Skip to content

Docker publish workflow #115

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
TatevikGr wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Docker publish workflow #115

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
09c7358
Add dockerhub publish workflow
tatevikg1 May 7, 2026
d683f41
Fix docker compose configs
tatevikg1 May 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 58 additions & 0 deletions .github/workflows/docker-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
name: Build And Publish Container

on:
push:
branches:
- docker-publish
tags:
- 'v*'
pull_request:
branches:
- docker-publish
workflow_dispatch:
Comment on lines +3 to +12
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Critical: Workflow branch configuration mismatch.

The workflow triggers on the docker-publish branch (lines 5-6 and 10-11), but this PR is targeting the main branch. Once merged to main, this workflow will not trigger on future pushes to main.

This means:

  • Pushes to main won't build/publish Docker images
  • The workflow will only run on the docker-publish branch
  • Tag pushes will still work, but regular branch pushes won't

Update the trigger branches to include main:

🔧 Proposed fix 
 on:
   push:
     branches:
-      - docker-publish
+      - main
     tags:
       - 'v*'
   pull_request:
     branches:
-      - docker-publish
+      - main
   workflow_dispatch:
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
on:
push:
branches:
- docker-publish
tags:
- 'v*'
pull_request:
branches:
- docker-publish
workflow_dispatch:
on:
push:
branches:
- main
tags:
- 'v*'
pull_request:
branches:
- main
workflow_dispatch:
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/docker-publish.yml around lines 3 - 12, The workflow
currently only triggers for the branch named "docker-publish" under the on: push
and on: pull_request blocks; update those blocks so they include "main" (e.g.,
add "main" alongside "docker-publish" in the branches lists for push and
pull_request) so pushes and PRs to main will trigger the workflow while leaving
the tags ('v*') behavior unchanged; refer to the "on: push" and "on:
pull_request" sections in the workflow file to make this change.


env:
DOCKERHUB_IMAGE: tatevikg1/phplist4
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Major: Use organization Docker Hub account instead of personal account.

The workflow uses tatevikg1/phplist4, which appears to be a personal Docker Hub account. For the official phpList project, this should use an organization account (e.g., phplist/base-distribution or similar) to ensure:

  • Proper ownership and access control
  • Continuity if the personal account becomes unavailable
  • Professional branding for the official project
📝 Suggested change 
 env:
-  DOCKERHUB_IMAGE: tatevikg1/phplist4
+  DOCKERHUB_IMAGE: phplist/base-distribution

Note: Update the corresponding secrets to use the organization account credentials.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
DOCKERHUB_IMAGE: tatevikg1/phplist4
env:
DOCKERHUB_IMAGE: phplist/base-distribution
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/docker-publish.yml at line 15, The workflow is publishing
to a personal Docker Hub image: the DOCKERHUB_IMAGE variable currently set to
"tatevikg1/phplist4" should be changed to the official organization image (e.g.,
"phplist/base-distribution" or your org's canonical repo) to ensure proper
ownership and continuity; update the DOCKERHUB_IMAGE value in the workflow and
also rotate/update any related secrets (Docker Hub username/password or token
referenced by the workflow) to use the organization account credentials so the
publish step continues to authenticate and push successfully.


jobs:
docker:
runs-on: ubuntu-22.04
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Log in to Docker Hub
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.DOCKERHUB_IMAGE }}
tags: |
type=raw,value=test,enable={{is_default_branch}}
type=ref,event=tag
type=sha,prefix=sha-
Comment on lines +44 to +47
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Tag strategy may not work as intended.

The tag configuration uses type=raw,value=test,enable={{is_default_branch}}, which will only tag images as "test" when building on the default branch (typically main). However, the workflow currently triggers on the docker-publish branch, so {{is_default_branch}} will be false and the "test" tag won't be applied.

If you intend to tag builds from a specific branch as "test", update the tag condition or the workflow triggers to align.

