Consolidate Docker build and test workflows

[hussainweb]

Consolidated the Drupal testing workflow into the main Docker build workflow.
Deleted .github/workflows/test-drupal.yml and updated .github/workflows/docker-buildx.yml to include:

• Test environment setup (downloading Drupal, setting up directories).
• A "Build and load" step to create a local image for testing.
• Execution of install-drupal.sh and verify-drupal.sh using docker compose.
• Cleanup steps.
• Conditional pushing to Docker Hub only on the main branch and after successful tests.
• Updated triggers to run on push (main) and pull_request.

---

PR created automatically by Jules for task 14732200155072337463 started by @hussainweb

Summary by CodeRabbit

• Chores

  • CI simplified: workflows now trigger on push and pull_request; publishing/build pushes restricted to main.

• Tests

  • Drupal test flow consolidated into the main pipeline; expanded container-based test steps, unconditional test site setup, installation and verification, artifact upload, failure log capture, and cleanup.

• Bug Fixes

  • SQLite rebuilt with column-metadata support for improved database introspection.

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Consolidates Drupal testing into the Docker BuildX workflow by replacing workflow_run with push/pull_request, removing the standalone test-drupal.yml, adding matrix-driven Drupal test steps into the build job (build/load image, start containers, composer/drush install, run tests, upload artifacts), restricts pushes to main, and enables SQLITE_ENABLE_COLUMN_METADATA in a Dockerfile. (50 words)

Changes

Cohort / File(s)	Summary
BuildX workflow .github/workflows/docker-buildx.yml	Replaced workflow_run gating with push/pull_request; removed build gating; merged Drupal test matrix and extensive test steps into the build job (env/variant matrix, build & load test image, test directory setup, composer/drush via Docker, start containers, Drupal install, verification, log capture, artifact upload, cleanup); simplified image push condition to branch-only (main).
Removed test workflow .github/workflows/test-drupal.yml	Deleted standalone Drupal test workflow that previously handled the matrix-driven Docker build, composer/drush install, container orchestration, tests, logs, artifacts, and cleanup.
Dockerfile (SQLite flag) php8/apache-bookworm/Dockerfile	Added CPPFLAGS="-DSQLITE_ENABLE_COLUMN_METADATA=1" to the SQLite ./configure invocation to enable SQLITE_ENABLE_COLUMN_METADATA at compile time.
Test installer script tests/install-drupal.sh	Replaced DRUPAL_VERSION with CONSTRAINT; removed earlier installation-detection logic; always creates project (clearing target WEBROOT), installs Drush, builds site via Drush with SQLite backend, verifies bootstrap/status, sets permissions, and prints credentials; adjusted messages and control flow accordingly.

Sequence Diagram(s)

sequenceDiagram
  participant Dev as Developer
  participant GH as GitHub Actions
  participant Runner as Runner
  participant Buildx as Buildx
  participant Compose as Docker Compose
  participant Drupal as Drupal Container
  participant Registry as Registry

  Dev->>GH: push / pull_request
  GH->>Runner: start matrix job
  Runner->>Buildx: build & load test image
  Buildx-->>Runner: images available
  Runner->>Compose: start test containers
  Compose->>Drupal: run composer/drush, install Drupal (SQLite)
  Drupal-->>Runner: run verification tests, emit logs/results
  alt branch == main and tests pass
    Runner->>Registry: push images
  else tests fail or not main
    Runner-->>GH: upload logs & artifacts, skip push
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• feat: Add Drupal testing workflow and Docker build trigger #24 — Overlapping CI/test changes including BuildX workflow and Drupal test scripts.
• feat: Add FrankenPHP variant for Drupal base images #22 — Related edits to the Docker build workflow and php8/apache-bookworm/Dockerfile.
• feat: add PHP 8.5 support for all build variants #20 — Prior changes to the BuildX workflow and PHP matrix that intersect with these CI updates.

