From e6aed95b00c538f00e8873c44c75832cee48c9b4 Mon Sep 17 00:00:00 2001 From: Zed Spencer-Milnes Date: Mon, 19 May 2025 18:40:56 +0100 Subject: [PATCH 1/8] Produce and publish multi-platform (linux/amd64 and linux/arm64) container images --- .github/workflows/docker-hub.yml | 237 +++++++++++++--- .../workflows/github-container-registry.yml | 245 ++++++++++++---- images/5.2/cli/Dockerfile | 4 +- images/5.2/phpunit/Dockerfile | 4 +- images/5.3/cli/Dockerfile | 4 +- images/5.3/phpunit/Dockerfile | 4 +- images/5.4/cli/Dockerfile | 4 +- images/5.4/phpunit/Dockerfile | 4 +- images/5.5/cli/Dockerfile | 4 +- images/5.5/phpunit/Dockerfile | 4 +- images/5.6.20/cli/Dockerfile | 4 +- images/5.6.20/phpunit/Dockerfile | 4 +- images/5.6/cli/Dockerfile | 4 +- images/5.6/phpunit/Dockerfile | 4 +- images/7.0/cli/Dockerfile | 4 +- images/7.0/phpunit/Dockerfile | 4 +- images/7.1/cli/Dockerfile | 4 +- images/7.1/phpunit/Dockerfile | 4 +- images/7.2/cli/Dockerfile | 4 +- images/7.2/phpunit/Dockerfile | 4 +- images/7.3/cli/Dockerfile | 4 +- images/7.3/phpunit/Dockerfile | 4 +- images/7.4/cli/Dockerfile | 4 +- images/7.4/phpunit/Dockerfile | 4 +- images/8.0/cli/Dockerfile | 4 +- images/8.0/phpunit/Dockerfile | 4 +- images/8.1/cli/Dockerfile | 4 +- images/8.1/phpunit/Dockerfile | 4 +- images/8.2/cli/Dockerfile | 4 +- images/8.2/phpunit/Dockerfile | 4 +- images/8.3/cli/Dockerfile | 4 +- images/8.3/phpunit/Dockerfile | 4 +- images/8.4/cli/Dockerfile | 4 +- images/8.4/phpunit/Dockerfile | 4 +- templates/Dockerfile-cli.template | 4 +- templates/Dockerfile-phpunit.template | 4 +- templates/workflow.yml-template | 261 ++++++++++++++---- 37 files changed, 668 insertions(+), 211 deletions(-) diff --git a/.github/workflows/docker-hub.yml b/.github/workflows/docker-hub.yml index 47e5cc2a..0bef8c7f 100644 --- a/.github/workflows/docker-hub.yml +++ b/.github/workflows/docker-hub.yml @@ -22,10 +22,6 @@ on: - cron: '0 0 * * 0' env: - REGISTRY_USERNAME: garypendergast - REGISTRY_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - PACKAGE_REGISTRY_HOST: - PACKAGE_REGISTRY: wordpressdevelop PR_TAG: @@ -39,71 +35,222 @@ concurrency: jobs: build-php-images: - name: PHP ${{ matrix.php }} Image - runs-on: ubuntu-latest + name: PHP ${{ matrix.php }} (${{ matrix.arch.type }}) Image + runs-on: ${{ matrix.arch.runner }} strategy: + fail-fast: false matrix: php: [ '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4' ] - env: - PHP_VERSION: ${{ matrix.php }} - PHP_LATEST: '8.2' + arch: + - type: linux/amd64 + runner: ubuntu-24.04 + - type: linux/arm64 + runner: ubuntu-24.04-arm steps: - - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Login to the package registry + - name: Prepare run: | - echo "$REGISTRY_PASSWORD" | docker login $PACKAGE_REGISTRY_HOST -u "$REGISTRY_USERNAME" --password-stdin + platform=php-${{ matrix.php }}-${{ matrix.arch.type }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Docker meta + id: meta + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # 5.7.0 + with: + images: ${{ vars.DOCKERHUB_PHP_IMAGE }} + - name: Login to Registry + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # 3.4.0 + with: + - - name: Build Docker image - run: docker build --build-arg PACKAGE_REGISTRY=$PACKAGE_REGISTRY --build-arg PR_TAG=$PR_TAG -t $PACKAGE_REGISTRY/php:$PHP_VERSION-fpm$PR_TAG images/$PHP_VERSION/php + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Log Docker images - run: docker images - - name: Push Docker image - run: docker push $PACKAGE_REGISTRY/php:$PHP_VERSION-fpm$PR_TAG + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # 3.10.0 - - name: Push image as latest - if: ${{ env.PHP_LATEST == env.PHP_VERSION }} + - name: Build and push by digest + id: build + uses: docker/build-push-action@v6 + with: + platforms: ${{ matrix.arch.type }} + labels: ${{ steps.meta.outputs.labels }} + tags: ${{ vars.DOCKERHUB_PHP_IMAGE }} + outputs: type=image,push-by-digest=true,name-canonical=true,push=true + context: "{{defaultContext}}:images/${{ matrix.php }}/php" + build-args: | + PR_TAG=${{ env.PR_TAG }} + + - name: Export digest run: | - docker image tag $PACKAGE_REGISTRY/php:$PHP_VERSION-fpm$PR_TAG $PACKAGE_REGISTRY/php:latest$PR_TAG - docker images - docker push $PACKAGE_REGISTRY/php:latest$PR_TAG + mkdir -p ${{ runner.temp }}/digests + digest="${{ steps.build.outputs.digest }}" + touch "${{ runner.temp }}/digests/${digest#sha256:}" - build-cli-images: - name: CLI on PHP ${{ matrix.php }} + - name: Upload digest + uses: actions/upload-artifact@v4 + with: + name: digests-${{ env.PLATFORM_PAIR }} + path: ${{ runner.temp }}/digests/* + if-no-files-found: error + retention-days: 1 + + complete-php-images-platform: + name: Package multi-arch container image for PHP ${{ matrix.php }} runs-on: ubuntu-latest - needs: build-php-images strategy: + fail-fast: false matrix: php: [ '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4' ] + needs: + - build-php-images + steps: + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: ${{ runner.temp }}/digests + pattern: digests-php-${{ matrix.php }}-* + merge-multiple: true + + - name: Login to Registry + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # 3.4.0 + with: + + + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - env: - PHP_VERSION: ${{ matrix.php }} - PHP_LATEST: '8.2' + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # 3.10.0 + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ vars.DOCKERHUB_PHP_IMAGE }} + tags: | + type=raw,value=${{ matrix.php }}-fpm${{ env.PR_TAG }} + type=raw,value=latest${{ env.PR_TAG }},enable=${{ '8.2' == matrix.php }} + + - name: Create manifest list and push + working-directory: ${{ runner.temp }}/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ vars.DOCKERHUB_PHP_IMAGE }}@sha256:%s ' *) + + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ vars.DOCKERHUB_PHP_IMAGE }}:${{ steps.meta.outputs.version }} + + build-cli-images: + name: Build CLI on PHP ${{ matrix.php }} (${{ matrix.arch.type }}) + runs-on: ${{ matrix.arch.runner }} + needs: complete-php-images-platform + strategy: + fail-fast: false + matrix: + php: [ '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4' ] + arch: + - type: linux/amd64 + runner: ubuntu-24.04 + - type: linux/arm64 + runner: ubuntu-24.04-arm steps: - - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: Prepare + run: | + platform=cli-${{ matrix.php }}-${{ matrix.arch.type }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Docker meta + id: meta + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # 5.7.0 + with: + images: ${{ vars.DOCKERHUB_CLI_IMAGE }} + - name: Login to Registry + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # 3.4.0 + with: + + + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # 3.10.0 - - name: Login to the package registry + - name: Build and push by digest + id: build + uses: docker/build-push-action@v6 + with: + platforms: ${{ matrix.arch.type }} + labels: ${{ steps.meta.outputs.labels }} + tags: ${{ vars.DOCKERHUB_CLI_IMAGE }} + outputs: type=image,push-by-digest=true,name-canonical=true,push=true + context: "{{defaultContext}}:images/${{ matrix.php }}/cli" + build-args: | + PHP_BASE_IMAGE=${{ vars.DOCKERHUB_PHP_IMAGE }} + PR_TAG=${{ env.PR_TAG }} + + - name: Export digest run: | - echo "$REGISTRY_PASSWORD" | docker login $PACKAGE_REGISTRY_HOST -u "$REGISTRY_USERNAME" --password-stdin + mkdir -p ${{ runner.temp }}/digests + digest="${{ steps.build.outputs.digest }}" + touch "${{ runner.temp }}/digests/${digest#sha256:}" - - name: Build Docker image - run: docker build --build-arg PACKAGE_REGISTRY=$PACKAGE_REGISTRY --build-arg PR_TAG=$PR_TAG -t $PACKAGE_REGISTRY/cli:$PHP_VERSION-fpm$PR_TAG images/$PHP_VERSION/cli + - name: Upload digest + uses: actions/upload-artifact@v4 + with: + name: digests-${{ env.PLATFORM_PAIR }} + path: ${{ runner.temp }}/digests/* + if-no-files-found: error + retention-days: 1 - - name: Log Docker images - run: docker images - - name: Push Docker image - run: docker push $PACKAGE_REGISTRY/cli:$PHP_VERSION-fpm$PR_TAG + complete-cli-images-platform: + name: Package multi-arch container image for CLI ${{ matrix.php }} + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + php: [ '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4' ] + needs: + - build-cli-images + steps: + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: ${{ runner.temp }}/digests + pattern: digests-cli-${{ matrix.php }}-* + merge-multiple: true + + - name: Login to Registry + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # 3.4.0 + with: + + + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # 3.10.0 + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ vars.DOCKERHUB_CLI_IMAGE }} + tags: | + type=raw,value=${{ matrix.php }}-fpm${{ env.PR_TAG }} + type=raw,value=latest${{ env.PR_TAG }},enable=${{ '8.2' == matrix.php }} + + - name: Create manifest list and push + working-directory: ${{ runner.temp }}/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ vars.DOCKERHUB_CLI_IMAGE }}@sha256:%s ' *) - - name: Push image as latest - if: ${{ env.PHP_LATEST == env.PHP_VERSION }} + - name: Inspect image run: | - docker image tag $PACKAGE_REGISTRY/cli:$PHP_VERSION-fpm$PR_TAG $PACKAGE_REGISTRY/cli:latest$PR_TAG - docker push $PACKAGE_REGISTRY/cli:latest$PR_TAG + docker buildx imagetools inspect ${{ vars.DOCKERHUB_CLI_IMAGE }}:${{ steps.meta.outputs.version }} diff --git a/.github/workflows/github-container-registry.yml b/.github/workflows/github-container-registry.yml index 7f5c6f68..58480d7f 100644 --- a/.github/workflows/github-container-registry.yml +++ b/.github/workflows/github-container-registry.yml @@ -13,10 +13,6 @@ on: workflow_dispatch: env: - REGISTRY_USERNAME: desrosj - REGISTRY_PASSWORD: ${{ secrets.GHCR_TOKEN }} - PACKAGE_REGISTRY_HOST: ghcr.io - PACKAGE_REGISTRY: ghcr.io/wordpress/wpdev-docker-images PR_TAG: -${{ github.event.number }} # Cancels all previous workflow runs for pull requests that have not completed. @@ -34,10 +30,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup PHP - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v.2.31.1 + uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v.2.33.0 with: php-version: 'latest' @@ -48,71 +44,226 @@ jobs: run: git diff --exit-code build-php-images: - name: PHP ${{ matrix.php }} Image - runs-on: ubuntu-latest + name: PHP ${{ matrix.php }} (${{ matrix.arch.type }}) Image + runs-on: ${{ matrix.arch.runner }} needs: [ check-for-changes ] strategy: + fail-fast: false matrix: php: [ '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4' ] - env: - PHP_VERSION: ${{ matrix.php }} - PHP_LATEST: '8.2' + arch: + - type: linux/amd64 + runner: ubuntu-24.04 + - type: linux/arm64 + runner: ubuntu-24.04-arm steps: - - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Login to the package registry + - name: Prepare run: | - echo "$REGISTRY_PASSWORD" | docker login $PACKAGE_REGISTRY_HOST -u "$REGISTRY_USERNAME" --password-stdin + platform=php-${{ matrix.php }}-${{ matrix.arch.type }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Docker meta + id: meta + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # 5.7.0 + with: + images: ${{ vars.GHCR_PHP_IMAGE }} + - name: Login to Registry + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # 3.4.0 + with: + + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - - name: Build Docker image - run: docker build --build-arg PACKAGE_REGISTRY=$PACKAGE_REGISTRY --build-arg PR_TAG=$PR_TAG -t $PACKAGE_REGISTRY/php:$PHP_VERSION-fpm$PR_TAG images/$PHP_VERSION/php - - name: Log Docker images - run: docker images + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # 3.10.0 - - name: Push Docker image - run: docker push $PACKAGE_REGISTRY/php:$PHP_VERSION-fpm$PR_TAG + - name: Build and push by digest + id: build + uses: docker/build-push-action@v6 + with: + platforms: ${{ matrix.arch.type }} + labels: ${{ steps.meta.outputs.labels }} + tags: ${{ vars.GHCR_PHP_IMAGE }} + outputs: type=image,push-by-digest=true,name-canonical=true,push=true + context: "{{defaultContext}}:images/${{ matrix.php }}/php" + build-args: | + PR_TAG=${{ env.PR_TAG }} - - name: Push image as latest - if: ${{ env.PHP_LATEST == env.PHP_VERSION }} + - name: Export digest run: | - docker image tag $PACKAGE_REGISTRY/php:$PHP_VERSION-fpm$PR_TAG $PACKAGE_REGISTRY/php:latest$PR_TAG - docker images - docker push $PACKAGE_REGISTRY/php:latest$PR_TAG + mkdir -p ${{ runner.temp }}/digests + digest="${{ steps.build.outputs.digest }}" + touch "${{ runner.temp }}/digests/${digest#sha256:}" - build-cli-images: - name: CLI on PHP ${{ matrix.php }} + - name: Upload digest + uses: actions/upload-artifact@v4 + with: + name: digests-${{ env.PLATFORM_PAIR }} + path: ${{ runner.temp }}/digests/* + if-no-files-found: error + retention-days: 1 + + complete-php-images-platform: + name: Package multi-arch container image for PHP ${{ matrix.php }} runs-on: ubuntu-latest - needs: build-php-images strategy: + fail-fast: false matrix: php: [ '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4' ] + needs: + - build-php-images + steps: + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: ${{ runner.temp }}/digests + pattern: digests-php-${{ matrix.php }}-* + merge-multiple: true + + - name: Login to Registry + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # 3.4.0 + with: + + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # 3.10.0 - env: - PHP_VERSION: ${{ matrix.php }} - PHP_LATEST: '8.2' + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ vars.GHCR_PHP_IMAGE }} + tags: | + type=raw,value=${{ matrix.php }}-fpm${{ env.PR_TAG }} + type=raw,value=latest${{ env.PR_TAG }},enable=${{ '8.2' == matrix.php }} + + - name: Create manifest list and push + working-directory: ${{ runner.temp }}/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ vars.GHCR_PHP_IMAGE }}@sha256:%s ' *) + + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ vars.GHCR_PHP_IMAGE }}:${{ steps.meta.outputs.version }} + + build-cli-images: + name: Build CLI on PHP ${{ matrix.php }} (${{ matrix.arch.type }}) + runs-on: ${{ matrix.arch.runner }} + needs: complete-php-images-platform + strategy: + fail-fast: false + matrix: + php: [ '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4' ] + arch: + - type: linux/amd64 + runner: ubuntu-24.04 + - type: linux/arm64 + runner: ubuntu-24.04-arm steps: - - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: Prepare + run: | + platform=cli-${{ matrix.php }}-${{ matrix.arch.type }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Docker meta + id: meta + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # 5.7.0 + with: + images: ${{ vars.GHCR_CLI_IMAGE }} + - name: Login to Registry + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # 3.4.0 + with: + + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # 3.10.0 - - name: Login to the package registry + - name: Build and push by digest + id: build + uses: docker/build-push-action@v6 + with: + platforms: ${{ matrix.arch.type }} + labels: ${{ steps.meta.outputs.labels }} + tags: ${{ vars.GHCR_CLI_IMAGE }} + outputs: type=image,push-by-digest=true,name-canonical=true,push=true + context: "{{defaultContext}}:images/${{ matrix.php }}/cli" + build-args: | + PHP_BASE_IMAGE=${{ vars.GHCR_PHP_IMAGE }} + PR_TAG=${{ env.PR_TAG }} + + - name: Export digest run: | - echo "$REGISTRY_PASSWORD" | docker login $PACKAGE_REGISTRY_HOST -u "$REGISTRY_USERNAME" --password-stdin + mkdir -p ${{ runner.temp }}/digests + digest="${{ steps.build.outputs.digest }}" + touch "${{ runner.temp }}/digests/${digest#sha256:}" - - name: Build Docker image - run: docker build --build-arg PACKAGE_REGISTRY=$PACKAGE_REGISTRY --build-arg PR_TAG=$PR_TAG -t $PACKAGE_REGISTRY/cli:$PHP_VERSION-fpm$PR_TAG images/$PHP_VERSION/cli + - name: Upload digest + uses: actions/upload-artifact@v4 + with: + name: digests-${{ env.PLATFORM_PAIR }} + path: ${{ runner.temp }}/digests/* + if-no-files-found: error + retention-days: 1 - - name: Log Docker images - run: docker images - - name: Push Docker image - run: docker push $PACKAGE_REGISTRY/cli:$PHP_VERSION-fpm$PR_TAG + complete-cli-images-platform: + name: Package multi-arch container image for CLI ${{ matrix.php }} + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + php: [ '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4' ] + needs: + - build-cli-images + steps: + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: ${{ runner.temp }}/digests + pattern: digests-cli-${{ matrix.php }}-* + merge-multiple: true + + - name: Login to Registry + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # 3.4.0 + with: + + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # 3.10.0 + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ vars.GHCR_CLI_IMAGE }} + tags: | + type=raw,value=${{ matrix.php }}-fpm${{ env.PR_TAG }} + type=raw,value=latest${{ env.PR_TAG }},enable=${{ '8.2' == matrix.php }} + + - name: Create manifest list and push + working-directory: ${{ runner.temp }}/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ vars.GHCR_CLI_IMAGE }}@sha256:%s ' *) - - name: Push image as latest - if: ${{ env.PHP_LATEST == env.PHP_VERSION }} + - name: Inspect image run: | - docker image tag $PACKAGE_REGISTRY/cli:$PHP_VERSION-fpm$PR_TAG $PACKAGE_REGISTRY/cli:latest$PR_TAG - docker push $PACKAGE_REGISTRY/cli:latest$PR_TAG + docker buildx imagetools inspect ${{ vars.GHCR_CLI_IMAGE }}:${{ steps.meta.outputs.version }} diff --git a/images/5.2/cli/Dockerfile b/images/5.2/cli/Dockerfile index ef088a6b..58b2779f 100644 --- a/images/5.2/cli/Dockerfile +++ b/images/5.2/cli/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:5.2-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:5.2-fpm$PR_TAG ########################################################################## # diff --git a/images/5.2/phpunit/Dockerfile b/images/5.2/phpunit/Dockerfile index ef6d5e5c..7a6e6f87 100644 --- a/images/5.2/phpunit/Dockerfile +++ b/images/5.2/phpunit/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:5.2-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:5.2-fpm$PR_TAG ########################################################################## # diff --git a/images/5.3/cli/Dockerfile b/images/5.3/cli/Dockerfile index e363544c..f32c5bb5 100644 --- a/images/5.3/cli/Dockerfile +++ b/images/5.3/cli/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:5.3-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:5.3-fpm$PR_TAG ########################################################################## # diff --git a/images/5.3/phpunit/Dockerfile b/images/5.3/phpunit/Dockerfile index 8d057aa0..f1a12306 100644 --- a/images/5.3/phpunit/Dockerfile +++ b/images/5.3/phpunit/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:5.3-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:5.3-fpm$PR_TAG ########################################################################## # diff --git a/images/5.4/cli/Dockerfile b/images/5.4/cli/Dockerfile index 292b79a8..ab7767b2 100644 --- a/images/5.4/cli/Dockerfile +++ b/images/5.4/cli/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:5.4-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:5.4-fpm$PR_TAG ########################################################################## # diff --git a/images/5.4/phpunit/Dockerfile b/images/5.4/phpunit/Dockerfile index e47b095c..ba35407f 100644 --- a/images/5.4/phpunit/Dockerfile +++ b/images/5.4/phpunit/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:5.4-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:5.4-fpm$PR_TAG ########################################################################## # diff --git a/images/5.5/cli/Dockerfile b/images/5.5/cli/Dockerfile index 90a56556..c709a21b 100644 --- a/images/5.5/cli/Dockerfile +++ b/images/5.5/cli/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:5.5-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:5.5-fpm$PR_TAG ########################################################################## # diff --git a/images/5.5/phpunit/Dockerfile b/images/5.5/phpunit/Dockerfile index 0da67919..61b507ac 100644 --- a/images/5.5/phpunit/Dockerfile +++ b/images/5.5/phpunit/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:5.5-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:5.5-fpm$PR_TAG ########################################################################## # diff --git a/images/5.6.20/cli/Dockerfile b/images/5.6.20/cli/Dockerfile index dea54dee..b848e480 100644 --- a/images/5.6.20/cli/Dockerfile +++ b/images/5.6.20/cli/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:5.6.20-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:5.6.20-fpm$PR_TAG ########################################################################## # diff --git a/images/5.6.20/phpunit/Dockerfile b/images/5.6.20/phpunit/Dockerfile index 30eacf21..c8e15b47 100644 --- a/images/5.6.20/phpunit/Dockerfile +++ b/images/5.6.20/phpunit/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:5.6.20-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:5.6.20-fpm$PR_TAG ########################################################################## # diff --git a/images/5.6/cli/Dockerfile b/images/5.6/cli/Dockerfile index 957400a3..5dbe9028 100644 --- a/images/5.6/cli/Dockerfile +++ b/images/5.6/cli/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:5.6-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:5.6-fpm$PR_TAG ########################################################################## # diff --git a/images/5.6/phpunit/Dockerfile b/images/5.6/phpunit/Dockerfile index 55cd25e7..dddd63d6 100644 --- a/images/5.6/phpunit/Dockerfile +++ b/images/5.6/phpunit/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:5.6-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:5.6-fpm$PR_TAG ########################################################################## # diff --git a/images/7.0/cli/Dockerfile b/images/7.0/cli/Dockerfile index 19194707..01e4bf73 100644 --- a/images/7.0/cli/Dockerfile +++ b/images/7.0/cli/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:7.0-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:7.0-fpm$PR_TAG ########################################################################## # diff --git a/images/7.0/phpunit/Dockerfile b/images/7.0/phpunit/Dockerfile index 69006449..34561920 100644 --- a/images/7.0/phpunit/Dockerfile +++ b/images/7.0/phpunit/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:7.0-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:7.0-fpm$PR_TAG ########################################################################## # diff --git a/images/7.1/cli/Dockerfile b/images/7.1/cli/Dockerfile index 399895f6..1de86622 100644 --- a/images/7.1/cli/Dockerfile +++ b/images/7.1/cli/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:7.1-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:7.1-fpm$PR_TAG ########################################################################## # diff --git a/images/7.1/phpunit/Dockerfile b/images/7.1/phpunit/Dockerfile index 7831b6a2..f6b7d971 100644 --- a/images/7.1/phpunit/Dockerfile +++ b/images/7.1/phpunit/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:7.1-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:7.1-fpm$PR_TAG ########################################################################## # diff --git a/images/7.2/cli/Dockerfile b/images/7.2/cli/Dockerfile index 4d9a0b16..763a12e2 100644 --- a/images/7.2/cli/Dockerfile +++ b/images/7.2/cli/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:7.2-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:7.2-fpm$PR_TAG ########################################################################## # diff --git a/images/7.2/phpunit/Dockerfile b/images/7.2/phpunit/Dockerfile index 4acd2d84..3dad39c8 100644 --- a/images/7.2/phpunit/Dockerfile +++ b/images/7.2/phpunit/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:7.2-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:7.2-fpm$PR_TAG ########################################################################## # diff --git a/images/7.3/cli/Dockerfile b/images/7.3/cli/Dockerfile index e81cffb4..94ad89c8 100644 --- a/images/7.3/cli/Dockerfile +++ b/images/7.3/cli/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:7.3-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:7.3-fpm$PR_TAG ########################################################################## # diff --git a/images/7.3/phpunit/Dockerfile b/images/7.3/phpunit/Dockerfile index 8eea3b0f..fc42d027 100644 --- a/images/7.3/phpunit/Dockerfile +++ b/images/7.3/phpunit/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:7.3-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:7.3-fpm$PR_TAG ########################################################################## # diff --git a/images/7.4/cli/Dockerfile b/images/7.4/cli/Dockerfile index 49c8cc14..281f4954 100644 --- a/images/7.4/cli/Dockerfile +++ b/images/7.4/cli/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:7.4-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:7.4-fpm$PR_TAG ########################################################################## # diff --git a/images/7.4/phpunit/Dockerfile b/images/7.4/phpunit/Dockerfile index a988c591..52b2810d 100644 --- a/images/7.4/phpunit/Dockerfile +++ b/images/7.4/phpunit/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:7.4-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:7.4-fpm$PR_TAG ########################################################################## # diff --git a/images/8.0/cli/Dockerfile b/images/8.0/cli/Dockerfile index ee1e540b..cbe30286 100644 --- a/images/8.0/cli/Dockerfile +++ b/images/8.0/cli/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:8.0-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:8.0-fpm$PR_TAG ########################################################################## # diff --git a/images/8.0/phpunit/Dockerfile b/images/8.0/phpunit/Dockerfile index 74d52da6..4834b5f4 100644 --- a/images/8.0/phpunit/Dockerfile +++ b/images/8.0/phpunit/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:8.0-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:8.0-fpm$PR_TAG ########################################################################## # diff --git a/images/8.1/cli/Dockerfile b/images/8.1/cli/Dockerfile index e314b90c..4d6caf87 100644 --- a/images/8.1/cli/Dockerfile +++ b/images/8.1/cli/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:8.1-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:8.1-fpm$PR_TAG ########################################################################## # diff --git a/images/8.1/phpunit/Dockerfile b/images/8.1/phpunit/Dockerfile index 1aee9bf0..28d0edf9 100644 --- a/images/8.1/phpunit/Dockerfile +++ b/images/8.1/phpunit/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:8.1-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:8.1-fpm$PR_TAG ########################################################################## # diff --git a/images/8.2/cli/Dockerfile b/images/8.2/cli/Dockerfile index 51991707..e509116e 100644 --- a/images/8.2/cli/Dockerfile +++ b/images/8.2/cli/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:8.2-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:8.2-fpm$PR_TAG ########################################################################## # diff --git a/images/8.2/phpunit/Dockerfile b/images/8.2/phpunit/Dockerfile index 691bb4eb..0d3d060b 100644 --- a/images/8.2/phpunit/Dockerfile +++ b/images/8.2/phpunit/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:8.2-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:8.2-fpm$PR_TAG ########################################################################## # diff --git a/images/8.3/cli/Dockerfile b/images/8.3/cli/Dockerfile index 09fd4541..e892a3e6 100644 --- a/images/8.3/cli/Dockerfile +++ b/images/8.3/cli/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:8.3-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:8.3-fpm$PR_TAG ########################################################################## # diff --git a/images/8.3/phpunit/Dockerfile b/images/8.3/phpunit/Dockerfile index 12ee5129..96578ade 100644 --- a/images/8.3/phpunit/Dockerfile +++ b/images/8.3/phpunit/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:8.3-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:8.3-fpm$PR_TAG ########################################################################## # diff --git a/images/8.4/cli/Dockerfile b/images/8.4/cli/Dockerfile index 91645574..99804b99 100644 --- a/images/8.4/cli/Dockerfile +++ b/images/8.4/cli/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:8.4-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:8.4-fpm$PR_TAG ########################################################################## # diff --git a/images/8.4/phpunit/Dockerfile b/images/8.4/phpunit/Dockerfile index 6c3a6f62..3da919b9 100644 --- a/images/8.4/phpunit/Dockerfile +++ b/images/8.4/phpunit/Dockerfile @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:8.4-fpm$PR_TAG +FROM $PHP_BASE_IMAGE:8.4-fpm$PR_TAG ########################################################################## # diff --git a/templates/Dockerfile-cli.template b/templates/Dockerfile-cli.template index c5d84caa..a7ddd25c 100644 --- a/templates/Dockerfile-cli.template +++ b/templates/Dockerfile-cli.template @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:%%VERSION_TAG%%$PR_TAG +FROM $PHP_BASE_IMAGE:%%VERSION_TAG%%$PR_TAG %%GENERATED_WARNING%% diff --git a/templates/Dockerfile-phpunit.template b/templates/Dockerfile-phpunit.template index 1cf4db31..5f485c78 100644 --- a/templates/Dockerfile-phpunit.template +++ b/templates/Dockerfile-phpunit.template @@ -1,6 +1,6 @@ -ARG PACKAGE_REGISTRY +ARG PHP_BASE_IMAGE ARG PR_TAG -FROM $PACKAGE_REGISTRY/php:%%VERSION_TAG%%$PR_TAG +FROM $PHP_BASE_IMAGE:%%VERSION_TAG%%$PR_TAG %%GENERATED_WARNING%% diff --git a/templates/workflow.yml-template b/templates/workflow.yml-template index f0592e17..34afcb17 100644 --- a/templates/workflow.yml-template +++ b/templates/workflow.yml-template @@ -17,10 +17,6 @@ on: - cron: '0 0 * * 0' env: - REGISTRY_USERNAME: garypendergast - REGISTRY_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - PACKAGE_REGISTRY_HOST: - PACKAGE_REGISTRY: wordpressdevelop PR_TAG: %%/DOCKER_HUB%% %%GITHUB%% @@ -31,10 +27,6 @@ on: workflow_dispatch: env: - REGISTRY_USERNAME: desrosj - REGISTRY_PASSWORD: ${{ secrets.GHCR_TOKEN }} - PACKAGE_REGISTRY_HOST: ghcr.io - PACKAGE_REGISTRY: ghcr.io/wordpress/wpdev-docker-images PR_TAG: -${{ github.event.number }} %%/GITHUB%% # Cancels all previous workflow runs for pull requests that have not completed. @@ -52,10 +44,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup PHP - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v.2.31.1 + uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v.2.33.0 with: php-version: 'latest' @@ -66,71 +58,238 @@ jobs: run: git diff --exit-code %%/GITHUB%% build-php-images: - name: PHP ${{ matrix.php }} Image - runs-on: ubuntu-latest + name: PHP ${{ matrix.php }} (${{ matrix.arch.type }}) Image + runs-on: ${{ matrix.arch.runner }} %%GITHUB%%needs: [ check-for-changes ]%%/GITHUB%% strategy: + fail-fast: false matrix: php: [ %%PHP_VERSION_LIST%% ] - env: - PHP_VERSION: ${{ matrix.php }} - PHP_LATEST: '%%PHP_LATEST%%' + arch: + - type: linux/amd64 + runner: ubuntu-24.04 + - type: linux/arm64 + runner: ubuntu-24.04-arm steps: - - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: Prepare + run: | + platform=php-${{ matrix.php }}-${{ matrix.arch.type }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Docker meta + id: meta + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # 5.7.0 + with: + images: %%GITHUB%%${{ vars.GHCR_PHP_IMAGE }}%%/GITHUB%%%%DOCKER_HUB%%${{ vars.DOCKERHUB_PHP_IMAGE }}%%/DOCKER_HUB%% + - name: Login to Registry + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # 3.4.0 + with: +%%GITHUB%% + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} +%%/GITHUB%% +%%DOCKER_HUB%% + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} +%%/DOCKER_HUB%% + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # 3.10.0 + + - name: Build and push by digest + id: build + uses: docker/build-push-action@v6 + with: + platforms: ${{ matrix.arch.type }} + labels: ${{ steps.meta.outputs.labels }} + tags: %%GITHUB%%${{ vars.GHCR_PHP_IMAGE }}%%/GITHUB%%%%DOCKER_HUB%%${{ vars.DOCKERHUB_PHP_IMAGE }}%%/DOCKER_HUB%% + outputs: type=image,push-by-digest=true,name-canonical=true,push=true + context: "{{defaultContext}}:images/${{ matrix.php }}/php" + build-args: | + PR_TAG=${{ env.PR_TAG }} - - name: Login to the package registry + - name: Export digest run: | - echo "$REGISTRY_PASSWORD" | docker login $PACKAGE_REGISTRY_HOST -u "$REGISTRY_USERNAME" --password-stdin + mkdir -p ${{ runner.temp }}/digests + digest="${{ steps.build.outputs.digest }}" + touch "${{ runner.temp }}/digests/${digest#sha256:}" + + - name: Upload digest + uses: actions/upload-artifact@v4 + with: + name: digests-${{ env.PLATFORM_PAIR }} + path: ${{ runner.temp }}/digests/* + if-no-files-found: error + retention-days: 1 + + complete-php-images-platform: + name: Package multi-arch container image for PHP ${{ matrix.php }} + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + php: [ %%PHP_VERSION_LIST%% ] + needs: + - build-php-images + steps: + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: ${{ runner.temp }}/digests + pattern: digests-php-${{ matrix.php }}-* + merge-multiple: true + + - name: Login to Registry + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # 3.4.0 + with: +%%GITHUB%% + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} +%%/GITHUB%% +%%DOCKER_HUB%% + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} +%%/DOCKER_HUB%% - - name: Build Docker image - run: docker build --build-arg PACKAGE_REGISTRY=$PACKAGE_REGISTRY --build-arg PR_TAG=$PR_TAG -t $PACKAGE_REGISTRY/php:$PHP_VERSION-fpm$PR_TAG images/$PHP_VERSION/php + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # 3.10.0 - - name: Log Docker images - run: docker images + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: %%GITHUB%%${{ vars.GHCR_PHP_IMAGE }}%%/GITHUB%%%%DOCKER_HUB%%${{ vars.DOCKERHUB_PHP_IMAGE }}%%/DOCKER_HUB%% + tags: | + type=raw,value=${{ matrix.php }}-fpm${{ env.PR_TAG }} + type=raw,value=latest${{ env.PR_TAG }},enable=${{ '%%PHP_LATEST%%' == matrix.php }} - - name: Push Docker image - run: docker push $PACKAGE_REGISTRY/php:$PHP_VERSION-fpm$PR_TAG + - name: Create manifest list and push + working-directory: ${{ runner.temp }}/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '%%GITHUB%%${{ vars.GHCR_PHP_IMAGE }}%%/GITHUB%%%%DOCKER_HUB%%${{ vars.DOCKERHUB_PHP_IMAGE }}%%/DOCKER_HUB%%@sha256:%s ' *) - - name: Push image as latest - if: ${{ env.PHP_LATEST == env.PHP_VERSION }} + - name: Inspect image run: | - docker image tag $PACKAGE_REGISTRY/php:$PHP_VERSION-fpm$PR_TAG $PACKAGE_REGISTRY/php:latest$PR_TAG - docker images - docker push $PACKAGE_REGISTRY/php:latest$PR_TAG + docker buildx imagetools inspect %%GITHUB%%${{ vars.GHCR_PHP_IMAGE }}%%/GITHUB%%%%DOCKER_HUB%%${{ vars.DOCKERHUB_PHP_IMAGE }}%%/DOCKER_HUB%%:${{ steps.meta.outputs.version }} build-cli-images: - name: CLI on PHP ${{ matrix.php }} - runs-on: ubuntu-latest - needs: build-php-images + name: Build CLI on PHP ${{ matrix.php }} (${{ matrix.arch.type }}) + runs-on: ${{ matrix.arch.runner }} + needs: complete-php-images-platform strategy: + fail-fast: false matrix: php: [ %%PHP_VERSION_LIST%% ] - - env: - PHP_VERSION: ${{ matrix.php }} - PHP_LATEST: '%%PHP_LATEST%%' + arch: + - type: linux/amd64 + runner: ubuntu-24.04 + - type: linux/arm64 + runner: ubuntu-24.04-arm steps: - - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: Prepare + run: | + platform=cli-${{ matrix.php }}-${{ matrix.arch.type }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Docker meta + id: meta + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # 5.7.0 + with: + images: %%GITHUB%%${{ vars.GHCR_CLI_IMAGE }}%%/GITHUB%%%%DOCKER_HUB%%${{ vars.DOCKERHUB_CLI_IMAGE }}%%/DOCKER_HUB%% + - name: Login to Registry + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # 3.4.0 + with: +%%GITHUB%% + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} +%%/GITHUB%% +%%DOCKER_HUB%% + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} +%%/DOCKER_HUB%% + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # 3.10.0 + + - name: Build and push by digest + id: build + uses: docker/build-push-action@v6 + with: + platforms: ${{ matrix.arch.type }} + labels: ${{ steps.meta.outputs.labels }} + tags: %%GITHUB%%${{ vars.GHCR_CLI_IMAGE }}%%/GITHUB%%%%DOCKER_HUB%%${{ vars.DOCKERHUB_CLI_IMAGE }}%%/DOCKER_HUB%% + outputs: type=image,push-by-digest=true,name-canonical=true,push=true + context: "{{defaultContext}}:images/${{ matrix.php }}/cli" + build-args: | + PHP_BASE_IMAGE=%%GITHUB%%${{ vars.GHCR_PHP_IMAGE }}%%/GITHUB%%%%DOCKER_HUB%%${{ vars.DOCKERHUB_PHP_IMAGE }}%%/DOCKER_HUB%% + PR_TAG=${{ env.PR_TAG }} - - name: Login to the package registry + - name: Export digest run: | - echo "$REGISTRY_PASSWORD" | docker login $PACKAGE_REGISTRY_HOST -u "$REGISTRY_USERNAME" --password-stdin + mkdir -p ${{ runner.temp }}/digests + digest="${{ steps.build.outputs.digest }}" + touch "${{ runner.temp }}/digests/${digest#sha256:}" - - name: Build Docker image - run: docker build --build-arg PACKAGE_REGISTRY=$PACKAGE_REGISTRY --build-arg PR_TAG=$PR_TAG -t $PACKAGE_REGISTRY/cli:$PHP_VERSION-fpm$PR_TAG images/$PHP_VERSION/cli + - name: Upload digest + uses: actions/upload-artifact@v4 + with: + name: digests-${{ env.PLATFORM_PAIR }} + path: ${{ runner.temp }}/digests/* + if-no-files-found: error + retention-days: 1 - - name: Log Docker images - run: docker images - - name: Push Docker image - run: docker push $PACKAGE_REGISTRY/cli:$PHP_VERSION-fpm$PR_TAG + complete-cli-images-platform: + name: Package multi-arch container image for CLI ${{ matrix.php }} + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + php: [ %%PHP_VERSION_LIST%% ] + needs: + - build-cli-images + steps: + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: ${{ runner.temp }}/digests + pattern: digests-cli-${{ matrix.php }}-* + merge-multiple: true + + - name: Login to Registry + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # 3.4.0 + with: +%%GITHUB%% + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} +%%/GITHUB%% +%%DOCKER_HUB%% + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} +%%/DOCKER_HUB%% + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # 3.10.0 + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: %%GITHUB%%${{ vars.GHCR_CLI_IMAGE }}%%/GITHUB%%%%DOCKER_HUB%%${{ vars.DOCKERHUB_CLI_IMAGE }}%%/DOCKER_HUB%% + tags: | + type=raw,value=${{ matrix.php }}-fpm${{ env.PR_TAG }} + type=raw,value=latest${{ env.PR_TAG }},enable=${{ '%%PHP_LATEST%%' == matrix.php }} + + - name: Create manifest list and push + working-directory: ${{ runner.temp }}/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '%%GITHUB%%${{ vars.GHCR_CLI_IMAGE }}%%/GITHUB%%%%DOCKER_HUB%%${{ vars.DOCKERHUB_CLI_IMAGE }}%%/DOCKER_HUB%%@sha256:%s ' *) - - name: Push image as latest - if: ${{ env.PHP_LATEST == env.PHP_VERSION }} + - name: Inspect image run: | - docker image tag $PACKAGE_REGISTRY/cli:$PHP_VERSION-fpm$PR_TAG $PACKAGE_REGISTRY/cli:latest$PR_TAG - docker push $PACKAGE_REGISTRY/cli:latest$PR_TAG + docker buildx imagetools inspect %%GITHUB%%${{ vars.GHCR_CLI_IMAGE }}%%/GITHUB%%%%DOCKER_HUB%%${{ vars.DOCKERHUB_CLI_IMAGE }}%%/DOCKER_HUB%%:${{ steps.meta.outputs.version }} From 1ea582f0f98f3f7b82dde7badfffc68245a432bd Mon Sep 17 00:00:00 2001 From: Zed Spencer-Milnes Date: Sun, 25 May 2025 14:37:34 +0100 Subject: [PATCH 2/8] Pin all actions to fixed commit hash --- .github/workflows/docker-hub.yml | 16 ++++++++-------- .github/workflows/github-container-registry.yml | 16 ++++++++-------- templates/workflow.yml-template | 16 ++++++++-------- 3 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/docker-hub.yml b/.github/workflows/docker-hub.yml index 0bef8c7f..96fd9467 100644 --- a/.github/workflows/docker-hub.yml +++ b/.github/workflows/docker-hub.yml @@ -72,7 +72,7 @@ jobs: - name: Build and push by digest id: build - uses: docker/build-push-action@v6 + uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # 6.17.0 with: platforms: ${{ matrix.arch.type }} labels: ${{ steps.meta.outputs.labels }} @@ -89,7 +89,7 @@ jobs: touch "${{ runner.temp }}/digests/${digest#sha256:}" - name: Upload digest - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2 with: name: digests-${{ env.PLATFORM_PAIR }} path: ${{ runner.temp }}/digests/* @@ -107,7 +107,7 @@ jobs: - build-php-images steps: - name: Download digests - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # 4.3.0 with: path: ${{ runner.temp }}/digests pattern: digests-php-${{ matrix.php }}-* @@ -127,7 +127,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # 5.7.0 with: images: ${{ vars.DOCKERHUB_PHP_IMAGE }} tags: | @@ -181,7 +181,7 @@ jobs: - name: Build and push by digest id: build - uses: docker/build-push-action@v6 + uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # 6.17.0 with: platforms: ${{ matrix.arch.type }} labels: ${{ steps.meta.outputs.labels }} @@ -199,7 +199,7 @@ jobs: touch "${{ runner.temp }}/digests/${digest#sha256:}" - name: Upload digest - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2 with: name: digests-${{ env.PLATFORM_PAIR }} path: ${{ runner.temp }}/digests/* @@ -218,7 +218,7 @@ jobs: - build-cli-images steps: - name: Download digests - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # 4.3.0 with: path: ${{ runner.temp }}/digests pattern: digests-cli-${{ matrix.php }}-* @@ -238,7 +238,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # 5.7.0 with: images: ${{ vars.DOCKERHUB_CLI_IMAGE }} tags: | diff --git a/.github/workflows/github-container-registry.yml b/.github/workflows/github-container-registry.yml index 58480d7f..f82d715f 100644 --- a/.github/workflows/github-container-registry.yml +++ b/.github/workflows/github-container-registry.yml @@ -82,7 +82,7 @@ jobs: - name: Build and push by digest id: build - uses: docker/build-push-action@v6 + uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # 6.17.0 with: platforms: ${{ matrix.arch.type }} labels: ${{ steps.meta.outputs.labels }} @@ -99,7 +99,7 @@ jobs: touch "${{ runner.temp }}/digests/${digest#sha256:}" - name: Upload digest - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2 with: name: digests-${{ env.PLATFORM_PAIR }} path: ${{ runner.temp }}/digests/* @@ -117,7 +117,7 @@ jobs: - build-php-images steps: - name: Download digests - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # 4.3.0 with: path: ${{ runner.temp }}/digests pattern: digests-php-${{ matrix.php }}-* @@ -138,7 +138,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # 5.7.0 with: images: ${{ vars.GHCR_PHP_IMAGE }} tags: | @@ -193,7 +193,7 @@ jobs: - name: Build and push by digest id: build - uses: docker/build-push-action@v6 + uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # 6.17.0 with: platforms: ${{ matrix.arch.type }} labels: ${{ steps.meta.outputs.labels }} @@ -211,7 +211,7 @@ jobs: touch "${{ runner.temp }}/digests/${digest#sha256:}" - name: Upload digest - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2 with: name: digests-${{ env.PLATFORM_PAIR }} path: ${{ runner.temp }}/digests/* @@ -230,7 +230,7 @@ jobs: - build-cli-images steps: - name: Download digests - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # 4.3.0 with: path: ${{ runner.temp }}/digests pattern: digests-cli-${{ matrix.php }}-* @@ -251,7 +251,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # 5.7.0 with: images: ${{ vars.GHCR_CLI_IMAGE }} tags: | diff --git a/templates/workflow.yml-template b/templates/workflow.yml-template index 34afcb17..ed86d26a 100644 --- a/templates/workflow.yml-template +++ b/templates/workflow.yml-template @@ -99,7 +99,7 @@ jobs: - name: Build and push by