Move workflow version selection into build-versions.env #39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PHP-FPM | |
| on: | |
| push: | |
| branches: [ main ] | |
| paths: | |
| - 'docker/php/fpm/**' | |
| - '.github/workflows/build-fpm.yml' | |
| - 'workflow/build-versions.env' | |
| schedule: | |
| - cron: '0 2 * * 1' | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| packages: write # needed for GHCR | |
| env: | |
| GHCR_IMAGE: ghcr.io/liquidrazor/php | |
| DOCKERHUB_IMAGE: docker.io/liquidrazor/php | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| resolve-versions: | |
| runs-on: blacksmith-4vcpu-ubuntu-2404 | |
| outputs: | |
| matrix: ${{ steps.versions.outputs.matrix }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Resolve build matrix | |
| id: versions | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| . workflow/build-versions.env | |
| printf 'matrix={"include":[{"php_version":"%s","is_latest":true},{"php_version":"%s","is_latest":false}]}\n' \ | |
| "$PHP_LATEST" \ | |
| "$PHP_PREVIOUS" >> "$GITHUB_OUTPUT" | |
| build-amd64: | |
| needs: resolve-versions | |
| runs-on: blacksmith-4vcpu-ubuntu-2404 | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJSON(needs.resolve-versions.outputs.matrix) }} | |
| env: | |
| ARCH_SUFFIX: amd64 | |
| PHP_VERSION: ${{ matrix.php_version }} | |
| IS_LATEST: ${{ matrix.is_latest }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Blacksmith Builder | |
| uses: useblacksmith/setup-docker-builder@v1 | |
| # Log in to GHCR | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # Log in to Docker Hub | |
| - uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Compute tags (FPM) | |
| id: tags | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| PHP_VERSION="${PHP_VERSION:?missing}" | |
| LINE_VERSION="$(cut -d. -f1,2 <<<"$PHP_VERSION")" | |
| TAGS=("${LINE_VERSION}-fpm" "${PHP_VERSION}-fpm") | |
| if [[ "${IS_LATEST}" == "true" ]]; then | |
| TAGS=("fpm" "${TAGS[@]}") | |
| fi | |
| ARCH="${ARCH_SUFFIX}" | |
| # Registry-qualified tags with arch suffix | |
| mapfile -t TAGS_WITH_ARCH < <( | |
| for t in "${TAGS[@]}"; do | |
| printf "%s:%s-%s\n" "${GHCR_IMAGE}" "$t" "${ARCH}" | |
| printf "%s:%s-%s\n" "${DOCKERHUB_IMAGE}" "$t" "${ARCH}" | |
| done | |
| ) | |
| # No-arch tags (for manifest creation) | |
| mapfile -t TAGS_NO_ARCH < <( | |
| for t in "${TAGS[@]}"; do | |
| printf "%s:%s\n" "${GHCR_IMAGE}" "$t" | |
| printf "%s:%s\n" "${DOCKERHUB_IMAGE}" "$t" | |
| done | |
| ) | |
| { | |
| echo "tags_with_arch<<__ARCH__" | |
| printf '%s\n' "${TAGS_WITH_ARCH[@]}" | |
| echo "__ARCH__" | |
| } >> "$GITHUB_OUTPUT" | |
| { | |
| echo "tags_no_arch<<__NOARCH__" | |
| printf '%s\n' "${TAGS_NO_ARCH[@]}" | |
| echo "__NOARCH__" | |
| } >> "$GITHUB_OUTPUT" | |
| - uses: useblacksmith/build-push-action@v2 | |
| with: | |
| context: docker/php/fpm/base | |
| file: docker/php/fpm/base/Dockerfile | |
| push: true | |
| platforms: linux/amd64 | |
| build-args: | | |
| PHP_VERSION=${{ env.PHP_VERSION }} | |
| tags: ${{ steps.tags.outputs.tags_with_arch }} | |
| sbom: false | |
| provenance: false | |
| build-arm64: | |
| needs: resolve-versions | |
| runs-on: blacksmith-4vcpu-ubuntu-2404-arm | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJSON(needs.resolve-versions.outputs.matrix) }} | |
