Skip to content

feat: pin 3rd party php extensions #437

feat: pin 3rd party php extensions

feat: pin 3rd party php extensions #437

Workflow file for this run

name: Build
on:
workflow_dispatch:
push:
branches:
- main
pull_request:
schedule:
- cron: '10 4 * * *'
concurrency:
group: "${{ github.ref }}"
cancel-in-progress: true
env:
DOCKER_BUILDKIT: 1
COSIGN_EXPERIMENTAL: 1
permissions:
contents: write
id-token: write
packages: write
pull-requests: write
jobs:
generate-matrix:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.generate-matrix.outputs.matrix }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Generate Matrix
id: generate-matrix
run: |
MATRIX=$(php matrix.php)
echo "matrix<<EOF" >> $GITHUB_OUTPUT
echo "$MATRIX" >> $GITHUB_OUTPUT
echo 'EOF' >> $GITHUB_OUTPUT
fpm:
name: PHP FPM ${{ matrix.php }}
runs-on: shopware-arm64
container:
image: ghcr.io/catthehacker/ubuntu:act-22.04
needs: [generate-matrix]
strategy: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Login into Docker Hub
if: github.ref == 'refs/heads/main'
run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
- name: Login into Github Docker Registery
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Build and Push
uses: docker/build-push-action@v6
with:
tags: |
${{ matrix.fpm-tags }}
context: fpm
cache-from: type=gha,scope=fpm-${{ matrix.php }}
cache-to: type=gha,mode=max,scope=fpm-${{ matrix.php }}
platforms: linux/arm64,linux/amd64
build-args: |
PHP_PATCH_VERSION=${{ matrix.phpPatch }}
PHP_DIGEST=${{ matrix.phpPatchDigest }}
push: true
provenance: false
fpm-otel:
name: PHP FPM ${{ matrix.php }} with OpenTelemetry
runs-on: shopware-arm64
container:
image: ghcr.io/catthehacker/ubuntu:act-22.04
needs: [generate-matrix, fpm]
strategy: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Login into Docker Hub
if: github.ref == 'refs/heads/main'
run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
- name: Login into Github Docker Registery
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Build and Push
uses: docker/build-push-action@v6
with:
tags: |
${{ matrix.fpm-tags-otel }}
context: fpm-otel
platforms: linux/amd64,linux/arm64
cache-from: type=gha,scope=fpm-otel-${{ matrix.php }}
cache-to: type=gha,mode=max,scope=fpm-otel-${{ matrix.php }}
build-args: |
FPM_IMAGE=${{ matrix.fpm-image }}
push: true
provenance: false
caddy:
name: Build Caddy with ${{ matrix.php }}
runs-on: ubuntu-latest
needs: [generate-matrix, fpm]
strategy: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Login into Docker Hub
if: github.ref == 'refs/heads/main'
run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
- name: Login into Github Docker Registery
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and Push
uses: docker/build-push-action@v6
with:
tags: |
${{ matrix.caddy-tags }}
context: caddy
cache-from: type=registry,ref=ghcr.io/shopware/docker-cache:${{ matrix.php }}-caddy
cache-to: type=registry,ref=ghcr.io/shopware/docker-cache:${{ matrix.php }}-caddy,mode=max
platforms: linux/amd64,linux/arm64
build-args: |
FPM_IMAGE=${{ matrix.fpm-image }}
push: true
provenance: false
caddy-otel:
name: Build Caddy ${{ matrix.php }} with OpenTelemetry
runs-on: ubuntu-latest
needs: [fpm-otel, generate-matrix]
strategy: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Login into Docker Hub
run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
- name: Login into Github Docker Registery
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and Push
uses: docker/build-push-action@v6
with:
tags: |
${{ matrix.caddy-tags-otel }}
context: caddy
platforms: linux/amd64,linux/arm64
build-args: |
FPM_IMAGE=${{ matrix.fpm-image }}-otel
push: true
provenance: false
check:
name: Test Image
runs-on: ubuntu-latest
needs: [caddy]
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Checkout example repo
uses: actions/checkout@v4
with:
repository: shopwareLabs/example-docker-repository
- name: Build main branch
if: github.ref == 'refs/heads/main'
run: docker compose build --build-arg BASE_IMAGE=ghcr.io/shopware/docker-base:8.3-caddy
env:
DOCKER_BUILDKIT: 0
- name: Build PR
if: github.ref != 'refs/heads/main'
run: docker compose build --build-arg BASE_IMAGE=ghcr.io/shopware/docker-base-ci-test:${{ github.run_id }}-8.3-caddy
env:
DOCKER_BUILDKIT: 0
- name: Run image
env:
DOCKER_BUILDKIT: 0
run: docker compose up -d --wait
- name: Wait for Webserver reachable
run: |
attempt_counter=0
max_attempts=5
until $(curl --output /dev/null --silent --head --fail localhost:8000/admin); do
if [ ${attempt_counter} -eq ${max_attempts} ];then
echo "Max attempts reached"
exit 1
fi
printf '.'
attempt_counter=$(($attempt_counter+1))
sleep 5
done
- name: Check if shopware is running
run: curl --fail localhost:8000/admin
# output logs if failed
- name: Output logs
run: docker compose logs
if: ${{ failure() }}