Branch images #4796
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Branch images | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
on: # yamllint disable-line rule:truthy | |
pull_request: | |
branches: | |
- main | |
types: | |
- synchronize | |
pull_request_review: | |
types: | |
- submitted | |
workflow_dispatch: | |
inputs: | |
pr: | |
required: true | |
type: string | |
description: PR number | |
jobs: | |
push-updater-images: | |
name: Deploy | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
suite: | |
- { name: bundler, ecosystem: bundler } | |
- { name: cargo, ecosystem: cargo } | |
- { name: composer, ecosystem: composer } | |
- { name: docker, ecosystem: docker } | |
- { name: elm, ecosystem: elm } | |
- { name: git_submodules, ecosystem: gitsubmodule } | |
- { name: github_actions, ecosystem: github-actions } | |
- { name: go_modules, ecosystem: gomod } | |
- { name: gradle, ecosystem: gradle } | |
- { name: hex, ecosystem: mix } | |
- { name: maven, ecosystem: maven } | |
- { name: npm_and_yarn, ecosystem: npm } | |
- { name: nuget, ecosystem: nuget } | |
- { name: pub, ecosystem: pub } | |
- { name: python, ecosystem: pip } | |
- { name: swift, ecosystem: swift } | |
- { name: terraform, ecosystem: terraform } | |
permissions: | |
contents: read | |
packages: write | |
env: | |
TAG: ${{ github.sha }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set PR | |
run: echo "PR=${{ github.event.pull_request.number }}" >> $GITHUB_ENV | |
if: github.event_name != 'workflow_dispatch' | |
- name: Set PR (forks) | |
run: echo "PR=${{ inputs.pr }}" >> $GITHUB_ENV | |
if: github.event_name == 'workflow_dispatch' | |
# sets DECISION to the PR's review decision, handling the push-after-approval case | |
- name: Check if pull request is approved | |
run: | | |
DECISION=$(gh pr view ${{ env.PR }} --json reviewDecision,state -t '{{.reviewDecision}}:{{.state}}') | |
echo "Review decision is: $DECISION" | |
echo "DECISION=$DECISION" >> $GITHUB_ENV | |
# overwrite the previous result on pull request events on forks since forks can't publish to GHCR | |
- name: Skip forks | |
if: github.event.pull_request.head.repo.fork | |
run: echo "DECISION=FORK" >> $GITHUB_ENV | |
- name: Prepare tag | |
run: echo "TAG=${{ github.sha }}" >> $GITHUB_ENV | |
if: github.event_name == 'pull_request' | |
- name: Prepare tag (forks) | |
run: | | |
gh pr checkout ${{ inputs.pr }} | |
git fetch origin main | |
git merge origin/main --ff-only || exit 1 | |
echo "TAG=$(git rev-parse HEAD)" >> $GITHUB_ENV | |
if: github.event_name == 'workflow_dispatch' | |
- name: Log in to GHCR | |
if: env.DECISION == 'APPROVED:OPEN' | |
run: | | |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
- name: Build ecosystem image | |
if: env.DECISION == 'APPROVED:OPEN' | |
run: script/build ${{ matrix.suite.name }} | |
- name: Push branch image | |
if: env.DECISION == 'APPROVED:OPEN' | |
run: | | |
docker tag "ghcr.io/dependabot/dependabot-updater-${{ matrix.suite.ecosystem }}" "ghcr.io/dependabot/dependabot-updater-${{ matrix.suite.ecosystem }}:$TAG" | |
docker push "ghcr.io/dependabot/dependabot-updater-${{ matrix.suite.ecosystem }}:$TAG" | |
- name: Set summary | |
if: env.DECISION == 'APPROVED:OPEN' | |
run: | | |
echo "updater uploaded with tag \`$TAG\`" >> $GITHUB_STEP_SUMMARY | |
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY | |
echo "ghcr.io/dependabot/dependabot-updater-${{ matrix.suite.ecosystem }}:$TAG" >> $GITHUB_STEP_SUMMARY | |
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY |