updated push to work on tags

.github/workflows/confbatstest-build.yaml

@@ -7,11 +7,13 @@ on:
       - confbatstest/**
 
 jobs:
-  build:
+  build-confbatstest:
     env:
       context: confbatstest
       image_name: confbatstest
       branch_name: ${{ github.head_ref || github.ref_name }}
+      ref_type: ${{ github.ref_type }}
+      owner: ${{ github.repository_owner }}
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -40,7 +42,7 @@ jobs:
           tags: "${{ steps.image_tags.outputs.IMAGE_TAGS }}"
 
       - name: Push to ghcr.io
-        if: ${{ env.branch_name == 'main' }} # Stops push running when dependabot creates a PR, which fails due to token
+        if: ${{ env.ref_type == 'tag' || env.owner != 'redhat-cop' }} # Stops push running when bots create a PR, which fails due to token
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
         with:
           image: ${{ steps.build_image.outputs.image }}

.github/workflows/confbatstest.yaml

@@ -17,6 +17,11 @@ jobs:
       - name: Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
+        with:
+          dockerfile: confbatstest/Dockerfile_build
+          ignore: DL3041 # https://github.com/hadolint/hadolint/wiki/DL3041
+
       - name: Switch the action to use the Dockerfile_build
         run: |
           mv confbatstest/Dockerfile confbatstest/Dockerfile_runnable

.github/workflows/github-dispatches-build.yaml

@@ -7,11 +7,13 @@ on:
       - github-dispatches/**
 
 jobs:
-  build:
+  build-github-dispatches:
     env:
       context: github-dispatches
       image_name: github-dispatches
       branch_name: ${{ github.head_ref || github.ref_name }}
+      ref_type: ${{ github.ref_type }}
+      owner: ${{ github.repository_owner }}
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -39,7 +41,7 @@ jobs:
           tags: "${{ steps.image_tags.outputs.IMAGE_TAGS }}"
 
       - name: Push to ghcr.io
-        if: ${{ env.branch_name == 'main' }} # Stops push running when dependabot creates a PR, which fails due to token
+        if: ${{ env.ref_type == 'tag' || env.owner != 'redhat-cop' }} # Stops push running when bots create a PR, which fails due to token
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
         with:
           image: ${{ steps.build_image.outputs.image }}

.github/workflows/github-dispatches.yaml

@@ -17,6 +17,10 @@ jobs:
       - name: Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
+        with:
+          dockerfile: github-dispatches/Dockerfile_build
+
       - name: Switch the action to use the Dockerfile_build
         run: |
           mv github-dispatches/Dockerfile github-dispatches/Dockerfile_runnable

.github/workflows/kyverno-cli-build.yaml

@@ -7,11 +7,13 @@ on:
       - kyverno-cli/**
 
 jobs:
-  build:
+  build-kyverno-cli:
     env:
       context: kyverno-cli
       image_name: kyverno-cli
       branch_name: ${{ github.head_ref || github.ref_name }}
+      ref_type: ${{ github.ref_type }}
+      owner: ${{ github.repository_owner }}
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -40,7 +42,7 @@ jobs:
           tags: "${{ steps.image_tags.outputs.IMAGE_TAGS }}"
 
       - name: Push to ghcr.io
-        if: ${{ env.branch_name == 'main' }} # Stops push running when dependabot creates a PR, which fails due to token
+        if: ${{ env.ref_type == 'tag' || env.owner != 'redhat-cop' }} # Stops push running when bots create a PR, which fails due to token
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
         with:
           image: ${{ steps.build_image.outputs.image }}

.github/workflows/kyverno-cli.yaml

@@ -17,6 +17,11 @@ jobs:
       - name: Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
+        with:
+          dockerfile: kyverno-cli/Dockerfile_build
+          ignore: DL3041 # https://github.com/hadolint/hadolint/wiki/DL3041
+
       - name: Switch the action to use the Dockerfile_build
         run: |
           mv kyverno-cli/Dockerfile kyverno-cli/Dockerfile_runnable

.github/workflows/redhat-csp-download-build.yaml

@@ -7,11 +7,13 @@ on:
       - redhat-csp-download/**
 
 jobs:
-  build:
+  build-redhat-csp-download:
     env:
       context: redhat-csp-download
       image_name: redhat-csp-download
       branch_name: ${{ github.head_ref || github.ref_name }}
+      ref_type: ${{ github.ref_type }}
+      owner: ${{ github.repository_owner }}
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -39,7 +41,7 @@ jobs:
           tags: "${{ steps.image_tags.outputs.IMAGE_TAGS }}"
 
       - name: Push to ghcr.io
-        if: ${{ env.branch_name == 'main' }} # Stops push running when dependabot creates a PR, which fails due to token
+        if: ${{ env.ref_type == 'tag' || env.owner != 'redhat-cop' }} # Stops push running when bots create a PR, which fails due to token
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
         with:
           image: ${{ steps.build_image.outputs.image }}

.github/workflows/redhat-csp-download.yaml

@@ -17,6 +17,10 @@ jobs:
       - name: Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
+        with:
+          dockerfile: redhat-csp-download/Dockerfile_build
+
       - name: Switch the action to use the Dockerfile_build
         run: |
           mv redhat-csp-download/Dockerfile redhat-csp-download/Dockerfile_runnable

confbatstest/Dockerfile

@@ -1 +1,2 @@
-FROM ghcr.io/redhat-cop/github-actions/confbatstest:latest@sha256:51d818e46a4b1bc34e09d9eaafd69bfa6ee904759f115ae42dd3c297fd4c9840
+# renovate: datasource=github-releases depName=redhat-cop/github-actions
+FROM ghcr.io/redhat-cop/github-actions/confbatstest:v4.0

confbatstest/Dockerfile_build

@@ -51,7 +51,7 @@ FROM registry.access.redhat.com/ubi9/python-39:1-153.1699551718@sha256:81a000d48
 # renovate: datasource=github-releases depName=bats-core/bats-core
 ARG BATS_VERSION=master
 
-LABEL version="1.8.0"
+LABEL version="4.0.0"
 LABEL repository="http://github.com/redhat-cop/github-actions"
 LABEL homepage="http://github.com/redhat-cop/github-actions/confbatstest"
 LABEL maintainer="Red Hat CoP"

confbatstest/version.json

@@ -1,3 +1,3 @@
 {
-  "version": "v1.8.0"
+  "version": "v4.0.0"
 }

github-dispatches/Dockerfile

@@ -1 +1,2 @@
-FROM ghcr.io/redhat-cop/github-actions/github-dispatches:latest@sha256:ca108275cac264516979a75a8d5a8cbe27fa50de3fff8a70ebfb87a5dcad73a3
+# renovate: datasource=github-releases depName=redhat-cop/github-actions
+FROM ghcr.io/redhat-cop/github-actions/github-dispatches:v4.0

github-dispatches/Dockerfile_build

@@ -11,7 +11,7 @@ RUN curl -L -o /tmp/jq-linux64 https://github.com/stedolan/jq/releases/download/
 # Runnable image
 FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3-1361.1699548032@sha256:c77792b8084ce5946c68f39024fa460ef7769c0eef3fce995e70299e21a7e166
 
-LABEL version="1.2.0"
+LABEL version="4.0.0"
 LABEL repository="http://github.com/redhat-cop/github-actions"
 LABEL homepage="http://github.com/redhat-cop/github-actions/github-dispatches"
 LABEL maintainer="Red Hat CoP"

github-dispatches/version.json

@@ -1,3 +1,3 @@
 {
-  "version": "v1.2.0"
+  "version": "v4.0.0"
 }

kyverno-cli/Dockerfile

@@ -1 +1,2 @@
-FROM ghcr.io/redhat-cop/github-actions/kyverno-cli:latest@sha256:23e5acdf3e7e9bfdfc402948f681d1241c16f08f55a0e394cbd24cb76639325e
+# renovate: datasource=github-releases depName=redhat-cop/github-actions
+FROM ghcr.io/redhat-cop/github-actions/kyverno-cli:v4.0

kyverno-cli/Dockerfile_build

@@ -33,7 +33,7 @@ FROM registry.access.redhat.com/ubi9/python-39:1-153.1699551718@sha256:81a000d48
 # renovate: datasource=github-releases depName=bats-core/bats-core
 ARG BATS_VERSION=master
 
-LABEL version="1.1.0"
+LABEL version="4.0.0"
 LABEL repository="http://github.com/redhat-cop/github-actions"
 LABEL homepage="http://github.com/redhat-cop/github-actions/kyverno-cli"
 LABEL maintainer="Red Hat CoP"

redhat-csp-download/Dockerfile

@@ -1 +1,2 @@
-FROM ghcr.io/redhat-cop/github-actions/redhat-csp-download:latest@sha256:98e60278158bd85a37ef6117b3954f776e62d6ae41c48742d2f57ea02ce17f3d
+# renovate: datasource=github-releases depName=redhat-cop/github-actions
+FROM ghcr.io/redhat-cop/github-actions/redhat-csp-download:v4.0

redhat-csp-download/Dockerfile_build

@@ -1,6 +1,6 @@
 FROM registry.access.redhat.com/ubi9/python-39:1-153.1699551718@sha256:81a000d48bca6b09e09a7b834e0b7c8b6ffb1907b7867e76df9b044e02f9a2ac
 
-LABEL version="1.3.0"
+LABEL version="4.0.0"
 LABEL repository="http://github.com/redhat-cop/github-actions"
 LABEL homepage="http://github.com/redhat-cop/github-actions/redhat-csp-download"
 LABEL maintainer="Red Hat CoP"

renovate.json

@@ -2,6 +2,7 @@
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "extends": [
     "config:best-practices",
-    "regexManagers:dockerfileVersions"
+    "regexManagers:dockerfileVersions",
+    "schedule:earlyMondays"
   ]
 }