octoleo/rector
1
1
Fork 0
mirror of https://github.com/rectorphp/rector.git synced 2024-06-01 00:40:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Build "scoped" Docker images in GitHub Actions (#5667)

Browse Source 
* Improve GHA build process to provide scoped Docker images for PHP 7.3-8.0

* Push cached build layers to Docker Hub instead of ghcr.io

* Build "-secured" Docker image

* Run Docker publish workflow for the "experimental-scoped" branch

* Use "plain" progress output from buildx

* Build only one image named "secured", based on PHP 8.0
This commit is contained in:
Matthias Pigulla 2021-03-02 14:25:39 +01:00 committed by GitHub
parent 0ffabe49ad
commit ff93a759e6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 78 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.dockerignore
View File

@ -1,3 +1,4 @@
*~ 
.DS_Store
.idea/
@ -26,3 +27,7 @@ docker-compose.dist.yml
/vendor
/docs
/rector-nested/
/rector-scoped/
*.phar

37
.github/workflows/publish_docker_images.yaml vendored
View File

@ -4,6 +4,7 @@ on:
# Publish `master` as Docker `latest` image.
branches:
- master
- experimental-scoped
# Publish `v1.2.3` tags as releases.
tags:
@ -11,10 +12,17 @@ on:
jobs:
publish_images:
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
strategy:
matrix:
php-version: ['7.3', '7.4', '8.0']
steps:
- uses: actions/checkout@v2
- name: Log into container registries
run: |
echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
- name: Build images
run: |
# Strip git ref prefix from version
@ -26,14 +34,23 @@ jobs:
# Use Docker `latest` tag convention
[ "$VERSION" == "master" ] && VERSION=latest
docker pull rector/rector || true
docker build . --target rector --cache-from rector/rector --tag rector/rector:$VERSION
docker build . --target rector-secured --cache-from rector/rector --tag rector/rector-secured:$VERSION
docker buildx create --name builder-php${{ matrix.php-version }} --use
docker buildx build \
--progress plain \
--cache-from=$GITHUB_REPOSITORY:build-cache-php${{ matrix.php-version }} \
--cache-to=type=registry,ref=$GITHUB_REPOSITORY:build-cache-php${{ matrix.php-version }},mode=max,push=true \
--target rector \
--push \
--tag $GITHUB_REPOSITORY:$VERSION-php${{ matrix.php-version }} \
--build-arg PHP_VERSION=${{ matrix.php-version }} .
- name: Log into registry
run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
- name: Push images
- name: Build Rector "secured"
if: matrix.php-version == '8.0'
run: |
docker push --all-tags rector/rector
docker push --all-tags rector/rector-secured
docker buildx build \
--progress plain \
--cache-from=$GITHUB_REPOSITORY:build-cache-php${{ matrix.php-version }} \
--target rector-secured \
--push \
--tag $GITHUB_REPOSITORY:secured \
--build-arg PHP_VERSION=${{ matrix.php-version }} .

73
Dockerfile
View File

@ -1,56 +1,75 @@
FROM php:8.0-cli as rector
WORKDIR /rector
ARG PHP_VERSION=8.0
FROM php:${PHP_VERSION}-cli as base
RUN apt-get update && apt-get install -y \
libzip4 \
libicu63 \
&& rm -rf /var/lib/apt/lists/*
FROM base as build
WORKDIR /build
# Install php extensions
RUN apt-get update && apt-get install -y \
git \
unzip \
g++ \
libzip-dev \
git \
libicu-dev \
&& rm -rf /var/lib/apt/lists/* \
libzip-dev \
unzip \
wget \
zip \
&& pecl -q install \
zip \
&& docker-php-ext-configure \
opcache --enable-opcache \
&& docker-php-ext-enable \
zip \
opcache \
&& docker-php-ext-configure intl \
&& docker-php-ext-install intl
&& docker-php-ext-configure opcache --enable-opcache \
&& docker-php-ext-install \
intl \
opcache \
zip
COPY --from=composer:2.0.9 /usr/bin/composer /usr/bin/composer
ENV COMPOSER_ALLOW_SUPERUSER=1 COMPOSER_MEMORY_LIMIT=-1 COMPOSER_NO_INTERACTION=1
ENV COMPOSER_ALLOW_SUPERUSER=1 COMPOSER_MEMORY_LIMIT=-1
# Copy configuration
COPY .docker/php/opcache.ini /usr/local/etc/php/conf.d/opcache.ini
COPY composer.json composer.json
COPY stubs stubs
# Run php-scoper, results go to /scoped
RUN wget https://github.com/humbug/php-scoper/releases/download/0.14.0/php-scoper.phar -N --no-verbose
# This is to make parsing version possible
COPY .git .git
RUN composer install --no-dev --optimize-autoloader --prefer-dist \
&& composer clear-cache
RUN mkdir /tmp/opcache
# First copy composer.json only to leverage the build cache (as long as not git-committing)
COPY composer.json composer.json
RUN composer install --no-dev --no-progress --no-autoloader --prefer-dist
# Add source and generate full autoloader
COPY . .
RUN composer dump-autoload --optimize --classmap-authoritative --no-dev
# To warmup opcache a little
RUN bin/rector list
RUN rm -f "phpstan-for-rector.neon" \
&& php -d memory_limit=-1 php-scoper.phar add-prefix bin config packages rules src templates vendor composer.json --output-dir /scoped --config scoper.php \
&& composer dump-autoload --optimize --classmap-authoritative --no-dev --working-dir /scoped
RUN chmod 777 -R /tmp
# Build runtime image
FROM base as rector
ENTRYPOINT [ "rector" ]
COPY --from=build /usr/local/lib/php /usr/local/lib/php
COPY --from=build /usr/local/etc/php /usr/local/etc/php
COPY .docker/php/opcache.ini /usr/local/etc/php/conf.d/opcache.ini
ENV PATH /rector/bin:$PATH
ENTRYPOINT [ "rector" ]
VOLUME ["/project"]
WORKDIR "/project"
COPY --from=build /scoped /rector
RUN chmod +x /rector/bin/rector
RUN mkdir -p /tmp/opcache \
&& /rector/bin/rector list \
&& chmod 777 -R /tmp
## Used for getrector.org/demo
FROM rector as rector-secured