update-digests #34437
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: update-digests | |
on: | |
workflow_dispatch: | |
schedule: | |
- cron: '0 * * * *' | |
jobs: | |
do-work: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Git Config | |
run: | | |
git config --global user.name "github-actions[bot]" | |
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
- name: Do Work | |
env: | |
REPOSITORY_OWNER: ${{ github.repository_owner }} | |
GH_ACTOR: ${{ github.actor }} | |
GH_TOKEN: ${{ github.token }} | |
PERSONAL_TOKEN: ${{ secrets.PERSONAL_TOKEN }} | |
DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }} | |
run: | | |
while read REPOSITORY; do | |
while IFS= read -r BRANCH; do | |
git clone -b "${BRANCH}" "https://${PERSONAL_TOKEN}@github.com/${REPOSITORY_OWNER}/${REPOSITORY}.git" | |
cd "${REPOSITORY}" || exit 1 | |
########################################### | |
[[ -f update-digests.sh ]] && bash ./update-digests.sh || continue | |
git add . | |
if git commit -m "Upstream image update"; then | |
git push | |
GIT_SHA=$(git log -n 1 --pretty=format:"%H") | |
json=$(jq -nc --arg title "${REPOSITORY_OWNER}/${REPOSITORY}:${BRANCH}" \ | |
--arg url "https://github.com/${REPOSITORY_OWNER}/${REPOSITORY}/commit/${GIT_SHA}" \ | |
--arg description "Upstream changes detected." \ | |
--argjson color "4886754" \ | |
--arg timestamp "$(date -u +"%Y-%m-%dT%H:%M:%S.000Z")" \ | |
'{"embeds": [ | |
{ | |
"title": $title, | |
"url": $url, | |
"description": $description, | |
"color": $color, | |
"footer": {"text": "Powered by GitHub Actions"}, | |
"timestamp": $timestamp | |
} | |
]}') | |
jq <<< "${json}" | |
curl -fsSL -X POST -H "Content-Type: application/json" -d "${json}" "${DISCORD_WEBHOOK}" | |
fi | |
########################################### | |
cd .. || exit 1 | |
rm -rf "${REPOSITORY}" | |
done < <(curl -u "${GH_ACTOR}:${GH_TOKEN}" -fsSL "https://api.github.com/repos/${REPOSITORY_OWNER}/${REPOSITORY}/branches" | jq -re --arg branch_filter "${BRANCH_FILTER}" '.[] | select(.name!="master") | select(.name|test("\($branch_filter)")) | .name') | |
done < <(curl -u "${GH_ACTOR}:${GH_TOKEN}" -fsSL "https://api.github.com/users/${REPOSITORY_OWNER}/repos?per_page=1000" | jq -re --arg repository_filter "${REPOSITORY_FILTER}" '.[] | select(.topics[]=="docker-image") | select(.name|test("\($repository_filter)")) | .name') | |
heartbeat: | |
runs-on: ubuntu-latest | |
permissions: | |
actions: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Keep workflow alive | |
uses: gautamkrishnar/keepalive-workflow@v2 |