Latest Build & Push #720
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Latest Build & Push | |
on: | |
schedule: | |
- cron: '0 7 * * *' | |
jobs: | |
job01: | |
name: Base update check | |
runs-on: ubuntu-latest | |
outputs: | |
base_update_available: ${{ steps.base_update_check.outputs.build_image }} | |
unbound_update_available: ${{ steps.unbound_update_check.outputs.build_image }} | |
steps: | |
- | |
name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
ref: main | |
- | |
name: Base image update check | |
id: base_update_check | |
run: | | |
function validate_digest() { | |
local digest="$1" | |
if [[ ! "$digest" =~ ^sha256:[a-f0-9]{64}$ ]]; then | |
echo "Error invalid digest format: $digest" | |
exit 1 | |
fi | |
} | |
BASE_IMAGE_DIGEST=$(curl -s https://registry.hub.docker.com/v2/repositories/pihole/pihole/tags/latest | grep -oP '"digest":"\K[^"]+' | tail -1) | |
validate_digest "$BASE_IMAGE_DIGEST" | |
PREVIOUS_DIGEST=$(cat ./digest/digest_base_latest) | |
validate_digest "$PREVIOUS_DIGEST" | |
if [ "$BASE_IMAGE_DIGEST" == "$PREVIOUS_DIGEST" ]; then | |
echo "Base image has not been updated. Exiting..." | |
echo "build_image=false" >> $GITHUB_OUTPUT | |
else | |
echo "Base image has been updated. Continuing with the build..." | |
echo "build_image=true" >> $GITHUB_OUTPUT | |
fi | |
- | |
name: Unbound update check | |
id: unbound_update_check | |
run: | | |
function validate_digest() { | |
local digest="$1" | |
if [[ ! "$digest" =~ ^[a-f0-9]{64}$ ]]; then | |
echo "Error invalid digest format: $digest" | |
exit 1 | |
fi | |
} | |
curl -O --silent https://nlnetlabs.nl/downloads/unbound/unbound-latest.tar.gz | |
LATEST_UNBOUND_DIGEST=$(sha256sum unbound-latest.tar.gz | cut -d ' ' -f 1) | |
validate_digest "$LATEST_UNBOUND_DIGEST" | |
PREVIOUS_UNBOUND_DIGEST=$(cat ./digest/digest_unbound_latest) | |
validate_digest "$PREVIOUS_UNBOUND_DIGEST" | |
if [ "$LATEST_UNBOUND_DIGEST" == "$PREVIOUS_UNBOUND_DIGEST" ]; then | |
echo "Unbound has not been updated. Exiting..." | |
echo "build_image=false" >> $GITHUB_OUTPUT | |
else | |
echo "Unbound has been updated. Continuing with the build..." | |
echo "build_image=true" >> $GITHUB_OUTPUT | |
fi | |
- | |
name: Docker Hub Description | |
uses: peter-evans/dockerhub-description@v4 | |
with: | |
username: ${{ secrets.DOCKERHUB_USER }} | |
password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} | |
repository: ${{ secrets.DOCKERHUB_NAMESPACE }}/pihole-unbound | |
short-description: ${{ github.event.repository.description }} | |
job02: | |
name: Build and publish | |
needs: [job01] | |
if: needs.job01.outputs.base_update_available == 'true' || needs.job01.outputs.unbound_update_available == 'true' | |
runs-on: ubuntu-latest | |
steps: | |
- | |
name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
ref: main | |
- | |
name: Pi-hole version code | |
id: pihole_version_code_check | |
run: | | |
function validate_version() { | |
local version="$1" | |
if [[ ! "$version" =~ ^[0-9]{4}\.[0-9]{2}\.[0-9]{1}$ ]]; then | |
echo "Error invalid version format: $version" | |
exit 1 | |
fi | |
} | |
CHECK_VERSION_CODE=$(curl -s https://api.github.com/repos/pi-hole/docker-pi-hole/releases/latest | grep "tag_name" | cut -d'"' -f 4 | tail -n 1) | |
echo "Pi-hole Version: $CHECK_VERSION_CODE" | |
validate_version "$CHECK_VERSION_CODE" | |
echo VERSION_CODE=$CHECK_VERSION_CODE >> $GITHUB_OUTPUT | |
- | |
name: Unbound version code | |
id: unbound_version_code_check | |
run: | | |
function validate_version() { | |
local version="$1" | |
if [[ ! "$version" =~ ^[0-9]{1}\.[0-9]{2}\.[0-9]{1}$ ]]; then | |
echo "Error invalid version format: $version" | |
exit 1 | |
fi | |
} | |
