From 1da2ba1f282a830261e8364ec8c217e49cfc7ab0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= <kevin@dunglas.fr>
Date: Wed, 16 Jul 2025 15:36:16 +0200
Subject: [PATCH] fix(ci): Docker builds

---
 .github/workflows/docker.yaml | 13 +++++++------
 .github/workflows/static.yaml | 13 +++++++------
 Dockerfile                    |  5 ++---
 alpine.Dockerfile             |  3 ++-
 build-static.sh               |  3 ---
 cgo.go                        |  9 +++++++++
 dev.Dockerfile                |  4 ++--
 frankenphp.go                 |  6 ------
 go.sh                         |  7 +++++++
 internal/watcher/cgo.go       |  6 ++++++
 internal/watcher/watcher.go   |  1 -
 11 files changed, 42 insertions(+), 28 deletions(-)
 create mode 100644 cgo.go
 create mode 100755 go.sh
 create mode 100644 internal/watcher/cgo.go

diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index f375635b..de3d664d 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -8,13 +8,14 @@ on:
     branches:
       - main
     paths:
-      - "*.c"
-      - "*.h"
-      - "*.stub.php"
-      - "*Dockerfile"
       - "docker-bake.hcl"
-      - "*.sh"
       - ".github/workflows/docker.yaml"
+      - "**cgo.go"
+      - "**Dockerfile"
+      - "**.c"
+      - "**.h"
+      - "**.sh"
+      - "**.stub.php"
   push:
     branches:
       - main
@@ -205,7 +206,7 @@ jobs:
         run: |
           docker run --platform=${{ matrix.platform }} --rm \
             "$(jq -r '."builder-${{ matrix.variant }}"."containerimage.config.digest"' <<< "${METADATA}")" \
-            sh -c 'go test -tags ${{ matrix.race }} -v $(go list ./... | grep -v github.com/dunglas/frankenphp/internal/testext | grep -v github.com/dunglas/frankenphp/internal/extgen) && cd caddy && go test -tags nobadger,nomysql,nopgx ${{ matrix.race }} -v ./...'
+            sh -c './go.sh test -tags ${{ matrix.race }} -v $(./go.sh list ./... | grep -v github.com/dunglas/frankenphp/internal/testext | grep -v github.com/dunglas/frankenphp/internal/extgen) && cd caddy && ../go.sh test ${{ matrix.race }} -v ./...'
         env:
           METADATA: ${{ steps.build.outputs.metadata }}
   # Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/
diff --git a/.github/workflows/static.yaml b/.github/workflows/static.yaml
index 4c0d4524..faae00c7 100644
--- a/.github/workflows/static.yaml
+++ b/.github/workflows/static.yaml
@@ -8,13 +8,14 @@ on:
     branches:
       - main
     paths:
-      - "*.c"
-      - "*.h"
-      - "*.stub.php"
-      - "*Dockerfile"
       - "docker-bake.hcl"
-      - "*.sh"
-      - ".github/workflows/static.yaml"
+      - ".github/workflows/docker.yaml"
+      - "**cgo.go"
+      - "**Dockerfile"
+      - "**.c"
+      - "**.h"
+      - "**.sh"
+      - "**.stub.php"
   push:
     branches:
       - main
diff --git a/Dockerfile b/Dockerfile
index 95c9fe81..d33ac1ce 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -115,10 +115,9 @@ ENV CGO_CFLAGS="-DFRANKENPHP_VERSION=$FRANKENPHP_VERSION $PHP_CFLAGS"
 ENV CGO_CPPFLAGS=$PHP_CPPFLAGS
 ENV CGO_LDFLAGS="-L/usr/local/lib -lssl -lcrypto -lreadline -largon2 -lcurl -lonig -lz $PHP_LDFLAGS"
 
-RUN echo $CGO_LDFLAGS
-
 WORKDIR /go/src/app/caddy/frankenphp
-RUN GOBIN=/usr/local/bin go install -tags 'nobadger,nomysql,nopgx' -ldflags "-w -s -X 'github.com/caddyserver/caddy/v2.CustomVersion=FrankenPHP $FRANKENPHP_VERSION PHP $PHP_VERSION Caddy'" -buildvcs=true && \
+RUN GOBIN=/usr/local/bin \
+	../../go.sh install -ldflags "-w -s -X 'github.com/caddyserver/caddy/v2.CustomVersion=FrankenPHP $FRANKENPHP_VERSION PHP $PHP_VERSION Caddy'" -buildvcs=true && \
 	setcap cap_net_bind_service=+ep /usr/local/bin/frankenphp && \
 	cp Caddyfile /etc/frankenphp/Caddyfile && \
 	frankenphp version && \
diff --git a/alpine.Dockerfile b/alpine.Dockerfile
index eb89fa83..c566abbc 100644
--- a/alpine.Dockerfile
+++ b/alpine.Dockerfile
@@ -122,7 +122,8 @@ ENV CGO_CPPFLAGS=$PHP_CPPFLAGS
 ENV CGO_LDFLAGS="-lssl -lcrypto -lreadline -largon2 -lcurl -lonig -lz $PHP_LDFLAGS"
 
