fix(ci): only update Docker versions when runner has newer version (#2061)

gounthar · dependabot[bot] · actions-user · web-flow · commit 0a895d31a276 · 2026-02-25T11:02:32.000+01:00
* chore(deps): bump debian in /dockerfiles/sidekick Bumps debian from bookworm-20231218 to bookworm-20240110. --- updated-dependencies: - dependency-name: debian dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(deps): bump updatecli/updatecli-action from 2.52.0 to 2.53.0 Bumps [updatecli/updatecli-action](https://github.com/updatecli/updatecli-action) from 2.52.0 to 2.53.0. - [Release notes](https://github.com/updatecli/updatecli-action/releases) - [Commits](updatecli/updatecli-action@v2.52.0...v2.53.0) --- updated-dependencies: - dependency-name: updatecli/updatecli-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump anchore/scan-action from 3.5.0 to 3.6.0 Bumps [anchore/scan-action](https://github.com/anchore/scan-action) from 3.5.0 to 3.6.0. - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/CHANGELOG.md) - [Commits](anchore/scan-action@1d59d90...0550541) --- updated-dependencies: - dependency-name: anchore/scan-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(jenkins): Update Jenkins plugins * chore(deps): bump updatecli/updatecli-action from 2.53.0 to 2.54.0 Bumps [updatecli/updatecli-action](https://github.com/updatecli/updatecli-action) from 2.53.0 to 2.54.0. - [Release notes](https://github.com/updatecli/updatecli-action/releases) - [Commits](updatecli/updatecli-action@v2.53.0...v2.54.0) --- updated-dependencies: - dependency-name: updatecli/updatecli-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump debian in /dockerfiles/sidekick Bumps debian from bookworm-20240110 to bookworm-20240130. --- updated-dependencies: - dependency-name: debian dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump jenkins/ssh-agent in /dockerfiles/python Bumps jenkins/ssh-agent from 5.22.0 to 5.24.0. --- updated-dependencies: - dependency-name: jenkins/ssh-agent dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump jenkins/ssh-agent in /dockerfiles/android Bumps jenkins/ssh-agent from 5.22.0 to 5.24.0. --- updated-dependencies: - dependency-name: jenkins/ssh-agent dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump jenkins/ssh-agent in /dockerfiles/maven Bumps jenkins/ssh-agent from 5.22.0 to 5.24.0. --- updated-dependencies: - dependency-name: jenkins/ssh-agent dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump release-drafter/release-drafter from 5 to 6 Bumps [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) from 5 to 6. - [Release notes](https://github.com/release-drafter/release-drafter/releases) - [Commits](release-drafter/release-drafter@v5...v6) --- updated-dependencies: - dependency-name: release-drafter/release-drafter dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump anchore/scan-action from 3.6.0 to 3.6.4 Bumps [anchore/scan-action](https://github.com/anchore/scan-action) from 3.6.0 to 3.6.4. - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/CHANGELOG.md) - [Commits](anchore/scan-action@0550541...3343887) --- updated-dependencies: - dependency-name: anchore/scan-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump jenkins/ssh-agent in /dockerfiles/multi Bumps jenkins/ssh-agent from 5.22.0 to 5.24.0. --- updated-dependencies: - dependency-name: jenkins/ssh-agent dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump jenkins/ssh-agent in /dockerfiles/node Bumps jenkins/ssh-agent from 5.22.0 to 5.24.0. --- updated-dependencies: - dependency-name: jenkins/ssh-agent dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump codacy/codacy-analysis-cli-action from 4.3.0 to 4.4.0 Bumps [codacy/codacy-analysis-cli-action](https://github.com/codacy/codacy-analysis-cli-action) from 4.3.0 to 4.4.0. - [Release notes](https://github.com/codacy/codacy-analysis-cli-action/releases) - [Commits](codacy/codacy-analysis-cli-action@5cc54a7...33d4559) --- updated-dependencies: - dependency-name: codacy/codacy-analysis-cli-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(deps): bump debian in /dockerfiles/sidekick Bumps debian from bookworm-20240130 to bookworm-20240211. --- updated-dependencies: - dependency-name: debian dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump updatecli/updatecli-action from 2.54.0 to 2.55.0 (#114) * chore(deps): bump jenkins/ssh-agent in /dockerfiles/multi (#115) * chore(deps): bump jenkins/ssh-agent in /dockerfiles/node (#116) * chore(deps): bump jenkins/ssh-agent in /dockerfiles/android (#117) * chore(deps): bump jenkins/ssh-agent in /dockerfiles/maven (#118) * chore(deps): bump jenkins/ssh-agent in /dockerfiles/python (#119) * chore(jenkins): Update Jenkins plugins * Multi controller is the same as simple controller * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(deps): Bump debian in /dockerfiles/sidekick Bumps debian from bookworm-20240311 to bookworm-20240408. --- updated-dependencies: - dependency-name: debian dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * chore(jenkins): Update Jenkins plugins * chore(deps): bump codacy/codacy-analysis-cli-action from 4.4.0 to 4.4.1 Bumps [codacy/codacy-analysis-cli-action](https://github.com/codacy/codacy-analysis-cli-action) from 4.4.0 to 4.4.1. - [Release notes](https://github.com/codacy/codacy-analysis-cli-action/releases) - [Commits](codacy/codacy-analysis-cli-action@33d4559...3ff8e64) --- updated-dependencies: - dependency-name: codacy/codacy-analysis-cli-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump updatecli/updatecli-action from 2.57.0 to 2.58.0 Bumps [updatecli/updatecli-action](https://github.com/updatecli/updatecli-action) from 2.57.0 to 2.58.0. - [Release notes](https://github.com/updatecli/updatecli-action/releases) - [Commits](updatecli/updatecli-action@v2.57.0...v2.58.0) --- updated-dependencies: - dependency-name: updatecli/updatecli-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(deps): bump updatecli/updatecli-action from 2.58.0 to 2.59.0 Bumps [updatecli/updatecli-action](https://github.com/updatecli/updatecli-action) from 2.58.0 to 2.59.0. - [Release notes](https://github.com/updatecli/updatecli-action/releases) - [Commits](updatecli/updatecli-action@v2.58.0...v2.59.0) --- updated-dependencies: - dependency-name: updatecli/updatecli-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Update Docker versions * Not to be lost. * not to be lost * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(jenkins): Update Jenkins plugins * chore(deps): bump updatecli/updatecli-action from 2.92.0 to 2.93.0 Bumps [updatecli/updatecli-action](https://github.com/updatecli/updatecli-action) from 2.92.0 to 2.93.0. - [Release notes](https://github.com/updatecli/updatecli-action/releases) - [Commits](updatecli/updatecli-action@v2.92.0...v2.93.0) --- updated-dependencies: - dependency-name: updatecli/updatecli-action dependency-version: 2.93.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix(ci): only update Docker versions when runner has newer version Prevent back-and-forth version update PRs caused by different GitHub Actions runners having different Docker/Compose versions installed. Both the workflow and updatecli scripts now compare versions using sort -V and only update when the new version is strictly newer. * fix(ci): preserve original docker version line when not upgrading Keep the full original line (including build hash) from docker-versions.txt when the runner's version is not newer, instead of writing a hardcoded "build unknown" string. * fix(updatecli): fix compose script outputting wrong version on no-op The docker-compose-version guard echoed $docker_compose_version (from docker-versions.txt) instead of the README value when current >= new, making the downgrade prevention a no-op. Also add head -n1 to grep in both scripts to handle README files with multiple version mentions. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: GitHub Action <action@github.com>
diff --git a/.github/workflows/github-docker-registry-push.yml b/.github/workflows/github-docker-registry-push.yml
@@ -63,9 +63,49 @@ jobs:
           BRANCH_NAME="docker-versions-update-$(date +%s)"
           git checkout -b "$BRANCH_NAME"
 
