php-base-updated #24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Push PHP-CLI Images | |
| # IMPORTANT: This workflow depends on php-base tier images being available. | |
| # Do NOT add push triggers for php-cli/** paths - this would cause race conditions | |
| # where php-cli tries to build before php-base images are pushed. | |
| # Instead, use repository_dispatch from php-base workflow or workflow_dispatch. | |
| on: | |
| # NO push trigger - php-cli depends on php-base images being built first | |
| # Use repository_dispatch from php-base workflow instead | |
| workflow_dispatch: | |
| inputs: | |
| php_version: | |
| description: 'PHP Version to build (8.2, 8.3, 8.4, or all)' | |
| required: false | |
| default: 'all' | |
| os_variant: | |
| description: 'OS variant to build (bookworm or all)' | |
| required: false | |
| default: 'all' | |
| repository_dispatch: | |
| types: [php-base-updated] | |
| schedule: | |
| # Weekly security rebuild - Monday 02:00 UTC (after php-base at 01:00) | |
| - cron: '0 2 * * 1' | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }}/php-cli | |
| jobs: | |
| # ═══════════════════════════════════════════════════════════════════════════ | |
| # SLIM TIER - Minimal PHP with essential extensions (Alpine only) | |
| # Note: Debian images don't have tiered builds - they include everything | |
| # ═══════════════════════════════════════════════════════════════════════════ | |
| build-slim-matrix: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| php_version: ['8.2', '8.3', '8.4', '8.5'] | |
| os_variant: ['bookworm'] | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Get build lifecycle state | |
| id: lifecycle | |
| run: | | |
| chmod +x ./scripts/get-build-state.sh | |
| BUILD_STATE=$(./scripts/get-build-state.sh ${{ matrix.php_version }} ${{ matrix.os_variant }}) | |
| echo "LIFECYCLE=$(echo "$BUILD_STATE" | jq -r '.lifecycle')" >> $GITHUB_OUTPUT | |
| echo "Build state for PHP ${{ matrix.php_version }} ${{ matrix.os_variant }} (slim):" | |
| echo "$BUILD_STATE" | jq . | |
| - name: Determine Dockerfile path | |
| id: dockerfile | |
| run: | | |
| echo "path=./php-cli/${{ matrix.php_version }}/debian/bookworm/Dockerfile" >> $GITHUB_OUTPUT | |
| echo "base_os=bookworm" >> $GITHUB_OUTPUT | |
| - name: Get PHP patch version | |
| id: php_patch | |
| run: | | |
| BASE_IMAGE="php:${{ matrix.php_version }}-cli-${{ steps.dockerfile.outputs.base_os }}" | |
| PHP_FULL=$(docker run --rm $BASE_IMAGE php -r 'echo PHP_VERSION;') | |
| echo "version=$PHP_FULL" >> $GITHUB_OUTPUT | |
| echo "PHP patch version: $PHP_FULL" | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver-opts: network=host | |
| - name: Log in to Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=raw,value=${{ matrix.php_version }}-${{ matrix.os_variant }}-slim,enable={{is_default_branch}} | |
| type=raw,value=${{ steps.php_patch.outputs.version }}-${{ matrix.os_variant }}-slim,enable={{is_default_branch}} | |
| type=sha,prefix=${{ matrix.php_version }}-${{ matrix.os_variant }}-slim-,enable={{is_default_branch}} | |
| type=ref,event=branch,suffix=-${{ matrix.php_version }}-${{ matrix.os_variant }}-slim | |
| type=ref,event=pr,suffix=-${{ matrix.php_version }}-${{ matrix.os_variant }}-slim | |
| - name: Build and push slim Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ${{ steps.dockerfile.outputs.path }} | |
| target: slim-root | |
| platforms: linux/amd64,linux/arm64 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha,scope=cli-${{ matrix.php_version }}-${{ matrix.os_variant }}-slim | |
| cache-to: type=gha,mode=max,scope=cli-${{ matrix.php_version }}-${{ matrix.os_variant }}-slim | |
| - name: Test slim image | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| IMAGE="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.php_version }}-${{ matrix.os_variant }}-slim" | |
| echo "Testing slim image $IMAGE..." | |
| docker run --rm $IMAGE php -v | |
| docker run --rm $IMAGE php -m | grep -E "opcache|redis|pdo_mysql|gd" | |
| docker run --rm $IMAGE composer --version | |
