Weekly Release #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Weekly Release | |
| on: | |
| schedule: | |
| # If the schedule stops working, see the docs: https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#schedule | |
| - cron: '0 0 * * 0' # Runs weekly at 00:00 UTC on Sunday | |
| workflow_dispatch: # Allows manual triggering | |
| env: | |
| REGISTRY: ghcr.io | |
| REPOSITORY: ${{ github.repository }} | |
| VERSION: "" | |
| TAG_MAJOR: "" | |
| TAG_MINOR: "" | |
| TAG_PATCH: "" | |
| TAG_LATEST: "" | |
| TAG_OLD: "" | |
| permissions: read-all | |
| jobs: | |
| release-build-and-push: | |
| name: Weekly Release Build and Push | |
| runs-on: ubuntu-latest | |
| outputs: | |
| continue: ${{ steps.compare_versions.outputs.continue }} | |
| permissions: | |
| contents: write | |
| packages: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 | |
| with: | |
| disable-sudo: true | |
| egress-policy: audit | |
| - name: Checkout Repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - name: Get the Latest Version | |
| id: get_version | |
| run: bash ${GITHUB_WORKSPACE}/workflow_scripts/get_latest_version.sh | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| REGISTRY: ${{ env.REGISTRY }} | |
| REPOSITORY: ${{ env.REPOSITORY }} | |
| - name: Log Into Registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build Docker image | |
| id: build | |
| uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 | |
| with: | |
| push: false | |
| tags: ${{ env.TAG_MAJOR }},${{ env.TAG_MINOR }},${{ env.TAG_PATCH }},${{ env.TAG_LATEST }} | |
| - name: Compare the Old and New Docker Images | |
| id: compare_versions | |
| run: bash ${GITHUB_WORKSPACE}/workflow_scripts/compare_containers.sh | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| TAG_OLD: ${{ env.TAG_OLD }} | |
| TAG_PATCH: ${{ env.TAG_PATCH }} | |
| - name: Push Docker image | |
| if: steps.compare_versions.outputs.continue == 'true' | |
| uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 | |
| with: | |
| push: true | |
| tags: ${{ env.TAG_MAJOR }},${{ env.TAG_MINOR }},${{ env.TAG_PATCH }},${{ env.TAG_LATEST }} | |
| # Docs: https://github.com/marketplace/actions/create-release | |
| - name: Create Release | |
| id: create_release | |
| if: steps.compare_versions.outputs.continue == 'true' | |
| uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 | |
| with: | |
| body: "A Weekly release containing upgrades to system packages in the base Alpine Linux container." | |
| makeLatest: true | |
| prerelease: false | |
| generateReleaseNotes: true | |
| tag: ${{ env.VERSION }} | |
| get-charts: | |
| name: Get Charts | |
| runs-on: ubuntu-latest | |
| needs: [release-build-and-push] | |
| if: ${{ needs.release-build-and-push.outputs.continue == 'true' }} | |
| outputs: | |
| changeset: ${{ steps.updater.outputs.changeset }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| - name: Helm Version Updater | |
| uses: lrstanley/helm-version-updater@91c756dbbc1ac62747df7131c32b0fbc8788222f # v1.0.4 | |
| id: updater | |
| with: | |
| check-dir: charts/ | |
| dry-run: true | |
| helm-version-updater: | |
| name: Update Helm Chart Versions and Create a PR | |
| runs-on: ubuntu-latest | |
| needs: [get-charts] | |
| if: ${{ fromJSON(needs.get-charts.outputs.changeset).changes != null }} | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| change: ${{ fromJSON(needs.get-charts.outputs.changeset).changes }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Update Helm Chart Versions | |
| uses: lrstanley/helm-version-updater@91c756dbbc1ac62747df7131c32b0fbc8788222f # v1.0.4 | |
| id: updater | |
| with: | |
| check-dir: ${{ matrix.change.path }} | |
| - name: Create PR | |
| uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f | |
| with: | |
| # Must use a create Github secret token or downstream actions will not run. | |
| token: ${{ secrets.USER_PAT }} | |
| add-paths: "${{ matrix.change.chart.path }}" | |
| title: >- | |
| update chart ${{ matrix.change.chart.name }} | |
| from ${{ matrix.change.old_version }} | |
| to ${{ matrix.change.new_version }} | |
| commit-message: >- | |
| chore(${{ matrix.change.chart.name }}): update chart | |
| from ${{ matrix.change.old_version }} | |
| to ${{ matrix.change.new_version }} | |
| body: | | |
| Updating chart `${{ matrix.change.chart.name }}`: | |
| - Bumping **version** from `${{ matrix.change.old_version }}` to `${{ matrix.change.new_version }}`. | |
| - Bumping **appVersion** from `${{ matrix.change.old_app_version }}` to `${{ matrix.change.new_app_version }}`. | |
| Pull request auto-generated by [helm-version-updater](https://github.com/lrstanley/helm-version-updater). | |
| signoff: true | |
| branch: "chore/chart-version-updater/${{ matrix.change.chart.name }}" | |
| delete-branch: true | |
| base: main | |
| labels: "chore,chart,chart-${{ matrix.change.chart.name }}" | |