Poem

🐇 I hopped through YAML and stitched the tests as one,
Built images, spun containers, watched the Drupal sun.
I scooped up logs like carrots, wiped each tiny trail,
On main the crates stand ready — a rabbit's tidy tale. ✨

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Consolidate Docker build and test workflows' directly and accurately describes the main change: merging two separate workflows (docker-buildx.yml and test-drupal.yml) into one unified workflow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into main

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch docker-test-workflow-consolidation-14732200155072337463

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (4)

.github/workflows/docker-buildx.yml (4)

105-114: Consider removing cache-to from the test build to avoid redundant cache writes.

Both this step and the final "Build and push" step (Line 164) write to the same GHA cache with cache-to: type=gha,mode=max. The test build writes single-platform layers that are immediately overwritten by the multi-platform push build. Keeping cache-from on the test build is beneficial (it reads cached layers), but cache-to here is wasteful and could cause minor cache churn.

Proposed fix

       - name: Build and load Docker image for testing
         uses: docker/build-push-action@v6
         with:
           context: ${{ env.DOCKERFILE_DIR }}/${{ matrix.variant }}/
           load: true
           tags: drupal-test:${{ matrix.php_version }}-${{ matrix.variant }}
           build-args: |
             PHP_VERSION=${{ matrix.php_version }}
           cache-from: type=gha
-          cache-to: type=gha,mode=max

---

116-120: sleep 10 is fragile for container readiness.

Consider replacing the fixed sleep with a polling loop that checks container health (e.g., docker compose exec drupal php -v or an HTTP health check with retries). A fixed sleep may be too short for slower CI runners or too long otherwise.

Example: poll-based readiness check

       - name: Start Docker containers
         run: |
           docker compose up -d
-          sleep 10
+          echo "Waiting for containers to be ready..."
+          for i in $(seq 1 30); do
+            if docker compose exec -T drupal php -v > /dev/null 2>&1; then
+              echo "Container ready after ${i}s"
+              break
+            fi
+            sleep 1
+          done
           docker compose ps

---

154-164: On PRs, this step builds for two platforms but never pushes — consider skipping it.

When github.ref != 'refs/heads/main', this step still runs a full multi-platform build (linux/amd64,linux/arm64) with push: false. Since the single-platform test build already validated the image, this is redundant on PRs and roughly doubles CI time per matrix entry.

Proposed fix: gate the push step on main

       - name: Build and push Docker image for PHP ${{ matrix.php_version }}
+        if: github.ref == 'refs/heads/main'
         uses: docker/build-push-action@v6
         with:
           context: ${{ env.DOCKERFILE_DIR }}/${{ matrix.variant }}/
-          push: ${{ github.ref == 'refs/heads/main' }}
+          push: true
           tags: ${{ steps.tags.outputs.tags }}
           build-args: |
             PHP_VERSION=${{ matrix.php_version }}
           platforms: linux/amd64,linux/arm64
           cache-from: type=gha
           cache-to: type=gha,mode=max

---

78-88: Composer/PHP availability on the runner is an implicit dependency.

The composer create-project and composer require commands run directly on the GitHub Actions runner, relying on the pre-installed PHP and Composer on ubuntu-latest. This works today but is fragile across runner image updates. If you later need a specific PHP version for Composer resolution, consider adding a setup-php step.

[coderabbitai]

🧹 Nitpick comments (3)

.github/workflows/docker-buildx.yml (3)

92-92: CONTAINER_NAME is set but never referenced in subsequent steps.

The variable is written to GITHUB_ENV but no later step uses ${CONTAINER_NAME}. If the compose service name is always drupal, this line is dead configuration. Consider removing it or actually using it (e.g., in docker compose exec commands) to keep the workflow self-documenting.

---

119-126: Quote the volume-mount path to guard against spaces.

$(pwd) is unquoted. While GitHub-hosted runner paths don't normally contain spaces, it's a good defensive habit.

