Add additional checks for banned instances + various code improvements along the way #4684
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Mbin Workflow | |
on: | |
pull_request: | |
branches: | |
- main | |
- develop | |
- dev/new_features | |
push: | |
branches: | |
- main | |
- dev/new_features | |
tags: | |
- 'v*' | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
container: | |
image: danger89/mbin-pipeline:1.3.0 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Get NPM cache directory path | |
id: npm-cache-dir-path | |
run: echo "dir=$(npm get cache)" >> $GITHUB_OUTPUT | |
- name: Get Composer Cache Directory | |
id: composer-cache | |
run: | | |
echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT | |
- uses: actions/cache@v4 | |
id: npm-cache | |
with: | |
path: ${{ steps.npm-cache-dir-path.outputs.dir }} | |
key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} | |
- uses: actions/cache@v4 | |
with: | |
path: ${{ steps.composer-cache.outputs.dir }} | |
key: ${{ runner.os }}-composer-no-dev-${{ hashFiles('**/composer.lock') }} | |
- run: cp .env.example .env | |
- name: Composer install | |
run: composer install --no-dev --no-progress | |
- name: NPM install | |
run: npm ci --include=dev | |
env: | |
NODE_ENV: production | |
- name: Build frontend (production) | |
run: npm run build | |
automated-tests: | |
runs-on: ubuntu-latest | |
container: | |
image: danger89/mbin-pipeline:1.3.0 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Get Composer Cache Directory | |
id: composer-cache | |
run: | | |
echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT | |
- name: Get NPM cache directory path | |
id: npm-cache-dir-path | |
run: echo "dir=$(npm get cache)" >> $GITHUB_OUTPUT | |
- uses: actions/cache@v4 | |
with: | |
path: ${{ steps.composer-cache.outputs.dir }} | |
key: ${{ runner.os }}-composer-${{ hashFiles('*/composer.lock') }} | |
restore-keys: ${{ runner.os }}-composer- | |
- uses: actions/cache@v4 | |
id: npm-cache | |
with: | |
path: ${{ steps.npm-cache-dir-path.outputs.dir }} | |
key: ${{ runner.os }}-npm-${{ hashFiles('*/package-lock.json') }} | |
restore-keys: ${{ runner.os }}-npm- | |
- name: Composer install | |
run: composer install --no-scripts --no-progress | |
- run: cp .env.example .env | |
- name: NPM install | |
run: npm ci --include=dev | |
env: | |
NODE_ENV: production | |
- name: Build frontend (production) | |
run: npm run build | |
- name: Run unit tests | |
env: | |
COMPOSER_CACHE_DIR: ${{ steps.composer-cache.outputs.dir }} | |
SYMFONY_DEPRECATIONS_HELPER: disabled | |
DATABASE_HOST: postgres | |
DATABASE_PORT: 5432 | |
REDIS_HOST: valkey | |
REDIS_PORT: 6379 | |
run: php bin/phpunit tests/Unit | |
- name: Run integration tests | |
env: | |
COMPOSER_CACHE_DIR: ${{ steps.composer-cache.outputs.dir }} | |
SYMFONY_DEPRECATIONS_HELPER: disabled | |
DATABASE_HOST: postgres | |
DATABASE_PORT: 5432 | |
REDIS_HOST: valkey | |
REDIS_PORT: 6379 | |
run: php bin/phpunit tests/Functional | |
services: | |
postgres: | |
# Docker Hub image | |
image: postgres:16 | |
# Provide the password for postgres | |
env: | |
POSTGRES_DB: mbin_test | |
POSTGRES_USER: mbin | |
POSTGRES_PASSWORD: ChangeThisPostgresPass | |
# Set health checks to wait until postgres has started | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
valkey: | |
# Docker Hub image | |
image: valkey/valkey | |
# Set health checks to wait until redis has started | |
options: >- | |
--health-cmd "redis-cli ping" | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
audit-check: | |
runs-on: ubuntu-latest | |
container: | |
image: danger89/mbin-pipeline:1.3.0 | |
continue-on-error: true | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Get Composer cache directory | |
id: composer-cache | |
run: | | |
echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT | |
- name: Cache vendor directory | |
uses: actions/cache@v4 | |
with: | |
path: ${{ steps.composer-cache.outputs.dir }} | |
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} | |
restore-keys: ${{ runner.os }}-composer- | |
- run: cp .env.example .env | |
- name: Composer install | |
run: composer install --no-scripts --no-progress | |
- name: Run Npm audit | |
run: npm audit --omit=dev | |
- name: Run Composer audit | |
env: | |
COMPOSER_AUDIT_ABANDONED: ignore | |
run: composer audit | |
fixer-dry-run: | |
runs-on: ubuntu-latest | |
container: | |
image: danger89/mbin-pipeline:1.3.0 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Get Composer Cache Directory | |
id: composer-cache | |
run: | | |
echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT | |
- uses: actions/cache@v4 | |
with: | |
path: ${{ steps.composer-cache.outputs.dir }} | |
key: ${{ runner.os }}-composer-tools-${{ hashFiles('**/composer.lock') }} | |
restore-keys: ${{ runner.os }}-composer-tools- | |
- name: Composer tools install | |
run: composer -d tools install --no-scripts --no-progress | |
- name: php-cs-fixer dry-run | |
run: tools/vendor/bin/php-cs-fixer fix --dry-run -v --show-progress=none #--format=checkstyle #would be nice if codeberg did something with this like github does. | |
build-and-publish-docker-image: | |
runs-on: ubuntu-latest | |
# Let's only run this on branches and tagged releases only | |
# Because the Docker build takes quite some time. | |
if: github.event_name != 'pull_request' | |
permissions: | |
contents: write | |
packages: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Login to ghcr | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Docker meta data | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ghcr.io/mbinorg/mbin | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./docker/Dockerfile | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} |