Automatic Updates #909

Workflow file for this run

	name: Automatic Updates

	on:
	schedule:
	- cron: 0 0 * * *
	workflow_dispatch:

	defaults:
	run:
	shell: 'bash -Eeuo pipefail -x {0}'

	jobs:
	retrieve-versions:
	runs-on: ubuntu-22.04
	outputs:
	pgbouncer_version: ${{ env.PGBOUNCER_VERSION }}
	debian_version: ${{ env.DEBIAN_VERSION }}
	steps:
	-
	name: Get latest PgBouncer
	run: \|
	LATEST_TAG=$(curl -s -H "Accept: application/vnd.github.v3+json" -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/repos/pgbouncer/pgbouncer/releases/latest \| jq -r '.tag_name')
	if [ -z "$LATEST_TAG" ]
	then
	echo "PgBouncer latest tag could not be retrieved"
	exit 0
	fi

	pattern="^pgbouncer_[0-9]_[0-9]+_[0-9]+$"
	if [[ ! $LATEST_TAG =~ $pattern ]]; then
	echo "This version is not a stable release. Exiting."
	exit 0
	fi

	VERSION=${LATEST_TAG//pgbouncer_/}
	echo "PGBOUNCER_VERSION=${VERSION//_/.}" >> $GITHUB_ENV
	-
	name: Get latest Debian base image
	run: \|
	DEBIAN_VERSION=$(curl -SsL "https://registry.hub.docker.com/v2/repositories/library/debian/tags/?name=bookworm-20&ordering=last_updated" \| jq -r ".results[].name \| match(\"bookworm.*-slim\") \| .string" \| head -n1)
	if [ -z "$DEBIAN_VERSION" ]
	then
	echo "Debian slim latest tag could not be retrieved"
	exit 0
	fi
	echo "DEBIAN_VERSION=$DEBIAN_VERSION" >> $GITHUB_ENV

