Skip to content

Commit

Permalink
Self build of PHAR for release of docker
Browse files Browse the repository at this point in the history
  • Loading branch information
@Aeliot-Tm
Aeliot-Tm committed Nov 5, 2024
1 parent 5b7f7df commit 5d92c94
Showing 1 changed file with 88 additions and 6 deletions.
94 changes: 88 additions & 6 deletions .github/workflows/release-docker.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,95 @@ on:
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
TODO_REGISTRAR_PHAR: todo-registrar.phar

# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
jobs:
build-phar:
runs-on: ubuntu-latest
name: Build PHAR

env:
TODO_REGISTRAR_SIGN: todo-registrar.phar.asc

steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: 8.2
ini-values: phar.readonly=0
tools: composer
coverage: none

- name: Cache Composer packages
id: composer-cache
uses: actions/cache@v4
with:
path: vendor
key: "os-${{ runner.os }}-php-${{ runner.php-version }}-composer-${{ hashFiles('**/composer.lock') }}"
restore-keys: "os-${{ runner.os }}-php-${{ runner.php-version }}-composer-"

- name: Install Composer dependencies
uses: ramsey/composer-install@v3
with:
composer-options: '--no-dev'

- name: Cache tools installed with PHIVE
uses: actions/cache@v4
with:
path: "${{ runner.temp }}/.phive"
key: "os-${{ runner.os }}-php-${{ runner.php-version }}-phive-${{ hashFiles('**/.phive/phars.xml', '**/.phive/trust-gpg-keys.txt') }}"
restore-keys: "os-${{ runner.os }}-php-${{ runner.php-version }}-phive-"

- name: Install PHIVE
uses: szepeviktor/phive@v1
with:
home: "${{ runner.temp }}/.phive"
binPath: "${{ github.workspace }}/tools/phive"

- name: Install PHP tools by PHIVE
uses: szepeviktor/phive-install@v1
with:
home: "${{ runner.temp }}/.phive"
trustGpgKeys: '$(cat ./.phive/trust-gpg-keys.txt)'
binPath: "${{ github.workspace }}/tools/phive"

- name: Build PHAR
run: composer build

# The following section is done only for releases
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPG_KEY_9D0DD6FCB92C84688B777DF59204DEE8CAE9C22C }}
passphrase: "${{ secrets.GPG_KEY_9D0DD6FCB92C84688B777DF59204DEE8CAE9C22C_PASSPHRASE }}"

- name: Sign the PHAR
# if: github.event_name == 'release'
run: |
gpg --local-user 9D0DD6FCB92C84688B777DF59204DEE8CAE9C22C \
--batch \
--yes \
--passphrase="${{ secrets.GPG_KEY_9D0DD6FCB92C84688B777DF59204DEE8CAE9C22C_PASSPHRASE }}" \
--detach-sign \
--output ${{ env.TODO_REGISTRAR_SIGN }} \
${{ env.TODO_REGISTRAR_PHAR }}
- name: Verify signature
run: gpg --verify ${{ env.TODO_REGISTRAR_SIGN }} ${{ env.TODO_REGISTRAR_PHAR }}

- uses: actions/upload-artifact@master
with:
name: ${{ env.TODO_REGISTRAR_PHAR }}
path: "${{ github.workspace }}/${{ env.TODO_REGISTRAR_PHAR }}"

build-and-push-image:
needs: build-phar
runs-on: ubuntu-latest
# Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
permissions:
Expand All @@ -25,13 +110,10 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v4

- name: Download built PHAR file artifact from triggered workflow
uses: dawidd6/action-download-artifact@v2
- uses: actions/download-artifact@master
with:
allow_forks: false
name: todo-registrar.phar
search_artifacts: true
workflow: release.yaml
name: ${{ env.TODO_REGISTRAR_PHAR }}
path: "${{ github.workspace }}/${{ env.TODO_REGISTRAR_PHAR }}"

# Uses the `docker/login-action` action to log in to the Container registry using the account
# and password that will publish the packages. Once published, the packages are scoped to the account defined here.
Expand Down

0 comments on commit 5d92c94

Please sign in to comment.