Merge pull request #4 from WyriHaximus/align-docker-base-github-action-setup

Align Docker base Github Action setup

Author: WyriHaximus

.docker/security/docker-compose.yml

@@ -0,0 +1,21 @@
+version: '3.2'
+services:
+  postgres:
+    container_name: clair_postgres
+    # This image provides a nightly build with updated vulnerability databases
+    # once setting up clair from scratch can take up to 30 minutes
+    image: arminc/clair-db:latest
+    restart: unless-stopped
+    environment:
+      POSTGRES_PASSWORD: password
+
+  clair:
+    container_name: clair_clair
+    image: arminc/clair-local-scan:v2.0.4
+    restart: unless-stopped
+    depends_on:
+      - postgres
+    ports:
+      - "6060-6061:6060-6061"
+    links:
+      - postgres

.github/boring-cyborg.yml

@@ -1,7 +1,4 @@
 labelPRBasedOnFilePath:
-  "Documentation 📚":
-    - README.md
-    - CONTRIBUTING.md
   "Dependencies 📦":
     - Dockerfile*
     - composer.*

.github/workflows/ci.yml

@@ -8,24 +8,95 @@ on:
       - master
   pull_request:
 jobs:
-  lint:
+  generate-ref:
+    name: Generate Ref
     runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
+    outputs:
+      REF: ${{ steps.generate-ref.outputs.ref }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v1
+      - id: generate-ref
+        name: Generate Ref
+        run: |
+          if [ "${{ github.event_name }}" == "pull_request" ] ; then
+            ref=$(php -r "echo str_replace('/', '-SLASH-', '${{ github.event.pull_request.head.ref }}');")
+            echo "$ref"
+            printf "::set-output name=ref::%s" $ref
+            exit 0
+          fi
+          echo "${GITHUB_REF##*/}"
+          echo "::set-output name=ref::${GITHUB_REF##*/}"
+  lint-dockerfile:
+    name: Lint Dockerfile
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
       - name: Lint Dockerfile
         uses: docker://hadolint/hadolint:latest-debian
         with:
           entrypoint: hadolint
-          args: Dockerfile
-  build:
+          args: Dockerfile-build
+  fetch-versions:
+    name: Fetch Versions
+    needs:
+      - lint-dockerfile
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Fetch Versions
+        uses: ./
+        id: versions
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          milestone: "v1.0.0"
+      - name: Show Versions
+        run: echo "${VERSIONS}"
+        env:
+          VERSIONS: ${{ steps.versions.outputs.versions }}
+  build-docker-image:
+    name: Build Docker image
     needs:
-      - lint
+      - fetch-versions
+      - generate-ref
+      - lint-dockerfile
     runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
     steps:
-      - uses: actions/checkout@v2
-      - run: docker build . -t "${DOCKER_IMAGE}:ci-latest"
+      - uses: actions/checkout@v1
+      - run: docker version
+      - run: docker images
+      - name: Install clair-scanner
+        run: |
+          sudo curl -L https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 -o /usr/local/bin/clair-scanner
+          sudo chmod +x /usr/local/bin/clair-scanner
+      - run: docker images
+      - run: mkdir -p $(echo "./clair/${DOCKER_IMAGE}:${REF}" | tr '[:upper:]' '[:lower:]')
+        env:
+          REF: ${{ needs.generate-ref.outputs.ref }}
+      - run: docker-compose -f .docker/security/docker-compose.yml -p clair-ci up -d
+      - run: docker build --no-cache -t "${DOCKER_IMAGE}:${REF}" . -f Dockerfile-build
+        env:
+          REF: ${{ needs.generate-ref.outputs.ref }}
+      - run: docker tag "${DOCKER_IMAGE}:${REF}" "${DOCKER_IMAGE}:sha-${GITHUB_SHA}"
+        env:
+          REF: ${{ needs.generate-ref.outputs.ref }}
+      - run: echo -e "${DOCKER_IMAGE}:${REF}" | xargs -I % sh -c 'clair-scanner --ip 172.17.0.1 -r "./clair/%.json" -l ./clair/clair.log % || (echo "% is vulnerable" && exit 1)'
+        env:
+          REF: ${{ needs.generate-ref.outputs.ref }}
+      - run: docker-compose -f .docker/security/docker-compose.yml -p clair-ci down
       - run: docker images
+      - name: Login to Docker Hub
+        if: contains(github.ref, 'dependabot') == false
+        run: |
+          echo "${{ secrets.HUB_PASSCODE }}" | \
+          docker login \
+            --username "${{ secrets.HUB_USERNAME }}" \
+            --password-stdin
+      - name: Push branch image to Docker Hub
+        if: contains(github.ref, 'dependabot') == false
+        run: docker push "${DOCKER_IMAGE}:${REF}"
+        env:
+          REF: ${{ needs.generate-ref.outputs.ref }}
+      - name: Push commit sha image to Docker Hub
+        if: contains(github.ref, 'dependabot') == false
+        run: docker push "${DOCKER_IMAGE}:sha-${GITHUB_SHA}"

