diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 099cd26..981e3ab 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -12,7 +12,6 @@ env: DOCKER_BUILDKIT: 1 COSIGN_EXPERIMENTAL: 1 - permissions: contents: write id-token: write @@ -36,8 +35,8 @@ jobs: echo "$MATRIX" >> $GITHUB_OUTPUT echo 'EOF' >> $GITHUB_OUTPUT - build-fpm-amd64: - name: PHP FPM ${{ matrix.php }} on amd64 + fpm-amd64: + name: PHP FPM ${{ matrix.php }} (amd64) runs-on: ubuntu-latest needs: [generate-matrix] strategy: ${{ fromJson(needs.generate-matrix.outputs.matrix) }} @@ -51,7 +50,8 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - uses: docker/build-push-action@v6 + - name: Build and Push + uses: docker/build-push-action@v6 with: tags: ${{ matrix.fpm-image }}-amd64 context: fpm @@ -64,21 +64,12 @@ jobs: push: true provenance: false - build-fpm-arm64: - name: PHP FPM ${{ matrix.php }} on arm64 - runs-on: shopware-arm64 - container: ghcr.io/catthehacker/ubuntu:act-22.04 - env: - DOCKER_HOST: localhost:2375 - services: - docker: - image: docker:23-dind + fpm-arm64: + name: PHP FPM ${{ matrix.php }} (arm64) + runs-on: github-hosted-arm64 needs: [generate-matrix] strategy: ${{ fromJson(needs.generate-matrix.outputs.matrix) }} steps: - - name: wait for docker to be available - run: while ! docker info 2>&1 >/dev/null; do sleep 1; done - - name: Checkout uses: actions/checkout@v4 @@ -88,63 +79,54 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - uses: docker/build-push-action@v6 + - name: Build and Push + uses: docker/build-push-action@v6 with: tags: ${{ matrix.fpm-image }}-arm64 context: fpm - platforms: linux/arm64 cache-from: type=gha,scope=fpm-${{ matrix.php }}-arm64 cache-to: type=gha,mode=max,scope=fpm-${{ matrix.php }}-arm64 + platforms: linux/arm64 build-args: | PHP_PATCH_VERSION=${{ matrix.phpPatch }} PHP_DIGEST=${{ matrix.phpPatchDigest }} push: true provenance: false - fpm-merge: - name: Generate Docker Manifest for PHP ${{ matrix.php }} + fpm: + name: Merge FPM Manifest runs-on: ubuntu-latest - needs: [generate-matrix, build-fpm-amd64, build-fpm-arm64] + needs: [fpm-amd64, fpm-arm64, generate-matrix] strategy: ${{ fromJson(needs.generate-matrix.outputs.matrix) }} steps: - name: Login into Docker Hub + if: github.ref == 'refs/heads/main' run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin - name: Login into Github Docker Registery run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin - - name: Install Cosign - uses: sigstore/cosign-installer@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - - name: Install Regclient + - name: Create Manifest run: | - wget https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 - chmod +x regctl-linux-amd64 - - - run: docker manifest create ${{ matrix.fpm-image }} --amend ${{ matrix.fpm-image }}-amd64 --amend ${{ matrix.fpm-image }}-arm64 - - - run: docker manifest push ${{ matrix.fpm-image }} - - - run: cosign sign --yes ${{ matrix.fpm-image }} - - - run: docker manifest create ${{ matrix.fpm-patch-image }} --amend ${{ matrix.fpm-image }}-amd64 --amend ${{ matrix.fpm-image }}-arm64 - - - run: docker manifest push ${{ matrix.fpm-patch-image }} - - - run: cosign sign --yes ${{ matrix.fpm-patch-image }} - - - if: github.ref == 'refs/heads/main' - run: ./regctl-linux-amd64 image copy ${{ matrix.fpm-image }} ${{ matrix.fpm-hub-image }} - - - if: github.ref == 'refs/heads/main' - run: ./regctl-linux-amd64 image copy ${{ matrix.fpm-patch-image }} ${{ matrix.fpm-patch-hub-image }} + for image in ${{ matrix.fpm-tags }}; do + docker manifest create $image ${{ matrix.fpm-image }}-amd64 ${{ matrix.fpm-image }}-arm64 + docker manifest push $image + done fpm-otel: - name: FPM with OpenTelemetry + name: PHP FPM ${{ matrix.php }} with OpenTelemetry runs-on: ubuntu-latest - needs: [fpm-merge] + needs: [generate-matrix, fpm] + strategy: ${{ fromJson(needs.generate-matrix.outputs.matrix) }} steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Login into Docker Hub + if: github.ref == 'refs/heads/main' run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin - name: Login into Github Docker Registery @@ -155,35 +137,32 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - - name: Install Cosign - uses: sigstore/cosign-installer@v3 - - - name: Install Regclient - run: | - wget https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 - chmod +x regctl-linux-amd64 - - uses: docker/build-push-action@v6 + - name: Build and Push + uses: docker/build-push-action@v6 with: - tags: ${{ matrix.fpm-image }}-otel + tags: | + ${{ matrix.fpm-tags-otel }} context: fpm-otel platforms: linux/amd64,linux/arm64 + cache-from: type=gha,scope=fpm-otel-${{ matrix.php }} + cache-to: type=gha,mode=max,scope=fpm-otel-${{ matrix.php }} build-args: | FPM_IMAGE=${{ matrix.fpm-image }} push: true provenance: false caddy: - name: Build Caddy ${{ matrix.php }} + name: Build Caddy with ${{ matrix.php }} runs-on: ubuntu-latest - needs: [generate-matrix, fpm-merge] + needs: [generate-matrix, fpm] strategy: ${{ fromJson(needs.generate-matrix.outputs.matrix) }} steps: - name: Checkout uses: actions/checkout@v4 - name: Login into Docker Hub + if: github.ref == 'refs/heads/main' run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin - name: Login into Github Docker Registery @@ -192,7 +171,8 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - uses: docker/build-push-action@v6 + - name: Build and Push + uses: docker/build-push-action@v6 with: tags: | ${{ matrix.caddy-tags }} @@ -220,7 +200,7 @@ jobs: caddy-otel: name: Build Caddy ${{ matrix.php }} with OpenTelemetry runs-on: ubuntu-latest - needs: [fpm-otel] + needs: [fpm-otel, generate-matrix] strategy: ${{ fromJson(needs.generate-matrix.outputs.matrix) }} steps: - name: Checkout @@ -235,7 +215,8 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - uses: docker/build-push-action@v6 + - name: Build and Push + uses: docker/build-push-action@v6 with: tags: | ${{ matrix.caddy-tags-otel }} diff --git a/matrix.php b/matrix.php index ccd9883..6c28175 100644 --- a/matrix.php +++ b/matrix.php @@ -90,6 +90,16 @@ function get_digest_of_image(string $imageName, string $tag): string { 'ghcr.io/shopware/docker-base' . $imageSuffix . ':' . $imageTagPrefix . $patchVersion['version'] . '-caddy-otel', ]; + $fpmImages = [ + 'ghcr.io/shopware/docker-base' . $imageSuffix . ':' . $imageTagPrefix . $supportedVersion . '-fpm', + 'ghcr.io/shopware/docker-base' . $imageSuffix . ':' . $imageTagPrefix . $patchVersion['version'] . '-fpm' + ]; + + $fpmImagesOtel = [ + 'ghcr.io/shopware/docker-base' . $imageSuffix . ':' . $imageTagPrefix . $supportedVersion . '-fpm-otel', + 'ghcr.io/shopware/docker-base' . $imageSuffix . ':' . $imageTagPrefix . $patchVersion['version'] . '-fpm-otel' + ]; + if ($_SERVER['GITHUB_REF'] === 'refs/heads/main') { $caddyImages = array_merge($caddyImages, [ 'shopware/docker-base:' . $imageTagPrefix . $supportedVersion, @@ -102,17 +112,25 @@ function get_digest_of_image(string $imageName, string $tag): string { 'shopware/docker-base:' . $imageTagPrefix . $supportedVersion . '-caddy-otel', 'shopware/docker-base:' . $imageTagPrefix . $patchVersion['version'] . '-caddy-otel', ]); + + $fpmImages = array_merge($fpmImages, [ + 'shopware/docker-base:' . $imageTagPrefix . $supportedVersion . '-fpm', + 'shopware/docker-base:' . $imageTagPrefix . $patchVersion['version'] . '-fpm' + ]); + + $fpmImagesOtel = array_merge($fpmImages, [ + 'shopware/docker-base:' . $imageTagPrefix . $supportedVersion . '-fpm-otel', + 'shopware/docker-base:' . $imageTagPrefix . $patchVersion['version'] . '-fpm-otel' + ]); } $data[] = [ 'php' => $supportedVersion, 'phpPatch' => $patchVersion['version'], 'phpPatchDigest' => $phpDigest, - 'base-image' => 'ghcr.io/shopware/docker-base' . $imageSuffix . ':' . $imageTagPrefix . $supportedVersion, 'fpm-image' => 'ghcr.io/shopware/docker-base' . $imageSuffix . ':' . $imageTagPrefix . $supportedVersion . '-fpm', - 'fpm-patch-image' => 'ghcr.io/shopware/docker-base' . $imageSuffix . ':' . $imageTagPrefix . $patchVersion['version'] . '-fpm', - 'fpm-hub-image' => 'shopware/docker-base:' . $imageTagPrefix . $supportedVersion . '-fpm', - 'fpm-patch-hub-image' => 'shopware/docker-base:' . $imageTagPrefix . $patchVersion['version'] . '-fpm', + 'fpm-tags' => implode(" ", $fpmImages), + 'fpm-tags-otel' => implode("\n", $fpmImagesOtel), 'caddy-tags' => implode("\n", $caddyImages), 'caddy-tags-otel' => implode("\n", $caddyImagesOtel), 'scan-tag' => $caddyImages[0],