[Feature] keep the tags same with server (like hugegraph/hugegraph:1.0.0)

[aroundabout]

Feature Description (功能描述)

subtask of [Featuer] Support build docker image from Dockerfile (Task Summary) #840

Key idea

1. use github api Update a repository variable

Requirement

1. target repo https://github.com/hugegraph/hugegraph-actions/tree/main/.github/workflows or https://github.com/imbajin/nocode/blob/master/.github/workflows/server-docker.yml Maybe the repo in the org is better.
2. a token (secrets PAT) which have the admin right to the target repo
3. two variables (LATEST_SHA, STABLE_VERSION) to store last SHA of the latest version(master) and stable version(release-1.0.0)
4. a variables(STABLE_VERSION) of the stable version
5. Because the github api do not provide the “create and update” api of the repository variable, admin should create variables first.
6. Because we cannot directly use the apache repo to build and push image, we can only get the branch by github api instead of the webhook or github event. If we want to push different version images, we should use the loop (shell or js) in github action, because I do not find the github action syntax(Workflow syntax for GitHub Actions - GitHub Docs). But it might be a little complex and hard to maintain. Do you have any advise? Or, for example, the stable version is update to v1.1.0, the v1.0.0 will not update. In this case we can change the variables to 1.1.0.

Main process

1. checkout the apache/hugegraph branch master
2. get the latest sha
3. compare with the sha in repo variables
4. if changed, update the var in the repo and publish docker image (with latest tag)
5. then create another job to publish the stable version (with the version tag).

demo yaml:

name: "Docker Server Image"

on:
  schedule:
    - cron: '0 23 * * 1'
  workflow_dispatch:
    inputs:
      repository_url:
        required: true
        default: 'apache/hugegraph'
      latest_branch:
        required: true
        default: 'master'
      latest_image_url:
        required: true
        default: 'hugegraph/hugegraph:latest'
      stable_branch:
        required: true
        default: 'release-1.0.0'
      stable_image_url:
        required: true
        default: 'hugegraph/hugegraph:1.0.0'

jobs:
  build_latest:
    runs-on: ubuntu-latest
    env:
      repository_url: apache/hugegraph
      latest_branch: master
      latest_image_url: hugegraph/hugegraph:latest
      stable_branch: release-${{vars.STABLE_VERSION}}
      stable_image_url: hugegraph/hugegraph:${{vars.STABLE_VERSION}}

    steps:
    - 
      name: Reset If Need
      if: github.event_name=='workflow_dispatch'
      run: |
        echo "repository_url=${{ inputs.repository_url }}" >> $GITHUB_ENV
        echo "latest_branch=${{ inputs.latest_branch }}" >> $GITHUB_ENV
        echo "latest_image_url=${{ inputs.latest_image_url }}" >> $GITHUB_ENV
        echo "stable_branch=${{ inputs.stable_branch }}" >> $GITHUB_ENV
        echo "stable_image_url=${{ inputs.stable_image_url }}" >> $GITHUB_ENV
    # - name: Set up Docker Buildx
    #   uses: docker/setup-buildx-action@v2
    # - name: Login to Docker Hub
    #   uses: docker/login-action@v2
    #   with:
    #       #registry: ${{ inputs.image_url }}
    #     username: ${{ secrets.DOCKERHUB_USERNAME }}
    #     password: ${{ secrets.DOCKERHUB_PASSWORD }}
    - name: Checkout latest
      uses: actions/checkout@v3
      with:
        repository: ${{ env.repository_url }}
        ref: ${{ env.latest_branch }}
        fetch-depth: 2
        
    - name: Get current SHA
      run: |
        latest_current_sha=$(git rev-parse HEAD)
        echo "latest_current_sha=$latest_current_sha" >> $GITHUB_ENV
    - name: Get last SHA
      env:
          GITHUB_TOKEN: ${{ secrets.PAT }}
          OWNER: aroundabout
          REPO: action_demo
      run: |
        echo $latest_current_sha
        if [[ "$latest_current_sha" == "${{ vars.LATEST_SHA }}" ]]; then
          echo "sha is the same, do not update docker image"
          exit 0
        else
           curl -L \
            -X PATCH \
            -H "Accept: application/vnd.github+json" \
            -H "X-GitHub-Api-Version: 2022-11-28" \
            -H "Authorization: Bearer ${{ env.GITHUB_TOKEN }}" \
            https://api.github.com/repos/$OWNER/$REPO/actions/variables/LATEST_SHA \
            -d '{"name":"LATEST_SHA","value":"'"$latest_current_sha"'"}'
        fi
# the step to build and push docker image like https://github.com/imbajin/nocode/blob/master/.github/workflows/server-docker.yml
# following the the next job to build and publish the stable version

Other methods

1. repository dispatch event — It still needs the token to set the token to other repo, and the token to target repo cannot be leaked. Hence, secrets is needed, which cannot be provided by apache.
2. artifacts — It can only upload and download the file in one workflow. If the workflow finished, you cannot use github api to download it
3. Other method in marketplace
   1. [Branch Filestorage Action · Actions · GitHub Marketplace](https://github.com/marketplace/actions/branch-filestorage-action) needs to use a branch as the database
   2. [Set persistent value · Actions · GitHub Marketplace](https://github.com/marketplace/actions/set-persistent-value) needs to use the third party api, which can not guarantee safety.
   3. others…

BTW #840 [Featuer]->[Feature]