ci: initialize aurora submodule in checkout #29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| permissions: | |
| contents: read | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main, develop] | |
| types: [opened, synchronize, reopened, ready_for_review] | |
| jobs: | |
| check: | |
| name: Lint, Test & Security | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| submodules: true | |
| - name: Setup PHP 8.5 | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: '8.5' | |
| coverage: pcov | |
| tools: composer | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: lts/* | |
| - name: Install Composer dependencies | |
| run: composer install --no-progress --no-interaction | |
| - name: Install npm dependencies | |
| run: npm install | |
| - name: Install Playwright browsers | |
| run: npx playwright install --with-deps chromium | |
| - name: PHP syntax check | |
| run: | | |
| find . -name '*.php' \ | |
| -not -path './vendor/*' \ | |
| -not -path './node_modules/*' \ | |
| -not -path './aurora/*' \ | |
| -print0 | xargs -0 -n1 php -l | |
| - name: Harness validation | |
| run: bash .github/scripts/validate-harness.sh | |
| - name: PHP CS Fixer (dry-run) | |
| run: php vendor/bin/php-cs-fixer fix --dry-run --diff | |
| - name: Stylelint | |
| if: hashFiles('cdn/sass/**/*.scss') != '' | |
| run: npx stylelint "cdn/sass/**/*.scss" --allow-empty-input | |
| - name: ESLint | |
| if: hashFiles('cdn/js/**/*.js') != '' | |
| run: npx eslint "cdn/js/**/*.js" --ignore-pattern "*.min.js" --no-error-on-unmatched-pattern | |
| - name: Start PHP dev server | |
| if: hashFiles('tests/Browser/**/*.php') != '' | |
| run: | | |
| php -S localhost:8080 -t tests/Browser/fixtures/ > /dev/null 2>&1 & | |
| echo "PHP_SERVER_PID=$!" >> $GITHUB_ENV | |
| - name: Pest (coverage >= 80%) | |
| if: hashFiles('tests/Unit/**/*.php', 'tests/Feature/**/*.php', 'tests/Integration/**/*.php', 'tests/Browser/**/*.php') != '' | |
| run: php vendor/bin/pest --coverage --min=80 | |
| env: | |
| PEST_BROWSER_BASE_URL: http://localhost:8080 | |
| - name: Stop PHP dev server | |
| if: always() && hashFiles('tests/Browser/**/*.php') != '' | |
| run: kill $PHP_SERVER_PID 2>/dev/null || true | |
| - name: Semgrep SAST | |
| run: | | |
| python3 -m pip install --quiet semgrep | |
| semgrep ci | |
| env: | |
| SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} | |
| - name: Gitleaks | |
| uses: gitleaks/gitleaks-action@v2 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }} | |
| - name: Commitlint | |
| if: github.event_name == 'pull_request' | |
| run: | | |
| echo "${{ github.event.pull_request.title }}" | npx commitlint --verbose | |
| git fetch origin "${{ github.event.pull_request.base.ref }}" | |
| npx commitlint --from="origin/${{ github.event.pull_request.base.ref }}" --to="HEAD" --verbose |