chore: release 1.19.3 #88
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and publish images for tag | |
| on: | |
| push: | |
| tags: | |
| - '*' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| env: | |
| DEPOT_PROJECT_ID: ${{ secrets.DEPOT_PROJECT_ID }} | |
| jobs: | |
| build-and-export: | |
| name: Build and export PHP ${{ matrix.php }} (${{ matrix.arch }}) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| php: ["7.2", "7.3", "7.4", "8.0", "8.1", "8.2", "8.3", "8.4", "8.5"] | |
| arch: [x86_64, arm64] | |
| steps: | |
| - name: Set up QEMU to run ARM images | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Depot | |
| uses: depot/setup-action@v1 | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Determine Platform and Directory | |
| id: meta | |
| run: | | |
| VERSION_CLEAN=$(echo ${{ matrix.php }} | sed 's/\.//g') | |
| if [ "${{ matrix.arch }}" = "x86_64" ]; then | |
| echo "repo=ymirapp/php-runtime" >> $GITHUB_OUTPUT | |
| echo "platform=linux/amd64" >> $GITHUB_OUTPUT | |
| echo "archive_filename=php-$VERSION_CLEAN" >> $GITHUB_OUTPUT | |
| else | |
| echo "repo=ymirapp/arm-php-runtime" >> $GITHUB_OUTPUT | |
| echo "platform=linux/arm64" >> $GITHUB_OUTPUT | |
| echo "archive_filename=arm-php-$VERSION_CLEAN" >> $GITHUB_OUTPUT | |
| fi | |
| echo "tag=php-$VERSION_CLEAN" >> $GITHUB_OUTPUT | |
| echo "compat_tag=php-${{ matrix.php }}" >> $GITHUB_OUTPUT | |
| echo "dir=php-$VERSION_CLEAN" >> $GITHUB_OUTPUT | |
| - name: Build and Load Image | |
| uses: depot/build-push-action@v1 | |
| with: | |
| project: ${{ secrets.DEPOT_PROJECT_ID }} | |
| context: runtime | |
| file: runtime/${{ steps.meta.outputs.dir }}/Dockerfile | |
| platforms: ${{ steps.meta.outputs.platform }} | |
| load: true | |
| tags: | | |
| ${{ steps.meta.outputs.repo }}:${{ steps.meta.outputs.tag }} | |
| ${{ steps.meta.outputs.repo }}:${{ steps.meta.outputs.compat_tag }} | |
| build-args: | | |
| CPU_ARCHITECTURE=${{ matrix.arch }} | |
| DOCKER_PLATFORM=${{ steps.meta.outputs.platform }} | |
| - name: Verify Image | |
| run: ./runtime/test-image.sh ${{ steps.meta.outputs.repo }}:${{ steps.meta.outputs.tag }} ${{ steps.meta.outputs.platform }} | |
| - name: Build and Push Image | |
| uses: depot/build-push-action@v1 | |
| with: | |
| project: ${{ secrets.DEPOT_PROJECT_ID }} | |
| context: runtime | |
| file: runtime/${{ steps.meta.outputs.dir }}/Dockerfile | |
| platforms: ${{ steps.meta.outputs.platform }} | |
| push: true | |
| tags: | | |
| ${{ steps.meta.outputs.repo }}:${{ steps.meta.outputs.tag }} | |
| ${{ steps.meta.outputs.repo }}:${{ steps.meta.outputs.compat_tag }} | |
| build-args: | | |
| CPU_ARCHITECTURE=${{ matrix.arch }} | |
| DOCKER_PLATFORM=${{ steps.meta.outputs.platform }} | |
| - name: Verify Tag Aliases | |
| run: | | |
| CANONICAL_IMAGE="${{ steps.meta.outputs.repo }}:${{ steps.meta.outputs.tag }}" | |
| COMPAT_IMAGE="${{ steps.meta.outputs.repo }}:${{ steps.meta.outputs.compat_tag }}" | |
| TARGET_ARCH="${{ matrix.arch }}" | |
| if [ "$TARGET_ARCH" = "x86_64" ]; then | |
| TARGET_ARCH="amd64" | |
| fi | |
| resolve_digest() { | |
| IMAGE="$1" | |
| ARCH="$2" | |
| docker manifest inspect "$IMAGE" | python3 -c "import json,sys; arch=sys.argv[1]; doc=json.load(sys.stdin); digest=doc.get('config', {}).get('digest', ''); manifests=doc.get('manifests', []); print(digest or next((m.get('digest', '') for m in manifests if m.get('platform', {}).get('os') == 'linux' and m.get('platform', {}).get('architecture') == arch), ''))" "$ARCH" | |
| } | |
| CANONICAL_DIGEST=$(resolve_digest "$CANONICAL_IMAGE" "$TARGET_ARCH") | |
| COMPAT_DIGEST=$(resolve_digest "$COMPAT_IMAGE" "$TARGET_ARCH") | |
| if [ -z "$CANONICAL_DIGEST" ] || [ -z "$COMPAT_DIGEST" ]; then | |
| echo "[FAIL] Unable to resolve digest for tag aliases" | |
| echo "canonical=$CANONICAL_IMAGE digest=$CANONICAL_DIGEST" | |
| echo "compat=$COMPAT_IMAGE digest=$COMPAT_DIGEST" | |
| exit 1 | |
| fi | |
| if [ "$CANONICAL_DIGEST" != "$COMPAT_DIGEST" ]; then | |
| echo "[FAIL] Tag aliases point to different images" | |
| echo "canonical=$CANONICAL_IMAGE digest=$CANONICAL_DIGEST" | |
| echo "compat=$COMPAT_IMAGE digest=$COMPAT_DIGEST" | |
| exit 1 | |
| fi | |
| echo "[OK] Tag aliases are in sync: $CANONICAL_DIGEST" | |
| - name: Export Layer ZIP | |
| run: | | |
| mkdir -p build | |
| docker run --rm --platform ${{ steps.meta.outputs.platform }} --entrypoint "/export.sh" \ | |
| --env ARCHIVE_FILENAME=${{ steps.meta.outputs.archive_filename }} \ | |
| --volume ${{ github.workspace }}:/ymir \ | |
| --volume ${{ github.workspace }}/runtime/export.sh:/export.sh:ro \ | |
| ${{ steps.meta.outputs.repo }}:${{ steps.meta.outputs.tag }} . | |
| - name: Upload Individual Layer | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: layer-${{ steps.meta.outputs.archive_filename }} | |
| path: build/${{ steps.meta.outputs.archive_filename }}.zip | |
| collect-layers: | |
| name: Collect and Save Layers | |
| needs: build-and-export | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download all layer artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: build | |
| pattern: layer-* | |
| merge-multiple: true | |
| - name: Upload final layers artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: layers | |
| path: build |