Skip to content

::roles() limit to those current user can create #8791

::roles() limit to those current user can create

::roles() limit to those current user can create #8791

Workflow file for this run

# To upgrade pinned actions: Use https://github.com/mheap/pin-github-action
name: CI - Backend
on:
push:
branches-ignore:
- "main"
- "release/**"
paths:
- "**"
- "!.github/**"
- ".github/workflows/backend.yml"
- "!.tx/**"
- "!.vscode/**"
- "!assets/**"
- "!panel/**"
- "!scripts/**"
pull_request:
branches-ignore:
- "main"
- "release/**"
paths:
- "**"
- "!.github/**"
- ".github/workflows/backend.yml"
- "!.tx/**"
- "!.vscode/**"
- "!assets/**"
- "!panel/**"
- "!scripts/**"
workflow_call:
workflow_dispatch:
jobs:
tests:
name: "Unit tests - PHP ${{ matrix.php }}"
# run job only under the following conditions:
# - can be triggered manually from any repository
# - if on pull request, only run if from a fork
# (our own repo is covered by the push event)
# - if on push, only run CI automatically for the
# main getkirby/kirby repo and for forks
if: >
github.event_name == 'workflow_dispatch' ||
(
github.event_name == 'pull_request' &&
github.event.pull_request.head.repo.full_name != github.repository
) ||
(
github.event_name == 'push' &&
(github.repository == 'getkirby/kirby' || github.repository_owner != 'getkirby')
)
runs-on: ubuntu-latest
timeout-minutes: 5
strategy:
matrix:
php: [ "8.1", "8.2", "8.3" ]
env:
extensions: mbstring, ctype, curl, gd, apcu, memcached
ini: apc.enabled=1, apc.enable_cli=1, pcov.directory=., "pcov.exclude=\"~(vendor|tests)~\""
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
with:
fetch-depth: 2
- name: Preparations
run: mkdir sarif
- name: Install memcached
uses: niden/actions-memcached@3b3ecd9d0d035ea92db716dc1540a7dbe9e56349 # pin@v7
- name: Install system locales
run: sudo apt-get update && sudo apt-get install -y locales-all
- name: Setup PHP cache environment
id: ext-cache
uses: shivammathur/cache-extensions@f9643262bed1015eb7bfad95e63378b23bc2d319 # pin@v1
with:
php-version: ${{ matrix.php }}
extensions: ${{ env.extensions }}
key: php-v1
- name: Cache PHP extensions
uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # pin@v3
with:
path: ${{ steps.ext-cache.outputs.dir }}
key: ${{ steps.ext-cache.outputs.key }}
restore-keys: ${{ steps.ext-cache.outputs.key }}
- name: Setup PHP environment
uses: shivammathur/setup-php@6d7209f44a25a59e904b1ee9f3b0c33ab2cd888d # pin@v2
with:
php-version: ${{ matrix.php }}
extensions: ${{ env.extensions }}
ini-values: ${{ env.ini }}
coverage: pcov
tools: phpunit:10.5.5, psalm:5.20.0
- name: Setup problem matchers
run: |
echo "::add-matcher::${{ runner.tool_cache }}/php.json"
echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
- name: Cache analysis data
id: finishPrepare
uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # pin@v3
with:
path: ~/.cache/psalm
key: backend-analysis-${{ matrix.php }}
- name: Check Composer platform requirements
if: always() && steps.finishPrepare.outcome == 'success'
run: composer check-platform-reqs
- name: Run tests
if: always() && steps.finishPrepare.outcome == 'success'
run: phpunit --fail-on-skipped --coverage-clover ${{ github.workspace }}/clover.xml
- name: Statically analyze using Psalm
if: always() && steps.finishPrepare.outcome == 'success'
run: psalm --output-format=github --php-version=${{ matrix.php }} --report=sarif/psalm.sarif --report-show-info=false
- name: Upload coverage results to Codecov
env:
token: ${{ secrets.CODECOV_TOKEN }}
PHP: ${{ matrix.php }}
if: env.token != ''
uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # pin@v3
with:
token: ${{ secrets.CODECOV_TOKEN }} # for better reliability if the GitHub API is down
fail_ci_if_error: true
files: ${{ github.workspace }}/clover.xml
flags: backend
env_vars: PHP
- name: Upload code scanning results to GitHub
