|
21 | 21 | matrix: |
22 | 22 | php: ["8.3"] |
23 | 23 | symfony: ["^5.4.21", "^6.4"] |
24 | | - sylius: ["~1.13.0", "~1.14.0"] |
| 24 | + sylius: ["~1.14.0"] |
25 | 25 | database: ["mysql", "postgres"] |
26 | 26 | mysql: ["8.4"] |
27 | 27 | postgres: ["15.8"] |
|
30 | 30 |
|
31 | 31 | include: |
32 | 32 | - |
33 | | - php: "8.1" |
| 33 | + php: "8.3" |
34 | 34 | symfony: "^6.4" |
35 | 35 | sylius: "~1.14.0" |
36 | 36 | database: "mysql" |
|
39 | 39 | wkhtmltopdf: "0.12.6-1" |
40 | 40 | state_machine_adapter: "symfony_workflow" |
41 | 41 | - |
42 | | - php: "8.2" |
| 42 | + php: "8.3" |
43 | 43 | symfony: "^6.4" |
44 | 44 | sylius: "~1.14.0" |
45 | 45 | database: "mysql" |
|
48 | 48 | wkhtmltopdf: "0.12.6-1" |
49 | 49 | state_machine_adapter: "winzou_state_machine" |
50 | 50 | - |
51 | | - php: "8.2" |
| 51 | + php: "8.3" |
52 | 52 | symfony: "^6.4" |
53 | 53 | sylius: "~1.14.0" |
54 | 54 | database: "mysql" |
@@ -103,14 +103,6 @@ jobs: |
103 | 103 | postgresql version: "${{ matrix.postgres }}" |
104 | 104 | postgresql password: "postgres" |
105 | 105 |
|
106 | | - - |
107 | | - name: Run Chrome Headless |
108 | | - run: google-chrome-stable --enable-automation --disable-background-networking --no-default-browser-check --no-first-run --disable-popup-blocking --disable-default-apps --allow-insecure-localhost --disable-translate --disable-extensions --no-sandbox --enable-features=Metal --headless --remote-debugging-port=9222 --window-size=2880,1800 --proxy-server='direct://' --proxy-bypass-list='*' http://127.0.0.1 > /dev/null 2>&1 & |
109 | | - |
110 | | - - |
111 | | - name: Run webserver |
112 | | - run: (cd tests/Application && symfony server:start --port=8080 --dir=public --daemon) |
113 | | - |
114 | 106 | - |
115 | 107 | name: Get Composer cache directory |
116 | 108 | id: composer-cache |
@@ -143,6 +135,53 @@ jobs: |
143 | 135 | name: Install PHP dependencies |
144 | 136 | run: composer install --no-interaction |
145 | 137 |
|
| 138 | + - name: Run security checks |
| 139 | + run: | |
| 140 | + set -e |
| 141 | +
|
| 142 | + IGNORED=$(jq -r '.config.audit.ignore[]?' composer.json | sort || true) |
| 143 | +
|
| 144 | + if [ -n "$IGNORED" ]; then |
| 145 | + echo "Ignored CVEs:" |
| 146 | + echo "$IGNORED" |
| 147 | + echo |
| 148 | + fi |
| 149 | +
|
| 150 | + composer audit --no-interaction --abandoned=ignore --no-dev |
| 151 | +
|
| 152 | + symfony security:check --format=json > symfony-audit.json || true |
| 153 | +
|
| 154 | + FOUND=$(jq -r '.[]?.advisories[]?.cve? // empty' symfony-audit.json | sort | uniq) |
| 155 | + DIFF=$(comm -23 <(echo "$FOUND") <(echo "$IGNORED")) |
| 156 | +
|
| 157 | + if [ -n "$DIFF" ]; then |
| 158 | + echo "❌ New vulnerabilities found by Symfony security:check:" |
| 159 | + echo "$DIFF" |
| 160 | + exit 1 |
| 161 | + else |
| 162 | + echo "✅ No new vulnerabilities found by Symfony security:check." |
| 163 | + fi |
| 164 | +
|
| 165 | + - |
| 166 | + name: Run ECS |
| 167 | + run: vendor/bin/ecs check |
| 168 | + |
| 169 | + - |
| 170 | + name: Validate composer.json |
| 171 | + run: composer validate --ansi --strict |
| 172 | + |
| 173 | + - |
| 174 | + name: Run analysis |
| 175 | + run: composer analyse |
| 176 | + |
| 177 | + - |
| 178 | + name: Run PHPStan |
| 179 | + run: vendor/bin/phpstan analyse -c phpstan.neon.dist src/ |
| 180 | + |
| 181 | + - |
| 182 | + name: Run PHPSpec |
| 183 | + run: vendor/bin/phpspec run --ansi -f progress --no-interaction |
| 184 | + |
146 | 185 | - |
147 | 186 | name: Get Yarn cache directory |
148 | 187 | id: yarn-cache |
@@ -193,32 +232,16 @@ jobs: |
193 | 232 | run: (cd tests/Application && bin/console sylius:fixtures:load -n) |
194 | 233 |
|
195 | 234 | - |
196 | | - name: Run security check |
197 | | - run: symfony security:check |
198 | | - |
199 | | - - |
200 | | - name: Run ECS |
201 | | - run: vendor/bin/ecs check |
202 | | - |
203 | | - - |
204 | | - name: Validate composer.json |
205 | | - run: composer validate --ansi --strict |
206 | | - |
207 | | - - |
208 | | - name: Run analysis |
209 | | - run: composer analyse |
210 | | - |
211 | | - - |
212 | | - name: Run PHPStan |
213 | | - run: vendor/bin/phpstan analyse -c phpstan.neon.dist src/ |
| 235 | + name: Run PHPUnit |
| 236 | + run: vendor/bin/phpunit --colors=always |
214 | 237 |
|
215 | 238 | - |
216 | | - name: Run PHPSpec |
217 | | - run: vendor/bin/phpspec run --ansi -f progress --no-interaction |
| 239 | + name: Run Chrome Headless |
| 240 | + run: google-chrome-stable --enable-automation --disable-background-networking --no-default-browser-check --no-first-run --disable-popup-blocking --disable-default-apps --allow-insecure-localhost --disable-translate --disable-extensions --no-sandbox --enable-features=Metal --headless --remote-debugging-port=9222 --window-size=2880,1800 --proxy-server='direct://' --proxy-bypass-list='*' http://127.0.0.1 > /dev/null 2>&1 & |
218 | 241 |
|
219 | 242 | - |
220 | | - name: Run PHPUnit |
221 | | - run: vendor/bin/phpunit --colors=always |
| 243 | + name: Run webserver |
| 244 | + run: (cd tests/Application && symfony server:start --port=8080 --dir=public --daemon) |
222 | 245 |
|
223 | 246 | - |
224 | 247 | name: Run Behat |
|
0 commit comments