Build Docker images #1886
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Build Docker images | |
concurrency: | |
cancel-in-progress: true | |
group: ${{ github.workflow }}-${{ github.ref }} | |
on: | |
pull_request: | |
branches: | |
- main | |
paths-ignore: | |
- "docs/**" | |
push: | |
branches: | |
- main | |
tags: | |
- v*.*.* | |
workflow_dispatch: | |
inputs: | |
#checkov:skip=CKV_GHA_7 | |
version: | |
description: "FrankenPHP version" | |
required: false | |
type: string | |
schedule: | |
- cron: "0 4 * * *" | |
permissions: | |
contents: read | |
env: | |
IMAGE_NAME: ${{ (github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && inputs.version) || startsWith(github.ref, 'refs/tags/')) && 'dunglas/frankenphp' || 'dunglas/frankenphp-dev' }} | |
jobs: | |
prepare: | |
runs-on: ubuntu-latest | |
outputs: | |
# Push if it's a scheduled job, a tag, or if we're committing to the main branch | |
push: ${{ (github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && inputs.version) || startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main' && github.event_name != 'pull_request')) && true || false }} | |
variants: ${{ steps.matrix.outputs.variants }} | |
platforms: ${{ steps.matrix.outputs.platforms }} | |
metadata: ${{ steps.matrix.outputs.metadata }} | |
php_version: ${{ steps.check.outputs.php_version }} | |
php82_version: ${{ steps.check.outputs.php82_version }} | |
php83_version: ${{ steps.check.outputs.php83_version }} | |
skip: ${{ steps.check.outputs.skip }} | |
ref: ${{ steps.check.outputs.ref || (github.event_name == 'workflow_dispatch' && inputs.version) || '' }} | |
steps: | |
- name: Check PHP versions | |
id: check | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
PHP_82_LATEST=$(skopeo inspect docker://docker.io/library/php:8.2 --override-os linux --override-arch amd64 | jq -r '.Env[] | select(test("^PHP_VERSION=")) | sub("^PHP_VERSION="; "")') | |
PHP_83_LATEST=$(skopeo inspect docker://docker.io/library/php:8.3 --override-os linux --override-arch amd64 | jq -r '.Env[] | select(test("^PHP_VERSION=")) | sub("^PHP_VERSION="; "")') | |
PHP_84_LATEST=$(skopeo inspect docker://docker.io/library/php:8.4 --override-os linux --override-arch amd64 | jq -r '.Env[] | select(test("^PHP_VERSION=")) | sub("^PHP_VERSION="; "")') | |
{ | |
echo php_version="${PHP_82_LATEST},${PHP_83_LATEST},${PHP_84_LATEST}" | |
echo php82_version="${PHP_82_LATEST//./-}" | |
echo php83_version="${PHP_83_LATEST//./-}" | |
echo php84_version="${PHP_84_LATEST//./-}" | |
} >> "${GITHUB_OUTPUT}" | |
# Check if the Docker images must be rebuilt | |
if [[ "${GITHUB_EVENT_NAME}" != "schedule" ]]; then | |
echo skip=false >> "${GITHUB_OUTPUT}" | |
exit 0 | |
fi | |
FRANKENPHP_82_LATEST=$(skopeo inspect docker://docker.io/dunglas/frankenphp:php8.2 --override-os linux --override-arch amd64 | jq -r '.Env[] | select(test("^PHP_VERSION=")) | sub("^PHP_VERSION="; "")') | |
FRANKENPHP_83_LATEST=$(skopeo inspect docker://docker.io/dunglas/frankenphp:php8.3 --override-os linux --override-arch amd64 | jq -r '.Env[] | select(test("^PHP_VERSION=")) | sub("^PHP_VERSION="; "")') | |
FRANKENPHP_84_LATEST=$(skopeo inspect docker://docker.io/dunglas/frankenphp:php8.4 --override-os linux --override-arch amd64 | jq -r '.Env[] | select(test("^PHP_VERSION=")) | sub("^PHP_VERSION="; "")') | |
if [[ "${FRANKENPHP_82_LATEST}" == "${PHP_82_LATEST}" ]] && [[ "${FRANKENPHP_83_LATEST}" == "${PHP_83_LATEST}" ]] && [[ "${FRANKENPHP_84_LATEST}" == "${PHP_84_LATEST}" ]]; then | |
echo skip=true >> "${GITHUB_OUTPUT}" | |
exit 0 | |
fi | |
{ | |
