update #402
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: update | |
on: | |
schedule: | |
- cron: '0 22 * * 0-4' # 7:00 weekday, JST | |
workflow_dispatch: | |
jobs: | |
update: | |
name: Update images | |
env: | |
GH_TOKEN: ${{ secrets.CYBOZU_NECO_PAT }} | |
UBUNTU_VERSION: "20.04 22.04 24.04" | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
version: v0.17.1 | |
- name: Check minimal image updates | |
shell: bash -xe {0} | |
run: | | |
TOKEN=$(curl -sSf "https://auth.docker.io/token?scope=repository%3Alibrary%2Fubuntu%3Apull&service=registry.docker.io"| jq -r .token) | |
for version in ${{ env.UBUNTU_VERSION }}; do | |
if [ "${version}" = "20.04" ]; then | |
codename=focal | |
elif [ "${version}" = "22.04" ]; then | |
codename=jammy | |
elif [ "${version}" = "24.04" ]; then | |
codename=noble | |
else | |
echo "Unknown Ubuntu version: ${version}" | |
exit 1 | |
fi | |
LATEST_TAG=$(curl -sSf -H "Authorization: Bearer $TOKEN" "https://registry-1.docker.io/v2/library/ubuntu/tags/list" | jq -r ".tags[] | select(. | test(\"$codename-.*\"))" | tail -n1) | |
if [ -z "$LATEST_TAG" ]; then | |
echo "Failed to get the latest tag for $codename" | |
exit 1 | |
fi | |
TAG_MINIMAL=$(cat ./$version/TAG_MINIMAL) | |
echo $LATEST_TAG > ./$version/TAG_MINIMAL | |
if [[ "$TAG_MINIMAL" != "$LATEST_TAG" ]]; then | |
echo "NEED_UPDATE=1" >> $GITHUB_ENV | |
echo "- Update $version minimal image from $TAG_MINIMAL to $LATEST_TAG" >> ./BODY | |
fi | |
done | |
- name: Check package updates | |
shell: bash -xe {0} | |
run: | | |
docker buildx use default | |
for version in ${{ env.UBUNTU_VERSION }}; do | |
TAG_MINIMAL=$(cat ./$version/TAG_MINIMAL) | |
TAG=$(cat ./$version/TAG) | |
docker buildx build -t ghcr.io/cybozu/ubuntu-minimal:${TAG_MINIMAL}-new --load --build-arg TAG_MINIMAL=$TAG_MINIMAL ./$version/ubuntu-minimal | |
for img in ubuntu ubuntu-debug ubuntu-dev; do | |
docker pull ghcr.io/cybozu/$img:$TAG | |
docker buildx build --platform linux/amd64 -t ghcr.io/cybozu/$img:${version}-new --load --no-cache=false --build-arg TAG_MINIMAL=${TAG_MINIMAL}-new --build-arg TAG=${version}-new ./$version/$img/ | |
docker run --rm ghcr.io/cybozu/$img:$TAG dpkg -l > $img-$TAG | |
docker run --rm ghcr.io/cybozu/$img:${version}-new dpkg -l > $img-${version}-new | |
if ! diff -u $img-$TAG $img-${version}-new; then | |
echo "- Update $img:${version} packages" >> ./BODY | |
echo '```diff' >> ./BODY | |
diff -u $img-$TAG $img-${version}-new >> ./BODY || true | |
echo -e '```\n' >> ./BODY | |
if [ "$NEED_UPDATE" != "1" ]; then | |
echo "NEED_UPDATE=1" >> $GITHUB_ENV | |
fi | |
fi | |
done | |
docker image rm ghcr.io/cybozu/ubuntu-minimal:${TAG_MINIMAL}-new | |
for img in ubuntu ubuntu-debug ubuntu-dev; do | |
docker image rm ghcr.io/cybozu/$img:${version}-new | |
done | |
done | |
- name: Create PR | |
if: env.NEED_UPDATE == '1' | |
shell: bash -xe {0} | |
run: | | |
TODAY=$(TZ="Asia/Tokyo" date "+%Y%m%d") | |
for version in ${{ env.UBUNTU_VERSION }}; do | |
echo $version.$TODAY > ./$version/TAG | |
done | |
git config --global user.email "[email protected]" | |
git config --global user.name "cybozu-neco" | |
BRANCH=update-$TODAY | |
git checkout -b $BRANCH | |
git add -u | |
git commit -m "Update images ($TODAY)" | |
git push origin $BRANCH | |
gh pr create --title "Update images ($TODAY)" --body-file ./BODY |