wip

distroless-php · Jul 12, 2024 · efb015b · efb015b
1 parent 5535950
commit efb015b
Show file tree

Hide file tree

Showing 9 changed files with 151 additions and 57 deletions.
diff --git a/.github/workflows/___build_base.yml b/.github/workflows/___build_base.yml
@@ -1,11 +1,19 @@
-name: Build base
+name: _Build base
 
 on:
   workflow_call:
     inputs:
       image_variants:
         type: string
         required: true
+      runs-on:
+        type: string
+        required: false
+        default: "ubuntu-latest"
+      platform:
+        type: string
+        required: false
+        default: "linux/amd64/v3"
       enable_minor:
         type: boolean
         required: false
@@ -17,7 +25,7 @@ permissions:
 jobs:
   build:
     name: Build base images
-    runs-on: ubuntu-latest
+    runs-on: ${{ inputs.runs-on }}
     strategy:
       matrix:
         include: ${{ fromJson(inputs.image_variants) }}
@@ -26,36 +34,34 @@ jobs:
         id: determine_tags
         run: |
           echo "values=ghcr.io/${{ github.repository }}:${{ matrix.tag }}${{ matrix.variant }}-base${{ inputs.enable_minor && format(',ghcr.io/{0}:{1}{2}-base', github.repository, matrix.minor, matrix.variant) || '' }}" >> $GITHUB_OUTPUT
-      - name: Test
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          fetch-depth: 0
+      - name: Checkout PHP
         run: |
-          echo "${{ steps.determine_tags.outputs.values }}"
-      # - name: Checkout
-      #   uses: actions/checkout@v4
-      #   with:
-      #     submodules: true
-      #     fetch-depth: 0
-      # - name: Checkout PHP
-      #   run: |
-      #     cd "third_party/php/php-src"
-      #     git checkout "${{ matrix.hash }}"
-      # - name: Setup Buildx
-      #   uses: docker/setup-buildx-action@v3
-      # - name: Login to GitHub Packages - Container Registry
-      #   uses: docker/login-action@v3
-      #   with:
-      #     registry: ghcr.io
-      #     username: ${{ github.actor }}
-      #     password: ${{ secrets.GITHUB_TOKEN }}
-      # - name: Build and Push image
-      #   uses: docker/build-push-action@v6
-      #   with:
-      #     context: .
-      #     push: true
-      #     pull: true
-      #     github-token: ${{ secrets.GITHUB_TOKEN }}
-      #     platforms: ${{ matrix.platforms }}
-      #     build-args: |
-      #       DP_CFLAGS_OPTIMIZE=${{ matrix.optimize_options_c_cpp }}
-      #       DP_CPPFLAGS_OPTIMIZE=${{ matrix.optimize_options_c_cpp }}
-      #       DP_LDFLAGS_OPTIMIZE=${{ matrix.optimize_ld }}
-      #       DP_PHP_CONFIGURE_OPTIONS_APPEND=${{ matrix.configure_append }}
+          cd "third_party/php/php-src"
+          git checkout "${{ matrix.hash }}"
+      - name: Setup Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to GitHub Packages - Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and Push image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          pull: true
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          tags: ${{ steps.determine_tags.outputs.values }}
+          build-args: |
+            PLATFORM=${{ inputs.platform }}
+            DP_CFLAGS_OPTIMIZE=${{ matrix.optimize_options_c_cpp }}
+            DP_CPPFLAGS_OPTIMIZE=${{ matrix.optimize_options_c_cpp }}
+            DP_LDFLAGS_OPTIMIZE=${{ matrix.optimize_ld }}
+            DP_PHP_CONFIGURE_OPTIONS_APPEND=${{ matrix.configure_append }}
diff --git a/.github/workflows/___build_variants.yml b/.github/workflows/___build_variants.yml
@@ -0,0 +1,77 @@
+name: _Build variants
+
+on:
+  workflow_call:
+    inputs:
+      types_directory:
+        type: string
+        required: false
+        default: "types"
+      types:
+        type: string
+        required: true
+      image_variants:
+        type: string
+        required: true
+      runs-on:
+        type: string
+        required: false
+        default: "ubuntu-latest"
+      platform:
+        type: string
+        required: false
+        default: "linux/amd64/v3"
+      enable_minor:
+        type: boolean
+        required: false
+        default: false        
+
+permissions:
+  packages: write
+
+jobs:
+  build:
+    name: Build variant images
+    runs-on: ${{ inputs.runs-on }}
+    strategy:
+      matrix:
+        types: ${{ fromJson(inputs.types) }}
+        include: ${{ fromJson(inputs.image_variants) }}
+    steps:
+      - name: Determine informations
+        id: determine_informations
+        env:
+          BASE_TAG: "ghcr.io/${{ github.repository }}:${{ matrix.tag }}${{ matrix.variant }}"
+          BASE_TAG_SHORT: "ghcr.io/${{ github.repository }}:${{ matrix.minor }}${{ matrix.variant }}"
+        run: |
+          echo "base=${BASE_TAG}-base" >> $GITHUB_OUTPUT
+          echo "values=${BASE_TAG}-${{ matrix.types }}${{ inputs.enable_minor && format(',{0}-{1}', env.BASE_TAG_SHORT, matrix.types) }}"
+      - name: Get Debian version
+        id: debian_version
+        run: |
+          echo value="$(docker run --rm -i "${{ steps.determine_informations.outputs.base }}" sh -c '. /etc/os-release && echo ${VERSION_ID}')" >> $GITHUB_OUTPUT
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: false
+          fetch-depth: 1
+      - name: Setup Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to GitHub Packages - Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and Push image
+        uses: docker/build-push-action@v6
+        with:
+          context: "${{ inputs.types_directory }}/${{ matrix.types }}"
+          push: true
+          pull: true
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          tags: ${{ steps.determine_informations.outputs.values }}
+          build-args: |
+            PLATFORM=${{ inputs.platform }}
+            BASE_IMAGE=${{ steps.determine_informations.outputs.base }}
+            DEBIAN_VERSION=${{ steps.debian_version.outputs.debian_version }}
diff --git a/.github/workflows/__generate_image_variants.yml b/.github/workflows/__generate_image_variants.yml
@@ -1,4 +1,4 @@
-name: Generate image variants
+name: _Generate image variants
 
