From 7e0810159fcd4bf3123fd70b6637a69e084b48d1 Mon Sep 17 00:00:00 2001 From: Damien LAGAE Date: Thu, 26 Feb 2026 14:12:04 +0100 Subject: [PATCH] fix: correct CI template bugs for GitLab and GitHub Actions - Replace Kaniko with Docker-in-Docker for GitLab CI image builds, using CI_JOB_TOKEN auth instead of fragile base64-encoded credentials - Fix GitHub Actions container image reference: env.CI_IMAGE is not supported in container.image context, use job outputs instead - Fix MySQL/MariaDB healthcheck in GitHub Actions: replace failing healthcheck.sh with mysqladmin ping and increase retries --- templates/ci/github/workflows/ci.yml.tpl | 22 ++++++++++--------- templates/ci/gitlab-ci.yml.tpl | 20 +++++++---------- .../Generator/GitHubActionsGeneratorTest.php | 4 ++-- tests/Generator/GitLabCiGeneratorTest.php | 3 ++- 4 files changed, 24 insertions(+), 25 deletions(-) diff --git a/templates/ci/github/workflows/ci.yml.tpl b/templates/ci/github/workflows/ci.yml.tpl index f48673e..a1e8492 100644 --- a/templates/ci/github/workflows/ci.yml.tpl +++ b/templates/ci/github/workflows/ci.yml.tpl @@ -10,14 +10,16 @@ permissions: contents: read packages: write -env: - CI_IMAGE: ghcr.io/${{ github.repository }}/ci:php - - jobs: build-image: runs-on: ubuntu-latest + outputs: + image: ${{ steps.meta.outputs.image }} steps: + - name: Set image name + id: meta + run: echo "image=ghcr.io/${GITHUB_REPOSITORY,,}/ci:php" >> $GITHUB_OUTPUT + - uses: actions/checkout@v4 - name: Log in to GHCR @@ -36,7 +38,7 @@ jobs: context: . file: .github/ci/Dockerfile push: true - tags: ${{ env.CI_IMAGE }} + tags: ${{ steps.meta.outputs.image }} cache-from: type=gha cache-to: type=gha,mode=max @@ -44,7 +46,7 @@ jobs: needs: [build-image] runs-on: ubuntu-latest container: - image: ${{ env.CI_IMAGE }} + image: ${{ needs.build-image.outputs.image }} credentials: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} @@ -95,7 +97,7 @@ jobs: needs: [build-image, build] runs-on: ubuntu-latest container: - image: ${{ env.CI_IMAGE }} + image: ${{ needs.build-image.outputs.image }} credentials: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} @@ -122,7 +124,7 @@ jobs: needs: [build-image, build] runs-on: ubuntu-latest container: - image: ${{ env.CI_IMAGE }} + image: ${{ needs.build-image.outputs.image }} credentials: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} @@ -164,11 +166,11 @@ jobs: options: --health-cmd pg_isready --health-interval=10s --health-timeout=5s --health-retries=3 - options: --health-cmd="healthcheck.sh --connect --innodb_initialized" --health-interval=10s --health-timeout=5s --health-retries=3 + options: --health-cmd="mysqladmin ping -h 127.0.0.1 -u root -p --silent" --health-interval=5s --health-timeout=5s --health-retries=10 container: - image: ${{ env.CI_IMAGE }} + image: ${{ needs.build-image.outputs.image }} credentials: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} diff --git a/templates/ci/gitlab-ci.yml.tpl b/templates/ci/gitlab-ci.yml.tpl index 137b9a6..288a089 100644 --- a/templates/ci/gitlab-ci.yml.tpl +++ b/templates/ci/gitlab-ci.yml.tpl @@ -42,19 +42,15 @@ variables: build:image: stage: .pre - image: - name: gcr.io/kaniko-project/executor:v1.23.2-debug - entrypoint: [""] + image: docker:27 + services: + - docker:27-dind + variables: + DOCKER_TLS_CERTDIR: "/certs" script: - - mkdir -p /kaniko/.docker - - echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(printf '%s:%s' "$CI_REGISTRY_USER" "$CI_REGISTRY_PASSWORD" | base64)\"}}}" > /kaniko/.docker/config.json - - >- - /kaniko/executor - --context $CI_PROJECT_DIR - --dockerfile $CI_PROJECT_DIR/.gitlab/ci/Dockerfile - --destination $CI_IMAGE - --cache=true - --cache-repo $CI_REGISTRY_IMAGE/ci/cache + - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY + - docker build -t $CI_IMAGE -f .gitlab/ci/Dockerfile . + - docker push $CI_IMAGE rules: - changes: - .gitlab/ci/Dockerfile diff --git a/tests/Generator/GitHubActionsGeneratorTest.php b/tests/Generator/GitHubActionsGeneratorTest.php index 50c1172..e2a1c73 100644 --- a/tests/Generator/GitHubActionsGeneratorTest.php +++ b/tests/Generator/GitHubActionsGeneratorTest.php @@ -107,7 +107,7 @@ public function testCiJobsUseContainer(): void $ci = $files['.github/workflows/ci.yml']; self::assertStringContainsString('container:', $ci); - self::assertStringContainsString('image: ${{ env.CI_IMAGE }}', $ci); + self::assertStringContainsString('image: ${{ needs.build-image.outputs.image }}', $ci); } public function testCiWithDatabaseUsesDatabaseHostname(): void @@ -172,7 +172,7 @@ public function testCiContainsGhcrImage(): void $files = $this->generator->generate($config); - self::assertStringContainsString('ghcr.io/${{ github.repository }}/ci:php8.4', $files['.github/workflows/ci.yml']); + self::assertStringContainsString('ghcr.io/${GITHUB_REPOSITORY,,}/ci:php8.4', $files['.github/workflows/ci.yml']); } public function testCiJobsNeedBuildImage(): void diff --git a/tests/Generator/GitLabCiGeneratorTest.php b/tests/Generator/GitLabCiGeneratorTest.php index b1c0caa..fb0deb2 100644 --- a/tests/Generator/GitLabCiGeneratorTest.php +++ b/tests/Generator/GitLabCiGeneratorTest.php @@ -115,7 +115,8 @@ public function testCiContainsBuildImageJob(): void $ci = $files['.gitlab-ci.yml']; self::assertStringContainsString('build:image:', $ci); - self::assertStringContainsString('kaniko', $ci); + self::assertStringContainsString('docker:27', $ci); + self::assertStringContainsString('docker login -u gitlab-ci-token -p $CI_JOB_TOKEN', $ci); self::assertStringContainsString('$CI_IMAGE', $ci); }