Dev-v6 Build & Push #25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dev-v6 Build & Push | |
| on: | |
| workflow_dispatch: | |
| #schedule: | |
| #- cron: '0 11 * * *' | |
| jobs: | |
| job01: | |
| name: Base update check | |
| runs-on: ubuntu-latest | |
| outputs: | |
| base_update_available: ${{ steps.base_update_check.outputs.build_image }} | |
| unbound_update_available: ${{ steps.unbound_update_check.outputs.build_image }} | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| - | |
| name: Base image update check | |
| id: base_update_check | |
| run: | | |
| function validate_digest() { | |
| local digest="$1" | |
| if [[ ! "$digest" =~ ^sha256:[a-f0-9]{64}$ ]]; then | |
| echo "Error invalid digest format: $digest" | |
| exit 1 | |
| fi | |
| } | |
| BASE_IMAGE_DIGEST=$(curl -s https://registry.hub.docker.com/v2/repositories/pihole/pihole/tags/development-v6 | grep -oP '"digest":"\K[^"]+' | tail -1) | |
| validate_digest "$BASE_IMAGE_DIGEST" | |
| PREVIOUS_DIGEST=$(cat ./digest/digest_base_development-v6) | |
| validate_digest "$PREVIOUS_DIGEST" | |
| if [ "$BASE_IMAGE_DIGEST" == "$PREVIOUS_DIGEST" ]; then | |
| echo "Base image has not been updated. Exiting..." | |
| echo "build_image=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "Base image has been updated. Continuing with the build..." | |
| echo "build_image=true" >> $GITHUB_OUTPUT | |
| fi | |
| - | |
| name: Unbound update check | |
| id: unbound_update_check | |
| run: | | |
| function validate_digest() { | |
| local digest="$1" | |
| if [[ ! "$digest" =~ ^[a-f0-9]{64}$ ]]; then | |
| echo "Error invalid digest format: $digest" | |
| exit 1 | |
| fi | |
| } | |
| curl -O --silent https://nlnetlabs.nl/downloads/unbound/unbound-latest.tar.gz | |
| LATEST_UNBOUND_DIGEST=$(sha256sum unbound-latest.tar.gz | cut -d ' ' -f 1) | |
| validate_digest "$LATEST_UNBOUND_DIGEST" | |
| PREVIOUS_UNBOUND_DIGEST=$(cat ./digest/digest_unbound_development-v6) | |
| validate_digest "$PREVIOUS_UNBOUND_DIGEST" | |
| if [ "$LATEST_UNBOUND_DIGEST" == "$PREVIOUS_UNBOUND_DIGEST" ]; then | |
| echo "Unbound has not been updated. Exiting..." | |
| echo "build_image=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "Unbound has been updated. Continuing with the build..." | |
| echo "build_image=true" >> $GITHUB_OUTPUT | |
| fi | |
| job02: | |
| name: Build and publish | |
| needs: [job01] | |
| if: needs.job01.outputs.base_update_available == 'true' || needs.job01.outputs.unbound_update_available == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| - | |
| name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - | |
| name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ${{ secrets.DOCKERHUB_NAMESPACE }}/pihole-unbound | |
| flavor: | | |
| latest=false | |
| tags: | | |
| type=raw,value=development-v6 | |
| - | |
| name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USER }} | |
| password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} | |
| - | |
| name: Build and push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ./ | |
| file: ./Dockerfile-Dev-V6 | |
| platforms: linux/amd64, linux/arm64, linux/arm/v7, linux/arm/v6 | |
| build-args: BASE_IMG_TAG=development-v6 | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: | | |
