| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276 |
- ---
- name: Build Docker images
- concurrency:
- cancel-in-progress: true
- group: ${{ github.workflow }}-${{ github.ref }}
- on:
- pull_request:
- branches:
- - main
- paths-ignore:
- - 'docs/**'
- push:
- branches:
- - main
- tags:
- - v*.*.*
- workflow_dispatch:
- inputs:
- #checkov:skip=CKV_GHA_7
- version:
- description: 'FrankenPHP version'
- required: false
- type: string
- schedule:
- - cron: '0 4 * * *'
- permissions:
- contents: read
- env:
- IMAGE_NAME: ${{ (github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && inputs.version) || startsWith(github.ref, 'refs/tags/')) && 'dunglas/frankenphp' || 'dunglas/frankenphp-dev' }}
- jobs:
- prepare:
- runs-on: ubuntu-latest
- outputs:
- # Push if it's a scheduled job, a tag, or if we're committing to the main branch
- push: ${{ (github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && inputs.version) || startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main' && github.event_name != 'pull_request')) && true || false }}
- variants: ${{ steps.matrix.outputs.variants }}
- platforms: ${{ steps.matrix.outputs.platforms }}
- metadata: ${{ steps.matrix.outputs.metadata }}
- php_version: ${{ steps.check.outputs.php_version }}
- php82_version: ${{ steps.check.outputs.php82_version }}
- php83_version: ${{ steps.check.outputs.php83_version }}
- skip: ${{ steps.check.outputs.skip }}
- ref: ${{ steps.check.outputs.ref || (github.event_name == 'workflow_dispatch' && inputs.version) || '' }}
- steps:
- -
- name: Check PHP versions
- id: check
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: |
- PHP_82_LATEST=$(skopeo inspect docker://docker.io/library/php:8.2 --override-os linux --override-arch amd64 | jq -r '.Env[] | select(test("^PHP_VERSION=")) | sub("^PHP_VERSION="; "")')
- PHP_83_LATEST=$(skopeo inspect docker://docker.io/library/php:8.3 --override-os linux --override-arch amd64 | jq -r '.Env[] | select(test("^PHP_VERSION=")) | sub("^PHP_VERSION="; "")')
- PHP_84_LATEST=$(skopeo inspect docker://docker.io/library/php:8.4 --override-os linux --override-arch amd64 | jq -r '.Env[] | select(test("^PHP_VERSION=")) | sub("^PHP_VERSION="; "")')
- {
- echo php_version="${PHP_82_LATEST},${PHP_83_LATEST},${PHP_84_LATEST}"
- echo php82_version="${PHP_82_LATEST//./-}"
- echo php83_version="${PHP_83_LATEST//./-}"
- echo php84_version="${PHP_84_LATEST//./-}"
- } >> "${GITHUB_OUTPUT}"
- # Check if the Docker images must be rebuilt
- if [[ "${GITHUB_EVENT_NAME}" != "schedule" ]]; then
- echo skip=false >> "${GITHUB_OUTPUT}"
- exit 0
- fi
- FRANKENPHP_82_LATEST=$(skopeo inspect docker://docker.io/dunglas/frankenphp:php8.2 --override-os linux --override-arch amd64 | jq -r '.Env[] | select(test("^PHP_VERSION=")) | sub("^PHP_VERSION="; "")')
- FRANKENPHP_83_LATEST=$(skopeo inspect docker://docker.io/dunglas/frankenphp:php8.3 --override-os linux --override-arch amd64 | jq -r '.Env[] | select(test("^PHP_VERSION=")) | sub("^PHP_VERSION="; "")')
- FRANKENPHP_84_LATEST=$(skopeo inspect docker://docker.io/dunglas/frankenphp:php8.4 --override-os linux --override-arch amd64 | jq -r '.Env[] | select(test("^PHP_VERSION=")) | sub("^PHP_VERSION="; "")')
- if [[ "${FRANKENPHP_82_LATEST}" == "${PHP_82_LATEST}" ]] && [[ "${FRANKENPHP_83_LATEST}" == "${PHP_83_LATEST}" ]] && [[ "${FRANKENPHP_84_LATEST}" == "${PHP_84_LATEST}" ]]; then
- echo skip=true >> "${GITHUB_OUTPUT}"
- exit 0
- fi
- {
- echo ref="$(gh release view --repo dunglas/frankenphp --json tagName --jq '.tagName')"
