psalm syntax fixes #3122
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches-ignore: | |
- 'dependabot/**' | |
tags: | |
- 'v*' | |
pull_request: | |
branches-ignore: | |
- 'dependabot/**' | |
workflow_dispatch: | |
concurrency: | |
group: ci-${{ github.head_ref }} | |
cancel-in-progress: true | |
jobs: | |
test-cgl: | |
name: Coding Guidelines Check | |
runs-on: ubuntu-latest | |
continue-on-error: false | |
env: | |
PHP_CS_FIXER_FUTURE_MODE: 1 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup PHP environment | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: '8.3' | |
tools: composer:v2 | |
- name: Check code formatting with PHP-CS-Fixer | |
run: | | |
rm composer.json composer.lock | |
composer require friendsofphp/php-cs-fixer:^3.57 | |
vendor/bin/php-cs-fixer fix --config=.php-cs-fixer.dist --diff --dry-run -v | |
lint: | |
name: FE Asset Linting | |
runs-on: ubuntu-latest | |
continue-on-error: false | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
- name: Cache node_modules | |
uses: actions/cache@v4 | |
with: | |
path: '**/node_modules' | |
key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }} | |
- name: Install npm packages | |
working-directory: ./src/Resources | |
run: npm install | |
- name: Run FE linters | |
working-directory: ./src/Resources | |
run: npm run lint | |
format: | |
name: FE asset formatting check | |
runs-on: ubuntu-latest | |
continue-on-error: false | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
- name: Cache node_modules | |
uses: actions/cache@v4 | |
with: | |
path: '**/node_modules' | |
key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }} | |
- name: Install npm packages | |
working-directory: ./src/Resources | |
run: npm install | |
- name: Run prettier check | |
working-directory: ./src/Resources | |
run: npm run format-check | |
phpmd: | |
name: PHPMD | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup PHP environment | |
uses: shivammathur/setup-php@v2 | |
with: | |
coverage: none | |
tools: phpmd | |
- name: Run PHPMD | |
run: phpmd src github ./phpmd.xml --baseline-file ./phpmd.baseline.xml --exclude */Tests/* | |
psalm: | |
name: Static Code Analysis | |
runs-on: ubuntu-latest | |
continue-on-error: false | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup PHP environment | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: '8.3' | |
tools: composer | |
- name: Run composer install | |
run: composer install -n --prefer-dist | |
- name: Run Psalm | |
run: ./vendor/bin/psalm | |
vueTsc: | |
name: Run frontend type check | |
runs-on: ubuntu-latest | |
continue-on-error: false | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
- name: Cache node_modules | |
uses: actions/cache@v4 | |
with: | |
path: '**/node_modules' | |
key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }} | |
- name: Install npm packages | |
working-directory: ./src/Resources | |
run: npm install | |
- name: Run vue-tsc | |
working-directory: ./src/Resources | |
run: npm run type-check | |
testFrontendUnitFunctional: | |
name: Run frontend unit- and functional-tests | |
runs-on: ubuntu-latest | |
continue-on-error: false | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
- name: Cache node_modules | |
uses: actions/cache@v4 | |
with: | |
path: '**/node_modules' | |
key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }} | |
- name: Install npm packages | |
working-directory: ./src/Resources | |
run: npm install | |
- name: Run FE vitest suite | |
working-directory: ./src/Resources | |
run: npm run test:unit | |
buildDevImage: | |
name: Build Development Docker Images | |
runs-on: ubuntu-latest | |
needs: [ test-cgl, psalm, phpmd, format, lint, vueTsc, testFrontendUnitFunctional ] | |
steps: | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 10 | |
- name: Prepare build | |
run: | | |
mkdir -p /tmp/docker/buildx | |
git log -n 10 --date=short --format=format:"%C(auto)%h %ad @%al %s" >> public/changelog.txt | |
- name: Setup docker build caches | |
uses: actions/cache@v4 | |
with: | |
key: ${{ runner.os }}-buildx | |
path: /tmp/docker/buildx | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
# Development image | |
- name: Get Docker meta for development | |
id: devmeta | |
uses: docker/metadata-action@v5 | |
with: | |
images: aoepeople/meals:beta | |
tags: | | |
type=sha | |
type=ref,event=branch | |
- name: Build and push development image | |
id: build_dev | |
uses: docker/build-push-action@v6 | |
with: | |
file: Dockerfile | |
push: false | |
tags: aoepeople/meals:test | |
labels: ${{ steps.devmeta.outputs.labels }} | |
build-args: | | |
BUILD_DEV="true" | |
