Continuous Integration #103
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Integration | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| permissions: | |
| contents: read | |
| security-events: write | |
| pull-requests: write | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Validate composer.json and composer.lock | |
| run: composer validate --strict | |
| - name: Cache Dev Composer dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/composer-cache | |
| key: ${{ runner.os }}-php-dev-${{ hashFiles('**/composer.lock') }} | |
| - name: Install DEV Dependencies | |
| uses: php-actions/composer@v6 | |
| - name: PHP Static Analysis | |
| uses: php-actions/phpstan@v3 | |
| with: | |
| level: 9 | |
| path: src/ | |
| - name: PHPUnit Tests | |
| uses: php-actions/phpunit@v3 | |
| with: | |
| version: 9 | |
| bootstrap: vendor/autoload.php | |
| configuration: tests/phpunit.xml | |
| args: --coverage-text | |
| - name: Install Prod Dependencies | |
| uses: php-actions/composer@v6 | |
| with: | |
| only_args: --no-interaction --no-dev --ignore-platform-reqs --optimize-autoloader | |
| - name: Setup Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Docker Meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ secrets.DOCKERHUB_USERNAME }}/samplesyncapp | |
| flavor: | | |
| latest=auto | |
| tags: | | |
| type=edge,branch=main | |
| type=semver,pattern={{version}} | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build and Push Docker Image | |
| id: docker_build | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| sbom: true | |
| provenance: mode=max | |
| push: ${{ github.event_name != 'pull_request' }} | |
| - name: Show Image Digest | |
| run: echo ${{ steps.docker_build.outputs.digest }} | |
| - name: Show Image Tag | |
| run: | | |
| echo "JSON is ${{ steps.meta.outputs.json }}" | |
| echo "tags are ${{ steps.meta.outputs.json.tags }}" | |
| echo "tag is ${{ steps.meta.outputs.json.tags[0] }}" | |
| - name: Docker Scout | |
| id: docker-scout | |
| if: ${{ github.event_name != 'pull_request_target' }} | |
| uses: docker/scout-action@v1 | |
| with: | |
| command: cves, recommendations | |
| image: ${{ steps.meta.outputs.tags[0] }} | |
| sarif-file: sarif.output.json | |
| summary: true | |
| - name: Upload SARIF result | |
| id: upload-sarif | |
| if: ${{ github.event_name != 'pull_request_target' }} | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: sarif.output.json |