ci: rebuild Docker images (if necessary) and binaries every night (#379)

dunglas · web-flow · commit 9046b97fa58c · 2023-12-13T22:34:04.000+01:00
diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
@@ -11,48 +11,77 @@ on:
       - v*.*.*
   workflow_dispatch:
     inputs: {}
+  schedule:
+    - cron:  '0 4 * * *'
 jobs:
   prepare:
     runs-on: ubuntu-latest
     outputs:
-      # Push only if it's a tag or if we're committing in the main branch
-      push: ${{ toJson(startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main' && github.event_name != 'pull_request')) }}
+      # Push if it's a scheduled job, a tag, or if we're committing to the main branch
+      push: ${{ toJson(github.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main' && github.event_name != 'pull_request')) }}
       variants: ${{ steps.matrix.outputs.variants }}
       platforms: ${{ steps.matrix.outputs.platforms }}
       metadata: ${{ steps.matrix.outputs.metadata }}
-      php_version: ${{ steps.matrix.outputs.php_version }}
+      php_version: ${{ steps.check.outputs.php_version }}
+      skip: ${{ steps.check.outputs.skip }}
+      ref: ${{ steps.check.outputs.ref }}
     steps:
+      -
+        name: Check PHP versions
+        id: check
+        run: |
+          PHP_82_LATEST=$(skopeo inspect docker://docker.io/library/php:8.2 --override-os linux --override-arch amd64 | jq -r '.Env[] | select(test("^PHP_VERSION=")) | sub("^PHP_VERSION="; "")')
+          PHP_83_LATEST=$(skopeo inspect docker://docker.io/library/php:8.3 --override-os linux --override-arch amd64 | jq -r '.Env[] | select(test("^PHP_VERSION=")) | sub("^PHP_VERSION="; "")')
+          echo php_version="${PHP_83_LATEST},${PHP_82_LATEST}" >> "${GITHUB_OUTPUT}"
+          
+          # Check if the Docker images must be rebuilt
+          if [[ "${GITHUB_EVENT_NAME}" != "schedule"  ]]; then
+              echo skip=false >> "${GITHUB_OUTPUT}"
+              exit 0
+          fi
+          
+          FRANKENPHP_82_LATEST=$(skopeo inspect docker://docker.io/dunglas/frankenphp:latest-php8.2 --override-os linux --override-arch amd64 | jq -r '.Env[] | select(test("^PHP_VERSION=")) | sub("^PHP_VERSION="; "")')
+          FRANKENPHP_83_LATEST=$(skopeo inspect docker://docker.io/dunglas/frankenphp:latest-php8.3 --override-os linux --override-arch amd64 | jq -r '.Env[] | select(test("^PHP_VERSION=")) | sub("^PHP_VERSION="; "")')
+          
+          if [[ "${FRANKENPHP_82_LATEST}" == "${PHP_82_LATEST}" ]] && [[ "${FRANKENPHP_83_LATEST}" == "${PHP_83_LATEST}" ]]; then
+              echo skip=true >> "${GITHUB_OUTPUT}"
+              exit 0
+          fi
+          
+          {
+            echo ref="$(gh release view --repo dunglas/frankenphp --json tagName --jq '.tagName')"
+            echo skip=false
+          } >> "${GITHUB_OUTPUT}"
       -
         uses: actions/checkout@v4
+        if: ${{ !fromJson(steps.check.outputs.skip) }}
+        with:
+          ref: ${{ steps.check.outputs.ref }}
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
           version: latest
       -
         name: Create variants matrix
+        if: ${{ !fromJson(steps.check.outputs.skip) }}
         id: matrix
         run: |
-          # Fetch latest versions of PHP
-          PHP_82_LATEST=$(skopeo inspect docker://docker.io/library/php:8.2 --override-os linux --override-arch amd64 | jq -r '.Env[] | select(test("^PHP_VERSION=")) | sub("^PHP_VERSION="; "")')
-          PHP_83_LATEST=$(skopeo inspect docker://docker.io/library/php:8.3 --override-os linux --override-arch amd64 | jq -r '.Env[] | select(test("^PHP_VERSION=")) | sub("^PHP_VERSION="; "")')
-          export PHP_VERSION="${PHP_83_LATEST},${PHP_82_LATEST}"
-
           METADATA="$(docker buildx bake --print | jq -c)"
-
           {
-            echo php_version="$PHP_VERSION"
-            echo metadata="$METADATA"
-            echo variants="$(jq -c '.group.default.targets|map(sub("runner-|builder-"; ""))|unique' <<< "$METADATA")"
-            echo platforms="$(jq -c 'first(.target[]) | .platforms' <<< "$METADATA")"
-          } >> "$GITHUB_OUTPUT"
+            echo metadata="${METADATA}"
+            echo variants="$(jq -c '.group.default.targets|map(sub("runner-|builder-"; ""))|unique' <<< "${METADATA}")"
+            echo platforms="$(jq -c 'first(.target[]) | .platforms' <<< "${METADATA}")"
+          } >> "${GITHUB_OUTPUT}"
         env:
           SHA: ${{ github.sha }}
-          VERSION: ${{ github.ref_type == 'tag' && github.ref_name || github.sha }}
+          VERSION: ${{ (github.ref_type == 'tag' && github.ref_name) || steps.check.outputs.ref || github.sha }}
