auvem/wordpress-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

clean up & simplify structure w/ separate build workflows

Browse Source 
Independent NGINX & PHP-FPM build workflows & directory structure for
cleaner and simpler workflow logic.
This commit is contained in:
Elijah Duffy
2025-12-07 22:45:10 -08:00
parent 8c7a098129
commit 82cdc6a2ad
10 changed files with 292 additions and 360 deletions
Download Patch File Download Diff File Expand all files Collapse all files

221
.github/workflows/build.yml vendored
View File

@@ -1,221 +0,0 @@
name: build
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:
workflow_call:
inputs:
REGISTRY_USER:
required: true
type: string
secrets:
REGISTRY_TOKEN:
required: true
jobs:
plan:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.compute.outputs.matrix }}
should_build: ${{ steps.compute.outputs.should_build }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- id: compute
shell: bash
run: |
set -euo pipefail
# Discover lanes: immediate subdirs under docker/
mapfile -t ALL_LANES < <(find docker -mindepth 1 -maxdepth 1 -type d | sort)
# Filter to only directories that contain a Dockerfile (real lanes)
FILTERED_LANES=()
SKIPPED_LANES=()
build:
needs: plan
if: needs.plan.outputs.should_build == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- name: DEBUG registry username source
run: |
echo "Selected registry username source: $SOURCE"
env:
SOURCE: ${{ inputs.REGISTRY_USER != '' && 'inputs' || secrets.REGISTRY_USER != '' && 'secrets' || vars.REGISTRY_USER != '' && 'vars' || 'actor' }}
- uses: docker/login-action@v3
with:
registry: gitea.auvem.com
username: ${{ inputs.REGISTRY_USER != '' && inputs.REGISTRY_USER || secrets.REGISTRY_USER != '' && secrets.REGISTRY_USER || vars.REGISTRY_USER != '' && vars.REGISTRY_USER || github.actor }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Show plan matrix
run: |
echo "Plan matrix: $MATRIX_JSON"
jq -C . dir <<< "$MATRIX_JSON" 2>/dev/null || true
env:
MATRIX_JSON: ${{ needs.plan.outputs.matrix }}
- name: Loop: build and push per-lane
shell: bash
env:
MATRIX_JSON: ${{ needs.plan.outputs.matrix }}
GIT_SHA_SHORT: ${GITHUB_SHA::7}
run: |
set -euo pipefail
if [[ -z "$MATRIX_JSON" ]]; then
echo "ERROR: plan matrix is empty. Aborting." >&2
exit 1
fi
# Iterate lanes
lanes=$(jq -r '.dir[]' <<< "$MATRIX_JSON")
echo "Lanes to build:"
echo "$lanes"
for lane in $lanes; do
echo "\n--- Building lane: $lane ---"
if [[ ! -f "$lane/Dockerfile" ]]; then
echo "ERROR: No Dockerfile at $lane/Dockerfile" >&2
exit 1
fi
NAME=$(basename "$lane")
if [[ "$NAME" == "nginx" ]]; then
IMAGE="gitea.auvem.com/auvem/wordpress-docker/nginx"
TAG="stable"
else
IMAGE="gitea.auvem.com/auvem/wordpress-docker/php-fpm"
if [[ "$NAME" =~ ^([0-9]+\.[0-9]+)$ ]]; then
VERSION="${BASH_REMATCH[1]}"
TAG="${VERSION}-stable"
elif [[ "$NAME" =~ ^([0-9]+)$ ]]; then
VERSION="${BASH_REMATCH[1]}"
TAG="${VERSION}-stable"
else
echo "ERROR: Cannot deterministically derive a version tag from lane name '$NAME'." >&2
exit 1
fi
fi
echo "Computed: lane='$lane' name='$NAME' image='$IMAGE' tags='$IMAGE:${TAG},$IMAGE:git-${GIT_SHA_SHORT}'"
# Buildx build and push
docker buildx build \
--push \
--platform linux/amd64 \
--tag "$IMAGE:${TAG}" \
--tag "$IMAGE:git-${GIT_SHA_SHORT}" \
