Docker Release 8.3.12 by @zebby76 #126
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker Release | |
run-name: Docker Release ${{ github.ref_name }} by @${{ github.actor }} | |
on: | |
push: | |
tags: | |
- '[0-9]+.[0-9]+.[0-9]+*' | |
jobs: | |
init: | |
runs-on: ubuntu-20.04 | |
outputs: | |
version-patch: ${{ steps.prep.outputs.version-patch }} | |
version-minor: ${{ steps.prep.outputs.version-minor }} | |
version-major: ${{ steps.prep.outputs.version-major }} | |
build-date: ${{ steps.prep.outputs.build-date }} | |
docker-image-name: ${{ steps.prep.outputs.docker-image-name }} | |
github-ci-run-id: ${{ steps.prep.outputs.github-ci-run-id }} | |
github-ci-sha-short: ${{ steps.prep.outputs.github-ci-sha-short }} | |
github-ci-sha: ${{ steps.prep.outputs.github-ci-sha }} | |
node-version: ${{ steps.prep.outputs.node-version }} | |
composer-version: ${{ steps.prep.outputs.composer-version }} | |
aws-cli-version: ${{ steps.prep.outputs.aws-cli-version }} | |
php-ext-redis-version: ${{ steps.prep.outputs.php-ext-redis-version }} | |
php-ext-apcu-version: ${{ steps.prep.outputs.php-ext-apcu-version }} | |
php-ext-xdebug-version: ${{ steps.prep.outputs.php-ext-xdebug-version }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Fill GitHub Environment Variables | |
uses: FranzDiebold/github-env-vars-action@v2 | |
- name: Fill PHP Version Environment Variable | |
uses: c-py/action-dotenv-to-setenv@v5 | |
with: | |
env-file: .build.env | |
- name: Prepare Workflow Environment | |
id: prep | |
run: | | |
VERSION_MAJOR_MINOR_PATCH=${GITHUB_REF_NAME} | |
VERSION_MAJOR_MINOR=${VERSION_MAJOR_MINOR_PATCH%.*} | |
VERSION_MAJOR=${VERSION_MAJOR_MINOR%.*} | |
echo "docker-image-name=${DOCKER_IMAGE_NAME}" >> $GITHUB_OUTPUT | |
echo "version-patch=${VERSION_MAJOR_MINOR_PATCH}" >> $GITHUB_OUTPUT | |
echo "version-minor=${VERSION_MAJOR_MINOR}" >> $GITHUB_OUTPUT | |
echo "version-major=${VERSION_MAJOR}" >> $GITHUB_OUTPUT | |
echo "build-date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT | |
echo "github-ci-sha-short=${CI_SHA_SHORT}" >> $GITHUB_OUTPUT | |
echo "github-ci-sha=${CI_SHA}" >> $GITHUB_OUTPUT | |
echo "github-ci-run-id=${CI_RUN_ID}" >> $GITHUB_OUTPUT | |
echo "node-version=${NODE_VERSION}" >> $GITHUB_OUTPUT | |
echo "composer-version=${COMPOSER_VERSION}" >> $GITHUB_OUTPUT | |
echo "aws-cli-version=${AWS_CLI_VERSION}" >> $GITHUB_OUTPUT | |
echo "php-ext-redis-version=${PHP_EXT_REDIS_VERSION}" >> $GITHUB_OUTPUT | |
echo "php-ext-apcu-version=${PHP_EXT_APCU_VERSION}" >> $GITHUB_OUTPUT | |
echo "php-ext-xdebug-version=${PHP_EXT_XDEBUG_VERSION}" >> $GITHUB_OUTPUT | |
build: | |
strategy: | |
matrix: | |
image-variant: [fpm-prd,apache-prd,nginx-prd,cli-prd,fpm-dev,apache-dev,nginx-dev,cli-dev] | |
runs-on: ubuntu-20.04 | |
needs: init | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Cache Docker layers | |
uses: actions/cache@v4 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- name: Fill "${{ needs.init.outputs.docker-image-name }}" Docker Image metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
images: "${{ needs.init.outputs.docker-image-name }}" | |
tags: | | |
type=raw,value=${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} | |
type=raw,value=${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }} | |
type=raw,value=${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }} | |
- name: Create Dockerfile | |
run: | | |
make Dockerfile | |
- name: Build "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker Image | |
id: build | |
uses: docker/build-push-action@v6 | |
with: | |
builder: ${{ steps.buildx.outputs.name }} | |
context: . | |
file: Dockerfile | |
target: ${{ matrix.image-variant }} | |
build-args: | | |
VERSION_ARG=${{ needs.init.outputs.version-patch }} | |
RELEASE_ARG=${{ needs.init.outputs.github-ci-run-id }} | |
VCS_REF_ARG=${{ needs.init.outputs.github-ci-sha }} | |
BUILD_DATE_ARG=${{ needs.init.outputs.build-date }} | |
NODE_VERSION_ARG=${{ needs.init.outputs.node-version }} | |
COMPOSER_VERSION_ARG=${{ needs.init.outputs.composer-version }} | |
AWS_CLI_VERSION_ARG=${{ needs.init.outputs.aws-cli-version }} | |
PHP_EXT_REDIS_VERSION_ARG=${{ needs.init.outputs.php-ext-redis-version }} | |
PHP_EXT_APCU_VERSION_ARG=${{ needs.init.outputs.php-ext-apcu-version }} | |
PHP_EXT_XDEBUG_VERSION_ARG=${{ needs.init.outputs.php-ext-xdebug-version }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
outputs: type=docker,dest=/tmp/builded.tar | |
- name: Install Docker Squash | |
id: install-squash | |
run: | | |
pip install docker-squash | |
- name: Squash "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker Image | |
id: squash | |
run: | | |
cat /tmp/builded.tar | docker load | |
docker-squash --message "Build and Squashed in GitHub Action" \ | |
