ci: drop FranzDiebold/github-env-vars-action #9641

Ayesh · Ayesh · commit 2554bef7ecb4 · 2025-03-19T02:07:35.000+07:00
This drops the `FranzDiebold/github-env-vars-action` in favor of native GH-Actions replacement patterns available. ghcr.io (and other container registries for that matter) do not allow mix-case image names, so when a the repo is forked by a user with a mixed case username, or when reused in a repo with a mixed case repo name, the Docker image tagging step fails. When a lowercase username is needed it is now dynamically bash-eval'd directly in the called line. Notable replacements: - `${{ env.CI_REPOSITORY_OWNER_SLUG }}`: `$(echo '${{ github.repository }}' | tr '[:upper:]' '[:lower:]')` - `${{ env.CI_REPOSITORY_NAME }}`: `${{ github.event.repository.name }}` Related: [#9639](http://team.linkorb.com/cards/9639).
diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml
@@ -20,64 +20,59 @@ jobs:
           - php8
 
     steps:
-    - name: GitHub Environment Variables Action
-      uses: FranzDiebold/github-env-vars-action@v2
+      - name: Shallow clone code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
 
-    - name: Shallow clone code
-      uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
+      - name: Login to Container Registry ghcr.io
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }} # ghcr logins allow mixed case usernames
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-    - name: Login to Container Registry ghcr.io
-      uses: docker/login-action@v3
-      with:
-        registry: ghcr.io
-        username: ${{ env.CI_REPOSITORY_OWNER_SLUG }}
-        password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build the container image
+        run: docker build . --tag php-docker-base:trivytemp --file Dockerfile.${{ matrix.php }}
 
-    - name: Build the container image
-      run: docker build . --tag php-docker-base:trivytemp --file Dockerfile.${{ matrix.php }}
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: php-docker-base:trivytemp
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
 
-    - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@master
-      with:
-        image-ref: php-docker-base:trivytemp
-        format: 'table'
-        exit-code: '1'
-        ignore-unfixed: true
-        vuln-type: 'os,library'
-        severity: 'CRITICAL,HIGH'
+      - name: Retag new image with latest tag so we can push the scanned version
+        run: docker image tag php-docker-base:trivytemp "ghcr.io/$(echo '${{ github.repository }}' | tr '[:upper:]' '[:lower:]'):${{ matrix.php }}"
 
-    - name: Retag new image with latest tag so we can push the scanned version
-      run: docker image tag php-docker-base:trivytemp ghcr.io/${{ env.CI_REPOSITORY_OWNER_SLUG }}/${{ env.CI_REPOSITORY_NAME }}:${{ matrix.php }}
+      - name: Push with commit ${{ matrix.php }} tag
+        run: docker push "ghcr.io/$(echo '${{ github.repository }}' | tr '[:upper:]' '[:lower:]'):${{ matrix.php }}"
 
-    - name: Push with commit ${{ matrix.php }} tag
-      run: docker push ghcr.io/${{ env.CI_REPOSITORY_OWNER_SLUG }}/${{ env.CI_REPOSITORY_NAME }}:${{ matrix.php }}
-
-    #review containers
-    - name: Build the review container image
-      run: docker build . --tag ghcr.io/${{ github.repository_owner }}/${{ env.CI_REPOSITORY_NAME }}:${{ matrix.php }}-review --file Dockerfile.${{ matrix.php }}-review
-    - name: Push with commit *-review tag
-      run: docker push ghcr.io/${{ env.CI_REPOSITORY_OWNER_SLUG }}/${{ env.CI_REPOSITORY_NAME }}:${{ matrix.php }}-review
+      #review containers
+      - name: Build the review container image
+        run: docker build . --tag "ghcr.io/$(echo '${{ github.repository }}' | tr '[:upper:]' '[:lower:]'):${{ matrix.php }}-review" --file Dockerfile.${{ matrix.php }}-review
 
+      - name: Push with commit *-review tag
+        run: docker push "ghcr.io/$(echo '${{ github.repository }}' | tr '[:upper:]' '[:lower:]'):${{ matrix.php }}-review"
 
   cleanup:
     needs: [build]
     runs-on: ubuntu-latest
     steps:
-    - name: GitHub Environment Variables Action
-      uses: FranzDiebold/github-env-vars-action@v2
 
-    - name: Login to Container Registry ghcr.io
-      uses: docker/login-action@v3
-      with:
-        registry: ghcr.io
-        username: ${{ env.CI_REPOSITORY_OWNER_SLUG }}
-        password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Login to Container Registry ghcr.io
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }} #ghcr logins allow mixed case usernames
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-    - name: Delete old versions of the package, keeping a few of the newest
-      uses: actions/delete-package-versions@v5
-      with:
-        package-name: ${{ env.CI_REPOSITORY_NAME }}
-        package-type: container
-        min-versions-to-keep: 8
+      - name: Delete old versions of the package, keeping a few of the newest
+        uses: actions/delete-package-versions@v5
+        with:
+          package-name: ${{ github.event.repository.name }}
+          package-type: container
+          min-versions-to-keep: 8
