diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e749661..60d2ffa 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -76,7 +76,7 @@ jobs: password: ${{ secrets.DOCKER_PASSWORD }} - name: Build and Push - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: builder: ${{ steps.buildx.outputs.name }} context: image diff --git a/.github/workflows/scheduled-build.yml b/.github/workflows/scheduled-build.yml index a4beae7..a105b87 100644 --- a/.github/workflows/scheduled-build.yml +++ b/.github/workflows/scheduled-build.yml @@ -9,7 +9,7 @@ jobs: build: runs-on: ubuntu-latest permissions: - contents: read + contents: write packages: write strategy: fail-fast: false @@ -20,7 +20,7 @@ jobs: - ubuntu_codename: jammy base_image: ubuntu:22.04 steps: - - name: Get latest release tag for this LTS track + - name: Get latest release tag and compute next patch version id: release run: | LATEST_TAG=$(gh release list \ @@ -33,24 +33,34 @@ jobs: echo "No release found for ${{ matrix.ubuntu_codename }} track" >&2 exit 1 fi - echo "tag=${LATEST_TAG}" >> $GITHUB_OUTPUT + # Extract version and bump patch: noble-1.0.2 -> noble-1.0.3 + if ! echo "${LATEST_TAG}" | grep -qE '^[a-z]+-[0-9]+\.[0-9]+\.[0-9]+$'; then + echo "Tag '${LATEST_TAG}' does not match expected format -.." >&2 + exit 1 + fi + PREFIX="${LATEST_TAG%.*}" # noble-1.0 + PATCH="${LATEST_TAG##*.}" # 2 + NEXT_PATCH=$((PATCH + 1)) + NEXT_TAG="${PREFIX}.${NEXT_PATCH}" # noble-1.0.3 + echo "current_tag=${LATEST_TAG}" >> $GITHUB_OUTPUT + echo "next_tag=${NEXT_TAG}" >> $GITHUB_OUTPUT env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Checkout release tag uses: actions/checkout@v4 with: - ref: ${{ steps.release.outputs.tag }} + ref: ${{ steps.release.outputs.current_tag }} - name: Prepare id: prep run: | DOCKER_IMAGE=phusion/baseimage - RELEASE_TAG=${{ steps.release.outputs.tag }} + NEXT_TAG=${{ steps.release.outputs.next_tag }} PLATFORMS=amd64,arm,arm64 - TAGS="${DOCKER_IMAGE}:${RELEASE_TAG}" + TAGS="${DOCKER_IMAGE}:${NEXT_TAG}" TAGS="${TAGS}, ${DOCKER_IMAGE}:${{ matrix.ubuntu_codename }}" - TAGS="${TAGS}, ghcr.io/${{ github.repository_owner }}/baseimage:${RELEASE_TAG}" + TAGS="${TAGS}, ghcr.io/${{ github.repository_owner }}/baseimage:${NEXT_TAG}" TAGS="${TAGS}, ghcr.io/${{ github.repository_owner }}/baseimage:${{ matrix.ubuntu_codename }}" echo "tags=${TAGS}" >> $GITHUB_OUTPUT echo "platforms=${PLATFORMS}" >> $GITHUB_OUTPUT @@ -81,7 +91,7 @@ jobs: password: ${{ secrets.DOCKER_PASSWORD }} - name: Build and Push - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: image platforms: ${{ steps.prep.outputs.platforms }} @@ -89,3 +99,19 @@ jobs: tags: ${{ steps.prep.outputs.tags }} build-args: BASE_IMAGE=${{ matrix.base_image }} no-cache: true + + - name: Create GitHub Release + run: | + gh release create "${{ steps.release.outputs.next_tag }}" \ + --repo "${{ github.repository }}" \ + --target "${{ steps.release.outputs.current_tag }}" \ + --title "${{ steps.release.outputs.next_tag }}" \ + --notes "Automated weekly security rebuild of \`${{ steps.release.outputs.current_tag }}\` with latest \`${{ matrix.base_image }}\` packages. + + Images pushed: + - \`phusion/baseimage:${{ steps.release.outputs.next_tag }}\` + - \`phusion/baseimage:${{ matrix.ubuntu_codename }}\` + - \`ghcr.io/${{ github.repository_owner }}/baseimage:${{ steps.release.outputs.next_tag }}\` + - \`ghcr.io/${{ github.repository_owner }}/baseimage:${{ matrix.ubuntu_codename }}\`" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index d6068b9..6f2058b 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -9,7 +9,6 @@ jobs: steps: - uses: actions/stale@v9 with: - repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.' stale-pr-message: 'This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thank you for your contribution.' close-issue-message: 'Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.'