chore(ci): configured github action

.commitlintrc

@@ -0,0 +1,92 @@
+{
+  "defaultIgnores": true,
+  "extends": "@commitlint/config-conventional",
+  "rules": {
+    "scope-enum": [
+      2,
+      "always",
+      [
+        "symfony",
+        "doctrine",
+        "github",
+        "ci",
+        "deps",
+        "docker-image",
+        "github-action",
+        "docker",
+        "pihole"
+      ]
+    ],
+    "scope-empty": [
+      0
+    ],
+    "body-leading-blank": [
+      1,
+      "always"
+    ],
+    "body-max-line-length": [
+      2,
+      "always",
+      100
+    ],
+    "footer-leading-blank": [
+      1,
+      "always"
+    ],
+    "footer-max-line-length": [
+      2,
+      "always",
+      100
+    ],
+    "header-max-length": [
+      2,
+      "always",
+      100
+    ],
+    "subject-case": [
+      2,
+      "never",
+      [
+        "sentence-case",
+        "start-case",
+        "pascal-case",
+        "upper-case"
+      ]
+    ],
+    "subject-empty": [
+      2,
+      "never"
+    ],
+    "subject-full-stop": [
+      2,
+      "never",
+      "."
+    ],
+    "type-case": [
+      2,
+      "always",
+      "lower-case"
+    ],
+    "type-empty": [
+      2,
+      "never"
+    ],
+    "type-enum": [
+      2,
+      "always",
+      [
+        "build",
+        "chore",
+        "ci",
+        "docs",
+        "feat",
+        "fix",
+        "perf",
+        "refactor",
+        "revert",
+        "style",
+        "test"
+      ]
+    ]
+  }
+}

.github/renovate.json

@@ -0,0 +1,5 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": ["local>kilip/renovate-config"],
+  "semanticCommits": "enabled"
+}

.github/workflows/build-image.yaml

@@ -2,14 +2,15 @@
 name: "Build Image"
 
 on:
+  workflow_call:
   workflow_dispatch:
-  push:
-    branches: ["main"]
 
 jobs:
   build-and-test:
     name: Build and test
     runs-on: ubuntu-latest
+    env:
+      DOCKER_IMAGE: ghcr.io/${{ github.repository }}
     steps:
       - uses: actions/checkout@v4
         with:
@@ -21,9 +22,16 @@ jobs:
         run: |-
           echo "build_date=$(date --rfc-3339=seconds --utc)" >> $GITHUB_OUTPUT
           echo "goss_args=tail -f /dev/null" >> $GITHUB_OUTPUT
-          echo "tag_version=docker-dns:latest" >> $GITHUB_OUTPUT
-          echo "tag_testing=docker-dns:testingz" >> $GITHUB_OUTPUT
-          echo "tag_rolling=docker-dns:rolling" >> $GITHUB_OUTPUT
+          echo "tag_testing=testingz" >> $GITHUB_OUTPUT
+          echo "tag_rolling=rolling" >> $GITHUB_OUTPUT
+
+          date=$(date +'%Y%m%d%H%M%S')
+          ref="${{ github.ref }}"
+          if [[ $ref == ref/tags/v* ]]; then
+            echo "tag_version=${{ github.ref_name }}" >> $GITHUB_OUTPUT
+          else
+            echo "tag_version=daily${date}" >> $GITHUB_OUTPUT
+          fi
 
       - name: Setup Goss
         uses: e1himself/[email protected]
@@ -50,9 +58,9 @@ jobs:
           build-args: |-
             VERSION=latest
           context: .
-          platforms: linux/amd64 # load does not support muti-arch https://github.com/docker/buildx/issues/290
+          platforms: linux/amd64, linux/arm64
           load: true
-          tags: ghcr.io/${{ github.repository_owner }}/${{ steps.vars.outputs.tag_testing }}
+          tags: ${{ env.DOCKER_IMAGE }}:testingz
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
@@ -66,29 +74,33 @@ jobs:
           GOSS_SLEEP: 2
           GOSS_FILES_STRATEGY: cp
           CONTAINER_LOG_OUTPUT: goss_container_log_output
-        run: dgoss run ghcr.io/${{ github.repository_owner }}/${{ steps.vars.outputs.tag_testing }} ${{ steps.vars.outputs.goss_args }}
+        run: dgoss run ${{ env.DOCKER_IMAGE }} ${{ steps.vars.outputs.goss_args }}
 
       - name: Build all platforms
         id: release
         uses: docker/build-push-action@v6
         with:
-          build-args: |-
-            VERSION=${{ steps.vars.outputs.tag_version }}
-            CHANNEL=stable
           labels: |-
-            ${{ steps.vars.outputs.chan_label_type }}.created="${{ steps.vars.outputs.build_date }}"
-            ${{ steps.vars.outputs.chan_label_type }}.title="docker-dns (stable)"
-            ${{ steps.vars.outputs.chan_label_type }}.version="${{ steps.vars.outputs.tag_version }}"
-            ${{ steps.vars.outputs.chan_label_type }}.authors="Anthonius Munthi <[email protected]>"
-            ${{ steps.vars.outputs.chan_label_type }}.url="https://github.com/kilip/docker-dns"
-            ${{ steps.vars.outputs.chan_label_type }}.build.url="https://github.com/kilip/docker-dns/actions/runs/${{ github.run_id }}"
-            ${{ steps.vars.outputs.chan_label_type }}.documentation="https://github.com/kilip/docker-dns/README.md"
-            ${{ steps.vars.outputs.chan_label_type }}.revision="${{ github.sha }}"
+            org.opencontainers.image.created="${{ steps.vars.outputs.build_date }}"
+            org.opencontainers.image.title="docker-dns (stable)"
+            org.opencontainers.image.version="${{ steps.vars.outputs.tag_version }}"
+            org.opencontainers.image.authors="Anthonius Munthi <[email protected]>"
+            org.opencontainers.image.url="https://github.com/kilip/docker-dns"
+            org.opencontainers.image.build.url="https://github.com/kilip/docker-dns/actions/runs/${{ github.run_id }}"
+            org.opencontainers.image.documentation="https://github.com/kilip/docker-dns/README.md"
+            org.opencontainers.image.revision="${{ github.sha }}"
           context: .
-          platforms: linux/amd64, linux/arm64
+          platforms: linux/amd64
           push: true
-          tags: |-
-            ghcr.io/${{ github.repository_owner }}/${{ steps.vars.outputs.tag_rolling }}
-            ghcr.io/${{ github.repository_owner }}/${{ steps.vars.outputs.tag_version }}
+          tags: ${{ env.DOCKER_IMAGE }}:${{ steps.vars.outputs.tag_version }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+
+      - name: Push latest tags
+        if: startsWith(github.ref, 'refs/tags/v')
+        run: |
+          docker tag ${{ env.DOCKER_IMAGE }}:${{ steps.vars.outputs.tag_version }} ${{ env.DOCKER_IMAGE }}:latest
+          docker push ${{ env.DOCKER_IMAGE }}:latest
+
+          docker tag ${{ env.DOCKER_IMAGE }}:${{ steps.vars.outputs.tag_version }} ${{ env.DOCKER_IMAGE }}:rolling
+          docker push ${{ env.DOCKER_IMAGE }}:rolling