-          # Write Docker versions to file
-          echo "- $(docker --version)" > docker-versions.txt
-          echo "- $(docker compose version)" >> docker-versions.txt
+          # Helper: compare two semver strings, return 0 if $1 > $2
+          version_gt() {
+            # Use sort -V to compare versions; if the greater one is $1, it's newer
+            [ "$(printf '%s\n%s' "$1" "$2" | sort -V | tail -n1)" = "$1" ] && [ "$1" != "$2" ]
+          }
+
+          # Save current lines from docker-versions.txt
+          CURRENT_DOCKER_LINE=$(grep "Docker version" docker-versions.txt)
+          CURRENT_COMPOSE_LINE=$(grep "Docker Compose version" docker-versions.txt)
+
+          # Extract semver from current file
+          CURRENT_DOCKER=$(echo "$CURRENT_DOCKER_LINE" | cut -d ' ' -f 4 | cut -d ',' -f 1)
+          CURRENT_COMPOSE=$(echo "$CURRENT_COMPOSE_LINE" | cut -d ' ' -f 5 | tr -d 'v')
+
+          # Get runner versions (full output and semver)
+          RUNNER_DOCKER_FULL="$(docker --version)"
+          RUNNER_COMPOSE_FULL="$(docker compose version)"
+          RUNNER_DOCKER=$(echo "$RUNNER_DOCKER_FULL" | cut -d ' ' -f 3 | cut -d ',' -f 1)
+          RUNNER_COMPOSE=$(echo "$RUNNER_COMPOSE_FULL" | cut -d ' ' -f 4 | tr -d 'v')
+
+          echo "Current: Docker $CURRENT_DOCKER, Compose $CURRENT_COMPOSE"
+          echo "Runner:  Docker $RUNNER_DOCKER, Compose $RUNNER_COMPOSE"
+
+          # Only update if runner version is strictly newer, otherwise keep existing line
+          if version_gt "$RUNNER_DOCKER" "$CURRENT_DOCKER"; then
+            echo "Docker version $RUNNER_DOCKER is newer than $CURRENT_DOCKER, updating"
+            DOCKER_LINE="- $RUNNER_DOCKER_FULL"
+          else
+            echo "Docker version $RUNNER_DOCKER is not newer than $CURRENT_DOCKER, keeping current"
+            DOCKER_LINE="$CURRENT_DOCKER_LINE"
+          fi
+
+          if version_gt "$RUNNER_COMPOSE" "$CURRENT_COMPOSE"; then
+            echo "Docker Compose version $RUNNER_COMPOSE is newer than $CURRENT_COMPOSE, updating"
+            COMPOSE_LINE="- $RUNNER_COMPOSE_FULL"
+          else
+            echo "Docker Compose version $RUNNER_COMPOSE is not newer than $CURRENT_COMPOSE, keeping current"
+            COMPOSE_LINE="$CURRENT_COMPOSE_LINE"
+          fi
+
+          # Write versions to file
+          echo "$DOCKER_LINE" > docker-versions.txt
+          echo "$COMPOSE_LINE" >> docker-versions.txt
 