echo ref="$(gh release view --repo dunglas/frankenphp --json tagName --jq '.tagName')" | |
echo skip=false | |
} >> "${GITHUB_OUTPUT}" | |
- uses: actions/checkout@v4 | |
if: ${{ !fromJson(steps.check.outputs.skip) }} | |
with: | |
ref: ${{ steps.check.outputs.ref }} | |
- name: Set up Docker Buildx | |
if: ${{ !fromJson(steps.check.outputs.skip) }} | |
uses: docker/setup-buildx-action@v3 | |
- name: Create variants matrix | |
if: ${{ !fromJson(steps.check.outputs.skip) }} | |
id: matrix | |
shell: bash | |
run: | | |
set -e | |
METADATA="$(docker buildx bake --print | jq -c)" | |
{ | |
echo metadata="${METADATA}" | |
echo variants="$(jq -c '.group.default.targets|map(sub("runner-|builder-"; ""))|unique' <<< "${METADATA}")" | |
echo platforms="$(jq -c 'first(.target[]) | .platforms' <<< "${METADATA}")" | |
} >> "${GITHUB_OUTPUT}" | |
env: | |
SHA: ${{ github.sha }} | |
VERSION: ${{ (github.ref_type == 'tag' && github.ref_name) || steps.check.outputs.ref || 'dev' }} | |
PHP_VERSION: ${{ steps.check.outputs.php_version }} | |
build: | |
runs-on: ubuntu-latest | |
needs: | |
- prepare | |
if: ${{ !fromJson(needs.prepare.outputs.skip) }} | |
strategy: | |
fail-fast: false | |
matrix: | |
variant: ${{ fromJson(needs.prepare.outputs.variants) }} | |
platform: ${{ fromJson(needs.prepare.outputs.platforms) }} | |
include: | |
- race: "" | |
qemu: true | |
- platform: linux/amd64 | |
qemu: false | |
race: "-race" # The Go race detector is only supported on amd64 | |
- platform: linux/386 | |
qemu: false | |
exclude: | |
# arm/v6 is only available for Alpine: https://github.com/docker-library/golang/issues/502 | |
- variant: php-${{ needs.prepare.outputs.php82_version }}-bookworm | |
platform: linux/arm/v6 | |
- variant: php-${{ needs.prepare.outputs.php83_version }}-bookworm | |
platform: linux/arm/v6 | |
steps: | |
- name: Prepare | |
id: prepare | |
run: | | |
platform=${{ matrix.platform }} | |
echo "sanitized_platform=${platform//\//-}" >> "${GITHUB_OUTPUT}" | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ needs.prepare.outputs.ref }} | |
- name: Set up QEMU | |
if: matrix.qemu | |
uses: docker/setup-qemu-action@v3 | |
with: | |
platforms: ${{ matrix.platform }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
platforms: ${{ matrix.platform }} | |
- name: Login to DockerHub | |
if: fromJson(needs.prepare.outputs.push) | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.REGISTRY_USERNAME }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: Build | |
id: build | |
uses: docker/bake-action@v5 | |
with: | |
pull: true | |
load: ${{ !fromJson(needs.prepare.outputs.push) }} | |
targets: | | |
builder-${{ matrix.variant }} | |
runner-${{ matrix.variant }} | |
# Remove tags to prevent "can't push tagged ref [...] by digest" error | |
set: | | |
${{ (github.event_name == 'pull_request') && '*.args.NO_COMPRESS=1' || '' }} | |
*.tags= | |
*.platform=${{ matrix.platform }} | |
builder-${{ matrix.variant }}.cache-from=type=gha,scope=builder-${{ matrix.variant }}-${{ needs.prepare.outputs.ref || github.ref }}-${{ matrix.platform }} | |
builder-${{ matrix.variant }}.cache-from=type=gha,scope=refs/heads/main-builder-${{ matrix.variant }}-${{ matrix.platform }} | |
builder-${{ matrix.variant }}.cache-to=type=gha,scope=builder-${{ matrix.variant }}-${{ needs.prepare.outputs.ref || github.ref }}-${{ matrix.platform }},ignore-error=true | |
runner-${{ matrix.variant }}.cache-from=type=gha,scope=runner-${{ matrix.variant }}-${{ needs.prepare.outputs.ref || github.ref }}-${{ matrix.platform }} | |
