Initial code

Author: mkumatag

.github/workflows/builder.yaml

@@ -0,0 +1,39 @@
+name: Create and publish a Docker image
+
+on: [push]
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Read builder-version
+        id: builder
+        uses: juliangruber/read-file-action@v1
+        with:
+          path: ./builder-version
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: Dockerfile.build
+          push: true
+          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.builder.outputs.content }}

.github/workflows/test.yaml

@@ -0,0 +1,23 @@
+name: Test
+
+on: [push]
+
+jobs:
+  test:
+    name: Test-Action
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v2
+      - name: Test Action
+        id: test
+        uses: ./
+        with:
+          base-image: alpine:3.13
+          image: alpine:3.14
+      - name: Get Test Output
+        run: echo "Workflow Docker Image ${{ steps.test.outputs.needs-update }}"
+      - name: Check value
+        run: echo "Needs updating"
+        if: steps.test.outputs.needs-update == 'true'

Dockerfile

@@ -0,0 +1,7 @@
+FROM ghcr.io/mkumatag/container-image-updater-action:v1.0
+
+# Copies your code file from your action repository to the filesystem path `/` of the container
+#COPY entrypoint.sh /entrypoint.sh
+
+# Code file to execute when the docker container starts up (`entrypoint.sh`)
+ENTRYPOINT ["/usr/local/bin/container-image-updater"]

Dockerfile.build

@@ -0,0 +1,21 @@
+# syntax=docker/dockerfile:1.3
+# reuse this multistage once the issue resolved with manifest-tool, rightnow inspect with --raw option is not returning all the layers
+FROM golang:1.17-alpine3.14 as builder
+
+WORKDIR /app
+COPY go.mod ./
+COPY go.sum ./
+
+RUN go mod download
+
+COPY *.go ./
+
+RUN go build -o /container-image-updater
+
+FROM alpine:3.14
+
+COPY --from=builder  /container-image-updater /usr/local/bin/container-image-updater
+
+#ADD --chmod=0755 https://github.com/estesp/manifest-tool/releases/download/v1.0.3/manifest-tool-linux-amd64 /usr/local/bin/manifest-tool
+
+#RUN apk add jq

README.md

@@ -1 +1,42 @@
-# container-image-updater
+# container-image-updater
+This action prints "true" if image is required to update based on the base image update.
+
+## Inputs
+
+| Name                | Type     | Description                        |
+|---------------------|----------|------------------------------------|
+| `base-image`        | Required   | Base image of the image            |
+| `image`             | Required   | The container image to be monitored, based on `base-image`   |
+| `base-reg-username`, <br>`base-reg-password` | Optional   | Image registry credential to access base image.|
+| `image-reg-username`, <br>`image-reg-password` | Optional   | Image registry credential to access image to be monitored.|
+
+
+## Outputs
+
+| Name                | Description                        |
+|---------------------|------------------------------------|
+| `needs-update`      | Returns `true` or `false`.         |
+
+## Example usage
+
+### Public images
+
+```yaml
+uses: mkumatag/[email protected]
+with:
+  base-image: 'alpine:3.14'
+  image: 'alpine:3.13'
+```
+
+### Private images
+
+```yaml
+uses: mkumatag/[email protected]
+with:
+  base-image: 'alpine:3.14'
+  image: 'alpine:3.13'
+  base-reg-username: someuser
+  base-reg-password: somepassword
+  image-reg-username: someuser
+  image-reg-password: somepassword
+```

action.yml

@@ -0,0 +1,42 @@
+# action.yml
+name: 'Container Image Updater'
+description: 'Github action to notify if the container image needs update based on the baseimage change'
+inputs:
+  base-image:
+    description: "Container Base image"
+    required: true
+  image:
+    description: "Container image"
+    required: true
+  base-reg-username:
+    description: "Base Image Container registry username"
+    required: false
+  base-reg-password:
+    description: "Base Image Container registry password"
+    required: false
+  image-reg-username:
+    description: "Container registry username"
+    required: false
+  image-reg-password:
+    description: "Container registry password"
+    required: false
+outputs:
+  needs-update:
+    description: 'Needs the update or not(true or false)'
+
+runs:
+  using: 'docker'
+  image: 'Dockerfile'
+  args:
+    - --base-image
+    - ${{ inputs.base-image }}
+    - --image
+    - ${{ inputs.image }}
+    - --base-reg-username
+    - ${{ inputs.base-reg-username }}
+    - --base-reg-password
+    - ${{ inputs.base-reg-password }}
+    - --image-reg-username
+    - ${{ inputs.image-reg-username }}
+    - --image-reg-password
+    - ${{ inputs.image-reg-password }}

builder-version

@@ -0,0 +1 @@
+v1.0

entrypoint.sh

@@ -0,0 +1,58 @@
+#!/usr/bin/env sh
+
+
+set -o pipefail
+set -e
+
+BASE_IMAGE=${1:-}
+IMAGE=${2:-}
+BASE_REG_USERNAME=${3:-}
+BASE_REG_PASSWORD=${4:-}
+IMAGE_REG_USERNAME=${5:-}
+IMAGE_REG_PASSWORD=${6:-}
+
+if [[ -z "${BASE_IMAGE}" || -z "${IMAGE}" ]]; then
+  echo "::error title=argument::Missing Argument base-image or image"
+  exit 1
+fi
+
+get_layers(){
+  image=$1
+  username=$2
+  password=$3
+  cmd="manifest-tool"
+  if [ -n "${username}" ] && [ -n "${password}" ]; then
+    cmd="${cmd} --username=${username} --password=${password}"
+  fi
+
+  cmd="${cmd} inspect ${image} --raw"
+  op=$($cmd)
+  retval=$?
+  if [ $retval -ne 0 ]; then
+      echo "::error title=get_layers::Failed to get layers for ${image}"
+      return $retval
+  fi
+  layers=$(echo ${op} | jq -r ".[]|.Layers[]?")
+  echo "$layers"
+}
+
+get_base_layers(){
+  get_layers "${BASE_IMAGE}" "${BASE_REG_USERNAME}" "${BASE_REG_PASSWORD}"
+}
+
+get_image_base_layer(){
+  # returns only the first layer(base layer)
+  get_layers "${IMAGE}" "${IMAGE_REG_USERNAME}" "${IMAGE_REG_PASSWORD}" | head -n 1
+}
+
+base_layers=$(get_base_layers)
+
+image_base_layer=$(get_image_base_layer)
+
+found=$(echo "${base_layers}" | grep -c "${image_base_layer}")
+retval=$?
+if [ "$found" -gt 0 ]; then
+  echo "::set-output name=needs-update::false"
+else
+  echo "::set-output name=needs-update::true"
+fi

go.mod

@@ -0,0 +1,10 @@
+module github.com/mkumatag/container-image-updater-action
+
+go 1.16
+
+require (
+	github.com/estesp/manifest-tool/v2 v2.0.0-beta.1
+	github.com/opencontainers/go-digest v1.0.0
+	github.com/opencontainers/image-spec v1.0.1
+	github.com/sirupsen/logrus v1.8.1
+)