chore(deps): update varnish docker tag to v7.6.1 #3209
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI (mandatory checks) | |
on: | |
push: | |
branches-ignore: | |
- staging | |
- prod | |
- devel | |
- gh-readonly-queue/** | |
tags-ignore: | |
- staging | |
- prod | |
pull_request: | |
merge_group: | |
workflow_dispatch: | |
workflow_call: | |
env: | |
USER_ID: 1001 | |
DOCKER_BUILDKIT: 1 | |
COMPOSE_DOCKER_CLI_BUILD: 1 | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name }} | |
cancel-in-progress: true | |
jobs: | |
api-cs-check: | |
name: 'Lint: API (php-cs-fixer)' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
- uses: shivammathur/setup-php@v2 | |
with: | |
php-version: '8.3.12' | |
tools: composer:2.8.0 | |
coverage: none | |
- name: Get Composer Cache Directory | |
id: composer-cache | |
run: 'echo "dir=$(composer config cache-files-dir)" | tr -d "\n" >> $GITHUB_OUTPUT' | |
working-directory: api | |
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 | |
with: | |
path: ${{ steps.composer-cache.outputs.dir }} | |
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} | |
restore-keys: | | |
${{ runner.os }}-composer- | |
- run: composer install --no-interaction --no-plugins --no-scripts --prefer-dist | |
working-directory: api | |
- run: php vendor/bin/php-cs-fixer fix --config=.php-cs-fixer.php -v --dry-run --diff | |
working-directory: api | |
frontend-eslint: | |
name: 'Lint: Frontend (ESLint)' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: '22.9.0' | |
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- run: npm ci --no-audit | |
working-directory: frontend | |
- run: | | |
npm run lint:check:eslint | |
result=$(npm run lint:check:prettier) | |
echo $result | |
if echo $result | grep -E "Code style issues found"; then | |
exit 1 | |
fi | |
working-directory: frontend | |
client-print-eslint: | |
name: 'Lint: ClientPrint (ESLint)' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: '22.9.0' | |
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- run: npm ci --no-audit | |
working-directory: pdf | |
- run: | | |
npm run lint:check:eslint | |
result=$(npm run lint:check:prettier) | |
echo $result | |
if echo $result | grep -E "Code style issues found"; then | |
exit 1 | |
fi | |
working-directory: pdf | |
print-eslint: | |
name: 'Lint: Print (ESLint)' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: '22.9.0' | |
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- run: npm ci --no-audit | |
working-directory: print | |
- run: | | |
npm run lint:check:eslint | |
result=$(npm run lint:check:prettier) | |
echo $result | |
if echo $result | grep -E "Code style issues found"; then | |
exit 1 | |
fi | |
working-directory: print | |
e2e-lint: | |
name: 'Lint: e2e (ESLint)' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: '22.9.0' | |
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- run: npm ci --no-audit | |
working-directory: e2e | |
- run: | | |
npm run lint:check:eslint | |
result=$(npm run lint:check:prettier) | |
echo $result | |
if echo $result | grep -E "Code style issues found"; then | |
exit 1 | |
fi | |
working-directory: e2e | |
api-tests: | |
name: 'Tests: API' | |
runs-on: ubuntu-latest | |
env: | |
TEST_DATABASE_URL: postgresql://ecamp3:ecamp3@localhost:5432/ecamp3test?serverVersion=15&charset=utf8 | |
services: | |
postgres: | |
image: 'postgres:15-alpine' | |
env: | |
POSTGRES_DB: 'ecamp3test' | |
POSTGRES_PASSWORD: 'ecamp3' | |
POSTGRES_USER: 'ecamp3' | |
ports: | |
- '5432:5432' | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
- uses: shivammathur/setup-php@v2 | |
with: | |
php-version: '8.3.12' | |
extensions: intl-73.1 | |
tools: composer:2.8.0 | |
coverage: pcov | |
- name: Get Composer Cache Directory | |
id: composer-cache | |
run: 'echo "dir=$(composer config cache-files-dir)" | tr -d "\n" >> $GITHUB_OUTPUT' | |
working-directory: api | |
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 | |
with: | |
path: ${{ steps.composer-cache.outputs.dir }} | |
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} | |
restore-keys: | | |
${{ runner.os }}-composer- | |
- run: composer install --prefer-dist --no-progress --no-interaction | |
working-directory: api | |
- run: | | |
mkdir -p var/cache var/log | |
jwt_passphrase=${JWT_PASSPHRASE:-$(grep ''^JWT_PASSPHRASE='' .env | cut -f 2 -d ''='')} | |
echo "Generating public / private keys for JWT" | |
mkdir -p config/jwt | |
echo "$jwt_passphrase" | openssl genpkey -out config/jwt/private.pem -pass stdin -aes256 -algorithm rsa -pkeyopt rsa_keygen_bits:4096 | |
