Skip to content

build(docker): bump caddy from 2.7.5-alpine to 2.8.4-alpine #17

build(docker): bump caddy from 2.7.5-alpine to 2.8.4-alpine

build(docker): bump caddy from 2.7.5-alpine to 2.8.4-alpine #17

name: Dependabot auto-approve
on: pull_request
permissions:
contents: write
pull-requests: write
jobs:
dependabot:
name: 'Dependabot updates'
runs-on: ubuntu-latest
if: ${{ github.actor == 'dependabot[bot]' }}
outputs:
previousVersion: '${{ steps.versions.outputs.previous }}'
newVersion: '${{ steps.versions.outputs.new }}'
dockerUpdate: ${{ steps.dependabot.outputs.package-ecosystem == 'docker' }}
steps:
- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@v2
with:
github-token: "${{ github.token }}"
- name: Capture versions
id: versions
run: |
PREVIOUS_VERSION=${{ steps.metadata.outputs.previous-version }}
NEW_VERSION=${{ steps.metadata.outputs.new-version }}
echo "previous=${PREVIOUS_VERSION//-alpine}" >> $GITHUB_OUTPUT
echo "new=${NEW_VERSION//-alpine}" >> $GITHUB_OUTPUT
- name: Approve a PR
run: gh pr review --approve "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GITHUB_TOKEN: ${{ github.token }}
- name: Auto-merge docker PRs
if: ${{ steps.metadata.outputs.package-ecosystem == 'docker' &&
steps.metadata.outputs.update-type != 'version-update:semver-major'}}
run: |
gh pr merge --auto --squash "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GITHUB_TOKEN: ${{ github.token }}
prepare-build:
name: 'Updates files for build'
runs-on: ubuntu-latest
needs: dependabot
if: ${{ needs.dependabot.outputs.dockerUpdate }} == 'true'
permissions:
contents: write
outputs:
previousVersion: '${{ steps.latest.outputs.version }}'
newVersion: '${{ steps.semvers.outputs.patch }}'
steps:
- uses: actions/checkout@v4
with:
ref: 'main'
- name: Get latest tag
id: latest
run: |
TAG=$(curl -sL --request GET \
--url "${{ github.api_url }}/repos/${{ github.repository }}/releases" \
--header "Accept: application/vnd.github+json" \
--header "Authorization: token ${{ github.token }}" \
| jq -r 'first(.[]) | .tag_name')
echo "tag=${TAG}" >> $GITHUB_OUTPUT
echo "version=${TAG//v}" >> $GITHUB_OUTPUT
- name: Generate next semantic version
id: semvers
uses: "WyriHaximus/github-action-next-semvers@v1"
with:
version: '${{ steps.latest.outputs.tag }}'
- name: Setup go
uses: actions/setup-go@v5
with:
go-version: 'stable'
- name: Update go module
uses: jacobtomlinson/gha-find-replace@v3
with:
find: 'caddy/v2 v${{ needs.dependabot.outputs.previousVersion }}'
replace: 'caddy/v2 v${{ needs.dependabot.outputs.newVersion }}'
include: 'go.mod'
regex: false
- name: Tidy go module
run: |
go mod tidy
- name: Commit go module changes
uses: EndBug/add-and-commit@v9
with:
committer_name: GitHub Actions
committer_email: [email protected]
message: 'build(go): bump github.com/caddyserver/caddy/v2 from ${{ needs.dependabot.outputs.previousVersion }} to ${{ needs.dependabot.outputs.newVersion }}'
push: false
- name: Update Dockerfile
uses: jacobtomlinson/gha-find-replace@v3
with:
find: 'scgi-transport@${{ steps.latest.outputs.tag }}'
replace: 'scgi-transport@${{ steps.semvers.outputs.v_patch }}'
include: 'Dockerfile'
regex: false
- name: Commit Dockerfile changes
uses: EndBug/add-and-commit@v9
with:
committer_name: GitHub Actions
committer_email: [email protected]
message: 'build(docker): bump scgi-transport from ${{ steps.latest.outputs.tag }} to ${{ steps.semvers.outputs.v_patch }}'
push: false
- name: Update Readme scgi-transport
uses: jacobtomlinson/gha-find-replace@v3
with:
find: 'scgi-transport:${{ steps.latest.outputs.version }}'
replace: 'scgi-transport:${{ steps.semvers.outputs.patch }}'
include: 'README.md'
regex: false
- name: Update Readme caddy
uses: jacobtomlinson/gha-find-replace@v3
with:
find: 'caddy-${{ needs.dependabot.outputs.previousVersion }}'
replace: 'caddy-${{ needs.dependabot.outputs.newVersion }}'
include: 'README.md'
regex: false
- name: Commit Readme changes; push and tag
uses: EndBug/add-and-commit@v9
with:
committer_name: GitHub Actions
committer_email: [email protected]
message: 'docs: update ghcr.io image tags to ${{ steps.semvers.outputs.v_patch }}'
tag: '${{ steps.semvers.outputs.v_patch }}'
build-image:
name: 'Build docker image'
runs-on: ubuntu-latest
needs: [ dependabot, prepare-build ]
permissions:
contents: write
packages: write
strategy:
fail-fast: true
matrix:
arch: ["amd64"]
include:
- arch: amd64
os: ubuntu-latest
env:
caddyVersion: '${{ needs.dependabot.outputs.newVersion }}'
previousVersion: '${{ needs.prepare-build.outputs.previousVersion }}'
newVersion: '${{ needs.prepare-build.outputs.newVersion }}'
steps:
- uses: actions/checkout@v4
with:
ref: 'v${{ env.newVersion }}'
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Sanitize repo slug
uses: actions/github-script@v7
id: repo_slug
with:
result-encoding: string
script: return '${{ github.repository }}'.toLowerCase()
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push
uses: docker/build-push-action@v6
continue-on-error: true
id: buildx1
with:
build-args: |
VERSION=${{ env.newVersion }}
context: .
platforms: linux/${{ matrix.arch }}
push: true
tags: |
ghcr.io/${{ steps.repo_slug.outputs.result }}:${{ env.newVersion }}-caddy-${{ env.caddyVersion }}
ghcr.io/${{ steps.repo_slug.outputs.result }}:${{ env.newVersion }}
ghcr.io/${{ steps.repo_slug.outputs.result }}:latest
# Temp workaround for failed builds
- name: Wait to retry
if: steps.buildx1.outcome != 'success'
run: |
sleep 60
# Temp workaround for failed builds
- name: Build and push Docker image
uses: docker/build-push-action@v6
if: steps.buildx1.outcome != 'success'
with:
build-args: |
VERSION=${{ env.newVersion }}-caddy-${{ env.caddyVersion }}
context: .
platforms: linux/${{ matrix.arch }}
push: true
tags: |
ghcr.io/${{ steps.repo_slug.outputs.result }}:${{ env.newVersion }}-caddy-${{ env.caddyVersion }}
ghcr.io/${{ steps.repo_slug.outputs.result }}:${{ env.newVersion }}
ghcr.io/${{ steps.repo_slug.outputs.result }}:latest
- name: Generate changelog
id: changelog
uses: metcalfc/[email protected]
with:
mytoken: ${{ github.token }}
head-ref: 'v${{ env.newVersion }}'
base-ref: 'v${{ env.previousVersion }}'
- name: Publish release
uses: ncipollo/[email protected]
with:
tag: 'v${{ env.newVersion }}'
body: |
Changes in this Release:
${{ steps.changelog.outputs.changelog }}