Mouws/protonmail-bridge-nextcoud-podman
1
0
Fork 1
mirror of https://github.com/shenxn/protonmail-bridge-docker.git synced 2026-03-26 21:35:58 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Remove VERSION file, query GHCR tags for version check

Browse Source
This commit is contained in:
Anton 2026-03-11 18:30:25 +00:00
parent 1068b943c7
commit ee526c8d44
2 changed files with 29 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
.github/workflows/build.yaml vendored
View File

@ -5,7 +5,6 @@ on:
paths: paths:
- .github/workflows/build.yaml - .github/workflows/build.yaml
- build/* - build/*
- VERSION
pull_request: pull_request:
paths: paths:
- .github/workflows/build.yaml - .github/workflows/build.yaml
@ -21,59 +20,40 @@ env:
jobs: jobs:
version-check: version-check:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
outputs: outputs:
updated: ${{ steps.check.outputs.updated }}
version: ${{ steps.check.outputs.version }} version: ${{ steps.check.outputs.version }}
build_needed: ${{ steps.check.outputs.build_needed }}
steps: steps:
- name: Checkout - name: Get latest upstream release
uses: actions/checkout@v4
- name: Check for new version
id: check id: check
run: | run: |
current=$(cat VERSION)
latest=$(curl -s https://api.github.com/repos/ProtonMail/proton-bridge/releases/latest | jq -r '.tag_name') latest=$(curl -s https://api.github.com/repos/ProtonMail/proton-bridge/releases/latest | jq -r '.tag_name')
echo "Current: $current, Latest: $latest" echo "Latest upstream: $latest"
if [ "$current" != "$latest" ]; then
echo "$latest" > VERSION
echo "updated=true" >> $GITHUB_OUTPUT
echo "version=$latest" >> $GITHUB_OUTPUT echo "version=$latest" >> $GITHUB_OUTPUT
else
echo "Version unchanged"
echo "updated=false" >> $GITHUB_OUTPUT
echo "version=$current" >> $GITHUB_OUTPUT
fi
- name: Create version bump PR if [[ "${{ github.event_name }}" == "schedule" ]]; then
if: steps.check.outputs.updated == 'true' # Check if we already have this version in GHCR
env: token=$(curl -s "https://ghcr.io/token?scope=repository:trent-maetzold/protonmail-bridge:pull" | jq -r '.token')
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} tags=$(curl -s -H "Authorization: Bearer $token" "https://ghcr.io/v2/trent-maetzold/protonmail-bridge/tags/list" | jq -r '.tags[]?' 2>/dev/null || echo "")
run: | if echo "$tags" | grep -qx "${latest}-build"; then
branch="auto/bump-${{ steps.check.outputs.version }}" echo "Version ${latest} already built"
git config user.name 'github-actions[bot]' echo "build_needed=false" >> $GITHUB_OUTPUT
git config user.email 'github-actions[bot]@users.noreply.github.com' else
git checkout -b "$branch" echo "New version ${latest} detected"
git add VERSION echo "build_needed=true" >> $GITHUB_OUTPUT
git commit -m "Bump version to ${{ steps.check.outputs.version }}" fi
git push origin "$branch" else
pr_url=$(gh pr create \ echo "build_needed=true" >> $GITHUB_OUTPUT
--title "Bump proton-bridge to ${{ steps.check.outputs.version }}" \ fi
--body "Auto-detected new upstream release." \
--base master \
--head "$branch")
gh pr merge "$pr_url" --squash --auto
test: test:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: version-check
if: github.event_name == 'pull_request' || (github.event_name == 'push' && github.ref != 'refs/heads/master') if: github.event_name == 'pull_request' || (github.event_name == 'push' && github.ref != 'refs/heads/master')
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Set version
run: echo "version=$(cat VERSION)" >> $GITHUB_ENV
- name: Docker meta - name: Docker meta
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@v5
@ -101,7 +81,7 @@ jobs:
tags: "${{ env.GHCR_REPO }}:dev-${{ github.ref_name }}" tags: "${{ env.GHCR_REPO }}:dev-${{ github.ref_name }}"
push: true push: true
build-args: | build-args: |
version=${{ env.version }} version=${{ needs.version-check.outputs.version }}
- name: Run Trivy vulnerability scan - name: Run Trivy vulnerability scan
uses: aquasecurity/trivy-action@0.30.0 uses: aquasecurity/trivy-action@0.30.0
@ -119,11 +99,11 @@ jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: version-check
if: | if: |
(github.event_name == 'push' && github.ref == 'refs/heads/master') || needs.version-check.outputs.build_needed == 'true' &&
(needs.version-check.result == 'success' && needs.version-check.outputs.updated == 'true') (github.event_name != 'pull_request') &&
needs: (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref == 'refs/heads/master'))
- version-check
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
@ -135,17 +115,12 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
ref: master
- name: Prepare - name: Prepare
run: | run: |
platform=${{ matrix.platform }} platform=${{ matrix.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
- name: Set version
run: echo "version=$(cat VERSION)" >> $GITHUB_ENV
- name: Docker meta - name: Docker meta
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@v5
@ -177,7 +152,7 @@ jobs:
provenance: false provenance: false
sbom: false sbom: false
build-args: | build-args: |
version=${{ env.version }} version=${{ needs.version-check.outputs.version }}
- name: Export digest - name: Export digest
run: | run: |
@ -196,13 +171,9 @@ jobs:
merge: merge:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: needs:
- version-check
- build - build
steps: steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: master
- name: Download digests - name: Download digests
uses: actions/download-artifact@v4 uses: actions/download-artifact@v4
with: with:
@ -210,9 +181,6 @@ jobs:
pattern: digests-* pattern: digests-*
merge-multiple: true merge-multiple: true
- name: Set version
run: echo "version=$(cat VERSION)" >> $GITHUB_ENV
- name: Login to GHCR - name: Login to GHCR
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
@ -231,7 +199,7 @@ jobs:
with: with:
images: ${{ env.GHCR_REPO }} images: ${{ env.GHCR_REPO }}
tags: | tags: |
type=raw,enable=true,value=${{ env.version }}-build type=raw,enable=true,value=${{ needs.version-check.outputs.version }}-build
type=raw,enable=true,value=build type=raw,enable=true,value=build
type=raw,enable=true,value=latest type=raw,enable=true,value=latest
@ -244,7 +212,7 @@ jobs:
- name: Run Trivy vulnerability scan - name: Run Trivy vulnerability scan
uses: aquasecurity/trivy-action@0.30.0 uses: aquasecurity/trivy-action@0.30.0
with: with:
image-ref: "${{ env.GHCR_REPO }}:${{ env.version }}-build" image-ref: "${{ env.GHCR_REPO }}:${{ needs.version-check.outputs.version }}-build"
format: 'sarif' format: 'sarif'
exit-code: 0 exit-code: 0
severity: 'CRITICAL,HIGH' severity: 'CRITICAL,HIGH'
@ -257,4 +225,4 @@ jobs:
- name: Inspect image - name: Inspect image
run: | run: |
docker buildx imagetools inspect ${{ env.GHCR_REPO }}:${{ steps.meta.outputs.version }} docker buildx imagetools inspect ${{ env.GHCR_REPO }}:${{ needs.version-check.outputs.version }}-build

1
VERSION
View File

@ -1 +0,0 @@
v3.22.0