGE: acme | |
BUILD_REF: ${{ matrix.BUILD_REF }} | |
steps: | |
- name: Setup CI tools | |
run: | | |
. <(curl -fsS -L "$CI_TOOLS_SETUP" | bash -s ~/ci-tools) | |
echo "CI_TOOLS=$CI_TOOLS" | tee -a "$GITHUB_ENV" | |
echo "CI_TOOLS_PATH=$CI_TOOLS_PATH" | tee -a "$GITHUB_ENV" | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.BUILD_REF }} | |
- name: Log into container registry ${{ env.REGISTRY }} | |
uses: redhat-actions/podman-login@v1 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Generate container image tags | |
run: | | |
TAGS="$("$CI_TOOLS_PATH/containers/generate-image-tags.sh" "$BUILD_REF" "$GITHUB_RUN_ID.$GITHUB_RUN_NUMBER")" | |
echo "TAGS=$TAGS" | tee -a "$GITHUB_ENV" | |
- name: Check for updates | |
run: | | |
BUILD_ACTION="$("$CI_TOOLS_PATH/containers/check-for-updates.sh" "sha-$(git rev-parse HEAD)")" | |
echo "BUILD_ACTION=$BUILD_ACTION" | tee -a "$GITHUB_ENV" | |
- name: Build container image | |
if: ${{ env.BUILD_ACTION == 'build' }} | |
run: | | |
buildah unshare ./build.sh | |
- name: Add container image tags | |
if: ${{ env.BUILD_ACTION == 'tag' }} | |
run: | | |
"$CI_TOOLS_PATH/containers/add-image-tags.sh" "sha-$(git rev-parse HEAD)" | |
- name: Container image metadata | |
run: | | |
"$CI_TOOLS_PATH/containers/get-metadata.sh" "$REGISTRY/$OWNER" "$IMAGE:sha-$(git rev-parse HEAD)" | |
- name: Push container image | |
if: ${{ env.BUILD_ACTION != '' }} | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ env.IMAGE }} | |
registry: ${{ env.REGISTRY }}/${{ env.OWNER }} | |
tags: ${{ env.TAGS }} |