build #285
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| push: | |
| branches: ['main'] | |
| pull_request: | |
| branches: ['main'] | |
| schedule: | |
| # Run this workflow at 4 AM UTC every day. | |
| - cron: '0 4 * * *' | |
| workflow_dispatch: | |
| env: | |
| COMPOSER_FLAGS: "--ansi --no-interaction --no-progress --prefer-dist --optimize-autoloader" | |
| jobs: | |
| fixture: | |
| name: Generate test fixture | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 1 | |
| - uses: actions/checkout@v2 | |
| with: | |
| repository: php-tuf/php-tuf | |
| ref: main | |
| path: php-tuf | |
| fetch-depth: 1 | |
| - name: Copy Pipfile from PHP-TUF | |
| run: | | |
| cp -f php-tuf/Pipfile* . | |
| - id: cache-pip | |
| uses: actions/cache@v2 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-pip-${{ hashFiles('**/Pipfile.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip- | |
| - id: cache-pipenv | |
| uses: actions/cache@v2 | |
| with: | |
| path: ~/.local/share/virtualenvs | |
| key: ${{ runner.os }}-pipenv-${{ hashFiles('**/Pipfile.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pipenv- | |
| - name: Set up Python 3.9 | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: 3.9 | |
| - name: Install pip/pipenv | |
| run: | | |
| python -m pip install --upgrade pip | |
| python -m pip install --upgrade pipenv | |
| - name: Install dependencies via pipenv | |
| run: | | |
| if [ -f Pipfile.lock ]; then pipenv install; fi | |
| - name: Generate fixtures | |
| run: | | |
| pipenv run python generate.py | |
| mkdir -p ./test-project/tuf | |
| cp -f ./metadata/root.json ./test-project/tuf/localhost.json | |
| tar -c -z -f fixture.tar.gz metadata ./test-project/tuf/localhost.json | |
| - name: Store fixtures as artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: fixture | |
| path: fixture.tar.gz | |
| retention-days: 5 | |
| test: | |
| name: Test on ${{ matrix.operating-system }} with Composer ${{ matrix.composer }} and PHP ${{ matrix.php }} | |
| needs: fixture | |
| runs-on: ${{ matrix.operating-system }} | |
| strategy: | |
| fail-fast: false | |
| max-parallel: 10 | |
| matrix: | |
| operating-system: [ubuntu-latest, macos-latest, windows-latest] | |
| php: ['8.0', '8.1', '8.2'] | |
| composer: [2, 2.2] | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 1 | |
| - name: Install PHP and Composer 2 | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: ${{ matrix.php }} | |
| tools: composer:v${{ matrix.composer }} | |
| extensions: sodium, json | |
| - name: Install dependencies | |
| run: | | |
| composer config github-oauth.github.com ${{ secrets.GITHUB_TOKEN }} | |
| composer install ${{ env.COMPOSER_FLAGS }} | |
| - name: Download fixture | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: fixture | |
| - name: Extract fixture | |
| run: tar -x -v -f fixture.tar.gz | |
| - name: Start PHP server and run tests | |
| run: | | |
| php -S localhost:8080 & | |
| vendor/bin/phpunit ./tests --debug | |
| - name: Check dependencies for known security vulnerabilities (legacy) | |
| if: matrix.composer == 2.2 | |
| run: composer require --update-with-all-dependencies roave/security-advisories:dev-latest | |
| - name: Check dependencies for known security vulnerabilities | |
| if: matrix.composer == 2 | |
| run: 'composer audit' |