A while ago I blogged about creating a Docker image with PowerShell and the latest version of Graph. Thing is, Microsoft keeps releasing new versions of the module pretty regularly and unless I remember to go and build a new version of the image each time, it is quickly outdated.
Then I came across this toot on Mastodon. He had setup something to update his Unbound DNS Docker image (interestingly, something I too had dabbled with a long time ago) each time NLnet Labs releases a new version of Unbound DNS. Here’s a link to his GitHub action which does this and the key thing is: 1) it runs on a schedule (I had been too lazy to figure out GitHub actions could do that!) and 2) it very smartly uses the APIs to check the version of his container vs the version of the Unbound DNS (which is released on GitHub, so he can query the releases) and only updates the image in case of changes. Nice!
I used his scheduler idea, but had to make some changes to the other bits to cater to my specific use case.
Getting the latest version of the PowerShell SDK from GitHub is easy. This command will give all the releases:
|
1 |
curl -s https://api.github.com/repos/microsoftgraph/msgraph-sdk-powershell/releases |
It’s in JSON format, so pipe it via jq. The JSON is an array of entries like this:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
{ "url": "https://api.github.com/repos/microsoftgraph/msgraph-sdk-powershell/releases/96023619", "assets_url": "https://api.github.com/repos/microsoftgraph/msgraph-sdk-powershell/releases/96023619/assets", "upload_url": "https://uploads.github.com/repos/microsoftgraph/msgraph-sdk-powershell/releases/96023619/assets{?name,label}", "html_url": "https://github.com/microsoftgraph/msgraph-sdk-powershell/releases/tag/1.24.0", "id": 96023619, "author": { "login": "peombwa", "id": 7061532, "node_id": "MDQ6VXNlcjcwNjE1MzI=", "avatar_url": "https://avatars.githubusercontent.com/u/7061532?v=4", "gravatar_id": "", "url": "https://api.github.com/users/peombwa", "html_url": "https://github.com/peombwa", "followers_url": "https://api.github.com/users/peombwa/followers", "following_url": "https://api.github.com/users/peombwa/following{/other_user}", "gists_url": "https://api.github.com/users/peombwa/gists{/gist_id}", "starred_url": "https://api.github.com/users/peombwa/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/peombwa/subscriptions", "organizations_url": "https://api.github.com/users/peombwa/orgs", "repos_url": "https://api.github.com/users/peombwa/repos", "events_url": "https://api.github.com/users/peombwa/events{/privacy}", "received_events_url": "https://api.github.com/users/peombwa/received_events", "type": "User", "site_admin": false }, "node_id": "RE_kwDOCno9Qs4FuTRD", "tag_name": "1.24.0", "target_commitish": "dev", "name": "1.24.0 Release", "draft": false, "prerelease": false, "created_at": "2023-03-23T14:06:32Z", "published_at": "2023-03-23T16:41:52Z", "assets": [ ], "tarball_url": "https://api.github.com/repos/microsoftgraph/msgraph-sdk-powershell/tarball/1.24.0", "zipball_url": "https://api.github.com/repos/microsoftgraph/msgraph-sdk-powershell/zipball/1.24.0", "body": "### Release Notes\r\n- Refreshes module with the latest APIs #1895\r\n- Adds examples to help files #1692", "reactions": { "url": "https://api.github.com/repos/microsoftgraph/msgraph-sdk-powershell/releases/96023619/reactions", "total_count": 1, "+1": 0, "-1": 0, "laugh": 0, "hooray": 1, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } }, |
What we want is the name property. The following can extract that:
|
1 |
curl -s https://api.github.com/repos/microsoftgraph/msgraph-sdk-powershell/releases | jq '.[] | .name' |
The '.[] | .name' bit is the script to jq. It tells it to read the array (.[]) and extract name. Output looks like this:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
"2.14.0" "2.14.1" "2.13.1" "2.13.0" "2.12.0" "2.11.1" "2.11.0" "2.10.0" "2.9.0" "2.8.0 Release" "2.6.1" "2.5.0" "2.4.0" "2.3.0" "2.2.0" "2.1.0" "2.0.0" "1.28.0 Release" "2.0.0-rc3" "2.0.0-rc1" "2.0.0-preview9" "1.27.0 Release" "1.26.0 Release" "1.25.0 Release" "2.0.0-preview8" "2.0.0-preview7" "1.24.0 Release" "2.0.0-preview6" "1.23.0 Release" "2.0.0-preview5" |
So I should sort it in reverse order, treating the text as numbers, then take the first element, and also remove the quotation marks.
|
1 |
curl -s https://api.github.com/repos/microsoftgraph/msgraph-sdk-powershell/releases | jq '.[] | .name' | sort -Vr | head -n 1 | tr -d "\"" |
The -Vr switches to sort tells it to treat them as numbers and do a reverse sort. The head -n 1 takes the first element. And tr -d removes the double quotes.