| docker run --rm $IMAGE cbox-init --version | |
| # ───────────────────────────────────────────────────────────────────────────── | |
| # SLIM ROOTLESS (Alpine only - Debian doesn't have tiered builds) | |
| # ───────────────────────────────────────────────────────────────────────────── | |
| build-slim-rootless-matrix: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| php_version: ['8.2', '8.3', '8.4', '8.5'] | |
| os_variant: ['bookworm'] | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Get build lifecycle state | |
| id: lifecycle | |
| run: | | |
| chmod +x ./scripts/get-build-state.sh | |
| BUILD_STATE=$(./scripts/get-build-state.sh ${{ matrix.php_version }} ${{ matrix.os_variant }}) | |
| echo "LIFECYCLE=$(echo "$BUILD_STATE" | jq -r '.lifecycle')" >> $GITHUB_OUTPUT | |
| - name: Determine Dockerfile path | |
| id: dockerfile | |
| run: | | |
| echo "path=./php-cli/${{ matrix.php_version }}/debian/bookworm/Dockerfile" >> $GITHUB_OUTPUT | |
| echo "base_os=bookworm" >> $GITHUB_OUTPUT | |
| - name: Get PHP patch version | |
| id: php_patch | |
| run: | | |
| BASE_IMAGE="php:${{ matrix.php_version }}-cli-${{ steps.dockerfile.outputs.base_os }}" | |
| PHP_FULL=$(docker run --rm $BASE_IMAGE php -r 'echo PHP_VERSION;') | |
| echo "version=$PHP_FULL" >> $GITHUB_OUTPUT | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver-opts: network=host | |
| - name: Log in to Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=raw,value=${{ matrix.php_version }}-${{ matrix.os_variant }}-slim-rootless,enable={{is_default_branch}} | |
| type=raw,value=${{ steps.php_patch.outputs.version }}-${{ matrix.os_variant }}-slim-rootless,enable={{is_default_branch}} | |
| type=sha,prefix=${{ matrix.php_version }}-${{ matrix.os_variant }}-slim-rootless-,enable={{is_default_branch}} | |
| type=ref,event=branch,suffix=-${{ matrix.php_version }}-${{ matrix.os_variant }}-slim-rootless | |
| type=ref,event=pr,suffix=-${{ matrix.php_version }}-${{ matrix.os_variant }}-slim-rootless | |
| - name: Build and push slim rootless Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ${{ steps.dockerfile.outputs.path }} | |
| target: slim-rootless | |
| platforms: linux/amd64,linux/arm64 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha,scope=cli-${{ matrix.php_version }}-${{ matrix.os_variant }}-slim-rootless | |
| cache-to: type=gha,mode=max,scope=cli-${{ matrix.php_version }}-${{ matrix.os_variant }}-slim-rootless | |
| - name: Test slim rootless image | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| IMAGE="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.php_version }}-${{ matrix.os_variant }}-slim-rootless" | |
| echo "Testing slim rootless image $IMAGE..." | |
| docker run --rm $IMAGE id -u | grep -E "^(33|82)$" | |
| docker run --rm $IMAGE php -v | |
| docker run --rm $IMAGE composer --version | |
| # ═══════════════════════════════════════════════════════════════════════════ | |
| # STANDARD TIER (DEFAULT) - With ImageMagick, vips, Node.js | |
| # ═══════════════════════════════════════════════════════════════════════════ | |
| build-matrix: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| php_version: ['8.2', '8.3', '8.4', '8.5'] | |
| os_variant: ['bookworm'] | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Get build lifecycle state | |
| id: lifecycle | |
| run: | | |
| chmod +x ./scripts/get-build-state.sh | |
| BUILD_STATE=$(./scripts/get-build-state.sh ${{ matrix.php_version }} ${{ matrix.os_variant }}) | |
| echo "LIFECYCLE=$(echo "$BUILD_STATE" | jq -r '.lifecycle')" >> $GITHUB_OUTPUT | |
| echo "PHP_EOL=$(echo "$BUILD_STATE" | jq -r '.php_eol')" >> $GITHUB_OUTPUT | |
| echo "REMOVAL_DATE=$(echo "$BUILD_STATE" | jq -r '.removal_date // empty')" >> $GITHUB_OUTPUT | |
| echo "PREVIEW_STATUS=$(echo "$BUILD_STATE" | jq -r '.status // empty')" >> $GITHUB_OUTPUT | |
| echo "TAGS_SUFFIX=$(echo "$BUILD_STATE" | jq -r '.tags_suffix // empty')" >> $GITHUB_OUTPUT | |
| echo "Build state for PHP ${{ matrix.php_version }} ${{ matrix.os_variant }}:" | |
| echo "$BUILD_STATE" | jq . | |
