Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: fix watch-dependencies workflow so it bumps docker and podman images #1665

Merged
merged 2 commits into from
Apr 27, 2023
Merged

ci: fix watch-dependencies workflow so it bumps docker and podman images #1665

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b5aa67b
ci: fix watch-dependencies workflow to bump docker image tags
consideRatio Apr 26, 2023
f88c411
ci: let image dependency bumping be trialed in PRs
consideRatio Apr 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 18 additions & 11 deletions .github/workflows/watch-dependencies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,17 @@
# This is a GitHub workflow defining a set of jobs with a set of steps.
# ref: https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
# ref: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
#
# - Watch multiple images tags referenced in values.yaml to match the latest
# stable image tag (ignoring pre-releases).
# - Refreeze helm-chart/images/binderhub/requirements.txt based on
# helm-chart/images/binderhub/requirements.in
#
name: Watch dependencies

on:
pull_request:
paths:
- ".github/workflows/watch-dependencies.yaml"
push:
paths:
- ".github/workflows/watch-dependencies.yaml"
Expand All @@ -26,13 +31,17 @@ jobs:
matrix:
include:
- name: docker
registry: registry.hub.docker.com
registry: docker.io
repository: library/docker
values_path: dind.daemonset.image.tag
tag_prefix: ""
tag_suffix: -dind
- name: podman
registry: quay.io
repository: podman/stable
values_path: pink.daemonset.image.tag
tag_prefix: v
tag_suffix: ""

# FIXME: After docker-image-cleaner 1.0.0 is released, we can enable
# this. So far, there isn't any available stable release, and
Expand All @@ -55,30 +64,27 @@ jobs:
- name: Get latest tag of ${{ matrix.registry }}/${{ matrix.repository }}
id: latest
# The skopeo image helps us list tags consistently from different docker
# registries. We use jq to filter out tags of the x.y or x.y.z format
# with the optional v prefix or version_startswith filter, and then sort
# based on the numerical x, y, and z values. Finally, we pick the last
# value in the list.
#
# registries. We identify the latest docker image tag based on the
# version numbers of format x.y.z included in a pattern with an optional
# prefix and suffix, like the tags "v4.5.0" (v prefix) and "23.0.4-dind"
# (-dind suffix).
run: |
latest_tag=$(
docker run --rm quay.io/skopeo/stable list-tags docker://${{ matrix.registry }}/${{ matrix.repository }} \
| jq -r '[.Tags[] | select(. | match("^v?\\d+\\.\\d+\\.\\d+$") | .string)] | sort_by(split(".") | map(ltrimstr("v") | tonumber)) | last'
| jq -r '[.Tags[] | select(. | match("^${{ matrix.tag_prefix }}\\d+\\.\\d+\\.\\d+${{ matrix.tag_suffix }}$") | .string)] | sort_by(split(".") | map(ltrimstr("${{ matrix.tag_prefix }}") | rtrimstr("${{ matrix.tag_suffix }}") | tonumber)) | last'
)
echo "tag=$latest_tag" >> $GITHUB_OUTPUT

- name: Update values.yaml pinned tag
if: steps.local.outputs.tag != steps.latest.outputs.tag
run: |
sed --in-place 's/tag: "${{ steps.local.outputs.tag }}"/tag: "${{ steps.latest.outputs.tag }}"/g' helm-chart/binderhub/values.yaml

- name: git diff
if: steps.local.outputs.tag != steps.latest.outputs.tag
run: git --no-pager diff --color=always

# ref: https://github.com/peter-evans/create-pull-request
- name: Create a PR
if: steps.local.outputs.tag != steps.latest.outputs.tag
Copy link
Member Author

@consideRatio consideRatio Apr 26, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A PR won't be created if there isn't a change anyhow, so the check steps.local.outputs.tag != steps.latest.outputs.tag doesn't matter.

if: github.event_name != 'pull_request'
uses: peter-evans/create-pull-request@v5
with:
token: "${{ secrets.jupyterhub_bot_pat }}"
Expand Down Expand Up @@ -111,6 +117,7 @@ jobs:

# ref: https://github.com/peter-evans/create-pull-request
- name: Create a PR
if: github.event_name != 'pull_request'
uses: peter-evans/create-pull-request@v5
with:
token: "${{ secrets.jupyterhub_bot_pat }}"
Expand Down
8 changes: 4 additions & 4 deletions helm-chart/binderhub/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -272,8 +272,8 @@ dind:
initContainers: []
daemonset:
image:
name: docker
tag: 20.10.12-dind
name: docker.io/library/docker
tag: "20.10.12-dind" # ref: https://hub.docker.com/_/docker/tags
pullPolicy: ""
pullSecrets: []
# Additional command line arguments to pass to dockerd
Expand All @@ -292,7 +292,7 @@ pink:
daemonset:
image:
name: quay.io/podman/stable
tag: v4.3.1
tag: "v4.3.1" # ref: https://quay.io/repository/podman/stable
pullPolicy: ""
pullSecrets: []
lifecycle: {}
Expand All @@ -306,7 +306,7 @@ imageCleaner:
enabled: true
image:
name: quay.io/jupyterhub/docker-image-cleaner
tag: 1.0.0-beta.3
tag: "1.0.0-beta.3"
pullPolicy: ""
pullSecrets: []
# delete an image at most every 5 seconds
Expand Down