Draft: Experimental ubuntu 8.2 version

.github/workflows/ci.yml

@@ -7,8 +7,8 @@ on:
   pull_request:
 
 jobs:
-  ci:
-    name: Build PHP Image
+  build-amd64:
+    name: Build PHP Image amd64
 
     runs-on: ubuntu-latest
 
@@ -26,31 +26,105 @@ jobs:
             no-color: "true"
             output-file: "/dev/stdout"
 
-      -   name: "Build Alpine"
+      -   name: "Build Ubuntu"
           run: >
-            ./build_images.sh temporary-build-image
+            ./build_images.sh temporary-build-image linux/amd64
+      -   name: "Export image"
+          run: mv dockercache amdcache
+      -   name: 'Upload Artifact'
+          uses: actions/upload-artifact@v3
+          with:
+            name: amdcache
+            path: amdcache
+            retention-days: 1
+
+  build-arm64:
+    name: Build PHP Image arm64
+
+    runs-on: ARM64
+
+    continue-on-error: false
+
+    steps:
+      -   name: "Checkout code"
+          uses: actions/checkout@v3
+
+      -   name: Lint Dockerfile
+          uses: hadolint/hadolint-action@v3.0.0
+          with:
+            dockerfile: "Dockerfile"
+            format: "tty"
+            no-color: "true"
+            output-file: "/dev/stdout"
 
+      -   name: "Build Ubuntu"
+          run: >
+            ./build_images.sh temporary-build-image linux/arm64/v8
+      -   name: "Export image"
+          run: mv dockercache armcache
+      -   name: 'Upload Artifact'
+          uses: actions/upload-artifact@v3
+          with:
+            name: armcache
+            path: armcache
+            retention-days: 1
+
+  upload:
+    name: Upload PHP Image
+
+    runs-on: ubuntu-latest
+
+    needs: 
+      - build-arm64
+      - build-amd64
+
+    continue-on-error: false
+
+    steps:
+      -   name: "Checkout code"
+          uses: actions/checkout@v3
+
+      -   name: Download amd64
+          uses: actions/download-artifact@v3
+          with:
+            name: amdcache
+            path: amdcache
+
+      -   name: Download arm64
+          uses: actions/download-artifact@v3
+          with:
+            name: armcache
+            path: armcache
+
+      -   name: "Create docker cache"
+          run: >
+            cp -rf amdcache dockercache
+
+      -   name: "Reload build cache for amd64"
+          run: >
+            ./build_images.sh temporary-build-image linux/amd64
+
       -   name: "Smoke test with php -v"
           run: docker run --pull=never --rm -t temporary-build-image-linux-amd64 php -v
 
       -   name: "PHP_VERSION Env"
-          run: echo "PHP_VERSION=`docker run --pull=never --rm -t temporary-build-image-linux-amd64 php --version | head -n 1 | cut -f 2 -d ' '`" >> $GITHUB_ENV
+          run: echo "PHP_VERSION=`docker run --pull=never --rm -t temporary-build-image-linux-amd64 php --version | head -n 1 | cut -f 2 -d ' '`-ubuntu" >> $GITHUB_ENV
 
       -   name: Tag also with php:${{ env.PHP_VERSION }}
           run: docker tag temporary-build-image-linux-amd64 php-${{ env.PHP_VERSION }}
 
-      -   name: "Check Alpine -i"
+      -   name: "Check Ubuntu -i"
           run: docker run --pull=never --rm -t php-${{ env.PHP_VERSION }} php -i
 
-      -   name: "Check Alpine -v"
+      -   name: "Check Ubuntu -v"
           run: docker run --pull=never --rm -t php-${{ env.PHP_VERSION }} php -v
 
       -   name: "Run Tests"
           run: tests/run_tests.sh
           env:
             DOCKER_REGISTRY_IMAGE: "temporary-build-image-linux-amd64"
 
-      -   name: Run Alpine Trivy vulnerability scanner
+      -   name: Run Ubuntu Trivy vulnerability scanner
           uses: aquasecurity/trivy-action@master
           with:
             image-ref: php-${{ env.PHP_VERSION }}
@@ -61,19 +135,19 @@ jobs:
             severity: 'CRITICAL,HIGH'
 
