Latest Build & Push #677

Workflow file for this run

.github/workflows/build-and-push-latest.yaml at 9ee2508

	name: Latest Build & Push
	on:
	schedule:
	- cron: '0 7 * * *'

	jobs:
	job01:
	name: Base update check
	runs-on: ubuntu-latest
	outputs:
	base_update_available: ${{ steps.base_update_check.outputs.build_image }}
	unbound_update_available: ${{ steps.unbound_update_check.outputs.build_image }}
	steps:
	-
	name: Checkout
	uses: actions/checkout@v4
	with:
	ref: main
	-
	name: Base image update check
	id: base_update_check
	run: \|
	function validate_digest() {
	local digest="$1"
	if [[ ! "$digest" =~ ^sha256:[a-f0-9]{64}$ ]]; then
	echo "Error invalid digest format: $digest"
	exit 1
	fi
	}

	BASE_IMAGE_DIGEST=$(curl -s https://registry.hub.docker.com/v2/repositories/pihole/pihole/tags/latest \| grep -oP '"digest":"\K[^"]+' \| tail -1)
	validate_digest "$BASE_IMAGE_DIGEST"

	PREVIOUS_DIGEST=$(cat ./digest/digest_base_latest)
	validate_digest "$PREVIOUS_DIGEST"

	if [ "$BASE_IMAGE_DIGEST" == "$PREVIOUS_DIGEST" ]; then
	echo "Base image has not been updated. Exiting..."
	echo "build_image=false" >> $GITHUB_OUTPUT
	else
	echo "Base image has been updated. Continuing with the build..."
	echo "build_image=true" >> $GITHUB_OUTPUT
	fi
	-
	name: Unbound update check
	id: unbound_update_check
	run: \|
	function validate_digest() {
	local digest="$1"
	if [[ ! "$digest" =~ ^[a-f0-9]{64}$ ]]; then
	echo "Error invalid digest format: $digest"
	exit 1
	fi
	}

	curl -O --silent https://nlnetlabs.nl/downloads/unbound/unbound-latest.tar.gz

	LATEST_UNBOUND_DIGEST=$(sha256sum unbound-latest.tar.gz \| cut -d ' ' -f 1)
	validate_digest "$LATEST_UNBOUND_DIGEST"

	PREVIOUS_UNBOUND_DIGEST=$(cat ./digest/digest_unbound_latest)
	validate_digest "$PREVIOUS_UNBOUND_DIGEST"

	if [ "$LATEST_UNBOUND_DIGEST" == "$PREVIOUS_UNBOUND_DIGEST" ]; then
	echo "Unbound has not been updated. Exiting..."
	echo "build_image=false" >> $GITHUB_OUTPUT
	else
	echo "Unbound has been updated. Continuing with the build..."
	echo "build_image=true" >> $GITHUB_OUTPUT
	fi
	-
	name: Docker Hub Description
	uses: peter-evans/dockerhub-description@v4
	with:
	username: ${{ secrets.DOCKERHUB_USER }}
	password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
	repository: ${{ secrets.DOCKERHUB_NAMESPACE }}/pihole-unbound
	short-description: ${{ github.event.repository.description }}
	job02:
	name: Build and publish
	needs: [job01]
	if: needs.job01.outputs.base_update_available == 'true' \|\| needs.job01.outputs.unbound_update_available == 'true'
	runs-on: ubuntu-latest
	steps:
	-
	name: Checkout
	uses: actions/checkout@v4
	with:
	ref: main
	-
	name: Pi-hole version code
	id: pihole_version_code_check
	run: \|
	function validate_version() {
	local version="$1"
	if [[ ! "$version" =~ ^[0-9]{4}\.[0-9]{2}\.[0-9]{1}$ ]]; then
	echo "Error invalid version format: $version"
	exit 1
	fi
	}

	CHECK_VERSION_CODE=$(curl -s https://api.github.com/repos/pi-hole/docker-pi-hole/releases/latest \| grep "tag_name" \| cut -d'"' -f 4 \| tail -n 1)
	echo "Pi-hole Version: $CHECK_VERSION_CODE"
	validate_version "$CHECK_VERSION_CODE"
	echo VERSION_CODE=$CHECK_VERSION_CODE >> $GITHUB_OUTPUT
	-
	name: Unbound version code
	id: unbound_version_code_check
	run: \|
	function validate_version() {
	local version="$1"
	if [[ ! "$version" =~ ^[0-9]{1}\.[0-9]{2}\.[0-9]{1}$ ]]; then
	echo "Error invalid version format: $version"
	exit 1
	fi
	}

