Skip to content

Access permissions 6: Complete test cases #9544

Access permissions 6: Complete test cases

Access permissions 6: Complete test cases #9544

Workflow file for this run

# To upgrade pinned actions: Use https://github.com/mheap/pin-github-action
name: CI - Backend
on:
push:
branches-ignore:
- "main"
- "release/**"
paths:
- "**"
- "!.github/**"
- ".github/workflows/backend.yml"
- "!.tx/**"
- "!.vscode/**"
- "!assets/**"
- "!panel/**"
- "!scripts/**"
pull_request:
branches-ignore:
- "main"
- "release/**"
paths:
- "**"
- "!.github/**"
- ".github/workflows/backend.yml"
- "!.tx/**"
- "!.vscode/**"
- "!assets/**"
- "!panel/**"
- "!scripts/**"
workflow_call:
workflow_dispatch:
jobs:
tests:
name: "Unit tests - PHP ${{ matrix.php }}"
# run job only under the following conditions:
# - can be triggered manually from any repository
# - if on pull request, only run if from a fork
# (our own repo is covered by the push event)
# - if on push, only run CI automatically for the
# main getkirby/kirby repo and for forks
if: >
github.event_name == 'workflow_dispatch' ||
(
github.event_name == 'pull_request' &&
github.event.pull_request.head.repo.full_name != github.repository
) ||
(
github.event_name == 'push' &&
(github.repository == 'getkirby/kirby' || github.repository_owner != 'getkirby')
)
runs-on: ubuntu-22.04
timeout-minutes: 5
strategy:
matrix:
php: ["8.2", "8.3", "8.4"]
env:
extensions: mbstring, ctype, curl, gd, apcu, memcached, redis
ini: apc.enabled=1, apc.enable_cli=1, pcov.directory=., "pcov.exclude=\"~(vendor|tests)~\""
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4
with:
fetch-depth: 2
- name: Preparations
run: mkdir sarif
- name: Install memcached
uses: niden/actions-memcached@3b3ecd9d0d035ea92db716dc1540a7dbe9e56349 # pin@v7
- name: Install redis
uses: supercharge/redis-github-action@ea9b21c6ecece47bd99595c532e481390ea0f044 # pin@v1
with:
redis-version: 7
- name: Install system locales
run: sudo apt-get update && sudo apt-get install -y locales-all
- name: Setup PHP cache environment
id: ext-cache
uses: shivammathur/cache-extensions@b5046118b75df28d2b24c968b417e81a6211a7fc # pin@v1
with:
php-version: ${{ matrix.php }}
extensions: ${{ env.extensions }}
key: php-v1
- name: Cache PHP extensions
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # pin@v4
with:
path: ${{ steps.ext-cache.outputs.dir }}
key: ${{ steps.ext-cache.outputs.key }}
restore-keys: ${{ steps.ext-cache.outputs.key }}
- name: Setup PHP environment
uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # pin@v2
with:
php-version: ${{ matrix.php }}
extensions: ${{ env.extensions }}
ini-values: ${{ env.ini }}
coverage: pcov
tools: phpunit:10.5.38, psalm:5.26.1
- name: Setup problem matchers
run: |
echo "::add-matcher::${{ runner.tool_cache }}/php.json"
echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
- name: Cache analysis data
id: finishPrepare
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # pin@v4
with:
path: ~/.cache/psalm
key: backend-analysis-${{ matrix.php }}
- name: Check Composer platform requirements
if: always() && steps.finishPrepare.outcome == 'success'
run: composer check-platform-reqs
- name: Run tests
if: always() && steps.finishPrepare.outcome == 'success'
run: phpunit --fail-on-skipped --coverage-clover ${{ github.workspace }}/clover.xml
- name: Statically analyze using Psalm
if: always() && steps.finishPrepare.outcome == 'success' && matrix.php != '8.4'
run: psalm --output-format=github --php-version=${{ matrix.php }} --report=sarif/psalm.sarif --report-show-info=false
- name: Upload coverage results to Codecov
env:
token: ${{ secrets.CODECOV_TOKEN }}
PHP: ${{ matrix.php }}
if: env.token != ''
uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # pin@v5
with:
token: ${{ secrets.CODECOV_TOKEN }} # for better reliability if the GitHub API is down
fail_ci_if_error: true
files: ${{ github.workspace }}/clover.xml
flags: backend