--file "$lane/Dockerfile" \
.
done
echo "No lane directories changed. Skipping build."
echo "should_build=false" >> $GITHUB_OUTPUT
echo 'matrix={"dir":[]}' >> $GITHUB_OUTPUT
exit 0
fi
# Produce JSON matrix
JSON=$(jq -nc --argjson arr "$(printf '%s\n' "${TARGET_DIRS[@]}" | jq -R . | jq -s .)" '{dir: $arr}')
echo "Matrix: $JSON"
echo "should_build=true" >> $GITHUB_OUTPUT
echo "matrix=$JSON" >> $GITHUB_OUTPUT
build:
needs: plan
if: needs.plan.outputs.should_build == 'true'
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.plan.outputs.matrix) }}
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- name: DEBUG registry username source
run: |
echo "Selected registry username source: $SOURCE"
# Do NOT echo the username or any secret values — only indicate which source will be used
env:
SOURCE: ${{ inputs.REGISTRY_USER != '' && 'inputs' || secrets.REGISTRY_USER != '' && 'secrets' || vars.REGISTRY_USER != '' && 'vars' || 'actor' }}
- uses: docker/login-action@v3
with:
registry: gitea.auvem.com
# Resolve username in this order: workflow input -> repo/secret -> repo var -> actor
username: ${{ inputs.REGISTRY_USER != '' && inputs.REGISTRY_USER || secrets.REGISTRY_USER != '' && secrets.REGISTRY_USER || vars.REGISTRY_USER != '' && vars.REGISTRY_USER || github.actor }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Show matrix payload received by this job
run: |
echo "Expression toJson(matrix): ${{ toJson(matrix) }}"
echo "Expression matrix.dir: '${{ matrix.dir }}'"
echo "ENV MATRIX_DIR: '${MATRIX_DIR}'"
echo "Dockerfile path expression: '${{ matrix.dir }}/Dockerfile'"
env:
MATRIX_DIR: ${{ matrix.dir }}
- name: Derive image name and tags
id: meta
shell: bash
run: |
set -euo pipefail
DIR="${{ matrix.dir }}"
# Fail fast on ambiguous/empty matrix.dir. We require a deterministic lane.
if [[ -z "${DIR}" || "${DIR}" == "." ]]; then
echo "ERROR: Ambiguous lane: matrix.dir is empty or '.'."
echo "Provide a specific lane directory under docker/ (e.g. '7.4' or 'nginx')."
exit 1
fi
NAME="$(basename "${DIR}")" # e.g. '7.4' or 'nginx'
SHA=${GITHUB_SHA::7}
# Decide repository and tag scheme. Must be deterministic.
if [[ "${NAME}" == "nginx" ]]; then
IMAGE="gitea.auvem.com/auvem/wordpress-docker/nginx"
TAG="stable"
else
IMAGE="gitea.auvem.com/auvem/wordpress-docker/php-fpm"
# Accept only lanes that encode a numeric version like '7.4' or '8'.
if [[ "${NAME}" =~ ^([0-9]+\.[0-9]+)$ ]]; then
VERSION="${BASH_REMATCH[1]}"
TAG="${VERSION}-stable"
elif [[ "${NAME}" =~ ^([0-9]+)$ ]]; then
VERSION="${BASH_REMATCH[1]}"
TAG="${VERSION}-stable"
else
echo "ERROR: Cannot deterministically derive a version tag from lane name '${NAME}'."
echo "Expected lane names like '7.4' or '8' for php-fpm lanes."
exit 1
fi
fi
# Debug output for name resolution
echo "Computed values: DIR='${DIR}', NAME='${NAME}', IMAGE='${IMAGE}', TAG='${TAG}', SHA='${SHA}'"
echo "image=$IMAGE" >> $GITHUB_OUTPUT
echo "tags=$IMAGE:${TAG},$IMAGE:git-${SHA}" >> $GITHUB_OUTPUT
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
file: ${{ matrix.dir }}/Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
platforms: linux/amd64
cache-from: type=registry,ref=${{ steps.meta.outputs.image }}:cache
cache-to: type=registry,ref=${{ steps.meta.outputs.image }}:cache,mode=max