       -   if: contains(github.ref, 'refs/heads/release/')
-          name: Run Alpine Trivy vulnerability scanner and upload to github security tab
+          name: Run Ubuntu Trivy vulnerability scanner and upload to github security tab
           uses: aquasecurity/trivy-action@master
           with:
             image-ref: php-${{ env.PHP_VERSION }}
             format: 'sarif'
             output: 'trivy-results.sarif'
 
       -   if: contains(github.ref, 'refs/heads/release/')
-          name: Upload Alpine Trivy scan results to GitHub Security tab
+          name: Upload Ubuntu Trivy scan results to GitHub Security tab
           uses: github/codeql-action/upload-sarif@v2
           with:
             sarif_file: 'trivy-results.sarif'
-#
+
       -   if: contains(github.ref, 'refs/heads/release/')
           name: Run Trivy in GitHub SBOM mode and submit results to Dependency Snapshots
           uses: aquasecurity/trivy-action@master

.github/workflows/release-notes.yml

@@ -3,22 +3,24 @@ name: Main
 on:
   push:
     tags:
-      - "*.*.*"
+      - "*.*.*-ubuntu"
 
 jobs:
   create-release-notes:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+      - name: Export UBUNTU_SUFFIX (if ubuntu is enabled)
+        run: echo "UBUNTU_SUFFIX=`echo ${{ github.ref_name }} | grep 'ubuntu' > /dev/null && echo '-ubuntu' || echo ''`" >> $GITHUB_ENV
       - name: "Fetch all existing tags"
-        run: curl -L -s 'https://registry.hub.docker.com/v2/repositories/endava/php/tags?page_size=9999'|jq -r '."results"[]["name"] | select(test( "^[0-9]+.[0-9]+.[0-9]+$"))' > existing_docker_tags.txt
+        run: curl -L -s 'https://registry.hub.docker.com/v2/repositories/endava/php/tags?page_size=9999'|jq -r ".\"results\"[][\"name\"] | select(test( \"^[0-9]+.[0-9]+.[0-9]+${UBUNTU_SUFFIX}\$\"))" > existing_docker_tags.txt
       - name: "Store the current tag"
         run: echo ${{ github.ref_name }} > current_tag.txt
       - name: "Export PREVIOUS_PHP_VERSION environment variable"
         run: echo "PREVIOUS_PHP_VERSION=`cat existing_docker_tags.txt current_tag.txt | sort -n | uniq | grep -Fx -a1 ${{ github.ref_name }} | head -n 1`" >> $GITHUB_ENV
       - name: "Export the php -i of previous php version ${{ env.PREVIOUS_PHP_VERSION }}"
-        run: docker run --rm endava/php:${{ env.PREVIOUS_PHP_VERSION }} php -i | sed '/^Environment$/,$d' > previous-php-i.txt
+        run: docker run --rm ghcr.io/endava/docker-php:${{ env.PREVIOUS_PHP_VERSION }} php -i | sed '/^Environment$/,$d' > previous-php-i.txt
       - name: Generate Changelog
         run: docker run --rm -v `pwd`/previous-php-i.txt:/usr/src/app/previous-php-i.txt -v `pwd`/generate-changelog.php:/usr/src/app/generate-changelog.php ghcr.io/endava/docker-php:${{ github.ref_name }} php /usr/src/app/generate-changelog.php ghcr.io/endava/docker-php:${{ github.ref_name }} > RELEASE_NOTES.txt
       - name: Release

.hadolint.yaml

@@ -1,3 +1,6 @@
 ignored:
-- DL3018 # warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
 - DL3059 # info: Multiple consecutive `RUN` instructions. Consider consolidation.
+- DL3008 # warning: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
+- DL3009 # info: Delete the apt-get lists after installing something
+- DL3015 # info: Avoid additional packages by specifying `--no-install-recommends`
+- DL3005 # error: Do not use apt-get dist-upgrade