runner-${{ matrix.variant }}.cache-from=type=gha,scope=refs/heads/main-runner-${{ matrix.variant }}-${{ matrix.platform }} | |
runner-${{ matrix.variant }}.cache-to=type=gha,scope=runner-${{ matrix.variant }}-${{ needs.prepare.outputs.ref || github.ref }}-${{ matrix.platform }},ignore-error=true | |
${{ fromJson(needs.prepare.outputs.push) && format('*.output=type=image,name={0},push-by-digest=true,name-canonical=true,push=true', env.IMAGE_NAME) || '' }} | |
env: | |
SHA: ${{ github.sha }} | |
VERSION: ${{ (github.ref_type == 'tag' && github.ref_name) || needs.prepare.outputs.ref || 'dev' }} | |
PHP_VERSION: ${{ needs.prepare.outputs.php_version }} | |
- # Workaround for https://github.com/actions/runner/pull/2477#issuecomment-1501003600 | |
name: Export metadata | |
if: fromJson(needs.prepare.outputs.push) | |
run: | | |
mkdir -p /tmp/metadata/builder /tmp/metadata/runner | |
builderDigest=$(jq -r '."builder-${{ matrix.variant }}"."containerimage.digest"' <<< "${METADATA}") | |
touch "/tmp/metadata/builder/${builderDigest#sha256:}" | |
runnerDigest=$(jq -r '."runner-${{ matrix.variant }}"."containerimage.digest"' <<< "${METADATA}") | |
touch "/tmp/metadata/runner/${runnerDigest#sha256:}" | |
env: | |
METADATA: ${{ steps.build.outputs.metadata }} | |
- name: Upload builder metadata | |
if: fromJson(needs.prepare.outputs.push) | |
uses: actions/upload-artifact@v4 | |
with: | |
name: metadata-builder-${{ matrix.variant }}-${{ steps.prepare.outputs.sanitized_platform }} | |
path: /tmp/metadata/builder/* | |
if-no-files-found: error | |
retention-days: 1 | |
- name: Upload runner metadata | |
if: fromJson(needs.prepare.outputs.push) | |
uses: actions/upload-artifact@v4 | |
with: | |
name: metadata-runner-${{ matrix.variant }}-${{ steps.prepare.outputs.sanitized_platform }} | |
path: /tmp/metadata/runner/* | |
if-no-files-found: error | |
retention-days: 1 | |
- name: Run tests | |
if: ${{ !matrix.qemu && !fromJson(needs.prepare.outputs.push) }} | |
run: | | |
docker run --platform=${{ matrix.platform }} --rm \ | |
"$(jq -r '."builder-${{ matrix.variant }}"."containerimage.config.digest"' <<< "${METADATA}")" \ | |
sh -c 'go test -tags ${{ matrix.race }} -v ./... && cd caddy && go test -tags nobadger,nomysql,nopgx ${{ matrix.race }} -v ./...' | |
env: | |
METADATA: ${{ steps.build.outputs.metadata }} | |
# Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/ | |
push: | |
runs-on: ubuntu-latest | |
needs: | |
- prepare | |
- build | |
if: fromJson(needs.prepare.outputs.push) | |
strategy: | |
fail-fast: false | |
matrix: | |
variant: ${{ fromJson(needs.prepare.outputs.variants) }} | |
target: ["builder", "runner"] | |
steps: | |
- name: Download metadata | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: metadata-${{ matrix.target }}-${{ matrix.variant }}-* | |
path: /tmp/metadata | |
merge-multiple: true | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.REGISTRY_USERNAME }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: Create manifest list and push | |
working-directory: /tmp/metadata | |
run: | | |
set -x | |
# shellcheck disable=SC2046,SC2086 | |
docker buildx imagetools create $(jq -cr '.target."${{ matrix.target }}-${{ matrix.variant }}".tags | map("-t " + .) | join(" ")' <<< ${METADATA}) \ | |
$(printf "${IMAGE_NAME}@sha256:%s " *) | |
env: | |
METADATA: ${{ needs.prepare.outputs.metadata }} | |
- name: Inspect image | |
run: | | |
# shellcheck disable=SC2046,SC2086 | |
docker buildx imagetools inspect $(jq -cr '.target."${{ matrix.target }}-${{ matrix.variant }}".tags | first' <<< ${METADATA}) | |
env: | |
METADATA: ${{ needs.prepare.outputs.metadata }} |