 on:
   workflow_call:
@@ -12,7 +12,7 @@ on:
         value: ${{ jobs.variants.outputs.values }}
 
 jobs:
-  mixin_flag:
+  mixin:
     uses: ./.github/workflows/_mixin_values.yml
     with:
       base_json: ${{ inputs.php_versions_json }}
@@ -29,19 +29,12 @@ jobs:
           configure_append: ""
           optimize_options_c_cpp: "-O3"
           optimize_options_ld: "-O2"
-  mixin_platforms:
-    needs: mixin_flag
-    uses: ./.github/workflows/_mixin_values.yml
-    with:
-      base_json: ${{ needs.mixin_flag.outputs.values }}
-      mixin_yaml: |
-        - platform: "linux/amd64/v3"
   variants:
-    needs: mixin_platforms
+    needs: mixin
     runs-on: ubuntu-latest
     steps:
       - env:
-          RESULT: ${{ needs.mixin_platforms.outputs.values }}
+          RESULT: ${{ needs.mixin.outputs.values }}
         id: variants
         run: |
           echo "values=${RESULT}" >> $GITHUB_OUTPUT

diff --git a/.github/workflows/_determine_php_versions.yml b/.github/workflows/_determine_php_versions.yml
@@ -1,4 +1,4 @@
-name: Determine PHP version and hash
+name: _Determine PHP version and hash
 
 on:
   workflow_call:

diff --git a/.github/workflows/_mixin_values.yml b/.github/workflows/_mixin_values.yml
@@ -1,4 +1,4 @@
-name: Mixin values
+name: _Mixin values
 
 on:
   workflow_call:

diff --git a/.github/workflows/daily.yml b/.github/workflows/daily.yml
@@ -24,3 +24,21 @@ jobs:
     with:
       image_variants: ${{ needs.generate_image_variants.outputs.values }}
       enable_minor: true
+  determine_types:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Determine types
+        id: determine_types
+        run: |
+          echo values="$(ls "types")" >> $GITHUB_OUTPUT
+    outputs:
+      values: ${{ steps.determine_types.outputs.values }}
+  build_variants:
+    needs: ["determine_types", "generate_image_variants", "build_base"]
+    uses: ./.github/workflows/___build_variants.yml
+    strategy:
+      max-parallel: 3
+    with:
+      types: ${{ fromJson(needs.determine_types.outputs.values) }}
+      image_variants: ${{ needs.generate_image_variants.outputs.values }}
+      enable_minor: true
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-ARG ARCH="arm64/v8"
+ARG PLATFORM="linux/arm64/v8"
 
