Skip to content

DEVEX-1630: shared PHP build orchestrators (foundation)#129

Merged
pdodgen-revparts merged 12 commits into
mainfrom
DEVEX-1630-unify-php-build-workflows
Jun 11, 2026
Merged

DEVEX-1630: shared PHP build orchestrators (foundation)#129
pdodgen-revparts merged 12 commits into
mainfrom
DEVEX-1630-unify-php-build-workflows

Conversation

@pdodgen-revparts

Copy link
Copy Markdown
Contributor

Phase 1A of DEVEX-1630 — the shared-workflow foundation only. No service repos are touched in this PR; these reusable workflows have no effect until a caller references them (pilots follow in separate PRs).

What this adds

  • build-php-v1.yaml (new) — v1/legacy PHP build orchestrator. Spine calculate-tag → build → tag-and-release, exposes a tag output. The build job matrixes over an images JSON array and calls php-build-push.yaml once per image (app / nginx / profiler / apache), reproducing each repo's exact current tags.
  • build-php-laravel.yaml (new) — Laravel PHP build orchestrator. Same spine; build makes one call to the existing php-laravel-build-push.yaml (app + webserver, artisan-cached).
  • php-build-push.yaml (modified) — added image_name, extra_tag, cache_type inputs and modernized buildx@v3 / login@v3 / build-push@v6. Buildx cache is now keyed per resolved image name (registry ref / gha scope) so matrix legs don't collide. No existing org consumers, so this is backward-safe.

Both orchestrators call their sibling helper via the local ./.github/workflows/... path, so the nested call resolves at the orchestrator's own ref (self-consistent at @main or on a branch).

Validation

  • actionlint clean on all three files.
  • Each change passed spec-compliance + code-quality review.
  • No live builds/deploys triggered by this PR.

Not in this PR

Per-repo Build.yaml migrations (license_api + returns-api pilots, then fan-out incl. webstore last) land as separate PRs after this merges. Phase 0 integration-deploy gate is tracked under DEVEX-1629.

Design + plan: docs/superpowers/specs/2026-06-08-unify-php-build-workflows-design.md, docs/superpowers/plans/2026-06-08-unify-php-build-workflows.md.

🤖 Generated with Claude Code

@cursor

cursor Bot commented Jun 9, 2026

Copy link
Copy Markdown

PR Summary

Low Risk
CI-only shared workflows with additive optional inputs on php-build-push; inactive until callers adopt them. Main follow-on risk is tag fidelity when repos migrate, not this merge alone.

Overview
Phase 1A (DEVEX-1630) adds shared PHP build orchestrators in encodium/.github so service repos can later replace duplicated Build.yaml logic. Nothing runs until a repo calls these workflows.

Two new workflow_call orchestrators share the spine calculate-tag → build → tag-and-release and expose a tag output: build-php-v1.yaml matrixes over a JSON images array and invokes php-build-push.yaml per image (app/nginx/profiler/apache tags); build-php-laravel.yaml wraps php-laravel-build-push.yaml (app + webserver, optional CLI) and forwards webserver_tag_prefix (default webserver-).

php-build-push.yaml gains optional image_name, extra_tag, and cache_type (gha vs registry), bumps Docker actions to buildx/login v3 and build-push v6, and resolves GHCR names/tags plus per-dockerfile/target cache scopes so matrix legs do not share one buildcache. php-laravel-build-push.yaml webserver tags use the configurable prefix instead of hardcoded webserver-.

Design and rollout docs are added under docs/superpowers/; per-repo migrations are out of scope for this PR.

Reviewed by Cursor Bugbot for commit cf8e396. Bugbot is set up for automated code reviews on this repo. Configure here.

Comment thread .github/workflows/php-build-push.yaml

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

There are 2 total unresolved issues (including 1 from previous review).

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 6c6ac70. Configure here.

Comment thread .github/workflows/php-build-push.yaml Outdated
@pdodgen-revparts

Copy link
Copy Markdown
Contributor Author

Thanks Bugbot — both valid, fixed in 42a605b (php-build-push.yaml resolve step):

  1. Profiler image missing org prefix (High): a bare image_name (e.g. rp_api-profiler) is now scoped under the repo owner → ghcr.io/encodium/rp_api-profiler. A value that already contains owner/ and the empty default (github.repository) are unchanged. Tags are built from the corrected ref.
  2. Matrix legs share build cache (Medium): the cache key/scope now incorporates the dockerfile + build target, so same-image legs (app/nginx/apache under <owner>/<repo>) get distinct caches (:buildcache-build-nginx-Dockerfile, gha scope=<owner>-<repo>-build-nginx-Dockerfile, etc.) instead of colliding.

@pdodgen-revparts pdodgen-revparts marked this pull request as ready for review June 11, 2026 21:25
@pdodgen-revparts pdodgen-revparts requested a review from a team as a code owner June 11, 2026 21:25
@pdodgen-revparts pdodgen-revparts merged commit 850abe7 into main Jun 11, 2026
2 checks passed
@pdodgen-revparts pdodgen-revparts deleted the DEVEX-1630-unify-php-build-workflows branch June 11, 2026 21:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant