Move IMAGE_TAG and SENTRY_RELEASE step outputs into env: vars so they
are passed as environment variables rather than interpolated directly
into the shell command string, eliminating a potential script-injection
vector via a crafted tag or Sentry version value.
The Sentry action receives the v-stripped version (e.g. 0.1.1) but the
app's SENTRY_RELEASE was set to IMAGE_TAG (e.g. v0.1.1). This caused
Sentry to auto-create a second release from incoming events, labelling it
(non-semver) instead of associating events with the properly created release.
Pass SENTRY_RELEASE as a separate query param through the Portainer webhook
(using the already-computed sentry_version output) and reference that in
compose.prod.yaml instead of IMAGE_TAG.
* ci: split dev image build into a shared job
Extract the Docker build step into a dedicated `build` job so `quality`
and `tests` no longer each build the image independently. Both jobs now
load from the shared `devbuild` GHA cache scope and declare `needs: build`.
* ci: skip quality+tests on tag push, verify prior CI run instead
When tagging a commit that already passed CI on main, there is no need
to run quality and tests again. Both jobs now skip for tag refs.
A new `verify-prior-run` job runs instead: it queries the GitHub API for
a prior successful CI run on the same SHA (excluding the current run) and
fails fast if none is found, preventing deployment of untested tags.
`build-deploy` now uses `always() && !cancelled() && !failure()` so it
handles the mix of skipped (quality/tests) and successful (verify-prior-run)
needed jobs correctly.
* ci: bump GitHub Actions to Node.js 24 compatible versions
* ci: add Dependabot config for GitHub Actions version updates
* ci: pin all GitHub Actions to commit SHAs
* ci: disable credential persistence on all checkout steps
* Strip v-prefix from version tag before passing to Sentry
GitHub tags follow the v1.2.3 convention, but Sentry requires bare
semver (1.2.3) to recognise releases as valid semver. Extract a
sentry_version output in the meta step that strips the leading v.
* Parallelize CI: split quality and tests jobs, add continue-on-error
- Split the single tests job into parallel quality and tests jobs,
saving ~4 min wall-clock time per run
- Quality checks (lint, CS, PHPStan, Rector) now all run with
continue-on-error so every failure is visible in one pass; a
final Assert step fails the job if any check failed
- Add cache:warmup before PHPStan so the Symfony dev container XML
exists and the Symfony extension has full type information
- Use per-job GHA cache scopes to avoid parallel cache write races
- Use cache mode=min on PRs, mode=max on main/tags
- Add timeout-minutes (20/20/15) to all jobs
- Remove dead if:false Mercure reachability step
- Fix Portainer webhook URL quoting
- build-deploy now needs: [quality, tests]
* Simplify build-deploy job name and environment expressions
* Use static name for build-deploy job (expressions not evaluated when skipped)
* build-deploy only needs tests, not quality (quality is informational)
* Revert: build-deploy needs both quality and tests
* Added Gedmo stuff, fix translations
* Add CSRF token validation across backoffice forms
- Added CSRF validations to candidate correction, penalty, answer saving, and elimination forms.
- Updated corresponding Twig templates to include CSRF token inputs.
- Adjusted column count in `tab_result` template to maintain layout consistency.
* Add unique index constraint for `quiz_candidate` with soft delete support
- Updated migration to include a unique index on `quiz_candidate` table that excludes soft-deleted records.
- Adjusted `QuizCandidate` entity to reflect the new unique constraint with `deleted_at` condition.
* Add CSRF token validation for quiz-related actions
- Added CSRF validation to `enableQuiz`, `clearQuiz`, `deleteQuiz`, `toggleCandidate`, and `prepareElimination` actions.
- Updated Twig templates to replace links with POST forms to include CSRF tokens.
- Set HTTP method restrictions for related endpoints to `POST`.
* Fix unique index condition for `quiz_candidate` with soft deletes
- Updated condition in unique index definition of `quiz_candidate` to add parentheses for clarity.
- Adjusted related migration to reflect the revised condition.
* Remove if for post an use methods in Route instead
* Refactor CSRF token validation in backoffice controllers
- Applied `#[IsCsrfTokenValid]` attribute for CSRF checks to simplify and standardize validation.
- Removed manual `isCsrfTokenValid` calls and associated exception throwing.
- Updated method signatures across affected endpoints to remove unnecessary `Request` dependency.
- Ensured consistency in route HTTP method restrictions where applicable.
* Add rector and phpstan
* Add validation for answering incorrect quiz question
- Added logic to prevent candidates from answering questions out of sequence in `QuizController`.
- Updated Dutch translations to include the new error message.
* Things
CI / Build and deploy to ${{ startsWith(github.ref, 'refs/tags/') && 'production' || (github.ref == 'refs/heads/main' && 'acceptance' || '') }} (push) Has been skipped
* Some tests
* More tests!
* Tests 3
* Move getScores from Candidate to Quiz
* Add some suggestions for future refactoring
* - **Add Gedmo doctrine-extensions and Stof bundle integration**
- Added `stof/doctrine-extensions-bundle` and `gedmo/doctrine-extensions` dependencies.
- Integrated `Timestampable` behavior for `Created` fields in entities.
- Updated `bundles.php` to register StofDoctrineExtensionsBundle.
- Added configuration for the Stof bundle.
- Simplified `SeasonVoter` with `match` expression and added new tests.
- Minor fixes and adjustments across various files.
* WIP
* All the tests
* Base64 tests
* Symfomny 7.4.0
* Update
* Update recipe
* PHP 8.5
* Rector changes
* More 8.5
* Things
CI / Build and deploy to ${{ startsWith(github.ref, 'refs/tags/') && 'production' || (github.ref == 'refs/heads/main' && 'acceptance' || '') }} (push) Has been skipped
This commit introduces functionality to manage candidate corrections in the backoffice, with updated templates and a new route handler. The SeasonVoter is refactored to support additional entities, and scoring logic is updated to incorporate corrections consistently. Includes test coverage for voter logic and UI improvements for score tables.
This commit adds initial importmap configuration to manage assets, updates the elimination preparation workflow with form enhancements and database changes, introduces new styles and JS assets, refines translations, and improves entity handling with an input bag update method.
This commit introduces a refactored EliminationFactory for better modularity, updates the elimination preparation process, and adds functionality to view eliminations. Backoffice templates and forms have been reorganized, minor translations were corrected, and additional assets like styles and flashes were included for enhanced user experience.