defra-docker-dotnetcore/.github/workflows/auto-update.yml at main · DEFRA/defra-docker-dotnetcore · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
name: AUTO-UPDATE

on:
  schedule:
    - cron: '0 2 * * *'
  workflow_dispatch:
  push:
    branches:
      - main

jobs:
  check-and-update:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3

      - name: Fetch latest .NET versions
        run: |
          curl -s https://raw.githubusercontent.com/dotnet/core/main/release-notes/releases-index.json > releases-index.json
          echo "Fetched latest .NET versions"

      - name: Check for updates
        id: check-updates
        run: |
          latest_versions=$(jq -r '
            [.["releases-index"][]
              | select(.["support-phase"] == "active" and .["release-type"] == "lts")
              | {majorminor: (.["channel-version"] | split(".")[0:2] | join(".")), sdk: .["latest-sdk"], runtime: .["latest-runtime"]}
            ]
            | group_by(.majorminor)
            | map({(.[0].majorminor): {sdk: .[0].sdk, runtime: .[0].runtime}})
            | add
          ' releases-index.json)

          jq -c '.[]' image-matrix.json | while read -r entry; do
            current_net_version=$(echo "$entry" | jq -r '.netVersion')
            current_sdk_version=$(echo "$entry" | jq -r '.sdkVersion')
            current_runtime_version=$(echo "$entry" | jq -r '.runtimeVersion')
            alpine_version=$(echo "$entry" | jq -r '.alpineVersion')

            # Get the latest SDK and runtime for the major.minor version
            latest_sdk_version=$(echo "$latest_versions" | jq -r --arg ver "$current_net_version" '.[$ver].sdk // empty')
            latest_runtime_version=$(echo "$latest_versions" | jq -r --arg ver "$current_net_version" '.[$ver].runtime // empty')

            # Check if updates are needed
            if [[ -n "$latest_sdk_version" && "$latest_sdk_version" != "$current_sdk_version" ]] || [[ -n "$latest_runtime_version" && "$latest_runtime_version" != "$current_runtime_version" ]]; then
              # Verify if the Alpine image exists
              image="mcr.microsoft.com/dotnet/aspnet:${current_net_version}-alpine${alpine_version}"
              if docker pull "$image" &>/dev/null; then
                echo "Update needed for .NET $current_net_version: SDK $current_sdk_version -> $latest_sdk_version, Runtime $current_runtime_version -> $latest_runtime_version"
                echo "$current_net_version:$latest_sdk_version:$latest_runtime_version:$alpine_version" >> updates.txt
              else
                echo "No Alpine image available for .NET $major_version with Alpine $alpine_version. Skipping update."
              fi
            fi
          done

          # Check if updates.txt exists and is not empty
          if [[ -s updates.txt ]]; then
            echo "update_needed=true" >> $GITHUB_ENV
          else
            echo "update_needed=false" >> $GITHUB_ENV
          fi

      - name: Update files
        if: env.update_needed == 'true'
        run: |
          # Update image-matrix.json
          while IFS=: read -r net_version sdk_version runtime_version alpine_version; do
            sed -i "/\"netVersion\": \"${net_version}\"/,/}/s/\"sdkVersion\": \"[^\"]*\"/\"sdkVersion\": \"${sdk_version}\"/" image-matrix.json
            sed -i "/\"netVersion\": \"${net_version}\"/,/}/s/\"runtimeVersion\": \"[^\"]*\"/\"runtimeVersion\": \"${runtime_version}\"/" image-matrix.json
          done < updates.txt
          echo "Updated image-matrix.json"

          while IFS=: read -r net_version sdk_version runtime_version alpine_version; do
            sed -i -E "s/^\\|[[:space:]]*${net_version}[[:space:]]*\\|[[:space:]]*[[:digit:].]+[[:space:]]*\\|[[:space:]]*[[:digit:].]+[[:space:]]*\\|[[:space:]]*${net_version}-alpine[[:digit:].]+[[:space:]]*\\|/| ${net_version}          | ${sdk_version}     | ${runtime_version}          | ${net_version}-alpine${alpine_version} |/" README.md
          done < updates.txt
          echo "Updated README.md"

          # Update JOB.env
          current_defra_version=$(grep -oP 'DEFRA_VERSION=\K[\d.]+' JOB.env)
          new_defra_version=$(echo "$current_defra_version" | awk -F. '{print $1"."$2"."$3+1}')
          sed -i "s/DEFRA_VERSION=.*/DEFRA_VERSION=${new_defra_version}/" JOB.env
          echo "Updated JOB.env"

          # Update Dockerfile
          latest_net_version=$(jq -r '.[] | select(.latest == true) | .netVersion' image-matrix.json)
          latest_alpine_version=$(jq -r '.[] | select(.latest == true) | .alpineVersion' image-matrix.json)
          sed -i "s/ARG BASE_VERSION=.*/ARG BASE_VERSION=${latest_net_version}-alpine${latest_alpine_version}/" Dockerfile
          sed -i "s/ARG DEFRA_VERSION=.*/ARG DEFRA_VERSION=${new_defra_version}/" Dockerfile
          echo "Updated Dockerfile"

      - name: Prepare pull request details
        if: env.update_needed == 'true'
        run: |
          # Read updates.txt into an environment variable
          updated_versions=$(cat updates.txt | awk -F: '{print $1}' | sort -u | paste -sd, -)

          pull_request_title="Update .NET base image: ${updated_versions}"
          pull_request_body=$(cat updates.txt | awk -F: '{print "- .NET " $1 ": SDK " $2 ", Runtime " $3}')
          pull_request_branch="update-dotnet-base-image-${updated_versions//,/}"

          echo "pull_request_branch=${pull_request_branch}" >> $GITHUB_ENV
          echo "pull_request_title=${pull_request_title}" >> $GITHUB_ENV
          echo "pull_request_body<<EOF" >> $GITHUB_OUTPUT
          echo "$pull_request_body" >> $GITHUB_OUTPUT
          echo "EOF" >> $GITHUB_OUTPUT
          echo "Prepared pull request details."

      - name: Clean up temporary files
        if: env.update_needed == 'true'
        run: |
          rm -f releases-index.json updates.txt
          echo "Removed temporary files."

      - name: Generate GitHub App token
        if: env.update_needed == 'true'
        id: generate-token
        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2
        with:
          app_id: ${{ secrets.APP_ID }}
          private_key: ${{ secrets.APP_PRIVATE_KEY }}

      - name: Render PR template
        id: template
        uses: chuhlomin/render-template@a7c644e341797d050d1cb24332d83791b9a46dae # v1
        with:
          template: .github/pull_request_template.md

      - name: Create pull request
        if: env.update_needed == 'true'
        uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
        with:
          token: ${{ steps.generate-token.outputs.token }}
          branch: ${{ env.pull_request_branch }}
          base: main
          title: ${{ env.pull_request_title }}
          body: |
            Updates the .NET base images to the latest versions:
            ${{ steps.pr-details.outputs.pull_request_body }}
            ${{ steps.template.outputs.result }}
          sign-commits: true
          commit-message: ${{ env.pull_request_title }}
          team-reviewers: ${{ vars.PR_REVIEW_TEAM }}