[SDPPE-100] Updated permissions. #1
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: tide_build | ||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| module_build: | ||
| description: Set to true to install dev-tools before building the project. | ||
| type: string | ||
| required: false | ||
| default: false | ||
| runner: | ||
| description: Name of the runner instance to use. | ||
| type: string | ||
| required: false | ||
| default: biggy | ||
| run_shipshape_audit: | ||
| description: Set to true to run shipshape audit. | ||
| type: boolean | ||
| required: false | ||
| default: false | ||
| env: | ||
| REGISTRY: ghcr.io | ||
| Add permissions block with required permissions used for shipshape audit | ||
| permissions: | ||
| checks: write | ||
| contents: read | ||
| pull-requests: write | ||
| packages: read | ||
| jobs: | ||
| check-nginx-config: | ||
| name: check-nginx-config | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v2 | ||
| - name: Set up Docker | ||
| uses: docker/setup-buildx-action@v2 | ||
| - name: Create Docker network | ||
| run: docker network create test-network | ||
| - name: Run PHP container | ||
| run: docker run -d --name php --network test-network php:7.4-fpm | ||
| - name: Run Nginx container with long-running command | ||
| run: docker run -d --name nginx-container --network test-network ghcr.io/dpc-sdp/bay/nginx:6.x tail -f /dev/null | ||
| - name: Test Nginx configuration Results | ||
| run: | | ||
| docker exec nginx-container sh -c "nginx -t" | ||
| continue-on-error: true | ||
| - name: Check Nginx test results | ||
| run: | | ||
| RESULT=$(docker exec nginx-container sh -c "nginx -t" 2>&1) | ||
| echo "$RESULT" | ||
| if echo "$RESULT" | grep -q 'successful'; then | ||
| echo "Nginx configuration test successful" | ||
| else | ||
| echo "Nginx configuration test failed" | ||
| exit 1 | ||
| fi | ||
| shell: bash | ||
| build_tide: | ||
| name: tide_build | ||
| runs-on: ${{ inputs.runner }} | ||
| container: | ||
| image: ghcr.io/dpc-sdp/bay/ci-builder:6.x | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| - name: Log into registry ghcr.io | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ${{ env.REGISTRY }} | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Uncomment database snapshot environment variable | ||
| if: ${{ inputs.module_build != 'true' }} | ||
| run: | | ||
| sed -i 's|# DB_IMAGE_SNAPSHOT|DB_IMAGE_SNAPSHOT|' .env | ||
| - name: Install dev-tools | ||
| if: ${{ inputs.module_build == 'true' }} | ||
| run: | | ||
| echo ==> Installing dev-tools... | ||
| if [ -f "./dev-tools.sh" ] && [ ! "$DEV_TOOLS" ]; then ./dev-tools.sh; fi | ||
| # GitHub Actions does not support cloning to a custom path. | ||
| - name: Copy repo | ||
| run: | | ||
| cp -R ${GITHUB_WORKSPACE} /app | ||
| - name: Run build script | ||
| run: | | ||
| /app/.circleci/build.sh | ||
| - name: Run test script | ||
| if: always() | ||
| run: | | ||
| /app/.circleci/test.sh | ||
| - name: Copy artifacts | ||
| if: always() | ||
| run: | | ||
| /app/.circleci/test-artifacts.sh | ||
| - name: Upload test results | ||
| uses: actions/upload-artifact@v4 | ||
| if: always() | ||
| with: | ||
| name: behat-results | ||
| path: /tmp/artifacts | ||
| shipshape-audit: | ||
| name: shipshape_audit | ||
| if: ${{ inputs.run_shipshape_audit == true }} | ||
| uses: ./.github/workflows/shipshape.yml | ||
| secrets: inherit | ||