106
.github/workflows/nginx.yml vendored Normal file
View File

@@ -0,0 +1,106 @@
name: nginx-build
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:
inputs:
force:
description: "Set to true to force a build even if no files changed."
required: false
default: "false"
workflow_call:
secrets:
REGISTRY_TOKEN:
required: true
description: "Token for registry authentication."
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
registry: gitea.auvem.com
username: ${{ vars.REGISTRY_USER || github.actor }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Decide and build nginx if needed
shell: bash
env:
GIT_SHA_SHORT: ${GITHUB_SHA::7}
FORCE: ${{ github.event.inputs.force || 'false' }}
run: |
set -euo pipefail
if [[ ! -f nginx/Dockerfile ]]; then
echo "No nginx/Dockerfile present; nothing to build."
exit 0
fi
BUILD=false
# Manual trigger or explicit force -> build
if [[ "${{ github.event_name }}" == "workflow_dispatch" ]] || [[ "$FORCE" == "true" ]]; then
echo "Manual/forced trigger -> building nginx"
BUILD=true
else
# detect changed files between base/head (or list all files for shallow contexts)
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
BASE_SHA="${{ github.event.pull_request.base.sha }}"
HEAD_SHA="${{ github.event.pull_request.head.sha }}"
elif [[ "${{ github.event_name }}" == "push" ]]; then
BASE_SHA="$(git rev-parse HEAD~1 2>/dev/null || true)"
HEAD_SHA="$(git rev-parse HEAD 2>/dev/null || true)"
else
BASE_SHA=""
HEAD_SHA="$(git rev-parse HEAD 2>/dev/null || true)"
fi
if [[ -n "$BASE_SHA" ]]; then
CHANGED=$(git diff --name-only "$BASE_SHA" "$HEAD_SHA")
else
CHANGED=$(git ls-files)
fi
echo "Changed files:\n$CHANGED"
if grep -q "^.github/workflows/" <<< "$CHANGED"; then
echo "Workflow changed; building nginx"
BUILD=true
elif grep -q "^nginx/" <<< "$CHANGED"; then
echo "nginx directory changed; building nginx"
BUILD=true
else
BUILD=false
fi
fi
if [[ "$BUILD" != "true" ]]; then
echo "No relevant changes; skipping nginx build."
exit 0
fi
IMAGE="gitea.auvem.com/auvem/wordpress-docker/nginx"
TAG="latest"
echo "Building $IMAGE:$TAG"
docker buildx build --push --platform linux/amd64 \
--tag "${IMAGE}:${TAG}" \
--tag "${IMAGE}:git-${GIT_SHA_SHORT}" \
--file nginx/Dockerfile \
.
IMAGE="gitea.auvem.com/auvem/wordpress-docker/nginx"
TAG="latest"
echo "Building nginx image ${IMAGE}:${TAG}"
docker buildx build --push --platform linux/amd64 \
--tag "${IMAGE}:${TAG}" \
--tag "${IMAGE}:git-${GIT_SHA_SHORT}" \
--file "nginx/Dockerfile" .
done