	CHECK_VERSION_CODE=$(curl -s https://api.github.com/repos/NLnetLabs/unbound/releases/latest \| grep '"name"' \| awk -F'"' '{print $4}' \| cut -d' ' -f 2)
	echo "Unbound Version: $CHECK_VERSION_CODE"
	validate_version "$CHECK_VERSION_CODE"
	echo VERSION_CODE=$CHECK_VERSION_CODE >> $GITHUB_OUTPUT
	-
	name: Set up QEMU
	uses: docker/setup-qemu-action@v3
	-
	name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3
	-
	name: Docker meta
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: \|
	${{ secrets.DOCKERHUB_NAMESPACE }}/pihole-unbound
	flavor: \|
	latest=true
	tags: \|
	type=raw,value=${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}-${{ steps.unbound_version_code_check.outputs.VERSION_CODE }}
	-
	name: Login to DockerHub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USER }}
	password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
	-
	name: Build and push
	uses: docker/build-push-action@v6
	with:
	context: ./
	platforms: linux/amd64, linux/arm64, linux/arm/v7, linux/arm/v6
	build-args: BASE_IMG_TAG=latest
	push: true
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	cache-from: \|
	type=registry,ref=${{ secrets.DOCKERHUB_NAMESPACE }}/docker-cache:buildcache.pihole-unbound.latest
	cache-to: \|
	type=registry,ref=${{ secrets.DOCKERHUB_NAMESPACE }}/docker-cache:buildcache.pihole-unbound.latest,mode=max
	-
	name: Create release
	uses: svenstaro/upload-release-action@v2
	env:
	UNBOUND_RELEASE_URL: https://github.com/NLnetLabs/unbound/releases/tag/release
	with:
	body: \|
	## Versions
	Pi-hole: `${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}`
	Unbound: `${{ steps.unbound_version_code_check.outputs.VERSION_CODE }}`

	## Docker Tags
	\| Tag \| Type \| Description \|
	\| :---: \| :---: \| :---: \|
	\| `latest` \| Stable \| Always latest release \|
	\| `${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}-${{ steps.unbound_version_code_check.outputs.VERSION_CODE }}` \| Stable \| Date-based release [Pi-hole Version-Unbound Version] \|

	## What's Changed (Docker Image v${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}-${{ steps.unbound_version_code_check.outputs.VERSION_CODE }})
	* Check Pi-hole Docker detailed changelog [here.](https://github.com/pi-hole/docker-pi-hole/releases/tag/${{ steps.pihole_version_code_check.outputs.VERSION_CODE }})
	* Check Unbound detailed changelog [here.](${{ env.UNBOUND_RELEASE_URL }}-${{ steps.unbound_version_code_check.outputs.VERSION_CODE }})
	repo_token: ${{ secrets.GITHUB_TOKEN }}
	file: ./digest/digest_base_latest
	release_name: ${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}-${{ steps.unbound_version_code_check.outputs.VERSION_CODE }}
	tag: ${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}-${{ steps.unbound_version_code_check.outputs.VERSION_CODE }}
	make_latest: true
	overwrite: true
	-
	name: Update digest to file
	run: \|
	BASE_IMAGE_DIGEST=$(curl -s https://registry.hub.docker.com/v2/repositories/pihole/pihole/tags/latest \| grep -oP '"digest":"\K[^"]+' \| tail -1)
	echo "New Base Digest: $BASE_IMAGE_DIGEST"
	echo $BASE_IMAGE_DIGEST > ./digest/digest_base_latest
	curl -O --silent https://nlnetlabs.nl/downloads/unbound/unbound-latest.tar.gz
	LATEST_UNBOUND_DIGEST=$(sha256sum unbound-latest.tar.gz \| cut -d ' ' -f 1)
	echo "New Unbound Digest: $LATEST_UNBOUND_DIGEST"
	echo $LATEST_UNBOUND_DIGEST > ./digest/digest_unbound_latest
	-
	name: Commit files
	run: \|
	git config user.name "GitHub Actions"
	git config user.email "[email protected]"
	git commit -a -m "Digest Value Updated"
	-
	name: Push changes to repository
	uses: ad-m/github-push-action@master
	with:
	github_token: ${{ secrets.GITHUB_TOKEN }}
	force: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Latest Build & Push #677

Workflow file

Latest Build & Push #677

Jobs

Run details

Workflow file for this run