           # Only add the specific file we want
           git add docker-versions.txt
diff --git a/updatecli/scripts/docker-compose-version.sh b/updatecli/scripts/docker-compose-version.sh
@@ -7,5 +7,22 @@ file_content=$(cat docker-versions.txt)
 # Then, use cut to split the line by spaces and get the 5th field (the version)
 docker_compose_version=$(echo "$file_content" | grep -- "- Docker Compose version" | cut -d ' ' -f 5)
 
-# Print the Docker Compose version
-echo $docker_compose_version
+# Get the current version from README.md (strip leading 'v' if present for comparison)
+current_version=$(grep -oP 'Docker Compose version `\K[^`]+' README.md | head -n1)
+
+# Strip leading 'v' for comparison (updatecli trimprefix transformer handles the output)
+new_clean=$(echo "$docker_compose_version" | sed 's/^v//')
+current_clean=$(echo "$current_version" | sed 's/^v//')
+
+# Compare versions: only output the new version if it's strictly newer
+if [ -n "$current_clean" ] && [ -n "$new_clean" ]; then
+  newer=$(printf '%s\n%s' "$new_clean" "$current_clean" | sort -V | tail -n1)
+  if [ "$newer" = "$current_clean" ] || [ "$new_clean" = "$current_clean" ]; then
+    # Current version is same or newer, output it unchanged to avoid a downgrade
+    echo "v${current_clean}"
+    exit 0
+  fi
+fi
+
+# Print the Docker Compose version (new or when no current version found)
+echo "$docker_compose_version"
diff --git a/updatecli/scripts/docker-version.sh b/updatecli/scripts/docker-version.sh
@@ -10,5 +10,18 @@ docker_version=$(echo "$file_content" | grep -- "- Docker version" | cut -d ' '
 # Cut the version string at the comma to get only the semver part
 docker_version=$(echo "$docker_version" | cut -d ',' -f 1)
 
-# Print the Docker version
-echo $docker_version
+# Get the current version from README.md
+current_version=$(grep -oP 'Docker version `\K[^`]+' README.md | head -n1)
+
+# Compare versions: only output the new version if it's strictly newer
+if [ -n "$current_version" ] && [ -n "$docker_version" ]; then
+  newer=$(printf '%s\n%s' "$docker_version" "$current_version" | sort -V | tail -n1)
+  if [ "$newer" = "$current_version" ] || [ "$docker_version" = "$current_version" ]; then
+    # Current version is same or newer, output it unchanged to avoid a downgrade
+    echo "$current_version"
+    exit 0
+  fi
+fi
+
+# Print the Docker version (new or when no current version found)
+echo "$docker_version"