161
.github/workflows/php-fpm.yml vendored Normal file
View File

@@ -0,0 +1,161 @@
name: php-fpm-build
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:
inputs:
lane:
description: 'Lane to build (e.g. 7.4). Use "all" to build all lanes.'
required: false
default: ""
workflow_call:
secrets:
REGISTRY_TOKEN:
required: true
description: "Token for registry authentication."
jobs:
plan:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.compute.outputs.matrix }}
should_build: ${{ steps.compute.outputs.should_build }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- id: compute
shell: bash
run: |
set -euo pipefail
# discover lanes under php-fpm/* that contain a Dockerfile
mapfile -t ALL_LANES < <(find php-fpm -mindepth 1 -maxdepth 1 -type d | sort)
FILTERED=()
for d in "${ALL_LANES[@]}"; do
if [[ -f "${d}/Dockerfile" ]]; then
FILTERED+=("${d}")
fi
done
ALL_LANES=("${FILTERED[@]}")
if [[ ${#ALL_LANES[@]} -eq 0 ]]; then
echo "No php-fpm lanes found. Nothing to do."
echo "should_build=false" >> $GITHUB_OUTPUT
echo 'matrix={"dir":[]}' >> $GITHUB_OUTPUT
exit 0
fi
# allow workflow_dispatch lane selection
SELECTED=()
REQ_LANE="${{ github.event.inputs.lane || '' }}"
if [[ -n "$REQ_LANE" ]]; then
if [[ "$REQ_LANE" == "all" ]]; then
SELECTED=("${ALL_LANES[@]}")
else
candidate="php-fpm/$REQ_LANE"
if [[ -d "$candidate" && -f "$candidate/Dockerfile" ]]; then
SELECTED=("$candidate")
else
echo "ERROR: Requested lane '$REQ_LANE' not found under php-fpm/" >&2
exit 1
fi
fi
else
# Determine changed files
if [[ "${{ github.event_name }}" == "push" ]]; then
BASE_SHA="$(git rev-parse HEAD~1 2>/dev/null || true)"
HEAD_SHA="$(git rev-parse HEAD 2>/dev/null || true)"
elif [[ "${{ github.event_name }}" == "pull_request" ]]; then
BASE_SHA="${{ github.event.pull_request.base.sha }}"
HEAD_SHA="${{ github.event.pull_request.head.sha }}"
else
BASE_SHA=""
HEAD_SHA="$(git rev-parse HEAD 2>/dev/null || true)"
fi
if [[ -n "$BASE_SHA" ]]; then
CHANGED=$(git diff --name-only "$BASE_SHA" "$HEAD_SHA")
else
CHANGED=$(git ls-files)
fi
# If workflow files changed, rebuild all lanes
if grep -q "^.github/workflows/" <<< "$CHANGED"; then
SELECTED=("${ALL_LANES[@]}")
else
for d in "${ALL_LANES[@]}"; do
if grep -q "^${d}/" <<< "$CHANGED"; then
SELECTED+=("${d}")
fi
done
fi
fi
# Dedupe and validate
mapfile -t SELECTED < <(printf "%s\n" "${SELECTED[@]}" | awk 'NF && !x[$0]++')
if [[ ${#SELECTED[@]} -eq 0 ]]; then
echo "No php-fpm lanes to build."
echo "should_build=false" >> $GITHUB_OUTPUT
echo 'matrix={"dir":[]}' >> $GITHUB_OUTPUT
exit 0
fi
JSON=$(jq -nc --argjson arr "$(printf '%s\n' "${SELECTED[@]}" | jq -R . | jq -s .)" '{dir: $arr}')
echo "Matrix: $JSON"
echo "should_build=true" >> $GITHUB_OUTPUT
echo "matrix=$JSON" >> $GITHUB_OUTPUT
build:
needs: plan
if: needs.plan.outputs.should_build == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
registry: gitea.auvem.com
username: ${{ vars.REGISTRY_USER || github.actor }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Show plan matrix
run: |
echo "Plan matrix: $MATRIX_JSON"
jq -C . dir <<< "$MATRIX_JSON" 2>/dev/null || true
env:
MATRIX_JSON: ${{ needs.plan.outputs.matrix }}
- name: Build lanes
shell: bash
env:
MATRIX_JSON: ${{ needs.plan.outputs.matrix }}
GIT_SHA_SHORT: ${GITHUB_SHA::7}
run: |
set -euo pipefail
lanes=$(jq -r '.dir[]' <<< "$MATRIX_JSON")
for lane in $lanes; do
echo "Building lane: $lane"
if [[ ! -f "$lane/Dockerfile" ]]; then
echo "ERROR: missing Dockerfile for $lane" >&2
exit 1
fi
NAME=$(basename "$lane")
if [[ ! "$NAME" =~ ^([0-9]+\.?[0-9]*)$ ]]; then
echo "ERROR: php-fpm lane name '$NAME' is not a numeric version" >&2
exit 1
fi
IMAGE="gitea.auvem.com/auvem/wordpress-docker/php-fpm"
TAG="$NAME"
echo "Computed: image=${IMAGE}, tags=${IMAGE}:${TAG},${IMAGE}:git-${GIT_SHA_SHORT}"
docker buildx build --push --platform linux/amd64 \
--tag "${IMAGE}:${TAG}" \
--tag "${IMAGE}:git-${GIT_SHA_SHORT}" \
--file "$lane/Dockerfile" .
done