| - name: Determine Dockerfile path | |
| id: dockerfile | |
| run: | | |
| echo "path=./php-cli/${{ matrix.php_version }}/debian/bookworm/Dockerfile" >> $GITHUB_OUTPUT | |
| echo "base_os=bookworm" >> $GITHUB_OUTPUT | |
| - name: Get PHP patch version | |
| id: php_patch | |
| run: | | |
| BASE_IMAGE="php:${{ matrix.php_version }}-cli-${{ steps.dockerfile.outputs.base_os }}" | |
| PHP_FULL=$(docker run --rm $BASE_IMAGE php -r 'echo PHP_VERSION;') | |
| echo "version=$PHP_FULL" >> $GITHUB_OUTPUT | |
| echo "PHP patch version: $PHP_FULL" | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver-opts: network=host | |
| - name: Log in to Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| # Rolling version tags (recommended for most users) | |
| type=raw,value=${{ matrix.php_version }}-${{ matrix.os_variant }},enable={{is_default_branch}} | |
| # PHP patch version tags for version pinning (e.g., 8.4.7-alpine) | |
| type=raw,value=${{ steps.php_patch.outputs.version }}-${{ matrix.os_variant }},enable={{is_default_branch}} | |
| # Latest tag (points to 8.4-alpine) | |
| type=raw,value=latest-${{ matrix.os_variant }},enable=${{ matrix.php_version == '8.4' && github.ref == 'refs/heads/main' }} | |
| # Immutable SHA tags for reproducibility | |
| type=sha,prefix=${{ matrix.php_version }}-${{ matrix.os_variant }}-,enable={{is_default_branch}} | |
| # Branch tags | |
| type=ref,event=branch,suffix=-${{ matrix.php_version }}-${{ matrix.os_variant }} | |
| type=ref,event=pr,suffix=-${{ matrix.php_version }}-${{ matrix.os_variant }} | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ${{ steps.dockerfile.outputs.path }} | |
| target: root | |
| platforms: linux/amd64,linux/arm64 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha,scope=cli-${{ matrix.php_version }}-${{ matrix.os_variant }} | |
| cache-to: type=gha,mode=max,scope=cli-${{ matrix.php_version }}-${{ matrix.os_variant }} | |
| - name: Test image | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| IMAGE="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.php_version }}-${{ matrix.os_variant }}" | |
| echo "Testing $IMAGE..." | |
| docker run --rm $IMAGE php -v | |
| docker run --rm $IMAGE php -m | grep -E "opcache|redis|pdo_mysql|gd|imagick" | |
| docker run --rm $IMAGE composer --version | |
| docker run --rm $IMAGE node --version | |
| docker run --rm $IMAGE cbox-init --version | |
| # ───────────────────────────────────────────────────────────────────────────── | |
| # STANDARD ROOTLESS | |
| # ───────────────────────────────────────────────────────────────────────────── | |
| build-rootless-matrix: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| php_version: ['8.2', '8.3', '8.4', '8.5'] | |
| os_variant: ['bookworm'] | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Get build lifecycle state | |
| id: lifecycle | |
| run: | | |
| chmod +x ./scripts/get-build-state.sh | |
| BUILD_STATE=$(./scripts/get-build-state.sh ${{ matrix.php_version }} ${{ matrix.os_variant }}) | |
| echo "LIFECYCLE=$(echo "$BUILD_STATE" | jq -r '.lifecycle')" >> $GITHUB_OUTPUT | |
| echo "PHP_EOL=$(echo "$BUILD_STATE" | jq -r '.php_eol')" >> $GITHUB_OUTPUT | |
| echo "REMOVAL_DATE=$(echo "$BUILD_STATE" | jq -r '.removal_date // empty')" >> $GITHUB_OUTPUT | |
| echo "PREVIEW_STATUS=$(echo "$BUILD_STATE" | jq -r '.status // empty')" >> $GITHUB_OUTPUT | |
| echo "TAGS_SUFFIX=$(echo "$BUILD_STATE" | jq -r '.tags_suffix // empty')" >> $GITHUB_OUTPUT | |
| echo "Build state for PHP ${{ matrix.php_version }} ${{ matrix.os_variant }} (rootless):" | |
| echo "$BUILD_STATE" | jq . | |
| - name: Determine Dockerfile path | |
| id: dockerfile | |
| run: | | |
| echo "path=./php-cli/${{ matrix.php_version }}/debian/bookworm/Dockerfile" >> $GITHUB_OUTPUT | |
| echo "base_os=bookworm" >> $GITHUB_OUTPUT | |
| - name: Get PHP patch version | |
| id: php_patch | |
| run: | | |
| BASE_IMAGE="php:${{ matrix.php_version }}-cli-${{ steps.dockerfile.outputs.base_os }}" | |
| PHP_FULL=$(docker run --rm $BASE_IMAGE php -r 'echo PHP_VERSION;') | |
| echo "version=$PHP_FULL" >> $GITHUB_OUTPUT | |