🏷️ Alternative tag strategies

Option 1: Match the branch name directly

           tags: |
-            type=raw,value=test,enable={{is_default_branch}}
+            type=raw,value=test,enable=${{ github.ref == 'refs/heads/main' }}
             type=ref,event=tag
             type=sha,prefix=sha-

Option 2: Use branch name as tag

           tags: |
-            type=raw,value=test,enable={{is_default_branch}}
+            type=ref,event=branch
             type=ref,event=tag
             type=sha,prefix=sha-
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
tags: |
type=raw,value=test,enable={{is_default_branch}}
type=ref,event=tag
type=sha,prefix=sha-
tags: |
type=raw,value=test,enable=${{ github.ref == 'refs/heads/main' }}
type=ref,event=tag
type=sha,prefix=sha-
Suggested change
tags: |
type=raw,value=test,enable={{is_default_branch}}
type=ref,event=tag
type=sha,prefix=sha-
tags: |
type=ref,event=branch
type=ref,event=tag
type=sha,prefix=sha-
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/docker-publish.yml around lines 44 - 47, The current tag
entry "type=raw,value=test,enable={{is_default_branch}}" won't apply on the
docker-publish branch; update the tags section so the "test" tag is enabled when
building from the intended branch (either change the enable condition from
is_default_branch to a branch-name check for "docker-publish" or other target
branch, or change the workflow trigger to run on the default branch), e.g.,
modify the enable expression for the tag in the tags block (the line referencing
type=raw,value=test,enable={{is_default_branch}}) or adjust the workflow
triggers so they align.


- name: Build and push image
uses: docker/build-push-action@v6
with:
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}

11 changes: 7 additions & 4 deletions docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ services:
image: tatevikg1/phplist:test
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Use organization Docker Hub account for consistency.

Similar to the workflow configuration, this image reference uses a personal Docker Hub account (tatevikg1/phplist:test). For consistency and proper ownership, this should reference the organization account.

Suggested change 
   app:
     build: .
-    image: tatevikg1/phplist:test
+    image: phplist/base-distribution:test
     container_name: base-distribution-app
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
image: tatevikg1/phplist:test
app:
build: .
image: phplist/base-distribution:test
container_name: base-distribution-app
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docker-compose.yml` at line 4, Replace the personal Docker Hub image
reference "image: tatevikg1/phplist:test" with the organization's Docker Hub
repository (e.g., "image: <ORG_USERNAME>/phplist:test"); update the image value
in the docker-compose service where "image: tatevikg1/phplist:test" appears so
it points to the organization account and tag used by your CI/workflows.

container_name: base-distribution-app
ports:
- "${PHPLIST_PORT:-8081}:80"
- "${PHPLIST_PORT:-8081}:8081"
environment:
# Database connection (mirrors config/parameters.yml expectations)
PHPLIST_DATABASE_NAME: phplistdb
Expand All @@ -13,9 +13,9 @@ services:
PHPLIST_DATABASE_DRIVER: ${PHPLIST_DATABASE_DRIVER:-pdo_mysql} # pdo_pgsql
PHPLIST_DATABASE_HOST: ${PHPLIST_DATABASE_HOST:-db} # postgres
PHPLIST_DATABASE_PORT: ${PHPLIST_DATABASE_PORT:-3306} # 5432
REST_API_BASE_URL: 'http://app/'
FRONT_END_BASE_URL: 'http://app/'
API_BASE_URL: 'http://app/'
REST_API_BASE_URL: 'http://app:8081/'
FRONT_END_BASE_URL: 'http://app:8081/'
API_BASE_URL: 'http://app:8081/'

# Symfony environment
APP_ENV: prod
Expand All @@ -25,6 +25,9 @@ services:
volumes:
- ./var/logs:/var/www/html/var/log
- ./var/cache:/var/www/html/var/cache
- ./docker/apache/servername.conf:/etc/apache2/conf-enabled/servername.conf:ro
- ./docker/apache/ports.conf:/etc/apache2/ports.conf:ro
- ./docker/apache/000-default.conf:/etc/apache2/sites-available/000-default.conf:ro
networks: [ appnet ]

command: >
Expand Down
12 changes: 12 additions & 0 deletions docker/apache/000-default.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
<VirtualHost *:8081>
ServerName app
DocumentRoot /var/www/html/public

<Directory /var/www/html/public>
AllowOverride All
Require all granted
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
1 change: 1 addition & 0 deletions docker/apache/ports.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Listen 8081
1 change: 1 addition & 0 deletions docker/apache/servername.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ServerName app
Loading