build(docker): bump caddy from 2.7.5-alpine to 2.8.4-alpine #17
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Dependabot auto-approve | |
on: pull_request | |
permissions: | |
contents: write | |
pull-requests: write | |
jobs: | |
dependabot: | |
name: 'Dependabot updates' | |
runs-on: ubuntu-latest | |
if: ${{ github.actor == 'dependabot[bot]' }} | |
outputs: | |
previousVersion: '${{ steps.versions.outputs.previous }}' | |
newVersion: '${{ steps.versions.outputs.new }}' | |
dockerUpdate: ${{ steps.dependabot.outputs.package-ecosystem == 'docker' }} | |
steps: | |
- name: Dependabot metadata | |
id: metadata | |
uses: dependabot/fetch-metadata@v2 | |
with: | |
github-token: "${{ github.token }}" | |
- name: Capture versions | |
id: versions | |
run: | | |
PREVIOUS_VERSION=${{ steps.metadata.outputs.previous-version }} | |
NEW_VERSION=${{ steps.metadata.outputs.new-version }} | |
echo "previous=${PREVIOUS_VERSION//-alpine}" >> $GITHUB_OUTPUT | |
echo "new=${NEW_VERSION//-alpine}" >> $GITHUB_OUTPUT | |
- name: Approve a PR | |
run: gh pr review --approve "$PR_URL" | |
env: | |
PR_URL: ${{ github.event.pull_request.html_url }} | |
GITHUB_TOKEN: ${{ github.token }} | |
- name: Auto-merge docker PRs | |
if: ${{ steps.metadata.outputs.package-ecosystem == 'docker' && | |
steps.metadata.outputs.update-type != 'version-update:semver-major'}} | |
run: | | |
gh pr merge --auto --squash "$PR_URL" | |
env: | |
PR_URL: ${{ github.event.pull_request.html_url }} | |
GITHUB_TOKEN: ${{ github.token }} | |
prepare-build: | |
name: 'Updates files for build' | |
runs-on: ubuntu-latest | |
needs: dependabot | |
if: ${{ needs.dependabot.outputs.dockerUpdate }} == 'true' | |
permissions: | |
contents: write | |
outputs: | |
previousVersion: '${{ steps.latest.outputs.version }}' | |
newVersion: '${{ steps.semvers.outputs.patch }}' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: 'main' | |
- name: Get latest tag | |
id: latest | |
run: | | |
TAG=$(curl -sL --request GET \ | |
--url "${{ github.api_url }}/repos/${{ github.repository }}/releases" \ | |
--header "Accept: application/vnd.github+json" \ | |
--header "Authorization: token ${{ github.token }}" \ | |
| jq -r 'first(.[]) | .tag_name') | |
echo "tag=${TAG}" >> $GITHUB_OUTPUT | |
echo "version=${TAG//v}" >> $GITHUB_OUTPUT | |
- name: Generate next semantic version | |
id: semvers | |
uses: "WyriHaximus/github-action-next-semvers@v1" | |
with: | |
version: '${{ steps.latest.outputs.tag }}' | |
- name: Setup go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: 'stable' | |
- name: Update go module | |
uses: jacobtomlinson/gha-find-replace@v3 | |
with: | |
find: 'caddy/v2 v${{ needs.dependabot.outputs.previousVersion }}' | |
replace: 'caddy/v2 v${{ needs.dependabot.outputs.newVersion }}' | |
include: 'go.mod' | |
regex: false | |
- name: Tidy go module | |
run: | | |
go mod tidy | |
- name: Commit go module changes | |
uses: EndBug/add-and-commit@v9 | |
with: | |
committer_name: GitHub Actions | |
committer_email: [email protected] | |
message: 'build(go): bump github.com/caddyserver/caddy/v2 from ${{ needs.dependabot.outputs.previousVersion }} to ${{ needs.dependabot.outputs.newVersion }}' | |
push: false | |
- name: Update Dockerfile | |
uses: jacobtomlinson/gha-find-replace@v3 | |
with: | |
find: 'scgi-transport@${{ steps.latest.outputs.tag }}' | |
replace: 'scgi-transport@${{ steps.semvers.outputs.v_patch }}' | |
include: 'Dockerfile' | |
regex: false | |
- name: Commit Dockerfile changes | |