.github/workflows/check.yaml

@@ -0,0 +1,116 @@
+---
+name: Static Check
+
+on:
+  workflow_call:
+
+env:
+  COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+jobs:
+  commitlint:
+    if: github.event_name == 'pull_request'
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Run commitlint
+        run: |
+          commit=$(gh api \
+            /repos/${{ github.repository }}/pulls/${{github.event.number}}/commits \
+            | jq -r '.[0].commit.message' \
+            | head -n 1)
+          # we can't use npx see https://github.com/conventional-changelog/commitlint/issues/613
+          echo '{}' > package.json
+          npm install --no-fund --no-audit @commitlint/config-conventional @commitlint/cli
+          echo $commit | ./node_modules/.bin/commitlint -g .commitlintrc
+
+  php-cs-fixer:
+    name: PHP CS Fixer (PHP ${{ matrix.php }})
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    strategy:
+      matrix:
+        php:
+          - "8.3"
+      fail-fast: false
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          extensions: intl, bcmath, curl, openssl, mbstring, mongodb
+          ini-values: memory_limit=-1
+          tools: pecl, composer, php-cs-fixer
+          coverage: none
+      - name: Run PHP-CS-Fixer fix
+        run: php-cs-fixer fix --dry-run --diff --ansi
+
+  phpstan:
+    name: PHPStan (PHP ${{ matrix.php }})
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    strategy:
+      matrix:
+        php:
+          - "8.3"
+      fail-fast: false
+    env:
+      APP_DEBUG: "1" # https://github.com/phpstan/phpstan-symfony/issues/37
+      SYMFONY_PHPUNIT_VERSION: "9.6"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          tools: pecl, composer
+          extensions: intl, bcmath, curl, openssl, mbstring, mongodb
+          coverage: none
+          ini-values: memory_limit=-1
+      - name: Get composer cache directory
+        id: composercache
+        run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+      - name: Cache dependencies
+        uses: actions/cache@v4
+        with:
+          path: ${{ steps.composercache.outputs.dir }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
+          restore-keys: ${{ runner.os }}-composer-
+      - name: Update project dependencies
+        run: |
+          composer update --no-interaction --no-progress --ansi
+      - name: Cache PHPStan results
+        uses: actions/cache@v4
+        with:
+          path: /tmp/phpstan
+          key: phpstan-php${{ matrix.php }}-${{ github.sha }}
+          restore-keys: |
+            phpstan-php${{ matrix.php }}-
+            phpstan-
+        continue-on-error: true
+      - name: Clear test app cache
+        run: |
+          bin/console cache:clear
+      - name: Run PHPStan analysis
+        run: |
+          ./vendor/bin/phpstan --version
+          ./vendor/bin/phpstan analyse --no-interaction --no-progress --ansi
+
+  docker:
+    name: Lint Docker Files
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Lint Dockerfiles
+        uses: hadolint/[email protected]
+        with:
+          recursive: true

.github/workflows/ci.yaml

@@ -0,0 +1,41 @@
+---
+name: CI
+
+on:
+  push:
+    branches: ["main"]
+    tags:
+      - v[0-9]+.[0-9]+.[0-9]+
+  pull_request:
+    branches: ["main"]
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+env:
+  COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+jobs:
+  check:
+    name: Static Check
+    uses: kilip/docker-dns/.github/workflows/check.yaml@main
+    secrets: inherit
+
+  test:
+    name: Testing
+    needs: ["check"]
+    if: ${{ needs.check.result != 'failure' }}
+    uses: kilip/docker-dns/.github/workflows/test.yaml@main
+    secrets: inherit
+
+  build-images:
+    name: Build
+    needs: ["test"]
+    if: ${{ needs.test.result != 'failure' && github.ref_name == 'main'}}
+    uses: "kilip/docker-dns/.github/workflows/build-image.yaml@main"
+    secrets: inherit
+    permissions:
+      contents: write
+      packages: write

.github/workflows/release.yaml

@@ -0,0 +1,36 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: "Release"
+
+on:
+  push:
+    tags:
+      - v[0-9]+.[0-9]+.[0-9]+
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Update CHANGELOG
+        id: changelog
+        uses: requarks/changelog-action@v1
+        with:
+          token: ${{ github.token }}
+          tag: ${{ github.ref_name }}
+
+      - name: Create Release
+        uses: ncipollo/[email protected]
+        with:
+          allowUpdates: true
+          draft: false
+          makeLatest: true
+          name: ${{ github.ref_name }}
+          body: ${{ steps.changelog.outputs.changes }}
+          token: ${{ github.token }}