chore: Updated ci workflow #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| jobs: | |
| build-test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup PHP | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: '8.3' | |
| extensions: mbstring, xml, ctype, iconv, intl, pdo_sqlite, dom, filter, gd, iconv, json, mbstring, pdo | |
| - name: Validate composer.json and composer.lock | |
| run: composer validate --strict | |
| - name: Cache Composer packages | |
| id: composer-cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: vendor | |
| key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-php- | |
| - name: Install dependencies | |
| run: composer install --prefer-dist --no-progress | |
| - name: Run test suite | |
| run: vendor/bin/phpunit | |
| - name: Security Check | |
| uses: symfonycorp/security-checker-action@v5 | |
| - name: Create GitHub Issue on Security Failure | |
| if: failure() | |
| uses: actions/github-script@v6 | |
| with: | |
| github-token: ${{secrets.GITHUB_TOKEN}} | |
| script: | | |
| const fs = require('fs'); | |
| const securityCheckOutput = fs.readFileSync('${{ steps.security-check.outputs.logfile }}', 'utf8'); | |
| const issueBody = ` | |
| # Security Vulnerabilities Detected | |
| The security check has detected vulnerabilities in the project dependencies. | |
| ## Details: | |
| \`\`\` | |
| ${securityCheckOutput} | |
| \`\`\` | |
| Please review these vulnerabilities and update the affected dependencies if possible. | |
| _This issue was automatically created by the Security Check GitHub Action._ | |
| `; | |
| const issues = await github.rest.issues.listForRepo({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| state: 'open', | |
| labels: ['security'] | |
| }); | |
| const existingIssue = issues.data.find(issue => issue.title.includes('Security Vulnerabilities Detected')); | |
| if (existingIssue) { | |
| await github.rest.issues.update({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: existingIssue.number, | |
| body: issueBody | |
| }); | |
| } else { | |
| await github.rest.issues.create({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| title: 'Security Vulnerabilities Detected', | |
| body: issueBody, | |
| labels: ['security'] | |
| }); | |
| } |