+          PHP_VERSION: ${{ steps.check.outputs.php_version }}
   build:
     runs-on: ubuntu-latest
     needs:
       - prepare
+    if: ${{ !fromJson(needs.prepare.outputs.skip) }}
     strategy:
       fail-fast: false
       matrix:
@@ -69,6 +98,8 @@ jobs:
     steps:
       -
         uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.prepare.outputs.ref }}
       -
         name: Set up QEMU
         if: matrix.qemu
@@ -108,7 +139,7 @@ jobs:
             ${{ fromJson(needs.prepare.outputs.push) && '*.output=type=image,name=dunglas/frankenphp,push-by-digest=true,name-canonical=true,push=true' || '' }}
         env:
           SHA: ${{ github.sha }}
-          VERSION: ${{ github.ref_type == 'tag' && github.ref_name || github.sha }}
+          VERSION: ${{ github.ref_type == 'tag' && github.ref_name  || needs.prepare.outputs.ref || github.sha }}
           PHP_VERSION: ${{ needs.prepare.outputs.php_version }}
       -
         # Workaround for https://github.com/actions/runner/pull/2477#issuecomment-1501003600
@@ -118,11 +149,11 @@ jobs:
           mkdir -p /tmp/metadata/builder /tmp/metadata/runner
 
           # shellcheck disable=SC2086
-          builderDigest=$(jq -r '."builder-${{ matrix.variant }}"."containerimage.digest"' <<< $METADATA)
+          builderDigest=$(jq -r '."builder-${{ matrix.variant }}"."containerimage.digest"' <<< ${METADATA})
           touch "/tmp/metadata/builder/${builderDigest#sha256:}"
 
           # shellcheck disable=SC2086
-          runnerDigest=$(jq -r '."runner-${{ matrix.variant }}"."containerimage.digest"' <<< $METADATA)
+          runnerDigest=$(jq -r '."runner-${{ matrix.variant }}"."containerimage.digest"' <<< ${METADATA})
           touch "/tmp/metadata/runner/${runnerDigest#sha256:}"
         env:
           METADATA: ${{ steps.build.outputs.metadata }}
@@ -150,7 +181,7 @@ jobs:
         continue-on-error: ${{ fromJson(needs.prepare.outputs.push) }}
         run: |
           docker run --platform=${{ matrix.platform }} --rm \
-            "$(jq -r '."builder-${{ matrix.variant }}"."containerimage.config.digest"' <<< "$METADATA")" \
+            "$(jq -r '."builder-${{ matrix.variant }}"."containerimage.config.digest"' <<< "${METADATA}")" \
             sh -c 'go test ${{ matrix.race }} -v ./... && cd caddy && go test ${{ matrix.race }} -v ./...'
         env:
           METADATA: ${{ steps.build.outputs.metadata }}
@@ -189,14 +220,14 @@ jobs:
         working-directory: /tmp/metadata
         run: |
           # shellcheck disable=SC2046,SC2086
-          docker buildx imagetools create $(jq -cr '.target."${{ matrix.target }}-${{ matrix.variant }}".tags | map("-t " + .) | join(" ")' <<< $METADATA) \
+          docker buildx imagetools create $(jq -cr '.target."${{ matrix.target }}-${{ matrix.variant }}".tags | map("-t " + .) | join(" ")' <<< ${METADATA}) \
             $(printf 'dunglas/frankenphp@sha256:%s ' *)
         env:
           METADATA: ${{ needs.prepare.outputs.metadata }}
       -
         name: Inspect image
         run: |
           # shellcheck disable=SC2046,SC2086
-          docker buildx imagetools inspect $(jq -cr '.target."${{ matrix.target }}-${{ matrix.variant }}".tags | first' <<< $METADATA) 
+          docker buildx imagetools inspect $(jq -cr '.target."${{ matrix.target }}-${{ matrix.variant }}".tags | first' <<< ${METADATA}) 
         env:
           METADATA: ${{ needs.prepare.outputs.metadata }}
diff --git a/.github/workflows/static.yaml b/.github/workflows/static.yaml
@@ -11,6 +11,8 @@ on:
       - v*.*.*
   workflow_dispatch:
     inputs: {}
+  schedule:
+    - cron:  '0 0 * * *'  
 jobs:
   release:
     if: github.ref_type == 'tag'
@@ -24,20 +26,33 @@ jobs:
           allowUpdates: true
           omitBodyDuringUpdate: true
           omitNameDuringUpdate: true
+  prepare:
+    runs-on: ubuntu-latest
+    outputs:
+      ref: ${{ steps.ref.outputs.ref }}
+    steps:
+      -
+        name: Get latest release
+        id: ref
+        if: github.event_name == 'schedule'
+        run: echo ref="$(gh release view --repo dunglas/frankenphp --json tagName --jq '.tagName')" >> "${GITHUB_OUTPUT}"
   build-linux:
     name: Build Linux x86_64 binary
     runs-on: ubuntu-latest
+    needs: [ prepare ]
     steps:
       -
         uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.prepare.outputs.ref }}
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
           version: latest
       -
         name: Login to DockerHub
-        if: startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main' && github.event_name != 'pull_request')
