Skip to content

Latest Build & Push #720

Latest Build & Push

Latest Build & Push #720

name: Latest Build & Push
on:
schedule:
- cron: '0 7 * * *'
jobs:
job01:
name: Base update check
runs-on: ubuntu-latest
outputs:
base_update_available: ${{ steps.base_update_check.outputs.build_image }}
unbound_update_available: ${{ steps.unbound_update_check.outputs.build_image }}
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
ref: main
-
name: Base image update check
id: base_update_check
run: |
function validate_digest() {
local digest="$1"
if [[ ! "$digest" =~ ^sha256:[a-f0-9]{64}$ ]]; then
echo "Error invalid digest format: $digest"
exit 1
fi
}
BASE_IMAGE_DIGEST=$(curl -s https://registry.hub.docker.com/v2/repositories/pihole/pihole/tags/latest | grep -oP '"digest":"\K[^"]+' | tail -1)
validate_digest "$BASE_IMAGE_DIGEST"
PREVIOUS_DIGEST=$(cat ./digest/digest_base_latest)
validate_digest "$PREVIOUS_DIGEST"
if [ "$BASE_IMAGE_DIGEST" == "$PREVIOUS_DIGEST" ]; then
echo "Base image has not been updated. Exiting..."
echo "build_image=false" >> $GITHUB_OUTPUT
else
echo "Base image has been updated. Continuing with the build..."
echo "build_image=true" >> $GITHUB_OUTPUT
fi
-
name: Unbound update check
id: unbound_update_check
run: |
function validate_digest() {
local digest="$1"
if [[ ! "$digest" =~ ^[a-f0-9]{64}$ ]]; then
echo "Error invalid digest format: $digest"
exit 1
fi
}
curl -O --silent https://nlnetlabs.nl/downloads/unbound/unbound-latest.tar.gz
LATEST_UNBOUND_DIGEST=$(sha256sum unbound-latest.tar.gz | cut -d ' ' -f 1)
validate_digest "$LATEST_UNBOUND_DIGEST"
PREVIOUS_UNBOUND_DIGEST=$(cat ./digest/digest_unbound_latest)
validate_digest "$PREVIOUS_UNBOUND_DIGEST"
if [ "$LATEST_UNBOUND_DIGEST" == "$PREVIOUS_UNBOUND_DIGEST" ]; then
echo "Unbound has not been updated. Exiting..."
echo "build_image=false" >> $GITHUB_OUTPUT
else
echo "Unbound has been updated. Continuing with the build..."
echo "build_image=true" >> $GITHUB_OUTPUT
fi
-
name: Docker Hub Description
uses: peter-evans/dockerhub-description@v4
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
repository: ${{ secrets.DOCKERHUB_NAMESPACE }}/pihole-unbound
short-description: ${{ github.event.repository.description }}
job02:
name: Build and publish
needs: [job01]
if: needs.job01.outputs.base_update_available == 'true' || needs.job01.outputs.unbound_update_available == 'true'
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
ref: main
-
name: Pi-hole version code
id: pihole_version_code_check
run: |
function validate_version() {
local version="$1"
if [[ ! "$version" =~ ^[0-9]{4}\.[0-9]{2}\.[0-9]{1}$ ]]; then
echo "Error invalid version format: $version"
exit 1
fi
}
CHECK_VERSION_CODE=$(curl -s https://api.github.com/repos/pi-hole/docker-pi-hole/releases/latest | grep "tag_name" | cut -d'"' -f 4 | tail -n 1)
echo "Pi-hole Version: $CHECK_VERSION_CODE"
validate_version "$CHECK_VERSION_CODE"
echo VERSION_CODE=$CHECK_VERSION_CODE >> $GITHUB_OUTPUT
-
name: Unbound version code
id: unbound_version_code_check
run: |
function validate_version() {
local version="$1"
if [[ ! "$version" =~ ^[0-9]{1}\.[0-9]{2}\.[0-9]{1}$ ]]; then
echo "Error invalid version format: $version"
exit 1
fi
}
CHECK_VERSION_CODE=$(curl -s https://api.github.com/repos/NLnetLabs/unbound/releases/latest | grep '"name"' | awk -F'"' '{print $4}' | cut -d' ' -f 2)
echo "Unbound Version: $CHECK_VERSION_CODE"
validate_version "$CHECK_VERSION_CODE"
echo VERSION_CODE=$CHECK_VERSION_CODE >> $GITHUB_OUTPUT
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ secrets.DOCKERHUB_NAMESPACE }}/pihole-unbound
flavor: |
latest=true
tags: |
type=raw,value=${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}-${{ steps.unbound_version_code_check.outputs.VERSION_CODE }}
-
name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v6
with:
context: ./
platforms: linux/amd64, linux/arm64, linux/arm/v7, linux/arm/v6
build-args: BASE_IMG_TAG=latest
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: |
type=registry,ref=${{ secrets.DOCKERHUB_NAMESPACE }}/docker-cache:buildcache.pihole-unbound.latest
cache-to: |
type=registry,ref=${{ secrets.DOCKERHUB_NAMESPACE }}/docker-cache:buildcache.pihole-unbound.latest,mode=max
-
name: Create release
uses: svenstaro/upload-release-action@v2
env:
UNBOUND_RELEASE_URL: https://github.com/NLnetLabs/unbound/releases/tag/release
with:
body: |
## Versions
Pi-hole: `${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}`
Unbound: `${{ steps.unbound_version_code_check.outputs.VERSION_CODE }}`
## Docker Tags
| Tag | Type | Description |
| :---: | :---: | :---: |
| `latest` | Stable | Always latest release |
| `${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}-${{ steps.unbound_version_code_check.outputs.VERSION_CODE }}` | Stable | Date-based release [Pi-hole Version-Unbound Version] |
## What's Changed (Docker Image v${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}-${{ steps.unbound_version_code_check.outputs.VERSION_CODE }})
* Check Pi-hole Docker detailed changelog [here.](https://github.com/pi-hole/docker-pi-hole/releases/tag/${{ steps.pihole_version_code_check.outputs.VERSION_CODE }})
* Check Unbound detailed changelog [here.](${{ env.UNBOUND_RELEASE_URL }}-${{ steps.unbound_version_code_check.outputs.VERSION_CODE }})
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: ./digest/digest_base_latest
release_name: ${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}-${{ steps.unbound_version_code_check.outputs.VERSION_CODE }}
tag: ${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}-${{ steps.unbound_version_code_check.outputs.VERSION_CODE }}
make_latest: true
overwrite: true
-
name: Update digest to file
run: |
BASE_IMAGE_DIGEST=$(curl -s https://registry.hub.docker.com/v2/repositories/pihole/pihole/tags/latest | grep -oP '"digest":"\K[^"]+' | tail -1)
echo "New Base Digest: $BASE_IMAGE_DIGEST"
echo $BASE_IMAGE_DIGEST > ./digest/digest_base_latest
curl -O --silent https://nlnetlabs.nl/downloads/unbound/unbound-latest.tar.gz
LATEST_UNBOUND_DIGEST=$(sha256sum unbound-latest.tar.gz | cut -d ' ' -f 1)
echo "New Unbound Digest: $LATEST_UNBOUND_DIGEST"
echo $LATEST_UNBOUND_DIGEST > ./digest/digest_unbound_latest
-
name: Commit files
run: |
git config user.name "GitHub Actions"
git config user.email "[email protected]"
git commit -a -m "Digest Value Updated"
-
name: Push changes to repository
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
force: true