| type=registry,ref=${{ secrets.DOCKERHUB_NAMESPACE }}/docker-cache:buildcache.pihole-unbound.development-v6 | |
| cache-to: | | |
| type=registry,ref=${{ secrets.DOCKERHUB_NAMESPACE }}/docker-cache:buildcache.pihole-unbound.development-v6,mode=max | |
| - | |
| name: Pi-hole version code | |
| id: pihole_version_code_check | |
| run: | | |
| CHECK_VERSION_CODE=$(curl -s https://registry.hub.docker.com/v2/repositories/pihole/pihole/tags/development-v6 | grep -oP '"tag_last_pushed":"\K[^"]+' | tail -1 | cut -c 1-9 | sed 's/-/./g') | |
| echo "New Version: $CHECK_VERSION_CODE" | |
| echo VERSION_CODE=$CHECK_VERSION_CODE >> $GITHUB_OUTPUT | |
| - | |
| name: Unbound version code | |
| id: unbound_version_code_check | |
| run: | | |
| function validate_version() { | |
| local version="$1" | |
| if [[ ! "$version" =~ ^[0-9]{1}\.[0-9]{2}\.[0-9]{1}$ ]]; then | |
| echo "Error invalid version format: $version" | |
| exit 1 | |
| fi | |
| } | |
| CHECK_VERSION_CODE=$(curl -s https://api.github.com/repos/NLnetLabs/unbound/releases/latest | grep '"name"' | awk -F'"' '{print $4}' | cut -d' ' -f 2) | |
| echo "Unbound Version: $CHECK_VERSION_CODE" | |
| validate_version "$CHECK_VERSION_CODE" | |
| echo VERSION_CODE=$CHECK_VERSION_CODE >> $GITHUB_OUTPUT | |
| - | |
| name: Create release | |
| uses: svenstaro/upload-release-action@v2 | |
| env: | |
| UNBOUND_RELEASE_URL: https://github.com/NLnetLabs/unbound/releases/tag/release | |
| with: | |
| body: | | |
| ## Versions | |
| Pi-hole: `development-v6-${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}` | |
| Unbound: `${{ steps.unbound_version_code_check.outputs.VERSION_CODE }}` | |
| ## What's Changed (Docker Image development-v6-${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}) | |
| * Check Pi-hole Docker detailed changelog [here.](https://github.com/pi-hole/docker-pi-hole/commits/development-v6) | |
| * Check Unbound detailed changelog [here.](${{ env.UNBOUND_RELEASE_URL }}-${{ steps.unbound_version_code_check.outputs.VERSION_CODE }}) | |
| repo_token: ${{ secrets.GITHUB_TOKEN }} | |
| file: ./digest/digest_base_development-v6 | |
| release_name: development-v6-${{ steps.pihole_version_code_check.outputs.VERSION_CODE }} | |
| tag: development-v6-${{ steps.pihole_version_code_check.outputs.VERSION_CODE }} | |
| prerelease: true | |
| overwrite: true | |
| - | |
| name: Update digest to file | |
| run: | | |
| BASE_IMAGE_DIGEST=$(curl -s https://registry.hub.docker.com/v2/repositories/pihole/pihole/tags/development-v6 | grep -oP '"digest":"\K[^"]+' | tail -1) | |
| echo "New Base Digest: $BASE_IMAGE_DIGEST" | |
| echo $BASE_IMAGE_DIGEST > ./digest/digest_base_development-v6 | |
| curl -O --silent https://nlnetlabs.nl/downloads/unbound/unbound-latest.tar.gz | |
| LATEST_UNBOUND_DIGEST=$(sha256sum unbound-latest.tar.gz | cut -d ' ' -f 1) | |
| echo "New Unbound Digest: $LATEST_UNBOUND_DIGEST" | |
| echo $LATEST_UNBOUND_DIGEST > ./digest/digest_unbound_development-v6 | |
| - | |
| name: Commit files | |
| run: | | |
| git config user.name "GitHub Actions" | |
| git config user.email "[email protected]" | |
| git commit -a -m "Digest Value Updated" | |
| - | |
| name: Push changes to repository | |
| uses: ad-m/github-push-action@master | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| force: true |