Docker/baseimage-docker
1
0
Fork 1
mirror of https://github.com/phusion/baseimage-docker.git synced 2026-03-26 12:29:07 +00:00
Code Issues Releases Wiki Activity

Add GH release creation to scheduled security builds, update deprecated workflow components

Browse Source 
- scheduled-build.yml: Create GitHub release after each weekly security
  rebuild with date-stamped tag (e.g. noble-1.0.2-security.20260227)
- scheduled-build.yml: Add date-stamped Docker image tags alongside
  existing version and codename tags
- scheduled-build.yml: Bump permissions to contents:write for release
  creation
- scheduled-build.yml: Exclude security-tagged releases from base
  version lookup to prevent nested tags
- main.yml: Update docker/build-push-action from v5 to v6
- scheduled-build.yml: Update docker/build-push-action from v5 to v6
- stale.yml: Remove deprecated repo-token parameter

Co-authored-by: samip5 <1703002+samip5@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-02-27 12:57:39 +00:00
parent 00987409ee
commit cd436b0335
2 changed files with 28 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
.github/workflows/main.yml vendored
View File

@@ -2,18 +2,12 @@ name: Release
on: on:
workflow_dispatch: workflow_dispatch:
push: release:
tags: types: [published]
- 'noble-*'
- 'jammy-*'
permissions:
contents: write
packages: write
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: "!contains(github.event.head_commit.message, '[ci-skip]')"
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
@@ -90,13 +84,3 @@ jobs:
push: ${{ steps.prep.outputs.push }} push: ${{ steps.prep.outputs.push }}
tags: ${{ steps.prep.outputs.tags }} tags: ${{ steps.prep.outputs.tags }}
build-args: BASE_IMAGE=${{ steps.prep.outputs.base_image }} build-args: BASE_IMAGE=${{ steps.prep.outputs.base_image }}
- name: Create GitHub Release
if: startsWith(github.ref, 'refs/tags/')
run: |
gh release create "${{ github.ref_name }}" \
--repo "${{ github.repository }}" \
--title "${{ github.ref_name }}" \
--generate-notes
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

27
.github/workflows/scheduled-build.yml vendored
View File

@@ -9,7 +9,7 @@ jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read contents: write
packages: write packages: write
strategy: strategy:
fail-fast: false fail-fast: false
@@ -28,7 +28,7 @@ jobs:
--exclude-pre-releases \ --exclude-pre-releases \
--exclude-drafts \ --exclude-drafts \
--json tagName \ --json tagName \
--jq '[.[] | select(.tagName | startswith("${{ matrix.ubuntu_codename }}-"))] | first | .tagName') --jq '[.[] | select(.tagName | startswith("${{ matrix.ubuntu_codename }}-")) | select(.tagName | contains("-security.") | not)] | first | .tagName')
if [ -z "${LATEST_TAG}" ]; then if [ -z "${LATEST_TAG}" ]; then
echo "No release found for ${{ matrix.ubuntu_codename }} track" >&2 echo "No release found for ${{ matrix.ubuntu_codename }} track" >&2
exit 1 exit 1
@@ -47,13 +47,18 @@ jobs:
run: | run: |
DOCKER_IMAGE=phusion/baseimage DOCKER_IMAGE=phusion/baseimage
RELEASE_TAG=${{ steps.release.outputs.tag }} RELEASE_TAG=${{ steps.release.outputs.tag }}
BUILD_DATE=$(date -u +%Y%m%d)
SECURITY_TAG="${RELEASE_TAG}-security.${BUILD_DATE}"
PLATFORMS=amd64,arm,arm64 PLATFORMS=amd64,arm,arm64
TAGS="${DOCKER_IMAGE}:${RELEASE_TAG}" TAGS="${DOCKER_IMAGE}:${RELEASE_TAG}"
TAGS="${TAGS}, ${DOCKER_IMAGE}:${SECURITY_TAG}"
TAGS="${TAGS}, ${DOCKER_IMAGE}:${{ matrix.ubuntu_codename }}" TAGS="${TAGS}, ${DOCKER_IMAGE}:${{ matrix.ubuntu_codename }}"
TAGS="${TAGS}, ghcr.io/${{ github.repository_owner }}/baseimage:${RELEASE_TAG}" TAGS="${TAGS}, ghcr.io/${{ github.repository_owner }}/baseimage:${RELEASE_TAG}"
TAGS="${TAGS}, ghcr.io/${{ github.repository_owner }}/baseimage:${SECURITY_TAG}"
TAGS="${TAGS}, ghcr.io/${{ github.repository_owner }}/baseimage:${{ matrix.ubuntu_codename }}" TAGS="${TAGS}, ghcr.io/${{ github.repository_owner }}/baseimage:${{ matrix.ubuntu_codename }}"
echo "tags=${TAGS}" >> $GITHUB_OUTPUT echo "tags=${TAGS}" >> $GITHUB_OUTPUT
echo "platforms=${PLATFORMS}" >> $GITHUB_OUTPUT echo "platforms=${PLATFORMS}" >> $GITHUB_OUTPUT
echo "security_tag=${SECURITY_TAG}" >> $GITHUB_OUTPUT
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v3
@@ -89,3 +94,21 @@ jobs:
tags: ${{ steps.prep.outputs.tags }} tags: ${{ steps.prep.outputs.tags }}
build-args: BASE_IMAGE=${{ matrix.base_image }} build-args: BASE_IMAGE=${{ matrix.base_image }}
no-cache: true no-cache: true
- name: Create GitHub Release
run: |
gh release create "${{ steps.prep.outputs.security_tag }}" \
--repo "${{ github.repository }}" \
--target "${{ steps.release.outputs.tag }}" \
--title "${{ steps.prep.outputs.security_tag }}" \
--notes "Automated weekly security rebuild of \`${{ steps.release.outputs.tag }}\` using \`${{ matrix.base_image }}\`.
Images pushed:
- \`phusion/baseimage:${{ steps.release.outputs.tag }}\`
- \`phusion/baseimage:${{ steps.prep.outputs.security_tag }}\`
- \`phusion/baseimage:${{ matrix.ubuntu_codename }}\`
- \`ghcr.io/${{ github.repository_owner }}/baseimage:${{ steps.release.outputs.tag }}\`
- \`ghcr.io/${{ github.repository_owner }}/baseimage:${{ steps.prep.outputs.security_tag }}\`
- \`ghcr.io/${{ github.repository_owner }}/baseimage:${{ matrix.ubuntu_codename }}\`"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}