Build and Push PHP-Base Images #45

Workflow file for this run

.github/workflows/build-php-base.yml at f274b02

	name: Build and Push PHP-Base Images

	on:
	push:
	branches: [main, develop]
	paths:
	- 'php-base/**'
	- 'common/**'
	- 'versions.json'
	- '.github/workflows/build-php-base.yml'
	- '.github/workflows/_build-image.yml'
	tags:
	- 'base-*'
	pull_request:
	branches: [main]
	paths:
	- 'php-base/**'
	- 'common/**'
	- 'versions.json'
	workflow_dispatch:
	inputs:
	php_version:
	description: 'PHP Version to build (8.2, 8.3, 8.4, or all)'
	required: false
	default: 'all'
	os_variant:
	description: 'OS variant to build (bookworm or all)'
	required: false
	default: 'all'
	tier:
	description: 'Image tier to build (slim, standard, chromium, or all)'
	required: false
	default: 'all'
	schedule:
	# Weekly security rebuild - Monday 01:00 UTC (runs before dependent images)
	- cron: '0 1 * * 1'

	# ═══════════════════════════════════════════════════════════════════════════════
	# php-base uses build-args from versions.json and downloads cbox-init binaries.
	# These are handled inside _build-image.yml (conditional on image-type=php-base).
	#
	# Tag pattern for php-base is simpler than downstream images:
	# - No PHP patch version tags
	# - No latest tags for non-standard tiers
	# - Uses semver tags on tag pushes
	# ═══════════════════════════════════════════════════════════════════════════════

	jobs:
	# ═══════════════════════════════════════════════════════════════════════════
	# SLIM TIER - Minimal PHP with essential extensions only
	# ═══════════════════════════════════════════════════════════════════════════
	build-slim-matrix:
	strategy:
	fail-fast: false
	matrix:
	php_version: ['8.2', '8.3', '8.4', '8.5']
	os_variant: ['bookworm']
	uses: ./.github/workflows/_build-image.yml
	with:
	image-name: php-base
	image-type: php-base
	php-version: ${{ matrix.php_version }}
	os-variant: ${{ matrix.os_variant }}
	tier: slim
	target: slim-root
	tag-suffix: slim
	cache-scope-prefix: base
	enable-cosign: true
	test-script: \|
	echo "Testing slim $IMAGE..."
	docker run --rm $IMAGE php -v
	docker run --rm $IMAGE php -m \| grep -E "opcache\|redis\|pdo_mysql\|gd"
	docker run --rm $IMAGE composer --version
	# Slim does NOT have node, imagemagick, vips - that's expected
	secrets: inherit

	build-slim-rootless-matrix:
	strategy:
	fail-fast: false
	matrix:
	php_version: ['8.2', '8.3', '8.4', '8.5']
	os_variant: ['bookworm']
	uses: ./.github/workflows/_build-image.yml
	with:
	image-name: php-base
	image-type: php-base
	php-version: ${{ matrix.php_version }}
	os-variant: ${{ matrix.os_variant }}
	tier: slim
	target: slim-rootless
	rootless: true
	tag-suffix: slim-rootless
	cache-scope-prefix: base
	enable-cosign: true
	test-script: \|
	echo "Testing slim-rootless $IMAGE..."
	docker run --rm $IMAGE id -u \| grep -E "^(33\|82)$"
	docker run --rm $IMAGE php -v
	secrets: inherit

	# ═══════════════════════════════════════════════════════════════════════════
	# STANDARD TIER (DEFAULT) - ImageMagick, vips, Node.js included
	# ═══════════════════════════════════════════════════════════════════════════
	build-matrix:
	strategy:
	fail-fast: false
	matrix:
	php_version: ['8.2', '8.3', '8.4', '8.5']
	os_variant: ['bookworm']
	uses: ./.github/workflows/_build-image.yml
	with:
	image-name: php-base
	image-type: php-base
	php-version: ${{ matrix.php_version }}
	os-variant: ${{ matrix.os_variant }}
	tier: standard
	target: root
	tag-suffix: ''
	cache-scope-prefix: base
	enable-cosign: true
	enable-latest-tag: true
	test-script: \|
	echo "Testing $IMAGE..."
	docker run --rm $IMAGE php -v
	docker run --rm $IMAGE php -m \| grep -E "opcache\|redis\|pdo_mysql\|gd\|imagick\|vips"
	docker run --rm $IMAGE composer --version
	docker run --rm $IMAGE node --version
	docker run --rm $IMAGE cbox-init --version
	secrets: inherit

	build-rootless-matrix:
	strategy:
	fail-fast: false
	matrix:
	php_version: ['8.2', '8.3', '8.4', '8.5']
	os_variant: ['bookworm']
	uses: ./.github/workflows/_build-image.yml
	with:
	image-name: php-base
	image-type: php-base
	php-version: ${{ matrix.php_version }}
	os-variant: ${{ matrix.os_variant }}
	tier: standard
	target: rootless
	rootless: true
	tag-suffix: rootless
	cache-scope-prefix: base
	enable-cosign: true
	enable-latest-tag: true
	test-script: \|
	echo "Testing rootless image $IMAGE..."
	docker run --rm $IMAGE id -u \| grep -E "^(33\|82)$"
	docker run --rm $IMAGE php -v
	docker run --rm $IMAGE php -m \| grep -E "opcache\|redis\|pdo_mysql\|gd\|imagick\|vips"
	docker run --rm $IMAGE composer --version
	docker run --rm $IMAGE node --version
	docker run --rm $IMAGE cbox-init --version
	secrets: inherit