cache-from: | | |
aoepeople/meals:beta | |
type=local,src=/tmp/docker/buildx | |
cache-to: type=local,dest=/tmp/docker/buildx | |
outputs: type=docker,dest=/tmp/docker/dev.tar | |
# Upload artifacts | |
- name: Upload docker images | |
uses: actions/upload-artifact@v4 | |
with: | |
name: docker-dev-image | |
path: /tmp/docker/*.tar | |
outputs: | |
imageDev: aoepeople/meals:test | |
buildImages: | |
name: Build Docker Images | |
runs-on: ubuntu-latest | |
needs: [ test-cgl, psalm, phpmd, format, lint, vueTsc, testFrontendUnitFunctional ] | |
steps: | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 10 | |
- name: Prepare build | |
run: | | |
mkdir -p /tmp/docker/buildx | |
git log -n 10 --date=short --format=format:"%C(auto)%h %ad @%al %s" >> public/changelog.txt | |
- name: Setup docker build caches | |
uses: actions/cache@v4 | |
with: | |
key: ${{ runner.os }}-buildx | |
path: /tmp/docker/buildx | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
# Production Image | |
- name: Get Docker meta for production image | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: aoepeople/meals | |
tags: | | |
type=sha | |
type=ref,event=branch | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=edge,branch=main | |
- name: Build and push production image | |
id: build_latest | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
push: false | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: | | |
aoepeople/meals:edge | |
type=local,src=/tmp/docker/buildx | |
cache-to: type=local,dest=/tmp/docker/buildx | |
outputs: type=docker,dest=/tmp/docker/app.tar | |
# Upload artifacts | |
- name: Upload docker images | |
uses: actions/upload-artifact@v4 | |
with: | |
name: docker-app-image | |
path: /tmp/docker/*.tar | |
outputs: | |
image: ${{ fromJson(steps.meta.outputs.json).tags[0] }} | |
images: ${{ join(steps.meta.outputs.tags, ' ') }} | |
cypress: | |
name: Run E2E-tests via Cypress | |
needs: [ buildDevImage ] | |
runs-on: ubuntu-latest | |
env: | |
SERVICE: dev # use `dev` to enable xdebug and code coverage | |
IMAGE_DEV: ${{ needs.buildDevImage.outputs.imageDev }} | |
COMPOSE_INTERACTIVE_NO_CLI: true | |
strategy: | |
fail-fast: false | |
matrix: | |
containers: [1, 2, 3, 4] | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Download docker images | |
uses: actions/download-artifact@v4 | |
with: | |
name: docker-dev-image | |
path: /tmp/docker | |
- name: Import docker image | |
run: | | |
docker load --input /tmp/docker/dev.tar | |
docker image ls -a | grep aoepeople | |
- uses: actions/setup-node@v4 | |
- name: Cache node_modules | |
uses: actions/cache@v4 | |
with: | |
path: '**/node_modules' | |
key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }} | |
- name: Install npm packages | |
working-directory: ./src/Resources | |
run: npm install | |
- name: Make build dir | |
run: | | |
mkdir build | |
- name: Make .env file | |
run: | | |
sh -c "cat > .env.docker << 'EOL' | |
IDP_SERVER=\"${{ secrets.IDP_SERVER }}\" | |
IDP_CLIENT_ID=\"${{ secrets.IDP_CLIENT_ID }}\" | |
IDP_CLIENT_SECRET=\"${{ secrets.IDP_CLIENT_SECRET }}\" | |
EOL" | |
- name: Run Docker compose | |
run: | | |
docker compose -f ./docker-compose-cypress.yaml up --abort-on-container-exit & | |
echo "starting the docker compose..." & | |
yarn --cwd=./tests/e2e install && | |
until $(curl --output /dev/null --silent --head --fail http://localhost:80/); do | |
printf '.' | |
sleep 5 | |
done && | |
yarn --cwd=./tests/e2e cross-env-shell cypress run --headless --browser electron --env "baseUrl=http://localhost/,cookie_domain=localhost,ddev_test=false,mailhog_url=http://localhost:8025","split=${{ strategy.job-total }}","splitIndex=${{ strategy.job-index }}" | |
- name: Docker compose down | |
run: | | |
docker compose -f docker-compose-cypress.yaml down --remove-orphans | |
testBackendUnitFunctional: | |
name: Run backend unit- and functional-tests | |
needs: [ buildImages, buildDevImage ] | |
runs-on: ubuntu-latest | |
env: | |
SERVICE: app # use `dev` to enable xdebug and code coverage | |
IMAGE: ${{ needs.buildImages.outputs.image }} | |
IMAGE_DEV: ${{ needs.buildDevImage.outputs.imageDev }} | |
COMPOSE_INTERACTIVE_NO_CLI: true | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- uses: actions/checkout@v4 | |
- name: Download docker app-image | |
uses: actions/download-artifact@v4 | |
with: | |
name: docker-app-image | |
path: /tmp/docker | |
- name: Download docker dev-image | |
uses: actions/download-artifact@v4 | |
with: | |
name: docker-dev-image | |
path: /tmp/docker | |
- name: Import docker image | |
run: | | |
docker load --input /tmp/docker/app.tar | |