.github/workflows/craft-release.yaml

@@ -1,16 +1,59 @@
-name: Create Release & And push Docker image
-
+name: Create Release
 env:
   DOCKER_IMAGE: wyrihaximusgithubactions/supported-php-versions
-  DOCKER_BUILDKIT: 1
   MILESTONE: ${{ github.event.milestone.title }}
 on:
   milestone:
     types:
       - closed
 jobs:
+  wait-for-status-checks:
+    name: Wait for status checks
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - run: sleep 13
+      - name: 'Wait for status checks'
+        id: waitforstatuschecks
+        uses: "WyriHaximus/github-action-wait-for-status@master"
+        with:
+          ignoreActions: "Wait for status checks"
+          checkInterval: 5
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+      - id: generate-version-strategy
+        if: steps.waitforstatuschecks.outputs.status != 'success'
+        name: Fail
+        run: exit 1
+  generate-version-strategy:
+    name: Generate Version Strategy
+    needs:
+      - wait-for-status-checks
+    runs-on: ubuntu-latest
+    outputs:
+      docker_versions: ${{ steps.generate-version-strategy.outputs.docker_versions }}
+      tag_versions: ${{ steps.generate-version-strategy.outputs.tag_versions }}
+    steps:
+      - uses: actions/checkout@v1
+      - uses: WyriHaximus/github-action-break-up-semver@master
+        id: breakupsemver
+        with:
+          version: ${{ env.MILESTONE }}
+      - id: generate-version-strategy
+        name: Generate Versions
+        env:
+          MAJOR: ${{ steps.breakupsemver.outputs.v_major }}
+          MAJOR_MINOR: ${{ steps.breakupsemver.outputs.v_major_minor }}
+          MAJOR_MINOR_PATCH: ${{ steps.breakupsemver.outputs.v_major_minor_patch }}
+        run: |
+          echo "::set-output name=docker_versions::[\"${MAJOR}\",\"${MAJOR_MINOR}\",\"${MAJOR_MINOR_PATCH}\"]"
+          git tag > tag.list
+          cat tag.list
+          printf "::set-output name=tag_versions::%s" $(jq --raw-input --slurp 'split("\n")' tag.list -c | php -r "echo json_encode(array_values(array_diff_assoc(json_decode('[\"${MAJOR}\",\"${MAJOR_MINOR}\",\"${MAJOR_MINOR_PATCH}\"]'), json_decode(stream_get_contents(STDIN)))));")
   generate-changelog:
     name: Generate Changelog
+    needs:
+      - generate-version-strategy
     runs-on: ubuntu-latest
     outputs:
       changelog: ${{ steps.changelog.outputs.changelog }}
@@ -26,19 +69,56 @@ jobs:
         run: echo "${CHANGELOG}"
         env:
           CHANGELOG: ${{ steps.changelog.outputs.changelog }}
+  tag-docker-image:
+    name: Tag Docker image for version ${{ matrix.version }}
+    needs:
+      - generate-version-strategy
+    strategy:
+      matrix:
+        version: ${{ fromJson(needs.generate-version-strategy.outputs.docker_versions) }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Login to Docker Hub
+        env:
+          DOCKER_USER: ${{ secrets.HUB_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.HUB_PASSCODE }}
+        run: |
+          echo "${{ secrets.DOCKER_PASSWORD }}" | \
+          docker login \
+            --username "${{ secrets.DOCKER_USER }}" \
+            --password-stdin
+      - name: Pull source image
+        run: docker pull "${DOCKER_IMAGE}:sha-${GITHUB_SHA}"
+      - name: Retag images for release
+        run: docker tag "${DOCKER_IMAGE}:sha-${GITHUB_SHA}" "${DOCKER_IMAGE}:${{ matrix.version }}"
+      - run: docker images
+      - name: Push release images to Docker Hub
+        run: docker push "${DOCKER_IMAGE}:${{ matrix.version }}"
   create-release:
     name: Create Release
     needs:
+      - generate-version-strategy
+      - tag-docker-image
       - generate-changelog
+    strategy:
+      matrix:
+        version: ${{ fromJson(needs.generate-version-strategy.outputs.tag_versions) }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v1
