vaas-php-ci #621
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: vaas-php-ci | |
on: | |
push: | |
branches: | |
- main | |
paths: | |
- "php/**" | |
- ".github/workflows/ci-php.yaml" | |
tags: | |
- "php*" | |
pull_request: | |
branches: | |
- main | |
paths: | |
- "php/**" | |
- ".github/workflows/ci-php.yaml" | |
workflow_dispatch: | |
inputs: | |
environment: | |
type: choice | |
description: "Test environment" | |
options: | |
- production | |
- staging | |
- develop | |
default: "production" | |
env: | |
CLIENT_ID: ${{ secrets.CLIENT_ID }} | |
CLIENT_SECRET: ${{secrets.CLIENT_SECRET}} | |
VAAS_URL: "wss://gateway.production.vaas.gdatasecurity.de" | |
TOKEN_URL: "https://account.gdata.de/realms/vaas-production/protocol/openid-connect/token" | |
VAAS_CLIENT_ID: ${{ secrets.VAAS_CLIENT_ID }} | |
VAAS_USER_NAME: ${{ secrets.VAAS_USER_NAME }} | |
VAAS_PASSWORD: ${{secrets.VAAS_PASSWORD}} | |
jobs: | |
build-php: | |
name: Build & Test PHP SDK | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
version: ["8.1", "8.2", "8.3"] | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
- name: Scan for Viruses | |
uses: ./.github/actions/vaas-scan-action | |
with: | |
VAAS_CLIENT_ID: ${{ secrets.VAAS_SCAN_CLIENT_ID }} | |
VAAS_CLIENT_SECRET: ${{ secrets.VAAS_SCAN_CLIENT_SECRET }} | |
- name: set staging environment | |
if: (inputs.environment == 'staging' || (startsWith(github.ref, 'refs/tags/php') && endsWith(github.ref, '-beta'))) | |
run: | | |
echo "CLIENT_ID=${{ secrets.STAGING_CLIENT_ID }}" >> $GITHUB_ENV | |
echo "CLIENT_SECRET=${{ secrets.STAGING_CLIENT_SECRET }}" >> $GITHUB_ENV | |
echo "VAAS_URL=wss://gateway.staging.vaas.gdatasecurity.de" >> $GITHUB_ENV | |
echo "TOKEN_URL=https://account-staging.gdata.de/realms/vaas-staging/protocol/openid-connect/token" >> $GITHUB_ENV | |
echo "VAAS_CLIENT_ID=${{ secrets.STAGING_VAAS_CLIENT_ID }}" >> $GITHUB_ENV | |
echo "VAAS_USER_NAME=${{ secrets.STAGING_VAAS_USER_NAME }}" >> $GITHUB_ENV | |
echo "VAAS_PASSWORD=${{ secrets.STAGING_VAAS_PASSWORD }}" >> $GITHUB_ENV | |
- name: set develop environment | |
if: (inputs.environment == 'develop' || (startsWith(github.ref, 'refs/tags/php') && endsWith(github.ref, '-alpha'))) | |
run: | | |
echo "CLIENT_ID=${{ secrets.DEVELOP_CLIENT_ID }}" >> $GITHUB_ENV | |
echo "CLIENT_SECRET=${{ secrets.DEVELOP_CLIENT_SECRET }}" >> $GITHUB_ENV | |
echo "VAAS_URL=wss://gateway.develop.vaas.gdatasecurity.de" >> $GITHUB_ENV | |
echo "TOKEN_URL=https://account-staging.gdata.de/realms/vaas-develop/protocol/openid-connect/token" >> $GITHUB_ENV | |
echo "VAAS_CLIENT_ID=${{ secrets.DEVELOP_VAAS_CLIENT_ID }}" >> $GITHUB_ENV | |
echo "VAAS_USER_NAME=${{ secrets.DEVELOP_VAAS_USER_NAME }}" >> $GITHUB_ENV | |
echo "VAAS_PASSWORD=${{ secrets.DEVELOP_VAAS_PASSWORD }}" >> $GITHUB_ENV | |
- name: setup PHP with PECL extension | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: ${{ matrix.version }} | |
- name: install php dependencies | |
uses: php-actions/composer@v6 | |
with: | |
working_dir: php/tests/vaas | |
php_version: ${{ matrix.version }} | |
- name: run tests | |
run: ./vendor/bin/phpunit --colors --testdox | |
working-directory: php/tests/vaas | |
- name: install example requirements | |
run: composer install | |
working-directory: php/examples/VaasExample | |
- name: run example (scan file) | |
env: | |
SCAN_PATH: "GetVerdictByFile.php" | |
run: php GetVerdictByFile.php | |
working-directory: php/examples/VaasExample | |
- name: run example (scan url) | |
run: php GetVerdictByUrl.php | |
working-directory: php/examples/VaasExample | |
- name: run example (scan hash) | |
run: php GetVerdictByHash.php | |
working-directory: php/examples/VaasExample | |
- name: Microsoft Teams Notification | |
uses: skitionek/notify-microsoft-teams@master | |
if: failure() | |
with: | |
webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }} | |
title: "`Failed workflow on for VaaS-SDK ${workflow}`" | |
job: ${{ toJson(job) }} | |
steps: ${{ toJson(steps) }} | |
deploy: | |
needs: build-php | |
name: deploy new php version | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: debug output | |
run: echo ${{github.ref}} | |
- name: extract version | |
if: startsWith(github.ref, 'refs/tags/php') | |
run: | | |
echo "RELEASE_VERSION=${GITHUB_REF#refs/*/php}" >> $GITHUB_ENV | |
echo $RELEASE_VERSION | |
- name: checkout | |
if: startsWith(github.ref, 'refs/tags/php') | |
uses: actions/checkout@v4 | |
- name: publish on site repo | |
if: startsWith(github.ref, 'refs/tags/php') | |
env: | |
GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} | |
working-directory: php/src/vaas | |
run: | | |
git config --global user.email "[email protected]" | |
git config --global user.name "Version Bot" | |
sed -i "s/\"version\": \"[0-9]\+\.[0-9]\+\.[0-9]\+\"/\"version\": \"$RELEASE_VERSION\"/g" ./composer.json | |
cp ../../../Readme.md . | |
git init | |
git add . | |
git commit -m"publish php $RELEASE_VERSION" | |
git branch -M main | |
git tag v$RELEASE_VERSION | |
git remote add origin https://ata-no-one:[email protected]/GDATASoftwareAG/vaas-php | |
git push origin main --tags --force | |
- name: sync packagist | |
if: startsWith(github.ref, 'refs/tags/php') | |
env: | |
PACKAGIST_API_TOKEN: ${{ secrets.PACKAGIST_API_TOKEN }} | |
run: curl -XPOST -H'content-type:application/json' "https://packagist.org/api/update-package?username=gdatacyberdefense&apiToken=$PACKAGIST_API_TOKEN" -d'{"repository":{"url":"https://packagist.org/packages/gdata/vaas"}}' | |
- name: Microsoft Teams Notification | |
uses: skitionek/notify-microsoft-teams@master | |
if: failure() | |
with: | |
webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }} | |
title: "`Failed codeql on for VaaS-SDK ${workflow}`" | |
job: ${{ toJson(job) }} | |
steps: ${{ toJson(steps) }} |