CHECK_VERSION_CODE=$(curl -s https://api.github.com/repos/NLnetLabs/unbound/releases/latest | grep '"name"' | awk -F'"' '{print $4}' | cut -d' ' -f 2) | |
echo "Unbound Version: $CHECK_VERSION_CODE" | |
validate_version "$CHECK_VERSION_CODE" | |
echo VERSION_CODE=$CHECK_VERSION_CODE >> $GITHUB_OUTPUT | |
- | |
name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- | |
name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- | |
name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
${{ secrets.DOCKERHUB_NAMESPACE }}/pihole-unbound | |
flavor: | | |
latest=true | |
tags: | | |
type=raw,value=${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}-${{ steps.unbound_version_code_check.outputs.VERSION_CODE }} | |
- | |
name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USER }} | |
password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} | |
- | |
name: Build and push | |
uses: docker/build-push-action@v6 | |
with: | |
context: ./ | |
platforms: linux/amd64, linux/arm64, linux/arm/v7, linux/arm/v6 | |
build-args: BASE_IMG_TAG=latest | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: | | |
type=registry,ref=${{ secrets.DOCKERHUB_NAMESPACE }}/docker-cache:buildcache.pihole-unbound.latest | |
cache-to: | | |
type=registry,ref=${{ secrets.DOCKERHUB_NAMESPACE }}/docker-cache:buildcache.pihole-unbound.latest,mode=max | |
- | |
name: Create release | |
uses: svenstaro/upload-release-action@v2 | |
env: | |
UNBOUND_RELEASE_URL: https://github.com/NLnetLabs/unbound/releases/tag/release | |
with: | |
body: | | |
## Versions | |
Pi-hole: `${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}` | |
Unbound: `${{ steps.unbound_version_code_check.outputs.VERSION_CODE }}` | |
## Docker Tags | |
| Tag | Type | Description | | |
| :---: | :---: | :---: | | |
| `latest` | Stable | Always latest release | | |
| `${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}-${{ steps.unbound_version_code_check.outputs.VERSION_CODE }}` | Stable | Date-based release [Pi-hole Version-Unbound Version] | | |
## What's Changed (Docker Image v${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}-${{ steps.unbound_version_code_check.outputs.VERSION_CODE }}) | |
* Check Pi-hole Docker detailed changelog [here.](https://github.com/pi-hole/docker-pi-hole/releases/tag/${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}) | |
* Check Unbound detailed changelog [here.](${{ env.UNBOUND_RELEASE_URL }}-${{ steps.unbound_version_code_check.outputs.VERSION_CODE }}) | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
file: ./digest/digest_base_latest | |
release_name: ${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}-${{ steps.unbound_version_code_check.outputs.VERSION_CODE }} | |
tag: ${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}-${{ steps.unbound_version_code_check.outputs.VERSION_CODE }} | |
make_latest: true | |
overwrite: true | |
- | |
name: Update digest to file | |
run: | | |
BASE_IMAGE_DIGEST=$(curl -s https://registry.hub.docker.com/v2/repositories/pihole/pihole/tags/latest | grep -oP '"digest":"\K[^"]+' | tail -1) | |
echo "New Base Digest: $BASE_IMAGE_DIGEST" | |
echo $BASE_IMAGE_DIGEST > ./digest/digest_base_latest | |
curl -O --silent https://nlnetlabs.nl/downloads/unbound/unbound-latest.tar.gz | |
LATEST_UNBOUND_DIGEST=$(sha256sum unbound-latest.tar.gz | cut -d ' ' -f 1) | |
echo "New Unbound Digest: $LATEST_UNBOUND_DIGEST" | |
echo $LATEST_UNBOUND_DIGEST > ./digest/digest_unbound_latest | |
- | |
name: Commit files | |
run: | | |
git config user.name "GitHub Actions" | |
git config user.email "[email protected]" | |
git commit -a -m "Digest Value Updated" | |
- | |
name: Push changes to repository | |
uses: ad-m/github-push-action@master | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
force: true |