ILENE-10: Neuigkeiten #102
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
release: | |
types: | |
- created | |
- published | |
env: | |
PHP_VERSION: 8.3 | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
jobs: | |
test-backend: | |
name: Run Laravel tests | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup PHP | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: ${{ env.PHP_VERSION }} | |
coverage: xdebug | |
- name: Install Composer | |
run: | | |
wget https://github.com/composer/composer/releases/latest/download/composer.phar -O ./composer | |
chmod +x ./composer | |
- uses: actions/cache/restore@v4 | |
id: cache | |
with: | |
path: vendor | |
key: ${{ runner.os }}-${{ hashFiles('composer.lock') }} | |
- name: Install dependencies | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: ./composer install | |
- uses: actions/cache/save@v4 | |
if: steps.cache.outputs.cache-hit != 'true' | |
with: | |
path: vendor | |
key: ${{ runner.os }}-${{ hashFiles('composer.lock') }} | |
- name: Check code style | |
run: php ./vendor/bin/pint --bail | |
- name: Run tests | |
run: ./composer run-script test | |
- name: Save coverage report | |
uses: actions/upload-artifact@v4 | |
with: | |
name: coverage-backend | |
path: coverage-backend.xml | |
openapi: | |
name: Generate OpenAPI spec | |
runs-on: ubuntu-latest | |
outputs: | |
run_id: ${{ github.run_id }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup PHP | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: ${{ env.PHP_VERSION }} | |
coverage: xdebug | |
- name: Install Composer | |
run: | | |
wget https://github.com/composer/composer/releases/latest/download/composer.phar -O ./composer | |
chmod +x ./composer | |
- uses: actions/cache/restore@v4 | |
id: cache | |
with: | |
path: vendor | |
key: ${{ runner.os }}-${{ hashFiles('composer.lock') }} | |
- name: Install dependencies | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: ./composer install | |
- uses: actions/cache/save@v4 | |
if: steps.cache.outputs.cache-hit != 'true' | |
with: | |
path: vendor | |
key: ${{ runner.os }}-${{ hashFiles('composer.lock') }} | |
- uses: hoverkraft-tech/[email protected] | |
with: | |
up-flags: -d | |
services: | | |
db | |
redis | |
- name: Create .env file | |
run: | | |
tee .env <<EOL | |
APP_KEY= | |
JWT_SECRET= | |
DB_HOST=db | |
REDIS_HOST=redis | |
EOL | |
- name: Set keys | |
run: ./artisan app:key-generate | |
- name: Migrate | |
run: ./artisan migrate --force --seed | |
- name: Export OpenAPI spec | |
run: ./artisan scramble:export | |
- name: Save coverage report | |
uses: actions/upload-artifact@v4 | |
with: | |
name: openapi | |
path: api.json | |
build-frontend: | |
name: Build Next.js app | |
runs-on: ubuntu-latest | |
needs: | |
- openapi | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: oven-sh/setup-bun@v1 | |
with: | |
bun-version: latest | |
- uses: actions/cache/restore@v4 | |
id: cache | |
with: | |
path: frontend/node_modules | |
key: ${{ runner.os }}-${{ hashFiles('frontend/bun.lockb') }} | |
- name: Install Dependencies | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: bun install --frozen-lockfile --ignore-scripts | |
working-directory: frontend | |
- uses: actions/cache/save@v4 | |
if: steps.cache.outputs.cache-hit != 'true' | |
with: | |
path: frontend/node_modules | |
key: ${{ runner.os }}-${{ hashFiles('frontend/bun.lockb') }} | |
- name: Download OpenAPI spec | |
uses: actions/download-artifact@v4 | |
with: | |
name: openapi | |
run-id: ${{ needs.openapi.outputs.run_id }} | |
path: ./frontend | |
- name: Generate API client | |
run: bash gen-api-client.sh | |
working-directory: frontend | |
- name: Lint | |
run: bun run lint | |
working-directory: frontend | |
- name: Build | |
run: bun run build | |
working-directory: frontend | |
upload-coverage: | |
name: Upload coverage reports to Codacy | |
runs-on: ubuntu-latest | |
if: github.event_name != 'pull_request' | |
needs: | |
- test-backend | |
- build-frontend | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
name: coverage-backend | |
run-id: | |
- name: Upload reports | |
uses: codacy/[email protected] | |
with: | |
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | |
coverage-reports: coverage-backend.xml | |
build-docker-images: | |
name: Build Docker image | |
runs-on: ubuntu-latest | |
needs: | |
- test-backend | |
- build-frontend | |
- openapi | |
permissions: | |
contents: read | |
packages: write | |
attestations: write | |
id-token: write | |
strategy: | |
matrix: | |
component: | |
- backend | |
- frontend | |
steps: | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Download OpenAPI spec | |
uses: actions/download-artifact@v4 | |
with: | |
name: openapi | |
run-id: ${{ needs.openapi.outputs.run_id }} | |
path: ./frontend | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
labels: | | |
org.opencontainers.image.title="intranet-${{ matrix.component }}" | |
org.opencontainers.image.vendor="act coding GbR" | |
- name: Build and push | |
uses: docker/build-push-action@v5 | |
id: push | |
with: | |
context: . | |
file: docker/Dockerfile.${{ matrix.component }} | |
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/${{ matrix.component }} | |
labels: ${{ steps.meta.outputs.labels }} | |
push: ${{ github.event_name != 'pull_request' }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: Generate artifact attestation | |
uses: actions/attest-build-provenance@v1 | |
if: github.event_name != 'pull_request' | |
with: | |
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/${{ matrix.component }} | |
subject-digest: ${{ steps.push.outputs.digest }} | |
push-to-registry: true |