Security update #183
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: pull_request | |
| name: Review | |
| jobs: | |
| test-composer-install: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| php: [ '8.3' ] | |
| name: Validate composer (${{ matrix.php}}) | |
| steps: | |
| - uses: actions/checkout@master | |
| - name: Setup PHP, with composer and extensions | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: ${{ matrix.php}} | |
| coverage: none | |
| - name: Get composer cache directory | |
| id: composer-cache | |
| run: echo "::set-output name=dir::$(composer config cache-files-dir)" | |
| - name: Cache dependencies | |
| uses: actions/cache@v2 | |
| with: | |
| path: ${{ steps.composer-cache.outputs.dir }} | |
| key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}-${{ matrix.dependency-version }}- | |
| restore-keys: ${{ runner.os }}-composer-${{ matrix.dependency-version }}- | |
| - name: Validate composer files | |
| run: composer validate composer.json --strict | |
| - name: Composer install with exported .env variables | |
| run: | | |
| set -a && source .env && set +a | |
| APP_ENV=prod composer install --no-dev -o | |
| composer-normalize: | |
| name: composer-normalize | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - run: | | |
| docker network create frontend | |
| docker compose run --user root --rm phpfpm composer install | |
| docker compose run --user root --rm phpfpm composer normalize | |
| php-cs-fixer: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| php: ["8.3"] | |
| name: PHP Coding Standards Fixer (PHP ${{ matrix.php }}) | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Setup PHP, with composer and extensions | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: ${{ matrix.php}} | |
| extensions: apcu, ctype, iconv, imagick, json, pdo_sqlsrv, redis, soap, sqlsrv, xmlreader, zip | |
| coverage: none | |
| - name: Get composer cache directory | |
| id: composer-cache | |
| run: echo "::set-output name=dir::$(composer config cache-files-dir)" | |
| - name: Cache composer dependencies | |
| uses: actions/cache@v2 | |
| with: | |
| path: ${{ steps.composer-cache.outputs.dir }} | |
| key: ${{ matrix.php }}-composer-${{ hashFiles('**/composer.lock') }} | |
| restore-keys: ${{ matrix.php }}-composer- | |
| - name: Install Dependencies | |
| run: composer install -q --no-ansi --no-interaction --no-scripts --no-suggest --no-progress --prefer-dist | |
| - name: php-cs-fixer | |
| run: phpdbg -qrr ./vendor/bin/php-cs-fixer fix --dry-run | |
| twig-cs-fixer: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| php: ["8.3"] | |
| name: Twig Coding Standards Fixer (PHP ${{ matrix.php }}) | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Setup PHP, with composer and extensions | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: ${{ matrix.php}} | |
| extensions: apcu, ctype, iconv, imagick, json, pdo_sqlsrv, redis, soap, sqlsrv, xmlreader, zip | |
| coverage: none | |
| - name: Get composer cache directory | |
| id: composer-cache | |
| run: echo "::set-output name=dir::$(composer config cache-files-dir)" | |
| - name: Cache composer dependencies | |
| uses: actions/cache@v2 | |
| with: | |
| path: ${{ steps.composer-cache.outputs.dir }} | |
| key: ${{ matrix.php }}-composer-${{ hashFiles('**/composer.lock') }} | |
| restore-keys: ${{ matrix.php }}-composer- | |
| - name: Install Dependencies | |
| run: composer install -q --no-ansi --no-interaction --no-scripts --no-suggest --no-progress --prefer-dist | |
| - name: twig-cs-fixer | |
| run: phpdbg -qrr ./vendor/bin/twig-cs-fixer lint templates | |
| psalm: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| php: ['8.3'] | |
| name: Psalm static analysis (${{ matrix.php}}) | |
| steps: | |
| - uses: actions/checkout@master | |
| - name: Setup PHP, with composer and extensions | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: ${{ matrix.php}} | |
| extensions: ctype, iconv, imagick, json, redis, soap, xmlreader, zip | |
| coverage: none | |
| - name: Get composer cache directory | |
| id: composer-cache | |
| run: echo "::set-output name=dir::$(composer config cache-files-dir)" | |
| - name: Cache dependencies | |
| uses: actions/cache@v2 | |
| with: | |
| path: ${{ steps.composer-cache.outputs.dir }} | |
| key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}-${{ matrix.dependency-version }}- | |
