Docker Release 8.3.19 by @zebby76 #144
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker Release | |
| run-name: Docker Release ${{ github.ref_name }} by @${{ github.actor }} | |
| on: | |
| push: | |
| tags: | |
| - '[0-9]+.[0-9]+.[0-9]+*' | |
| jobs: | |
| init: | |
| runs-on: ubuntu-20.04 | |
| outputs: | |
| version-patch: ${{ steps.prep.outputs.version-patch }} | |
| version-minor: ${{ steps.prep.outputs.version-minor }} | |
| version-major: ${{ steps.prep.outputs.version-major }} | |
| build-date: ${{ steps.prep.outputs.build-date }} | |
| docker-image-name: ${{ steps.prep.outputs.docker-image-name }} | |
| github-ci-run-id: ${{ steps.prep.outputs.github-ci-run-id }} | |
| github-ci-sha-short: ${{ steps.prep.outputs.github-ci-sha-short }} | |
| github-ci-sha: ${{ steps.prep.outputs.github-ci-sha }} | |
| node-version: ${{ steps.prep.outputs.node-version }} | |
| composer-version: ${{ steps.prep.outputs.composer-version }} | |
| aws-cli-version: ${{ steps.prep.outputs.aws-cli-version }} | |
| php-ext-redis-version: ${{ steps.prep.outputs.php-ext-redis-version }} | |
| php-ext-apcu-version: ${{ steps.prep.outputs.php-ext-apcu-version }} | |
| php-ext-xdebug-version: ${{ steps.prep.outputs.php-ext-xdebug-version }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Fill GitHub Environment Variables | |
| uses: FranzDiebold/github-env-vars-action@v2 | |
| - name: Fill PHP Version Environment Variable | |
| uses: c-py/action-dotenv-to-setenv@v5 | |
| with: | |
| env-file: .build.env | |
| - name: Prepare Workflow Environment | |
| id: prep | |
| run: | | |
| VERSION_MAJOR_MINOR_PATCH=${GITHUB_REF_NAME} | |
| VERSION_MAJOR_MINOR=${VERSION_MAJOR_MINOR_PATCH%.*} | |
| VERSION_MAJOR=${VERSION_MAJOR_MINOR%.*} | |
| echo "docker-image-name=${DOCKER_IMAGE_NAME}" >> $GITHUB_OUTPUT | |
| echo "version-patch=${VERSION_MAJOR_MINOR_PATCH}" >> $GITHUB_OUTPUT | |
| echo "version-minor=${VERSION_MAJOR_MINOR}" >> $GITHUB_OUTPUT | |
| echo "version-major=${VERSION_MAJOR}" >> $GITHUB_OUTPUT | |
| echo "build-date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT | |
| echo "github-ci-sha-short=${CI_SHA_SHORT}" >> $GITHUB_OUTPUT | |
| echo "github-ci-sha=${CI_SHA}" >> $GITHUB_OUTPUT | |
| echo "github-ci-run-id=${CI_RUN_ID}" >> $GITHUB_OUTPUT | |
| echo "node-version=${NODE_VERSION}" >> $GITHUB_OUTPUT | |
| echo "composer-version=${COMPOSER_VERSION}" >> $GITHUB_OUTPUT | |
| echo "aws-cli-version=${AWS_CLI_VERSION}" >> $GITHUB_OUTPUT | |
| echo "php-ext-redis-version=${PHP_EXT_REDIS_VERSION}" >> $GITHUB_OUTPUT | |
| echo "php-ext-apcu-version=${PHP_EXT_APCU_VERSION}" >> $GITHUB_OUTPUT | |
| echo "php-ext-xdebug-version=${PHP_EXT_XDEBUG_VERSION}" >> $GITHUB_OUTPUT | |
| build: | |
| strategy: | |
| matrix: | |
| image-variant: [fpm-prd,apache-prd,nginx-prd,cli-prd,fpm-dev,apache-dev,nginx-dev,cli-dev] | |
| runs-on: ubuntu-20.04 | |
| needs: init | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Cache Docker layers | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - name: Fill "${{ needs.init.outputs.docker-image-name }}" Docker Image metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| images: "${{ needs.init.outputs.docker-image-name }}" | |
| tags: | | |
| type=raw,value=${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} | |
| type=raw,value=${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }} | |
| type=raw,value=${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }} | |
| - name: Create Dockerfile | |
| run: | | |
| make Dockerfile | |
| - name: Build "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker Image | |
| id: build | |
| uses: docker/build-push-action@v6 | |
| with: | |
| builder: ${{ steps.buildx.outputs.name }} | |
| context: . | |
| file: Dockerfile | |
| target: ${{ matrix.image-variant }} | |
| build-args: | | |
| VERSION_ARG=${{ needs.init.outputs.version-patch }} | |
| RELEASE_ARG=${{ needs.init.outputs.github-ci-run-id }} | |
| VCS_REF_ARG=${{ needs.init.outputs.github-ci-sha }} | |
| BUILD_DATE_ARG=${{ needs.init.outputs.build-date }} | |
| NODE_VERSION_ARG=${{ needs.init.outputs.node-version }} | |
| COMPOSER_VERSION_ARG=${{ needs.init.outputs.composer-version }} | |
| AWS_CLI_VERSION_ARG=${{ needs.init.outputs.aws-cli-version }} | |
| PHP_EXT_REDIS_VERSION_ARG=${{ needs.init.outputs.php-ext-redis-version }} | |
| PHP_EXT_APCU_VERSION_ARG=${{ needs.init.outputs.php-ext-apcu-version }} | |
| PHP_EXT_XDEBUG_VERSION_ARG=${{ needs.init.outputs.php-ext-xdebug-version }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| outputs: type=docker,dest=/tmp/builded.tar | |
| - name: Install Docker Squash | |
| id: install-squash | |
| run: | | |
| pip install docker-squash | |
| - name: Squash "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker Image | |
| id: squash | |
| run: | | |
| cat /tmp/builded.tar | docker load | |
| docker-squash --message "Build and Squashed in GitHub Action" \ | |
| --tag ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} \ | |
