chore!: update to golangci-lint-action 7 (#1508) #2443
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Build binary releases | |
| concurrency: | |
| cancel-in-progress: true | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - "docs/**" | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - v*.*.* | |
| workflow_dispatch: | |
| inputs: | |
| #checkov:skip=CKV_GHA_7 | |
| version: | |
| description: "FrankenPHP version" | |
| required: false | |
| type: string | |
| schedule: | |
| - cron: "0 0 * * *" | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| env: | |
| IMAGE_NAME: ${{ (github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && inputs.version) || startsWith(github.ref, 'refs/tags/')) && 'dunglas/frankenphp' || 'dunglas/frankenphp-dev' }} | |
| jobs: | |
| prepare: | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| push: ${{ toJson((steps.check.outputs.ref || (github.event_name == 'workflow_dispatch' && inputs.version) || startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main' && github.event_name != 'pull_request')) && true || false) }} | |
| platforms: ${{ steps.matrix.outputs.platforms }} | |
| metadata: ${{ steps.matrix.outputs.metadata }} | |
| gnu_metadata: ${{ steps.matrix.outputs.gnu_metadata }} | |
| ref: ${{ steps.check.outputs.ref }} | |
| steps: | |
| - name: Get version | |
| id: check | |
| if: github.event_name == 'schedule' | |
| run: | | |
| ref="${{ (github.ref_type == 'tag' && github.ref_name) || (github.event_name == 'workflow_dispatch' && inputs.version) || '' }}" | |
| if [[ -z "${ref}" ]]; then | |
| ref="$(gh release view --repo dunglas/frankenphp --json tagName --jq '.tagName')" | |
| fi | |
| echo "ref=${ref}" >> "${GITHUB_OUTPUT}" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ steps.check.outputs.ref }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Create platforms matrix | |
| id: matrix | |
| run: | | |
| METADATA="$(docker buildx bake --print static-builder-musl | jq -c)" | |
| GNU_METADATA="$(docker buildx bake --print static-builder-gnu | jq -c)" | |
| { | |
| echo metadata="${METADATA}" | |
| echo platforms="$(jq -c 'first(.target[]) | .platforms' <<< "${METADATA}")" | |
| echo gnu_metadata="${GNU_METADATA}" | |
| } >> "${GITHUB_OUTPUT}" | |
| env: | |
| SHA: ${{ github.sha }} | |
| VERSION: ${{ steps.check.outputs.ref || 'dev' }} | |
| build-linux-musl: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| platform: ${{ fromJson(needs.prepare.outputs.platforms) }} | |
| debug: [false] | |
| mimalloc: [false] | |
| include: | |
| - platform: linux/amd64 | |
| - platform: linux/amd64 | |
| debug: true | |
| - platform: linux/amd64 | |
| mimalloc: true | |
| name: Build ${{ matrix.platform }} static musl binary${{ matrix.debug && ' (debug)' || '' }}${{ matrix.mimalloc && ' (mimalloc)' || '' }} | |
| runs-on: ${{ startsWith(matrix.platform, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }} | |
| needs: [prepare] | |
| steps: | |
| - name: Prepare | |
| id: prepare | |
| run: | | |
| platform=${{ matrix.platform }} | |
| echo "sanitized_platform=${platform//\//-}" >> "${GITHUB_OUTPUT}" | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ needs.prepare.outputs.ref }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| platforms: ${{ matrix.platform }} | |
| - name: Login to DockerHub | |
| if: ${{ fromJson(needs.prepare.outputs.push) && !matrix.debug && !matrix.mimalloc }} | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.REGISTRY_USERNAME }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: Build | |
| id: build | |
| uses: docker/bake-action@v6 | |
| with: | |
| pull: true | |
| load: ${{ !fromJson(needs.prepare.outputs.push) || matrix.debug || matrix.mimalloc }} | |
| targets: static-builder-musl | |
| set: | | |
| ${{ matrix.debug && 'static-builder-musl.args.DEBUG_SYMBOLS=1' || '' }} | |
| ${{ matrix.mimalloc && 'static-builder-musl.args.MIMALLOC=1' || '' }} | |
| ${{ (github.event_name == 'pull_request' || matrix.platform == 'linux/arm64') && 'static-builder-musl.args.NO_COMPRESS=1' || '' }} | |
| *.tags= | |
| *.platform=${{ matrix.platform }} | |
