Skip to content

Watch

Watch #2289

Workflow file for this run

name: Watch
on:
schedule:
- cron: '30 */4 * * *'
push:
branches: ['master']
workflow_dispatch:
jobs:
docker:
name: Push tagged docker image
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: master
- name: Login to ghcr
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Update Dockerfile with latest version
id: fetch_version
run: |
last=$(curl -s https://packagist.org/packages/vimeo/psalm.json|jq '[.package.versions[]|select(.version|test("^\\d+\\.\\d+\\.\\d+$"))|.version]|max_by(.|[splits("[.]")]|map(tonumber))')
last=$(echo $last | tr -d '"')
echo "Last Psalm version is $last"
echo "last=$last" >> $GITHUB_OUTPUT
sed -i -re "s/require vimeo\/psalm/require vimeo\/psalm:$last/" Dockerfile
cat Dockerfile
- name: Build images
run: docker build -t ghcr.io/mbinorg/psalm-security-scan:${{ steps.fetch_version.outputs.last }} -t ghcr.io/mbinorg/psalm-security-scan:latest .
- name: Publish
run: |
docker push ghcr.io/mbinorg/psalm-security-scan:${{ steps.fetch_version.outputs.last }}
docker push ghcr.io/mbinorg/psalm-security-scan:latest
- name: Update action.yml
run : |
git config --global user.name "psalmbot"
git config --global user.email "[email protected]"
yq -i ".runs.image = \"docker://ghcr.io/mbinorg/psalm-security-scan:${{ steps.fetch_version.outputs.last }}\"" action.yml
# Push commit when a file change has been made, skip if the commit would be empty
git commit -m "Add newer psalm docker image version ${{ steps.fetch_version.outputs.last }}" action.yml &&
git push origin master ||
true