Skip to content

fix: implement admin permissions #1431

fix: implement admin permissions

fix: implement admin permissions #1431

Workflow file for this run

name: CI
on:
push:
branches:
- main
- \d+.\d+
pull_request: ~
workflow_dispatch: ~
# Check api-platform/core:dev-main every sunday at 02:00
schedule:
- cron: 0 2 * * 0
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
tests:
name: Tests
runs-on: ubuntu-latest
permissions:
contents: 'read'
id-token: 'write'
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build Docker images
uses: docker/bake-action@v5
with:
pull: true
load: true
files: |
compose.yaml
compose.override.yaml
set: |
php.cache-from=type=gha,scope=${{ github.ref }}
php.cache-from=type=gha,scope=refs/heads/main
php.cache-to=type=gha,scope=${{ github.ref }},mode=max
pwa.cache-from=type=gha,scope=${{ github.ref }}
pwa.cache-from=type=gha,scope=refs/heads/main
pwa.cache-to=type=gha,scope=${{ github.ref }},mode=max
keycloak.cache-from=type=gha,scope=${{ github.ref }}
keycloak.cache-from=type=gha,scope=refs/heads/main
keycloak.cache-to=type=gha,scope=${{ github.ref }},mode=max
-
name: Start services
run: docker compose up --wait --no-build
-
name: Update API Platform to latest
if: ${{ github.event_name == 'schedule' }}
run: docker compose exec php composer require api-platform/core:dev-main
-
name: Check HTTP reachability
run: curl -v --fail-with-body http://localhost
-
name: Check API reachability
run: curl -vk --fail-with-body https://localhost
-
name: Check PWA reachability
run: "curl -vk --fail-with-body -H 'Accept: text/html' https://localhost"
-
name: Create test database
run: docker compose exec -T php bin/console -e test doctrine:database:create
-
name: Run migrations
run: docker compose exec -T php bin/console -e test doctrine:migrations:migrate --no-interaction
-
name: Run PHPUnit
run: docker compose exec -T php vendor/bin/phpunit
-
name: Doctrine Schema Validator
run: docker compose exec -T php bin/console -e test doctrine:schema:validate
-
name: Run PHPStan
run: docker compose exec -T php vendor/bin/phpstan --memory-limit=256M
-
name: Check OpenAPI
run: docker compose exec -T php bin/console api:openapi:export --yaml | docker run --rm -i -v $(pwd)/redocly.yaml:/spec/redocly.yaml redocly/cli lint /dev/stdin
-
name: Debug services
if: failure()
run: |
docker compose ps
docker compose logs
# run e2e tests iso-prod
e2e-tests:
name: E2E Tests
runs-on: ubuntu-latest
permissions:
contents: 'read'
id-token: 'write'
strategy:
matrix:
# don't run @read and @write scenarios to prevent conflict between them
annotation:
- '@read'
- '@write'
fail-fast: false
env:
PHP_DOCKER_IMAGE: api-platform/demo/php:latest
PWA_DOCKER_IMAGE: api-platform/demo/pwa:latest
KEYCLOAK_DOCKER_IMAGE: api-platform/demo/keycloak:latest
APP_SECRET: ba63418865d58089f7f070e0a437b6d16b1fb970
CADDY_MERCURE_JWT_SECRET: 33b04d361e437e0d7d715600fc24fdefba317154
POSTGRES_PASSWORD: aae5bf316ef5fe87ad806c6a9240fff68bcfdaf7
KEYCLOAK_POSTGRES_PASSWORD: 26d7f630f1524eb210bbf496443f2038a9316e9e
KEYCLOAK_ADMIN_PASSWORD: 2f31e2fad93941b818449fd8d57fd019b6ce7fa5
# https://nextjs.org/docs/app/building-your-application/configuring/environment-variables#bundling-environment-variables-for-the-browser
NEXT_PUBLIC_OIDC_SERVER_URL: https://localhost/oidc/realms/demo
# https://docs.docker.com/compose/environment-variables/envvars/#compose_file
COMPOSE_FILE: compose.yaml:compose.prod.yaml:compose.e2e.yaml
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Generate AUTH_SECRET
run: echo "AUTH_SECRET=$(openssl rand -hex 32)" >> $GITHUB_ENV
-
name: Build Docker Images
uses: docker/bake-action@v5
with:
pull: true
load: true
files: |
compose.yaml
compose.prod.yaml
set: |
php.cache-from=type=gha,scope=${{ github.ref }}-e2e
php.cache-from=type=gha,scope=${{ github.ref }}
php.cache-from=type=gha,scope=refs/heads/main
php.cache-to=type=gha,scope=${{ github.ref }}-e2e,mode=max
pwa.cache-from=type=gha,scope=${{ github.ref }}-e2e
pwa.cache-from=type=gha,scope=${{ github.ref }}
pwa.cache-from=type=gha,scope=refs/heads/main
pwa.cache-to=type=gha,scope=${{ github.ref }}-e2e,mode=max
keycloak.cache-from=type=gha,scope=${{ github.ref }}-e2e
keycloak.cache-from=type=gha,scope=${{ github.ref }}
keycloak.cache-from=type=gha,scope=refs/heads/main
keycloak.cache-to=type=gha,scope=${{ github.ref }}-e2e,mode=max
-
name: Start Services
run: docker compose up --wait --no-build
-
name: Update API Platform to latest
if: ${{ github.event_name == 'schedule' }}
run: docker compose exec php composer require api-platform/core:dev-main
-
name: Load Fixtures
run: docker compose run --rm php bin/console doctrine:fixtures:load --no-interaction
-
name: Cache Playwright Binaries
id: playwright-cache
uses: actions/cache@v4
with:
path: ~/.cache/ms-playwright
key: ${{ runner.os }}-playwright
-
name: Install PNPM
uses: pnpm/action-setup@v4
with:
version: latest
-
name: Cache PNPM
uses: actions/cache@v4
with:
path: ${{ env.PNPM_HOME }}
key: ${{ runner.os }}-pnpm-${{ github.run_id }}
restore-keys: |
${{ runner.os }}-pnpm-
-
name: Install Dependencies
working-directory: pwa
run: pnpm install
-
name: Install Playwright Browsers with Deps
if: steps.playwright-cache.outputs.cache-hit != 'true'
working-directory: pwa
run: pnpm exec playwright install --with-deps
-
name: Install Playwright Browsers
if: steps.playwright-cache.outputs.cache-hit == 'true'
working-directory: pwa
run: pnpm exec playwright install
-
name: Run Playwright
working-directory: pwa
# use 1 worker to prevent conflict between scenarios (longer but safer)
run: pnpm exec playwright test --workers=1 --grep ${{ matrix.annotation }}
-
name: Debug Services
if: failure()
run: |
docker compose ps
docker compose logs
-
name: Debug Services
if: failure()
run: |
docker compose ps
docker compose logs
-
uses: actions/upload-artifact@v4
if: failure()
with:
name: playwright-screenshots
path: pwa/test-results
lint:
name: Lint
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
# Lint Dockerfiles
-
name: Lint Dockerfiles
uses: hadolint/[email protected]
with:
recursive: true
# Lint API
-
name: PHP CS Fixer Cache
uses: actions/cache@v4
with:
path: api/.php-cs-fixer.cache
key: ${{ runner.OS }}-phpcsfixer-${{ github.sha }}
restore-keys: |
${{ runner.OS }}-phpcsfixer-
-
name: Get API changed files
id: api-changed-files
uses: tj-actions/changed-files@v45
with:
files: api/**/*.php
-
name: Get Extra Arguments for PHP-CS-Fixer
id: phpcs-intersection
run: |
CHANGED_FILES=$(echo "${{ steps.api-changed-files.outputs.all_changed_and_modified_files }}" | tr ' ' '\n')
if ! echo "${CHANGED_FILES}" | grep -qE "^api\/(\\.php-cs-fixer(\\.dist)?\\.php|composer\\.lock)$"; then EXTRA_ARGS=$(printf -- '--path-mode=intersection\n--\n%s' "${CHANGED_FILES}"); else EXTRA_ARGS=''; fi
echo "PHPCS_EXTRA_ARGS<<EOF" >> $GITHUB_ENV
echo "$EXTRA_ARGS" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
-
name: Lint API
uses: docker://oskarstark/php-cs-fixer-ga
with:
args: --config=api/.php-cs-fixer.dist.php -v --dry-run --stop-on-violation --using-cache=no ${{ env.PHPCS_EXTRA_ARGS }}"
# Lint PWA
-
name: Install PNPM
uses: pnpm/action-setup@v4
with:
version: latest
-
name: Cache PNPM
uses: actions/cache@v4
with:
path: ${{ env.PNPM_HOME }}
key: ${{ runner.os }}-pnpm-${{ github.run_id }}
restore-keys: |
${{ runner.os }}-pnpm-
-
name: Install Dependencies
working-directory: pwa
run: pnpm install
-
name: Lint PWA
working-directory: pwa
run: pnpm lint
# Lint HELM
-
name: Cache Helm Dependencies
uses: actions/cache@v4
with:
path: helm/api-platform/charts/
key: ${{ runner.os }}-helm-dependencies-${{ github.run_id }}
restore-keys: |
${{ runner.os }}-helm-dependencies-
-
name: Build Helm Dependencies
run: |
helm repo add bitnami https://charts.bitnami.com/bitnami/
helm repo add stable https://charts.helm.sh/stable/
helm dependency build ./helm/api-platform
-
name: Lint Helm
run: helm lint ./helm/api-platform/
# Lint Markdown Docs
-
name: Lint changelog file
uses: docker://avtodev/markdown-lint:v1
with:
config: 'docs/.markdown-lint.yaml'
args: 'docs/**/*.md'