| restore-keys: ${{ runner.os }}-composer-${{ matrix.dependency-version }}- | |
| - name: Install Dependencies | |
| run: | | |
| composer install -q --no-ansi --no-interaction --no-scripts --no-suggest --no-progress --prefer-dist | |
| bin/console cache:clear | |
| - name: Psalm | |
| run: ./vendor/bin/psalm --no-cache | |
| apispec: | |
| runs-on: ubuntu-latest | |
| name: API Specification validation | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| php: [ '8.3' ] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 2 | |
| - name: Setup PHP, with composer and extensions | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: ${{ matrix.php}} | |
| extensions: ctype, iconv, imagick, json, redis, soap, xmlreader, zip | |
| coverage: none | |
| - name: Get composer cache directory | |
| id: composer-cache | |
| run: echo "::set-output name=dir::$(composer config cache-files-dir)" | |
| - name: Cache dependencies | |
| uses: actions/cache@v2 | |
| with: | |
| path: ${{ steps.composer-cache.outputs.dir }} | |
| key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}-${{ matrix.dependency-version }}- | |
| restore-keys: ${{ runner.os }}-composer-${{ matrix.dependency-version }}- | |
| - name: Install Dependencies | |
| run: composer install -q --no-ansi --no-interaction --no-scripts --no-suggest --no-progress --prefer-dist | |
| - name: Export specifications | |
| run: bin/console api:openapi:export --yaml --output=public/api-spec-v1.yaml --no-interaction | |
| - name: Check for changes in specifications | |
| run: git diff --diff-filter=ACMRT --exit-code public/api-spec-v1.yaml | |
| changelog: | |
| runs-on: ubuntu-latest | |
| name: Changelog should be updated | |
| strategy: | |
| fail-fast: false | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 2 | |
| - name: Git fetch | |
| run: git fetch | |
| - name: Check that changelog has been updated. | |
| run: git diff --exit-code origin/develop -- CHANGELOG.md && exit 1 || exit 0 | |
| validate-doctrine-schema: | |
| runs-on: ubuntu-latest | |
| env: | |
| DATABASE_URL: mysql://db:[email protected]:3306/db_test?serverVersion=mariadb-10.5.13 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| php: [ "8.3" ] | |
| name: Validate Doctrine Schema (PHP ${{ matrix.php}}) | |
| services: | |
| mariadb: | |
| image: mariadb:10.5.13 | |
| env: | |
| MYSQL_USER: db | |
| MYSQL_PASSWORD: db | |
| MYSQL_DATABASE: db_test | |
| MYSQL_ROOT_PASSWORD: password | |
| ports: | |
| - 3306:3306 | |
| options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Setup PHP, with composer and extensions | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: ${{ matrix.php}} | |
| extensions: apcu, ctype, iconv, imagick, json, pdo_sqlsrv, redis, soap, sqlsrv, xmlreader, zip | |
| coverage: none | |
| - name: Get composer cache directory | |
| id: composer-cache | |
| run: echo "::set-output name=dir::$(composer config cache-files-dir)" | |
| - name: Cache composer dependencies | |
| uses: actions/cache@v2 | |
| with: | |
| path: ${{ steps.composer-cache.outputs.dir }} | |
| key: ${{ matrix.php }}-composer-${{ hashFiles('**/composer.lock') }} | |
| restore-keys: ${{ matrix.php }}-composer- | |
| - name: 'Composer install with exported .env variables' | |
| run: | | |
| set -a && source .env && set +a | |
| APP_ENV=prod composer install --no-dev -o | |
| - name: Run Doctrine Migrations | |
| run: APP_ENV=prod php bin/console doctrine:migrations:migrate --no-interaction | |
| - name: Validate Doctrine schema | |
| run: APP_ENV=prod php bin/console doctrine:schema:validate | |
| translations: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| name: Check translations are up to date | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Update translations | |
| run: | | |
| docker network create frontend | |
| docker compose run --rm --user root phpfpm composer install --no-scripts | |
| docker compose run --rm --user root phpfpm composer update-translations | |
| - name: Check for changes in translation files | |
| run: | | |
| git diff --diff-filter=ACMRT --exit-code translations | |
| assets: | |
| runs-on: ubuntu-latest | |
| name: Lint assets | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Run Biome | |
| run: | | |
| docker network create frontend | |
| docker compose run --rm --user root phpfpm composer install --no-scripts | |
| docker compose run --rm --user root phpfpm bin/console biomejs:ci . |