+      - name: Create release/${{ matrix.version }} branch
+        run: git checkout -b release/${{ matrix.version }} ${GITHUB_SHA}
+      - run: sed -i 's/master/${{ matrix.version }}/g' Dockerfile
+      - run: cat Dockerfile
+      - run: git add Dockerfile
+      - run: git status
+      - run: echo -e "${CHANGELOG}" > release-${{ matrix.version }}-changelog.md
         env:
           CHANGELOG: ${{ needs.generate-changelog.outputs.changelog }}
       - run: |
-          echo -e "${MILESTONE_DESCRIPTION}\r\n\r\n${CHANGELOG}" > release-${{ env.MILESTONE }}-release-message.md
-          cat release-${{ env.MILESTONE }}-release-message.md
-          release_message=$(cat release-${{ env.MILESTONE }}-release-message.md)
+          echo -e "${MILESTONE_DESCRIPTION}\r\n\r\n${CHANGELOG}" > release-${{ matrix.version }}-release-message.md
+          cat release-${{ matrix.version }}-release-message.md
+          release_message=$(cat release-${{ matrix.version }}-release-message.md)
           release_message="${release_message//'%'/'%25'}"
           release_message="${release_message//$'\n'/'%0A'}"
           release_message="${release_message//$'\r'/'%0D'}"
@@ -47,26 +127,45 @@ jobs:
         env:
           MILESTONE_DESCRIPTION: ${{ github.event.milestone.description }}
           CHANGELOG: ${{ needs.generate-changelog.outputs.changelog }}
-      - name: Create Release with Changelog
+      - run: cat release-${{ matrix.version }}-changelog.md
+      - name: Set git commit user
+        run: |
+          git config user.name '${{ github.actor }}'
+          git config user.email '${{ github.actor }}@users.noreply.github.com'
+      - run: git commit -F release-${{ matrix.version }}-changelog.md
+      - run: git tag -F release-${{ matrix.version }}-changelog.md ${{ matrix.version }}
+      - name: Push changes
+        uses: ad-m/[email protected]
+        with:
+          tags: true
+          branch: release/${{ matrix.version }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Create Reference Release with Changelog
+        if: ${{ matrix.version == env.MILESTONE }}
         uses: fleskesvor/create-release@feature/support-target-commitish
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-          tag_name: ${{ env.MILESTONE }}
-          release_name: ${{ env.MILESTONE }}
+          tag_name: ${{ matrix.version }}
+          release_name: ${{ matrix.version }}
           body: ${{ steps.releasemessage.outputs.release_message }}
           draft: false
           prerelease: false
-  tag:
-    runs-on: 'ubuntu-latest'
-    steps:
-      - uses: actions/checkout@v2
-      - run: docker build . -t "${DOCKER_IMAGE}:${{ env.MILESTONE }}"
-      - name: Login to Docker Hub
-        run: |
-          echo "${{ secrets.HUB_PASSCODE }}" | \
-          docker login \
-            --username "${{ secrets.HUB_USERNAME }}" \
-            --password-stdin
-      - name: Push release
-        run: docker push "${DOCKER_IMAGE}:${{ env.MILESTONE }}"
+          commitish: release/${{ matrix.version }}
+      - name: Create Release with Changelog
+        if: ${{ matrix.version != env.MILESTONE }}
+        uses: fleskesvor/create-release@feature/support-target-commitish
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ matrix.version }}
+          release_name: ${{ matrix.version }}
+          body: Reference tag to ${{ env.MILESTONE }}
+          draft: false
+          prerelease: false
+          commitish: release/${{ matrix.version }}
+      - name: Delete release/${{ matrix.version }} branch
+        uses: dawidd6/action-delete-branch@v3
+        with:
+          github_token: ${{github.token}}
+          branches: release/${{ matrix.version }}