-
Notifications
You must be signed in to change notification settings - Fork 1
134 lines (118 loc) · 3.96 KB
/
build.yml
File metadata and controls
134 lines (118 loc) · 3.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: Build
on:
- push
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.5'
extensions: bcmath, ctype, curl, fileinfo, gd, intl, json, ldap, mbstring, mysqli, openssl, pdo, redis, sqlite3, tokenizer, uuid, xml, zip
coverage: none
env:
fail-fast: true
GITHUB_TOKEN: ${{ github.token }}
- name: Get Composer cache directory
id: composer-cache
run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
- name: Setup Composer cache
uses: actions/cache@v5
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('composer.lock') }}
restore-keys: ${{ runner.os }}-composer-
- name: Install Composer dependencies
env:
COMPOSER_AUTH: >-
{"github-oauth":{"github.com":"${{ github.token }}"},"http-basic":{"nova.laravel.com":{"username":"${{ secrets.LARAVEL_NOVA_USERNAME }}","password":"${{ secrets.LARAVEL_NOVA_PASSWORD }}"}}}
run: composer install --no-ansi --no-interaction --no-scripts --no-progress --prefer-dist
- name: Run Pint
run: vendor/bin/pint --test
- name: Run PHPCS
run: vendor/bin/phpcs .
# - name: Run Phan
# run: vendor/bin/phan --no-progress-bar --analyze-twice
- name: Run Psalm
run: vendor/bin/psalm --output-format=github --no-progress
docker:
name: Docker
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4
- name: Log in to GHCR
uses: docker/login-action@v4
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Write Composer auth file
run: |
echo '{"github-oauth":{"github.com":"${{ github.token }}"},"http-basic":{"nova.laravel.com":{"username":"${{ secrets.LARAVEL_NOVA_USERNAME }}","password":"${{ secrets.LARAVEL_NOVA_PASSWORD }}"}}}' > auth.json
- name: Build and push
id: build
uses: docker/build-push-action@v7
with:
tags: ghcr.io/robojackets/loop:latest
network: host
pull: true
push: true
secret-files: composer_auth=./auth.json
target: ${{ github.ref == 'refs/heads/main' && 'backend-compressed' || 'backend-uncompressed' }}
cache-from: type=gha
cache-to: type=gha,mode=max
outputs:
image-digest: ${{ steps.build.outputs.digest }}
deploy-test:
name: Deploy
needs: [lint, docker]
uses: ./.github/workflows/deploy.yml
concurrency:
group: deploy-test
cancel-in-progress: true
permissions:
id-token: write
contents: read
packages: read
with:
image-digest: ${{ needs.docker.outputs.image-digest }}
environment: test
precompressed-assets: true
deploy-production:
name: Deploy
needs: [docker, deploy-test]
uses: ./.github/workflows/deploy.yml
if: ${{ github.ref == 'refs/heads/main' }}
concurrency:
group: deploy-production
cancel-in-progress: true
permissions:
id-token: write
contents: read
packages: read
with:
image-digest: ${{ needs.docker.outputs.image-digest }}
environment: production
precompressed-assets: true
prune-stale-images:
name: Prune stale images
runs-on: ubuntu-latest
needs: [docker, deploy-production]
permissions:
packages: write
steps:
- uses: snok/container-retention-policy@v3.0.1
with:
account: robojackets
token: ${{ secrets.GITHUB_TOKEN }}
image-names: loop
skip-shas: ${{ needs.docker.outputs.image-digest }}
cut-off: 0s