Update the "Official Images Updates" workflow

cobexer · cobexer · commit c72bd0347fcc · 2025-11-25T15:11:16.000+01:00
* Utilize a Dockerfile that can be used locally as well
* Display the diff to the current upstream version (in the build)

Signed-off-by: Christoph Obexer &lt;cobexer@gradle.com&gt;
diff --git a/.github/workflows/official-images.yml b/.github/workflows/official-images.yml
@@ -17,38 +17,43 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
+      pull-requests: write
     steps:
       - name: Checkout
         uses: actions/checkout@v5
         with:
           fetch-depth: 0 # we need all branches so we can read Dockerfiles from them
-      - name: Provision best available generate-stackbrew-library.sh
+      - name: Provision best available generate-stackbrew-library.sh and toolbox
         env:
           EVENT_NAME: ${{ github.event_name }}
           CURRENT_COMMIT: ${{ github.sha }}
           BASE_REF: ${{ github.event.pull_request.base.ref }}
-        # if the script was modified in the current PR, use that version; otherwise, use the version from master
         shell: bash
         run: |
+          # if the generate-stackbrew-library.sh was modified in the current PR, use that version; otherwise, use the version from master
           if [ "${EVENT_NAME}" == "pull_request" ] && [ "$(git diff --name-only "origin/$BASE_REF..$CURRENT_COMMIT" -- 'generate-stackbrew-library.sh' | wc -l)" -gt 0 ]; then
             echo "Using modified generate-stackbrew-library.sh"
           else
             echo "Using generate-stackbrew-library.sh from master branch"
             git checkout origin/master -- generate-stackbrew-library.sh
           fi
+          # if the toolbox Dockerfile was modified in the current PR, use that version; otherwise, use the version from master
+          if [ "${EVENT_NAME}" == "pull_request" ] && [ "$(git diff --name-only "origin/$BASE_REF..$CURRENT_COMMIT" -- 'toolbox/Dockerfile' | wc -l)" -gt 0 ]; then
+            echo "Using modified toolbox/Dockerfile"
+          else
+            echo "Using toolbox/Dockerfile from master branch"
+            git checkout origin/master -- toolbox/Dockerfile
+          fi
+      - run: docker build --tag gradle-dockerhub-toolbox -f toolbox/Dockerfile toolbox
       - name: Generate library file
-        uses: docker://bash:latest
-        with:
-          # See https://github.com/docker-library/bashbrew?tab=readme-ov-file#installing
-          args: |
-            -c "\
-              apk add --no-cache jq git curl ca-certificates && \
-              git config --global --add safe.directory '*' && \
-              curl -fsSL -o /usr/local/bin/bashbrew https://github.com/docker-library/bashbrew/releases/download/v0.1.13/bashbrew-amd64 && \
-              chmod +x /usr/local/bin/bashbrew && \
-              bashbrew --version && \
-              ./generate-stackbrew-library.sh ${BASE_SHA:+--substitute ${BASE_SHA} ${CURRENT_COMMIT}} > library-gradle \
-              "
+        run: |
+          docker run --rm \
+            -v "$PWD:/ws" \
+            -w /ws \
+            -e CURRENT_COMMIT \
+            -e BASE_SHA \
+            gradle-dockerhub-toolbox \
+            bash -c 'if [ -n "$BASE_SHA" ]; then ./generate-stackbrew-library.sh --substitute "$BASE_SHA" "$CURRENT_COMMIT"; else ./generate-stackbrew-library.sh; fi > library-gradle'
         env:
           CURRENT_COMMIT: ${{ github.sha }}
           BASE_SHA: ${{ github.event.pull_request.base.sha }}
@@ -57,3 +62,35 @@ jobs:
         with:
           name: gradle
           path: library-gradle
+      - name: Compare library files
+        id: compare
+        run: |
+          curl -q -sS -o /dev/stdout "https://raw.githubusercontent.com/docker-library/official-images/refs/heads/master/library/gradle" | \
+            sed -E "s/GitCommit: .*/GitCommit: 0000000000000000000000000000000000000000/" > existing-library-gradle
+          sed -E "1d; s/GitCommit: .*/GitCommit: 0000000000000000000000000000000000000000/" library-gradle > updated-library-gradle
+          DIFF_OUTPUT=$(diff existing-library-gradle updated-library-gradle || :)
+          echo "$DIFF_OUTPUT"
+          echo "diff<<EOF" >> $GITHUB_OUTPUT
+          echo "$DIFF_OUTPUT" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+      - name: Comment PR with diff
+        if: github.event_name == 'pull_request' && steps.compare.outputs.diff != ''
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const diff = `${{ steps.compare.outputs.diff }}`;
+            const body = `<details>
+            <summary>Library file diff (ignoring commit IDs)</summary>
+
+            \`\`\`diff
+            ${diff}
+            \`\`\`
+
+            </details>`;
+
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: body
+            });
diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh
@@ -76,7 +76,8 @@ for branch in "${branches[@]}"; do
 			# convert "git ls-tree" output to a list of directories that contain a Dockerfile
 			[
 				inputs
-				| select(endswith("/Dockerfile"))
+				# filter to only Dockerfiles, excluding the toolbox/ and hidden directories
+				| select(endswith("/Dockerfile") and ((startswith("toolbox/") or startswith(".")) | not))
 				| rtrimstr("/Dockerfile")
 			]
 			| sort_by(
@@ -219,7 +220,7 @@ for branch in "${branches[@]}"; do
 			ubi)
 				tags+=(
 					'ubi'
-					"${versions[@]/%/-$jdk-$suite}" # "X.Y.Z-ubi10"
+					"${versions[@]/%/-$jdk-$suite}" # "X.Y.Z-jdkNN-ubi10"
 					"$suite" # "ubi10"
 				)
 				;;
diff --git a/toolbox.sh b/toolbox.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+if ! build_output=$(docker build --pull --tag gradle-dockerhub-toolbox -f toolbox/Dockerfile toolbox 2>&1); then
+	echo "$build_output" >&2
+	echo "Failed to build gradle-dockerhub-toolbox image" >&2
+	exit 1
+fi
+
+exec docker run --rm -ti \
+	-v "$(pwd):/workspace" \
+	-w /workspace \
+	gradle-dockerhub-toolbox \
+	bash "$@"
diff --git a/toolbox/Dockerfile b/toolbox/Dockerfile
@@ -0,0 +1,16 @@
+FROM bash:latest
+
+WORKDIR /ws
+
+# See https://github.com/docker-library/bashbrew?tab=readme-ov-file#installing
+RUN apk add --no-cache \
+    ca-certificates \
+    curl \
+    git \
+    jq \
+    && git config --global --add safe.directory '*'
+
+ARG BASHBREW_VERSION=0.1.13
+RUN curl -fsSL -o /usr/local/bin/bashbrew "https://github.com/docker-library/bashbrew/releases/download/v${BASHBREW_VERSION}/bashbrew-amd64" && \
+    chmod +x /usr/local/bin/bashbrew && \
+    bashbrew --version

