name: Build and Push Teamspeak Images on Base Image Update on: push: branches: - main paths: - '.gitea/workflows/*.yml' - '**/Dockerfile' - '**/*.sh' - '!.cache/*' - '!**/CHANGES.md' - '!**/build-info.json' schedule: - cron: '0 1 * * 0' env: IMAGE_REGISTRY: ${{ secrets.REPO_URL }} IMAGE_ORG: ${{ secrets.GIT_USERNAME }} IMAGE_REPO_TS: teamspeak-server CACHE_DIR: .cache jobs: check-for-changes: runs-on: vm-docker-build2 outputs: should_build_alpine: ${{ steps.check.outputs.should_build_alpine }} should_build_debian: ${{ steps.check.outputs.should_build_debian }} should_build_basic: ${{ steps.check.outputs.should_build_basic }} alpine_digest: ${{ steps.check.outputs.alpine_digest }} debian_digest: ${{ steps.check.outputs.debian_digest }} basic_digest: ${{ steps.check.outputs.basic_digest }} steps: - name: Checkout code uses: actions/checkout@v3 with: fetch-depth: 0 - name: Ensure .cache directory run: mkdir -p .cache - name: Pull latest base images run: | docker pull alpine:latest docker pull gitea.fithwum.tech/${{ secrets.GIT_USERNAME }}/debian-base:bookworm - name: Get base image digests id: get_digest run: | alpine_digest=$(docker inspect --format='{{index .RepoDigests 0}}' alpine:latest || echo "unknown") debian_digest=$(docker inspect --format='{{index .RepoDigests 0}}' gitea.fithwum.tech/${{ secrets.GIT_USERNAME }}/debian-base:bookworm || echo "unknown") basic_digest=$debian_digest # basic uses debian-base echo "alpine_digest=$alpine_digest" >> $GITHUB_OUTPUT echo "debian_digest=$debian_digest" >> $GITHUB_OUTPUT echo "basic_digest=$basic_digest" >> $GITHUB_OUTPUT - name: Commit and push updated base digests if changed run: | git config user.name "${{ secrets.GIT_USERNAME }}" git config user.email "${{ secrets.GIT_EMAIL }}" changed=false check_and_update() { name="$1" digest="$2" file=".cache/${name}-base.digest" if [[ ! -f "$file" ]] || [[ "$(cat "$file")" != "$digest" ]]; then echo "$digest" > "$file" echo "[INFO] $name digest changed" changed=true else echo "[INFO] $name digest unchanged" fi } check_and_update alpine "${{ steps.get_digest.outputs.alpine_digest }}" check_and_update debian "${{ steps.get_digest.outputs.debian_digest }}" check_and_update basic "${{ steps.get_digest.outputs.basic_digest }}" if [ "$changed" = true ]; then git stash push --include-untracked -m "temp-stash-before-rebase" git fetch origin main git rebase origin/main git stash pop || true git add .cache/*-base.digest git commit -m "Update base image digests ($(date -u +'%Y-%m-%dT%H:%M:%SZ'))" git push origin HEAD:main else echo "[INFO] No base digest changes to commit." fi - name: Compare digests and detect changes id: check run: | check_variant() { variant=$1 new_digest=$2 digest_file=".cache/${variant}-base.digest" last_digest="" base_changed=false code_changed=false if [ -f "$digest_file" ]; then last_digest=$(cat "$digest_file") fi if [ "$last_digest" != "$new_digest" ]; then base_changed=true echo "[INFO] $variant base image changed: $last_digest -> $new_digest" fi # Check if code in the variant directory changed git fetch origin main code_diff=$(git diff --name-only origin/main...HEAD | grep "^$variant/" || true) if [[ -n "$code_diff" ]]; then code_changed=true echo "[INFO] $variant code changed: $code_diff" fi should_build=false if [ "$base_changed" = true ] || [ "$code_changed" = true ]; then should_build=true fi echo "should_build_${variant}=$should_build" >> $GITHUB_OUTPUT echo "${variant}_digest=$new_digest" >> $GITHUB_OUTPUT } check_variant "alpine" "${{ steps.get_digest.outputs.alpine_digest }}" check_variant "debian" "${{ steps.get_digest.outputs.debian_digest }}" check_variant "basic" "${{ steps.get_digest.outputs.basic_digest }}" build-alpine: needs: check-for-changes if: needs.check-for-changes.outputs.should_build_alpine == 'true' runs-on: vm-docker-build2 outputs: built: 'true' steps: - name: Checkout uses: actions/checkout@v3 with: fetch-depth: 0 - name: Login to Docker registry run: | echo "${{ secrets.GIT_TOKEN }}" | docker login gitea.fithwum.tech -u "${{ secrets.GIT_USERNAME }}" --password-stdin - name: Build and Push Alpine Image run: | mkdir -p "${{ env.CACHE_DIR }}" IMAGE="${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_ORG }}/${{ env.IMAGE_REPO_TS }}:alpine" METAFILE="${{ env.CACHE_DIR }}/metadata-alpine.json" echo "[INFO] Building $IMAGE" docker buildx build --platform linux/amd64 --push -t "$IMAGE" --metadata-file "$METAFILE" ./alpine build-debian: needs: check-for-changes if: needs.check-for-changes.outputs.should_build_debian == 'true' runs-on: vm-docker-build2 outputs: built: 'true' steps: - name: Checkout uses: actions/checkout@v3 with: fetch-depth: 0 - name: Login to Docker registry run: | echo "${{ secrets.GIT_TOKEN }}" | docker login gitea.fithwum.tech -u "${{ secrets.GIT_USERNAME }}" --password-stdin - name: Build and Push Debian Image run: | mkdir -p "${{ env.CACHE_DIR }}" IMAGE="${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_ORG }}/${{ env.IMAGE_REPO_TS }}:debian" METAFILE="${{ env.CACHE_DIR }}/metadata-debian.json" echo "[INFO] Building $IMAGE" docker buildx build --platform linux/amd64 --push -t "$IMAGE" --metadata-file "$METAFILE" ./debian build-basic: needs: check-for-changes if: needs.check-for-changes.outputs.should_build_basic == 'true' runs-on: vm-docker-build2 outputs: built: 'true' steps: - name: Checkout uses: actions/checkout@v3 with: fetch-depth: 0 - name: Login to Docker registry run: | echo "${{ secrets.GIT_TOKEN }}" | docker login gitea.fithwum.tech -u "${{ secrets.GIT_USERNAME }}" --password-stdin - name: Build and Push Basic Image run: | mkdir -p "${{ env.CACHE_DIR }}" IMAGE="${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_ORG }}/${{ env.IMAGE_REPO_TS }}:basic" METAFILE2="${{ env.CACHE_DIR }}/metadata-basic.json" echo "[INFO] Building $IMAGE" docker buildx build --platform linux/amd64 --push -t "$IMAGE" --metadata-file "$METAFILE2" ./basic generate-build-info: needs: - build-alpine - build-debian - build-basic if: | needs.build-alpine.outputs.built == 'true' || needs.build-debian.outputs.built == 'true' || needs.build-basic.outputs.built == 'true' runs-on: vm-docker-build2 steps: - name: Checkout source uses: actions/checkout@v3 with: fetch-depth: 0 - name: Load digests from cache id: base_digests run: | load_digest() { file=".cache/$1-base.digest" if [ -f "$file" ]; then cat "$file" else echo "unknown" fi } echo "alpine=$(load_digest alpine)" >> $GITHUB_OUTPUT echo "debian=$(load_digest debian)" >> $GITHUB_OUTPUT echo "basic=$(load_digest basic)" >> $GITHUB_OUTPUT - name: Generate build-info.json for each variant env: IMAGE_REGISTRY: ${{ env.IMAGE_REGISTRY }} IMAGE_ORG: ${{ env.IMAGE_ORG }} IMAGE_REPO_TS: ${{ env.IMAGE_REPO_TS }} run: | variants=(alpine debian basic) human_size() { local b=$1 local d='' local s=0 local S=(B KB MB GB TB) while ((b >= 1024 && s < ${#S[@]}-1)); do d=$((b % 1024)) b=$((b / 1024)) s=$((s + 1)) done printf "%s%s\n" "$b" "${S[$s]}" } variants=() [[ "${{ needs.build-alpine.outputs.built }}" == "true" ]] && variants+=("alpine") [[ "${{ needs.build-debian.outputs.built }}" == "true" ]] && variants+=("debian") [[ "${{ needs.build-basic.outputs.built }}" == "true" ]] && variants+=("basic") for variant in "${variants[@]}"; do image_tag="${IMAGE_REGISTRY}/${IMAGE_ORG}/${IMAGE_REPO_TS}:${variant}" digest=$(docker inspect --format='{{index .RepoDigests 0}}' "$image_tag" 2>/dev/null || echo "unknown") size_bytes=$(docker image inspect "$image_tag" --format='{{.Size}}' 2>/dev/null || echo 0) size_human=$(numfmt --to=iec --suffix=B $size_bytes 2>/dev/null || echo "${size_bytes}B") commit_hash=$(git rev-parse HEAD) build_time=$(date -u +"%Y-%m-%dT%H:%M:%SZ") base_digest="${{ steps.base_digests.outputs[$variant] }}" mkdir -p "$variant" jq -n \ --arg version "$variant" \ --arg commit "$commit_hash" \ --arg build_time "$build_time" \ --arg image_tag "$image_tag" \ --arg digest "$digest" \ --arg image_size "$size_human" \ --argjson image_size_bytes "$size_bytes" \ --arg base_digest "$base_digest" \ '{ version: $version, commit: $commit, build_time: $build_time, image_tag: $image_tag, digest: $digest, image_size: $image_size, image_size_bytes: $image_size_bytes, base_digest: $base_digest }' > "$variant/build-info.json" done - name: Show generated build-info.json run: | find . -name build-info.json -exec echo '--- {} ---' \; -exec cat {} \; - name: Commit and push build-info if changed run: | git config user.name "${{ secrets.GIT_USERNAME }}" git config user.email "${{ secrets.GIT_EMAIL }}" if git status --porcelain | grep .; then git add */build-info.json git commit -m "Update build-info on $(date -u +'%Y-%m-%dT%H:%M:%SZ')" git push for version in alpine debian basic; do TAG="build-$version" git tag -d "$TAG" 2>/dev/null || true git tag "$TAG" git push origin "$TAG" --force done else echo "[INFO] No build-info changes to commit." fi ls -l basic/build-info.json || echo "❌ build-info not written" cat basic/build-info.json || echo "❌ empty build-info" generate-changelogs: needs: generate-build-info if: | needs.check-for-changes.outputs.should_build_alpine == 'true' || needs.check-for-changes.outputs.should_build_debian == 'true' || needs.check-for-changes.outputs.should_build_basic == 'true' runs-on: vm-docker-build2 steps: - name: Checkout source uses: actions/checkout@v3 with: fetch-depth: 0 - name: Generate changelogs only for updated variants run: | versions=() if [[ "${{ needs.check-for-changes.outputs.should_build_alpine }}" == "true" ]]; then versions+=("alpine") fi if [[ "${{ needs.check-for-changes.outputs.should_build_debian }}" == "true" ]]; then versions+=("debian") fi if [[ "${{ needs.check-for-changes.outputs.should_build_basic }}" == "true" ]]; then versions+=("basic") fi for version in "${versions[@]}"; do echo "[INFO] Updating changelog for $version" changelog="$version/CHANGES.md" mkdir -p "$(dirname "$changelog")" touch "$changelog" infofile="$version/build-info.json" last_commit="" if [ -f "$infofile" ]; then last_commit=$(jq -r '.commit' "$infofile") fi # Check if last_commit exists in history, fallback to last 10 commits if not if ! git cat-file -e "${last_commit}^{commit}" 2>/dev/null; then echo "[WARN] Last commit from build-info.json not found, using last 10 commits" last_commit="" fi echo -e "\n## $(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> "$changelog" if [ -n "$last_commit" ]; then git log "${last_commit}..HEAD" --pretty=format:"- %s (%an)" --no-merges --invert-grep --grep="Update changelogs on" | head -n 10 >> "$changelog" else git log -n 10 --pretty=format:"- %s (%an)" --no-merges --invert-grep --grep="Update changelogs on" >> "$changelog" fi done - name: Commit and push changelogs run: | git config user.name "${{ secrets.GIT_USERNAME }}" git config user.email "${{ secrets.GIT_EMAIL }}" if git status --porcelain | grep .; then git add */CHANGES.md git commit -m "Update changelogs on $(date -u +'%Y-%m-%dT%H:%M:%SZ')" --no-verify git push else echo "[INFO] No changelog changes to commit." fi