Next up, how do I get the latest version of my Docker image? I was hoping I could query GitHub to get the latest version of the package somehow, but that doesn’t work. For one, GitHub doesn’t seem to have a way of getting all packages of a repo – all it can do is get all packages for an organization, or all packages for a user, and some variants of these – but all of these require authentication. Not a problem in itself, I generated a token to test things out, and used the API to get all versions of the packaged owned by me.
|
1 |
curl -s -H "Authorization: Bearer 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" -H "Accept: application/vnd.github+json" https://api.github.com/user/packages/container/powershell-msgraph/versions |
(The token in the examples is not valid).
The result is again JSON that looks like this:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
{ "id": 180843308, "name": "sha256:dcf2eba746ab8b96a4576be0627ab05a0d5d9c436807322c292d0c3bb258c889", "url": "https://api.github.com/users/rakheshster/packages/container/powershell-msgraph/versions/180843308", "package_html_url": "https://github.com/users/rakheshster/packages/container/package/powershell-msgraph", "created_at": "2024-02-19T18:44:20Z", "updated_at": "2024-02-19T18:44:20Z", "description": "'PowerShell + MS Graph container'", "html_url": "https://github.com/users/rakheshster/packages/container/powershell-msgraph/180843308", "metadata": { "package_type": "container", "container": { "tags": [ "2.13.1" ] } } } |
I can use the following to just extract version numbers. That’s the tags basically.
|
1 |
curl -s -H "Authorization: Bearer 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" -H "Accept: application/vnd.github+json" https://api.github.com/user/packages/container/powershell-msgraph/versions | jq '.[] | .metadata.container.tags | .[]' |
Output looks like this:
|
1 2 3 4 5 |
"2.14.1" "2.14.0" "2.13.0" "2.12.0" "2.13.1" |
Of course I’d have to reverse sort just to be sure, take only the first element, and remove the double quotes.
|
1 |
curl -s -H "Authorization: Bearer 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" -H "Accept: application/vnd.github+json" https://api.github.com/user/packages/container/powershell-msgraph/versions | jq '.[] | .metadata.container.tags | .[]' | sort -Vr | head -n 1 | tr -d "\"" |
The jq snippet here is a bit more involved. Read the array (.[]), extract the property with the tags (.metadata.container.tags) – which is itself an array, so read that (.[]).
While I could have gone with this, I didn’t. Instead I decided to query DockerHub as I could just do it without a personal token etc.
|
1 |
curl -s 'https://hub.docker.com/v2/repositories/rakheshster/powershell-msgraph/tags' -H 'Content-Type: application/json' | jq |
An example entry is as follows. All these are part of an array called results.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
{ "creator": 5275378, "id": 569595532, "images": [ { "architecture": "amd64", "features": "", "variant": null, "digest": "sha256:fa9486e10c6bca45dbd97bd3fab0d572605ce515474288568aeafeabf0f7c9a7", "os": "linux", "os_features": "", "os_version": null, "size": 240918555, "status": "inactive", "last_pulled": "2024-01-15T19:36:18.295181Z", "last_pushed": "2023-12-16T23:07:04.105558Z" }, { "architecture": "arm64", "features": "", "variant": null, "digest": "sha256:8e18f05bfd87db92364be195e667fcd4b6f4009f6d8e3f247ce1ba34bedff22a", "os": "linux", "os_features": "", "os_version": null, "size": 240918555, "status": "inactive", "last_pulled": "2024-01-15T19:36:18.308301Z", "last_pushed": "2023-12-16T23:07:04.301845Z" }, { "architecture": "unknown", "features": "", "variant": null, "digest": "sha256:13736cedff20fc9a58d0765f85b5835dd776676eef651f540cba845bca937862", "os": "unknown", "os_features": "", "os_version": null, "size": 10970, "status": "inactive", "last_pulled": "2024-01-15T19:36:18.286013Z", "last_pushed": "2023-12-16T23:07:04.48484Z" }, { "architecture": "unknown", "features": "", "variant": null, "digest": "sha256:48e99f7c4c7fdd783a9ad269516cb734149cacd854202d6345be7d46d664e8de", "os": "unknown", "os_features": "", "os_version": null, "size": 10970, "status": "inactive", "last_pulled": "2024-01-15T19:36:18.295297Z", "last_pushed": "2023-12-16T23:07:04.64608Z" } ], "last_updated": "2023-12-16T23:07:05.16389Z", "last_updater": 5275378, "last_updater_username": "rakheshster", "name": "2.0.0", "repository": 22731596, "full_size": 240918555, "v2": true, "tag_status": "inactive", "tag_last_pulled": "2024-01-15T19:36:18.308301Z", "tag_last_pushed": "2023-12-16T23:07:05.16389Z", "media_type": "application/vnd.oci.image.index.v1+json", "content_type": "image", "digest": "sha256:1affd92d1fa337a7df78ce40837b28d5d4261e6f6ef3e52219aa9e1d9346a18b" } |
To extract the name (which has the version) I can do:
|
1 |
curl -s 'https://hub.docker.com/v2/repositories/rakheshster/powershell-msgraph/tags' -H 'Content-Type: application/json' | jq '.results[] | .name' |
And the same drill as above to get just the latest version:
|
1 |
curl -s 'https://hub.docker.com/v2/repositories/rakheshster/powershell-msgraph/tags' -H 'Content-Type: application/json' | jq -r '.results[] | .name' | sort -Vr | head -n 1 |
Boom! So now I have the latest version in DockerHub. And the latest version of the module from Microsoft (via GitHub).
