From 90c0cf54dc8b90e764a9fafceb0fb6f3765bf4b9 Mon Sep 17 00:00:00 2001 From: Kim Pepper Date: Thu, 11 Apr 2024 13:45:57 +1000 Subject: [PATCH 1/8] Adds github action workflows --- .circleci/config.yml | 129 ---------------------------------- .github/workflows/build.yml | 26 +++++++ .github/workflows/release.yml | 50 +++++++++++++ Makefile | 6 +- 4 files changed, 79 insertions(+), 132 deletions(-) delete mode 100644 .circleci/config.yml create mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/release.yml diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index a6f71a0..0000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,129 +0,0 @@ -version: 2.1 - -orbs: - aws-s3: circleci/aws-s3@3.0 - aws-cli: circleci/aws-cli@2.0 - -executors: - amd64: - machine: - image: ubuntu-2004:202111-02 - resource_class: medium - environment: - ARCH: x86_64 - - arm64: - machine: - image: ubuntu-2004:202111-02 - resource_class: arm.medium - environment: - ARCH: aarch64 - -platforms: &platforms - - amd64 - - arm64 - -alpine-versions: &alpine-versions - - "3.19" - - "3.20" - -php-versions: &php-versions - - "8.1" - - "8.2" - - "8.3" - - "8.4" - -jobs: - build: - parameters: - alpine: - type: string - php: - type: string - executor: - type: string - executor: << parameters.executor >> - steps: - - checkout - - run: make keys - - run: - name: Build - command: | - echo "Building alpine << parameters.alpine >> php << parameters.php >> arch ${ARCH}" - make build ARCH=${ARCH} ALPINE=<< parameters.alpine >> PHP=<< parameters.php >> - - store_artifacts: - path: build/.abuild/skpr.rsa.pub - destination: skpr.rsa.pub - - store_artifacts: - path: _output/<< parameters.alpine >>/php<< parameters.php >> - - release: - parameters: - alpine: - type: string - php: - type: string - executor: - type: string - executor: << parameters.executor >> - steps: - - checkout - - aws-cli/install - - run: - name: Decrypt Keys - command: | - aws kms decrypt \ - --ciphertext-blob fileb://<(cat build/.abuild/skpr.rsa.asc | base64 --decode) \ - --output text \ - --query Plaintext | base64 --decode > build/.abuild/skpr.rsa - - run: - name: Build - command: | - echo "Building alpine << parameters.alpine >> php << parameters.php >> arch ${ARCH}" - make build ARCH=${ARCH} ALPINE=<< parameters.alpine >> PHP=<< parameters.php >> - - run: - name: Sync - command: | - aws s3 sync --acl public-read \ - --cache-control "max-age=86400" \ - --delete \ - _output/<< parameters.alpine >>/php<< parameters.php >>/${ARCH} \ - s3://package-skpr-io/php-alpine/<< parameters.alpine >>/php<< parameters.php >>/${ARCH} - - # Public key for validating repository pakages. - aws s3 cp build/.abuild/skpr.rsa.pub s3://package-skpr-io/php-alpine/skpr.rsa.pub - - run: - name: Invalidate - command: aws cloudfront create-invalidation --distribution-id ${CLOUDFRONT_ID} --paths /php-alpine/<< parameters.alpine >>/php<< parameters.php >>/* - - run: - # This is probably not required. - # But we wouldn't be doing our due diligence as operators if we didn't - # try to clean this up. - name: Delete Private Key - command: | - rm -f build/.abuild/skpr.rsa - -workflows: - build: - jobs: - - build: - filters: - branches: - ignore: main - matrix: - parameters: - executor: *platforms - alpine: *alpine-versions - php: *php-versions - - release: - jobs: - - release: - filters: - branches: - only: main - matrix: - parameters: - executor: *platforms - alpine: *alpine-versions - php: *php-versions diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..537368a --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,26 @@ +name: ๐Ÿ—๏ธ Build +on: + push: + branches-ignore: + - main + +jobs: + build: + strategy: + matrix: + build_image: ["ubuntu-24.04", "ubuntu-24.04-arm"] + alpine: [ "3.20" ] + php: [ "8.3" ] + runs-on: ${{ matrix.build_image }} + steps: + - name: โ†™๏ธ Checkout + uses: actions/checkout@v4 + with: + show-progress: false + - name: ๐Ÿ”‘ Generate keys + run: make keys + - name: ๐Ÿ—๏ธ Build + run: | + ARCH=$(uname -m) + echo "Building alpine ${{ matrix.alpine }} php ${{ matrix.php }} arch ${ARCH}" + make build ARCH=${ARCH} ALPINE=${{ matrix.alpine }} PHP=${{ matrix.php }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..93b1b4c --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,50 @@ +name: ๐Ÿš€ Release +on: + workflow_dispatch: ~ + push: + branches: + - main + +jobs: + release: + strategy: + matrix: + build_image: ["ubuntu-24.04", "ubuntu-24.04-arm"] + alpine: [ "3.20" ] + php: [ "8.3" ] + runs-on: ${{ matrix.build_image }} + steps: + - name: โ†™๏ธ Checkout + uses: actions/checkout@v4 + with: + show-progress: false + - name: ๐Ÿ”‘ Generate public keys + run: make keys + - name: ๐Ÿ—๏ธ Build + run: | + ARCH=$(uname -m) + echo "ARCH=${ARCH}" >> "$GITHUB_OUTPUT" + echo "Building alpine ${{ matrix.alpine }} php ${{ matrix.php }} arch ${ARCH}" + make build ARCH=${ARCH} ALPINE=${{ matrix.alpine }} PHP=${{ matrix.php }} + - name: ๐Ÿ” Get AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + - name: ๐Ÿš€ Publish Packages + run: | + aws s3 sync --acl public-read \ + --cache-control "max-age=86400" \ + --delete \ + _output/${{ matrix.alpine }}/php${{ matrix.php }}/${ARCH} \ + s3://package-skpr-io/php-alpine/${{ matrix.alpine }}/php${{ matrix.php }}/${ARCH} + # Public key for validating repository packages. + aws s3 cp build/.abuild/skpr.rsa.pub s3://package-skpr-io/php-alpine/skpr.rsa.pub + - name: โ˜๏ธ Invalidate Cloudfront + run: | + aws cloudfront create-invalidation \ + --distribution-id ${{ secrets.CLOUDFRONT_ID }} \ + --paths /php-alpine/${{ matrix.alpine }}/php${{ matrix.php }}/* + - name: ๐Ÿงน Clean up + run: rm -f build/.abuild/skpr.rsa diff --git a/Makefile b/Makefile index 40699fa..e3070e0 100644 --- a/Makefile +++ b/Makefile @@ -6,9 +6,9 @@ BUILD_IMAGE=skpr-abuild:latest build: image # @todo, Make sure keys exist. - docker container run -it -v $(CURDIR)/packages:/packages \ - -v $(CURDIR)/_output/$(ALPINE)/php$(PHP):/_output/packages \ - $(BUILD_IMAGE) $(PHP) ${ARCH} + docker container run -v $(CURDIR)/packages:/packages \ + -v $(CURDIR)/_output/$(ALPINE)/php$(PHP):/_output/packages \ + $(BUILD_IMAGE) $(PHP) ${ARCH} image: docker image build --build-arg ALPINE_VERSION=$(ALPINE) -t $(BUILD_IMAGE) build From 56303061bb5380e4d84547ba4f7e5e4c27a84f4d Mon Sep 17 00:00:00 2001 From: Kim Pepper Date: Wed, 16 Apr 2025 16:29:51 +1000 Subject: [PATCH 2/8] Build them all --- .github/workflows/build.yml | 2 +- .github/workflows/release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 537368a..2bb42e4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -10,7 +10,7 @@ jobs: matrix: build_image: ["ubuntu-24.04", "ubuntu-24.04-arm"] alpine: [ "3.20" ] - php: [ "8.3" ] + php: [ "8.1", "8.2", "8.3", "8.4" ] runs-on: ${{ matrix.build_image }} steps: - name: โ†™๏ธ Checkout diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 93b1b4c..5259e27 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,7 +11,7 @@ jobs: matrix: build_image: ["ubuntu-24.04", "ubuntu-24.04-arm"] alpine: [ "3.20" ] - php: [ "8.3" ] + php: [ "8.1", "8.2", "8.3", "8.4" ] runs-on: ${{ matrix.build_image }} steps: - name: โ†™๏ธ Checkout From 263c9ea70a2ac8d1616bd2f3e4b58a60a98a7b65 Mon Sep 17 00:00:00 2001 From: Kim Pepper Date: Wed, 16 Apr 2025 16:52:53 +1000 Subject: [PATCH 3/8] Comment out publishing for now --- .github/workflows/release.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5259e27..e48e250 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -34,13 +34,14 @@ jobs: aws-region: ${{ secrets.AWS_REGION }} - name: ๐Ÿš€ Publish Packages run: | - aws s3 sync --acl public-read \ - --cache-control "max-age=86400" \ - --delete \ - _output/${{ matrix.alpine }}/php${{ matrix.php }}/${ARCH} \ - s3://package-skpr-io/php-alpine/${{ matrix.alpine }}/php${{ matrix.php }}/${ARCH} - # Public key for validating repository packages. - aws s3 cp build/.abuild/skpr.rsa.pub s3://package-skpr-io/php-alpine/skpr.rsa.pub + echo "Publishing alpine ${{ matrix.alpine }} php ${{ matrix.php }} arch ${ARCH}" +# aws s3 sync --acl public-read \ +# --cache-control "max-age=86400" \ +# --delete \ +# _output/${{ matrix.alpine }}/php${{ matrix.php }}/${ARCH} \ +# s3://package-skpr-io/php-alpine/${{ matrix.alpine }}/php${{ matrix.php }}/${ARCH} +# # Public key for validating repository packages. +# aws s3 cp build/.abuild/skpr.rsa.pub s3://package-skpr-io/php-alpine/skpr.rsa.pub - name: โ˜๏ธ Invalidate Cloudfront run: | aws cloudfront create-invalidation \ From 9e3cfeafa66f4948bb3eba25df384b3490ce2438 Mon Sep 17 00:00:00 2001 From: Kim Pepper Date: Wed, 16 Apr 2025 16:54:48 +1000 Subject: [PATCH 4/8] Build release --- .github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e48e250..c53e841 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,6 +4,7 @@ on: push: branches: - main + - aws-codebuild jobs: release: From b8fbc99c3ae46cd2e8f7a2575fadbcf15be1fc72 Mon Sep 17 00:00:00 2001 From: Kim Pepper Date: Wed, 16 Apr 2025 16:54:54 +1000 Subject: [PATCH 5/8] Build release --- .github/workflows/build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2bb42e4..4836c5f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -3,6 +3,7 @@ on: push: branches-ignore: - main + - aws-codebuild jobs: build: From 589893f031864615f8ce8c739c026dc22babc588 Mon Sep 17 00:00:00 2001 From: Kim Pepper Date: Wed, 16 Apr 2025 17:29:16 +1000 Subject: [PATCH 6/8] Use github env --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c53e841..6098a66 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,7 +12,7 @@ jobs: matrix: build_image: ["ubuntu-24.04", "ubuntu-24.04-arm"] alpine: [ "3.20" ] - php: [ "8.1", "8.2", "8.3", "8.4" ] + php: [ "8.4" ] runs-on: ${{ matrix.build_image }} steps: - name: โ†™๏ธ Checkout @@ -24,7 +24,7 @@ jobs: - name: ๐Ÿ—๏ธ Build run: | ARCH=$(uname -m) - echo "ARCH=${ARCH}" >> "$GITHUB_OUTPUT" + echo "ARCH=${ARCH}" >> $GITHUB_ENV echo "Building alpine ${{ matrix.alpine }} php ${{ matrix.php }} arch ${ARCH}" make build ARCH=${ARCH} ALPINE=${{ matrix.alpine }} PHP=${{ matrix.php }} - name: ๐Ÿ” Get AWS credentials From b9e0620eba992ef3544c62212a5418468f615b2e Mon Sep 17 00:00:00 2001 From: Nick Schuch Date: Fri, 9 Jan 2026 09:48:22 +1000 Subject: [PATCH 7/8] Updates --- .github/workflows/build.yml | 10 +++++++--- .github/workflows/release.yml | 28 ++++++++++++++++++---------- Makefile | 2 +- 3 files changed, 26 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4836c5f..b5e14fa 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -9,9 +9,13 @@ jobs: build: strategy: matrix: - build_image: ["ubuntu-24.04", "ubuntu-24.04-arm"] - alpine: [ "3.20" ] - php: [ "8.1", "8.2", "8.3", "8.4" ] + build_image: + - "ubuntu-24.04" + - "ubuntu-24.04-arm" + alpine: + - "3.21" + php: + - "8.4" runs-on: ${{ matrix.build_image }} steps: - name: โ†™๏ธ Checkout diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6098a66..f97a0ec 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,29 +10,37 @@ jobs: release: strategy: matrix: - build_image: ["ubuntu-24.04", "ubuntu-24.04-arm"] - alpine: [ "3.20" ] - php: [ "8.4" ] + build_image: + - "ubuntu-24.04" + - "ubuntu-24.04-arm" + alpine: + - "3.21" + php: + - "8.4" runs-on: ${{ matrix.build_image }} steps: - name: โ†™๏ธ Checkout uses: actions/checkout@v4 with: show-progress: false + - name: ๐Ÿ”‘ Generate public keys run: make keys + - name: ๐Ÿ—๏ธ Build run: | ARCH=$(uname -m) echo "ARCH=${ARCH}" >> $GITHUB_ENV echo "Building alpine ${{ matrix.alpine }} php ${{ matrix.php }} arch ${ARCH}" make build ARCH=${ARCH} ALPINE=${{ matrix.alpine }} PHP=${{ matrix.php }} + - name: ๐Ÿ” Get AWS credentials uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ secrets.AWS_REGION }} + - name: ๐Ÿš€ Publish Packages run: | echo "Publishing alpine ${{ matrix.alpine }} php ${{ matrix.php }} arch ${ARCH}" @@ -43,10 +51,10 @@ jobs: # s3://package-skpr-io/php-alpine/${{ matrix.alpine }}/php${{ matrix.php }}/${ARCH} # # Public key for validating repository packages. # aws s3 cp build/.abuild/skpr.rsa.pub s3://package-skpr-io/php-alpine/skpr.rsa.pub - - name: โ˜๏ธ Invalidate Cloudfront - run: | - aws cloudfront create-invalidation \ - --distribution-id ${{ secrets.CLOUDFRONT_ID }} \ - --paths /php-alpine/${{ matrix.alpine }}/php${{ matrix.php }}/* - - name: ๐Ÿงน Clean up - run: rm -f build/.abuild/skpr.rsa +# - name: โ˜๏ธ Invalidate Cloudfront +# run: | +# aws cloudfront create-invalidation \ +# --distribution-id ${{ secrets.CLOUDFRONT_ID }} \ +# --paths /php-alpine/${{ matrix.alpine }}/php${{ matrix.php }}/* +# - name: ๐Ÿงน Clean up +# run: rm -f build/.abuild/skpr.rsa diff --git a/Makefile b/Makefile index e3070e0..2f19af9 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ BUILD_IMAGE=skpr-abuild:latest build: image # @todo, Make sure keys exist. - docker container run -v $(CURDIR)/packages:/packages \ + docker run -v $(CURDIR)/packages:/packages \ -v $(CURDIR)/_output/$(ALPINE)/php$(PHP):/_output/packages \ $(BUILD_IMAGE) $(PHP) ${ARCH} From 1bb881d86191e090b96507eeaac9eceb18ca11f6 Mon Sep 17 00:00:00 2001 From: Nick Schuch Date: Fri, 9 Jan 2026 09:54:16 +1000 Subject: [PATCH 8/8] Fix the matrix --- .github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f97a0ec..f3b3c6a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,6 +15,7 @@ jobs: - "ubuntu-24.04-arm" alpine: - "3.21" + - "3.22" php: - "8.4" runs-on: ${{ matrix.build_image }}