Suggested fix

-          docker run --rm \
-            -v $(pwd)/drupal-root:${WEB_ROOT} \
+          docker run --rm \
+            -v "$(pwd)/drupal-root:${WEB_ROOT}" \

---

170-180: Skip the multi-platform build entirely on PRs to save CI time.

When push is false (non-main), this step still executes a full multi-platform build (linux/amd64,linux/arm64) whose output is discarded. On PRs you've already validated the image via the load build + tests. Adding an if guard avoids ~doubling build time on every PR matrix entry.

Suggested fix

       - name: Build and push Docker image for PHP ${{ matrix.php_version }}
+        if: github.ref == 'refs/heads/main'
         uses: docker/build-push-action@v6
         with:
           context: ${{ env.DOCKERFILE_DIR }}/${{ matrix.variant }}/
-          push: ${{ github.ref == 'refs/heads/main' }}
+          push: true
           tags: ${{ steps.tags.outputs.tags }}
           build-args: |
             PHP_VERSION=${{ matrix.php_version }}
           platforms: linux/amd64,linux/arm64
           cache-from: type=gha
           cache-to: type=gha,mode=max

[coderabbitai]

🧹 Nitpick comments (2)

.github/workflows/docker-buildx.yml (2)

110-114: sleep 10 is a fragile wait mechanism.

Consider replacing the fixed sleep with a retry loop that polls for container readiness (e.g., checking health status or a simple HTTP probe). This avoids both unnecessary waiting and flaky failures when containers are slow to start.

♻️ Suggested improvement

       - name: Start Docker containers
         run: |
           docker compose up -d
-          sleep 10
+          # Wait for container to be ready (up to 60s)
+          for i in $(seq 1 30); do
+            if docker compose exec -T drupal true 2>/dev/null; then
+              echo "Container is ready"
+              break
+            fi
+            echo "Waiting for container... ($i)"
+            sleep 2
+          done
           docker compose ps

---

164-174: Final build runs even on PRs (just without push) — intentional redundancy.

On PRs, push: false means this step still performs the multi-platform build without pushing. This validates the multi-platform build works but doubles build time. If CI cost is a concern, you could gate this step with if: github.ref == 'refs/heads/main' to skip it entirely on PRs.

[hussainweb]

Let's move this step inside install-drupal.sh. This simplifies our workflows and also ensures the file permissions are correct. This is important because the reason for errors is file permissions for the SQLite database.

[hussainweb]

Our tests will never have a composer.json. Let's remove this.

[google-labs-jules]

Agreed. Removed the HAS_COMPOSER check and made the project creation unconditional (which correctly handles the clean state assumption).

[hussainweb]

Let's pass in the constraint instead of having to determine it. The parameter is not used for any functional purporse anyway.

[google-labs-jules]

Good point. I've updated the script to accept the constraint directly (e.g., ^10) and removed the parsing logic. Also updated the workflow to pass the constraints explicitly.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

tests/install-drupal.sh (1)

63-69: ⚠️ Potential issue | 🔴 Critical

Critical: nested double-quote quoting breaks the sh -c command.

The inner "..." around the --db-url and --site-name values toggle the outer sh -c "..." quoting, causing bash to split the argument incorrectly. Specifically, Drupal Test Site becomes positional parameters to sh instead of part of the command, and everything from --account-name onward is lost from the command string. This means drush runs without --yes/--no-interaction (likely hanging) and without account credentials.