--tag ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} \ | |
--output-path /tmp/squashed.tar \ | |
--cleanup \ | |
${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} | |
cat /tmp/squashed.tar | docker load | |
tags=$(echo "${{ steps.meta.outputs.tags }}" | tr "\n" " ") | |
for tag in $tags; do | |
docker tag ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} $tag | |
done | |
docker save --output /tmp/final.tar $tags | |
- name: Check "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker Images | |
run: | | |
docker image inspect ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} | |
docker history ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} | |
- name: Upload "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker image artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ matrix.image-variant }} | |
path: /tmp/final.tar | |
tests: | |
strategy: | |
matrix: | |
image-variant: [fpm-prd,apache-prd,nginx-prd,cli-prd,fpm-dev,apache-dev,nginx-dev,cli-dev] | |
runs-on: ubuntu-20.04 | |
needs: [init,build] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup BATS testing framework | |
uses: zebby76/setup-bats@v2 | |
with: | |
bats-version: 1.2.1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Download "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker image artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ matrix.image-variant }} | |
path: /tmp | |
- name: Load Docker image | |
run: | | |
docker load --input /tmp/final.tar | |
docker image ls -a | |
- name: Scan "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker image | |
uses: anchore/scan-action@v5 | |
id: scan | |
with: | |
image: ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} | |
fail-build: false | |
severity-cutoff: critical | |
output-format: table | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
registry: docker.io | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Prepare Test Environment | |
id: prep-test | |
run: | | |
echo "image-flavor=${IMAGE_VARIANT%-*}" >> $GITHUB_OUTPUT | |
env: | |
IMAGE_VARIANT: ${{ matrix.image-variant }} | |
- name: Test "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker Image | |
env: | |
DOCKER_IMAGE_NAME: ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} | |
PHP_VERSION: ${{ needs.init.outputs.version-patch }} | |
AWS_CLI_VERSION: ${{ needs.init.outputs.aws-cli-version }} | |
CONTAINER_ENGINE: docker | |
run: | | |
docker network create docker_default | |
docker pull curlimages/curl:8.1.2 | |
bats -r test/tests.${{ steps.prep-test.outputs.image-flavor }}.bats | |
sign-dev: | |
strategy: | |
max-parallel: 1 | |
matrix: | |
image-variant: [fpm-dev,apache-dev,nginx-dev,cli-dev] | |
runs-on: ubuntu-20.04 | |
needs: [init,tests] | |
steps: | |
- name: Install Dependencies | |
run: | | |
sudo apt update | |
sudo apt install -y notary | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Download "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker image artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ matrix.image-variant }} | |
path: /tmp | |
- name: Load Docker image | |
run: | | |
docker load --input /tmp/final.tar | |
docker image ls -a | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
registry: docker.io | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" | |
uses: sudo-bot/action-docker-sign@latest | |
with: | |
image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" | |
private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" | |
private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} | |
private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} | |
- name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }}" | |
uses: sudo-bot/action-docker-sign@latest | |
with: | |
image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }}" | |
private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" | |
private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} | |
private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} | |
- name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }}" | |
uses: sudo-bot/action-docker-sign@latest | |
with: | |
image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }}" | |
private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" | |
private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} | |
private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} | |
- name: Check Docker Images pull's | |
run: | | |
docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} | |
docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }} | |
docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }} | |
sign-prd: | |
strategy: | |
max-parallel: 1 | |
matrix: | |
image-variant: [fpm-prd,apache-prd,nginx-prd,cli-prd] | |
runs-on: ubuntu-20.04 | |
