Created
June 25, 2026 17:54
-
-
Save bensheldon/38fd14e931380c0ac2d5723a1b80d6c3 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update Metabase base image | |
| on: | |
| schedule: | |
| - cron: '0 17 * * *' # Every day at ~10am Pacific (17:00 UTC) | |
| workflow_dispatch: | |
| jobs: | |
| update-metabase: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Get latest stable Metabase release | |
| id: latest | |
| run: | | |
| LATEST_TAG=$(curl -sf "https://api.github.com/repos/metabase/metabase/releases/latest" \ | |
| -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
| | jq -r '.tag_name') | |
| if [ -z "$LATEST_TAG" ] || [ "$LATEST_TAG" = "null" ]; then | |
| echo "Failed to fetch latest Metabase release" | |
| exit 1 | |
| fi | |
| echo "tag=$LATEST_TAG" >> $GITHUB_OUTPUT | |
| - name: Get current version from Dockerfile | |
| id: current | |
| run: | | |
| CURRENT_TAG=$(grep -oP '(?<=metabase/metabase:)\S+' Dockerfile) | |
| echo "tag=$CURRENT_TAG" >> $GITHUB_OUTPUT | |
| - name: Compare versions | |
| id: compare | |
| run: | | |
| LATEST="${{ steps.latest.outputs.tag }}" | |
| CURRENT="${{ steps.current.outputs.tag }}" | |
| echo "Current: $CURRENT, Latest: $LATEST" | |
| # Always update if current is a floating .x tag, otherwise compare exact strings | |
| if echo "$CURRENT" | grep -q '\.x$'; then | |
| echo "Current uses floating tag — pinning to exact version." | |
| echo "update_needed=true" >> $GITHUB_OUTPUT | |
| elif [ "$LATEST" = "$CURRENT" ]; then | |
| echo "Already up to date." | |
| echo "update_needed=false" >> $GITHUB_OUTPUT | |
| else | |
| # Numeric semver comparison to avoid downgrading | |
| parse() { echo "$1" | grep -oP '\d+' | awk 'NR==1{a=$0} NR==2{b=$0} NR==3{c=$0} END{printf "%d %d %d", a, b, c}'; } | |
| read -r LMA LMI LPA <<< "$(parse "$LATEST")" | |
| read -r CMA CMI CPA <<< "$(parse "$CURRENT")" | |
| if [ "$LMA" -gt "$CMA" ] || \ | |
| ([ "$LMA" -eq "$CMA" ] && [ "$LMI" -gt "$CMI" ]) || \ | |
| ([ "$LMA" -eq "$CMA" ] && [ "$LMI" -eq "$CMI" ] && [ "$LPA" -gt "$CPA" ]); then | |
| echo "update_needed=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "update_needed=false" >> $GITHUB_OUTPUT | |
| echo "No update needed." | |
| fi | |
| fi | |
| - name: Create or update PR | |
| if: steps.compare.outputs.update_needed == 'true' | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| NEW_TAG="${{ steps.latest.outputs.tag }}" | |
| CURRENT_TAG="${{ steps.current.outputs.tag }}" | |
| BRANCH="update-metabase-version" | |
| TITLE="Update Metabase base image from ${CURRENT_TAG} to ${NEW_TAG}" | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| # Check out existing remote branch, or create it fresh | |
| if git ls-remote --exit-code origin "refs/heads/$BRANCH" > /dev/null 2>&1; then | |
| git fetch origin "$BRANCH" | |
| git checkout "$BRANCH" | |
| else | |
| git checkout -b "$BRANCH" | |
| fi | |
| sed -i "s|metabase/metabase:[^ ]*|metabase/metabase:${NEW_TAG}|" Dockerfile | |
| git add Dockerfile | |
| if git diff --cached --quiet; then | |
| echo "Dockerfile already up to date on branch." | |
| else | |
| git commit -m "Update Metabase base image to ${NEW_TAG}" | |
| git push origin "$BRANCH" | |
| fi | |
| # Open a new PR if one isn't already open | |
| EXISTING_PR=$(gh pr list --head "$BRANCH" --json number --jq '.[0].number' 2>/dev/null || echo "") | |
| if [ -n "$EXISTING_PR" ]; then | |
| gh pr edit "$EXISTING_PR" --title "$TITLE" | |
| echo "Updated existing PR #$EXISTING_PR" | |
| else | |
| gh pr create \ | |
| --base main \ | |
| --head "$BRANCH" \ | |
| --title "$TITLE" \ | |
| --body "$(cat <<EOF | |
| Updates the Metabase base image from \`${CURRENT_TAG}\` to \`${NEW_TAG}\`. | |
| Latest stable release: [${NEW_TAG}](https://github.com/metabase/metabase/releases/tag/${NEW_TAG}) | |
| EOF | |
| )" | |
| echo "Opened new PR for ${NEW_TAG}" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment