From 2082dc06443104b0af4b4d66f0e0bfc15c0b8912 Mon Sep 17 00:00:00 2001
From: Luca Comellini <luca.com@gmail.com>
Date: Wed, 6 Oct 2021 19:41:08 -0700
Subject: [PATCH] Keep Docker images updated

---
 .github/workflows/update-docker-inages.yml | 137 +++++++++++++++++++++
 Dockerfile                                 |   3 +-
 2 files changed, 139 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/update-docker-inages.yml

diff --git a/.github/workflows/update-docker-inages.yml b/.github/workflows/update-docker-inages.yml
new file mode 100644
index 00000000..ab8c8caa
--- /dev/null
+++ b/.github/workflows/update-docker-inages.yml
@@ -0,0 +1,137 @@
+name: Update Docker Images
+
+on:
+  schedule:
+    - cron:  '0 1 * * *'
+  workflow_dispatch:
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+
+  variables:
+    name: Get version of base image
+    runs-on: ubuntu-20.04
+    outputs:
+      versions: ${{ steps.version.outputs.matrix }}
+      git_tag: ${{ steps.tag.outputs.git_tag }}
+      docker_platforms: ${{ steps.vars.outputs.docker_platforms }}
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Get latest tag
+        id: tag
+        run: |
+          tag=$(git tag --sort=-version:refname | head -n1)
+          echo "::set-output name=git_tag::${tag//v}"
+      - name: Checkout Repository at ${{ steps.tag.outputs.git_tag }}
+        uses: actions/checkout@v2
+        with:
+          ref: v${{ steps.tag.outputs.git_tag }}
+      - name: Set Base image version
+        id: version
+        run: |
+          # enable after v0.22.0 nginx_alpine=library/nginx:$(grep -m1 "FROM.*nginx.*alpine" <Dockerfile | awk -F"[ :]" '{print $3}')
+          nginx=library/$(grep -m1 "FROM nginx:" < Dockerfile | awk -F" " '{print $2}')
+          echo "::set-output name=matrix::[{\"version\": \"${nginx}\", \"distro\": \"debian\"}]" # enable after v0.22.0 , {\"version\": \"${nginx_alpine}\", \"distro\": \"alpine\"}]"
+      - name: Set other variables
+        id: vars
+        run: |
+          echo "::set-output name=docker_platforms::$(grep "PLATFORMS:" .github/workflows/docker.yml | awk -F" " '{print $2}')"
+
+  check:
+    name: Check if updates are needed
+    runs-on: ubuntu-20.04
+    needs: variables
+    outputs:
+      needs-updating-debian: ${{ steps.var.outputs.debian }}
+      needs-updating-alpine: ${{ steps.var.outputs.alpine }}
+    strategy:
+      matrix:
+        base_image: ${{ fromJson(needs.variables.outputs.versions) }}
+    steps:
+      - name: Build image tag
+        id: dist
+        run: |
+          if [ ${{ matrix.base_image.distro }} == "debian" ]; then dist=""; else dist="-${{ matrix.base_image.distro }}"; fi
+          echo "::set-output name=tag::${{ needs.variables.outputs.git_tag }}${dist}"
+      - name: Check if update available ${{ matrix.base_image.version }}
+        id: update
+        uses: lucacome/docker-image-update-checker@v1
+        with:
+          base-image: ${{ matrix.base_image.version }}
+          image: opentracing/nginx-opentracing:${{ steps.dist.outputs.tag }}
+      - id: var
+        run: |
+          echo "::set-output name=${{ matrix.base_image.distro }}::${{ steps.update.outputs.needs-updating }}"
+
+  build-docker:
+    if: ${{ needs.check.outputs.needs-updating-debian == 'true' || needs.check.outputs.needs-updating-alpine == 'true' }}
+    name: Build Docker Image
+    runs-on: ubuntu-20.04
+    needs: [check, variables]
+    strategy:
+      matrix:
+        include:
+          - os: debian
+            needs-updating: ${{ needs.check.outputs.needs-updating-debian }}
+         # - os: alpine
+         #   needs-updating: ${{ needs.check.outputs.needs-updating-alpine }}
+    steps:
+      - name: Checkout Repository at ${{ needs.variables.outputs.git_tag }}
+        uses: actions/checkout@v2
+        with:
+          ref: v${{ needs.variables.outputs.git_tag }}
+        if: ${{ matrix.needs-updating == 'true' }}
+
+      - name: Output Variables
+        id: var
+        run: |
+          echo "::set-output name=nginx_version::$(grep -m1 'FROM nginx:' <Dockerfile | awk -F'[: ]' '{print $3}')"
+        if: ${{ matrix.needs-updating == 'true' }}
+
+      - name: Setup QEMU
+        uses: docker/setup-qemu-action@v1
+        if: ${{ matrix.needs-updating == 'true' }}
+
+      - name: Docker Buildx
+        uses: docker/setup-buildx-action@v1
+        if: ${{ matrix.needs-updating == 'true' }}
+
+      - name: DockerHub Login
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+        if: ${{ matrix.needs-updating == 'true' }}
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: opentracing/nginx-opentracing
+          flavor: |
+            latest=true
+            suffix=${{ matrix.os != 'debian' && '-' || '' }}${{ matrix.os != 'debian' && matrix.os || '' }},onlatest=true
+          tags: |
+            type=raw,value=${{ needs.variables.outputs.git_tag }}
+            type=raw,value=nginx-${{ steps.var.outputs.nginx_version }}
+        if: ${{ matrix.needs-updating == 'true' }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          pull: true
+          push: true
+          platforms: ${{ needs.variables.outputs.docker_platforms }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha,scope=${{ matrix.os }}
+          cache-to: type=gha,scope=${{ matrix.os }},mode=max
+          target: final
+          build-args: BUILDS_OS={{ matrix.os }}
+        if: ${{ matrix.needs-updating == 'true' }}
diff --git a/Dockerfile b/Dockerfile
index 5a4948ba..ca90751a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -211,7 +211,8 @@ RUN echo "deb-src http://nginx.org/packages/mainline/debian/ stretch nginx" >> /
 
 
 ### Base build image for alpine
-FROM nginx:1.21.3-alpine as build-nginx-alpine
+# docker.io/library/nginx is a temporary workaround for Dependabot to see this as different from the one used in Debian
+FROM docker.io/library/nginx:1.21.3-alpine AS build-nginx-alpine
 RUN apk add --no-cache \
     build-base \
     pcre-dev \