-
Notifications
You must be signed in to change notification settings - Fork 47
131 lines (129 loc) · 4.69 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: CI
on:
push:
# Prevent duplicate jobs on Dependabot PRs that interfere with automerge.
branches-ignore:
- 'dependabot/**'
pull_request:
schedule:
- cron: "0 2 * * *"
release:
types: [published]
defaults:
run:
# Run Git Bash on Windows. Otherwise, it uses PowerShell Core, and we'd need
# to install more dependencies. Ubuntu default shell is already Bash.
# @see https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#using-a-specific-shell
shell: bash
env:
# Using upload token helps against rate limiting errors.
# Cannot define it as secret as we need it accessible from forks.
# See https://github.com/codecov/codecov-action/issues/837
CODECOV_TOKEN: 39b3f423-92e0-491b-aba0-f9b56c451c72
jobs:
test:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: ["ubuntu-22.04"]
php: ["8.0", "8.1", "8.2"]
coverage: ["none"]
include:
- os: "ubuntu-22.04"
php: "8.1"
coverage: "pcov"
# Only test pre-installed (i.e. fast) versions of PHP on Windows.
- os: "windows-2022"
php: "8.2"
coverage: "none"
steps:
- name: Prepare Git
# Windows corrupts line endings on checkout, causing test failures.
run: git config --global core.autocrlf false
- uses: actions/checkout@v3
- uses: shivammathur/setup-php@v2
with:
ini-file: development
php-version: ${{ matrix.php }}
# Only report coverage once
coverage: ${{ matrix.coverage }}
- name: Check for abandoned dependencies
if: matrix.os == 'ubuntu-22.04'
run: cat composer.lock | jq '.packages[] | select(.abandoned and .name != "php-http/message-factory")' | grep -q ^ && echo 'Abandoned Composer packages found' && exit 1 || exit 0
- name: Check for insecure dependencies
run: composer audit
- name: Composer install
run: composer install --prefer-dist --no-interaction --optimize-autoloader
- name: Check dependency licenses
if: matrix.os == 'ubuntu-22.04'
run: ./vendor/bin/composer-license-checker check --allowlist GPL-2.0-or-later --allowlist MIT --allowlist BSD-2-Clause --allowlist Apache-2.0 --allowlist LGPL-3.0-or-later --allowlist BSD-3-Clause --allowlist GPL-2.0-only --allow ltd-beget
- name: Run tests
if: matrix.coverage == 'none'
run: |
composer validate --no-check-all --ansi
# Catch PSR issues to prevent phantom tests.
# @see https://github.com/acquia/cli/pull/1065
composer dump-autoload --strict-psr
composer test
- name: Run coverage
if: matrix.coverage == 'pcov'
run: composer coverage
- name: Upload coverage results to Codecov
if: matrix.coverage == 'pcov'
uses: codecov/codecov-action@v3
with:
token: ${{ env.CODECOV_TOKEN }}
build-release:
runs-on: ubuntu-22.04
permissions:
contents: write
steps:
- uses: actions/checkout@v3
- uses: shivammathur/setup-php@v2
with:
coverage: none
php-version: '8.1'
- name: 'Get ACLI version'
id: acli-version
run: |
if [[ "$GITHUB_REF_TYPE" == 'tag' ]]; then
echo "ACLI_VERSION=$GITHUB_REF_NAME" >> $GITHUB_OUTPUT
else
echo "ACLI_VERSION=$GITHUB_SHA" >> $GITHUB_OUTPUT
fi
- name: 'Create env file'
run: |
touch .env
echo BUGSNAG_KEY=${{ secrets.BUGSNAG_KEY }} >> .env
echo AMPLITUDE_KEY=${{ secrets.AMPLITUDE_KEY }} >> .env
echo ACLI_VERSION=${{ steps.acli-version.outputs.ACLI_VERSION }} >> .env
- name: Build
run: |
composer install --no-dev --optimize-autoloader
composer box-install
# Warm the symfony cache so it gets bundled with phar.
./bin/acli
composer box-compile
- name: Store artifact
uses: actions/upload-artifact@v3
with:
name: acli.phar
path: var/acli.phar
- name: Release
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
files: var/acli.phar
# Require all checks to pass without having to enumerate them in the branch protection UI.
# @see https://github.community/t/is-it-possible-to-require-all-github-actions-tasks-to-pass-without-enumerating-them/117957
check:
if: always()
needs:
- test
- build-release
runs-on: ubuntu-22.04
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}