| echo "PHP patch version: $PHP_FULL" | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver-opts: network=host | |
| - name: Log in to Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata for rootless images | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| # Rolling version tags (recommended for most users) | |
| type=raw,value=${{ matrix.php_version }}-${{ matrix.os_variant }}-rootless,enable={{is_default_branch}} | |
| # PHP patch version tags for version pinning (e.g., 8.4.7-alpine-rootless) | |
| type=raw,value=${{ steps.php_patch.outputs.version }}-${{ matrix.os_variant }}-rootless,enable={{is_default_branch}} | |
| # Latest tag (points to 8.4-alpine-rootless) | |
| type=raw,value=latest-${{ matrix.os_variant }}-rootless,enable=${{ matrix.php_version == '8.4' && github.ref == 'refs/heads/main' }} | |
| # Immutable SHA tags for reproducibility | |
| type=sha,prefix=${{ matrix.php_version }}-${{ matrix.os_variant }}-rootless-,enable={{is_default_branch}} | |
| # Branch tags | |
| type=ref,event=branch,suffix=-${{ matrix.php_version }}-${{ matrix.os_variant }}-rootless | |
| type=ref,event=pr,suffix=-${{ matrix.php_version }}-${{ matrix.os_variant }}-rootless | |
| - name: Build and push rootless Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ${{ steps.dockerfile.outputs.path }} | |
| target: rootless | |
| platforms: linux/amd64,linux/arm64 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha,scope=cli-${{ matrix.php_version }}-${{ matrix.os_variant }}-rootless | |
| cache-to: type=gha,mode=max,scope=cli-${{ matrix.php_version }}-${{ matrix.os_variant }}-rootless | |
| - name: Test rootless image | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| IMAGE="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.php_version }}-${{ matrix.os_variant }}-rootless" | |
| echo "Testing rootless image $IMAGE..." | |
| # Verify running as non-root (www-data = uid 82 on Alpine, 33 on Debian) | |
| docker run --rm $IMAGE id -u | grep -E "^(33|82)$" | |
| docker run --rm $IMAGE php -v | |
| docker run --rm $IMAGE php -m | grep -E "opcache|redis|pdo_mysql|gd|imagick" | |
| docker run --rm $IMAGE composer --version | |
| docker run --rm $IMAGE node --version | |
| docker run --rm $IMAGE cbox-init --version | |
| # ═══════════════════════════════════════════════════════════════════════════ | |
| # FULL TIER - With Chromium for Browsershot/Dusk (Alpine only) | |
| # ═══════════════════════════════════════════════════════════════════════════ | |
| build-full-matrix: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| php_version: ['8.2', '8.3', '8.4', '8.5'] | |
| os_variant: ['bookworm'] | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Get build lifecycle state | |
| id: lifecycle | |
| run: | | |
| chmod +x ./scripts/get-build-state.sh | |
| BUILD_STATE=$(./scripts/get-build-state.sh ${{ matrix.php_version }} ${{ matrix.os_variant }}) | |
| echo "LIFECYCLE=$(echo "$BUILD_STATE" | jq -r '.lifecycle')" >> $GITHUB_OUTPUT | |
| - name: Determine Dockerfile path | |
| id: dockerfile | |
| run: | | |
| echo "path=./php-cli/${{ matrix.php_version }}/debian/bookworm/Dockerfile" >> $GITHUB_OUTPUT | |
| echo "base_os=bookworm" >> $GITHUB_OUTPUT | |
| - name: Get PHP patch version | |
| id: php_patch | |
| run: | | |
| BASE_IMAGE="php:${{ matrix.php_version }}-cli-${{ steps.dockerfile.outputs.base_os }}" | |
| PHP_FULL=$(docker run --rm $BASE_IMAGE php -r 'echo PHP_VERSION;') | |
| echo "version=$PHP_FULL" >> $GITHUB_OUTPUT | |
| echo "PHP patch version: $PHP_FULL" | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver-opts: network=host | |
| - name: Log in to Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=raw,value=${{ matrix.php_version }}-${{ matrix.os_variant }}-full,enable={{is_default_branch}} | |
| type=raw,value=${{ steps.php_patch.outputs.version }}-${{ matrix.os_variant }}-full,enable={{is_default_branch}} | |
| type=sha,prefix=${{ matrix.php_version }}-${{ matrix.os_variant }}-full-,enable={{is_default_branch}} | |
