Skip to content

Update ubuntu:24.04 Docker digest to d4f6f70 #39

Update ubuntu:24.04 Docker digest to d4f6f70

Update ubuntu:24.04 Docker digest to d4f6f70 #39

Workflow file for this run

name: Containers
on:
push:
tags:
- 'v*'
branches: [main]
paths:
- '**Containerfile'
- '.containerignore'
- '.github/workflows/containers.yml'
pull_request:
paths:
- '**Containerfile'
- '.containerignore'
- '.github/workflows/containers.yml'
workflow_dispatch:
jobs:
# podman can handle lowercase. So normalize the outputs
get-meta:
runs-on: ubuntu-24.04
timeout-minutes: 5
outputs:
started_at: ${{ steps.timestamp.outputs.started_at }}
ref_tag: ${{ steps.tags.outputs.ref }}
special_tag: ${{ steps.tags.outputs.special }}
timestamp_tag: ${{ steps.tags.outputs.timestamp }}
steps:
- name: Get started timestamp
id: timestamp
run: |
# Do not use ":" delimiter as iso-8601/rfc-3339, it cannot be used in container tag
echo started_at="$(date --utc '+%Y%m%d-%H%M%S-%Z')" | ruby -pe '$_.downcase!' | tee -a "$GITHUB_OUTPUT"
- name: Generate tags for the image
id: tags
# https://github.com/orgs/community/discussions/26557#discussioncomment-3252327
run: |
echo "timestamp=${{ steps.timestamp.outputs.started_at }}" | tee -a "$GITHUB_OUTPUT"
special=''
ref=''
if [ '${{ github.event_name }}' = 'pull_request' ]; then
special='pr-${{ github.event.number }}-${{ github.event.pull_request.head.sha }}'
ref='${{ github.event.pull_request.head.sha }}'
elif [ '${{ github.event_name }}' = 'push' ] && [ '${{ github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then
special='latest'
ref='${{ github.sha }}'
else
exit 1
fi
echo "special=${special}" | tee -a "$GITHUB_OUTPUT"
echo "ref=${ref}" | tee -a "$GITHUB_OUTPUT"
ubuntu-nix-sudoer:
needs: [get-meta]
runs-on: ubuntu-24.04
timeout-minutes: 30
outputs:
package-json: ${{ steps.inspect-package.outputs.json }}
steps:
- name: Logging dependency versions
run: |
podman version
crun --version
buildah version
- uses: actions/checkout@v4
- name: Install gh-action-escape
run: curl -fsSL https://raw.githubusercontent.com/kachick/gh-action-escape/main/scripts/install-in-github-action.sh | sh -s v0.2.0
- name: Build Image
id: build-image
uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 #v2.13
with:
image: ubuntu-24.04-nix-sudoer
tags: ${{ needs.get-meta.outputs.special_tag }} ${{ needs.get-meta.outputs.ref_tag }} ${{ needs.get-meta.outputs.timestamp_tag }}
containerfiles: |
./images/ubuntu-nix-sudoer/Containerfile
build-args: |
username=user
oci: true
# - name: Setup tmate session
# uses: mxschmitt/action-tmate@v3
# with:
# limit-access-to-actor: true
- name: Inspect the created image
run: |
podman inspect localhost/${{ steps.build-image.outputs.image }}:${{ needs.get-meta.outputs.ref_tag }}
- name: Push To ghcr.io
id: push-to-ghcr
if: ${{ github.actor == github.repository_owner }}
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c #v2.8
with:
image: ${{ steps.build-image.outputs.image }}
tags: ${{ steps.build-image.outputs.tags }}
registry: ghcr.io/${{ github.repository_owner }}
username: ${{ github.repository_owner }}
password: ${{ github.token }}
- name: Log outputs
if: ${{ github.event_name != 'pull_request' }}
run: echo "${{ toJSON(steps.push-to-ghcr.outputs) }}"
- name: Inspect the package
id: inspect-package
if: ${{ github.actor == github.repository_owner }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -euxo pipefail
