mirror of
https://github.com/MarijnDoeve/TijdVoorDeTest.git
synced 2026-07-04 22:50:15 +02:00
281462fab8
* Added Gedmo stuff, fix translations * Add CSRF token validation across backoffice forms - Added CSRF validations to candidate correction, penalty, answer saving, and elimination forms. - Updated corresponding Twig templates to include CSRF token inputs. - Adjusted column count in `tab_result` template to maintain layout consistency. * Add unique index constraint for `quiz_candidate` with soft delete support - Updated migration to include a unique index on `quiz_candidate` table that excludes soft-deleted records. - Adjusted `QuizCandidate` entity to reflect the new unique constraint with `deleted_at` condition. * Add CSRF token validation for quiz-related actions - Added CSRF validation to `enableQuiz`, `clearQuiz`, `deleteQuiz`, `toggleCandidate`, and `prepareElimination` actions. - Updated Twig templates to replace links with POST forms to include CSRF tokens. - Set HTTP method restrictions for related endpoints to `POST`. * Fix unique index condition for `quiz_candidate` with soft deletes - Updated condition in unique index definition of `quiz_candidate` to add parentheses for clarity. - Adjusted related migration to reflect the revised condition. * Remove if for post an use methods in Route instead * Refactor CSRF token validation in backoffice controllers - Applied `#[IsCsrfTokenValid]` attribute for CSRF checks to simplify and standardize validation. - Removed manual `isCsrfTokenValid` calls and associated exception throwing. - Updated method signatures across affected endpoints to remove unnecessary `Request` dependency. - Ensured consistency in route HTTP method restrictions where applicable. * Add rector and phpstan * Add validation for answering incorrect quiz question - Added logic to prevent candidates from answering questions out of sequence in `QuizController`. - Updated Dutch translations to include the new error message. * Things
141 lines
4.9 KiB
YAML
141 lines
4.9 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
tags:
|
|
- '*'
|
|
pull_request: ~
|
|
workflow_dispatch: ~
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
|
cancel-in-progress: true
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
tests:
|
|
name: Tests
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
checks: write
|
|
pull-requests: write
|
|
contents: read
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
- name: Lint Dockerfile
|
|
uses: hadolint/hadolint-action@v3.1.0
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
- name: Build Docker images
|
|
uses: docker/bake-action@v5
|
|
with:
|
|
pull: true
|
|
load: true
|
|
files: |
|
|
compose.yaml
|
|
compose.override.yaml
|
|
set: |
|
|
*.cache-from=type=gha,scope=${{github.ref}}
|
|
*.cache-from=type=gha,scope=refs/heads/main
|
|
*.cache-to=type=gha,scope=${{github.ref}},mode=max
|
|
- name: Start services
|
|
run: docker compose up php database --wait --no-build
|
|
- name: Lint Twig templates
|
|
run: docker compose exec -T php bin/console lint:twig --format=github templates
|
|
- name: Coding Style
|
|
run: docker compose exec -T php vendor/bin/php-cs-fixer check --diff --show-progress=none
|
|
- name: Twig Coding Style
|
|
run: docker compose exec -T php vendor/bin/twig-cs-fixer check
|
|
- name: Static Analysis (PHPStan)
|
|
run: docker compose exec -T php vendor/bin/phpstan analyse --no-progress --no-ansi --error-format=github
|
|
- name: Rector
|
|
run: docker compose exec -T php vendor/bin/rector process --dry-run --no-progress-bar --output-format=github
|
|
- name: Check HTTP reachability
|
|
run: curl -v --fail-with-body http://localhost
|
|
- name: Check Mercure reachability
|
|
if: false
|
|
run: curl -vkI --fail-with-body https://localhost/.well-known/mercure?topic=test
|
|
- name: Create test database
|
|
run: docker compose exec -T php bin/console -e test doctrine:database:create
|
|
- name: Run migrations
|
|
run: docker compose exec -T php bin/console -e test doctrine:migrations:migrate --no-interaction
|
|
- name: Load fixtures
|
|
run: docker compose exec -T php bin/console -e test doctrine:fixtures:load --no-interaction --group=test
|
|
- name: Run PHPUnit
|
|
run: docker compose exec -T php vendor/bin/phpunit --log-junit var/phpunit/junit.xml
|
|
- name: Publish PHPUnit test results
|
|
if: always()
|
|
uses: mikepenz/action-junit-report@v5
|
|
with:
|
|
report_paths: var/phpunit/junit.xml
|
|
check_name: PHPUnit
|
|
- name: Doctrine Schema Validator
|
|
run: docker compose exec -T php bin/console -e test doctrine:schema:validate
|
|
|
|
build-deploy:
|
|
name: Build and deploy to ${{ startsWith(github.ref, 'refs/tags/') && 'production' || (github.ref == 'refs/heads/main' && 'acceptance' || '') }}
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
environment:
|
|
name: ${{ startsWith(github.ref, 'refs/tags/') && 'production' || (github.ref == 'refs/heads/main' && 'acceptance' || '') }}
|
|
url: ${{ vars.URL }}
|
|
needs: tests
|
|
runs-on: ubuntu-latest
|
|
if: (github.ref == 'refs/heads/main' && false) || startsWith(github.ref, 'refs/tags/')
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
- name: Log in to GitHub Container Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Extract metadata
|
|
id: meta
|
|
run: |
|
|
REPO_LOWER=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
|
|
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
|
|
TAG="${GITHUB_REF#refs/tags/}"
|
|
{
|
|
echo "tag=$TAG"
|
|
echo "full_name=ghcr.io/${REPO_LOWER}:$TAG"
|
|
} >> "$GITHUB_OUTPUT"
|
|
else
|
|
SHORT_SHA=$(git rev-parse --short HEAD)
|
|
{
|
|
echo "tag=$SHORT_SHA"
|
|
echo "full_name=ghcr.io/${REPO_LOWER}:$SHORT_SHA"
|
|
} >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
- name: Build and Push Docker images
|
|
uses: docker/bake-action@v5
|
|
with:
|
|
pull: true
|
|
push: true
|
|
files: |
|
|
compose.yaml
|
|
compose.build.yaml
|
|
set: |
|
|
*.cache-from=type=gha,scope=${{github.ref}}
|
|
*.cache-from=type=gha,scope=refs/heads/main
|
|
*.cache-to=type=gha,scope=${{github.ref}},mode=max
|
|
*.tags=${{ steps.meta.outputs.full_name }}
|
|
|
|
- name: Trigger Portainer Deployment
|
|
shell: bash
|
|
env:
|
|
PORTAINER_WEBHOOK: ${{secrets.PORTAINER_WEBHOOK}}
|
|
run: |
|
|
curl -v -X POST "$PORTAINER_WEBHOOK"?IMAGE_TAG=${{steps.meta.outputs.tag}} --fail-with-body
|