build(deps): bump the actions-all group across 1 directory with 12 updates #157
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Retag Images | |
| on: | |
| schedule: | |
| - cron: '0 0 * * 0' # Every Sunday at midnight | |
| workflow_dispatch: | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - '.github/workflows/retag/images.yml' | |
| - '.github/workflows/retag.yml' | |
| - 'cmd/retagger/**' | |
| permissions: | |
| contents: read | |
| jobs: | |
| retag: | |
| permissions: | |
| packages: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| name: Checkout | |
| - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 | |
| name: Login to GHCR | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Update docker | |
| run: sudo apt update && sudo apt install -y docker-ce | |
| - name: Setup containerd snapshotter | |
| run: | | |
| sudo mkdir -p /etc/docker | |
| test ! -f /etc/docker/daemon.json && echo '{}' | sudo tee /etc/docker/daemon.json | |
| tmp="$(mktemp)" | |
| jq '.features["containerd-snapshotter"] = true' /etc/docker/daemon.json | tee "${tmp}" | |
| sudo cp "${tmp}" /etc/docker/daemon.json | |
| jq '.debug = true' /etc/docker/daemon.json | tee "${tmp}" | |
| sudo cp "${tmp}" /etc/docker/daemon.json | |
| rm "${tmp}" | |
| sudo systemctl restart docker | |
| - name: docker info | |
| run: docker version; docker info | |
| - if: ${{ github.event_name == 'pull_request' }} | |
| name: Setup retag registry (pr) | |
| run: | | |
| set -ex -o pipefail | |
| docker run -d --rm --name registry -p 5000:5000 ghcr.io/project-dalec/dalec/mirror/dockerhub/library/registry:latest | |
| echo "RETAG_REGISTRY=localhost:5000" >> $GITHUB_ENV | |
| echo "RETAG_REGISTRY_USE_HTTP=true" >> $GITHUB_ENV | |
| - if: ${{ github.event_name != 'pull_request' }} | |
| name: Setup retag registry (non-pr) | |
| run: | | |
| set -ex -o pipefail | |
| repo="ghcr.io/${{ github.repository }}" | |
| repo="$(tr '[:upper:]' '[:lower:]' <<<"$repo")" | |
| echo "RETAG_REGISTRY=${repo}" >> $GITHUB_ENV | |
| - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 | |
| with: | |
| go-version: '1.25' | |
| cache: true | |
| - name: Retag images | |
| run: | | |
| go run ./cmd/retagger .github/workflows/retag/images.yml | |
| - if: failure() | |
| name: daemon logs | |
| run: sudo journalctl -u docker |