From b004a535832a0fc4b6559a68b255ce8b3f5c8014 Mon Sep 17 00:00:00 2001
From: Paul Abel <p.abel@f5.com>
Date: Tue, 9 Jan 2024 09:55:04 +0000
Subject: [PATCH] add immutable binaries to update images workflow

---
 .github/workflows/update-docker-images.yml | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/update-docker-images.yml b/.github/workflows/update-docker-images.yml
index 988af90548..55bc718971 100644
--- a/.github/workflows/update-docker-images.yml
+++ b/.github/workflows/update-docker-images.yml
@@ -28,6 +28,8 @@ jobs:
     outputs:
       kic-tag: ${{ steps.kic.outputs.tag }}
       versions: ${{ steps.versions.outputs.matrix }}
+      go-md5: ${{ steps.md5.outputs.go_code_md5 }}
+      binary-cache-hit: ${{ steps.binary-cache.outputs.cache-hit }}
     steps:
       - name: Checkout Repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -53,6 +55,18 @@ jobs:
           nginx_ubi=$(grep -m1 "FROM nginxcontrib/nginx:" < build/Dockerfile | awk -F" " '{print $2}')
           echo "matrix=[{\"version\": \"${nginx}\", \"distro\": \"debian\"}, {\"version\": \"${nginx_alpine}\", \"distro\": \"alpine\"}, {\"version\": \"${nginx_ubi}\", \"distro\": \"ubi\"}]" >> $GITHUB_OUTPUT
 
+      - name: Set Go MD5sums
+        id: md5
+        run: echo go_code_md5=$(find . -type f \( -name "*.go" -o -name go.mod -o -name go.sum -o -name "*.tmpl" \) -not -path "./docs*"  -exec md5sum {} + | LC_ALL=C sort  | md5sum | awk '{ print $1 }') >> $GITHUB_OUTPUT
+
+      - name: Fetch Cached Binary Artifacts
+        id: binary-cache
+        uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
+        with:
+          path: ${{ github.workspace }}/dist
+          key: nginx-ingress-${{ steps.md5.outputs.go_code_md5 }}
+          lookup-only: true
+
   check:
     name: Check if updates are needed
     runs-on: ubuntu-22.04
@@ -112,12 +126,14 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GOPATH: ${{ steps.go.outputs.go_path }}
+        if: ${{ needs.variables.outputs.binary-cache-hit != 'true' }}
 
       - name: Store Artifacts in Cache
         uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
         with:
           path: ${{ github.workspace }}/dist
-          key: nginx-ingress-${{ github.run_id }}-${{ github.run_number }}
+          key: nginx-ingress-${{ needs.variables.outputs.go-md5 }}
+        if: ${{ needs.variables.outputs.binary-cache-hit != 'true' }}
 
   release-docker-debian:
     name: Release Debian Image
@@ -127,6 +143,7 @@ jobs:
       platforms: linux/arm,linux/arm64,linux/amd64,linux/ppc64le,linux/s390x
       image: debian
       tag: ${{ needs.variables.outputs.kic-tag }}
+      go-md5: ${{ needs.variables.outputs.go-md5 }}
     permissions:
       contents: read
       actions: read
@@ -144,6 +161,7 @@ jobs:
       platforms: linux/arm,linux/arm64,linux/amd64,linux/ppc64le,linux/s390x
       image: alpine
       tag: ${{ needs.variables.outputs.kic-tag }}
+      go-md5: ${{ needs.variables.outputs.go-md5 }}
     permissions:
       contents: read
       actions: read
@@ -161,6 +179,7 @@ jobs:
       platforms: linux/arm64,linux/amd64,linux/ppc64le,linux/s390x
       image: ubi
       tag: ${{ needs.variables.outputs.kic-tag }}
+      go-md5: ${{ needs.variables.outputs.go-md5 }}
     permissions:
       contents: read
       actions: read