- echo skip=false
- } >> "${GITHUB_OUTPUT}"
- -
- uses: actions/checkout@v4
- if: ${{ !fromJson(steps.check.outputs.skip) }}
- with:
- ref: ${{ steps.check.outputs.ref }}
- -
- name: Set up Docker Buildx
- if: ${{ !fromJson(steps.check.outputs.skip) }}
- uses: docker/setup-buildx-action@v3
- -
- name: Create variants matrix
- if: ${{ !fromJson(steps.check.outputs.skip) }}
- id: matrix
- shell: bash
- run: |
- set -e
- METADATA="$(docker buildx bake --print | jq -c)"
- {
- echo metadata="${METADATA}"
- echo variants="$(jq -c '.group.default.targets|map(sub("runner-|builder-"; ""))|unique' <<< "${METADATA}")"
- echo platforms="$(jq -c 'first(.target[]) | .platforms' <<< "${METADATA}")"
- } >> "${GITHUB_OUTPUT}"
- env:
- SHA: ${{ github.sha }}
- VERSION: ${{ (github.ref_type == 'tag' && github.ref_name) || steps.check.outputs.ref || 'dev' }}
- PHP_VERSION: ${{ steps.check.outputs.php_version }}
- build:
- runs-on: ubuntu-latest
- needs:
- - prepare
- if: ${{ !fromJson(needs.prepare.outputs.skip) }}
- strategy:
- fail-fast: false
- matrix:
- variant: ${{ fromJson(needs.prepare.outputs.variants) }}
- platform: ${{ fromJson(needs.prepare.outputs.platforms) }}
- include:
- -
- race: ""
- qemu: true
- -
- platform: linux/amd64
- qemu: false
- race: "-race" # The Go race detector is only supported on amd64
- -
- platform: linux/386
- qemu: false
- exclude:
- # arm/v6 is only available for Alpine: https://github.com/docker-library/golang/issues/502
- -
- variant: php-${{ needs.prepare.outputs.php82_version }}-bookworm
- platform: linux/arm/v6
- -
- variant: php-${{ needs.prepare.outputs.php83_version }}-bookworm
- platform: linux/arm/v6
- steps:
- -
- name: Prepare
- id: prepare
- run: |
- platform=${{ matrix.platform }}
- echo "sanitized_platform=${platform//\//-}" >> "${GITHUB_OUTPUT}"
- -
- uses: actions/checkout@v4
- with:
- ref: ${{ needs.prepare.outputs.ref }}
- -
- name: Set up QEMU
- if: matrix.qemu
- uses: docker/setup-qemu-action@v3
- with:
- platforms: ${{ matrix.platform }}
- -
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v3
- with:
- platforms: ${{ matrix.platform }}
- -
- name: Login to DockerHub
- if: fromJson(needs.prepare.outputs.push)
- uses: docker/login-action@v3
- with:
- username: ${{ secrets.REGISTRY_USERNAME }}
- password: ${{ secrets.REGISTRY_PASSWORD }}
- -
- name: Build
- id: build
- uses: docker/bake-action@v5
- with:
- pull: true
- load: ${{ !fromJson(needs.prepare.outputs.push) }}
- targets: |
- builder-${{ matrix.variant }}
- runner-${{ matrix.variant }}
- # Remove tags to prevent "can't push tagged ref [...] by digest" error
- set: |
- ${{ (github.event_name == 'pull_request') && '*.args.NO_COMPRESS=1' || '' }}
- *.tags=
- *.platform=${{ matrix.platform }}
- builder-${{ matrix.variant }}.cache-from=type=gha,scope=builder-${{ matrix.variant }}-${{ needs.prepare.outputs.ref || github.ref }}-${{ matrix.platform }}
- builder-${{ matrix.variant }}.cache-from=type=gha,scope=refs/heads/main-builder-${{ matrix.variant }}-${{ matrix.platform }}
- builder-${{ matrix.variant }}.cache-to=type=gha,scope=builder-${{ matrix.variant }}-${{ needs.prepare.outputs.ref || github.ref }}-${{ matrix.platform }},ignore-error=true
- runner-${{ matrix.variant }}.cache-from=type=gha,scope=runner-${{ matrix.variant }}-${{ needs.prepare.outputs.ref || github.ref }}-${{ matrix.platform }}
- runner-${{ matrix.variant }}.cache-from=type=gha,scope=refs/heads/main-runner-${{ matrix.variant }}-${{ matrix.platform }}
