Image refresh #15461
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Image refresh | |
on: | |
workflow_dispatch: ~ | |
schedule: | |
- cron: '0 * * * *' | |
jobs: | |
latest-image: | |
runs-on: ubuntu-latest | |
container: | |
image: isseim/s3s:latest | |
options: --user root # because isseim/s3s uses the user `s3s` by default, who isn't allowed to write outputs. | |
outputs: | |
revision: ${{ steps.get-revision.outputs.revision }} | |
steps: | |
- name: Get latest image revision | |
id: get-revision | |
run: echo "revision=$(cat /opt/s3s/REVISION)" >> "$GITHUB_OUTPUT" | |
latest-app: | |
runs-on: ubuntu-latest | |
outputs: | |
revision: ${{ steps.get-revision.outputs.revision }} | |
steps: | |
- name: Get latest app revision | |
id: get-revision | |
run: | | |
revision=$(curl -s -H 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' -H 'Content-Type: application.json' https://api.github.com/repos/frozenpandaman/s3s/commits/master | jq -er '.sha') | |
echo "revision=$revision" >> "$GITHUB_OUTPUT" | |
refresh-latest-image: | |
needs: [latest-image, latest-app] | |
runs-on: ubuntu-latest | |
if: needs.latest-image.outputs.revision != needs.latest-app.outputs.revision | |
steps: | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Build and push | |
uses: docker/build-push-action@v3 | |
with: | |
build-args: | | |
REVISION=${{ needs.latest-app.outputs.revision }} | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: isseim/s3s:latest | |
- name: Configure AWS Credentials for refresh notification | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ap-northeast-1 | |
- name: Refresh notification | |
env: | |
AWS_PAGER: '' | |
run: | | |
aws sns publish --topic-arn ${{ secrets.AWS_NOTIFICATION_TOPIC_ARN }} \ | |
--subject '[s3s-docker] Refreshed image' \ | |
--message 'See: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}' | |
failure-notification: | |
needs: [latest-image, latest-app, refresh-latest-image] | |
runs-on: ubuntu-latest | |
if: ${{ failure() }} | |
steps: | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ap-northeast-1 | |
- name: Publish SNS topic | |
env: | |
AWS_PAGER: '' | |
run: | | |
aws sns publish --topic-arn ${{ secrets.AWS_NOTIFICATION_TOPIC_ARN }} \ | |
--subject '[ ! ] [s3s-docker] Failed to refresh image' \ | |
--message 'See: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}' |