Skip to content

[Snyk] Security upgrade postgres from 15.6 to 15.7 #225

[Snyk] Security upgrade postgres from 15.6 to 15.7

[Snyk] Security upgrade postgres from 15.6 to 15.7 #225

Workflow file for this run

name: PR
on:
pull_request:
branches: [main]
concurrency:
# PR open and close use the same group, allowing only one at a time
group: pr-${{ github.workflow }}-${{ github.event.number }}
cancel-in-progress: true
jobs:
scrub:
name: Scrub for changed Dockerfiles
runs-on: ubuntu-22.04
outputs:
json: ${{ steps.dockerfiles.outputs.json }}
steps:
- uses: actions/checkout@v4
- name: Get Dockerfiles
id: dockerfiles
run: |
# Fetch default_branch (usually main)
git fetch origin ${{ github.event.repository.default_branch }}
# Get changed Dockerfiles, create JSON object for the builder
DOCKERFILES=($(git diff --name-only origin/${{ github.event.repository.default_branch }} | grep -E '^.*/.*/Dockerfile$' | sort -u))
LIST=$(
for d in "${DOCKERFILES[@]}"; do
BASE=${d%/*}
echo "{\"package\": \"${BASE%/*}\", \"major_tag\": \"${BASE##*/}\"},"
done
)
# Clip any trailing commas
JSON=$(echo [$LIST] | sed 's/\(.*\),/\1/')
# Send to output if non-empty
echo "json=${JSON}"
if [ "${#JSON}" -gt 4 ]
then
echo "json=${JSON}" >> $GITHUB_OUTPUT
fi
# https://github.com/bcgov-nr/action-builder-ghcr
builds:
name: Builds
needs: [scrub]
if: ${{ needs.scrub.outputs.json }}
permissions:
packages: write
runs-on: ubuntu-22.04
strategy:
matrix:
include: ${{ fromJSON(needs.scrub.outputs.json) }}
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
- name: Get tag
id: tag
run: |
TAG=$(grep '^FROM' ${{ matrix.package }}/${{ matrix.major_tag }}/Dockerfile | cut -d':' -f2)
echo "full_tag=${TAG}" >> $GITHUB_OUTPUT
- name: Build or import
uses: bcgov-nr/action-builder-ghcr@v2.0.1
with:
build_context: ${{ matrix.package }}/${{ matrix.major_tag }}
package: ${{ matrix.package }}
tag: ${{ steps.tag.outputs.full_tag }}
pr-description-add:
name: PR Description Add
needs: [builds]
if: always() && (! failure())
runs-on: ubuntu-22.04
permissions:
pull-requests: write
timeout-minutes: 1
steps:
- uses: bcgov-nr/action-pr-description-add@v1.1.0
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
add_markdown: |
---
Thanks for the PR!
Any new images should be viewable with [our repo packages](https://github.com/orgs/bcgov/packages?repo_name=nr-containers). :)