	# ═══════════════════════════════════════════════════════════════════════════
	# CHROMIUM TIER - Includes Chromium for Browsershot/Dusk
	# ═══════════════════════════════════════════════════════════════════════════
	build-chromium-matrix:
	strategy:
	fail-fast: false
	matrix:
	php_version: ['8.2', '8.3', '8.4', '8.5']
	os_variant: ['bookworm']
	uses: ./.github/workflows/_build-image.yml
	with:
	image-name: php-base
	image-type: php-base
	php-version: ${{ matrix.php_version }}
	os-variant: ${{ matrix.os_variant }}
	tier: chromium
	target: chromium-root
	tag-suffix: chromium
	cache-scope-prefix: base
	enable-cosign: true
	test-script: \|
	echo "Testing chromium $IMAGE..."
	docker run --rm $IMAGE php -v
	docker run --rm $IMAGE php -m \| grep -E "opcache\|redis\|pdo_mysql\|gd\|imagick\|vips"
	docker run --rm $IMAGE composer --version
	docker run --rm $IMAGE node --version
	docker run --rm $IMAGE cbox-init --version
	# Verify Chromium is installed
	docker run --rm $IMAGE which chromium \|\| docker run --rm $IMAGE which chromium-browser
	secrets: inherit

	build-chromium-rootless-matrix:
	strategy:
	fail-fast: false
	matrix:
	php_version: ['8.2', '8.3', '8.4', '8.5']
	os_variant: ['bookworm']
	uses: ./.github/workflows/_build-image.yml
	with:
	image-name: php-base
	image-type: php-base
	php-version: ${{ matrix.php_version }}
	os-variant: ${{ matrix.os_variant }}
	tier: chromium
	target: chromium-rootless
	rootless: true
	tag-suffix: chromium-rootless
	cache-scope-prefix: base
	enable-cosign: true
	test-script: \|
	echo "Testing chromium-rootless $IMAGE..."
	docker run --rm $IMAGE id -u \| grep -E "^(33\|82)$"
	docker run --rm $IMAGE php -v
	docker run --rm $IMAGE which chromium \|\| docker run --rm $IMAGE which chromium-browser
	secrets: inherit

	# ═══════════════════════════════════════════════════════════════════════════
	# DEV TIER - Standard + Xdebug, PCOV, SPX for development/testing
	# ═══════════════════════════════════════════════════════════════════════════
	build-dev-matrix:
	strategy:
	fail-fast: false
	matrix:
	php_version: ['8.2', '8.3', '8.4', '8.5']
	os_variant: ['bookworm']
	uses: ./.github/workflows/_build-image.yml
	with:
	image-name: php-base
	image-type: php-base
	php-version: ${{ matrix.php_version }}
	os-variant: ${{ matrix.os_variant }}
	tier: dev
	target: dev-root
	tag-suffix: dev
	cache-scope-prefix: base
	enable-cosign: true
	test-script: \|
	echo "Testing dev $IMAGE..."
	docker run --rm $IMAGE php -v
	docker run --rm $IMAGE php -m \| grep -E "opcache\|redis\|pdo_mysql\|gd\|imagick\|vips\|xdebug\|pcov\|spx"
	docker run --rm $IMAGE composer --version
	docker run --rm $IMAGE node --version
	docker run --rm $IMAGE cbox-init --version
	# Verify Chromium is installed (inherited from chromium tier)
	docker run --rm $IMAGE which chromium \|\| docker run --rm $IMAGE which chromium-browser
	secrets: inherit

	build-dev-rootless-matrix:
	strategy:
	fail-fast: false
	matrix:
	php_version: ['8.2', '8.3', '8.4', '8.5']
	os_variant: ['bookworm']
	uses: ./.github/workflows/_build-image.yml
	with:
	image-name: php-base
	image-type: php-base
	php-version: ${{ matrix.php_version }}
	os-variant: ${{ matrix.os_variant }}
	tier: dev
	target: dev-rootless
	rootless: true
	tag-suffix: dev-rootless
	cache-scope-prefix: base
	enable-cosign: true
	test-script: \|
	echo "Testing dev-rootless $IMAGE..."
	docker run --rm $IMAGE id -u \| grep -E "^(33\|82)$"
	docker run --rm $IMAGE php -v
	docker run --rm $IMAGE php -m \| grep -E "xdebug\|pcov\|spx"
	secrets: inherit

	# ═══════════════════════════════════════════════════════════════════════════
	# Trigger dependent image builds after php-base completes
	# ═══════════════════════════════════════════════════════════════════════════
	trigger-dependent-builds:
	needs: [build-slim-matrix, build-slim-rootless-matrix, build-matrix, build-rootless-matrix, build-chromium-matrix, build-chromium-rootless-matrix, build-dev-matrix, build-dev-rootless-matrix]
	if: github.event_name != 'pull_request' && github.ref == 'refs/heads/main'
	runs-on: ubuntu-24.04
	permissions:
	contents: write
	steps:
	- name: Trigger dependent builds (php-fpm + php-cli)
	uses: peter-evans/repository-dispatch@v2
	with:
	event-type: php-base-updated

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build and Push PHP-Base Images #45

Workflow file

Build and Push PHP-Base Images #45

Uh oh!

Workflow file for this run