Skip to content

Add gha

Add gha #17

Workflow file for this run

name: image-update
#on:
# schedule:
# - cron: '0 0 * * *'
on:
push:
branches:
- master
- feature/gha
jobs:
base-image-digest:
strategy:
matrix:
image:
- command: helm
base: alpine
repo: "https://github.com/helm/helm.git"
semverRange: ">=3.12.0"
- command: istioctl
base: alpine
repo: "https://github.com/istio/istio.git"
semverRange: ">=1.21.0"
- command: kubectl
base: alpine
repo: "https://github.com/kubernetes/kubernetes.git"
semverRange: ">=1.28.0"
- command: lego
base: alpine
repo: "https://github.com/go-acme/lego.git"
semverRange: ">=4.15.0"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set Node.js 20.x
uses: actions/setup-node@v3
with:
node-version: 20.x
- name: Install semver
uses: borales/actions-yarn@v4
with:
cmd: global add semver
- name: Install regctl
uses: iarekylew00t/regctl-installer@v3
- name: Inspect latest alpine image
id: baseImage
run: |
# calculate digest
digest=$(regctl manifest digest ${{ matrix.image.base }}:latest)
echo "digest=${{ matrix.image.base }}@${digest}" >> $GITHUB_OUTPUT
# calculate checksum
checksum=$(envsubst '${repo_digest}' < ./cicd/checksum/Dockerfile | sha256sum | cut -d' ' -f1)
echo "checksum=${checksum}" >> $GITHUB_OUTPUT
# calculate versions
versions=($(git ls-remote --tags "${{matrix.image.repo}}" \
| sed -r -n 's|.*refs/tags/v?(.*)$|\1|p' \
| xargs semver -r "${{ matrix.image.semverRange}}"))
IFS=$'\n'
size=${#versions[@]}
echo $size
jsonVersions="["
for i in "${!versions[@]}"; do
jsonVersions="${jsonVersions}'${versions[$i]}'"
if (( $i < ($size-1) )); then
jsonVersions="${jsonVersions},"
fi
done
jsonVersions="${jsonVersions}]"
echo ${jsonVersions}
echo "versions=${jsonVersions}" >> $GITHUB_OUTPUT
# use GoCodeAlone fork - until cloudposse fixes
# https://github.com/cloudposse/github-action-matrix-outputs-read/issues/29
- uses: GoCodeAlone/github-action-matrix-outputs-write@v1
id: out
with:
matrix-step-name: ${{ github.job }}
matrix-key: ${{ matrix.image.command }}
outputs: |-
digest: ${{ steps.baseImage.outputs.digest }}
checksum: ${{ steps.baseImage.outputs.checksum }}
versions: ${{ steps.baseImage.outputs.versions }}
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v6
env:
DOCKER_BUILD_RECORD_UPLOAD: false
with:
context: ./cicd/checksum
push: true
build-args: |
CHECKSUM=${{ steps.baseImage.outputs.checksum }}
REPO_DIGEST=${{ steps.baseImage.outputs.digest }}
tags: |
ghcr.io/boxboat/${{ matrix.image.command }}:checksum
# boxboat/${{ matrix.image }}:checksum
read:
runs-on: ubuntu-latest
needs: [base-image-digest]
steps:
# use GoCodeAlone fork - until cloudposse fixes
# https://github.com/cloudposse/github-action-matrix-outputs-read/issues/29
- uses: GoCodeAlone/github-action-matrix-outputs-read@v1
id: read
with:
matrix-step-name: base-image-digest
outputs:
result: "${{ steps.read.outputs.result }}"
helm:
# strategy:
# matrix:
# version: ${{ fromJson(needs.read.outputs.result).helm.versions }}
runs-on: ubuntu-latest
needs: [read]
steps:
- uses: actions/checkout@v4
- run: |
echo "${{ needs.read.outputs.result }}"
echo "${{ fromJson(needs.read.outputs.result).helm }}"
echo "${{ fromJson(needs.read.outputs.result).helm.checksum }}"
echo "${{ fromJson(needs.read.outputs.result).helm.digest }}"
# checksum-image:
# strategy:
# matrix:
# image:
# - command: helm
# base: alpine
# - command: istioctl
# base: alpine
# - command: kubectl
# base: alpine
# - command: lego
# base: alpine
#
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v4
#