Update python dockerfile #412
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update python dockerfile | |
| on: | |
| schedule: | |
| - cron: '0 4 * * *' # Run every day at 4 AM UTC | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| ref: main | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3 | |
| - name: Get latest ubuntu 24.04 digest | |
| id: ubuntu | |
| run: | | |
| set -euo pipefail | |
| digest=$(docker buildx imagetools inspect ubuntu:24.04 --format '{{.Digest}}' || true) | |
| if [ -z "$digest" ] || [ "$digest" = "<no value>" ]; then | |
| digest=$(docker buildx imagetools inspect ubuntu:24.04 | awk '/^Digest: sha256:/ {print $2; exit}') | |
| fi | |
| if [ -z "$digest" ]; then | |
| echo "Failed to resolve ubuntu:24.04 digest" 1>&2 | |
| exit 1 | |
| fi | |
| echo "digest=$digest" >> "$GITHUB_OUTPUT" | |
| - name: Update UBUNTU_BASE_IMAGE if needed | |
| id: update_ubuntu | |
| working-directory: python | |
| run: | | |
| set -euo pipefail | |
| new_line="UBUNTU_BASE_IMAGE=\"ubuntu:24.04@${{ steps.ubuntu.outputs.digest }}\"" | |
| if grep -q "^${new_line}$" generate_dockerfile.sh; then | |
| echo "updated=false" >> "$GITHUB_OUTPUT" | |
| else | |
| sed -i -E "0,/^UBUNTU_BASE_IMAGE=/{s|^UBUNTU_BASE_IMAGE=.*$|${new_line}|}" generate_dockerfile.sh | |
| echo "updated=true" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Try to update dockerfile | |
| working-directory: python | |
| run: | | |
| bash generate_dockerfile.sh | |
| - name: Verify Ubuntu digest is pinned in Dockerfiles | |
| run: | | |
| set -euo pipefail | |
| for f in python/Dockerfile_*; do | |
| echo "Checking $f" | |
| grep -q '^FROM ubuntu:24\.04@sha256:' "$f" | |
| done | |
| - name: Create Pull Request | |
| uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 | |
| with: | |
| commit-message: Updating to latest python version and ubuntu base digest | |
| add-paths: | | |
| python/Dockerfile_* | |
| python/generate_dockerfile.sh | |
| branch: cron-python-update | |
| title: Updating to latest python version and ubuntu base digest | |
| assignees: Hartorn | |
| token: ${{ secrets.DOCKER_PYTHON_PR_TOKEN }} |