- runner-${{ matrix.variant }}.cache-to=type=gha,scope=runner-${{ matrix.variant }}-${{ needs.prepare.outputs.ref || github.ref }}-${{ matrix.platform }},ignore-error=true
- ${{ fromJson(needs.prepare.outputs.push) && format('*.output=type=image,name={0},push-by-digest=true,name-canonical=true,push=true', env.IMAGE_NAME) || '' }}
- env:
- SHA: ${{ github.sha }}
- VERSION: ${{ (github.ref_type == 'tag' && github.ref_name) || needs.prepare.outputs.ref || 'dev' }}
- PHP_VERSION: ${{ needs.prepare.outputs.php_version }}
- -
- # Workaround for https://github.com/actions/runner/pull/2477#issuecomment-1501003600
- name: Export metadata
- if: fromJson(needs.prepare.outputs.push)
- run: |
- mkdir -p /tmp/metadata/builder /tmp/metadata/runner
- builderDigest=$(jq -r '."builder-${{ matrix.variant }}"."containerimage.digest"' <<< "${METADATA}")
- touch "/tmp/metadata/builder/${builderDigest#sha256:}"
- runnerDigest=$(jq -r '."runner-${{ matrix.variant }}"."containerimage.digest"' <<< "${METADATA}")
- touch "/tmp/metadata/runner/${runnerDigest#sha256:}"
- env:
- METADATA: ${{ steps.build.outputs.metadata }}
- -
- name: Upload builder metadata
- if: fromJson(needs.prepare.outputs.push)
- uses: actions/upload-artifact@v4
- with:
- name: metadata-builder-${{ matrix.variant }}-${{ steps.prepare.outputs.sanitized_platform }}
- path: /tmp/metadata/builder/*
- if-no-files-found: error
- retention-days: 1
- -
- name: Upload runner metadata
- if: fromJson(needs.prepare.outputs.push)
- uses: actions/upload-artifact@v4
- with:
- name: metadata-runner-${{ matrix.variant }}-${{ steps.prepare.outputs.sanitized_platform }}
- path: /tmp/metadata/runner/*
- if-no-files-found: error
- retention-days: 1
- -
- name: Run tests
- if: ${{ !matrix.qemu && !fromJson(needs.prepare.outputs.push) }}
- run: |
- docker run --platform=${{ matrix.platform }} --rm \
- "$(jq -r '."builder-${{ matrix.variant }}"."containerimage.config.digest"' <<< "${METADATA}")" \
- sh -c 'go test -tags ${{ matrix.race }} -v ./... && cd caddy && go test -tags nobadger,nomysql,nopgx ${{ matrix.race }} -v ./...'
- env:
- METADATA: ${{ steps.build.outputs.metadata }}
- # Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/
- push:
- runs-on: ubuntu-latest
- needs:
- - prepare
- - build
- if: fromJson(needs.prepare.outputs.push)
- strategy:
- fail-fast: false
- matrix:
- variant: ${{ fromJson(needs.prepare.outputs.variants) }}
- target: ['builder', 'runner']
- steps:
- -
- name: Download metadata
- uses: actions/download-artifact@v4
- with:
- pattern: metadata-${{ matrix.target }}-${{ matrix.variant }}-*
- path: /tmp/metadata
- merge-multiple: true
- -
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v3
- -
- name: Login to DockerHub
- uses: docker/login-action@v3
- with:
- username: ${{ secrets.REGISTRY_USERNAME }}
- password: ${{ secrets.REGISTRY_PASSWORD }}
- -
- name: Create manifest list and push
- working-directory: /tmp/metadata
- run: |
- set -x
- # shellcheck disable=SC2046,SC2086
- docker buildx imagetools create $(jq -cr '.target."${{ matrix.target }}-${{ matrix.variant }}".tags | map("-t " + .) | join(" ")' <<< ${METADATA}) \
- $(printf "${IMAGE_NAME}@sha256:%s " *)
- env:
- METADATA: ${{ needs.prepare.outputs.metadata }}
- -
- name: Inspect image
- run: |
- # shellcheck disable=SC2046,SC2086
- docker buildx imagetools inspect $(jq -cr '.target."${{ matrix.target }}-${{ matrix.variant }}".tags | first' <<< ${METADATA})
- env:
- METADATA: ${{ needs.prepare.outputs.metadata }}
|
