Skip to content

Update Docker

Update Docker #24657

Workflow file for this run

# updatebot
#
# This runs every hour to check if upstream repos have had a new release
#
name: Update Docker
on:
push:
branches:
- main
paths:
- scripts/updateDockerImages.sh
- .github/workflows/ansible.yml
- .github/workflows/catprinter.yml
- .github/workflows/dkimpy.yml
- .github/workflows/docker-autocompose.yml
- .github/workflows/ruff.yml
- .github/workflows/sslyze.yml
- .github/workflows/visidata.yml
- .github/workflows/update-docker.yml
workflow_dispatch:
schedule:
- cron: "0 * * * *"
env:
DOCKER_CLI_EXPERIMENTAL: enabled
REPOSITORY: ${{ github.actor }}/${{ github.workflow }}
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: true
permissions: read-all
jobs:
update-docker:
runs-on: ubuntu-24.04
steps:
# checkout with a PAT configured with workflow access to allow the workflow to check changes back in
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v1
with:
egress-policy: block
disable-telemetry: true
allowed-endpoints:
aerodent.canonical.com:443
api.github.com:443
azure.archive.ubuntu.com:80
files.pythonhosted.org:443
github.com:443
pkg-containers.githubusercontent.com:443
pypi.org:443
security.ubuntu.com:443
- name: Source checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.4.2
with:
token: ${{ secrets.UPDATE_SECRET }}
fetch-depth: 1
- name: Setup SSH keys
env:
BOT_SSH_PRIVATE_KEY: ${{ secrets.JBOT_SSH_PRIVATE_KEY }}
BOT_SSH_PUBLIC_KEY: ${{ secrets.JBOT_SSH_PUBLIC_KEY }}
run: |
mkdir -m 700 -p ~/.ssh
echo "$BOT_SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
echo "$BOT_SSH_PUBLIC_KEY" > ~/.ssh/id_ed25519.pub
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub
- name: Update dependencies
run: |
git config --global user.name "Jauder Ho Bot"
git config --global user.email "jauderho-bot@users.noreply.github.com"
git config --global pull.rebase false
git config --global user.signingkey ~/.ssh/id_ed25519.pub
git config --global gpg.format ssh
git config --global commit.gpgsign true
PAT="${{ github.actor }}/${{ secrets.UPDATE_SECRET }}" scripts/updateDockerImages.sh
rm -rf ~/.ssh