| *.cache-from=type=gha,scope=${{ needs.prepare.outputs.ref || github.ref }}-static-builder-musl${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }} | |
| *.cache-from=type=gha,scope=refs/heads/main-static-builder-musl${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }} | |
| *.cache-to=type=gha,scope=${{ needs.prepare.outputs.ref || github.ref }}-static-builder-musl${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }},ignore-error=true | |
| ${{ (fromJson(needs.prepare.outputs.push) && !matrix.debug && !matrix.mimalloc) && format('*.output=type=image,name={0},push-by-digest=true,name-canonical=true,push=true', env.IMAGE_NAME) || '' }} | |
| env: | |
| SHA: ${{ github.sha }} | |
| VERSION: ${{ (github.ref_type == 'tag' && github.ref_name) || needs.prepare.outputs.ref || 'dev' }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - # Workaround for https://github.com/actions/runner/pull/2477#issuecomment-1501003600 | |
| name: Export metadata | |
| if: fromJson(needs.prepare.outputs.push) && !matrix.debug && !matrix.mimalloc | |
| run: | | |
| mkdir -p /tmp/metadata | |
| # shellcheck disable=SC2086 | |
| digest=$(jq -r '."static-builder-musl"."containerimage.digest"' <<< ${METADATA}) | |
| touch "/tmp/metadata/${digest#sha256:}" | |
| env: | |
| METADATA: ${{ steps.build.outputs.metadata }} | |
| - name: Upload metadata | |
| if: fromJson(needs.prepare.outputs.push) && !matrix.debug && !matrix.mimalloc | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: metadata-static-builder-musl-${{ steps.prepare.outputs.sanitized_platform }} | |
| path: /tmp/metadata/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| - name: Copy binary | |
| run: | | |
| # shellcheck disable=SC2034 | |
| digest=$(jq -r '."static-builder-musl"."${{ (fromJson(needs.prepare.outputs.push) && !matrix.debug && !matrix.mimalloc) && 'containerimage.digest' || 'containerimage.config.digest' }}"' <<< "${METADATA}") | |
| docker create --platform=${{ matrix.platform }} --name static-builder-musl "${{ (fromJson(needs.prepare.outputs.push) && !matrix.debug && !matrix.mimalloc) && '${IMAGE_NAME}@${digest}' || '${digest}' }}" | |
| docker cp "static-builder-musl:/go/src/app/dist/${BINARY}" "${BINARY}${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }}" | |
| env: | |
| METADATA: ${{ steps.build.outputs.metadata }} | |
| BINARY: frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }} | |
| - name: Upload artifact | |
| if: ${{ !fromJson(needs.prepare.outputs.push) }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }} | |
| path: frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }} | |
| - name: Upload assets | |
| if: fromJson(needs.prepare.outputs.push) && (needs.prepare.outputs.ref || github.ref_type == 'tag') | |
| run: gh release upload "${{ (github.ref_type == 'tag' && github.ref_name) || needs.prepare.outputs.ref }}" frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }} --repo dunglas/frankenphp --clobber | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - if: fromJson(needs.prepare.outputs.push) && (needs.prepare.outputs.ref || github.ref_type == 'tag') | |
| uses: actions/attest-build-provenance@v2 | |
| with: | |
| subject-path: ${{ github.workspace }}/frankenphp-linux-* | |
| - name: Run sanity checks | |
| run: | | |
| "${BINARY}" version | |
| "${BINARY}" build-info | |
| "${BINARY}" list-modules | grep frankenphp | |
| "${BINARY}" list-modules | grep http.encoders.br | |
| "${BINARY}" list-modules | grep http.handlers.mercure | |
| "${BINARY}" list-modules | grep http.handlers.mercure | |
| "${BINARY}" list-modules | grep http.handlers.vulcain | |
| env: | |
| BINARY: ./frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }} | |
| build-linux-gnu: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| platform: ${{ fromJson(needs.prepare.outputs.platforms) }} | |
| name: Build ${{ matrix.platform }} static GNU binary | |
| runs-on: ${{ startsWith(matrix.platform, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }} | |
| needs: [prepare] | |
| steps: | |
| - name: Prepare | |
| id: prepare | |
| run: | | |
| platform=${{ matrix.platform }} | |