docker load --input /tmp/docker/dev.tar | |
docker image ls -a | grep aoepeople | |
- name: Test with docker compose | |
run: | | |
mkdir build | |
docker compose -f docker-compose-test.yaml up --abort-on-container-exit | |
docker compose -f docker-compose-test.yaml down --remove-orphans | |
- name: Upload coverage report artifact | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: reports | |
path: build/artifacts/qa/ | |
- name: Publish unit-test results | |
uses: mikepenz/action-junit-report@v4 | |
if: always() | |
with: | |
report_paths: 'build/artifacts/qa/*.xml' | |
publish: | |
name: Publish | |
if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') }} | |
needs: [ buildImages, buildDevImage, testBackendUnitFunctional, cypress ] | |
runs-on: ubuntu-latest | |
env: | |
IMAGES_APP: ${{ needs.buildImages.outputs.images }} | |
IMAGE_DEV: ${{ needs.buildDevImage.outputs.imageDev }} | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Download docker app-image | |
uses: actions/download-artifact@v4 | |
with: | |
name: docker-app-image | |
path: /tmp/docker | |
- name: Download docker dev-image | |
uses: actions/download-artifact@v4 | |
with: | |
name: docker-dev-image | |
path: /tmp/docker | |
- name: Import docker image | |
run: | | |
docker load --input /tmp/docker/app.tar | |
docker load --input /tmp/docker/dev.tar | |
docker image ls -a | grep aoepeople | |
- name: Deploy images | |
run: | | |
echo "starting to push app images" | |
for tag in $IMAGES_APP; do | |
if [[ $tag = *sha-* ]]; then | |
continue; | |
fi | |
docker push $tag; | |
echo "pushed app image: $tag" | |
done | |
echo "done pushing app images" | |
echo "starting to push dev image: $IMAGE_DEV" | |
docker push $IMAGE_DEV; | |
echo "pushed dev image: $IMAGE_DEV" | |
echo "done pushing dev images" | |
- name: Image digest | |
id: image_digest | |
env: | |
IMAGE: ${{ needs.buildImages.outputs.image }} | |
run: | | |
docker pull $IMAGE | |
echo "digest=$(docker inspect $IMAGE | jq -r '.[0].RepoDigests[0]' | cut -d'@' -f2)" >> $GITHUB_OUTPUT | |
- name: Delete docker image artifact | |
uses: geekyeggo/delete-artifact@v5 | |
with: | |
name: docker-dev-image | |
- name: Delete docker image artifact | |
uses: geekyeggo/delete-artifact@v5 | |
with: | |
name: docker-app-image | |
outputs: | |
imageDigest: ${{ steps.image_digest.outputs.digest }} | |
synk: | |
name: Scan vulnerabilities | |
if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') }} | |
needs: [ publish, buildImages ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Run Snyk to check Docker image for vulnerabilities | |
# Snyk can be used to break the build when it detects vulnerabilities. | |
# In this case we want to upload the issues to GitHub Code Scanning | |
continue-on-error: true | |
uses: snyk/actions/docker@master | |
env: | |
# In order to use the Snyk Action you will need to have a Snyk API token. | |
# More details in https://github.com/snyk/actions#getting-your-snyk-token | |
# or you can signup for free at https://snyk.io/login | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
image: ${{ needs.buildImages.outputs.image }} | |
args: --file=Dockerfile | |
# Replace any "null" security severity values with 0. The null value is used in the case | |
# of license-related findings, which do not do not indicate a security vulnerability. | |
# See https://github.com/github/codeql-action/issues/2187 for more context. | |
- name: Post process snyk sarif file | |
run: | | |
sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif | |
- name: Upload result to GitHub Code Scanning | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: snyk.sarif | |
deploy: | |
name: Deploy and notify | |
needs: [ publish, buildImages ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Deploy to staging environment | |
env: | |
IMAGE_TAG: ${{ needs.buildImages.outputs.image }} | |
IMAGE_DIGEST: ${{ needs.publish.outputs.imageDigest }} | |
GITLAB_K8S_IT_TRIGGER: ${{ secrets.GITLAB_K8S_IT_TRIGGER }} | |
run: | | |
curl -X POST \ | |
-F "ref=develop" \ | |
-F "variables[IMAGE_TAG]=$IMAGE_TAG" \ | |
-F "variables[IMAGE_DIGEST]=$IMAGE_DIGEST" \ | |
-F "token=$GITLAB_K8S_IT_TRIGGER" \ | |
https://gitlab.aoe.com/api/v4/projects/2872/trigger/pipeline | |
- name: Notify team | |
env: | |
COMMIT_MSG: ${{ github.event.head_commit.message }} | |
MATTERMOST_HOOK_URL: ${{ secrets.MATTERMOST_HOOK_URL }} | |
run: | | |
curl --silent -i -X POST -H 'Content-Type: application/json' \ | |
-d '{"text": "Triggered deployment of `meals-staging.aoe.com@'"$GITHUB_SHA"'`\n> '"$COMMIT_MSG"'"}' \ | |
$MATTERMOST_HOOK_URL |