diff --git a/.woodpecker/.build.yaml b/.woodpecker/.build.yaml index f59d616..c06e7d6 100644 --- a/.woodpecker/.build.yaml +++ b/.woodpecker/.build.yaml @@ -1,8 +1,10 @@ +when: + path: '*Dockerfile*' + steps: build main: when: - - event: push - branch: main + branch: main image: woodpeckerci/plugin-docker-buildx:4.0.0@sha256:9d24b71c37d7a958d79252e608c4d1a04b02f2e74d4e26003b43e0830038bde0 pull: true settings: @@ -18,9 +20,8 @@ steps: build branch: when: - - event: push - branch: - exclude: ['main'] + branch: + exclude: ['main'] image: woodpeckerci/plugin-docker-buildx:4.0.0@sha256:9d24b71c37d7a958d79252e608c4d1a04b02f2e74d4e26003b43e0830038bde0 pull: true settings: diff --git a/README.md b/README.md index e193f46..4e0c04a 100644 --- a/README.md +++ b/README.md @@ -22,52 +22,10 @@ steps: - pre-commit run --all-files ``` -If renovate is set up for your repo, it'll add and update the pinned digest/hash of the image. +If renovate is set up, it'll add and update the pinned digest/hash of the image. ## Development -Generally you should have `Docker` or something alike installed. - If you need to copy files into the container, don't forget to add exclusions to the general _exclude all_ in `.dockerignore`. -To **update the base image** (like `3.12.4-alpine3.20` to a newer Alpine version), manual work is still required, but supported by a little script. **Renovate might not create a PR for newer image tags.** - -1. In the `Dockerfile`, update the Alpine version for the image and the renovate comments (`# renovate: datasource=repology depName=alpine_3_20/gcc versioning=loose`). - - ```diff - - FROM python:3-alpine3.19@sha256:00c0ffeeacab... - + FROM python:3-alpine3.20 # You can omit the sha256 digest, the script prints it out - # ... - - - # renovate: datasource=repology depName=alpine_3_19/build-base versioning=loose - + # renovate: datasource=repology depName=alpine_3_20/build-base versioning=loose - ENV BUILD_BASE_VERSION="0.8.15" - # ... - ``` - -1. Now run `./get_pkg_versions.sh`. It pulls the alpine image from the Dockerfile, prints it's digest and the latest packages it could find via `apk` inside that container and prints out the names and versions. - - Example output of `./get_pkg_versions.sh` for a new image, which is not yet pulled: - - ```plain - Unable to find image 'python:3.12.3-alpine3.18' locally - 3.12.3-alpine3.18: Pulling from library/python - 619be1103602: Pull complete - [...] - 0eb61f1af52e: Pull complete - Digest: sha256:24680ddf8422899b24756d62b31eb5de782fbb42e9c2bb1c70f1f55fcf891721 - Status: Downloaded newer image for python:3.12.3-alpine3.18 - [Script output starts here] - Checking 5/5 latest package versions on python:3.12.3-alpine3.18 - Image digest found: sha256:24680ddf8422899b24756d62b31eb5de782fbb42e9c2bb1c70f1f55fcf891721 - --- - build-base-0.5-r3 - gcc-12.2.1_git20220924-r10 - git-2.40.1-r0 - openssh-keygen-9.3_p2-r1 - ruby-3.2.4-r0 - ``` - -1. Copy the package versions and update the respective `ENV` with it manually in the `Dockerfile`. You also might add the digest to the base image. - -1. Test building the image and you can commit it. +To update the base image (like `3.12.4-alpine3.20` to a newer Alpine version), manual work is still required. In the `Dockerfile`, update the Alpine version for the image, the renovate comments (`# renovate: datasource=repology depName=alpine_3_20/gcc versioning=loose`), and the package versions for that OS version from the repo (Like on the [Alpine Package Page for gcc](https://pkgs.alpinelinux.org/packages?name=gcc&branch=v3.20&repo=&arch=x86_64)). diff --git a/get_pkg_versions.sh b/get_pkg_versions.sh deleted file mode 100755 index 87b772f..0000000 --- a/get_pkg_versions.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash -set -euo pipefail -IFS=$'\n\t' - -IMAGE=$(grep -oP 'FROM \K.*alpine[^ ]+' Dockerfile) -PACKAGES=$(grep -oP '#.+depName=alpine.+/\K[^ ]+' Dockerfile) -# shellcheck disable=SC2086 -PACKAGES_NO_BR=$(echo ${PACKAGES} | tr -d '\n') -PACKAGES_VERSIONS=$(docker run --rm -t --entrypoint /bin/sh "$IMAGE" -c "apk --update --no-cache list $PACKAGES_NO_BR | cut -d ' ' -f 1 | grep -v '^fetch$'") -DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' "$IMAGE" | cut -d '@' -f2) - -echo "Checking $(echo "$PACKAGES" | wc -l)/$(echo "$PACKAGES_VERSIONS" | wc -l) latest package versions on $IMAGE" -echo "Image digest found: $DIGEST" -echo "---" -echo "$PACKAGES_VERSIONS"