-
Notifications
You must be signed in to change notification settings - Fork 0
98 lines (82 loc) · 4.55 KB
/
pipeline.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
name: Build and Push Docker Image
on:
schedule:
- cron: '0 0 * * *'
workflow_dispatch: # Allow manual triggering of the workflow
inputs:
skip_version_check:
type: boolean
description: Skip previous version check
default: false
env:
DOCKER_HUB_USERNAME: monstr0
IMAGE_NAME: caddy-cloudflare-crowdsec
jobs:
check-and-build:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Log in to Docker Hub
uses: docker/#-action@v2
with:
username: ${{ env.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Get the previous versions.json artifact
if: ${{ inputs.skip_version_check == false }}
run: |
# Get the list of all artifacts in the repository, sorted by updated_at
response=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
"https://api.github.com/repos/${{ github.repository }}/actions/artifacts?per_page=100")
# Filter for artifacts named "versions-json" and sort by "updated_at"
latest_artifact=$(echo "$response" | jq -c \
'[.artifacts[] | select(.name=="versions-json")] | sort_by(.updated_at) | last')
if [ "$latest_artifact" != "null" ]; then
# Extract the download URL and updated timestamp
archive_url=$(echo "$latest_artifact" | jq -r '.archive_download_url')
curl -L -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-o versions-json.zip "$archive_url"
unzip versions-json.zip -d .
rm versions-json.zip
else
echo "No artifact found with name 'versions-json'."
fi
- name: Check for Dependency Updates
run: |
# Check latest commit hash for each dependency
CADDY_CLOUDFLARE_LATEST=$(curl -s https://api.github.com/repos/caddy-dns/cloudflare/commits?per_page=1 | jq -r '.[0].sha')
CADDY_CLOUDFLARE_IP_LATEST=$(curl -s https://api.github.com/repos/WeidiDeng/caddy-cloudflare-ip/commits?per_page=1 | jq -r '.[0].sha')
CADDY_CROWDSEC_BOUNCER_LATEST=$(curl -s https://api.github.com/repos/hslatman/caddy-crowdsec-bouncer/commits?per_page=1 | jq -r '.[0].sha')
CADDY_LATEST_DIGEST=$(curl -s https://hub.docker.com/v2/repositories/library/caddy/tags/latest | jq -r '.images[0].digest')
# Read the last known commit versions if available
VERSIONS=$(cat ./versions.json 2>/dev/null || echo "{}")
# Read the last known commit hashes and digest
PREV_CADDY_CLOUDFLARE=$(echo "$VERSIONS" | jq -r '.caddy_cloudflare')
PREV_CADDY_CLOUDFLARE_IP=$(echo "$VERSIONS" | jq -r '.caddy_cloudflare_ip')
PREV_CADDY_CROWDSEC_BOUNCER=$(echo "$VERSIONS" | jq -r '.caddy_crowdsec_bouncer')
PREV_CADDY_LATEST_DIGEST=$(echo "$VERSIONS" | jq -r '.caddy_latest_digest')
# Compare current with previous versions
CADDY_CLOUDFLARE_UPDATED=$( [ "$CADDY_CLOUDFLARE_LATEST" != "$PREV_CADDY_CLOUDFLARE" ] && echo true || echo false )
CADDY_CLOUDFLARE_IP_UPDATED=$( [ "$CADDY_CLOUDFLARE_IP_LATEST" != "$PREV_CADDY_CLOUDFLARE_IP" ] && echo true || echo false )
CROWDSEC_BOUNCER_UPDATED=$( [ "$CADDY_CROWDSEC_BOUNCER_LATEST" != "$PREV_CADDY_CROWDSEC_BOUNCER" ] && echo true || echo false )
CADDY_UPDATED=$( [ "$CADDY_LATEST_DIGEST" != "$PREV_CADDY_LATEST_DIGEST" ] && echo true || echo false )
# Check if versions file was updated
if [[ "$CADDY_CLOUDFLARE_UPDATED" == "true" || "$CADDY_CLOUDFLARE_IP_UPDATED" == "true" || "$CROWDSEC_BOUNCER_UPDATED" == "true" || "$CADDY_UPDATED" == "true" ]]; then
echo "{\"caddy_cloudflare\":\"$CADDY_CLOUDFLARE_LATEST\",\"caddy_cloudflare_ip\":\"$CADDY_CLOUDFLARE_IP_LATEST\",\"caddy_crowdsec_bouncer\":\"$CADDY_CROWDSEC_BOUNCER_LATEST\",\"caddy_latest_digest\":\"$CADDY_LATEST_DIGEST\"}" > ./versions.json
echo "file_updated=true" >> $GITHUB_ENV
else
echo "file_updated=false" >> $GITHUB_ENV
fi
- name: Build docker image and push
if: env.file_updated == 'true'
run: |
VERSION=$(date +%Y%m%d%H%M)
docker buildx build --tag ${{ env.DOCKER_HUB_USERNAME }}/${{ env.IMAGE_NAME }}:$VERSION --tag ${{ env.DOCKER_HUB_USERNAME }}/${{ env.IMAGE_NAME }}:latest --push .
- name: Upload versions.json artifact
uses: actions/upload-artifact@v4
with:
name: versions-json
path: ./versions.json
retention-days: 2