Since I have a workflow that already builds the container, I wanted to keep things consistent with that as much as possible. So I added a new job to the existing one. My existing one looks like this (this is just a snippet):
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
jobs: # Just one job here ... build-linux-box: runs-on: ubuntu-latest # the steps of my job env: # Coz of https://github.com/orgs/community/discussions/45969 & https://github.com/docker/build-push-action/issues/755 BUILDX_NO_DEFAULT_ATTESTATIONS: 1 steps: # Checkout the code from GitHib - name: Checkout Code uses: actions/checkout@v4 # Setup QEMU for building other platforms # # https://github.com/docker/setup-qemu-action - name: Set up QEMU uses: docker/setup-qemu-action@v3 |
I added a new one above that checks if there’s a version difference.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
jobs: # This one checks if any updates are needed update-check-job: runs-on: ubuntu-latest # Outputs of this job outputs: # This comes from the step below SHOULD_RUN: ${{ steps.EXIT_ACTION.outputs.SHOULD_RUN }} SDK_VERSION: ${{ steps.GET_VERSIONS.outputs.SDK_VERSION }} # The steps of this job steps: - name: Get versions id: GET_VERSIONS run: | echo SDK_VERSION="$(curl -s https://api.github.com/repos/microsoftgraph/msgraph-sdk-powershell/releases | jq '.[] | .name' | sort -Vr | head -n 1 | tr -d "\"")" >> $GITHUB_OUTPUT echo DOCKERHUB_VERSION="$(curl -s 'https://hub.docker.com/v2/repositories/rakheshster/powershell-msgraph/tags' -H 'Content-Type: application/json' | jq -r '.results[] | .name' | sort -Vr | head -n 1)" >> $GITHUB_OUTPUT - name: Exit if no update available id: EXIT_ACTION run: | if [[ "${{ steps.GET_VERSIONS.outputs.SDK_VERSION }}" == "${{ steps.GET_VERSIONS.outputs.DOCKERHUB_VERSION }}" ]]; then echo "No update needed" echo SHOULD_RUN=false >> $GITHUB_OUTPUT else echo "Needs updating to @{{ steps.GET_VERSIONS.outputs.SDK_VERSION }}" echo SHOULD_RUN=true >> $GITHUB_OUTPUT fi # This one actually builds. # This is a copy paste of the docker-build-and-push.yaml action # But I change 'github.event.inputs.moduleversion' to 'needs.update-check-job.outputs.SDK_VERSION' build-linux-box: runs-on: ubuntu-latest needs: update-check-job if: needs.update-check-job.outputs.SHOULD_RUN == 'true' env: # Coz of https://github.com/orgs/community/discussions/45969 & https://github.com/docker/build-push-action/issues/755 BUILDX_NO_DEFAULT_ATTESTATIONS: 1 steps: # Checkout the code from GitHib - name: Checkout Code uses: actions/checkout@v4 # Setup QEMU for building other platforms # # https://github.com/docker/setup-qemu-action - name: Set up QEMU uses: docker/setup-qemu-action@v3 |
What this new job does is check whether there’s a difference in versions. If yes, it sets an output variable SHOULD_RUN to true. The second job now only runs if that variable is set to true (needs.update-check-job.outputs.SHOULD_RUN == 'true').
Since I know the version of the module to target, I output that as part of the first job, and the second job uses that when building the container.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
- name: Build and Push uses: docker/build-push-action@v5 with: file: Dockerfile platforms: "linux/amd64,linux/arm64" # Only amd64 is supported for now in the Ubuntu image https://learn.microsoft.com/en-gb/powershell/scripting/install/installing-powershell-on-linux?view=powershell-7.4#ubuntu # thanks for the syntax https://github.com/docker/build-push-action/issues/557 build-args: | GRAPH_VERSION=${{ needs.update-check-job.outputs.SDK_VERSION }} push: ${{ github.ref == 'refs/heads/main' }} outputs: type=image,name=target,annotation-index.org.opencontainers.image.description='PowerShell + MS Graph container' tags: | rakheshster/powershell-msgraph:${{ needs.update-check-job.outputs.SDK_VERSION }} ghcr.io/rakheshster/powershell-msgraph:${{ needs.update-check-job.outputs.SDK_VERSION }} |
I am pretty pleased with it overall! To give credit, it was this StackOverflow post that gave me the idea of using multiple jobs. That felt neater than the other solutions.
And that’s it! Now GitHub Actions will automatically publish new versions of this image whenever there’s a new Graph module. As luck would have it, today version 2.14.1 was released and the image was automatically built. Nice!