Fix language permissions #7420
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # To upgrade pinned actions: Use https://github.com/mheap/pin-github-action | |
| name: CI - Backend | |
| on: | |
| push: | |
| branches-ignore: | |
| - "main" | |
| - "release/**" | |
| paths: | |
| - "**" | |
| - "!.github/**" | |
| - ".github/workflows/backend.yml" | |
| - "!.tx/**" | |
| - "!.vscode/**" | |
| - "!assets/**" | |
| - "!panel/**" | |
| - "!scripts/**" | |
| pull_request: | |
| branches-ignore: | |
| - "main" | |
| - "release/**" | |
| paths: | |
| - "**" | |
| - "!.github/**" | |
| - ".github/workflows/backend.yml" | |
| - "!.tx/**" | |
| - "!.vscode/**" | |
| - "!assets/**" | |
| - "!panel/**" | |
| - "!scripts/**" | |
| workflow_call: | |
| workflow_dispatch: | |
| jobs: | |
| tests: | |
| name: "Unit tests - PHP ${{ matrix.php }}" | |
| # run job only under the following conditions: | |
| # - can be triggered manually from any repository | |
| # - if on pull request, only run if from a fork | |
| # (our own repo is covered by the push event) | |
| # - if on push, only run CI automatically for the | |
| # main getkirby/kirby repo and for forks | |
| if: > | |
| github.event_name == 'workflow_dispatch' || | |
| ( | |
| github.event_name == 'pull_request' && | |
| github.event.pull_request.head.repo.full_name != github.repository | |
| ) || | |
| ( | |
| github.event_name == 'push' && | |
| (github.repository == 'getkirby/kirby' || github.repository_owner != 'getkirby') | |
| ) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| strategy: | |
| matrix: | |
| php: [ "8.1", "8.2", "8.3" ] | |
| env: | |
| extensions: mbstring, ctype, curl, gd, apcu, memcached | |
| ini: apc.enabled=1, apc.enable_cli=1, pcov.directory=., "pcov.exclude=\"~(vendor|tests)~\"" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3 | |
| with: | |
| fetch-depth: 2 | |
| - name: Preparations | |
| run: mkdir sarif | |
| - name: Install memcached | |
| uses: niden/actions-memcached@3b3ecd9d0d035ea92db716dc1540a7dbe9e56349 # pin@v7 | |
| - name: Install system locales | |
| run: sudo apt-get update && sudo apt-get install -y locales-all | |
| - name: Setup PHP cache environment | |
| id: ext-cache | |
| uses: shivammathur/cache-extensions@f9643262bed1015eb7bfad95e63378b23bc2d319 # pin@v1 | |
| with: | |
| php-version: ${{ matrix.php }} | |
| extensions: ${{ env.extensions }} | |
| key: php-v1 | |
| - name: Cache PHP extensions | |
| uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # pin@v3 | |
| with: | |
| path: ${{ steps.ext-cache.outputs.dir }} | |
| key: ${{ steps.ext-cache.outputs.key }} | |
| restore-keys: ${{ steps.ext-cache.outputs.key }} | |
| - name: Setup PHP environment | |
| uses: shivammathur/setup-php@6d7209f44a25a59e904b1ee9f3b0c33ab2cd888d # pin@v2 | |
| with: | |
| php-version: ${{ matrix.php }} | |
| extensions: ${{ env.extensions }} | |
| ini-values: ${{ env.ini }} | |
| coverage: pcov | |
| tools: phpunit:10.5.5, psalm:5.20.0 | |
| - name: Setup problem matchers | |
| run: | | |
| echo "::add-matcher::${{ runner.tool_cache }}/php.json" | |
| echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json" | |
| - name: Cache analysis data | |
| id: finishPrepare | |
| uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # pin@v3 | |
| with: | |
| path: ~/.cache/psalm | |
| key: backend-analysis-${{ matrix.php }} | |
| - name: Check Composer platform requirements | |
| if: always() && steps.finishPrepare.outcome == 'success' | |
| run: composer check-platform-reqs | |
| - name: Run tests | |
| if: always() && steps.finishPrepare.outcome == 'success' | |
| run: phpunit --fail-on-skipped --coverage-clover ${{ github.workspace }}/clover.xml | |
| - name: Statically analyze using Psalm | |
| if: always() && steps.finishPrepare.outcome == 'success' | |
| run: psalm --output-format=github --php-version=${{ matrix.php }} --report=sarif/psalm.sarif --report-show-info=false | |
| - name: Upload coverage results to Codecov | |
| env: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| PHP: ${{ matrix.php }} | |
| if: env.token != '' | |
| uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # pin@v3 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} # for better reliability if the GitHub API is down | |
| fail_ci_if_error: true | |
| files: ${{ github.workspace }}/clover.xml | |
| flags: backend | |
| env_vars: PHP | |
| - name: Upload code scanning results to GitHub | |
| if: always() && steps.finishPrepare.outcome == 'success' && github.repository == 'getkirby/kirby' | |
| uses: github/codeql-action/upload-sarif@4a8f20f6b9b5114f354129a1e2f391d75bfd640a # pin@v2 | |
| with: | |
| sarif_file: sarif | |
| analysis: | |
| name: "Code Quality" | |
| # run job only under the following conditions: | |
| # - can be triggered manually from any repository | |
| # - if on pull request, only run if from a fork | |
| # (our own repo is covered by the push event) | |
| # - if on push, only run CI automatically for the | |
| # main getkirby/kirby repo and for forks | |
| if: > | |
| github.event_name == 'workflow_dispatch' || | |
| ( | |
| github.event_name == 'pull_request' && | |
| github.event.pull_request.head.repo.full_name != github.repository | |
| ) || | |
| ( | |
| github.event_name == 'push' && | |
| (github.repository == 'getkirby/kirby' || github.repository_owner != 'getkirby') | |
| ) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| env: | |
| php: "8.1" | |
| extensions: mbstring, ctype, curl, gd, apcu, memcached | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3 | |
| - name: Preparations | |
| run: mkdir sarif | |
| - name: Setup PHP cache environment | |
| id: ext-cache | |
| uses: shivammathur/cache-extensions@f9643262bed1015eb7bfad95e63378b23bc2d319 # pin@v1 | |
| with: | |
| php-version: ${{ env.php }} | |
| extensions: ${{ env.extensions }} | |
| key: php-analysis-v1 | |
| - name: Cache PHP extensions | |
| uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # pin@v3 | |
| with: | |
| path: ${{ steps.ext-cache.outputs.dir }} | |
| key: ${{ steps.ext-cache.outputs.key }} | |
| restore-keys: ${{ steps.ext-cache.outputs.key }} | |
| - name: Setup PHP environment | |
| id: finishPrepare | |
| uses: shivammathur/setup-php@6d7209f44a25a59e904b1ee9f3b0c33ab2cd888d # pin@v2 | |
| with: | |
| php-version: ${{ env.php }} | |
| extensions: ${{ env.extensions }} | |
| coverage: none | |
| tools: | | |
| composer:2.4.4, composer-normalize:2.28.3, composer-require-checker:4.1.0, | |
| composer-unused:0.7.12, phpmd:2.13.0 | |
| - name: Validate composer.json/composer.lock | |
| if: always() && steps.finishPrepare.outcome == 'success' | |
| run: composer validate --strict --no-check-version --no-check-all | |
| - name: Ensure that composer.json is normalized | |
| if: always() && steps.finishPrepare.outcome == 'success' | |
| run: composer-normalize --dry-run | |
| - name: Check for unused Composer dependencies | |
| if: always() && steps.finishPrepare.outcome == 'success' | |
| run: composer-unused --no-progress | |
| - name: Statically analyze using PHPMD | |
| if: always() && steps.finishPrepare.outcome == 'success' | |
| run: phpmd . github phpmd.xml.dist --exclude 'dependencies/*,tests/*,vendor/*' --reportfile-sarif sarif/phpmd.sarif | |
| - name: Upload code scanning results to GitHub | |
| if: always() && steps.finishPrepare.outcome == 'success' && github.repository == 'getkirby/kirby' | |
| uses: github/codeql-action/upload-sarif@4a8f20f6b9b5114f354129a1e2f391d75bfd640a # pin@v2 | |
| with: | |
| sarif_file: sarif | |
| coding-style: | |
| name: "Coding Style" | |
| # run job only under the following conditions: | |
| # - can be triggered manually from any repository | |
| # - if on pull request, only run if from a fork | |
| # (our own repo is covered by the push event) | |
| # - if on push, only run CI automatically for the | |
| # main getkirby/kirby repo and for forks | |
| if: > | |
| github.event_name == 'workflow_dispatch' || | |
| ( | |
| github.event_name == 'pull_request' && | |
| github.event.pull_request.head.repo.full_name != github.repository | |
| ) || | |
| ( | |
| github.event_name == 'push' && | |
| (github.repository == 'getkirby/kirby' || github.repository_owner != 'getkirby') | |
| ) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| env: | |
| php: "8.1" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3 | |
| - name: Setup PHP environment | |
| uses: shivammathur/setup-php@6d7209f44a25a59e904b1ee9f3b0c33ab2cd888d # pin@v2 | |
| with: | |
| php-version: ${{ env.php }} | |
| coverage: none | |
| tools: php-cs-fixer:3.13.0 | |
| - name: Cache analysis data | |
| id: finishPrepare | |
| uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # pin@v3 | |
| with: | |
| path: ~/.php-cs-fixer | |
| key: coding-style | |
| - name: Check for PHP coding style violations | |
| if: always() && steps.finishPrepare.outcome == 'success' | |
| run: php-cs-fixer fix --diff --dry-run |