Update README.md #112
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Integration | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| env: | |
| APP_NAME: samplesyncapp | |
| permissions: | |
| contents: read | |
| security-events: write | |
| pull-requests: write | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Validate composer.json and composer.lock | |
| run: composer validate --strict | |
| - name: Cache Dev Composer dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/composer-cache | |
| key: ${{ runner.os }}-php-dev-${{ hashFiles('**/composer.lock') }} | |
| - name: Install DEV Dependencies | |
| uses: php-actions/composer@v6 | |
| - name: PHP Static Analysis | |
| uses: php-actions/phpstan@v3 | |
| with: | |
| level: 9 | |
| path: src/ | |
| - name: PHPUnit Tests | |
| uses: php-actions/phpunit@v3 | |
| with: | |
| version: 9 | |
| bootstrap: vendor/autoload.php | |
| configuration: tests/phpunit.xml | |
| args: --coverage-text | |
| - name: Install Prod Dependencies | |
| uses: php-actions/composer@v6 | |
| with: | |
| only_args: --no-interaction --no-dev --ignore-platform-reqs --optimize-autoloader | |
| - name: Setup Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Docker Meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.APP_NAME }} | |
| flavor: | | |
| latest=auto | |
| tags: | | |
| type=edge,branch=main | |
| type=semver,pattern={{version}} | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build and Push Docker Image | |
| id: docker_build | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| sbom: true | |
| provenance: mode=max | |
| push: ${{ github.event_name != 'pull_request' }} | |
| - name: Show Image Digest | |
| run: echo ${{ steps.docker_build.outputs.digest }} | |
| - name: Docker Scout | |
| id: docker-scout | |
| if: ${{ github.event_name != 'pull_request_target' }} | |
| uses: docker/scout-action@v1 | |
| with: | |
| command: cves, recommendations | |
| image: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.APP_NAME }}:${{ steps.meta.outputs.version }} | |
| sarif-file: sarif.output.json | |
| summary: true | |
| - name: Upload SARIF result | |
| id: upload-sarif | |
| if: ${{ github.event_name != 'pull_request_target' }} | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: sarif.output.json |