ci: Fix the release workflow permissions #1425
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: End-to-End Tests | |
on: | |
push: | |
branches: [ main ] | |
pull_request: ~ | |
schedule: | |
# Do not make it the first of the month and/or midnight since it is a very busy time | |
- cron: "* 10 5 * *" | |
release: | |
types: [ created ] | |
# See https://stackoverflow.com/a/72408109 | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
env: | |
POLLING_INTERVALS_SEC: 30 | |
SLEEP_TIME_SEC: 60s | |
TERM: xterm | |
jobs: | |
wait-for-phar-and-docker-images: | |
runs-on: ubuntu-latest | |
name: Wait for the PHAR & Docker images | |
steps: | |
# Reduce the amount polling done without increasing the polling internal too much. | |
- name: Sleep | |
run: sleep ${{ env.SLEEP_TIME_SEC }} | |
shell: bash | |
# I could not make this workflow work with a on.workflow_run. Hence instead of adding this | |
# wait step for _every_ e2e job, which will block more runners, we wait in one and only one | |
# runner. | |
- name: Wait for the PHAR to be built | |
uses: fountainhead/[email protected] | |
with: | |
checkName: Build PHAR | |
ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
intervalSeconds: ${{ env.POLLING_INTERVALS_SEC }} | |
- name: Wait for the Docker images to be pushed | |
uses: fountainhead/[email protected] | |
with: | |
checkName: Docker status | |
ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
intervalSeconds: ${{ env.POLLING_INTERVALS_SEC }} | |
e2e-tests: | |
runs-on: ubuntu-latest | |
name: Test ${{ matrix.e2e }} (PHP ${{ matrix.php }}, ${{ matrix.tools }}) | |
needs: wait-for-phar-and-docker-images | |
strategy: | |
fail-fast: false | |
matrix: | |
e2e: | |
- e2e_scoper_alias | |
- e2e_scoper_expose_symbols | |
- e2e_symfony | |
- e2e_symfony_runtime | |
- e2e_composer_installed_versions | |
- e2e_phpstorm_stubs | |
- e2e_dockerfile | |
- e2e_dockerfile_no_extension | |
- e2e_custom_composer_bin | |
- e2e_reproducible_build | |
php: [ '8.2', '8.3' ] | |
tools: | |
- 'composer:2.2' | |
- 'composer:2.3' | |
- 'composer:2.4' | |
- 'composer' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup PHP | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: ${{ matrix.php }} | |
ini-values: phar.readonly=0, display_errors=On, error_reporting=-1 | |
tools: ${{ matrix.tools }} | |
coverage: pcov | |
- name: Allow Composer installation on future PHP versions | |
if: ${{ matrix.php == '8.3' }} | |
run: echo "COMPOSER_IGNORE_PLATFORM_REQ=--ignore-platform-req=php+" >> "$GITHUB_ENV" | |
# We cannot use the regular actions/download-artifact here since the artifact is stored | |
# in a different workflow. | |
# See https://github.com/actions/download-artifact/issues/172 | |
- name: Retrieve built PHAR | |
uses: dawidd6/action-download-artifact@v2 | |
with: | |
github_token: ${{secrets.GITHUB_TOKEN}} | |
workflow: release.yaml | |
check_artifacts: true | |
name: box-phar | |
# The original target is for the publishing, which is different from the internal name used. | |
- name: Ensure the make target is up to date | |
run: | | |
mkdir -p vendor | |
mv -vf box.phar bin/box.phar | |
touch -c bin/box.phar | |
# See https://github.com/actions/download-artifact#limitations | |
# the permissions are not guaranteed to be preserved | |
- name: Ensure PHAR is executable | |
run: chmod 755 bin/box.phar | |
- name: Check that the PHAR works | |
run: bin/box.phar --ansi --version | |
- run: make ${{ matrix.e2e }} | |
e2e-tests-docker: | |
runs-on: ubuntu-latest | |
name: Test ${{ matrix.e2e }} | |
needs: wait-for-phar-and-docker-images | |
strategy: | |
fail-fast: false | |
matrix: | |
e2e: | |
- _e2e_php_settings_checker_no_restart | |
- _e2e_php_settings_checker_xdebug_enabled | |
- _e2e_php_settings_checker_readonly_enabled | |
- _e2e_php_settings_checker_memory_limit_lower | |
- _e2e_php_settings_checker_memory_limit_higher | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup PHP | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: '8.2' | |
ini-values: phar.readonly=0, display_errors=On, error_reporting=-1 | |
tools: composer | |
coverage: pcov | |
# We cannot use the regular actions/download-artifact here since the artifact is stored | |
# in a different workflow. | |
# See https://github.com/actions/download-artifact/issues/172 | |
- name: Retrieve built PHAR | |
uses: dawidd6/action-download-artifact@v2 | |
with: | |
github_token: ${{secrets.GITHUB_TOKEN}} | |
workflow: release.yaml | |
check_artifacts: true | |
name: box-phar | |
# The original target is for the publishing, which is different from the internal name used. | |
- name: Ensure the make target is up to date | |
run: | | |
mkdir -p vendor | |
mv -vf box.phar bin/box.phar | |
touch -c bin/box.phar | |
# See https://github.com/actions/download-artifact#limitations | |
# the permissions are not guaranteed to be preserved | |
- name: Ensure PHAR is executable | |
run: chmod 755 bin/box.phar | |
- name: Check that the PHAR works | |
run: bin/box.phar --ansi --version | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Pull the docker image | |
run: | | |
docker pull ghcr.io/box-project/box_php82 | |
docker pull ghcr.io/box-project/box_php82_xdebug | |
- run: make ${{ matrix.e2e }} | |
# This is a "trick", a meta task which does not change, and we can use in | |
# the protected branch rules as opposed to the tests one above which | |
# may change regularly. | |
validate-tests: | |
name: E2E tests status | |
runs-on: ubuntu-latest | |
needs: | |
- e2e-tests | |
- e2e-tests-docker | |
if: always() | |
steps: | |
- name: Successful run | |
if: ${{ !(contains(needs.*.result, 'failure')) }} | |
run: exit 0 | |
- name: Failing run | |
if: ${{ contains(needs.*.result, 'failure') }} | |
run: exit 1 |