| --output-path /tmp/squashed.tar \ | |
| --cleanup \ | |
| ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} | |
| cat /tmp/squashed.tar | docker load | |
| tags=$(echo "${{ steps.meta.outputs.tags }}" | tr "\n" " ") | |
| for tag in $tags; do | |
| docker tag ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} $tag | |
| done | |
| docker save --output /tmp/final.tar $tags | |
| - name: Check "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker Images | |
| run: | | |
| docker image inspect ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} | |
| docker history ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} | |
| - name: Upload "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker image artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.image-variant }} | |
| path: /tmp/final.tar | |
| tests: | |
| strategy: | |
| matrix: | |
| image-variant: [fpm-prd,apache-prd,nginx-prd,cli-prd,fpm-dev,apache-dev,nginx-dev,cli-dev] | |
| runs-on: ubuntu-20.04 | |
| needs: [init,build] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup BATS testing framework | |
| uses: zebby76/setup-bats@v2 | |
| with: | |
| bats-version: 1.2.1 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Download "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker image artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ matrix.image-variant }} | |
| path: /tmp | |
| - name: Load Docker image | |
| run: | | |
| docker load --input /tmp/final.tar | |
| docker image ls -a | |
| - name: Scan "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker image | |
| uses: anchore/scan-action@v6 | |
| id: scan | |
| with: | |
| image: ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} | |
| fail-build: false | |
| severity-cutoff: critical | |
| output-format: table | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: docker.io | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| - name: Prepare Test Environment | |
| id: prep-test | |
| run: | | |
| echo "image-flavor=${IMAGE_VARIANT%-*}" >> $GITHUB_OUTPUT | |
| env: | |
| IMAGE_VARIANT: ${{ matrix.image-variant }} | |
| - name: Test "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker Image | |
| env: | |
| DOCKER_IMAGE_NAME: ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} | |
| PHP_VERSION: ${{ needs.init.outputs.version-patch }} | |
| AWS_CLI_VERSION: ${{ needs.init.outputs.aws-cli-version }} | |
| CONTAINER_ENGINE: docker | |
| run: | | |
| docker network create docker_default | |
| docker pull curlimages/curl:8.1.2 | |
| bats -r test/tests.${{ steps.prep-test.outputs.image-flavor }}.bats | |
| sign-dev: | |
| strategy: | |
| max-parallel: 1 | |
| matrix: | |
| image-variant: [fpm-dev,apache-dev,nginx-dev,cli-dev] | |
| runs-on: ubuntu-20.04 | |
| needs: [init,tests] | |
| steps: | |
| - name: Install Dependencies | |
| run: | | |
| sudo apt update | |
| sudo apt install -y notary | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Download "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker image artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ matrix.image-variant }} | |
| path: /tmp | |
| - name: Load Docker image | |
| run: | | |
| docker load --input /tmp/final.tar | |
| docker image ls -a | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: docker.io | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| - name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" | |
| uses: sudo-bot/action-docker-sign@latest | |
| with: | |
| image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" | |
| private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" | |
| private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} | |
| private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} | |
| - name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }}" | |
| uses: sudo-bot/action-docker-sign@latest | |
| with: | |
| image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }}" | |
| private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" | |
| private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} | |
| private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} | |
| - name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }}" | |
| uses: sudo-bot/action-docker-sign@latest | |
| with: | |
| image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }}" | |
| private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" | |
| private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} | |
| private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} | |
| - name: Check Docker Images pull's | |
| run: | | |
| docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} | |
| docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }} | |
| docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }} | |
| sign-prd: | |
| strategy: | |
| max-parallel: 1 | |
| matrix: | |
| image-variant: [fpm-prd,apache-prd,nginx-prd,cli-prd] | |