| env: | |
| ARCH_SUFFIX: arm64 | |
| PHP_VERSION: ${{ matrix.php_version }} | |
| IS_LATEST: ${{ matrix.is_latest }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Blacksmith Builder | |
| uses: useblacksmith/setup-docker-builder@v1 | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Compute tags (FPM) | |
| id: tags | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| PHP_VERSION="${PHP_VERSION:?missing}" | |
| LINE_VERSION="$(cut -d. -f1,2 <<<"$PHP_VERSION")" | |
| TAGS=("${LINE_VERSION}-fpm" "${PHP_VERSION}-fpm") | |
| if [[ "${IS_LATEST}" == "true" ]]; then | |
| TAGS=("fpm" "${TAGS[@]}") | |
| fi | |
| ARCH="${ARCH_SUFFIX}" | |
| mapfile -t TAGS_WITH_ARCH < <( | |
| for t in "${TAGS[@]}"; do | |
| printf "%s:%s-%s\n" "${GHCR_IMAGE}" "$t" "${ARCH}" | |
| printf "%s:%s-%s\n" "${DOCKERHUB_IMAGE}" "$t" "${ARCH}" | |
| done | |
| ) | |
| mapfile -t TAGS_NO_ARCH < <( | |
| for t in "${TAGS[@]}"; do | |
| printf "%s:%s\n" "${GHCR_IMAGE}" "$t" | |
| printf "%s:%s\n" "${DOCKERHUB_IMAGE}" "$t" | |
| done | |
| ) | |
| { | |
| echo "tags_with_arch<<__ARCH__" | |
| printf '%s\n' "${TAGS_WITH_ARCH[@]}" | |
| echo "__ARCH__" | |
| } >> "$GITHUB_OUTPUT" | |
| { | |
| echo "tags_no_arch<<__NOARCH__" | |
| printf '%s\n' "${TAGS_NO_ARCH[@]}" | |
| echo "__NOARCH__" | |
| } >> "$GITHUB_OUTPUT" | |
| - uses: useblacksmith/build-push-action@v2 | |
| with: | |
| context: docker/php/fpm/base | |
| file: docker/php/fpm/base/Dockerfile | |
| push: true | |
| platforms: linux/arm64 | |
| build-args: | | |
| PHP_VERSION=${{ env.PHP_VERSION }} | |
| tags: ${{ steps.tags.outputs.tags_with_arch }} | |
| sbom: false | |
| provenance: false | |
| manifest: | |
| runs-on: blacksmith-4vcpu-ubuntu-2404 | |
| needs: [resolve-versions, build-amd64, build-arm64] | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJSON(needs.resolve-versions.outputs.matrix) }} | |
| env: | |
| PHP_VERSION: ${{ matrix.php_version }} | |
| IS_LATEST: ${{ matrix.is_latest }} | |
| steps: | |
| - name: Setup Blacksmith Builder | |
| uses: useblacksmith/setup-docker-builder@v1 | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Recompute final tags (FPM) | |
| id: tags | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| PHP_VERSION="${PHP_VERSION:?missing}" | |
| LINE_VERSION="$(cut -d. -f1,2 <<<"$PHP_VERSION")" | |
| TAGS=("${LINE_VERSION}-fpm" "${PHP_VERSION}-fpm") | |
| if [[ "${IS_LATEST}" == "true" ]]; then | |
| TAGS=("fpm" "${TAGS[@]}") | |
| fi | |
| # Fully-qualified (no-arch) targets for manifest creation, both registries | |
| mapfile -t TAGS_NO_ARCH < <( | |
| for t in "${TAGS[@]}"; do | |
| printf "%s:%s\n" "${GHCR_IMAGE}" "$t" | |
| printf "%s:%s\n" "${DOCKERHUB_IMAGE}" "$t" | |
| done | |
| ) | |
| { | |
| echo "tags_no_arch<<__NOARCH__" | |
| printf '%s\n' "${TAGS_NO_ARCH[@]}" | |
| echo "__NOARCH__" | |
| } >> "$GITHUB_OUTPUT" | |
| - name: Publish multi-arch manifests (FPM) | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| while IFS= read -r TARGET; do | |
| base="${TARGET%:*}" | |
| tag="${TARGET##*:}" | |
| echo "Creating manifest for ${base}:${tag}" | |
| docker buildx imagetools create \ | |
| -t "${base}:${tag}" \ | |
| "${base}:${tag}-amd64" \ | |
| "${base}:${tag}-arm64" | |
| done <<< "${{ steps.tags.outputs.tags_no_arch }}" |