Rework Authentication into separate services #1012
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This file lints the code, runs tests, builds a package and then deploys it. | |
# The following secrets need to be set: | |
# - “CLOUDSMITH_API_KEY” for pushing built package to Cloudsmith | |
# - “CACHIX_AUTH_TOKEN” for uploading built Nix packages to Cachix | |
name: CI | |
on: | |
pull_request: | |
push: | |
env: | |
COMPOSER_FLAGS: "--ansi --no-interaction --no-progress --no-suggest --prefer-dist" | |
jobs: | |
tests: | |
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
# Other backends run only for single PHP version to reduce the CI costs. | |
storage: | |
- 'sqlite' | |
php: | |
- '8.4' | |
- '8.3' | |
- '8.2' | |
- '8.1' | |
- '8.0' | |
- '7.4' | |
include: | |
- php: '7.4' | |
phpstan: true | |
# These should be the same no matter the PHP version. | |
lint: true | |
- php: '8.2' | |
storage: mysql | |
- php: '8.2' | |
storage: postgresql | |
name: 'Check with PHP ${{ matrix.php }} and ${{ matrix.storage }} storage backend' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install Nix | |
uses: cachix/install-nix-action@v27 | |
- name: Set up Nix cache | |
uses: cachix/cachix-action@v15 | |
with: | |
name: fossar | |
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- name: Update flake.nix to match the current CI job from matrix | |
run: | | |
sed -i 's/matrix.phpPackage = "php";/matrix.phpPackage = builtins.replaceStrings ["."] [""] "php${{ matrix.php }}";/' flake.nix | |
sed -i 's/matrix.storage = "all";/matrix.storage = "${{ matrix.storage }}";/' flake.nix | |
- name: Cache Node modules | |
uses: actions/cache@v4 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- name: Get Composer Cache Directory | |
id: composer-cache | |
run: | | |
echo "dir=$(composer config cache-files-dir)" >> "$GITHUB_OUTPUT" | |
- uses: actions/cache@v4 | |
with: | |
path: ${{ steps.composer-cache.outputs.dir }} | |
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} | |
restore-keys: | | |
${{ runner.os }}-composer- | |
- name: Install dependencies | |
run: nix-shell -A ci --run 'npm run install-dependencies' | |
- name: Check front-end code | |
if: matrix.lint | |
run: nix-shell -A ci --run 'npm run check:client' | |
- name: Check syntax of back-end code | |
run: nix-shell -A ci --run 'npm run check:server:lint' | |
- name: Lint back-end code | |
if: matrix.lint | |
run: nix-shell -A ci --run 'npm run check:server:cs' | |
- name: Lint helper code | |
if: matrix.lint | |
run: nix-shell -A ci --run 'npm run check:helpers:cs' | |
- name: Run unit tests | |
run: nix-shell -A ci --run 'npm run test:server' | |
- name: Analyse back-end code | |
if: matrix.phpstan | |
run: nix-shell -A ci --run 'npm run check:server:phpstan' | |
- name: Run integration tests | |
run: SELFOSS_TEST_STORAGE_BACKEND=${{ matrix.storage }} nix-shell -A ci --run 'npm run test:integration' | |
deploy: | |
name: 'Upload artefacts' | |
runs-on: ubuntu-22.04 | |
needs: | |
- tests | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install Nix | |
uses: cachix/install-nix-action@v27 | |
- name: Set up Nix cache | |
uses: cachix/cachix-action@v15 | |
with: | |
name: fossar | |
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- name: Cache Node modules | |
uses: actions/cache@v4 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- name: Get Composer Cache Directory | |
id: composer-cache | |
run: | | |
echo "dir=$(composer config cache-files-dir)" >> "$GITHUB_OUTPUT" | |
- uses: actions/cache@v4 | |
with: | |
path: ${{ steps.composer-cache.outputs.dir }} | |
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} | |
restore-keys: | | |
${{ runner.os }}-composer- | |
- name: Build a zipball | |
id: zipball | |
run: | | |
nix-shell -A ci --run 'npm run dist' | |
echo "file_name=$(echo selfoss-*.zip)" >> "$GITHUB_OUTPUT" | |
echo "version=$(echo selfoss-*.zip | sed -e 's/^selfoss-//' -e 's/\.zip$//')" >> "$GITHUB_OUTPUT" | |
- name: Upload the zipball to GitHub | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ steps.zipball.outputs.file_name }} | |
if-no-files-found: error | |
path: ${{ steps.zipball.outputs.file_name }} | |
- name: Upload the zipball to Cloudsmith | |
uses: cloudsmith-io/[email protected] | |
if: github.event_name == 'push' && github.ref == 'refs/heads/master' | |
with: | |
api-key: ${{ secrets.CLOUDSMITH_API_KEY }} | |
command: "push" | |
format: "raw" | |
owner: "fossar" | |
repo: "selfoss-git" | |
file: ${{ steps.zipball.outputs.file_name }} | |
name: selfoss.zip | |
version: ${{ steps.zipball.outputs.version }} | |
- name: Prepare a changelog | |
run: | | |
echo "changelog_text<<CHANGES_EOF" >> $GITHUB_ENV | |
sed '1,/^## /d;/^## /Q' NEWS.md >> $GITHUB_ENV | |
echo "CHANGES_EOF" >> $GITHUB_ENV | |
- name: Create a release | |
uses: softprops/action-gh-release@v2 | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
body: ${{ env.changelog_text }} | |
files: ${{ steps.zipball.outputs.file_name }} |