| runs-on: ubuntu-20.04 | |
| needs: [init,tests] | |
| steps: | |
| - name: Install Dependencies | |
| run: | | |
| sudo apt update | |
| sudo apt install -y notary | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Download "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker image artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ matrix.image-variant }} | |
| path: /tmp | |
| - name: Load Docker image | |
| run: | | |
| docker load --input /tmp/final.tar | |
| docker image ls -a | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: docker.io | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| - name: Prepare Sign Workflow Step | |
| id: prep-sign | |
| run: | | |
| echo "image-flavor=${IMAGE_VARIANT%-*}" >> $GITHUB_OUTPUT | |
| env: | |
| IMAGE_VARIANT: ${{ matrix.image-variant }} | |
| - name: Tag docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} for release" | |
| id: prep-sign-tagging | |
| run: | | |
| docker tag ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} \ | |
| ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ steps.prep-sign.outputs.image-flavor }} | |
| docker tag ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }} \ | |
| ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ steps.prep-sign.outputs.image-flavor }} | |
| docker tag ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }} \ | |
| ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ steps.prep-sign.outputs.image-flavor }} | |
| - name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" | |
| uses: sudo-bot/action-docker-sign@latest | |
| with: | |
| image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" | |
| private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" | |
| private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} | |
| private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} | |
| - name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ steps.prep-sign.outputs.image-flavor }}" | |
| uses: sudo-bot/action-docker-sign@latest | |
| with: | |
| image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ steps.prep-sign.outputs.image-flavor }}" | |
| private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" | |
| private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} | |
| private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} | |
| - name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }}" | |
| uses: sudo-bot/action-docker-sign@latest | |
| with: | |
| image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }}" | |
| private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" | |
| private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} | |
| private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} | |
| - name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ steps.prep-sign.outputs.image-flavor }}" | |
| uses: sudo-bot/action-docker-sign@latest | |
| with: | |
| image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ steps.prep-sign.outputs.image-flavor }}" | |
| private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" | |
| private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} | |
| private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} | |
| - name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }}" | |
| uses: sudo-bot/action-docker-sign@latest | |
| with: | |
| image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }}" | |
| private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" | |
| private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} | |
| private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} | |
| - name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ steps.prep-sign.outputs.image-flavor }}" | |
| uses: sudo-bot/action-docker-sign@latest | |
| with: | |
| image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ steps.prep-sign.outputs.image-flavor }}" | |
| private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" | |
| private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} | |
| private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} | |
| - name: Check Docker Images pull's | |
| run: | | |
| docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} | |
| docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ steps.prep-sign.outputs.image-flavor }} | |
| docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }} | |
| docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ steps.prep-sign.outputs.image-flavor }} | |
| docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }} | |
| docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ steps.prep-sign.outputs.image-flavor }} | |
| cleanup: | |
| strategy: | |
| matrix: | |
| image-variant: [fpm-prd,apache-prd,nginx-prd,cli-prd,fpm-dev,apache-dev,nginx-dev,cli-dev] | |
| runs-on: ubuntu-20.04 | |
| needs: [sign-prd,sign-dev] | |
| steps: | |
| - uses: geekyeggo/delete-artifact@v5 | |
| with: | |
| name: ${{ matrix.image-variant }} | |
| failOnError: false |