digest id: build - uses: docker/build-push-action@v6 + uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # 6.17.0 with: platforms: ${{ matrix.arch.type }} labels: ${{ steps.meta.outputs.labels }} @@ -116,7 +116,7 @@ jobs: touch "${{ runner.temp }}/digests/${digest#sha256:}" - name: Upload digest - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2 with: name: digests-${{ env.PLATFORM_PAIR }} path: ${{ runner.temp }}/digests/* @@ -134,7 +134,7 @@ jobs: - build-php-images steps: - name: Download digests - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # 4.3.0 with: path: ${{ runner.temp }}/digests pattern: digests-php-${{ matrix.php }}-* @@ -158,7 +158,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # 5.7.0 with: images: %%GITHUB%%${{ vars.GHCR_PHP_IMAGE }}%%/GITHUB%%%%DOCKER_HUB%%${{ vars.DOCKERHUB_PHP_IMAGE }}%%/DOCKER_HUB%% tags: | @@ -216,7 +216,7 @@ jobs: - name: Build and push by digest id: build - uses: docker/build-push-action@v6 + uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # 6.17.0 with: platforms: ${{ matrix.arch.type }} labels: ${{ steps.meta.outputs.labels }} @@ -234,7 +234,7 @@ jobs: touch "${{ runner.temp }}/digests/${digest#sha256:}" - name: Upload digest - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2 with: name: digests-${{ env.PLATFORM_PAIR }} path: ${{ runner.temp }}/digests/* @@ -253,7 +253,7 @@ jobs: - build-cli-images steps: - name: Download digests - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # 4.3.0 with: path: ${{ runner.temp }}/digests pattern: digests-cli-${{ matrix.php }}-* @@ -277,7 +277,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # 5.7.0 with: images: %%GITHUB%%${{ vars.GHCR_CLI_IMAGE }}%%/GITHUB%%%%DOCKER_HUB%%${{ vars.DOCKERHUB_CLI_IMAGE }}%%/DOCKER_HUB%% tags: | From 39262832fc463b886fb8237d34a021341cedc646 Mon Sep 17 00:00:00 2001 From: Jonathan Desrosiers Date: Mon, 23 Jun 2025 21:06:35 -0400 Subject: [PATCH 3/8] Adjustments following #168. --- .github/workflows/docker-hub.yml | 44 +++++++++++++------ .../workflows/github-container-registry.yml | 44 +++++++++++++------ templates/workflow.yml-template | 44 +++++++++++++------ 3 files changed, 90 insertions(+), 42 deletions(-) diff --git a/.github/workflows/docker-hub.yml b/.github/workflows/docker-hub.yml index e9a2e0ce..672a0379 100644 --- a/.github/workflows/docker-hub.yml +++ b/.github/workflows/docker-hub.yml @@ -42,6 +42,8 @@ jobs: name: PHP ${{ matrix.php }} (${{ matrix.arch.type }}) Image runs-on: ${{ matrix.arch.runner }} + permissions: + contents: read strategy: fail-fast: false matrix: @@ -51,11 +53,14 @@ jobs: runner: ubuntu-24.04 - type: linux/arm64 runner: ubuntu-24.04-arm + env: + PHP_VERSION: ${{ matrix.php }} + ARCH_TYPE: ${{ matrix.arch.type }} steps: - name: Prepare run: | - platform=php-${{ matrix.php }}-${{ matrix.arch.type }} + platform="php-$PHP_VERSION-$ARCH_TYPE" echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - name: Docker meta id: meta @@ -78,11 +83,11 @@ jobs: id: build uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # 6.17.0 with: - platforms: ${{ matrix.arch.type }} + platforms: ${{ env.ARCH_TYPE }} labels: ${{ steps.meta.outputs.labels }} tags: ${{ vars.DOCKERHUB_PHP_IMAGE }} outputs: type=image,push-by-digest=true,name-canonical=true,push=true - context: "{{defaultContext}}:images/${{ matrix.php }}/php" + context: "{{defaultContext}}:images/${{ env.PHP_VERSION }}/php" build-args: | PR_TAG=${{ env.PR_TAG }} @@ -109,12 +114,15 @@ jobs: php: [ '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4' ] needs: - build-php-images + env: + PHP_VERSION: ${{ matrix.php }} + steps: - name: Download digests uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # 4.3.0 with: path: ${{ runner.temp }}/digests - pattern: digests-php-${{ matrix.php }}-* + pattern: digests-php-${{ env.PHP_VERSION }}-* merge-multiple: true - name: Login to Registry @@ -135,13 +143,13 @@ jobs: with: images: ${{ vars.DOCKERHUB_PHP_IMAGE }} tags: | - type=raw,value=${{ matrix.php }}-fpm${{ env.PR_TAG }} - type=raw,value=latest${{ env.PR_TAG }},enable=${{ '8.2' == matrix.php }} + type=raw,value=${{ env.PHP_VERSION }}-fpm${{ env.PR_TAG }} + type=raw,value=latest${{ env.PR_TAG }},enable=${{ '8.2' == env.PHP_VERSION }} - name: Create manifest list and push working-directory: ${{ runner.temp }}/digests run: | - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + docker buildx imagetools create "$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON")" \ $(printf '${{ vars.DOCKERHUB_PHP_IMAGE }}@sha256:%s ' *) - name: Inspect image @@ -152,6 +160,8 @@ jobs: name: Build CLI on PHP ${{ matrix.php }} (${{ matrix.arch.type }}) runs-on: ${{ matrix.arch.runner }} needs: complete-php-images-platform + permissions: + contents: read strategy: fail-fast: false matrix: @@ -161,11 +171,14 @@ jobs: runner: ubuntu-24.04 - type: linux/arm64 runner: ubuntu-24.04-arm + env: + PHP_VERSION: ${{ matrix.php }} + ARCH_TYPE: ${{ matrix.arch.type }} steps: - name: Prepare run: | - platform=cli-${{ matrix.php }}-${{ matrix.arch.type }} + platform="cli-$PHP_VERSION-$ARCH_TYPE" echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - name: Docker meta id: meta @@ -187,11 +200,11 @@ jobs: id: build uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # 6.17.0 with: - platforms: ${{ matrix.arch.type }} + platforms: ${{ env.ARCH_TYPE }} labels: ${{ steps.meta.outputs.labels }} tags: ${{ vars.DOCKERHUB_CLI_IMAGE }} outputs: type=image,push-by-digest=true,name-canonical=true,push=true - context: "{{defaultContext}}:images/${{ matrix.php }}/cli" + context: "{{defaultContext}}:images/${{ env.PHP_VERSION }}/cli" build-args: | PHP_BASE_IMAGE=${{ vars.DOCKERHUB_PHP_IMAGE }} PR_TAG=${{ env.PR_TAG }} @@ -220,12 +233,15 @@ jobs: php: [ '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4' ] needs: - build-cli-images + env: + PHP_VERSION: ${{ matrix.php }} + steps: - name: Download digests uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # 4.3.0 with: path: ${{ runner.temp }}/digests - pattern: digests-cli-${{ matrix.php }}-* + pattern: digests-cli-${{ env.PHP_VERSION }}-* merge-multiple: true - name: Login to Registry @@ -246,13 +262,13 @@ jobs: with: images: ${{ vars.DOCKERHUB_CLI_IMAGE }} tags: | - type=raw,value=${{ matrix.php }}-fpm${{ env.PR_TAG }} - type=raw,value=latest${{ env.PR_TAG }},enable=${{ '8.2' == matrix.php }} + type=raw,value=${{ env.PHP_VERSION }}-fpm${{ env.PR_TAG }} + type=raw,value=latest${{ env.PR_TAG }},enable=${{ '8.2' == env.PHP_VERSION }} - name: Create manifest list and push working-directory: ${{ runner.temp }}/digests run: | - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + docker buildx imagetools create "$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON")" \ $(printf '${{ vars.DOCKERHUB_CLI_IMAGE }}@sha256:%s ' *) - name: Inspect image diff --git a/.github/workflows/github-container-registry.yml b/.github/workflows/github-container-registry.yml index 1ebc891f..69cdd9bd 100644 --- a/.github/workflows/github-container-registry.yml +++ b/.github/workflows/github-container-registry.yml @@ -55,6 +55,8 @@ jobs: name: PHP ${{ matrix.php }} (${{ matrix.arch.type }}) Image runs-on: ${{ matrix.arch.runner }} needs: [ check-for-changes ] + permissions: + contents: read strategy: fail-fast: false matrix: @@ -64,11 +66,14 @@ jobs: runner: ubuntu-24.04 - type: linux/arm64 runner: ubuntu-24.04-arm + env: + PHP_VERSION: ${{ matrix.php }} + ARCH_TYPE: ${{ matrix.arch.type }} steps: - name: Prepare run: | - platform=php-${{ matrix.php }}-${{ matrix.arch.type }} + platform="php-$PHP_VERSION-$ARCH_TYPE" echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - name: Docker meta id: meta @@ -92,11 +97,11 @@ jobs: id: build uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # 6.17.0 with: - platforms: ${{ matrix.arch.type }} + platforms: ${{ env.ARCH_TYPE }} labels: ${{ steps.meta.outputs.labels }} tags: ${{ vars.GHCR_PHP_IMAGE }} outputs: type=image,push-by-digest=true,name-canonical=true,push=true - context: "{{defaultContext}}:images/${{ matrix.php }}/php" + context: "{{defaultContext}}:images/${{ env.PHP_VERSION }}/php" build-args: | PR_TAG=${{ env.PR_TAG }} @@ -123,12 +128,15 @@ jobs: php: [ '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4' ] needs: - build-php-images + env: + PHP_VERSION: ${{ matrix.php }} + steps: - name: Download digests uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # 4.3.0 with: path: ${{ runner.temp }}/digests - pattern: digests-php-${{ matrix.php }}-* + pattern: digests-php-${{ env.PHP_VERSION }}-* merge-multiple: true - name: Login to Registry @@ -150,13 +158,13 @@ jobs: with: images: ${{ vars.GHCR_PHP_IMAGE }} tags: | - type=raw,value=${{ matrix.php }}-fpm${{ env.PR_TAG }} - type=raw,value=latest${{ env.PR_TAG }},enable=${{ '8.2' == matrix.php }} + type=raw,value=${{ env.PHP_VERSION }}-fpm${{ env.PR_TAG }} + type=raw,value=latest${{ env.PR_TAG }},enable=${{ '8.2' == env.PHP_VERSION }} - name: Create manifest list and push working-directory: ${{ runner.temp }}/digests run: | - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + docker buildx imagetools create "$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON")" \ $(printf '${{ vars.GHCR_PHP_IMAGE }}@sha256:%s ' *) - name: Inspect image @@ -167,6 +175,8 @@ jobs: name: Build CLI on PHP ${{ matrix.php }} (${{ matrix.arch.type }}) runs-on: ${{ matrix.arch.runner }} needs: complete-php-images-platform + permissions: + contents: read strategy: fail-fast: false matrix: @@ -176,11 +186,14 @@ jobs: runner: ubuntu-24.04 - type: linux/arm64 runner: ubuntu-24.04-arm + env: + PHP_VERSION: ${{ matrix.php }} + ARCH_TYPE: ${{ matrix.arch.type }} steps: - name: Prepare run: | - platform=cli-${{ matrix.php }}-${{ matrix.arch.type }} + platform="cli-$PHP_VERSION-$ARCH_TYPE" echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - name: Docker meta id: meta @@ -203,11 +216,11 @@ jobs: id: build uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # 6.17.0 with: - platforms: ${{ matrix.arch.type }} + platforms: ${{ env.ARCH_TYPE }} labels: ${{ steps.meta.outputs.labels }} tags: ${{ vars.GHCR_CLI_IMAGE }} outputs: type=image,push-by-digest=true,name-canonical=true,push=true - context: "{{defaultContext}}:images/${{ matrix.php }}/cli" + context: "{{defaultContext}}:images/${{ env.PHP_VERSION }}/cli" build-args: | PHP_BASE_IMAGE=${{ vars.GHCR_PHP_IMAGE }} PR_TAG=${{ env.PR_TAG }} @@ -236,12 +249,15 @@ jobs: php: [ '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4' ] needs: - build-cli-images + env: + PHP_VERSION: ${{ matrix.php }} + steps: - name: Download digests uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # 4.3.0 with: path: ${{ runner.temp }}/digests - pattern: digests-cli-${{ matrix.php }}-* + pattern: digests-cli-${{ env.PHP_VERSION }}-* merge-multiple: true - name: Login to Registry @@ -263,13 +279,13 @@ jobs: with: images: ${{ vars.GHCR_CLI_IMAGE }} tags: | - type=raw,value=${{ matrix.php }}-fpm${{ env.PR_TAG }} - type=raw,value=latest${{ env.PR_TAG }},enable=${{ '8.2' == matrix.php }} + type=raw,value=${{ env.PHP_VERSION }}-fpm${{ env.PR_TAG }} + type=raw,value=latest${{ env.PR_TAG }},enable=${{ '8.2' == env.PHP_VERSION }} - name: Create manifest list and push working-directory: ${{ runner.temp }}/digests run: | - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + docker buildx imagetools create "$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON")" \ $(printf '${{ vars.GHCR_CLI_IMAGE }}@sha256:%s ' *) - name: Inspect image diff --git a/templates/workflow.yml-template b/templates/workflow.yml-template index 9dc2ed5c..32836f9d 100644 --- a/templates/workflow.yml-template +++ b/templates/workflow.yml-template @@ -69,6 +69,8 @@ jobs: name: PHP ${{ matrix.php }} (${{ matrix.arch.type }}) Image runs-on: ${{ matrix.arch.runner }} %%GITHUB%%needs: [ check-for-changes ]%%/GITHUB%% + permissions: + contents: read strategy: fail-fast: false matrix: @@ -78,11 +80,14 @@ jobs: runner: ubuntu-24.04 - type: linux/arm64 runner: ubuntu-24.04-arm + env: + PHP_VERSION: ${{ matrix.php }} + ARCH_TYPE: ${{ matrix.arch.type }} steps: - name: Prepare run: | - platform=php-${{ matrix.php }}-${{ matrix.arch.type }} + platform="php-$PHP_VERSION-$ARCH_TYPE" echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - name: Docker meta id: meta @@ -109,11 +114,11 @@ jobs: id: build uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # 6.17.0 with: - platforms: ${{ matrix.arch.type }} + platforms: ${{ env.ARCH_TYPE }} labels: ${{ steps.meta.outputs.labels }} tags: %%GITHUB%%${{ vars.GHCR_PHP_IMAGE }}%%/GITHUB%%%%DOCKER_HUB%%${{ vars.DOCKERHUB_PHP_IMAGE }}%%/DOCKER_HUB%% outputs: type=image,push-by-digest=true,name-canonical=true,push=true - context: "{{defaultContext}}:images/${{ matrix.php }}/php" + context: "{{defaultContext}}:images/${{ env.PHP_VERSION }}/php" build-args: | PR_TAG=${{ env.PR_TAG }} @@ -140,12 +145,15 @@ jobs: php: [ %%PHP_VERSION_LIST%% ] needs: - build-php-images + env: + PHP_VERSION: ${{ matrix.php }} + steps: - name: Download digests uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # 4.3.0 with: path: ${{ runner.temp }}/digests - pattern: digests-php-${{ matrix.php }}-* + pattern: digests-php-${{ env.PHP_VERSION }}-* merge-multiple: true - name: Login to Registry @@ -170,13 +178,13 @@ jobs: with: images: %%GITHUB%%${{ vars.GHCR_PHP_IMAGE }}%%/GITHUB%%%%DOCKER_HUB%%${{ vars.DOCKERHUB_PHP_IMAGE }}%%/DOCKER_HUB%% tags: | - type=raw,value=${{ matrix.php }}-fpm${{ env.PR_TAG }} - type=raw,value=latest${{ env.PR_TAG }},enable=${{ '%%PHP_LATEST%%' == matrix.php }} + type=raw,value=${{ env.PHP_VERSION }}-fpm${{ env.PR_TAG }} + type=raw,value=latest${{ env.PR_TAG }},enable=${{ '%%PHP_LATEST%%' == env.PHP_VERSION }} - name: Create manifest list and push working-directory: ${{ runner.temp }}/digests run: | - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + docker buildx imagetools create "$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON")" \ $(printf '%%GITHUB%%${{ vars.GHCR_PHP_IMAGE }}%%/GITHUB%%%%DOCKER_HUB%%${{ vars.DOCKERHUB_PHP_IMAGE }}%%/DOCKER_HUB%%@sha256:%s ' *) - name: Inspect image @@ -187,6 +195,8 @@ jobs: name: Build CLI on PHP ${{ matrix.php }} (${{ matrix.arch.type }}) runs-on: ${{ matrix.arch.runner }} needs: complete-php-images-platform + permissions: + contents: read strategy: fail-fast: false matrix: @@ -196,11 +206,14 @@ jobs: runner: ubuntu-24.04 - type: linux/arm64 runner: ubuntu-24.04-arm + env: + PHP_VERSION: ${{ matrix.php }} + ARCH_TYPE: ${{ matrix.arch.type }} steps: - name: Prepare run: | - platform=cli-${{ matrix.php }}-${{ matrix.arch.type }} + platform="cli-$PHP_VERSION-$ARCH_TYPE" echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - name: Docker meta id: meta @@ -226,11 +239,11 @@ jobs: id: build uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # 6.17.0 with: - platforms: ${{ matrix.arch.type }} + platforms: ${{ env.ARCH_TYPE }} labels: ${{ steps.meta.outputs.labels }} tags: %%GITHUB%%${{ vars.GHCR_CLI_IMAGE }}%%/GITHUB%%%%DOCKER_HUB%%${{ vars.DOCKERHUB_CLI_IMAGE }}%%/DOCKER_HUB%% outputs: type=image,push-by-digest=true,name-canonical=true,push=true - context: "{{defaultContext}}:images/${{ matrix.php }}/cli" + context: "{{defaultContext}}:images/${{ env.PHP_VERSION }}/cli" build-args: | PHP_BASE_IMAGE=%%GITHUB%%${{ vars.GHCR_PHP_IMAGE }}%%/GITHUB%%%%DOCKER_HUB%%${{ vars.DOCKERHUB_PHP_IMAGE }}%%/DOCKER_HUB%% PR_TAG=${{ env.PR_TAG }} @@ -259,12 +272,15 @@ jobs: php: [ %%PHP_VERSION_LIST%% ] needs: - build-cli-images + env: + PHP_VERSION: ${{ matrix.php }} + steps: - name: Download digests uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # 4.3.0 with: path: ${{ runner.temp }}/digests - pattern: digests-cli-${{ matrix.php }}-* + pattern: digests-cli-${{ env.PHP_VERSION }}-* merge-multiple: true - name: Login to Registry @@ -289,13 +305,13 @@ jobs: with: images: %%GITHUB%%${{ vars.GHCR_CLI_IMAGE }}%%/GITHUB%%%%DOCKER_HUB%%${{ vars.DOCKERHUB_CLI_IMAGE }}%%/DOCKER_HUB%% tags: | - type=raw,value=${{ matrix.php }}-fpm${{ env.PR_TAG }} - type=raw,value=latest${{ env.PR_TAG }},enable=${{ '%%PHP_LATEST%%' == matrix.php }} + type=raw,value=${{ env.PHP_VERSION }}-fpm${{ env.PR_TAG }} + type=raw,value=latest${{ env.PR_TAG }},enable=${{ '%%PHP_LATEST%%' == env.PHP_VERSION }} - name: Create manifest list and push working-directory: ${{ runner.temp }}/digests run: | - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + docker buildx imagetools create "$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON")" \ $(printf '%%GITHUB%%${{ vars.GHCR_CLI_IMAGE }}%%/GITHUB%%%%DOCKER_HUB%%${{ vars.DOCKERHUB_CLI_IMAGE }}%%/DOCKER_HUB%%@sha256:%s ' *) - name: Inspect image From 830bdf447da71fed0152875ace9fe08d461410a2 Mon Sep 17 00:00:00 2001 From: Jonathan Desrosiers Date: Mon, 23 Jun 2025 21:18:00 -0400 Subject: [PATCH 4/8] Clean up a few zizmor issues. --- .github/workflows/docker-hub.yml | 4 ++-- .github/workflows/github-container-registry.yml | 4 ++-- templates/workflow.yml-template | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/docker-hub.yml b/.github/workflows/docker-hub.yml index 672a0379..d58523db 100644 --- a/.github/workflows/docker-hub.yml +++ b/.github/workflows/docker-hub.yml @@ -60,7 +60,7 @@ jobs: steps: - name: Prepare run: | - platform="php-$PHP_VERSION-$ARCH_TYPE" + platform="php-${PHP_VERSION}-${ARCH_TYPE}" echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - name: Docker meta id: meta @@ -178,7 +178,7 @@ jobs: steps: - name: Prepare run: | - platform="cli-$PHP_VERSION-$ARCH_TYPE" + platform="cli-${PHP_VERSION}-${ARCH_TYPE}" echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - name: Docker meta id: meta diff --git a/.github/workflows/github-container-registry.yml b/.github/workflows/github-container-registry.yml index 69cdd9bd..2eb183fa 100644 --- a/.github/workflows/github-container-registry.yml +++ b/.github/workflows/github-container-registry.yml @@ -73,7 +73,7 @@ jobs: steps: - name: Prepare run: | - platform="php-$PHP_VERSION-$ARCH_TYPE" + platform="php-${PHP_VERSION}-${ARCH_TYPE}" echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - name: Docker meta id: meta @@ -193,7 +193,7 @@ jobs: steps: - name: Prepare run: | - platform="cli-$PHP_VERSION-$ARCH_TYPE" + platform="cli-${PHP_VERSION}-${ARCH_TYPE}" echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - name: Docker meta id: meta diff --git a/templates/workflow.yml-template b/templates/workflow.yml-template index 32836f9d..e2ead564 100644 --- a/templates/workflow.yml-template +++ b/templates/workflow.yml-template @@ -87,7 +87,7 @@ jobs: steps: - name: Prepare run: | - platform="php-$PHP_VERSION-$ARCH_TYPE" + platform="php-${PHP_VERSION}-${ARCH_TYPE}" echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - name: Docker meta id: meta @@ -213,7 +213,7 @@ jobs: steps: - name: Prepare run: | - platform="cli-$PHP_VERSION-$ARCH_TYPE" + platform="cli-${PHP_VERSION}-${ARCH_TYPE}" echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - name: Docker meta id: meta From 48fc4acd8e2f6d520fbfd5fb8cf7acd19ae4e0e0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Jun 2025 01:21:44 +0000 Subject: [PATCH 5/8] Bump the github-actions group with 3 updates Bumps the github-actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [shivammathur/setup-php](https://github.com/shivammathur/setup-php) and [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv). Updates `actions/checkout` from 4.1.7 to 4.2.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.1.7...11bd71901bbe5b1630ceea73d27597364c9af683) Updates `shivammathur/setup-php` from 2.31.1 to 2.34.1 - [Release notes](https://github.com/shivammathur/setup-php/releases) - [Commits](https://github.com/shivammathur/setup-php/compare/c541c155eee45413f5b09a52248675b1a2575231...0f7f1d08e3e32076e51cae65eb0b0c871405b16e) Updates `astral-sh/setup-uv` from 6.1.0 to 6.3.0 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](https://github.com/astral-sh/setup-uv/compare/f0ec1fc3b38f5e7cd731bb6ce540c5af426746bb...445689ea25e0de0a23313031f5fe577c74ae45a1) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 4.2.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: shivammathur/setup-php dependency-version: 2.34.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: astral-sh/setup-uv dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/docker-hub.yml | 4 ++-- .github/workflows/github-container-registry.yml | 8 ++++---- .github/workflows/reusable-workflow-lint.yml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/docker-hub.yml b/.github/workflows/docker-hub.yml index a2cab7b6..2353d8d6 100644 --- a/.github/workflows/docker-hub.yml +++ b/.github/workflows/docker-hub.yml @@ -57,7 +57,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -102,7 +102,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false diff --git a/.github/workflows/github-container-registry.yml b/.github/workflows/github-container-registry.yml index ccf7883d..9290b88b 100644 --- a/.github/workflows/github-container-registry.yml +++ b/.github/workflows/github-container-registry.yml @@ -40,12 +40,12 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup PHP - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v.2.31.1 + uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v.2.34.1 with: php-version: 'latest' @@ -70,7 +70,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -115,7 +115,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false diff --git a/.github/workflows/reusable-workflow-lint.yml b/.github/workflows/reusable-workflow-lint.yml index 1511d71b..0b9778aa 100644 --- a/.github/workflows/reusable-workflow-lint.yml +++ b/.github/workflows/reusable-workflow-lint.yml @@ -94,7 +94,7 @@ jobs: persist-credentials: false - name: Install the latest version of uv - uses: astral-sh/setup-uv@f0ec1fc3b38f5e7cd731bb6ce540c5af426746bb # v6.1.0 + uses: astral-sh/setup-uv@445689ea25e0de0a23313031f5fe577c74ae45a1 # v6.3.0 - name: Run zizmor run: uvx zizmor@1.9.0 --format sarif . > results.sarif From 8807e6162a15954fe324c26ac95cf186f1588e60 Mon Sep 17 00:00:00 2001 From: Jonathan Desrosiers Date: Mon, 23 Jun 2025 21:41:41 -0400 Subject: [PATCH 6/8] Commit built file changes. --- .github/workflows/docker-hub.yml | 4 ++-- .github/workflows/github-container-registry.yml | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/docker-hub.yml b/.github/workflows/docker-hub.yml index 2353d8d6..a2cab7b6 100644 --- a/.github/workflows/docker-hub.yml +++ b/.github/workflows/docker-hub.yml @@ -57,7 +57,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false @@ -102,7 +102,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false diff --git a/.github/workflows/github-container-registry.yml b/.github/workflows/github-container-registry.yml index 9290b88b..ccf7883d 100644 --- a/.github/workflows/github-container-registry.yml +++ b/.github/workflows/github-container-registry.yml @@ -40,12 +40,12 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false - name: Setup PHP - uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v.2.34.1 + uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v.2.31.1 with: php-version: 'latest' @@ -70,7 +70,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false @@ -115,7 +115,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false From f2b1bfac7ee39e6b033f417776d136f7926602df Mon Sep 17 00:00:00 2001 From: Jonathan Desrosiers Date: Mon, 23 Jun 2025 21:44:41 -0400 Subject: [PATCH 7/8] Correctly apply updates. --- .github/workflows/docker-hub.yml | 4 ++-- .github/workflows/github-container-registry.yml | 8 ++++---- templates/workflow.yml-template | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/docker-hub.yml b/.github/workflows/docker-hub.yml index a2cab7b6..2353d8d6 100644 --- a/.github/workflows/docker-hub.yml +++ b/.github/workflows/docker-hub.yml @@ -57,7 +57,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -102,7 +102,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false diff --git a/.github/workflows/github-container-registry.yml b/.github/workflows/github-container-registry.yml index ccf7883d..c9aae92d 100644 --- a/.github/workflows/github-container-registry.yml +++ b/.github/workflows/github-container-registry.yml @@ -40,12 +40,12 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup PHP - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v.2.31.1 + uses: shivshivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v.2.34.1 with: php-version: 'latest' @@ -70,7 +70,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -115,7 +115,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false diff --git a/templates/workflow.yml-template b/templates/workflow.yml-template index bd63b89b..ad3972d4 100644 --- a/templates/workflow.yml-template +++ b/templates/workflow.yml-template @@ -58,12 +58,12 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup PHP - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v.2.31.1 + uses: shivshivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v.2.34.1 with: php-version: 'latest' @@ -88,7 +88,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -133,7 +133,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false From dfd421668cd795d278e0540eac39430685e97403 Mon Sep 17 00:00:00 2001 From: Jonathan Desrosiers Date: Mon, 23 Jun 2025 21:46:49 -0400 Subject: [PATCH 8/8] Fix typo in action name. --- .github/workflows/github-container-registry.yml | 2 +- templates/workflow.yml-template | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/github-container-registry.yml b/.github/workflows/github-container-registry.yml index c9aae92d..9290b88b 100644 --- a/.github/workflows/github-container-registry.yml +++ b/.github/workflows/github-container-registry.yml @@ -45,7 +45,7 @@ jobs: persist-credentials: false - name: Setup PHP - uses: shivshivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v.2.34.1 + uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v.2.34.1 with: php-version: 'latest' diff --git a/templates/workflow.yml-template b/templates/workflow.yml-template index ad3972d4..50a998f6 100644 --- a/templates/workflow.yml-template +++ b/templates/workflow.yml-template @@ -63,7 +63,7 @@ jobs: persist-credentials: false - name: Setup PHP - uses: shivshivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v.2.34.1 + uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v.2.34.1 with: php-version: 'latest'