encodium · pdodgen-revparts · Jun 8, 2026 · Jun 8, 2026 · Jun 9, 2026 · Jun 9, 2026
@@ -0,0 +1,107 @@
+name: Build PHP (Laravel)
+on:
+  workflow_call:
+    inputs:
+      php_version:
+        required: false
+        type: string
+        default: "8.3"
+      php_extensions:
+        required: false
+        type: string
+        default: "bcmath intl gd"
+      build_cli_image:
+        required: false
+        type: boolean
+        default: false
+      dockerfile_app_path:
+        required: false
+        type: string
+        default: "./build/Dockerfile-app"
+      dockerfile_webserver_path:
+        required: false
+        type: string
+        default: "./build/Dockerfile-nginx"
+      webserver_tag_prefix:
+        required: false
+        type: string
+        default: "webserver-"
+      dockerfile_cli_path:
+        required: false
+        type: string
+        default: "./build/Dockerfile-cli"
+      release_branches:
+        required: false
+        type: string
+        default: "stage,hotfix,rc"
+    secrets:
+      packagist_username:
+        required: true
+      packagist_password:
+        required: true
+      gh_token:
+        required: true
+    outputs:
+      tag:
+        description: "The released tag"
+        value: ${{ jobs.tag-and-release.outputs.tag }}
+
+jobs:
+  calculate-tag:
+    name: Calculate Build Tag
+    runs-on: ubuntu-latest
+    outputs:
+      tag: ${{ steps.dry_tag_version.outputs.new_tag }}
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+      - id: dry_tag_version
+        uses: mathieudutour/github-tag-action@v6.1
+        with:
+          github_token: ${{ secrets.gh_token }}
+          release_branches: ${{ inputs.release_branches }}
+          fetch_all_tags: true
+          dry_run: true
+
+  build:
+    needs: [calculate-tag]
+    uses: ./.github/workflows/php-laravel-build-push.yaml
+    with:
+      php_version: ${{ inputs.php_version }}
+      php_extensions: ${{ inputs.php_extensions }}
+      build_app_image: true
+      build_webserver_image: true
+      build_cli_image: ${{ inputs.build_cli_image }}
+      dockerfile_app_path: ${{ inputs.dockerfile_app_path }}
+      dockerfile_webserver_path: ${{ inputs.dockerfile_webserver_path }}
+      webserver_tag_prefix: ${{ inputs.webserver_tag_prefix }}
+      dockerfile_cli_path: ${{ inputs.dockerfile_cli_path }}
+      new_tag: ${{ needs.calculate-tag.outputs.tag }}
+    secrets:
+      packagist_username: ${{ secrets.packagist_username }}
+      packagist_password: ${{ secrets.packagist_password }}
+      gh_token: ${{ secrets.gh_token }}
+
+  tag-and-release:
+    name: Github Tag and Release
+    needs: [build]
+    runs-on: ubuntu-latest
+    outputs:
+      tag: ${{ steps.tag_version.outputs.new_tag }}
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+      - id: tag_version
+        uses: mathieudutour/github-tag-action@v6.1
+        with:
+          github_token: ${{ secrets.gh_token }}
+          release_branches: ${{ inputs.release_branches }}
+          fetch_all_tags: true
+      - uses: ncipollo/release-action@v1
+        with:
+          tag: ${{ steps.tag_version.outputs.new_tag }}
+          name: Prerelease ${{ steps.tag_version.outputs.new_tag }}
+          body: ${{ steps.tag_version.outputs.changelog }}
+          prerelease: true
@@ -0,0 +1,92 @@
+name: Build PHP (v1)
+on:
+  workflow_call:
+    inputs:
+      images:
+        description: 'JSON array of {image_name?, dockerfile, target?, tag_prefix, extra_tag}'
+        required: true
+        type: string
+      php_version:
+        required: false
+        type: string
+        default: "8.3"
+      release_branches:
+        required: false
+        type: string
+        default: "stage,hotfix,rc"
+      cache_type:
+        required: false
+        type: string
+        default: "gha"
+    secrets:
+      packagist_username:
+        required: true
+      packagist_password:
+        required: true
+      gh_token:
+        required: true
+    outputs:
+      tag:
+        description: "The released tag"
+        value: ${{ jobs.tag-and-release.outputs.tag }}
+
+jobs:
+  calculate-tag:
+    name: Calculate Build Tag
+    runs-on: ubuntu-latest
+    outputs:
+      tag: ${{ steps.dry_tag_version.outputs.new_tag }}
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+      - id: dry_tag_version
+        uses: mathieudutour/github-tag-action@v6.1
+        with:
+          github_token: ${{ secrets.gh_token }}
+          release_branches: ${{ inputs.release_branches }}
+          fetch_all_tags: true
+          dry_run: true
+
+  build:
+    name: Build ${{ matrix.image.tag_prefix }}image
+    needs: [calculate-tag]
+    strategy:
+      matrix:
+        image: ${{ fromJSON(inputs.images) }}
+    uses: ./.github/workflows/php-build-push.yaml
+    with:
+      php_version: ${{ inputs.php_version }}
+      image_name: ${{ matrix.image.image_name }}
+      dockerfile: ${{ matrix.image.dockerfile }}
+      build_target: ${{ matrix.image.target }}
+      tag: ${{ matrix.image.tag_prefix }}${{ needs.calculate-tag.outputs.tag }}
+      extra_tag: ${{ matrix.image.extra_tag }}
+      cache_type: ${{ inputs.cache_type }}
+    secrets:
+      packagist_username: ${{ secrets.packagist_username }}
+      packagist_password: ${{ secrets.packagist_password }}
+      gh_token: ${{ secrets.gh_token }}
+
+  tag-and-release:
+    name: Github Tag and Release
+    needs: [build]
+    runs-on: ubuntu-latest
+    outputs:
+      tag: ${{ steps.tag_version.outputs.new_tag }}
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+      - id: tag_version
+        uses: mathieudutour/github-tag-action@v6.1
+        with:
+          github_token: ${{ secrets.gh_token }}
+          release_branches: ${{ inputs.release_branches }}
+          fetch_all_tags: true
+      - uses: ncipollo/release-action@v1
+        with:
+          tag: ${{ steps.tag_version.outputs.new_tag }}
+          name: Prerelease ${{ steps.tag_version.outputs.new_tag }}
+          body: ${{ steps.tag_version.outputs.changelog }}
+          prerelease: true
@@ -25,6 +25,21 @@ on:
         required: false
         type: string
         default: "app"
+      image_name:
+        description: "Image repo path override for separate images, e.g. <repo>-profiler. Empty = github.repository."