	update:
	runs-on: ubuntu-22.04
	needs:
	- retrieve-versions
	if: \|
	needs.retrieve-versions.result == 'success' &&
	needs.retrieve-versions.outputs.pgbouncer_version != '' &&
	needs.retrieve-versions.outputs.debian_version != ''
	env:
	PGBOUNCER_VERSION: "${{ needs.retrieve-versions.outputs.pgbouncer_version }}"
	DEBIAN_VERSION: "${{ needs.retrieve-versions.outputs.debian_version }}"
	steps:
	-
	uses: actions/checkout@v4
	with:
	token: ${{ secrets.REPO_GHA_PAT }}
	fetch-depth: 0
	-
	name: Update Dockerfile
	run: \|
	INITIAL_RELEASE_VERSION=$(jq -r '.IMAGE_RELEASE_VERSION' .versions.json)
	sed \
	-e 's/%%PGBOUNCER_VERSION%%/${{ env.PGBOUNCER_VERSION }}/' \
	-e 's/%%DEBIAN_VERSION%%/${{ env.DEBIAN_VERSION }}/' \
	-e "s/%%IMAGE_RELEASE_VERSION%%/${INITIAL_RELEASE_VERSION}/" \
	Dockerfile.template > Dockerfile
	-
	name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3
	-
	name: Build and export to Docker
	uses: docker/build-push-action@v6
	with:
	context: .
	load: true
	push: false
	tags: newimage
	-
	name: Dockle scan
	uses: erzz/dockle-action@v1
	with:
	image: newimage
	exit-code: '1'
	failure-threshold: WARN
	env:
	DOCKLE_IGNORES: DKL-DI-0006
	-
	name: Extract package list from container
	run: \|
	docker run -t --entrypoint bash newimage -c 'apt list --installed \| sort' > packages.txt
	-
	# We verify if there has been any change in the image. It could be:
	# * a pgbouncer update
	# * a new Debian base image
	# * any change in the installed packages
	# * any change in the git repository except the pipeline
	name: Check if the image has been updated since the latest tag
	run: \|
	echo UPDATED=false >> $GITHUB_ENV
	if git describe --tags; then
	current_tag=$(git describe --tags --abbrev=0)
	if [[ -n $(git diff --name-status ${current_tag} -- . ':(exclude)README.md' ':(exclude).github' ':(exclude).gitignore') ]]; then
	echo UPDATED=true >> $GITHUB_ENV
	fi
	fi
	-
	name: Define tag
	if: ${{ github.ref == 'refs/heads/main' && env.UPDATED == 'true' }}
	run: \|
	release_number=1
	if git describe --tags; then
	current_tag=$(git describe --tags --abbrev=0)
	current_pgbouncer_version=$(echo $current_tag \| cut -d'-' -f 1)
	current_pgbouncer_version=${current_pgbouncer_version##v}
	current_release=$(echo $current_tag \| cut -d'-' -f 2)
	if [ $current_pgbouncer_version = ${{ env.PGBOUNCER_VERSION }} ]; then
	release_number=$((current_release+1))
	fi
	fi
	echo IMAGE_RELEASE_VERSION=${release_number} >> $GITHUB_ENV
	echo TAG=${{ env.PGBOUNCER_VERSION }}-${release_number} >> $GITHUB_ENV
	-
	# In case we are releasing, we need to re-generate the Dockerfile from
	# the template again since now we also know the proper release version.
	name: Update Dockerfile and the JSON version file
	if: ${{ github.ref == 'refs/heads/main' && env.UPDATED == 'true' }}
	run: \|
	sed \
	-e 's/%%PGBOUNCER_VERSION%%/${{ env.PGBOUNCER_VERSION }}/' \
	-e 's/%%DEBIAN_VERSION%%/${{ env.DEBIAN_VERSION }}/' \
	-e 's/%%IMAGE_RELEASE_VERSION%%/${{ env.IMAGE_RELEASE_VERSION }}/' \
	Dockerfile.template > Dockerfile
	jq -S '.PGBOUNCER_VERSION = "${{ env.PGBOUNCER_VERSION }}" \| .IMAGE_RELEASE_VERSION = "${{ env.IMAGE_RELEASE_VERSION }}" \| .DEBIAN_VERSION = "${{ env.DEBIAN_VERSION }}"' < .versions.json >> .versions.json.new
	mv .versions.json.new .versions.json
	-
	name: Temporarily disable "include administrators" branch protection
	if: ${{ always() && github.ref == 'refs/heads/main' && env.UPDATED == 'true' }}
	id: disable_include_admins
	uses: benjefferies/branch-protection-bot@v1.1.2
	with:
	access_token: ${{ secrets.REPO_GHA_PAT }}
	branch: main
	enforce_admins: false
	-
	name: Commit changes
	if: ${{ github.ref == 'refs/heads/main' && env.UPDATED == 'true' }}
	uses: EndBug/add-and-commit@v9
	with:
	author_name: CloudNativePG Automated Updates
	author_email: noreply@cnpg.com
	message: 'Automatic update'
	tag: v${{ env.TAG }}
	-
	name: Make sure a tag is created in case of update
	if: ${{ github.ref == 'refs/heads/main' && env.UPDATED == 'true' }}
	uses: mathieudutour/github-tag-action@v6.2
	with:
	github_token: ${{ secrets.REPO_GHA_PAT }}
	custom_tag: ${{ env.TAG }}
	tag_prefix: 'v'
	-
	name: Enable "include administrators" branch protection
	uses: benjefferies/branch-protection-bot@v1.1.2
	if: ${{ always() && github.ref == 'refs/heads/main' && env.UPDATED == 'true' }}
	with:
	access_token: ${{ secrets.REPO_GHA_PAT }}
	branch: main
	enforce_admins: ${{ steps.disable_include_admins.outputs.initial_status }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Automatic Updates #909

Workflow file

Automatic Updates #909

Jobs

Run details

Workflow file for this run