Consolidate rotating build workflows + publish version.php-derived tags#777
Open
kojiromike wants to merge 5 commits into
Open
Consolidate rotating build workflows + publish version.php-derived tags#777kojiromike wants to merge 5 commits into
kojiromike wants to merge 5 commits into
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR renames the rotating OpenEMR Docker build workflows from version-named filenames to slot-named filenames (current/next/dev) so the rotation tooling can update version pins inside the workflows without leaving misleading workflow artifacts behind. It also updates the release registry and test fixtures to reflect the new workflow paths.
Changes:
- Rename the three rotating Docker build workflows to slot-based names:
build-current.yml,build-next.yml,build-dev.yml. - Update
tools/release/versions.ymlregistryfiles:entries (and related inline comment) to reference the new workflow paths. - Update
SlotRotatorTestfixtures/expectations and mark the workflow-consolidation step as done in the release automation plan doc.
Reviewed changes
Copilot reviewed 3 out of 6 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
tools/release/versions.yml |
Updates registry references from version-named workflow files to slot-named workflow files. |
tools/release/tests/SlotRotatorTest.php |
Updates test fixtures and assertions to use the new workflow filenames. |
docs/release-automation-plan.md |
Updates the plan to reference slot-named build workflows and marks build-workflow consolidation as done. |
.github/workflows/build-next.yml |
Adds/renames the next slot nightly build workflow (multi-arch via per-arch builds + manifest merge). |
.github/workflows/build-dev.yml |
Adds/renames the dev slot nightly build workflow (multi-arch via per-arch builds + manifest merge). |
.github/workflows/build-current.yml |
Adds/renames the current slot production build workflow (single job multi-arch build + push). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
kojiromike
changed the title
Collapse the version-named production/nightly build workflows to slot-named files so slot rotation rewrites the version pins inside them without leaving misleadingly named artifacts: build-800.yml -> build-current.yml (:latest / production) build-810.yml -> build-next.yml (:next nightly) build-811.yml -> build-dev.yml (:dev nightly) The docker dirs stay version-named: they hold real per-version Dockerfiles and are the stable targets the rotating context pin points at. Updates the registry, the rotator test fixtures, and the automation plan to the new names. This is the build-workflow half of step #5 (workflow consolidation, openemr#638 follow-on). Assisted-by: Claude Code
Replace the three rotating build workflows with a single build-openemr.yml
whose matrix is the stable slot names [current, next, dev] x platform — never
rotated. Each job resolves the slot's real OpenEMR version at runtime by
reading the new slot symlinks docker/openemr/{current,next,dev} -> the real
version dirs, then builds from the resolved dir (push-by-digest); the merge
job publishes :<full>, the floating slot tag (current->latest, next->next,
dev->dev), and :<full>-<date>.
Because the workflow carries zero version strings it never needs rewriting on
rotation. Instead SlotRotator re-points the slot symlink when a slot's
docker_dir changes, making the symlink the build's source of truth. Drops the
build_workflow entries from versions.yml (nothing to lint there now) and the
legacy :8.0.0.3 quaternary tags.
This is the build-workflow half of step #5 (workflow consolidation, openemr#638
follow-on).
Assisted-by: Claude Code
….1-dev) The merge job now derives each slot's published version from the OpenEMR version.php at the slot Dockerfile's OPENEMR_VERSION ref, instead of using the bare symlink dir name. current publishes its true 8.0.0.3 and dev self-identifies as 8.1.1-dev (no longer colliding with the eventual real 8.1.1 release). Each slot gets float + :ver + dated tags, plus the bare-dir tag for current/next only. Standardize the 8.0.0 Dockerfile to ARG OPENEMR_VERSION=rel-800 so the merge-job grep is uniform across all three slots, and update the registry, Docker Hub overview template, and renderer test to the docker_dir + full model. Assisted-by: Claude Code
kojiromike
force-pushed
the
consolidate-build-workflows
branch
from
884846c to
f921e18
Compare
kojiromike
commented
Jun 4, 2026
The unanchored grep matched the "# - Branch: --build-arg OPENEMR_VERSION=master" comment line that precedes the real ARG in docker/openemr/8.1.0/Dockerfile, so head -1 picked "master". The next slot then resolved ref=master, mis-versioning the 8.1.0 image and colliding with the dev slot's tags. Anchor on '^ARG OPENEMR_VERSION=' so only the directive matches. Assisted-by: Claude Code
The current/next/dev slot symlinks under docker/openemr/ were swept into test-core.yml's matrix discovery, adding redundant Production Docker (current|next|dev) jobs that rebuilt the same images. The dev slot (master) then tripped the upstream RootCliGuard check, reddening CI. Skip symlinked dirs during discovery so only the real version dirs form the matrix. Assisted-by: Claude Code
kojiromike
added a commit
that referenced
this pull request
Jun 5, 2026
## What Add `--user apache` to the **Install** step in `test-actions-core/action.yml` so `InstallerAuto.php` runs as the `apache` user instead of root. ## Why [openemr/openemr#12267](openemr/openemr#12267) added `RootCliGuard`, which aborts the installer when it runs as a root CLI (UID 0). The CI harness runs `InstallerAuto.php` via `docker compose exec`, which defaults to root in every slot, so every install-driven test slot now fails the guard. ## Approach The Install step is **shared across all slots** (7.0.4, 8.0.0, 8.1.0, 8.1.1, binary, flex). `--user apache` is portable: the `apache` user (uid 1000) and an apache-owned `openemr/` tree exist in every slot's Dockerfile. `su-exec` was **not** an option — #743 only added it to flex/8.1.1/binary, so hardcoding it would break 7.0.4/8.0.0/8.1.0 with "su-exec: not found". phpunit steps are unaffected: `interface/globals.php` skips the guard under `PHPUNIT_COMPOSER_INSTALL`, so those bootstraps stay exempt even as root. ## Validation - **8.1.1 (production path)** validated locally: patched install on a fresh DB exits 0 with no `RootCliGuard`/`RuntimeException`, writes `sqlconf.php` as `apache:apache` with `$config = 1`, web returns HTTP 302; `phpunit --testsuite unit` → 275 tests pass. - flex **prod** mode is structurally identical (baked, apache-owned) → covered by the 8.1.1 result. - flex **dev** mode relies on the already-merged #743 entrypoint, which (running as root) chowns the mounted source to apache before the `--user apache` exec — exercised by CI here. Unblocks #777, which only needs a rebase once this lands. Assisted-by: Claude Code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Collapse the three version-named rotating build workflows into one slot-named matrix workflow, then make that workflow publish each slot's true OpenEMR version (derived from
version.php) instead of the bare symlink directory name.1. Consolidate to a single slot-matrix workflow
build-800.yml/build-810.yml/build-811.ymlbecome a singlebuild-openemr.ymlwhose matrix is the stable slot names[current, next, dev]× platform — never rotated. Each job resolves the slot's version at runtime from thedocker/openemr/{current,next,dev}symlinks, so the workflow holds zero version strings and rotation never rewrites it (SlotRotatorjust re-points the symlink).Docker dirs (
docker/openemr/{8.0.0,8.1.0,8.1.1}) stay version-named — they hold real per-version Dockerfiles and are honest targets.2. Publish version.php-derived tags per slot
The merge job derives each slot's published version from the OpenEMR
version.phpat the slot Dockerfile'sOPENEMR_VERSIONref, composingmajor.minor.patch[.realpatch][tag]::verrel-800rel-810masterThis fixes two bugs:
currentis really 8.0.0.3 (a genuine patch release), anddevwould otherwise publish a bare:8.1.1that collides with the eventual real 8.1.1 release.Tag set per slot:
:<float>(latest/next/dev) +:<ver>+:<ver>-<date>, plus the bare-dir tag (8.0.0/8.1.0) for current/next only (never dev) when it differs from:<ver>.Supporting changes
docker/openemr/8.0.0/DockerfiletoARG OPENEMR_VERSION=rel-800so the merge-job grep is uniform across all three slots.tools/release/versions.yml:current.full→8.0.0.3(drop vestigialpatch),dev.full→8.1.1-dev, 8.0.0 Dockerfilekinds→docker_arg_branch.docker_dir+fullmodel.docs/release-automation-plan.mddocuments the version.php derivation and per-slot tag set.This is the build-workflow half of step #5 (workflow consolidation, #638 follow-on) in
docs/release-automation-plan.md, and unblocks the release-rotation PR (#760).Test plan
composer test— 179 tests passcomposer phpcs— cleancomposer phpstan— no errorsactionlintonbuild-openemr.yml— clean (shellcheck SC2016 suppressed for the PHP one-liner, matchingbuild-release.yml)yqlint on the registry