frankenphp/.github/workflows/docker.yaml

---
name: Build Docker images
on:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main
    tags:
      - v*.*.*
  workflow_dispatch:
    inputs: {}
  schedule:
    - cron:  '0 4 * * *'
jobs:
  prepare:
    runs-on: ubuntu-latest
    outputs:
      # Push if it's a scheduled job, a tag, or if we're committing to the main branch
      push: ${{ toJson(github.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main' && github.event_name != 'pull_request')) }}
      variants: ${{ steps.matrix.outputs.variants }}
      platforms: ${{ steps.matrix.outputs.platforms }}
      metadata: ${{ steps.matrix.outputs.metadata }}
      php_version: ${{ steps.check.outputs.php_version }}
      skip: ${{ steps.check.outputs.skip }}
      ref: ${{ steps.check.outputs.ref }}
    steps:
      -
        name: Check PHP versions
        id: check
        run: |
          PHP_82_LATEST=$(skopeo inspect docker://docker.io/library/php:8.2 --override-os linux --override-arch amd64 | jq -r '.Env[] | select(test("^PHP_VERSION=")) | sub("^PHP_VERSION="; "")')
          PHP_83_LATEST=$(skopeo inspect docker://docker.io/library/php:8.3 --override-os linux --override-arch amd64 | jq -r '.Env[] | select(test("^PHP_VERSION=")) | sub("^PHP_VERSION="; "")')
          echo php_version="${PHP_83_LATEST},${PHP_82_LATEST}" >> "${GITHUB_OUTPUT}"
          
          # Check if the Docker images must be rebuilt
          if [[ "${GITHUB_EVENT_NAME}" != "schedule"  ]]; then
              echo skip=false >> "${GITHUB_OUTPUT}"
              exit 0
          fi
          
          FRANKENPHP_82_LATEST=$(skopeo inspect docker://docker.io/dunglas/frankenphp:latest-php8.2 --override-os linux --override-arch amd64 | jq -r '.Env[] | select(test("^PHP_VERSION=")) | sub("^PHP_VERSION="; "")')
          FRANKENPHP_83_LATEST=$(skopeo inspect docker://docker.io/dunglas/frankenphp:latest-php8.3 --override-os linux --override-arch amd64 | jq -r '.Env[] | select(test("^PHP_VERSION=")) | sub("^PHP_VERSION="; "")')
          
          if [[ "${FRANKENPHP_82_LATEST}" == "${PHP_82_LATEST}" ]] && [[ "${FRANKENPHP_83_LATEST}" == "${PHP_83_LATEST}" ]]; then
              echo skip=true >> "${GITHUB_OUTPUT}"
              exit 0
          fi
          
          {
            echo ref="$(gh release view --repo dunglas/frankenphp --json tagName --jq '.tagName')"
            echo skip=false
          } >> "${GITHUB_OUTPUT}"
      -
        uses: actions/checkout@v4
        if: ${{ !fromJson(steps.check.outputs.skip) }}
        with:
          ref: ${{ steps.check.outputs.ref }}
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: latest
      -
        name: Create variants matrix
        if: ${{ !fromJson(steps.check.outputs.skip) }}
        id: matrix
        run: |
          METADATA="$(docker buildx bake --print | jq -c)"
          {
            echo metadata="${METADATA}"
            echo variants="$(jq -c '.group.default.targets|map(sub("runner-|builder-"; ""))|unique' <<< "${METADATA}")"
            echo platforms="$(jq -c 'first(.target[]) | .platforms' <<< "${METADATA}")"
          } >> "${GITHUB_OUTPUT}"
        env:
          SHA: ${{ github.sha }}
          VERSION: ${{ (github.ref_type == 'tag' && github.ref_name) || steps.check.outputs.ref || github.sha }}
          PHP_VERSION: ${{ steps.check.outputs.php_version }}
  build:
    runs-on: ubuntu-latest
    needs:
      - prepare
    if: ${{ !fromJson(needs.prepare.outputs.skip) }}
    strategy:
      fail-fast: false
      matrix:
        variant: ${{ fromJson(needs.prepare.outputs.variants) }}
        platform: ${{ fromJson(needs.prepare.outputs.platforms) }}
        include:
          - race: ""
            qemu: true
          - platform: linux/amd64
            qemu: false
          - platform: linux/386
            qemu: false
    steps:
      -
        uses: actions/checkout@v4
        with:
          ref: ${{ needs.prepare.outputs.ref }}
      -
        name: Set up QEMU
        if: matrix.qemu
        uses: docker/setup-qemu-action@v3
        with:
          platforms: ${{ matrix.platform }}
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          platforms: ${{ matrix.platform }}
          version: latest
      -
        name: Login to DockerHub
        if: fromJson(needs.prepare.outputs.push)
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}
      -
        name: Build
        id: build
        uses: docker/bake-action@v4
        with:
          pull: true
          load: ${{ !fromJson(needs.prepare.outputs.push) }}
          targets: |
            builder-${{ matrix.variant }}
            runner-${{ matrix.variant }}
          # Remove tags to prevent "can't push tagged ref [...] by digest" error
          set: |
            *.tags=
            *.platform=${{ matrix.platform }}
            *.cache-from=type=gha,scope=${{ github.ref }}-${{ matrix.platform }}
            *.cache-from=type=gha,scope=refs/heads/main-${{ matrix.platform }}
            *.cache-to=type=gha,scope=${{ github.ref }}-${{ matrix.platform }}
            ${{ fromJson(needs.prepare.outputs.push) && '*.output=type=image,name=dunglas/frankenphp,push-by-digest=true,name-canonical=true,push=true' || '' }}
        env:
          SHA: ${{ github.sha }}
          VERSION: ${{ github.ref_type == 'tag' && github.ref_name  || needs.prepare.outputs.ref || github.sha }}
          PHP_VERSION: ${{ needs.prepare.outputs.php_version }}
      -
        # Workaround for https://github.com/actions/runner/pull/2477#issuecomment-1501003600
        name: Export metadata
        if: fromJson(needs.prepare.outputs.push)
        run: |
          mkdir -p /tmp/metadata/builder /tmp/metadata/runner

