Skip to content

Merge pull request #68 from burningmantech/yf-php-832 #134

Merge pull request #68 from burningmantech/yf-php-832

Merge pull request #68 from burningmantech/yf-php-832 #134

Workflow file for this run

# Docs: https://docs.github.com/en/actions
name: CI/CD
on:
push:
branches: ["master"]
pull_request:
branches: ["master"]
env:
DOCKER_REGISTRY: ghcr.io
DOCKER_IMAGE_NAME: php-nginx
DOCKER_IMAGE_REPO: ghcr.io/${{ github.repository_owner }}/php-nginx
jobs:
docker:
name: Build Docker images
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Harden CI
uses: step-security/[email protected]
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
actions-results-receiver-production.githubapp.com:443
auth.docker.io:443
dl-cdn.alpinelinux.org:443
github.com:443
pecl.php.net:443
production.cloudflare.docker.com:443
productionresultssa4.blob.core.windows.net:443
registry-1.docker.io:443
- name: Checkout source code
uses: actions/checkout@v4
- name: Build Docker images
run: ./bin/build;
- name: Save Docker images
run: docker image save $(docker images --format "{{.Repository}}:{{.Tag}}" "${{ env.DOCKER_IMAGE_REPO }}") | gzip -9 > docker_images.tgz
- name: Upload Docker image artifacts
uses: actions/upload-artifact@v4
with:
name: docker
path: docker_images.tgz
test-docker:
name: Test Docker images
needs: [docker]
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Harden CI
uses: step-security/[email protected]
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
- name: Checkout source code
uses: actions/checkout@v4
- name: Download Docker image artifacts
uses: actions/download-artifact@v4
with:
name: docker
- name: Load Docker images
run: gzip --uncompress --stdout docker_images.tgz | docker image load
- name: Test Docker images
run: ./bin/test;
push-docker-repo:
name: Push images to repository
needs: [test-docker]
if: github.ref == 'refs/heads/master'
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Harden CI
uses: step-security/[email protected]
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
ghcr.io:443
github.com:443
# Need source code to push README file contents to Docker Hub
- name: Checkout source code
uses: actions/checkout@v4
- name: Download Docker image artifacts
uses: actions/download-artifact@v4
with:
name: docker
- name: Load Docker images
run: gzip --uncompress --stdout docker_images.tgz | docker image load
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.DOCKER_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push images
run: |
for image_name in $(docker images --format "{{.Repository}}:{{.Tag}}" "${{ env.DOCKER_IMAGE_REPO }}"); do
echo "Pushing ${image_name}";
docker push "${image_name}";
done;
- name: Purge untagged images
uses: actions/delete-package-versions@v4
with:
package-name: ${{ env.DOCKER_IMAGE_NAME }}
package-type: "container"
min-versions-to-keep: 9
delete-only-untagged-versions: true