Skip to content
Docker

Genericize variable names #43

Sign in to view logs

Genericize variable names

Genericize variable names #43

Workflow file for this run

.github/workflows/docker.yml at 2de3511
name: Docker
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
on:
workflow_dispatch:
push:
branches: [ "main" ]
# Publish semver tags as releases.
tags: [ 'v*.*.*' ]
pull_request:
branches: [ "main" ]
env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}
# Set VERSION from tag if present, else fetch latest
VERSION: ${{ github.ref_type == 'tag' && github.ref_name || '' }}
jobs:
prepare:
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
VERSION: ${{ steps.determine_version.outputs.VERSION }}
steps:
- name: Determine Moodle version
id: determine_version
run: |
if [ -z "${VERSION}" ]; then
# Fetch all tags, filter for stable releases, sort, and pick the highest
TAGS=$(curl -s "https://api.github.com/repos/moodle/moodle/tags?per_page=1000" | jq -r '.[].name' | grep -E '^v?[0-9]+\.[0-9]+\.[0-9]+$' | sed 's/^v//')
LATEST=$(echo "$TAGS" | sort -V | tail -n1)
echo "VERSION=$LATEST" >> $GITHUB_OUTPUT
else
echo "VERSION=${VERSION#v}" >> $GITHUB_OUTPUT
fi
env:
VERSION: ${{ env.VERSION }}
docker:
needs: prepare
runs-on: ${{ matrix.platform == 'linux/amd64' && 'ubuntu-latest' || 'ubuntu-24.04-arm' }}
strategy:
fail-fast: false
matrix:
platform:
- linux/amd64
- linux/arm64
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
env:
VERSION: ${{ needs.prepare.outputs.VERSION }}
steps:
- name: Set platform pair
id: set_platform_pair
run: |
echo "platform_pair=${{ matrix.platform }}" | sed 's#/#-#g' >> $GITHUB_OUTPUT
- name: Checkout repository
uses: actions/checkout@v3
# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/[email protected] #v2.6.0
with:
cosign-release: 'v2.2.0'
# Added as suggestion to fix https://github.com/docker/buildx/issues/499#issuecomment-763920971
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
# Workaround: https://github.com/docker/build-push-action/issues/461
- name: Setup Docker buildx
uses: docker/setup-buildx-action@v3
- name: Parse Moodle major and minor version
id: parse_version
run: |
VERSION="${{ env.VERSION }}"
MAJOR=$(echo "$VERSION" | cut -d. -f1)
MINOR=$(echo "$VERSION" | cut -d. -f2)
MINOR_PADDED=$(printf "%02d" "$MINOR")
echo "MAJOR=$MAJOR" >> $GITHUB_OUTPUT
echo "MINOR=$MINOR_PADDED" >> $GITHUB_OUTPUT
- name: Checkout Moodle repository
uses: actions/checkout@v3
with:
repository: moodle/moodle
ref: MOODLE_${{ steps.parse_version.outputs.MAJOR }}${{ steps.parse_version.outputs.MINOR }}_STABLE
path: moodle-src
- name: Determine required PHP version
id: php_version
run: |
# Parse minimum PHP version from moodle-src/lib/phpminimumversionlib.php
MIN_PHP=$(grep "minimumversion" moodle-src/lib/phpminimumversionlib.php | head -1 | sed -E \
-e "s/.*'(.*)'.*/\1/")
echo "Minimum required PHP version: $MIN_PHP"
# Extract the major.minor part
PHP_SERIES=$(echo "$MIN_PHP" | awk -F. '{print $1 "." $2}')
# Fetch all PHP versions from Docker Hub
PHP_TAGS=$(curl -s 'https://registry.hub.docker.com/v2/repositories/library/php/tags?page_size=1000' | jq -r '.results[].name' | grep -E "^$PHP_SERIES\\.[0-9]+-fpm-alpine$" | sed 's/-fpm-alpine//')
# Select the highest bugfix version in the required series
SELECTED_PHP=$(echo "$PHP_TAGS" | sort -V | tail -n1)
if [ -z "$SELECTED_PHP" ]; then
# Fallback: use the minimum required
SELECTED_PHP="$MIN_PHP"
fi
echo "Selected PHP version: $SELECTED_PHP"
echo "PHP_VERSION=$SELECTED_PHP" >> $GITHUB_OUTPUT
echo "PHP_VERSION=$SELECTED_PHP" >> $GITHUB_ENV
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata (PHP image)
id: meta-php
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-php
- name: Extract Docker metadata (nginx image)
id: meta-nginx
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-nginx
- name: Remove .git folder
run: rm -rf moodle-src/.git
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push PHP image
id: build-and-push-php
uses: docker/build-push-action@v6
with:
context: .
platforms: ${{ matrix.platform }}
target: php
tags: |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-php:v${{ env.VERSION }}-${{ steps.set_platform_pair.outputs.platform_pair }}
