docker-image/.github/workflows/update_base_digest.yml at main · trfore/docker-image · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
name: Update Base OS Digest
on:
  workflow_call:
    secrets:
      TOKEN: # ex: ${{ secrets.PAT }} See peter-evans/create-pull-request docs for permissions
        required: true

jobs:
  update_digest:
    runs-on: ubuntu-latest
    steps:
      - name: Check out codebase
        uses: actions/checkout@v6

      - name: Pull the latest image digest
        id: base_digest
        run: |
          # extract fully qualified reference name
          BASEOS_IMAGE=$(cat Dockerfile | grep -Po '^FROM \K[^$]*')

          # pull and filter digest
          LATEST_BASE_DIGEST=$(skopeo inspect docker://$BASEOS_IMAGE --override-arch amd64 --override-os linux | jq '{baseos: {name: .Name, digest: .Digest, layer: .Layers[0], created: .Created}}')
          LATEST_BASE_LAYER=$(jq -nr "$LATEST_BASE_DIGEST | .baseos.layer")
          CURRENT_BASE_LAYER=$(jq -r .baseos.layer baseos_digest)

          # set environment variables
          echo "LATEST_BASE_DIGEST="$LATEST_BASE_DIGEST"" >> $GITHUB_ENV
          echo "LATEST_BASE_DIGEST_ABBR="$(jq -nr "$LATEST_BASE_DIGEST | .baseos.digest" | cut -c 1-19)"" >> $GITHUB_ENV
          echo "LATEST_BASE_LAYER="$LATEST_BASE_LAYER"" >> $GITHUB_ENV
          echo "CURRENT_BASE_LAYER="$CURRENT_BASE_LAYER"" >> $GITHUB_ENV

          # update 'baseos_digest' file
          if [ "$CURRENT_BASE_LAYER" != "$LATEST_BASE_LAYER" ]; \
          then echo $LATEST_BASE_DIGEST > baseos_digest; \
          fi

      - name: Create pull request
        if: env.CURRENT_BASE_LAYER != env.LATEST_BASE_LAYER
        uses: peter-evans/create-pull-request@v8
        with:
          token: ${{ secrets.TOKEN }}
          commit-message: update base os digest to ${{ env.LATEST_BASE_DIGEST_ABBR }}
          title: update base os digest to ${{ env.LATEST_BASE_DIGEST_ABBR }}
          body: |
            Updates base os image to:

            ${{ env.LATEST_BASE_DIGEST }}

            Auto-generated by [create-pull-request][1]

            [1]: https://github.com/peter-evans/create-pull-request
          labels: status/auto-created, base-image
          branch: update-baseos