Original file line number	Diff line number	Diff line change
`@@ -76,7 +76,8 @@ for branch in "${branches[@]}"; do`
`76`	`76`	`# convert "git ls-tree" output to a list of directories that contain a Dockerfile`
`77`	`77`	`[`
`78`	`78`	`inputs`
`79`		`- \| select(endswith("/Dockerfile"))`
	`79`	`+ # filter to only Dockerfiles, excluding the toolbox/ and hidden directories`
	`80`	`+ \| select(endswith("/Dockerfile") and ((startswith("toolbox/") or startswith(".")) \| not))`
`80`	`81`	`\| rtrimstr("/Dockerfile")`
`81`	`82`	`]`
`82`	`83`	`\| sort_by(`
`@@ -219,7 +220,7 @@ for branch in "${branches[@]}"; do`
`219`	`220`	`ubi)`
`220`	`221`	`tags+=(`
`221`	`222`	`'ubi'`
`222`		`- "${versions[@]/%/-$jdk-$suite}" # "X.Y.Z-ubi10"`
	`223`	`+ "${versions[@]/%/-$jdk-$suite}" # "X.Y.Z-jdkNN-ubi10"`
`223`	`224`	`"$suite" # "ubi10"`
`224`	`225`	`)`
`225`	`226`	`;;`