Skip to content

Add automatic update action workflow#473

Merged
acburdine merged 1 commit into
masterfrom
feat/auto-updates
Jun 30, 2026
Merged

Add automatic update action workflow#473
acburdine merged 1 commit into
masterfrom
feat/auto-updates

Conversation

@acburdine

Copy link
Copy Markdown
Member

no ref
This workflow can be triggered manually, as well as automatically via a repository_dispatch action in the TryGhost/Ghost repo itself. Replicates for the most part the behavior of the jenkins scripts used in Docker's Official Images infrastructure.

@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a4a242b4-3623-4c44-95e3-e5827b5c2abc

📥 Commits

Reviewing files that changed from the base of the PR and between e55ae5b and fb1893a.

📒 Files selected for processing (1)
  • .github/workflows/update.yml
🚧 Files skipped from review as they are similar to previous changes (1)
  • .github/workflows/update.yml

Walkthrough

A new GitHub Actions workflow file .github/workflows/update.yml is added. It triggers on repository_dispatch and workflow_dispatch, normalizes dry_run, make_image_pr, and official_images_fork_repo, runs ./update.sh, detects filesystem changes, and derives a commit message from versions.json diffs. For non-dry-run runs with changes, it commits and pushes. When enabled, it installs bashbrew, syncs a fork of docker-library/official-images, regenerates library/ghost, and creates an upstream pull request if needed.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly describes the main change: adding an automatic update action workflow.
Description check ✅ Passed The description is directly related to the workflow added in the pull request.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/auto-updates

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/update.yml:
- Line 33: The workflow checkout is shallow, which can break the path-scoped git
history lookups used later by generate-stackbrew-library.sh for GitCommit and
the header link, causing stale or empty library/ghost metadata. Update the
initial actions/checkout step in the workflow to fetch full history by setting
fetch-depth to 0 so the script can read complete git history after the update
commit is created.
- Around line 135-145: The update-ghost flow can reach the commit step even when
the regenerated downstream file is unchanged, causing git commit to fail with
nothing to commit. In the workflow block around gh repo clone,
generate-stackbrew-library.sh, and the git commit/push sequence, add a check
after regenerating official-images/library/ghost to detect whether that file
changed; if it did not, exit early before creating the branch or committing. Use
the existing update-ghost branch/commit logic as the location to guard so the
force-push only runs when library/ghost actually differs.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d5148ae4-bad3-4220-ba2a-b0b95638b200

📥 Commits

Reviewing files that changed from the base of the PR and between 5398b3a and 8fa9588.

📒 Files selected for processing (1)
  • .github/workflows/update.yml

Comment thread .github/workflows/update.yml
Comment thread .github/workflows/update.yml
@acburdine acburdine force-pushed the feat/auto-updates branch from 8fa9588 to dffdfa1 Compare June 30, 2026 13:45

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/update.yml:
- Line 163: The PR body currently links to GITHUB_SHA, which can point to the
workflow-triggering commit instead of the generated update commit. Update the PR
body construction in the workflow step that builds the --body text to use the
current repository HEAD commit for the link instead of GITHUB_SHA, so the
generated update commit is the one referenced.
- Around line 50-63: Validate the dispatch-derived values in the workflow before
appending them to $GITHUB_OUTPUT. In the update.yml step that sets dry_run,
make_image_pr, and official_images_fork_repo, add checks to reject malformed
repository_dispatch inputs (especially newlines in fork_repo) and ensure
dry_run/make_image_pr are only accepted when they are valid boolean-like values.
Keep the output-writing block after validation so the later commit/PR logic in
this job only receives sanitized values.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8d655cb1-d84c-44df-80fd-fd6bac6c9377

📥 Commits

Reviewing files that changed from the base of the PR and between 8fa9588 and dffdfa1.

📒 Files selected for processing (1)
  • .github/workflows/update.yml

Comment thread .github/workflows/update.yml
Comment thread .github/workflows/update.yml Outdated
@acburdine acburdine force-pushed the feat/auto-updates branch from dffdfa1 to e55ae5b Compare June 30, 2026 13:58

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/update.yml:
- Around line 33-35: The checkout step is still storing a push-capable
credential in git config, which can be reused by later steps unintentionally.
Update the `actions/checkout` usage in the workflow to set `persist-credentials:
false`, then make the commit/push step authenticate explicitly before calling
`git push` so only that step has push access.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 94ab8250-dd17-4f69-b9fc-d0c4b3720f2a

📥 Commits

Reviewing files that changed from the base of the PR and between dffdfa1 and e55ae5b.

📒 Files selected for processing (1)
  • .github/workflows/update.yml

Comment thread .github/workflows/update.yml
no ref
This workflow can be triggered manually, as well as automatically via a repository_dispatch action in the TryGhost/Ghost repo itself. Replicates for the most part the behavior of the jenkins scripts used in Docker's Official Images infrastructure.
@acburdine acburdine force-pushed the feat/auto-updates branch from e55ae5b to fb1893a Compare June 30, 2026 14:08
@acburdine acburdine merged commit 9dad66e into master Jun 30, 2026
7 checks passed
@acburdine acburdine deleted the feat/auto-updates branch June 30, 2026 14:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant