Skip to content

ci: Fix the release workflow permissions #1425

ci: Fix the release workflow permissions

ci: Fix the release workflow permissions #1425

Workflow file for this run

name: End-to-End Tests
on:
push:
branches: [ main ]
pull_request: ~
schedule:
# Do not make it the first of the month and/or midnight since it is a very busy time
- cron: "* 10 5 * *"
release:
types: [ created ]
# See https://stackoverflow.com/a/72408109
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
POLLING_INTERVALS_SEC: 30
SLEEP_TIME_SEC: 60s
TERM: xterm
jobs:
wait-for-phar-and-docker-images:
runs-on: ubuntu-latest
name: Wait for the PHAR & Docker images
steps:
# Reduce the amount polling done without increasing the polling internal too much.
- name: Sleep
run: sleep ${{ env.SLEEP_TIME_SEC }}
shell: bash
# I could not make this workflow work with a on.workflow_run. Hence instead of adding this
# wait step for _every_ e2e job, which will block more runners, we wait in one and only one
# runner.
- name: Wait for the PHAR to be built
uses: fountainhead/[email protected]
with:
checkName: Build PHAR
ref: ${{ github.event.pull_request.head.sha || github.sha }}
token: ${{ secrets.GITHUB_TOKEN }}
intervalSeconds: ${{ env.POLLING_INTERVALS_SEC }}
- name: Wait for the Docker images to be pushed
uses: fountainhead/[email protected]
with:
checkName: Docker status
ref: ${{ github.event.pull_request.head.sha || github.sha }}
token: ${{ secrets.GITHUB_TOKEN }}
intervalSeconds: ${{ env.POLLING_INTERVALS_SEC }}
e2e-tests:
runs-on: ubuntu-latest
name: Test ${{ matrix.e2e }} (PHP ${{ matrix.php }}, ${{ matrix.tools }})
needs: wait-for-phar-and-docker-images
strategy:
fail-fast: false
matrix:
e2e:
- e2e_scoper_alias
- e2e_scoper_expose_symbols
- e2e_symfony
- e2e_symfony_runtime
- e2e_composer_installed_versions
- e2e_phpstorm_stubs
- e2e_dockerfile
- e2e_dockerfile_no_extension
- e2e_custom_composer_bin
- e2e_reproducible_build
php: [ '8.2', '8.3' ]
tools:
- 'composer:2.2'
- 'composer:2.3'
- 'composer:2.4'
- 'composer'
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php }}
ini-values: phar.readonly=0, display_errors=On, error_reporting=-1
tools: ${{ matrix.tools }}
coverage: pcov
- name: Allow Composer installation on future PHP versions
if: ${{ matrix.php == '8.3' }}
run: echo "COMPOSER_IGNORE_PLATFORM_REQ=--ignore-platform-req=php+" >> "$GITHUB_ENV"
# We cannot use the regular actions/download-artifact here since the artifact is stored
# in a different workflow.
# See https://github.com/actions/download-artifact/issues/172
- name: Retrieve built PHAR
uses: dawidd6/action-download-artifact@v2
with:
github_token: ${{secrets.GITHUB_TOKEN}}
workflow: release.yaml
check_artifacts: true
name: box-phar
# The original target is for the publishing, which is different from the internal name used.
- name: Ensure the make target is up to date
run: |
mkdir -p vendor
mv -vf box.phar bin/box.phar
touch -c bin/box.phar
# See https://github.com/actions/download-artifact#limitations
# the permissions are not guaranteed to be preserved
- name: Ensure PHAR is executable
run: chmod 755 bin/box.phar
- name: Check that the PHAR works
run: bin/box.phar --ansi --version
- run: make ${{ matrix.e2e }}
e2e-tests-docker:
runs-on: ubuntu-latest
name: Test ${{ matrix.e2e }}
needs: wait-for-phar-and-docker-images
strategy:
fail-fast: false
matrix:
e2e:
- _e2e_php_settings_checker_no_restart
- _e2e_php_settings_checker_xdebug_enabled
- _e2e_php_settings_checker_readonly_enabled
- _e2e_php_settings_checker_memory_limit_lower
- _e2e_php_settings_checker_memory_limit_higher
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.2'
ini-values: phar.readonly=0, display_errors=On, error_reporting=-1
tools: composer
coverage: pcov
# We cannot use the regular actions/download-artifact here since the artifact is stored
# in a different workflow.
# See https://github.com/actions/download-artifact/issues/172
- name: Retrieve built PHAR
uses: dawidd6/action-download-artifact@v2
with:
github_token: ${{secrets.GITHUB_TOKEN}}
workflow: release.yaml
check_artifacts: true
name: box-phar
# The original target is for the publishing, which is different from the internal name used.
- name: Ensure the make target is up to date
run: |
mkdir -p vendor
mv -vf box.phar bin/box.phar
touch -c bin/box.phar
# See https://github.com/actions/download-artifact#limitations
# the permissions are not guaranteed to be preserved
- name: Ensure PHAR is executable
run: chmod 755 bin/box.phar
- name: Check that the PHAR works
run: bin/box.phar --ansi --version
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Pull the docker image
run: |
docker pull ghcr.io/box-project/box_php82
docker pull ghcr.io/box-project/box_php82_xdebug
- run: make ${{ matrix.e2e }}
# This is a "trick", a meta task which does not change, and we can use in
# the protected branch rules as opposed to the tests one above which
# may change regularly.
validate-tests:
name: E2E tests status
runs-on: ubuntu-latest
needs:
- e2e-tests
- e2e-tests-docker
if: always()
steps:
- name: Successful run
if: ${{ !(contains(needs.*.result, 'failure')) }}
run: exit 0
- name: Failing run
if: ${{ contains(needs.*.result, 'failure') }}
run: exit 1