switch to npx for audit #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
branches: | |
- master | |
jobs: | |
static: | |
runs-on: ubuntu-latest | |
env: | |
APP_ENV: test | |
TRUSTED_PROXIES: '' | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Set up PHP | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: 8.2 | |
- name: Set up Node.js | |
uses: actions/setup-node@v2 | |
with: | |
node-version: '18' | |
- name: Run PHP security checks | |
uses: symfonycorp/security-checker-action@v5 | |
- name: Run JS security checks | |
run: npx audit-ci@^7 --high --config .audit-ci.jsonc --report-type summary | |
- name: Install Composer dependencies | |
run: composer install --no-interaction --no-progress --ignore-platform-reqs | |
- name: Install Node.js dependencies | |
run: yarn install --immutable | |
- name: Cache warmup for PHPStan | |
run: php bin/console cache:warmup --env=dev | |
- name: Run PHPStan | |
run: php bin/phpstan analyse --no-progress --memory-limit 1G src | |
- name: Lint YAML | |
run: bin/console lint:yaml config | |
- name: Lint Twig | |
run: bin/console lint:twig templates | |
- name: Lint Container | |
run: bin/console lint:container | |
- name: Lint JS | |
run: yarn lint:js | |
- name: Lint CSS | |
run: yarn lint:css | |
- name: Run PHPUnit tests | |
run: | | |
mkdir -p public/build | |
printf "{}" > public/build/manifest.json | |
bin/simple-phpunit | |
deploy_staging: | |
runs-on: ubuntu-latest | |
needs: static | |
if: github.ref == 'refs/heads/master' | |
environment: staging | |
env: | |
APP_ENV: dev | |
TRUSTED_PROXIES: '' | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Set up PHP | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: 8.2 | |
- name: Set up Node.js | |
uses: actions/setup-node@v2 | |
with: | |
node-version: '18' | |
- name: Run PHP security checks | |
uses: symfonycorp/security-checker-action@v5 | |
- name: Run JS security checks | |
run: npx audit-ci@^7 --high --config .audit-ci.jsonc --report-type summary | |
- name: Install Composer dependencies | |
run: composer install --classmap-authoritative --no-interaction --no-progress --ignore-platform-reqs | |
- name: Build assets | |
run: yarn build --mode development | |
- name: Deploy to staging | |
run: | | |
# Add your deployment script here | |
deploy_prod: | |
runs-on: ubuntu-latest | |
needs: static | |
if: github.ref == 'refs/heads/master' | |
environment: production | |
env: | |
APP_ENV: prod | |
TRUSTED_PROXIES: '' | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Set up PHP | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: 8.2 | |
- name: Set up Node.js | |
uses: actions/setup-node@v2 | |
with: | |
node-version: '18' | |
- name: Run PHP security checks | |
uses: symfonycorp/security-checker-action@v5 | |
- name: Run JS security checks | |
run: npx audit-ci@^7 --high --config .audit-ci.jsonc --report-type summary | |
- name: Install Composer dependencies | |
run: composer install --no-dev --classmap-authoritative --no-interaction --no-progress --ignore-platform-reqs | |
- name: Build assets | |
run: yarn build | |
- name: Deploy to production | |
run: | | |
# Add your deployment script here |