needs: [init,tests] | |
steps: | |
- name: Install Dependencies | |
run: | | |
sudo apt update | |
sudo apt install -y notary | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Download "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker image artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ matrix.image-variant }} | |
path: /tmp | |
- name: Load Docker image | |
run: | | |
docker load --input /tmp/final.tar | |
docker image ls -a | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
registry: docker.io | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Prepare Sign Workflow Step | |
id: prep-sign | |
run: | | |
echo "image-flavor=${IMAGE_VARIANT%-*}" >> $GITHUB_OUTPUT | |
env: | |
IMAGE_VARIANT: ${{ matrix.image-variant }} | |
- name: Tag docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} for release" | |
id: prep-sign-tagging | |
run: | | |
docker tag ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} \ | |
${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ steps.prep-sign.outputs.image-flavor }} | |
docker tag ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }} \ | |
${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ steps.prep-sign.outputs.image-flavor }} | |
docker tag ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }} \ | |
${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ steps.prep-sign.outputs.image-flavor }} | |
- name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" | |
uses: sudo-bot/action-docker-sign@latest | |
with: | |
image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" | |
private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" | |
private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} | |
private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} | |
- name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ steps.prep-sign.outputs.image-flavor }}" | |
uses: sudo-bot/action-docker-sign@latest | |
with: | |
image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ steps.prep-sign.outputs.image-flavor }}" | |
private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" | |
private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} | |
private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} | |
- name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }}" | |
uses: sudo-bot/action-docker-sign@latest | |
with: | |
image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }}" | |
private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" | |
private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} | |
private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} | |
- name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ steps.prep-sign.outputs.image-flavor }}" | |
uses: sudo-bot/action-docker-sign@latest | |
with: | |
image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ steps.prep-sign.outputs.image-flavor }}" | |
private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" | |
private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} | |
private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} | |
- name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }}" | |
uses: sudo-bot/action-docker-sign@latest | |
with: | |
image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }}" | |
private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" | |
private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} | |
private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} | |
- name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ steps.prep-sign.outputs.image-flavor }}" | |
uses: sudo-bot/action-docker-sign@latest | |
with: | |
image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ steps.prep-sign.outputs.image-flavor }}" | |
private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" | |
private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} | |
private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} | |
- name: Check Docker Images pull's | |
run: | | |
docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} | |
docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ steps.prep-sign.outputs.image-flavor }} | |
docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }} | |
docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ steps.prep-sign.outputs.image-flavor }} | |
docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }} | |
docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ steps.prep-sign.outputs.image-flavor }} | |
cleanup: | |
strategy: | |
matrix: | |
image-variant: [fpm-prd,apache-prd,nginx-prd,cli-prd,fpm-dev,apache-dev,nginx-dev,cli-dev] | |
runs-on: ubuntu-20.04 | |
needs: [sign-prd,sign-dev] | |
steps: | |
- uses: geekyeggo/delete-artifact@v5 | |
with: | |
name: ${{ matrix.image-variant }} | |
failOnError: false |