doc: Add a usage section for reproducible PHARs #1008
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
branches: [ main ] | |
pull_request: ~ | |
schedule: | |
# Do not make it the first of the month and/or midnight since it is a very busy time | |
- cron: "* 10 5 * *" | |
release: | |
types: [ created ] | |
# See https://stackoverflow.com/a/72408109 | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
env: | |
DOCKERFILE: .docker/Dockerfile | |
DOCKERHUB_USERNAME: boxproject | |
TERM: xterm | |
jobs: | |
build-phar: | |
runs-on: ubuntu-latest | |
name: Build PHAR | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Setup PHP | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: '8.1' | |
ini-values: phar.readonly=0 | |
tools: composer | |
coverage: none | |
- name: Install Composer dependencies | |
uses: ramsey/composer-install@v2 | |
- name: Ensure that the make target is up to date | |
run: make _vendor_install | |
- name: Build PHAR | |
run: make compile | |
# Smoke test | |
- name: Ensure the PHAR works | |
run: bin/box.phar --ansi --version | |
- name: Ensure the PHAR is scoped | |
run: bin/box.phar namespace | php -r 'if (!str_starts_with(stream_get_contents(STDIN), "_HumbugBox")) exit (1);' | |
- name: Import GPG key | |
if: github.event_name == 'release' | |
uses: crazy-max/ghaction-import-gpg@v5 | |
with: | |
gpg_private_key: ${{ secrets.GPG_KEY_41539BBD4020945DB378F98B2DF45277AEF09A2F }} | |
passphrase: ${{ secrets.GPG_KEY_41539BBD4020945DB378F98B2DF45277AEF09A2F_PASSPHRASE }} | |
- name: Sign the PHAR | |
if: github.event_name == 'release' | |
run: | | |
gpg --local-user [email protected] \ | |
--batch \ | |
--yes \ | |
--passphrase="${{ secrets.GPG_KEY_41539BBD4020945DB378F98B2DF45277AEF09A2F_PASSPHRASE }}" \ | |
--detach-sign \ | |
--output bin/box.phar.asc \ | |
bin/box.phar | |
- uses: actions/upload-artifact@v3 | |
name: Upload the PHAR artifact | |
with: | |
name: box-phar | |
path: | | |
bin/box.phar | |
bin/box.phar.asc | |
publish-phar: | |
runs-on: ubuntu-latest | |
name: Publish PHAR | |
needs: | |
- build-phar | |
if: github.event_name == 'release' | |
steps: | |
- uses: actions/download-artifact@v3 | |
with: | |
name: box-phar | |
path: . | |
- name: Upload PHAR to the release | |
uses: softprops/action-gh-release@v1 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
files: | | |
box.phar | |
box.phar.asc | |
publish-homebrew-tap: | |
runs-on: ubuntu-latest | |
name: Publish Homebrew tap | |
needs: | |
- publish-phar | |
if: github.event_name == 'release' | |
steps: | |
- name: Update Homebrew formula | |
uses: dawidd6/action-homebrew-bump-formula@v3 | |
with: | |
token: ${{ secrets.BOX_HOMEBREW_TAP_TOKEN }} | |
tap: box-project/box | |
formula: box | |
tag: ${{ github.event.release.tag_name }} | |
revision: ${{ github.event.release.target_commitish }} | |
publish-docker-image: | |
runs-on: ubuntu-latest | |
name: Publish the Docker image | |
needs: | |
- build-phar | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- uses: actions/download-artifact@v3 | |
with: | |
name: box-phar | |
path: . | |
# See https://github.com/actions/download-artifact#limitations | |
# the permissions are not guaranteed to be preserved | |
- name: Ensure PHAR is executable | |
run: | | |
chmod 755 box.phar | |
mv -vf box.phar bin/box.phar | |
./bin/box.phar --ansi --version | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Login to Docker Container Registry | |
if: github.event_name == 'release' | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ env.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Setup the Docker (release) tag(s) | |
if: github.event_name == 'release' | |
# Selects a random value for $EOF as a delimiter, and sets the DOCKER_TAGS environment variable | |
# as a multi-line environment variable. | |
run: | | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
echo "DOCKER_TAGS<<$EOF" >> $GITHUB_ENV | |
echo "${{ env.DOCKERHUB_USERNAME }}/box:${{ github.ref_name }}" >> $GITHUB_ENV | |
echo "${{ env.DOCKERHUB_USERNAME }}/box:latest" >> $GITHUB_ENV | |
echo "$EOF" >> $GITHUB_ENV | |
echo "DOCKER_TEST_TAG=${{ env.DOCKERHUB_USERNAME }}/box:latest" >> $GITHUB_ENV | |
- name: Login to GitHub Container Registry | |
if: github.event_name != 'release' | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Setup the Docker tag(s) | |
if: github.event_name != 'release' | |
run: | | |
echo "DOCKER_TAGS=ghcr.io/box-project/box" >> $GITHUB_ENV | |
echo "DOCKER_TEST_TAG=ghcr.io/box-project/box" >> $GITHUB_ENV | |
- name: Build and export to Docker | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
file: ${{ env.DOCKERFILE }} | |
platforms: linux/amd64 | |
tags: ${{ env.DOCKER_TAGS }} | |
load: true | |
- name: Test the (release) image | |
run: docker run --rm ${{ env.DOCKER_TEST_TAG }} --version | |
- name: Build and push | |
if: github.event_name == 'release' | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
file: ${{ env.DOCKERFILE }} | |
platforms: linux/amd64 | |
tags: ${{ env.DOCKER_TAGS }} | |
push: true |