 ARG DP_CFLAGS_OPTIMIZE="-O2"
 ARG DP_PHP_CFLAGS="-fstack-protector-strong -fpic -fpie ${DP_CFLAGS_OPTIMIZE}"
@@ -11,7 +11,7 @@ ARG DP_PHP_DEB_PACKAGES="libgmp-dev libzip-dev libyaml-dev libzstd-dev libargon2
 ARG DP_PHP_CONFIGURE_OPTIONS_APPEND=""
 ARG DP_PHP_CONFIGURE_OPTIONS="--enable-bcmath --enable-exif --enable-intl --enable-pcntl --enable-sockets --enable-sysvmsg --enable-sysvsem --enable-sysvshm --with-gmp --with-pdo-mysql --with-zip --with-pic --enable-mysqlnd --with-password-argon2 --with-sodium --with-pdo-sqlite=/usr --with-sqlite3=/usr --with-curl --with-iconv --with-openssl --with-readline --with-zlib --disable-phpdbg --disable-cgi --enable-fpm --with-fpm-user=nonroot --with-fpm-group=nonroot ${DP_PHP_CONFIGURE_OPTIONS_APPEND}"
 
-FROM --platform="linux/${ARCH}" debian:12
+FROM --platform="${PLATFORM}" debian:12
 
 ARG DP_CFLAGS_OPTIMIZE
 ARG DP_PHP_CFLAGS

diff --git a/variants/cli/Dockerfile → types/cli/Dockerfile b/variants/cli/Dockerfile → types/cli/Dockerfile
@@ -1,13 +1,13 @@
-ARG ARCH="arm64/v8"
+ARG PLATFORM="linux/arm64/v8"
 ARG BASE_IMAGE
 ARG DEBIAN_VERSION
 
-FROM --platform="linux/${ARCH}" busybox:latest AS busybox
+FROM --platform="${PLATFORM}" busybox:latest AS busybox
 
-FROM --platform="linux/${ARCH}" ${BASE_IMAGE} AS base
+FROM --platform="${PLATFORM}" ${BASE_IMAGE} AS base
 RUN distroless_php_add_binary "/usr/local/bin/php" $(find "$(php-config --extension-dir)" -type f)
 
-FROM --platform="linux/${ARCH}" gcr.io/distroless/base-nossl-debian${DEBIAN_VERSION}:latest
+FROM --platform="${PLATFORM}" gcr.io/distroless/base-nossl-debian${DEBIAN_VERSION}:latest
 
 COPY --from=busybox "/bin/busybox" "/bin/busybox"
 RUN ["/bin/busybox", "rm", "-rf", "/usr/lib"]

diff --git a/variants/fpm/Dockerfile → types/fpm/Dockerfile b/variants/fpm/Dockerfile → types/fpm/Dockerfile
@@ -1,13 +1,13 @@
-ARG ARCH="arm64/v8"
+ARG PLATFORM="linux/arm64/v8"
 ARG BASE_IMAGE
 ARG DEBIAN_VERSION
 
-FROM --platform="linux/${ARCH}" busybox:latest AS busybox
+FROM --platform="${PLATFORM}" busybox:latest AS busybox
 
-FROM --platform="linux/${ARCH}" ${BASE_IMAGE} AS base
+FROM --platform="${PLATFORM}" ${BASE_IMAGE} AS base
 RUN distroless_php_add_binary "/usr/local/sbin/php-fpm" $(find "$(php-config --extension-dir)" -type f)
 
-FROM --platform="linux/${ARCH}" gcr.io/distroless/base-nossl-debian${DEBIAN_VERSION}:latest
+FROM --platform="${PLATFORM}" gcr.io/distroless/base-nossl-debian${DEBIAN_VERSION}:latest
 
 COPY --from=busybox "/bin/busybox" "/bin/busybox"
 RUN ["/bin/busybox", "rm", "-rf", "/usr/lib"]