chore(deps): update docker.io/library/alpine docker tag #781
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build and push container image | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| env: | |
| CONTAINER_REGISTRY: ghcr.io | |
| CONTAINER_IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| hadolint: | |
| name: lint Dockerfile(s) | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 2 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| - name: lint Dockerfile(s) | |
| uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 | |
| with: | |
| failure-threshold: style | |
| ignore: DL3018,DL4006 | |
| docker-buildx: | |
| name: build (and push) container image | |
| needs: hadolint | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 5 | |
| permissions: | |
| contents: write | |
| packages: write | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| - name: fetch tags | |
| run: git fetch --tags | |
| - name: setup docker buildx | |
| uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 | |
| - name: build the container image | |
| uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 | |
| with: | |
| context: . | |
| platforms: amd64 | |
| push: false | |
| cache-to: type=local,dest=/tmp/.buildx-cache | |
| cache-from: type=registry,ref=${{ env.CONTAINER_REGISTRY }}/${{ env.CONTAINER_IMAGE_NAME }}:cache,ignore-error=true | |
| - name: extract kubernetes/dns versions from Dockerfile | |
| if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) | |
| run: | | |
| set -eux | |
| KUBERNETES_DNS_VERSION="$(grep -Eom1 'KUBERNETES_DNS_VERSION=[0-9]+\.[0-9]+\.[0-9]+\S*' Dockerfile | cut -d= -f2)" | |
| echo "KUBERNETES_DNS_VERSION=${KUBERNETES_DNS_VERSION:?}" | tee -a "${GITHUB_ENV:?}" | |
| - name: create a new git tag | |
| if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) | |
| run: | | |
| set -eux | |
| MAYBE_LATEST_TAG="$(git tag --list "${KUBERNETES_DNS_VERSION:?}+build.[0-9]*" --sort=version:refname | tail -n1)" | |
| # no latest tag existing (`-z` for String length is zero) | |
| if test -z "${MAYBE_LATEST_TAG:-}"; then | |
| NEW_BUILD=0 | |
| NEXT_TAG="${KUBERNETES_DNS_VERSION:?}+build.${NEW_BUILD:?}" | |
| CURRENT_HASH="$(git rev-parse --verify HEAD)" | |
| git tag "${NEXT_TAG:?}" "${CURRENT_HASH:?}" | |
| git push origin "${NEXT_TAG:?}" | |
| # make the build number available as environment variable in the following workflow steps | |
| echo "BUILD_NUMBER=${NEW_BUILD:?}" | tee -a "${GITHUB_ENV:?}" | |
| exit 0 | |
| fi | |
| LATEST_TAG=${MAYBE_LATEST_TAG:?} | |
| LATEST_BUILD=$(echo "${LATEST_TAG:?}" | rev | cut --delimiter="." --fields=1 | rev) | |
| CURRENT_HASH="$(git rev-parse --verify HEAD)" | |
| # no new tag is needed (current commit == commit of latest tag) | |
| LATEST_TAG_GIT_HASH="$(git rev-list -n 1 ${LATEST_TAG})" | |
| if test "${LATEST_TAG_GIT_HASH:?}" = "${CURRENT_HASH:?}"; then | |
| # make the build number available as environment variable in the following workflow steps | |
| echo "BUILD_NUMBER=${LATEST_BUILD:?}" | tee -a "${GITHUB_ENV:?}" | |
| exit 0 | |
| fi | |
| # new tag is needed | |
| NEW_BUILD=$((LATEST_BUILD + 1)) | |
| NEXT_TAG="${KUBERNETES_DNS_VERSION:?}+build.${NEW_BUILD:?}" | |
| # create and push the new tag | |
| git tag "${NEXT_TAG:?}" "${CURRENT_HASH:?}" | |
| git push origin "${NEXT_TAG:?}" | |
| # make the build number available as environment variable in the following workflow steps | |
| echo "BUILD_NUMBER=${NEW_BUILD:?}" | tee -a "${GITHUB_ENV:?}" | |
| # prepare container image tags from iptables and kubernetes/dns versions and container image labels from git metadata (repository url, commit hash, ...) | |
| - name: prepare container image labels and container image tags | |
| if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) | |
| id: meta | |
| uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5 | |
| with: | |
| images: ${{ env.CONTAINER_REGISTRY }}/${{ env.CONTAINER_IMAGE_NAME }} | |
| tags: | # https://github.com/docker/metadata-action#typeraw | |
| type=raw,value=${{ env.KUBERNETES_DNS_VERSION }}-build.${{ env.BUILD_NUMBER }} | |
| type=raw,value=${{ env.KUBERNETES_DNS_VERSION }} | |
| flavor: | | |
| latest=true | |
| - name: login to the container registry | |
| if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 | |
| with: | |
| registry: ${{ env.CONTAINER_REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: build and push the container image | |
| if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) | |
| uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 | |
| with: | |
| context: . | |
| labels: | | |
| org.opencontainers.image.title=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.title'] }} | |
| org.opencontainers.image.description=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.description'] }} | |
| org.opencontainers.image.url=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.url'] }} | |
| org.opencontainers.image.source=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.source'] }} | |
| org.opencontainers.image.version=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }} | |
| org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} | |
| org.opencontainers.image.licenses=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.licenses'] }} | |
| provenance: false | |
| platforms: linux/amd64 | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=registry,ref=${{ env.CONTAINER_REGISTRY }}/${{ env.CONTAINER_IMAGE_NAME }}:cache,mode=max |