From 7bf77d8465ff4365899bd05bc06bcad72519dca7 Mon Sep 17 00:00:00 2001 From: Nick Santamaria Date: Wed, 31 Dec 2025 13:04:03 +1100 Subject: [PATCH 1/5] Added comment debug job --- .github/workflows/build-deploy.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml index 109e51b0..df1e12c3 100644 --- a/.github/workflows/build-deploy.yml +++ b/.github/workflows/build-deploy.yml @@ -16,6 +16,15 @@ on: env: REGISTRY: ghcr.io jobs: + debug: + if: (github.event.issue.pull_request && contains(github.event.comment.body, '/debug')) + runs-on: ubuntu-latest + steps: + - name: Get PR branch + id: pr-branch + uses: xt0rted/pull-request-comment-branch@v3 + - name: Echo PR Base Branch + run: echo "The base branch for this PR is ${{ toJson(steps.pr-branch.outputs) }}" buildx: if: | github.event.pull_request.merged == true || From c9b6a13a015600e05cd10139500ae52196b5b77b Mon Sep 17 00:00:00 2001 From: Nick Santamaria Date: Wed, 31 Dec 2025 13:44:19 +1100 Subject: [PATCH 2/5] [SDPPE-91] PR comment /build should build the branch and not repo default (#409) --- .github/workflows/build-deploy.yml | 36 ++++++++++++++---------------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml index df1e12c3..832c1b93 100644 --- a/.github/workflows/build-deploy.yml +++ b/.github/workflows/build-deploy.yml @@ -16,15 +16,6 @@ on: env: REGISTRY: ghcr.io jobs: - debug: - if: (github.event.issue.pull_request && contains(github.event.comment.body, '/debug')) - runs-on: ubuntu-latest - steps: - - name: Get PR branch - id: pr-branch - uses: xt0rted/pull-request-comment-branch@v3 - - name: Echo PR Base Branch - run: echo "The base branch for this PR is ${{ toJson(steps.pr-branch.outputs) }}" buildx: if: | github.event.pull_request.merged == true || @@ -36,6 +27,11 @@ jobs: matrix: images: ${{ fromJson(vars.IMAGES) }} steps: + - name: Get PR branch + if: github.event.issue.pull_request + id: pr-branch + uses: xt0rted/pull-request-comment-branch@v3 + - name: Set up QEMU uses: docker/setup-qemu-action@v3 @@ -51,7 +47,7 @@ jobs: - uses: actions/checkout@v4 if: ( github.event.issue.pull_request && contains(github.event.comment.body, '/build') ) with: - ref: refs/pull/${{ github.event.issue.number }}/head + ref: ${{ steps.pr-branch.outputs.head_ref }} - name: Login to registry ${{ env.REGISTRY }} uses: docker/login-action@v3 @@ -66,25 +62,26 @@ jobs: with: images: | ${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.images }} + context: ${{ github.event.issue.pull_request && 'workflow' || 'git' }} tags: | # PR images (not merged): pr- type=ref,event=pr,enable=${{ github.event.pull_request.merged == false }} # Tag with the PR base branch name on merge type=raw,value=${{ github.event.pull_request.base.ref }},enable=${{ github.event.pull_request.merged == true }} - # Manual/scheduled runs tag by branch ref (for whichever release branch the run targets) + # Manual/scheduled runs tag by branch ref type=ref,event=branch,enable=${{ contains(fromJson('["schedule", "workflow_dispatch"]'), github.event_name) }} # Comment-triggered builds: pr- - type=raw,event=default,value=pr-${{ github.event.issue.number }},enable=${{ github.event.issue.pull_request != null }} - # Supported release branches - type=raw,value=5.x,enable=${{ github.ref == 'refs/heads/5.x' || github.event.pull_request.base.ref == '5.x' }} - type=raw,value=6.x,enable=${{ github.ref == 'refs/heads/6.x' || github.event.pull_request.base.ref == '6.x' }} - type=raw,value=7.x,enable=${{ github.ref == 'refs/heads/7.x' || github.event.pull_request.base.ref == '7.x' }} + type=raw,value=pr-${{ github.event.issue.number }},enable=${{ github.event.issue.pull_request != null }} + # Supported release branches - use the fetched branch name for comments + type=raw,value=5.x,enable=${{ github.ref_name == '5.x' || github.event.pull_request.base.ref == '5.x' || ! steps.pr-branch.outputs.head_ref }} + type=raw,value=6.x,enable=${{ github.ref_name == '6.x' || github.event.pull_request.base.ref == '6.x' || ! steps.pr-branch.outputs.head_ref }} + type=raw,value=7.x,enable=${{ github.ref_name == '7.x' || github.event.pull_request.base.ref == '7.x' || ! steps.pr-branch.outputs.head_ref }} # Always add an immutable sha tag - type=raw,value=sha-${{ github.sha }} + type=raw,value=sha-${{ github.event.pull_request.head.sha || steps.pr-branch.outputs.head_sha || github.sha }} labels: | - maintainer=Digital Victoria + maintainer=Victorian Department of Government Services repository=${{ github.repositoryUrl }} - org.opencontainers.image.authors=Digital Victoria + org.opencontainers.image.authors=Victorian Department of Government Services org.opencontainers.image.source=https://github.com/${{ github.repository }}/tree/${{ (contains(fromJson('["opened","synchronize"]'), github.event.action)) && github.head_ref || github.event.action == 'closed' && github.base_ref || github.ref_name }}/images/${{ matrix.images }}/Dockerfile org.opencontainers.image.title=${{ matrix.images }} org.opencontainers.image.description=${{ matrix.images }} image for Bay container platform @@ -110,6 +107,7 @@ jobs: uses: docker/bake-action@v5 with: push: true + source: . files: | ./gh-actions-bake.hcl ${{ steps.meta.outputs.bake-file }} From e3e9484ac8690195fe98bd1671d295960e621e10 Mon Sep 17 00:00:00 2001 From: Nick Santamaria Date: Wed, 31 Dec 2025 15:14:14 +1100 Subject: [PATCH 3/5] Adjusted stable tag condition again (#410) --- .github/workflows/build-deploy.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml index 832c1b93..c6056714 100644 --- a/.github/workflows/build-deploy.yml +++ b/.github/workflows/build-deploy.yml @@ -73,9 +73,9 @@ jobs: # Comment-triggered builds: pr- type=raw,value=pr-${{ github.event.issue.number }},enable=${{ github.event.issue.pull_request != null }} # Supported release branches - use the fetched branch name for comments - type=raw,value=5.x,enable=${{ github.ref_name == '5.x' || github.event.pull_request.base.ref == '5.x' || ! steps.pr-branch.outputs.head_ref }} - type=raw,value=6.x,enable=${{ github.ref_name == '6.x' || github.event.pull_request.base.ref == '6.x' || ! steps.pr-branch.outputs.head_ref }} - type=raw,value=7.x,enable=${{ github.ref_name == '7.x' || github.event.pull_request.base.ref == '7.x' || ! steps.pr-branch.outputs.head_ref }} + type=raw,value=5.x,enable=${{ (github.ref_name == '5.x' || github.event.pull_request.base.ref == '5.x') && ! steps.pr-branch.outputs.head_ref }} + type=raw,value=6.x,enable=${{ (github.ref_name == '6.x' || github.event.pull_request.base.ref == '6.x') && ! steps.pr-branch.outputs.head_ref }} + type=raw,value=7.x,enable=${{ (github.ref_name == '7.x' || github.event.pull_request.base.ref == '7.x') && ! steps.pr-branch.outputs.head_ref }} # Always add an immutable sha tag type=raw,value=sha-${{ github.event.pull_request.head.sha || steps.pr-branch.outputs.head_sha || github.sha }} labels: | From 5acad8a26906aad2cac51af39d53ce10f06032f9 Mon Sep 17 00:00:00 2001 From: ross-b Date: Fri, 2 Jan 2026 11:25:38 +1100 Subject: [PATCH 4/5] SDPPE-41: Added configurable php-fpm slowlog timeout setting. (#367) --- images/php/Dockerfile.fpm | 3 +++ images/php/php-fpm.conf | 3 +++ 2 files changed, 6 insertions(+) create mode 100644 images/php/php-fpm.conf diff --git a/images/php/Dockerfile.fpm b/images/php/Dockerfile.fpm index 845f29a8..b8a291d1 100644 --- a/images/php/Dockerfile.fpm +++ b/images/php/Dockerfile.fpm @@ -22,6 +22,7 @@ COPY log-fatals.php /bay # Change worker pool from dynamic to static. Change default value to 24. RUN sed -i "s/pm = dynamic/pm = static/" /usr/local/etc/php-fpm.d/www.conf ENV PHP_FPM_PM_MAX_CHILDREN=24 +COPY php-fpm.conf /usr/local/etc/php-fpm.d/bay-php-fpm.conf ARG TZ=Australia/Melbourne RUN apk add --no-cache tzdata \ @@ -46,6 +47,7 @@ ONBUILD ARG BAY_SESSION_COOKIE_LIFETIME=28800 ONBUILD ARG BAY_SESSION_STRICT=1 ONBUILD ARG BAY_SESSION_SID_LEN=256 ONBUILD ARG BAY_SESSION_SID_BITS=6 +ONBUILD ARG BAY_PHP_FPM_REQUEST_SLOWLOG_TIMEOUT=10s ONBUILD ENV BAY_DISABLE_FUNCTIONS $BAY_DISABLE_FUNCTIONS ONBUILD ENV BAY_UPLOAD_LIMIT $BAY_UPLOAD_LIMIT @@ -55,5 +57,6 @@ ONBUILD ENV BAY_SESSION_COOKIE_LIFETIME $BAY_SESSION_COOKIE_LIFETIME ONBUILD ENV BAY_SESSION_STRICT $BAY_SESSION_STRICT ONBUILD ENV BAY_SESSION_SID_LEN $BAY_SESSION_SID_LEN ONBUILD ENV BAY_SESSION_SID_BITS $BAY_SESSION_SID_BITS +ONBUILD ENV BAY_PHP_FPM_REQUEST_SLOWLOG_TIMEOUT $BAY_PHP_FPM_REQUEST_SLOWLOG_TIMEOUT ONBUILD RUN /bay/bay-php-config.sh diff --git a/images/php/php-fpm.conf b/images/php/php-fpm.conf new file mode 100644 index 00000000..9cf31451 --- /dev/null +++ b/images/php/php-fpm.conf @@ -0,0 +1,3 @@ +[www] +request_slowlog_timeout = ${BAY_PHP_FPM_REQUEST_SLOWLOG_TIMEOUT:-0} +slowlog = /proc/1/fd/2 From c77d331ee31267c49dcb5cbfc406f57348c6b57e Mon Sep 17 00:00:00 2001 From: Nick Santamaria Date: Wed, 7 Jan 2026 15:19:44 +1100 Subject: [PATCH 5/5] Install ingest-attachment opensearch plugin (#412) --- images/opensearch/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/images/opensearch/Dockerfile b/images/opensearch/Dockerfile index 8406edc3..be6eec21 100644 --- a/images/opensearch/Dockerfile +++ b/images/opensearch/Dockerfile @@ -2,6 +2,7 @@ FROM uselagoon/opensearch-2:latest RUN for plugin in \ analysis-kuromoji \ + ingest-attachment \ analysis-icu; do \ /usr/share/opensearch/bin/opensearch-plugin install $plugin; \ done