| type=ref,event=branch,suffix=-${{ matrix.php_version }}-${{ matrix.os_variant }}-full | |
| type=ref,event=pr,suffix=-${{ matrix.php_version }}-${{ matrix.os_variant }}-full | |
| - name: Build and push full Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ${{ steps.dockerfile.outputs.path }} | |
| target: full-root | |
| platforms: linux/amd64,linux/arm64 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha,scope=cli-${{ matrix.php_version }}-${{ matrix.os_variant }}-full | |
| cache-to: type=gha,mode=max,scope=cli-${{ matrix.php_version }}-${{ matrix.os_variant }}-full | |
| - name: Test full image | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| IMAGE="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.php_version }}-${{ matrix.os_variant }}-full" | |
| echo "Testing full image $IMAGE..." | |
| docker run --rm $IMAGE php -v | |
| docker run --rm $IMAGE php -m | grep -E "opcache|redis|pdo_mysql|gd|imagick" | |
| docker run --rm $IMAGE composer --version | |
| docker run --rm $IMAGE node --version | |
| docker run --rm $IMAGE cbox-init --version | |
| # Verify Chromium is installed | |
| docker run --rm $IMAGE which chromium-browser || docker run --rm $IMAGE which chromium | |
| # ───────────────────────────────────────────────────────────────────────────── | |
| # FULL ROOTLESS (Alpine only - Debian doesn't have tiered builds) | |
| # ───────────────────────────────────────────────────────────────────────────── | |
| build-full-rootless-matrix: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| php_version: ['8.2', '8.3', '8.4', '8.5'] | |
| os_variant: ['bookworm'] | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Get build lifecycle state | |
| id: lifecycle | |
| run: | | |
| chmod +x ./scripts/get-build-state.sh | |
| BUILD_STATE=$(./scripts/get-build-state.sh ${{ matrix.php_version }} ${{ matrix.os_variant }}) | |
| echo "LIFECYCLE=$(echo "$BUILD_STATE" | jq -r '.lifecycle')" >> $GITHUB_OUTPUT | |
| - name: Determine Dockerfile path | |
| id: dockerfile | |
| run: | | |
| echo "path=./php-cli/${{ matrix.php_version }}/debian/bookworm/Dockerfile" >> $GITHUB_OUTPUT | |
| echo "base_os=bookworm" >> $GITHUB_OUTPUT | |
| - name: Get PHP patch version | |
| id: php_patch | |
| run: | | |
| BASE_IMAGE="php:${{ matrix.php_version }}-cli-${{ steps.dockerfile.outputs.base_os }}" | |
| PHP_FULL=$(docker run --rm $BASE_IMAGE php -r 'echo PHP_VERSION;') | |
| echo "version=$PHP_FULL" >> $GITHUB_OUTPUT | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver-opts: network=host | |
| - name: Log in to Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=raw,value=${{ matrix.php_version }}-${{ matrix.os_variant }}-full-rootless,enable={{is_default_branch}} | |
| type=raw,value=${{ steps.php_patch.outputs.version }}-${{ matrix.os_variant }}-full-rootless,enable={{is_default_branch}} | |
| type=sha,prefix=${{ matrix.php_version }}-${{ matrix.os_variant }}-full-rootless-,enable={{is_default_branch}} | |
| type=ref,event=branch,suffix=-${{ matrix.php_version }}-${{ matrix.os_variant }}-full-rootless | |
| type=ref,event=pr,suffix=-${{ matrix.php_version }}-${{ matrix.os_variant }}-full-rootless | |
| - name: Build and push full rootless Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ${{ steps.dockerfile.outputs.path }} | |
| target: full-rootless | |
| platforms: linux/amd64,linux/arm64 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha,scope=cli-${{ matrix.php_version }}-${{ matrix.os_variant }}-full-rootless | |
| cache-to: type=gha,mode=max,scope=cli-${{ matrix.php_version }}-${{ matrix.os_variant }}-full-rootless | |
| - name: Test full rootless image | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| IMAGE="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.php_version }}-${{ matrix.os_variant }}-full-rootless" | |
| echo "Testing full rootless image $IMAGE..." | |
| docker run --rm $IMAGE id -u | grep -E "^(33|82)$" | |
| docker run --rm $IMAGE php -v | |
| docker run --rm $IMAGE composer --version | |
| docker run --rm $IMAGE which chromium-browser || docker run --rm $IMAGE which chromium |