| echo "sanitized_platform=${platform//\//-}" >> "${GITHUB_OUTPUT}" | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ needs.prepare.outputs.ref }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| platforms: ${{ matrix.platform }} | |
| - name: Login to DockerHub | |
| if: ${{ fromJson(needs.prepare.outputs.push) }} | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.REGISTRY_USERNAME }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: Build | |
| id: build | |
| uses: docker/bake-action@v6 | |
| with: | |
| pull: true | |
| load: ${{ !fromJson(needs.prepare.outputs.push) }} | |
| targets: static-builder-gnu | |
| set: | | |
| ${{ (github.event_name == 'pull_request' || matrix.platform == 'linux/arm64') && 'static-builder-gnu.args.NO_COMPRESS=1' || '' }} | |
| *.tags= | |
| *.platform=${{ matrix.platform }} | |
| *.cache-from=type=gha,scope=${{ needs.prepare.outputs.ref || github.ref }}-static-builder-gnu | |
| *.cache-from=type=gha,scope=refs/heads/main-static-builder-gnu | |
| *.cache-to=type=gha,scope=${{ needs.prepare.outputs.ref || github.ref }}-static-builder-gnu,ignore-error=true | |
| ${{ fromJson(needs.prepare.outputs.push) && format('*.output=type=image,name={0},push-by-digest=true,name-canonical=true,push=true', env.IMAGE_NAME) || '' }} | |
| env: | |
| SHA: ${{ github.sha }} | |
| VERSION: ${{ (github.ref_type == 'tag' && github.ref_name) || needs.prepare.outputs.ref || 'dev' }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - # Workaround for https://github.com/actions/runner/pull/2477#issuecomment-1501003600 | |
| name: Export metadata | |
| if: fromJson(needs.prepare.outputs.push) | |
| run: | | |
| mkdir -p /tmp/metadata-gnu | |
| # shellcheck disable=SC2086 | |
| digest=$(jq -r '."static-builder-gnu"."containerimage.digest"' <<< ${METADATA}) | |
| touch "/tmp/metadata-gnu/${digest#sha256:}" | |
| env: | |
| METADATA: ${{ steps.build.outputs.metadata }} | |
| - name: Upload metadata | |
| if: fromJson(needs.prepare.outputs.push) | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: metadata-static-builder-gnu-${{ steps.prepare.outputs.sanitized_platform }} | |
| path: /tmp/metadata-gnu/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| - name: Copy binary | |
| run: | | |
| # shellcheck disable=SC2034 | |
| digest=$(jq -r '."static-builder-gnu"."${{ fromJson(needs.prepare.outputs.push) && 'containerimage.digest' || 'containerimage.config.digest' }}"' <<< "${METADATA}") | |
| docker create --platform=${{ matrix.platform }} --name static-builder-gnu "${{ fromJson(needs.prepare.outputs.push) && format('{0}-gnu@{1}', env.IMAGE_NAME, '${digest}') || '${digest}' }}" | |
| docker cp "static-builder-gnu:/go/src/app/dist/${BINARY}" "${BINARY}-gnu" | |
| env: | |
| METADATA: ${{ steps.build.outputs.metadata }} | |
| BINARY: frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }} | |
| - name: Upload artifact | |
| if: ${{ !fromJson(needs.prepare.outputs.push) }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}-gnu | |
| path: frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}-gnu | |
| - name: Upload assets | |
| if: fromJson(needs.prepare.outputs.push) && (needs.prepare.outputs.ref || github.ref_type == 'tag') | |
| run: gh release upload "${{ (github.ref_type == 'tag' && github.ref_name) || needs.prepare.outputs.ref }}" frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}-gnu --repo dunglas/frankenphp --clobber | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - if: fromJson(needs.prepare.outputs.push) && (needs.prepare.outputs.ref || github.ref_type == 'tag') | |
| uses: actions/attest-build-provenance@v2 | |
| with: | |
| subject-path: ${{ github.workspace }}/frankenphp-linux-*-gnu | |
| - name: Run sanity checks | |
| run: | | |
| "${BINARY}" version | |
| "${BINARY}" list-modules | grep frankenphp | |
| "${BINARY}" list-modules | grep http.encoders.br | |
| "${BINARY}" list-modules | grep http.handlers.mercure | |
| "${BINARY}" list-modules | grep http.handlers.mercure | |
| "${BINARY}" list-modules | grep http.handlers.vulcain | |
| env: | |
| BINARY: ./frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}-gnu | |
| # Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/ | |
| push: | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - prepare | |
| - build-linux-musl | |
| - build-linux-gnu | |
| if: fromJson(needs.prepare.outputs.push) | |
| steps: | |
| - name: Download metadata | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: metadata-static-builder-musl-* | |
| path: /tmp/metadata | |
| merge-multiple: true | |
| - name: Download GNU metadata | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: metadata-static-builder-gnu-* | |
| path: /tmp/metadata-gnu | |
| merge-multiple: true | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.REGISTRY_USERNAME }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: Create manifest list and push | |
| working-directory: /tmp/metadata | |
| run: | | |
| # shellcheck disable=SC2046,SC2086 | |
| docker buildx imagetools create $(jq -cr '.target."static-builder-musl".tags | map("-t " + .) | join(" ")' <<< "${METADATA}") \ | |
| $(printf "${IMAGE_NAME}@sha256:%s " *) | |
| env: | |
| METADATA: ${{ needs.prepare.outputs.metadata }} | |
| - name: Create GNU manifest list and push | |
| working-directory: /tmp/metadata-gnu | |
| run: | | |
| # shellcheck disable=SC2046,SC2086 | |
| docker buildx imagetools create $(jq -cr '.target."static-builder-gnu".tags | map("-t " + . + "-gnu") | join(" ")' <<< "${GNU_METADATA}") \ | |
| $(printf "${IMAGE_NAME}-gnu@sha256:%s " *) | |
| env: | |
| GNU_METADATA: ${{ needs.prepare.outputs.gnu_metadata }} | |
| - name: Inspect image | |
| run: | | |
| # shellcheck disable=SC2046,SC2086 | |
| docker buildx imagetools inspect "$(jq -cr '.target."static-builder-musl".tags | first' <<< "${METADATA}")" | |
| env: | |
| METADATA: ${{ needs.prepare.outputs.metadata }} | |
| - name: Inspect GNU image | |
| run: | | |
| # shellcheck disable=SC2046,SC2086 | |
| docker buildx imagetools inspect "$(jq -cr '.target."static-builder-gnu".tags | first' <<< "${GNU_METADATA}")-gnu" | |
| env: | |
| GNU_METADATA: ${{ needs.prepare.outputs.gnu_metadata }} | |
| build-mac: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| platform: ["arm64", "x86_64"] | |
| name: Build macOS ${{ matrix.platform }} binaries | |
| runs-on: ${{ matrix.platform == 'arm64' && 'macos-14' || 'macos-13' }} | |
| needs: [prepare] | |
| env: | |
| HOMEBREW_NO_AUTO_UPDATE: 1 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ needs.prepare.outputs.ref }} | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.24" | |
| cache-dependency-path: | | |
| go.sum | |
| caddy/go.sum | |
| - name: Set FRANKENPHP_VERSION | |
| run: | | |
| if [ "${GITHUB_REF_TYPE}" == "tag" ]; then | |
| export FRANKENPHP_VERSION=${GITHUB_REF_NAME:1} | |
| elif [ "${GITHUB_EVENT_NAME}" == "schedule" ]; then | |
| export FRANKENPHP_VERSION="${{ needs.prepare.outputs.ref }}" | |
| else | |
| export FRANKENPHP_VERSION=${GITHUB_SHA} | |
| fi | |
| echo "FRANKENPHP_VERSION=${FRANKENPHP_VERSION}" >> "${GITHUB_ENV}" | |
| - name: Build FrankenPHP | |
| run: ./build-static.sh | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| RELEASE: ${{ (needs.prepare.outputs.ref || github.ref_type == 'tag') && '1' || '' }} | |
| NO_COMPRESS: ${{ github.event_name == 'pull_request' && '1' || '' }} | |
| - if: needs.prepare.outputs.ref || github.ref_type == 'tag' | |
| uses: actions/attest-build-provenance@v2 | |
| with: | |
| subject-path: ${{ github.workspace }}/dist/frankenphp-mac-* | |
| - name: Upload artifact | |
| if: github.ref_type == 'branch' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: frankenphp-mac-${{ matrix.platform }} | |
| path: dist/frankenphp-mac-${{ matrix.platform }} | |
| - name: Run sanity checks | |
| run: | | |
| "${BINARY}" version | |
| "${BINARY}" build-info | |
| "${BINARY}" list-modules | grep frankenphp | |
| "${BINARY}" list-modules | grep http.encoders.br | |
| "${BINARY}" list-modules | grep http.handlers.mercure | |
| "${BINARY}" list-modules | grep http.handlers.mercure | |
| "${BINARY}" list-modules | grep http.handlers.vulcain | |
| env: | |
| BINARY: dist/frankenphp-mac-${{ matrix.platform }} |