I ended up cloning the Photon repo and creating my own private one. I utilized Github actions to automate builds of the container so each month the container will rebuild so the latest patches are applied without having to do anything.
To do this you make a folder in the repo called .github
then another one inside that called workflows
.
Then create a file docker-build.yml
.
name: Scheduled Docker Build and Cleanup
on:
schedule:
- cron: '0 5 1 * *' # 12 AM ET on the 1st (5 AM UTC)
workflow_dispatch:
jobs:
build-and-push:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set image tag
id: set-tag
run: echo "TAG=$(date -u +'%Y-%m-%d-%H-%M')" >> $GITHUB_ENV
- name: Log current time
run: date -u
- name: Log in to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: |
yourname/docker-roonserver:latest
yourname/docker-roonserver:${{ env.TAG }}
cleanup:
runs-on: ubuntu-latest
needs: build-and-push
steps:
- name: Delete old Docker Hub tags (keep latest 3)
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
REPO_NAME: yourname/docker-roonserver
KEEP_COUNT: 3
run: |
TOKEN=$(curl -s -H "Content-Type: application/json" \
-X POST -d '{"username": "'"$DOCKER_USERNAME"'", "password": "'"$DOCKER_PASSWORD"'"}' \
https://hub.docker.com/v2/users/login/ | jq -r .token)
TAGS=$(curl -s -H "Authorization: JWT $TOKEN" \
"https://hub.docker.com/v2/repositories/$REPO_NAME/tags?page_size=100" | \
jq -r '.results | sort_by(.last_updated) | reverse | .[].name')
COUNT=0
for TAG in $TAGS; do
if [[ "$TAG" == "latest" ]]; then continue; fi
COUNT=$((COUNT+1))
if [ $COUNT -le $KEEP_COUNT ]; then
echo "Keeping tag: $TAG"
continue
fi
echo "Deleting tag: $TAG"
curl -s -X DELETE \
-H "Authorization: JWT $TOKEN" \
"https://hub.docker.com/v2/repositories/$REPO_NAME/tags/$TAG/"
done
With the way this cron is set, on the first of the month at midnight EST a fresh container will be built and only 3 tags will be kept to keep Docker hub clean. You need go to Settings -> Secrets and Variables -> Actions
and set a secret called DOCKER_USERNAME
to your Docker Hub username and another DOCKER_PASSWORD
for a personal access token from docker hub with read, write, and delete permissions in order to be able to delete tags.
Finally we want to create another yml file in that same directory: auto-commit.yml
. We need to make a simple commit every now and then to keep the repo active so actions continue to run long term.
name: Auto Commit Ping
on:
schedule:
- cron: '0 5 1 * *' # Every Monday at 00:00 UTC
workflow_dispatch: # Optional manual run
jobs:
auto-commit:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Update timestamp
run: |
echo "Last ping: $(date -u)" > .auto-commit.txt
- name: Commit and push changes
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${{ github.repository }}
git add .auto-commit.txt
git commit -m "chore: auto-update timestamp" || echo "No changes to commit"
git push
To make this run you’ll also need to go to Settings -> Actions -> General
and give Workflow Permissions, Read and Write Permissions.
That’s all, now you should have your very own self patching container.
Edit: to do this you cannot just fork the repo, scheduled actions will not run. You need to create a fresh repo on Github, install git. Auth with github, git clone the original repo and push up to github.