 WORKDIR /go/src/app/caddy/frankenphp
-RUN GOBIN=/usr/local/bin go install -tags 'nobadger,nomysql,nopgx' -ldflags "-w -s -extldflags '-Wl,-z,stack-size=0x80000' -X 'github.com/caddyserver/caddy/v2.CustomVersion=FrankenPHP $FRANKENPHP_VERSION PHP $PHP_VERSION Caddy'" -buildvcs=true && \
+RUN GOBIN=/usr/local/bin \
+    ../../go.sh install -ldflags "-w -s -extldflags '-Wl,-z,stack-size=0x80000' -X 'github.com/caddyserver/caddy/v2.CustomVersion=FrankenPHP $FRANKENPHP_VERSION PHP $PHP_VERSION Caddy'" -buildvcs=true && \
 	setcap cap_net_bind_service=+ep /usr/local/bin/frankenphp && \
 	([ -z "${NO_COMPRESS}" ] && upx --best /usr/local/bin/frankenphp || true) && \
 	frankenphp version && \
diff --git a/build-static.sh b/build-static.sh
index 5feae9cc..a0a83526 100755
--- a/build-static.sh
+++ b/build-static.sh
@@ -90,9 +90,6 @@ fi
 if [ "${os}" = "linux" ] && { [[ "${arch}" =~ "aarch" ]] || [[ "${arch}" =~ "arm" ]]; }; then
 	fpic="-fPIC"
 	fpie="-fPIE"
-
-	# FIXME: temporary workaround because pre-built poackages aren't compiled wiht -fPIC yet
-	SPC_OPT_DOWNLOAD_ARGS="--ignore-cache-sources=php-src --retry 5"
 else
 	fpic="-fpic"
 	fpie="-fpie"
diff --git a/cgo.go b/cgo.go
new file mode 100644
index 00000000..2ec95863
--- /dev/null
+++ b/cgo.go
@@ -0,0 +1,9 @@
+package frankenphp
+
+// #cgo darwin pkg-config: libxml-2.0
+// #cgo CFLAGS: -Wall -Werror
+// #cgo linux CFLAGS: -D_GNU_SOURCE
+// #cgo LDFLAGS: -lphp -lm -lutil
+// #cgo linux LDFLAGS: -ldl -lresolv
+// #cgo darwin LDFLAGS: -Wl,-rpath,/usr/local/lib -liconv -ldl
+import "C"
diff --git a/dev.Dockerfile b/dev.Dockerfile
index 1edfadf2..fde91b0c 100644
--- a/dev.Dockerfile
+++ b/dev.Dockerfile
@@ -80,10 +80,10 @@ RUN git clone https://github.com/e-dant/watcher . && \
 	ldconfig
 
 WORKDIR /go/src/app
-COPY . .
+COPY --link . ./
 
 WORKDIR /go/src/app/caddy/frankenphp
-RUN go build -buildvcs=false -tags 'nobadger,nomysql,nopgx'
+RUN ../../go.sh build -buildvcs=false
 
 WORKDIR /go/src/app
 CMD [ "zsh" ]
diff --git a/frankenphp.go b/frankenphp.go
index 1f09b024..d2437dbf 100644
--- a/frankenphp.go
+++ b/frankenphp.go
@@ -14,12 +14,6 @@ package frankenphp
 
 // #cgo nocallback frankenphp_update_server_context
 // #cgo noescape frankenphp_update_server_context
-// #cgo darwin pkg-config: libxml-2.0
-// #cgo CFLAGS: -Wall -Werror
-// #cgo linux CFLAGS: -D_GNU_SOURCE
-// #cgo LDFLAGS: -lphp -lm -lutil
-// #cgo linux LDFLAGS: -ldl -lresolv
-// #cgo darwin LDFLAGS: -Wl,-rpath,/usr/local/lib -liconv -ldl
 // #include <stdlib.h>
 // #include <stdint.h>
 // #include <php_variables.h>
diff --git a/go.sh b/go.sh
new file mode 100755
index 00000000..2f8775dd
--- /dev/null
+++ b/go.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+# Runs the go command with the proper Go and cgo flags.
+
+GOFLAGS="$GOFLAGS -tags=nobadger,nomysql,nopgx" \
+	CGO_CFLAGS="$CGO_CFLAGS $(php-config --includes)" \
+	CGO_LDFLAGS="$CGO_LDFLAGS $(php-config --ldflags) $(php-config --libs)" \
+	go "$@"
diff --git a/internal/watcher/cgo.go b/internal/watcher/cgo.go
new file mode 100644
index 00000000..49034fcf
--- /dev/null
+++ b/internal/watcher/cgo.go
@@ -0,0 +1,6 @@
+//go:build !nowatcher
+
+package watcher
+
+// #cgo LDFLAGS: -lwatcher-c -lstdc++
+import "C"
diff --git a/internal/watcher/watcher.go b/internal/watcher/watcher.go
index a079b323..5236cd3d 100644
--- a/internal/watcher/watcher.go
+++ b/internal/watcher/watcher.go
@@ -2,7 +2,6 @@
 
 package watcher
 
-// #cgo LDFLAGS: -lwatcher-c -lstdc++
 // #include <stdint.h>
 // #include <stdlib.h>
 // #include "watcher.h"