Skip to content

Update Docker Images #416

Update Docker Images

Update Docker Images #416

name: Update Docker Images
on:
schedule:
- cron: "0 2 * * *" # run every day at 02:00 UTC
workflow_dispatch:
inputs:
force-update:
description: 'Force update of images'
required: false
type: boolean
defaults:
run:
shell: bash
concurrency:
group: ${{ github.ref_name }}-update-images
cancel-in-progress: true
permissions:
contents: read
jobs:
variables:
name: Get versions of base images
runs-on: ubuntu-24.04
outputs:
ngf_tag: ${{ steps.ngf.outputs.tag }}
nginx_version: ${{ steps.nginx.outputs.nginx_version }}
steps:
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Set NGF version
id: ngf
run: |
tag="$(git tag --sort=-version:refname | head -n1)"
echo "tag=${tag//v}" >> $GITHUB_OUTPUT
- name: Checkout Repository at ${{ steps.ngf.outputs.tag }}
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: refs/tags/v${{ steps.ngf.outputs.tag }}
- name: Set NGINX version
id: nginx
run: |
version=$(grep -m1 "FROM.*nginx:.*alpine" < build/Dockerfile.nginx | awk -F" " '{print $2}')
echo nginx_version=${version} >> $GITHUB_OUTPUT
check:
name: Check if updates are needed
runs-on: ubuntu-24.04
needs: variables
outputs:
needs-updating: ${{ steps.update.outputs.needs-updating }}
steps:
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Check if update available for nginx image
id: update
uses: lucacome/docker-image-update-checker@a233de0585661c019fb71f9601328db37051cc66 # v2.0.0
with:
base-image: ${{ needs.variables.outputs.nginx_version }}
image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:${{ needs.variables.outputs.ngf_tag }}
build:
name: Build Image
needs: [variables, check]
if: ${{ needs.check.outputs.needs-updating == 'true' || inputs.force-update == true }}
uses: ./.github/workflows/build.yml
with:
image: nginx
platforms: "linux/arm64,linux/amd64"
tag: ${{ needs.variables.outputs.ngf_tag }}
permissions:
contents: read # for docker/build-push-action to read repo content
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
packages: write # for docker/build-push-action to push to GHCR
id-token: write # for docker/login to login to NGINX registry