if: always() && steps.finishPrepare.outcome == 'success' && github.repository == 'getkirby/kirby'
uses: github/codeql-action/upload-sarif@4a8f20f6b9b5114f354129a1e2f391d75bfd640a # pin@v2
with:
sarif_file: sarif
analysis:
name: "Code Quality"
# run job only under the following conditions:
# - can be triggered manually from any repository
# - if on pull request, only run if from a fork
# (our own repo is covered by the push event)
# - if on push, only run CI automatically for the
# main getkirby/kirby repo and for forks
if: >
github.event_name == 'workflow_dispatch' ||
(
github.event_name == 'pull_request' &&
github.event.pull_request.head.repo.full_name != github.repository
) ||
(
github.event_name == 'push' &&
(github.repository == 'getkirby/kirby' || github.repository_owner != 'getkirby')
)
runs-on: ubuntu-latest
timeout-minutes: 5
env:
php: "8.1"
extensions: mbstring, ctype, curl, gd, apcu, memcached
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
- name: Preparations
run: mkdir sarif
- name: Setup PHP cache environment
id: ext-cache
uses: shivammathur/cache-extensions@f9643262bed1015eb7bfad95e63378b23bc2d319 # pin@v1
with:
php-version: ${{ env.php }}
extensions: ${{ env.extensions }}
key: php-analysis-v1
- name: Cache PHP extensions
uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # pin@v3
with:
path: ${{ steps.ext-cache.outputs.dir }}
key: ${{ steps.ext-cache.outputs.key }}
restore-keys: ${{ steps.ext-cache.outputs.key }}
- name: Setup PHP environment
id: finishPrepare
uses: shivammathur/setup-php@6d7209f44a25a59e904b1ee9f3b0c33ab2cd888d # pin@v2
with:
php-version: ${{ env.php }}
extensions: ${{ env.extensions }}
coverage: none
tools: |
composer:2.4.4, composer-normalize:2.28.3, composer-require-checker:4.1.0,
composer-unused:0.7.12, phpmd:2.13.0
- name: Validate composer.json/composer.lock
if: always() && steps.finishPrepare.outcome == 'success'
run: composer validate --strict --no-check-version --no-check-all
- name: Ensure that composer.json is normalized
if: always() && steps.finishPrepare.outcome == 'success'
run: composer-normalize --dry-run
- name: Check for unused Composer dependencies
if: always() && steps.finishPrepare.outcome == 'success'
run: composer-unused --no-progress
- name: Statically analyze using PHPMD
if: always() && steps.finishPrepare.outcome == 'success'
run: phpmd . github phpmd.xml.dist --exclude 'dependencies/*,tests/*,vendor/*' --reportfile-sarif sarif/phpmd.sarif
- name: Upload code scanning results to GitHub
if: always() && steps.finishPrepare.outcome == 'success' && github.repository == 'getkirby/kirby'
uses: github/codeql-action/upload-sarif@4a8f20f6b9b5114f354129a1e2f391d75bfd640a # pin@v2
with:
sarif_file: sarif
coding-style:
name: "Coding Style"
# run job only under the following conditions:
# - can be triggered manually from any repository
# - if on pull request, only run if from a fork
# (our own repo is covered by the push event)
# - if on push, only run CI automatically for the
# main getkirby/kirby repo and for forks
if: >
github.event_name == 'workflow_dispatch' ||
(
github.event_name == 'pull_request' &&
github.event.pull_request.head.repo.full_name != github.repository
) ||
(
github.event_name == 'push' &&
(github.repository == 'getkirby/kirby' || github.repository_owner != 'getkirby')
)
runs-on: ubuntu-latest
timeout-minutes: 5
env:
php: "8.1"
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
- name: Setup PHP environment
uses: shivammathur/setup-php@6d7209f44a25a59e904b1ee9f3b0c33ab2cd888d # pin@v2
with:
php-version: ${{ env.php }}
coverage: none
tools: php-cs-fixer:3.13.0
- name: Cache analysis data
id: finishPrepare
uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # pin@v3
with:
path: ~/.php-cs-fixer
key: coding-style
- name: Check for PHP coding style violations
if: always() && steps.finishPrepare.outcome == 'success'
run: php-cs-fixer fix --diff --dry-run