labels: ${{ steps.meta-php.outputs.labels }}
outputs: type=image,push=${{ github.event_name != 'pull_request' }}
file: ./Dockerfile
build-args: |
PHP_VERSION=${{ steps.php_version.outputs.php_version }}
- name: Build and push nginx image
id: build-and-push-nginx
uses: docker/build-push-action@v6
with:
context: .
platforms: ${{ matrix.platform }}
target: nginx
tags: |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-nginx:v${{ env.VERSION }}-${{ steps.set_platform_pair.outputs.platform_pair }}
labels: ${{ steps.meta-nginx.outputs.labels }}
outputs: type=image,push=${{ github.event_name != 'pull_request' }}
file: ./Dockerfile
build-args: |
PHP_VERSION=${{ steps.php_version.outputs.php_version }}
# Sign the resulting Docker image digest except on PRs.
# This will only write to the public Rekor transparency log when the Docker
# repository is public to avoid leaking data. If you would like to publish
# transparency data even for private images, pass --force to cosign below.
# https://github.com/sigstore/cosign
- name: Sign the published PHP image
if: ${{ github.event_name != 'pull_request' }}
env:
COSIGN_EXPERIMENTAL: "true"
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: echo "${{ steps.meta-php.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push-php.outputs.digest }} -y
- name: Sign the published nginx image
if: ${{ github.event_name != 'pull_request' }}
env:
COSIGN_EXPERIMENTAL: "true"
run: echo "${{ steps.meta-nginx.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push-nginx.outputs.digest }} -y
merge:
needs: [docker, prepare]
runs-on: ubuntu-latest
if: ${{ github.event_name != 'pull_request' }}
permissions:
contents: read
packages: write
env:
VERSION: ${{ needs.prepare.outputs.VERSION }}
steps:
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Login to registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Determine if this is the latest version
id: is_latest
run: |
VERSION="${{ env.VERSION }}"
TAGS=$(curl -s "https://api.github.com/repos/moodle/moodle/tags?per_page=1000" | jq -r '.[].name' | grep -E '^v?[0-9]+\.[0-9]+\.[0-9]+$' | sed 's/^v//')
LATEST=$(echo "$TAGS" | sort -V | tail -n1)
if [ "$LATEST" = "$VERSION" ]; then
echo "is_latest=true" >> $GITHUB_OUTPUT
else
echo "is_latest=false" >> $GITHUB_OUTPUT
fi
env:
VERSION: ${{ env.VERSION }}
- name: Create manifest list and push (php)
run: |
docker buildx imagetools create \
-t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-php:v${{ env.VERSION }} \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-php:v${{ env.VERSION }}-linux-amd64 \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-php:v${{ env.VERSION }}-linux-arm64
env:
VERSION: ${{ env.VERSION }}
- name: Tag PHP image as latest
if: steps.is_latest.outputs.is_latest == 'true'
run: |
docker buildx imagetools create \
-t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-php:latest \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-php:v${{ env.VERSION }}-linux-amd64 \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-php:v${{ env.VERSION }}-linux-arm64
env:
VERSION: ${{ env.VERSION }}
- name: Inspect PHP image
run: |
docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-php:v${{ env.VERSION }}
- name: Create manifest list and push (nginx)
run: |
docker buildx imagetools create \
-t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-nginx:v${{ env.VERSION }} \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-nginx:v${{ env.VERSION }}-linux-amd64 \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-nginx:v${{ env.VERSION }}-linux-arm64
env:
VERSION: ${{ env.VERSION }}
- name: Tag nginx image as latest
if: steps.is_latest.outputs.is_latest == 'true'
run: |
docker buildx imagetools create \
-t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-nginx:latest \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-nginx:v${{ env.VERSION }}-linux-amd64 \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-nginx:v${{ env.VERSION }}-linux-arm64
env:
VERSION: ${{ env.VERSION }}
- name: Inspect nginx image
run: |
docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-nginx:v${{ env.VERSION }}