Use escaped inner quotes or single quotes inside the double-quoted sh -c string:

🐛 Proposed fix

-docker compose exec -T $SERVICE sh -c "cd ${WEBROOT} && vendor/bin/drush site:install minimal \
-    --db-url="sqlite://localhost/sites/default/files/.ht.sqlite" \
-    --site-name="Drupal Test Site" \
-    --account-name=admin \
-    --account-pass=admin \
-    --yes \
-    --no-interaction"
+docker compose exec -T $SERVICE sh -c "cd ${WEBROOT} && vendor/bin/drush site:install minimal \
+    --db-url='sqlite://localhost/sites/default/files/.ht.sqlite' \
+    --site-name='Drupal Test Site' \
+    --account-name=admin \
+    --account-pass=admin \
+    --yes \
+    --no-interaction"

🧹 Nitpick comments (3)

tests/install-drupal.sh (1)

40-50: composer create-project . relies on the image's WORKDIR matching WEBROOT.

The rm -rf on line 42 targets ${WEBROOT}, but composer create-project ... . on lines 47/49 installs into the container's current working directory (WORKDIR), not necessarily ${WEBROOT}. If any image variant sets a different WORKDIR, the project lands in the wrong place. Consider explicitly using ${WEBROOT} as the target path instead of ., or wrapping with cd:

♻️ Suggested fix

 if [ -n "$CONSTRAINT" ]; then
-    docker compose exec -T $SERVICE composer create-project drupal/recommended-project . "$CONSTRAINT" --no-interaction --no-dev
+    docker compose exec -T $SERVICE sh -c "cd ${WEBROOT} && composer create-project drupal/recommended-project . '$CONSTRAINT' --no-interaction --no-dev"
 else
-    docker compose exec -T $SERVICE composer create-project drupal/recommended-project . --no-interaction --no-dev
+    docker compose exec -T $SERVICE sh -c "cd ${WEBROOT} && composer create-project drupal/recommended-project . --no-interaction --no-dev"
 fi

.github/workflows/docker-buildx.yml (2)

78-92: Quote $GITHUB_ENV and remove the unused CONTAINER_NAME variable.

Per static analysis (SC2086), $GITHUB_ENV should be double-quoted in each echo ... >> $GITHUB_ENV line. Also, CONTAINER_NAME (line 92) is set but never referenced — install-drupal.sh hardcodes SERVICE="drupal" instead.

♻️ Suggested fix (showing a few representative lines)

       run: |
-          echo "PHP_VERSION=${{ matrix.php_version }}" >> $GITHUB_ENV
-          echo "VARIANT=${{ matrix.variant }}" >> $GITHUB_ENV
+          echo "PHP_VERSION=${{ matrix.php_version }}" >> "$GITHUB_ENV"
+          echo "VARIANT=${{ matrix.variant }}" >> "$GITHUB_ENV"
           if [ "${{ matrix.variant }}" = "frankenphp-trixie" ]; then
-            echo "WEB_ROOT=/app" >> $GITHUB_ENV
+            echo "WEB_ROOT=/app" >> "$GITHUB_ENV"
           else
-            echo "WEB_ROOT=/var/www/html" >> $GITHUB_ENV
+            echo "WEB_ROOT=/var/www/html" >> "$GITHUB_ENV"
           fi
           if [ "${{ matrix.variant }}" = "fpm-alpine" ]; then
-            echo "COMPOSE_FILE=tests/docker-compose.fpm.yml" >> $GITHUB_ENV
+            echo "COMPOSE_FILE=tests/docker-compose.fpm.yml" >> "$GITHUB_ENV"
           else
-            echo "COMPOSE_FILE=tests/docker-compose.yml" >> $GITHUB_ENV
+            echo "COMPOSE_FILE=tests/docker-compose.yml" >> "$GITHUB_ENV"
           fi
-          echo "CONTAINER_NAME=drupal" >> $GITHUB_ENV

---

154-164: Consider skipping the multi-platform build on PRs to save CI time.

This step always runs (no if: guard), so on PRs it performs a full multi-platform build (amd64 + arm64) but discards the result (push: false). Since the single-platform test build (line 94) already validates the image, you could gate this step with if: github.ref == 'refs/heads/main' to avoid redundant ~2× build time on every PR. If you intentionally want to validate multi-platform builds on PRs, this is fine as-is.