The imagick extension is currently not up to date. Work around this. Sigh. #168
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Docs: https://docs.github.com/en/actions | |
name: CI/CD | |
on: | |
push: | |
branches: ["master"] | |
pull_request: | |
branches: ["master"] | |
env: | |
DOCKER_REGISTRY: ghcr.io | |
DOCKER_IMAGE_NAME: php-nginx | |
DOCKER_IMAGE_REPO: ghcr.io/${{ github.repository_owner }}/php-nginx | |
jobs: | |
docker: | |
name: Build Docker images | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
steps: | |
- name: Harden CI | |
uses: step-security/harden-runner@v2.10.1 | |
with: | |
disable-sudo: true | |
egress-policy: block | |
allowed-endpoints: > | |
api.github.com:443 | |
actions-results-receiver-production.githubapp.com:443 | |
auth.docker.io:443 | |
dl-cdn.alpinelinux.org:443 | |
github.com:443 | |
objects.githubusercontent.com:443 | |
pecl.php.net:443 | |
production.cloudflare.docker.com:443 | |
productionresultssa4.blob.core.windows.net:443 | |
registry-1.docker.io:443 | |
- name: Checkout source code | |
uses: actions/checkout@v4 | |
- name: Build Docker images | |
run: ./bin/build; | |
- name: Save Docker images | |
run: docker image save $(docker images --format "{{.Repository}}:{{.Tag}}" "${{ env.DOCKER_IMAGE_REPO }}") | gzip -9 > docker_images.tgz | |
- name: Upload Docker image artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: docker | |
path: docker_images.tgz | |
test-docker: | |
name: Test Docker images | |
needs: [docker] | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
steps: | |
- name: Harden CI | |
uses: step-security/harden-runner@v2.10.1 | |
with: | |
disable-sudo: true | |
egress-policy: block | |
allowed-endpoints: > | |
api.github.com:443 | |
github.com:443 | |
objects.githubusercontent.com:443 | |
- name: Checkout source code | |
uses: actions/checkout@v4 | |
- name: Download Docker image artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: docker | |
- name: Load Docker images | |
run: gzip --uncompress --stdout docker_images.tgz | docker image load | |
- name: Test Docker images | |
run: ./bin/test; | |
push-docker-repo: | |
name: Push images to repository | |
needs: [test-docker] | |
if: github.ref == 'refs/heads/master' | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
steps: | |
- name: Harden CI | |
uses: step-security/harden-runner@v2.10.1 | |
with: | |
disable-sudo: true | |
egress-policy: block | |
allowed-endpoints: > | |
api.github.com:443 | |
ghcr.io:443 | |
github.com:443 | |
objects.githubusercontent.com:443 | |
# Need source code to push README file contents to Docker Hub | |
- name: Checkout source code | |
uses: actions/checkout@v4 | |
- name: Download Docker image artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: docker | |
- name: Load Docker images | |
run: gzip --uncompress --stdout docker_images.tgz | docker image load | |
- name: Log in to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.DOCKER_REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Push images | |
run: | | |
for image_name in $(docker images --format "{{.Repository}}:{{.Tag}}" "${{ env.DOCKER_IMAGE_REPO }}"); do | |
echo "Pushing ${image_name}"; | |
docker push "${image_name}"; | |
done; | |
- name: Purge untagged images | |
uses: actions/delete-package-versions@v5 | |
with: | |
package-name: ${{ env.DOCKER_IMAGE_NAME }} | |
package-type: "container" | |
min-versions-to-keep: 9 | |
delete-only-untagged-versions: true |