Skip to content

Commit

Permalink
ci: add workflow to check for new alpine versions (#376)
Browse files Browse the repository at this point in the history 
This adds a workflow that checks the current version of Alpine used in
the Dockerfile against the latest available.

If they differ, it runs the `./scripts/update-alpine-version.sh` script.
This will occur on both the v7 and v8 branches, just like the Go version
checker.
  • Loading branch information
@cwaldren-ld
cwaldren-ld committed Jun 12, 2024
1 parent c0dabe2 commit a73be93
Show file tree
Hide file tree
Showing 2 changed files with 68 additions and 1 deletion.
67 changes: 67 additions & 0 deletions .github/workflows/check-alpine-version.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
name: Check Supported Alpine Version
on:
schedule:
- cron: "0 17 * * *"
workflow_dispatch:

jobs:
create-prs:
permissions:
contents: write
pull-requests: write
runs-on: ubuntu-latest
strategy:
matrix:
branch: ["v7", "v8"]
fail-fast: false
steps:
- uses: actions/checkout@v4
with:
ref: ${{ matrix.branch }}

- name: Get current Alpine version
id: alpine-current
run: |
version=$(sed -n 's/^FROM \(.*\)/\1/p' Dockerfile.goreleaser)
echo "version=$version" >> $GITHUB_OUTPUT
- name: Get latest Alpine tag semantic version, not 'latest'
id: alpine-latest
run: |
version=$(curl -s https://hub.docker.com/v2/repositories/library/alpine/tags/?page_size=100 | jq -r '.results[].name' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+$' | sort -V | tail -n 1)
echo "version=$version" >> $GITHUB_OUTPUT
- name: Update from ${{ steps.alpine-current.outputs.version }} to alpine:${{ steps.alpine-latest.outputs.version }}
id: update-alpine
if: steps.alpine-current.outputs.version != steps.alpine-latest.outputs.version
run: ./scripts/update-alpine-version.sh ${{ steps.alpine-latest.outputs.version }}

- name: Create pull request
if: steps.update-alpine.outcome == 'success'
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e
with:
token: ${{ secrets.GITHUB_TOKEN }}
add-paths: |
Dockerfile
Dockerfile.goreleaser
branch: "launchdarklyreleasebot/update-to-alpine${{ steps.alpine-latest.outputs.version }}-${{ matrix.branch }}"
author: "LaunchDarklyReleaseBot <[email protected]>"
committer: "LaunchDarklyReleaseBot <[email protected]>"
labels: ${{ matrix.branch }}
title: "fix(deps): update Dockerfiles from ${{ steps.alpine-current.outputs.version }} to alpine:${{ steps.alpine-latest.outputs.version }}"
commit-message: "Bumps from ${{ steps.alpine-current.outputs.version }} -> alpine:${{ steps.alpine-latest.outputs.version }}"
body: |
It's time to update Relay's Docker image Alpine versions. Alpine updates should generally be consumed
as soon as possible since they contain patches for CVEs.
| | Current repo configuration | Desired repo configuration |
|-------------|------------------------------------|---------------------------------------------------------------------------------------------------------------------|
| Alpine Version | ${{ steps.alpine-current.outputs.version }} | [alpine:${{ steps.alpine-latest.outputs.version }}](https://hub.docker.com/_/alpine/tags) |
This PR's change was generated by running:
```bash
./scripts/update-alpine-version.sh ${{ steps.alpine-latest.outputs.version }}
```
- [ ] I have triggered CI on this PR (either close & reopen this PR in Github UI, or `git commit -m "run ci" --allow-empty && git push`)
2 changes: 1 addition & 1 deletion .github/workflows/check-go-versions.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ jobs:

- name: Create pull request
if: steps.update.outcome == 'success'
uses: peter-evans/create-pull-request@v6
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e
with:
token: ${{ secrets.GITHUB_TOKEN }}
add-paths: |
Expand Down

0 comments on commit a73be93

Please sign in to comment.