draft #18
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update image deps | |
| on: | |
| schedule: | |
| - cron: '0 4 * * *' | |
| workflow_dispatch: | |
| inputs: | |
| k0s-version: | |
| description: 'K0s version for discovering image versions' | |
| required: false | |
| overwrite: | |
| description: 'Overwrite the existing image tags' | |
| required: false | |
| default: 'true' | |
| push: | |
| branches: | |
| - sgalsaleh/sc-108755/use-chainguard-images-for-embedded-cluster | |
| jobs: | |
| get-versions: | |
| runs-on: ubuntu-20.04 | |
| outputs: | |
| matrix: ${{ steps.set-matrix.outputs.matrix }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set matrix | |
| id: set-matrix | |
| run: | | |
| set -euo pipefail | |
| # find the versions of k0s images we need | |
| if [ -n "${{ github.event.inputs.k0s-version }}" ]; then | |
| make pkg/goods/bins/k0s K0S_VERSION="${{ github.event.inputs.k0s-version }}" K0S_BINARY_SOURCE_OVERRIDE= | |
| else | |
| make pkg/goods/bins/k0s | |
| fi | |
| coredns_version=$(pkg/goods/bins/k0s airgap list-images --all | grep '/coredns:' | awk -F':' '{ print $2 }' | sed 's/-[0-9]*$//') | |
| calico_node_version=$(pkg/goods/bins/k0s airgap list-images --all | grep '/calico-node:' | awk -F':v' '{ print $2 }' | sed 's/-[0-9]*$//') | |
| metrics_server_version=$(pkg/goods/bins/k0s airgap list-images --all | grep '/metrics-server:' | awk -F':v' '{ print $2 }' | sed 's/-[0-9]*$//') | |
| kube_proxy_version=$(pkg/goods/bins/k0s airgap list-images --all | grep '/kube-proxy:' | awk -F':v' '{ print $2 }' | sed 's/-[0-9]*$//') | |
| # get the corresponding melange package versions | |
| # we're only using the APKINDEX files to get the versions, so it doesn't matter which arch we use | |
| curl -LO --fail --show-error https://packages.wolfi.dev/os/x86_64/APKINDEX.tar.gz | |
| tar -xzvf APKINDEX.tar.gz | |
| coredns_version=$(< APKINDEX grep -A1 "^P:coredns" | grep "V:$coredns_version" | awk -F '-r' '{print $1, $2}' | sort -k2,2n | tail -1 | awk '{print $1 "-r" $2}' | sed -n -e 's/V://p' | tr -d '\n') | |
| calico_node_version=$(< APKINDEX grep -A1 "^P:calico-node" | grep "V:$calico_node_version" | awk -F '-r' '{print $1, $2}' | sort -k2,2n | tail -1 | awk '{print $1 "-r" $2}' | sed -n -e 's/V://p' | tr -d '\n') | |
| metrics_server_version=$(< APKINDEX grep -A1 "^P:metrics-server" | grep "V:$metrics_server_version" | awk -F '-r' '{print $1, $2}' | sort -k2,2n | tail -1 | awk '{print $1 "-r" $2}' | sed -n -e 's/V://p' | tr -d '\n') | |
| kube_proxy_version=$(< APKINDEX grep -A1 "^P:kube-proxy" | grep "V:$kube_proxy_version" | awk -F '-r' '{print $1, $2}' | sort -k2,2n | tail -1 | awk '{print $1 "-r" $2}' | sed -n -e 's/V://p' | tr -d '\n') | |
| { | |
| printf "matrix={\"include\":[" | |
| printf "{\"component\": \"coredns\", \"version\": \"$coredns_version\", \"makefile_var\": \"COREDNS_VERSION\"}," | |
| printf "{\"component\": \"calico-node\", \"version\": \"$calico_node_version\", \"makefile_var\": \"CALICO_NODE_VERSION\"}," | |
| printf "{\"component\": \"metrics-server\", \"version\": \"$metrics_server_version\", \"makefile_var\": \"METRICS_SERVER_VERSION\"}" | |
| printf "]}" | |
| } >> "$GITHUB_OUTPUT" | |
| build-images: | |
| runs-on: ubuntu-20.04 | |
| needs: get-versions | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJSON(needs.get-versions.outputs.matrix) }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Generate apko config | |
| run: | | |
| set -euo pipefail | |
| sed "s/__VERSION__/${{ matrix.version }}/g" deploy/images/${{ matrix.component }}/apko.tmpl.yaml > apko.yaml | |
| - name: Build and push image | |
| uses: ./.github/actions/build-dep-image-with-apko | |
| with: | |
| apko-config: apko.yaml | |
| image-name: ttl.sh/ec/${{ matrix.component }}:${{ matrix.version }} | |
| # registry-username: ${{ secrets.REGISTRY_USERNAME_STAGING }} | |
| # registry-password: ${{ secrets.REGISTRY_PASSWORD_STAGING }} | |
| overwrite: true # ${{ github.event.inputs.overwrite }} | |
| update-makefile: | |
| runs-on: ubuntu-20.04 | |
| needs: build-images | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Update Makefile | |
| run: | | |
| set -euo pipefail | |
| matrix=${{ needs.get-versions.outputs.matrix }} | |
| echo "$matrix" | jq -c '.include[]' | while read -r component; do | |
| makefile_var=$(echo "$component" | jq -r '.makefile_var') | |
| version=$(echo "$component" | jq -r '.version') | |
| sed -i "s/^$makefile_var.*/$makefile_var = $version/" Makefile | |
| done | |
| - name: Create Pull Request # creates a PR if there are differences | |
| uses: peter-evans/create-pull-request@v6 | |
| id: cpr | |
| with: | |
| token: ${{ secrets.AUTOMATED_PR_GH_PAT }} | |
| commit-message: 'Update image versions' | |
| title: 'Automated image updates' | |
| branch: automation/image-dependencies | |
| delete-branch: true | |
| labels: | | |
| automated-pr | |
| images | |
| type::security | |
| draft: true | |
| # base: "main" | |
| base: "sgalsaleh/sc-108755/use-chainguard-images-for-embedded-cluster" | |
| body: "Automated changes by the [image-deps-updater](https://github.com/replicatedhq/embedded-cluster/blob/main/.github/workflows/image-deps-updater.yaml) GitHub action" | |
| - name: Check outputs | |
| if: ${{ steps.cpr.outputs.pull-request-number }} | |
| run: | | |
| echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" | |
| echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" |