Update mirror digests for ci-* images #1

Workflow file for this run

.github/workflows/update-mirror-digests.yml at 0a4d0a3

	name: Update mirror digests for ci-* images

	on:
	workflow_run:
	workflows: ["Tag new images version"]
	types: [completed]
	workflow_dispatch:

	jobs:
	update-mirror-digests:
	if: ${{ github.event_name == 'workflow_dispatch' \|\| github.event.workflow_run.conclusion == 'success' }}
	runs-on: ubuntu-latest
	permissions:
	id-token: write # Required for OIDC token federation
	contents: read
	steps:
	- uses: DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 # v1.0.3
	id: octo-sts
	with:
	scope: DataDog/images
	policy: dd-trace-java-docker-build.update-mirror

	- name: Checkout DataDog/dd-trace-java-docker-build
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	path: dd-trace-java-docker-build

	- name: Checkout DataDog/images
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	repository: DataDog/images
	token: ${{ steps.octo-sts.outputs.token }}
	path: images

	- name: Capture images HEAD SHA
	id: images-head
	run: echo "sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
	working-directory: images

	- name: Install crane
	run: \|
	CRANE_VERSION="0.20.2"
	curl -fsSL "https://github.com/google/go-containerregistry/releases/download/v${CRANE_VERSION}/go-containerregistry_Linux_x86_64.tar.gz" -o crane.tar.gz
	tar -xzf crane.tar.gz crane
	sudo mv crane /usr/local/bin/crane
	rm crane.tar.gz

	- name: Get baseline digest for ci-base image # base variant used to check freshness
	id: baseline
	run: \|
	BASELINE=$(awk '/source:.*dd-trace-java-docker-build:ci-base/{found=1; next} found && /digest:/{print $2; exit}' images/mirror.lock.yaml \|\| true)
	echo "digest=${BASELINE}" >> "$GITHUB_OUTPUT"
	echo "Baseline ci-base digest: ${BASELINE:-<none found>}"

	- name: Wait for new ci-base image to be published
	run: \|
	BASELINE="${{ steps.baseline.outputs.digest }}"
	DEADLINE=$((SECONDS + 1800))
	echo "Waiting for ci-base digest to differ from: ${BASELINE:-<none>}"
	while [[ $SECONDS -lt $DEADLINE ]]; do
	CURRENT=$(crane digest ghcr.io/datadog/dd-trace-java-docker-build:ci-base 2>/dev/null \|\| true)
	if [[ -n "$CURRENT" && "$CURRENT" != "$BASELINE" ]]; then
	echo "New ci-base digest detected: $CURRENT"
	exit 0
	fi
	echo "No change yet (current: ${CURRENT:-unavailable}), retrying in 60s..."
	sleep 60
	done
	echo "::error::Timeout after 30 minutes: ci-base digest did not change from existing mirror"
	exit 1

	- name: Resolve digests and update mirror.lock.yaml files
	run: bash "${GITHUB_WORKSPACE}/dd-trace-java-docker-build/scripts/update-ci-image-digests.sh"
	working-directory: images

	- name: Define branch name
	id: define-branch
	run: echo "branch=ci/update-dd-trace-java-docker-build-ci-digests-$(date +'%Y%m%d')" >> "$GITHUB_OUTPUT"

	- name: Commit changes
	id: create-commit
	run: \|
	git config user.name "github-actions[bot]"
	git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
	git add mirror.lock.yaml
	if git diff --cached --quiet; then
	echo "No changes detected in mirror files; skipping commit."
	echo "has_changes=false" >> "$GITHUB_OUTPUT"
	exit 0
	fi
	git commit -m "chore: Update dd-trace-java-docker-build ci-* image digests"
	echo "has_changes=true" >> "$GITHUB_OUTPUT"
	echo "commit=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
	working-directory: images

	- name: Push changes
	if: ${{ steps.create-commit.outputs.has_changes == 'true' }}
	uses: DataDog/commit-headless@05d7b7ee023e2c7d01c47832d420c2503cd416f3 # action/v2.0.3
	with:
	target: DataDog/images
	token: "${{ steps.octo-sts.outputs.token }}"
	branch: "${{ steps.define-branch.outputs.branch }}"
	head-sha: "${{ steps.images-head.outputs.sha }}"
	create-branch: true
	command: push
	commits: "${{ steps.create-commit.outputs.commit }}"
	working-directory: images

	- name: Create pull request
	if: ${{ steps.create-commit.outputs.has_changes == 'true' }}
	env:
	GH_TOKEN: ${{ steps.octo-sts.outputs.token }}
	run: \|
	gh pr create \
	--repo DataDog/images \
	--draft \
	--title "Update dd-trace-java-docker-build ci-* image digests" \
	--base master \
	--head "${{ steps.define-branch.outputs.branch }}" \
	--body "Automated digest update for \`dd-trace-java-docker-build\` \`ci-*\` images after tagging."

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update mirror digests for ci-* images #1

Workflow file

Update mirror digests for ci-* images #1

Uh oh!

Workflow file for this run