echo "${{ toJSON(steps.push-to-ghcr.outputs) }}"
gh api --paginate \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/users/${{ github.repository_owner }}/packages/container/ubuntu-24.04-nix-sudoer/versions \
--jq '.[] | select(.name == "${{ steps.push-to-ghcr.outputs.digest }}")' | \
jq | gh-action-escape -name=json | tee -a "$GITHUB_OUTPUT"
ubuntu-nix-systemd:
needs: [get-meta]
runs-on: ubuntu-24.04
timeout-minutes: 30
outputs:
package-json: ${{ steps.inspect-package.outputs.json }}
steps:
- name: Logging dependency versions
run: |
podman version
crun --version
buildah version
- uses: actions/checkout@v4
- name: Install gh-action-escape
run: curl -fsSL https://raw.githubusercontent.com/kachick/gh-action-escape/main/scripts/install-in-github-action.sh | sh -s v0.2.0
- name: Build Image
id: build-image
uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 #v2.13
with:
image: ubuntu-24.04-nix-systemd
tags: ${{ needs.get-meta.outputs.special_tag }} ${{ needs.get-meta.outputs.ref_tag }} ${{ needs.get-meta.outputs.timestamp_tag }}
containerfiles: |
./images/ubuntu-nix-systemd/Containerfile
oci: true
# - name: Setup tmate session
# uses: mxschmitt/action-tmate@v3
# with:
# limit-access-to-actor: true
- name: Inspect the created image
run: |
podman inspect localhost/${{ steps.build-image.outputs.image }}:${{ needs.get-meta.outputs.ref_tag }}
- name: Push To ghcr.io
id: push-to-ghcr
if: ${{ github.actor == github.repository_owner }}
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c #v2.8
with:
image: ${{ steps.build-image.outputs.image }}
tags: ${{ steps.build-image.outputs.tags }}
registry: ghcr.io/${{ github.repository_owner }}
username: ${{ github.repository_owner }}
password: ${{ github.token }}
- name: Log outputs
if: ${{ github.event_name != 'pull_request' }}
run: echo "${{ toJSON(steps.push-to-ghcr.outputs) }}"
- name: Inspect the package
id: inspect-package
if: ${{ github.actor == github.repository_owner }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -euxo pipefail
echo "${{ toJSON(steps.push-to-ghcr.outputs) }}"
gh api --paginate \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/users/${{ github.repository_owner }}/packages/container/ubuntu-24.04-nix-systemd/versions \
--jq '.[] | select(.name == "${{ steps.push-to-ghcr.outputs.digest }}")' | \
jq | gh-action-escape -name=json | tee -a "$GITHUB_OUTPUT"
announce-staging:
needs: [get-meta, ubuntu-nix-systemd, ubuntu-nix-sudoer]
runs-on: ubuntu-24.04
timeout-minutes: 10
steps:
- name: Prepare git to run gh commands
uses: actions/checkout@v4
- name: Post comments
if: ${{ (github.actor == github.repository_owner) && (github.event_name == 'pull_request') }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
(
cat <<'EOF'
⬢🦭 Staging container-image has been deployed 🚀\
You can check in package URL
* systemd: https://github.com/${{ github.repository }}/pkgs/container/ubuntu-24.04-nix-systemd/${{ fromJson(needs.ubuntu-nix-systemd.outputs.package-json).id }}?tag=${{ needs.get-meta.outputs.special_tag }}
* sudoer: https://github.com/${{ github.repository }}/pkgs/container/ubuntu-24.04-nix-sudoer/${{ fromJson(needs.ubuntu-nix-sudoer.outputs.package-json).id }}?tag=${{ needs.get-meta.outputs.special_tag }}
This image will be automatically 🤖 removed from ghcr.io 🗑️ if you merged/closed this PR 😌
EOF
) | gh pr comment ${{ github.event.number }} --body-file -