+        if: github.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main' && github.event_name != 'pull_request')
         uses: docker/login-action@v3
         with:
           username: ${{secrets.REGISTRY_USERNAME}}
@@ -48,8 +63,8 @@ jobs:
         uses: docker/bake-action@v4
         with:
           pull: true
-          load: ${{toJson(!startsWith(github.ref, 'refs/tags/') && (github.ref != 'refs/heads/main' || github.event_name == 'pull_request'))}}
-          push: ${{toJson(startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main' && github.event_name != 'pull_request'))}}
+          load: ${{toJson(github.event_name != 'schedule' && !startsWith(github.ref, 'refs/tags/') && (github.ref != 'refs/heads/main' || github.event_name == 'pull_request'))}}
+          push: ${{toJson(github.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main' && github.event_name != 'pull_request'))}}
           targets: static-builder
           set: |
             *.cache-from=type=gha,scope=${{github.ref}}-static-builder
@@ -58,25 +73,27 @@ jobs:
         env:
           LATEST: '1' # TODO: unset this variable when releasing the first stable version
           SHA: ${{github.sha}}
-          VERSION: ${{github.ref_type == 'tag' && github.ref_name || github.sha}}
+          VERSION: ${{ (github.ref_type == 'tag' && github.ref_name) || needs.prepare.outputs.ref || github.sha}}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       -
         name: Pull Docker image
-        if: startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main' && github.event_name != 'pull_request')
+        if: github.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main' && github.event_name != 'pull_request')
         run: docker pull dunglas/frankenphp:static-builder
       -
         name: Copy binary
         run: docker cp "$(docker create --name static-builder dunglas/frankenphp:static-builder):/go/src/app/dist/frankenphp-linux-x86_64" frankenphp-linux-x86_64 ; docker rm static-builder
       -
         name: Upload asset
-        if: github.ref_type == 'tag'
+        if: github.event_name == 'schedule' || github.ref_type == 'tag'
         uses: ncipollo/release-action@v1
         with:
+          tag: ${{ (github.ref_type == 'tag' && github.ref_name) || needs.prepare.outputs.ref }} 
           generateReleaseNotes: true
           allowUpdates: true
           omitBodyDuringUpdate: true
           omitNameDuringUpdate: true
           artifacts: frankenphp-linux-x86_64
+          replacesArtifacts: true
       -
         name: Upload artifact
         if: github.ref_type == 'branch'
@@ -86,11 +103,14 @@ jobs:
   build-mac:
     name: Build macOS x86_64 binaries
     runs-on: macos-latest
+    needs: [ prepare ]
     env:
       HOMEBREW_NO_AUTO_UPDATE: 1
     steps:
       -
         uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.prepare.outputs.ref }}
       -
         uses: actions/setup-go@v5
         with:
@@ -101,25 +121,35 @@ jobs:
       -
         name: Set FRANKENPHP_VERSION
         run: |
-          if [ "$GITHUB_REF_TYPE" == "tag" ]; then export FRANKENPHP_VERSION=${GITHUB_REF_NAME:1}; else export FRANKENPHP_VERSION=$GITHUB_SHA; fi
-          echo "FRANKENPHP_VERSION=$FRANKENPHP_VERSION" >> "$GITHUB_ENV"
+          if [ "${GITHUB_REF_TYPE}" == "tag" ]; then
+            export FRANKENPHP_VERSION=${GITHUB_REF_NAME:1}
+          elif [ "${GITHUB_EVENT_NAME}" == "schedule" ]; then
+            export FRANKENPHP_VERSION="${{ needs.prepare.outputs.ref }}"
+          else
+            export FRANKENPHP_VERSION=${GITHUB_SHA}
+          fi
+
+          echo "FRANKENPHP_VERSION=${FRANKENPHP_VERSION}" >> "${GITHUB_ENV}"
       -
         name: Build FrankenPHP
         run: ./build-static.sh
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       -
         name: Upload asset
-        if: github.ref_type == 'tag'
+        if: github.event_name == 'schedule' || github.ref_type == 'tag'
         uses: ncipollo/release-action@v1
         with:
+          tag: ${{ (github.ref_type == 'tag' && github.ref_name) || needs.prepare.outputs.ref }}
           generateReleaseNotes: true
           allowUpdates: true
           omitBodyDuringUpdate: true
           omitNameDuringUpdate: true
           artifacts: dist/frankenphp-mac-x86_64
+          replacesArtifacts: true
       -
-        name: Upload binary
+        name: Upload artifact
+        if: github.ref_type == 'branch'
         uses: actions/upload-artifact@v3
         with:
           path: dist/frankenphp-mac-x86_64