env_vars: PHP
- name: Upload code scanning results to GitHub
if: always() && steps.finishPrepare.outcome == 'success' && github.repository == 'getkirby/kirby' && matrix.php != '8.4'
uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # pin@v3
with:
sarif_file: sarif
analysis:
name: "Code Quality"
# run job only under the following conditions:
# - can be triggered manually from any repository
# - if on pull request, only run if from a fork
# (our own repo is covered by the push event)
# - if on push, only run CI automatically for the
# main getkirby/kirby repo and for forks
if: >
github.event_name == 'workflow_dispatch' ||
(
github.event_name == 'pull_request' &&
github.event.pull_request.head.repo.full_name != github.repository
) ||
(
github.event_name == 'push' &&
(github.repository == 'getkirby/kirby' || github.repository_owner != 'getkirby')
)
runs-on: ubuntu-22.04
timeout-minutes: 5
env:
php: "8.2"
extensions: mbstring, ctype, curl, gd, apcu, memcached, redis
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4
- name: Preparations
run: mkdir sarif
- name: Setup PHP cache environment
id: ext-cache
uses: shivammathur/cache-extensions@b5046118b75df28d2b24c968b417e81a6211a7fc # pin@v1
with:
php-version: ${{ env.php }}
extensions: ${{ env.extensions }}
key: php-analysis-v1
- name: Cache PHP extensions
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # pin@v4
with:
path: ${{ steps.ext-cache.outputs.dir }}
key: ${{ steps.ext-cache.outputs.key }}
restore-keys: ${{ steps.ext-cache.outputs.key }}
- name: Setup PHP environment
id: finishPrepare
uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # pin@v2
with:
php-version: ${{ env.php }}
extensions: ${{ env.extensions }}
coverage: none
tools: |
composer:2.4.4, composer-normalize:2.28.3, composer-require-checker:4.1.0,
composer-unused:0.7.12, phpmd:2.13.0
- name: Validate composer.json/composer.lock
if: always() && steps.finishPrepare.outcome == 'success'
run: composer validate --strict --no-check-version --no-check-all
- name: Ensure that composer.json is normalized
if: always() && steps.finishPrepare.outcome == 'success'
run: composer-normalize --dry-run
- name: Check for unused Composer dependencies
if: always() && steps.finishPrepare.outcome == 'success'
run: composer-unused --no-progress
- name: Statically analyze using PHPMD
if: always() && steps.finishPrepare.outcome == 'success'
run: phpmd . github phpmd.xml.dist --exclude 'dependencies/*,tests/*,vendor/*' --reportfile-sarif sarif/phpmd.sarif
- name: Upload code scanning results to GitHub
if: always() && steps.finishPrepare.outcome == 'success' && github.repository == 'getkirby/kirby'
uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # pin@v3
with:
sarif_file: sarif
coding-style:
name: "Coding Style"
# run job only under the following conditions:
# - can be triggered manually from any repository
# - if on pull request, only run if from a fork
# (our own repo is covered by the push event)
# - if on push, only run CI automatically for the
# main getkirby/kirby repo and for forks
if: >
github.event_name == 'workflow_dispatch' ||
(
github.event_name == 'pull_request' &&
github.event.pull_request.head.repo.full_name != github.repository
) ||
(
github.event_name == 'push' &&
(github.repository == 'getkirby/kirby' || github.repository_owner != 'getkirby')
)
runs-on: ubuntu-22.04
timeout-minutes: 5
env:
php: "8.2"
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4
- name: Setup PHP environment
uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # pin@v2
with:
php-version: ${{ env.php }}
coverage: none
tools: php-cs-fixer:3.52.1
- name: Cache analysis data
id: finishPrepare
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # pin@v4
with:
path: ~/.php-cs-fixer
key: coding-style
- name: Check for PHP coding style violations
if: always() && steps.finishPrepare.outcome == 'success'
run: php-cs-fixer fix --diff --dry-run