uses: EndBug/add-and-commit@v9 | |
with: | |
committer_name: GitHub Actions | |
committer_email: [email protected] | |
message: 'build(docker): bump scgi-transport from ${{ steps.latest.outputs.tag }} to ${{ steps.semvers.outputs.v_patch }}' | |
push: false | |
- name: Update Readme scgi-transport | |
uses: jacobtomlinson/gha-find-replace@v3 | |
with: | |
find: 'scgi-transport:${{ steps.latest.outputs.version }}' | |
replace: 'scgi-transport:${{ steps.semvers.outputs.patch }}' | |
include: 'README.md' | |
regex: false | |
- name: Update Readme caddy | |
uses: jacobtomlinson/gha-find-replace@v3 | |
with: | |
find: 'caddy-${{ needs.dependabot.outputs.previousVersion }}' | |
replace: 'caddy-${{ needs.dependabot.outputs.newVersion }}' | |
include: 'README.md' | |
regex: false | |
- name: Commit Readme changes; push and tag | |
uses: EndBug/add-and-commit@v9 | |
with: | |
committer_name: GitHub Actions | |
committer_email: [email protected] | |
message: 'docs: update ghcr.io image tags to ${{ steps.semvers.outputs.v_patch }}' | |
tag: '${{ steps.semvers.outputs.v_patch }}' | |
build-image: | |
name: 'Build docker image' | |
runs-on: ubuntu-latest | |
needs: [ dependabot, prepare-build ] | |
permissions: | |
contents: write | |
packages: write | |
strategy: | |
fail-fast: true | |
matrix: | |
arch: ["amd64"] | |
include: | |
- arch: amd64 | |
os: ubuntu-latest | |
env: | |
caddyVersion: '${{ needs.dependabot.outputs.newVersion }}' | |
previousVersion: '${{ needs.prepare-build.outputs.previousVersion }}' | |
newVersion: '${{ needs.prepare-build.outputs.newVersion }}' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: 'v${{ env.newVersion }}' | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ github.token }} | |
- name: Sanitize repo slug | |
uses: actions/github-script@v7 | |
id: repo_slug | |
with: | |
result-encoding: string | |
script: return '${{ github.repository }}'.toLowerCase() | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build and push | |
uses: docker/build-push-action@v6 | |
continue-on-error: true | |
id: buildx1 | |
with: | |
build-args: | | |
VERSION=${{ env.newVersion }} | |
context: . | |
platforms: linux/${{ matrix.arch }} | |
push: true | |
tags: | | |
ghcr.io/${{ steps.repo_slug.outputs.result }}:${{ env.newVersion }}-caddy-${{ env.caddyVersion }} | |
ghcr.io/${{ steps.repo_slug.outputs.result }}:${{ env.newVersion }} | |
ghcr.io/${{ steps.repo_slug.outputs.result }}:latest | |
# Temp workaround for failed builds | |
- name: Wait to retry | |
if: steps.buildx1.outcome != 'success' | |
run: | | |
sleep 60 | |
# Temp workaround for failed builds | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v6 | |
if: steps.buildx1.outcome != 'success' | |
with: | |
build-args: | | |
VERSION=${{ env.newVersion }}-caddy-${{ env.caddyVersion }} | |
context: . | |
platforms: linux/${{ matrix.arch }} | |
push: true | |
tags: | | |
ghcr.io/${{ steps.repo_slug.outputs.result }}:${{ env.newVersion }}-caddy-${{ env.caddyVersion }} | |
ghcr.io/${{ steps.repo_slug.outputs.result }}:${{ env.newVersion }} | |
ghcr.io/${{ steps.repo_slug.outputs.result }}:latest | |
- name: Generate changelog | |
id: changelog | |
uses: metcalfc/[email protected] | |
with: | |
mytoken: ${{ github.token }} | |
head-ref: 'v${{ env.newVersion }}' | |
base-ref: 'v${{ env.previousVersion }}' | |
- name: Publish release | |
uses: ncipollo/[email protected] | |
with: | |
tag: 'v${{ env.newVersion }}' | |
body: | | |
Changes in this Release: | |
${{ steps.changelog.outputs.changelog }} |