From 9129367b1fb1ec81d891a287c09e80318e4807ee Mon Sep 17 00:00:00 2001
From: Michele Locati <michele@locati.it>
Date: Thu, 14 Dec 2023 16:14:09 +0100
Subject: [PATCH] Test Dockerfile, add Dockerfile changes to release notes
 (#850)

---
 .github/workflows/readme-release.yml  |  3 ++-
 .github/workflows/test-dockerfile.yml | 38 +++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/test-dockerfile.yml

diff --git a/.github/workflows/readme-release.yml b/.github/workflows/readme-release.yml
index f7fc122..724cd36 100644
--- a/.github/workflows/readme-release.yml
+++ b/.github/workflows/readme-release.yml
@@ -82,6 +82,7 @@ jobs:
             for CHANGED_FILE in $(git diff --name-only "refs/tags/$VERSIONTAG_LAST" HEAD); do
               case "$CHANGED_FILE" in
                 install-php-extensions)
+                Dockerfile)
                   CREATE_TAG=y
                   ;;
               esac
@@ -143,7 +144,7 @@ jobs:
             RELEASE_NOTES='First version'
           else
             printf 'Generating release notes for commits between %s and %s\n' "$VERSIONTAG_PREVIOUS" "$VERSIONTAG_THIS"
-            RELEASE_NOTES="$(git log --format='- %s' --no-merges --reverse "refs/tags/$VERSIONTAG_PREVIOUS...refs/tags/$VERSIONTAG_THIS" -- ./install-php-extensions | grep -vE '^- \[minor\]')"
+            RELEASE_NOTES="$(git log --format='- %s' --no-merges --reverse "refs/tags/$VERSIONTAG_PREVIOUS...refs/tags/$VERSIONTAG_THIS" -- ./install-php-extensions ./Dockerfile | grep -vE '^- \[minor\]')"
           fi
           printf 'Release notes:\n%s\n' "$RELEASE_NOTES"
           printf 'RELEASE_NAME=v%s\n' "$VERSIONTAG_THIS" >> "$GITHUB_ENV"
diff --git a/.github/workflows/test-dockerfile.yml b/.github/workflows/test-dockerfile.yml
new file mode 100644
index 0000000..31c71a6
--- /dev/null
+++ b/.github/workflows/test-dockerfile.yml
@@ -0,0 +1,38 @@
+name: Build Docker image
+
+on:
+  pull_request:
+    paths:
+    - Dockerfile
+    - .github/workflows/test-dockerfile.yml
+
+jobs:
+  build:
+    name: Build Docker image
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Build image
+        run: docker build --tag test:latest .
+      -
+        name: Save image contents
+        run: docker save --output /tmp/image.tar test:latest
+      -
+        name: Extract layer
+        run: tar -C /tmp -x -f /tmp/image.tar --wildcards '*layer.tar' --strip-components=1
+      -
+        name: Check layer contents
+        run: |
+          ENTRY="$(tar -v -t -f /tmp/layer.tar --wildcards '*bin/install-php-extensions')"
+          if [ -z "$ENTRY" ]; then
+            echo 'File not found'
+            exit 1
+          fi
+          if ! printf '%s' "$ENTRY" | grep -E '^.r.xr.xr.x '; then
+            printf 'Invalid entry permissions:\n%s\n' "$ENTRY"
+            exit 1
+          fi
+          echo 'Entry is correct.'