name: build on: push: branches: [main] pull_request: branches: [main] workflow_dispatch: workflow_call: inputs: REGISTRY_USER: required: true type: string secrets: REGISTRY_TOKEN: required: true jobs: plan: runs-on: ubuntu-latest outputs: matrix: ${{ steps.compute.outputs.matrix }} should_build: ${{ steps.compute.outputs.should_build }} steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - id: compute shell: bash run: | set -euo pipefail # Discover lanes: immediate subdirs under docker/ mapfile -t ALL_LANES < <(find docker -mindepth 1 -maxdepth 1 -type d | sort) # Filter to only directories that contain a Dockerfile (real lanes) FILTERED_LANES=() SKIPPED_LANES=() for _d in "${ALL_LANES[@]}"; do if [[ -f "${_d}/Dockerfile" ]]; then FILTERED_LANES+=("${_d}") else SKIPPED_LANES+=("${_d}") fi done ALL_LANES=("${FILTERED_LANES[@]}") # Also capture lane basenames (e.g. '7.4', 'nginx') for stable naming ALL_NAMES=() for _d in "${ALL_LANES[@]}"; do ALL_NAMES+=("$(basename "${_d}")") done if [[ ${#ALL_LANES[@]} -eq 0 ]]; then echo "No lanes found under docker/. Nothing to do." echo "should_build=false" >> $GITHUB_OUTPUT echo 'matrix={"dir":[]}' >> $GITHUB_OUTPUT exit 0 fi # Determine changed files (PR vs push vs manual dispatch) if [[ "${{ github.event_name }}" == "pull_request" ]]; then BASE_SHA="${{ github.event.pull_request.base.sha }}" HEAD_SHA="${{ github.event.pull_request.head.sha }}" elif [[ "${{ github.event_name }}" == "push" ]]; then # For push events try to get the previous commit; fall back to empty BASE_SHA="$(git rev-parse HEAD~1 2>/dev/null || true)" HEAD_SHA="$(git rev-parse HEAD 2>/dev/null || true)" else # For workflow_dispatch and other events treat as "all files changed" BASE_SHA="" HEAD_SHA="$(git rev-parse HEAD 2>/dev/null || true)" fi if [[ -n "$BASE_SHA" ]]; then CHANGED=$(git diff --name-only "$BASE_SHA" "$HEAD_SHA") else # First commit or shallow: treat everything as changed CHANGED=$(git ls-files) fi echo "Changed files:" echo "$CHANGED" # If workflow changed, rebuild all lanes (use basenames) if grep -qx ".github/workflows/build.yml" <<< "$CHANGED"; then echo "Workflow changed; rebuilding all lanes." # Use full lane paths (e.g. 'docker/7.4') so downstream steps get deterministic dirs TARGET_DIRS=("${ALL_LANES[@]}") else # Build only lanes with changes under their directories TARGET_DIRS=() for idx in "${!ALL_LANES[@]}"; do lane_path="${ALL_LANES[$idx]}" lane_name="${ALL_NAMES[$idx]}" # Any change directly under lane dir counts; include Dockerfile or subpaths if grep -q "^${lane_path}/" <<< "$CHANGED"; then # Append the full lane path (e.g. 'docker/7.4') TARGET_DIRS+=("${lane_path}") fi done fi # De-duplicate mapfile -t TARGET_DIRS < <(printf "%s\n" "${TARGET_DIRS[@]}" | awk 'NF && !x[$0]++') # Diagnostics: show what we will include in the matrix echo "ALL_LANES (discovered):" for i in "${!ALL_LANES[@]}"; do printf " [%d] '%s'\n" "$i" "${ALL_LANES[$i]}" done echo "TARGET_DIRS (after selection & dedupe):" for i in "${!TARGET_DIRS[@]}"; do # Show non-printable/empty clearly printf " [%d] '%s' (len=%d)\n" "$i" "${TARGET_DIRS[$i]}" "${#TARGET_DIRS[$i]}" done # Fail if any empty entries sneaked in; that would cause ambiguous matrix entries for val in "${TARGET_DIRS[@]}"; do if [[ -z "${val}" ]]; then echo "ERROR: Computed target dirs contains an empty entry. Aborting to avoid ambiguous matrix." >&2 exit 1 fi done if [[ ${#TARGET_DIRS[@]} -eq 0 ]]; then echo "No lane directories changed. Skipping build." echo "should_build=false" >> $GITHUB_OUTPUT echo 'matrix={"dir":[]}' >> $GITHUB_OUTPUT exit 0 fi # Produce JSON matrix JSON=$(jq -nc --argjson arr "$(printf '%s\n' "${TARGET_DIRS[@]}" | jq -R . | jq -s .)" '{dir: $arr}') echo "Matrix: $JSON" echo "should_build=true" >> $GITHUB_OUTPUT echo "matrix=$JSON" >> $GITHUB_OUTPUT build: needs: plan if: needs.plan.outputs.should_build == 'true' runs-on: ubuntu-latest strategy: fail-fast: false matrix: ${{ fromJson(needs.plan.outputs.matrix) }} steps: - uses: actions/checkout@v4 - uses: docker/setup-buildx-action@v3 - name: DEBUG registry username source run: | echo "Selected registry username source: $SOURCE" # Do NOT echo the username or any secret values — only indicate which source will be used env: SOURCE: ${{ inputs.REGISTRY_USER != '' && 'inputs' || secrets.REGISTRY_USER != '' && 'secrets' || vars.REGISTRY_USER != '' && 'vars' || 'actor' }} - uses: docker/login-action@v3 with: registry: gitea.auvem.com # Resolve username in this order: workflow input -> repo/secret -> repo var -> actor username: ${{ inputs.REGISTRY_USER != '' && inputs.REGISTRY_USER || secrets.REGISTRY_USER != '' && secrets.REGISTRY_USER || vars.REGISTRY_USER != '' && vars.REGISTRY_USER || github.actor }} password: ${{ secrets.REGISTRY_TOKEN }} - name: Derive image name and tags id: meta shell: bash run: | set -euo pipefail DIR="${{ matrix.dir }}" # Fail fast on ambiguous/empty matrix.dir. We require a deterministic lane. if [[ -z "${DIR}" || "${DIR}" == "." ]]; then echo "ERROR: Ambiguous lane: matrix.dir is empty or '.'." echo "Provide a specific lane directory under docker/ (e.g. '7.4' or 'nginx')." exit 1 fi NAME="$(basename "${DIR}")" # e.g. '7.4' or 'nginx' SHA=${GITHUB_SHA::7} # Decide repository and tag scheme. Must be deterministic. if [[ "${NAME}" == "nginx" ]]; then IMAGE="gitea.auvem.com/auvem/wordpress-docker/nginx" TAG="stable" else IMAGE="gitea.auvem.com/auvem/wordpress-docker/php-fpm" # Accept only lanes that encode a numeric version like '7.4' or '8'. if [[ "${NAME}" =~ ^([0-9]+\.[0-9]+)$ ]]; then VERSION="${BASH_REMATCH[1]}" TAG="${VERSION}-stable" elif [[ "${NAME}" =~ ^([0-9]+)$ ]]; then VERSION="${BASH_REMATCH[1]}" TAG="${VERSION}-stable" else echo "ERROR: Cannot deterministically derive a version tag from lane name '${NAME}'." echo "Expected lane names like '7.4' or '8' for php-fpm lanes." exit 1 fi fi # Debug output for name resolution echo "Computed values: DIR='${DIR}', NAME='${NAME}', IMAGE='${IMAGE}', TAG='${TAG}', SHA='${SHA}'" echo "image=$IMAGE" >> $GITHUB_OUTPUT echo "tags=$IMAGE:${TAG},$IMAGE:git-${SHA}" >> $GITHUB_OUTPUT - name: Build and push uses: docker/build-push-action@v6 with: context: . file: ${{ matrix.dir }}/Dockerfile push: true tags: ${{ steps.meta.outputs.tags }} platforms: linux/amd64 cache-from: type=registry,ref=${{ steps.meta.outputs.image }}:cache cache-to: type=registry,ref=${{ steps.meta.outputs.image }}:cache,mode=max