echo "$jwt_passphrase" | openssl pkey -in config/jwt/private.pem -passin stdin -out config/jwt/public.pem -pubout | |
setfacl -R -m u:www-data:rX -m u:"$(whoami)":rwX config/jwt | |
setfacl -dR -m u:www-data:rX -m u:"$(whoami)":rwX config/jwt | |
working-directory: api | |
- run: php bin/console doctrine:migrations:migrate --no-interaction -e test | |
working-directory: api | |
- run: composer test | |
working-directory: api | |
env: | |
PERFORMANCE_TEST_DEBUG_OUTPUT: ${{ vars.PERFORMANCE_TEST_DEBUG_OUTPUT }} | |
- name: send coveralls report | |
run: | | |
sed -i "s|$(pwd)/api/|api/|g" api/build/logs/clover.xml | |
api/vendor/bin/php-coveralls -v \ | |
--coverage_clover api/build/logs/clover.xml \ | |
--json_path api/build/logs/coveralls-upload.json | |
env: | |
COVERALLS_REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
COVERALLS_PARALLEL: true | |
COVERALLS_FLAG_NAME: api | |
frontend-tests: | |
name: 'Tests: Frontend' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: '22.9.0' | |
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- run: npm ci --no-audit | |
working-directory: pdf | |
- run: npm run build | |
working-directory: pdf | |
- run: npm ci --no-audit | |
working-directory: frontend | |
- run: npm run build | |
working-directory: frontend | |
- run: npm run test:unit | |
working-directory: frontend | |
- name: replace paths in lcov.info that they reflect repo path | |
run: | | |
sed -i "s|src/|frontend/src/|g" frontend/data/coverage/lcov.info | |
- name: Coveralls Parallel | |
uses: coverallsapp/github-action@v2 | |
with: | |
flag-name: frontend | |
parallel: true | |
fail-on-error: false | |
print-tests: | |
name: 'Tests: Print' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: '22.9.0' | |
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- run: npm ci --no-audit | |
working-directory: print | |
- run: npm run build | |
working-directory: print | |
env: | |
NODE_OPTIONS: --openssl-legacy-provider | |
- run: npm run test | |
working-directory: print | |
- name: replace paths in lcov.info that they reflect repo path | |
run: | | |
sed -i "s|SF:|SF:print/|g" print/coverage/lcov.info | |
- name: Coveralls Parallel | |
uses: coverallsapp/github-action@v2 | |
with: | |
flag-name: print | |
parallel: true | |
fail-on-error: false | |
pdf-tests: | |
name: 'Tests: PDF' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: '22.9.0' | |
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- run: npm ci --no-audit | |
working-directory: pdf | |
- run: npm run build | |
working-directory: pdf | |
- run: npm run test:unit | |
working-directory: pdf | |
- name: replace paths in lcov.info that they reflect repo path | |
run: | | |
sed -i "s|src/|pdf/src/|g" pdf/data/coverage/lcov.info | |
- name: Coveralls Parallel | |
uses: coverallsapp/github-action@v2 | |
with: | |
flag-name: pdf | |
parallel: true | |
fail-on-error: false | |
e2e-tests-build: | |
name: 'Tests: End-to-end build' | |
uses: ./.github/workflows/reusable-e2e-tests-build.yml | |
e2e-tests-run: | |
name: 'Tests: End-to-end run' | |
needs: | |
- e2e-tests-build | |
uses: ./.github/workflows/reusable-e2e-tests-run.yml | |
coveralls-finished: | |
name: 'Finish coveralls report' | |
needs: | |
- api-tests | |
- frontend-tests | |
- print-tests | |
- pdf-tests | |
runs-on: ubuntu-latest | |
steps: | |
- uses: coverallsapp/github-action@v2 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
parallel-finished: true | |
carryforward: "api,frontend,print,pdf" | |
fail-on-error: false | |
workflow-success: | |
name: workflow-success | |
needs: | |
- api-cs-check | |
- frontend-eslint | |
- print-eslint | |
- e2e-lint | |
- client-print-eslint | |
- api-tests | |
- frontend-tests | |
- print-tests | |
- pdf-tests | |
- e2e-tests-run | |
runs-on: ubuntu-latest | |
if: always() | |
steps: | |
- name: Fail if not all jobs were successful | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const needs = `${{ toJSON(needs) }}`; | |
const needsObject = JSON.parse(needs); | |
for (const [key, value] of Object.entries(needsObject)) { | |
if (value.result != 'success') { | |
core.setFailed(`Job ${key} failed`); | |
} | |
} | |
ci-passed-event: | |
name: 'Send out CI success event' | |
if: github.event_name == 'push' && (github.event.pull_request && github.event.pull_request.number) | |
needs: | |
- workflow-success | |
runs-on: ubuntu-latest | |
steps: | |
- uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3 | |
with: | |
event-type: ci-passed | |
client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}"}' |