Skip to content

vaas-php-ci

vaas-php-ci #621

Workflow file for this run

name: vaas-php-ci
on:
push:
branches:
- main
paths:
- "php/**"
- ".github/workflows/ci-php.yaml"
tags:
- "php*"
pull_request:
branches:
- main
paths:
- "php/**"
- ".github/workflows/ci-php.yaml"
workflow_dispatch:
inputs:
environment:
type: choice
description: "Test environment"
options:
- production
- staging
- develop
default: "production"
env:
CLIENT_ID: ${{ secrets.CLIENT_ID }}
CLIENT_SECRET: ${{secrets.CLIENT_SECRET}}
VAAS_URL: "wss://gateway.production.vaas.gdatasecurity.de"
TOKEN_URL: "https://account.gdata.de/realms/vaas-production/protocol/openid-connect/token"
VAAS_CLIENT_ID: ${{ secrets.VAAS_CLIENT_ID }}
VAAS_USER_NAME: ${{ secrets.VAAS_USER_NAME }}
VAAS_PASSWORD: ${{secrets.VAAS_PASSWORD}}
jobs:
build-php:
name: Build & Test PHP SDK
runs-on: ubuntu-22.04
strategy:
matrix:
version: ["8.1", "8.2", "8.3"]
steps:
- name: checkout
uses: actions/checkout@v4
- name: Scan for Viruses
uses: ./.github/actions/vaas-scan-action
with:
VAAS_CLIENT_ID: ${{ secrets.VAAS_SCAN_CLIENT_ID }}
VAAS_CLIENT_SECRET: ${{ secrets.VAAS_SCAN_CLIENT_SECRET }}
- name: set staging environment
if: (inputs.environment == 'staging' || (startsWith(github.ref, 'refs/tags/php') && endsWith(github.ref, '-beta')))
run: |
echo "CLIENT_ID=${{ secrets.STAGING_CLIENT_ID }}" >> $GITHUB_ENV
echo "CLIENT_SECRET=${{ secrets.STAGING_CLIENT_SECRET }}" >> $GITHUB_ENV
echo "VAAS_URL=wss://gateway.staging.vaas.gdatasecurity.de" >> $GITHUB_ENV
echo "TOKEN_URL=https://account-staging.gdata.de/realms/vaas-staging/protocol/openid-connect/token" >> $GITHUB_ENV
echo "VAAS_CLIENT_ID=${{ secrets.STAGING_VAAS_CLIENT_ID }}" >> $GITHUB_ENV
echo "VAAS_USER_NAME=${{ secrets.STAGING_VAAS_USER_NAME }}" >> $GITHUB_ENV
echo "VAAS_PASSWORD=${{ secrets.STAGING_VAAS_PASSWORD }}" >> $GITHUB_ENV
- name: set develop environment
if: (inputs.environment == 'develop' || (startsWith(github.ref, 'refs/tags/php') && endsWith(github.ref, '-alpha')))
run: |
echo "CLIENT_ID=${{ secrets.DEVELOP_CLIENT_ID }}" >> $GITHUB_ENV
echo "CLIENT_SECRET=${{ secrets.DEVELOP_CLIENT_SECRET }}" >> $GITHUB_ENV
echo "VAAS_URL=wss://gateway.develop.vaas.gdatasecurity.de" >> $GITHUB_ENV
echo "TOKEN_URL=https://account-staging.gdata.de/realms/vaas-develop/protocol/openid-connect/token" >> $GITHUB_ENV
echo "VAAS_CLIENT_ID=${{ secrets.DEVELOP_VAAS_CLIENT_ID }}" >> $GITHUB_ENV
echo "VAAS_USER_NAME=${{ secrets.DEVELOP_VAAS_USER_NAME }}" >> $GITHUB_ENV
echo "VAAS_PASSWORD=${{ secrets.DEVELOP_VAAS_PASSWORD }}" >> $GITHUB_ENV
- name: setup PHP with PECL extension
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.version }}
- name: install php dependencies
uses: php-actions/composer@v6
with:
working_dir: php/tests/vaas
php_version: ${{ matrix.version }}
- name: run tests
run: ./vendor/bin/phpunit --colors --testdox
working-directory: php/tests/vaas
- name: install example requirements
run: composer install
working-directory: php/examples/VaasExample
- name: run example (scan file)
env:
SCAN_PATH: "GetVerdictByFile.php"
run: php GetVerdictByFile.php
working-directory: php/examples/VaasExample
- name: run example (scan url)
run: php GetVerdictByUrl.php
working-directory: php/examples/VaasExample
- name: run example (scan hash)
run: php GetVerdictByHash.php
working-directory: php/examples/VaasExample
- name: Microsoft Teams Notification
uses: skitionek/notify-microsoft-teams@master
if: failure()
with:
webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }}
title: "`Failed workflow on for VaaS-SDK ${workflow}`"
job: ${{ toJson(job) }}
steps: ${{ toJson(steps) }}
deploy:
needs: build-php
name: deploy new php version
runs-on: ubuntu-22.04
steps:
- name: debug output
run: echo ${{github.ref}}
- name: extract version
if: startsWith(github.ref, 'refs/tags/php')
run: |
echo "RELEASE_VERSION=${GITHUB_REF#refs/*/php}" >> $GITHUB_ENV
echo $RELEASE_VERSION
- name: checkout
if: startsWith(github.ref, 'refs/tags/php')
uses: actions/checkout@v4
- name: publish on site repo
if: startsWith(github.ref, 'refs/tags/php')
env:
GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
working-directory: php/src/vaas
run: |
git config --global user.email "[email protected]"
git config --global user.name "Version Bot"
sed -i "s/\"version\": \"[0-9]\+\.[0-9]\+\.[0-9]\+\"/\"version\": \"$RELEASE_VERSION\"/g" ./composer.json
cp ../../../Readme.md .
git init
git add .
git commit -m"publish php $RELEASE_VERSION"
git branch -M main
git tag v$RELEASE_VERSION
git remote add origin https://ata-no-one:[email protected]/GDATASoftwareAG/vaas-php
git push origin main --tags --force
- name: sync packagist
if: startsWith(github.ref, 'refs/tags/php')
env:
PACKAGIST_API_TOKEN: ${{ secrets.PACKAGIST_API_TOKEN }}
run: curl -XPOST -H'content-type:application/json' "https://packagist.org/api/update-package?username=gdatacyberdefense&apiToken=$PACKAGIST_API_TOKEN" -d'{"repository":{"url":"https://packagist.org/packages/gdata/vaas"}}'
- name: Microsoft Teams Notification
uses: skitionek/notify-microsoft-teams@master
if: failure()
with:
webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }}
title: "`Failed codeql on for VaaS-SDK ${workflow}`"
job: ${{ toJson(job) }}
steps: ${{ toJson(steps) }}