.github/workflows/build-and-push-dev-v6.yaml

name: Dev-v6 Build & Push
on:
  workflow_dispatch:
  #schedule:
    #- cron: '0 11 * * *'

jobs:
  job01:
    name: Base update check
    runs-on: ubuntu-latest
    outputs:
      base_update_available: ${{ steps.base_update_check.outputs.build_image }}
      unbound_update_available: ${{ steps.unbound_update_check.outputs.build_image }}
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
        with:
          ref: main
      -
        name: Base image update check
        id: base_update_check
        run: |
          function validate_digest() {
            local digest="$1"
            if [[ ! "$digest" =~ ^sha256:[a-f0-9]{64}$ ]]; then
              echo "Error invalid digest format: $digest"
              exit 1
            fi
          }
          
          BASE_IMAGE_DIGEST=$(curl -s https://registry.hub.docker.com/v2/repositories/pihole/pihole/tags/development-v6 | grep -oP '"digest":"\K[^"]+' | tail -1)
          validate_digest "$BASE_IMAGE_DIGEST"
          
          PREVIOUS_DIGEST=$(cat ./digest/digest_base_development-v6)
          validate_digest "$PREVIOUS_DIGEST"
          
          if [ "$BASE_IMAGE_DIGEST" == "$PREVIOUS_DIGEST" ]; then
            echo "Base image has not been updated. Exiting..."
            echo "build_image=false" >> $GITHUB_OUTPUT
          else
            echo "Base image has been updated. Continuing with the build..."
            echo "build_image=true" >> $GITHUB_OUTPUT
          fi
      -
        name: Unbound update check
        id: unbound_update_check
        run: |
          function validate_digest() {
            local digest="$1"
            if [[ ! "$digest" =~ ^[a-f0-9]{64}$ ]]; then
              echo "Error invalid digest format: $digest"
              exit 1
            fi
          }
          
          curl -O --silent https://nlnetlabs.nl/downloads/unbound/unbound-latest.tar.gz
          
          LATEST_UNBOUND_DIGEST=$(sha256sum unbound-latest.tar.gz | cut -d ' ' -f 1)
          validate_digest "$LATEST_UNBOUND_DIGEST"
          
          PREVIOUS_UNBOUND_DIGEST=$(cat ./digest/digest_unbound_development-v6)
          validate_digest "$PREVIOUS_UNBOUND_DIGEST"
          
          if [ "$LATEST_UNBOUND_DIGEST" == "$PREVIOUS_UNBOUND_DIGEST" ]; then
            echo "Unbound has not been updated. Exiting..."
            echo "build_image=false" >> $GITHUB_OUTPUT
          else
            echo "Unbound has been updated. Continuing with the build..."
            echo "build_image=true" >> $GITHUB_OUTPUT
          fi
  job02:
    name: Build and publish
    needs: [job01]
    if: needs.job01.outputs.base_update_available == 'true' || needs.job01.outputs.unbound_update_available == 'true'
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
        with:
          ref: main
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      -
        name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: |
            ${{ secrets.DOCKERHUB_NAMESPACE }}/pihole-unbound
          flavor: |
            latest=false
          tags: |
            type=raw,value=development-v6
      -
        name: Login to DockerHub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USER }}
          password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
      -
        name: Build and push
        uses: docker/build-push-action@v6
        with:
          context: ./
          file: ./Dockerfile-Dev-V6
          platforms: linux/amd64, linux/arm64, linux/arm/v7, linux/arm/v6
          build-args: BASE_IMG_TAG=development-v6
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: |
            type=registry,ref=${{ secrets.DOCKERHUB_NAMESPACE }}/docker-cache:buildcache.pihole-unbound.development-v6
          cache-to: |
            type=registry,ref=${{ secrets.DOCKERHUB_NAMESPACE }}/docker-cache:buildcache.pihole-unbound.development-v6,mode=max
      -
        name: Pi-hole version code
        id: pihole_version_code_check
        run: |
          CHECK_VERSION_CODE=$(curl -s https://registry.hub.docker.com/v2/repositories/pihole/pihole/tags/development-v6 | grep -oP '"tag_last_pushed":"\K[^"]+' | tail -1 | cut -c 1-9 | sed 's/-/./g')
          echo "New Version: $CHECK_VERSION_CODE"
          echo VERSION_CODE=$CHECK_VERSION_CODE >> $GITHUB_OUTPUT
      -
        name: Unbound version code
        id: unbound_version_code_check
        run: |
          function validate_version() {
            local version="$1"
            if [[ ! "$version" =~ ^[0-9]{1}\.[0-9]{2}\.[0-9]{1}$ ]]; then
              echo "Error invalid version format: $version"
              exit 1
            fi
          }
          
          CHECK_VERSION_CODE=$(curl -s https://api.github.com/repos/NLnetLabs/unbound/releases/latest | grep '"name"' | awk -F'"' '{print $4}' | cut -d' ' -f 2)
          echo "Unbound Version: $CHECK_VERSION_CODE"
          validate_version "$CHECK_VERSION_CODE"
          echo VERSION_CODE=$CHECK_VERSION_CODE >> $GITHUB_OUTPUT
      -
        name: Create release
        uses: svenstaro/upload-release-action@v2
        env:
          UNBOUND_RELEASE_URL: https://github.com/NLnetLabs/unbound/releases/tag/release
        with:
          body: |
            ## Versions
            Pi-hole: `development-v6-${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}`
            Unbound: `${{ steps.unbound_version_code_check.outputs.VERSION_CODE }}`
            
            ## What's Changed (Docker Image development-v6-${{ steps.pihole_version_code_check.outputs.VERSION_CODE }})
            * Check Pi-hole Docker detailed changelog [here.](https://github.com/pi-hole/docker-pi-hole/commits/development-v6)
            * Check Unbound detailed changelog [here.](${{ env.UNBOUND_RELEASE_URL }}-${{ steps.unbound_version_code_check.outputs.VERSION_CODE }})
          repo_token: ${{ secrets.GITHUB_TOKEN }}
          file: ./digest/digest_base_development-v6
          release_name: development-v6-${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}
          tag: development-v6-${{ steps.pihole_version_code_check.outputs.VERSION_CODE }}
          prerelease: true
          overwrite: true
      -
        name: Update digest to file
        run: |
          BASE_IMAGE_DIGEST=$(curl -s https://registry.hub.docker.com/v2/repositories/pihole/pihole/tags/development-v6 | grep -oP '"digest":"\K[^"]+' | tail -1)
          echo "New Base Digest: $BASE_IMAGE_DIGEST"
          echo $BASE_IMAGE_DIGEST > ./digest/digest_base_development-v6
          curl -O --silent https://nlnetlabs.nl/downloads/unbound/unbound-latest.tar.gz
          LATEST_UNBOUND_DIGEST=$(sha256sum unbound-latest.tar.gz | cut -d ' ' -f 1)
          echo "New Unbound Digest: $LATEST_UNBOUND_DIGEST"
          echo $LATEST_UNBOUND_DIGEST > ./digest/digest_unbound_development-v6
      -
        name: Commit files
        run: |
          git config user.name "GitHub Actions"
          git config user.email "actions@github.com"
          git commit -a -m "Digest Value Updated"
      -
        name: Push changes to repository
        uses: ad-m/github-push-action@master
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          force: true