          # shellcheck disable=SC2086
          builderDigest=$(jq -r '."builder-${{ matrix.variant }}"."containerimage.digest"' <<< ${METADATA})
          touch "/tmp/metadata/builder/${builderDigest#sha256:}"

          # shellcheck disable=SC2086
          runnerDigest=$(jq -r '."runner-${{ matrix.variant }}"."containerimage.digest"' <<< ${METADATA})
          touch "/tmp/metadata/runner/${runnerDigest#sha256:}"
        env:
          METADATA: ${{ steps.build.outputs.metadata }}
      -
        name: Upload builder metadata
        if: fromJson(needs.prepare.outputs.push)
        uses: actions/upload-artifact@v3
        with:
          name: metadata-builder-${{ matrix.variant }}
          path: /tmp/metadata/builder/*
          if-no-files-found: error
          retention-days: 1
      -
        name: Upload runner metadata
        if: fromJson(needs.prepare.outputs.push)
        uses: actions/upload-artifact@v3
        with:
          name: metadata-runner-${{ matrix.variant }}
          path: /tmp/metadata/runner/*
          if-no-files-found: error
          retention-days: 1
      -
        name: Run tests
        if: '!matrix.qemu'
        continue-on-error: ${{ fromJson(needs.prepare.outputs.push) }}
        run: |
          docker run --platform=${{ matrix.platform }} --rm \
            "$(jq -r '."builder-${{ matrix.variant }}"."containerimage.config.digest"' <<< "${METADATA}")" \
            sh -c 'CGO_CXXFLAGS=-fPIE CGO_CFLAGS=-fPIE CGO_LDFLAGS=-pie go test -buildmode=pie -v ./... && cd caddy && go test -buildmode=pie -v ./...'
        env:
          METADATA: ${{ steps.build.outputs.metadata }}
  # Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/
  push:
    runs-on: ubuntu-latest    
    needs:
      - prepare
      - build
    if: fromJson(needs.prepare.outputs.push)
    strategy:
      fail-fast: false
      matrix:
        variant: ${{ fromJson(needs.prepare.outputs.variants) }}
        target: ['builder', 'runner']
    steps:
      -
        name: Download metadata
        uses: actions/download-artifact@v3
        with:
          name: metadata-${{ matrix.target }}-${{ matrix.variant }}
          path: /tmp/metadata
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: latest
      -
        name: Login to DockerHub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}
      -
        name: Create manifest list and push
        working-directory: /tmp/metadata
        run: |
          # shellcheck disable=SC2046,SC2086
          docker buildx imagetools create $(jq -cr '.target."${{ matrix.target }}-${{ matrix.variant }}".tags | map("-t " + .) | join(" ")' <<< ${METADATA}) \
            $(printf 'dunglas/frankenphp@sha256:%s ' *)
        env:
          METADATA: ${{ needs.prepare.outputs.metadata }}
      -
        name: Inspect image
        run: |
          # shellcheck disable=SC2046,SC2086
          docker buildx imagetools inspect $(jq -cr '.target."${{ matrix.target }}-${{ matrix.variant }}".tags | first' <<< ${METADATA}) 
        env:
          METADATA: ${{ needs.prepare.outputs.metadata }}