Skip to content

Rework Authentication into separate services #1012

Rework Authentication into separate services

Rework Authentication into separate services #1012

Workflow file for this run

# This file lints the code, runs tests, builds a package and then deploys it.
# The following secrets need to be set:
# - “CLOUDSMITH_API_KEY” for pushing built package to Cloudsmith
# - “CACHIX_AUTH_TOKEN” for uploading built Nix packages to Cachix
name: CI
on:
pull_request:
push:
env:
COMPOSER_FLAGS: "--ansi --no-interaction --no-progress --no-suggest --prefer-dist"
jobs:
tests:
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ubuntu-22.04
strategy:
matrix:
# Other backends run only for single PHP version to reduce the CI costs.
storage:
- 'sqlite'
php:
- '8.4'
- '8.3'
- '8.2'
- '8.1'
- '8.0'
- '7.4'
include:
- php: '7.4'
phpstan: true
# These should be the same no matter the PHP version.
lint: true
- php: '8.2'
storage: mysql
- php: '8.2'
storage: postgresql
name: 'Check with PHP ${{ matrix.php }} and ${{ matrix.storage }} storage backend'
steps:
- uses: actions/checkout@v4
- name: Install Nix
uses: cachix/install-nix-action@v27
- name: Set up Nix cache
uses: cachix/cachix-action@v15
with:
name: fossar
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Update flake.nix to match the current CI job from matrix
run: |
sed -i 's/matrix.phpPackage = "php";/matrix.phpPackage = builtins.replaceStrings ["."] [""] "php${{ matrix.php }}";/' flake.nix
sed -i 's/matrix.storage = "all";/matrix.storage = "${{ matrix.storage }}";/' flake.nix
- name: Cache Node modules
uses: actions/cache@v4
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Get Composer Cache Directory
id: composer-cache
run: |
echo "dir=$(composer config cache-files-dir)" >> "$GITHUB_OUTPUT"
- uses: actions/cache@v4
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-composer-
- name: Install dependencies
run: nix-shell -A ci --run 'npm run install-dependencies'
- name: Check front-end code
if: matrix.lint
run: nix-shell -A ci --run 'npm run check:client'
- name: Check syntax of back-end code
run: nix-shell -A ci --run 'npm run check:server:lint'
- name: Lint back-end code
if: matrix.lint
run: nix-shell -A ci --run 'npm run check:server:cs'
- name: Lint helper code
if: matrix.lint
run: nix-shell -A ci --run 'npm run check:helpers:cs'
- name: Run unit tests
run: nix-shell -A ci --run 'npm run test:server'
- name: Analyse back-end code
if: matrix.phpstan
run: nix-shell -A ci --run 'npm run check:server:phpstan'
- name: Run integration tests
run: SELFOSS_TEST_STORAGE_BACKEND=${{ matrix.storage }} nix-shell -A ci --run 'npm run test:integration'
deploy:
name: 'Upload artefacts'
runs-on: ubuntu-22.04
needs:
- tests
steps:
- uses: actions/checkout@v4
- name: Install Nix
uses: cachix/install-nix-action@v27
- name: Set up Nix cache
uses: cachix/cachix-action@v15
with:
name: fossar
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Cache Node modules
uses: actions/cache@v4
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Get Composer Cache Directory
id: composer-cache
run: |
echo "dir=$(composer config cache-files-dir)" >> "$GITHUB_OUTPUT"
- uses: actions/cache@v4
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-composer-
- name: Build a zipball
id: zipball
run: |
nix-shell -A ci --run 'npm run dist'
echo "file_name=$(echo selfoss-*.zip)" >> "$GITHUB_OUTPUT"
echo "version=$(echo selfoss-*.zip | sed -e 's/^selfoss-//' -e 's/\.zip$//')" >> "$GITHUB_OUTPUT"
- name: Upload the zipball to GitHub
uses: actions/upload-artifact@v4
with:
name: ${{ steps.zipball.outputs.file_name }}
if-no-files-found: error
path: ${{ steps.zipball.outputs.file_name }}
- name: Upload the zipball to Cloudsmith
uses: cloudsmith-io/[email protected]
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
with:
api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
command: "push"
format: "raw"
owner: "fossar"
repo: "selfoss-git"
file: ${{ steps.zipball.outputs.file_name }}
name: selfoss.zip
version: ${{ steps.zipball.outputs.version }}
- name: Prepare a changelog
run: |
echo "changelog_text<<CHANGES_EOF" >> $GITHUB_ENV
sed '1,/^## /d;/^## /Q' NEWS.md >> $GITHUB_ENV
echo "CHANGES_EOF" >> $GITHUB_ENV
- name: Create a release
uses: softprops/action-gh-release@v2
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
body: ${{ env.changelog_text }}
files: ${{ steps.zipball.outputs.file_name }}