+        required: false
+        type: string
+        default: ""
+      extra_tag:
+        description: "Optional companion tag to also push (e.g. latest, nginx-latest)."
+        required: false
+        type: string
+        default: ""
+      cache_type:
+        description: "Buildx cache backend: gha or registry."
+        required: false
+        type: string
+        default: "registry"
     secrets:
       packagist_username:
         required: true
@@ -79,26 +94,55 @@ jobs:
             }
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-
+        uses: docker/setup-buildx-action@v3
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.gh_token }}
-
-      - name: Docker Build and Push App
-        uses: docker/build-push-action@v2
+      - name: Resolve image name and tags
+        id: meta
         env:
-          REGISTRY: ghcr.io
-          IMAGE_NAME: ${{ github.repository }}
+          IMAGE_NAME_INPUT: ${{ inputs.image_name }}
+          OWNER: ${{ github.repository_owner }}
+          DEFAULT_NAME: ${{ github.repository }}
+          TAG: ${{ inputs.tag }}
+          EXTRA: ${{ inputs.extra_tag }}
+          CACHE_TYPE: ${{ inputs.cache_type }}
+          DOCKERFILE: ${{ inputs.dockerfile }}
+          BUILD_TARGET: ${{ inputs.build_target }}
+        run: |
+          name="$IMAGE_NAME_INPUT"
+          if [ -z "$name" ]; then
+            name="$DEFAULT_NAME"
+          elif [ "${name#*/}" = "$name" ]; then
+            # bare name (no slash) → scope it under the repo owner, e.g. rp_api-profiler → encodium/rp_api-profiler
+            name="${OWNER}/${name}"
+          fi
+          ref="ghcr.io/${name}"
+          tags="${ref}:${TAG}"
+          [ -n "$EXTRA" ] && tags="${tags},${ref}:${EXTRA}"
+          echo "tags=${tags}" >> "$GITHUB_OUTPUT"
+          # Cache key = image + dockerfile + target, so matrix legs that share an image repo
+          # (e.g. app/nginx/apache all under <owner>/<repo>) don't collide on one cache.
+          disc="$(printf '%s-%s' "$DOCKERFILE" "$BUILD_TARGET" | tr -cs 'A-Za-z0-9' '-' | sed 's/^-*//;s/-*$//')"
+          if [ "$CACHE_TYPE" = "gha" ]; then
+            scope="${name//\//-}-${disc}"
+            echo "cache_from=type=gha,scope=${scope}" >> "$GITHUB_OUTPUT"
+            echo "cache_to=type=gha,scope=${scope},mode=max" >> "$GITHUB_OUTPUT"
+          else
+            echo "cache_from=type=registry,ref=${ref}:buildcache-${disc}" >> "$GITHUB_OUTPUT"
+            echo "cache_to=type=registry,ref=${ref}:buildcache-${disc},mode=max" >> "$GITHUB_OUTPUT"
+          fi
+      - name: Docker Build and Push
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: ${{ inputs.dockerfile }}
           push: true
           platforms: linux/amd64
           target: ${{ inputs.build_target }}
-          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ inputs.tag }}
-          cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache
-          cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache,mode=max
+          tags: ${{ steps.meta.outputs.tags }}
+          cache-from: ${{ steps.meta.outputs.cache_from }}
+          cache-to: ${{ steps.meta.outputs.cache_to }}
@@ -42,6 +42,11 @@ on:
         required: false
         type: string
         default: "./build/Dockerfile-nginx"
+      webserver_tag_prefix:
+        description: "Tag prefix for the webserver image (e.g. webserver- or nginx-)."
+        required: false
+        type: string
+        default: "webserver-"
       new_tag:
         type: string
         required: true
@@ -145,7 +150,7 @@ jobs:
           push: true
           file: ${{ inputs.dockerfile_webserver_path }}
           platforms: linux/amd64
-          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:webserver-${{ inputs.new_tag }},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:webserver-latest
+          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ inputs.webserver_tag_prefix }}${{ inputs.new_tag }},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ inputs.webserver_tag_prefix }}latest
           cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache-webserver
           cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache-webserver,mode=max
   build-and-push-cli-image: