Skip to content

Bump symfony/http-client from 6.4.8 to 6.4.15 #3078

Bump symfony/http-client from 6.4.8 to 6.4.15

Bump symfony/http-client from 6.4.8 to 6.4.15 #3078

Workflow file for this run

name: CI
on:
push:
branches-ignore:
- 'dependabot/**'
tags:
- 'v*'
pull_request:
branches-ignore:
- 'dependabot/**'
workflow_dispatch:
concurrency:
group: ci-${{ github.head_ref }}
cancel-in-progress: true
jobs:
test-cgl:
name: Coding Guidelines Check
runs-on: ubuntu-latest
continue-on-error: false
env:
PHP_CS_FIXER_FUTURE_MODE: 1
steps:
- uses: actions/checkout@v4
- name: Setup PHP environment
uses: shivammathur/setup-php@v2
with:
php-version: '8.3'
tools: composer:v2
- name: Check code formatting with PHP-CS-Fixer
run: |
rm composer.json composer.lock
composer require friendsofphp/php-cs-fixer:^3.57
vendor/bin/php-cs-fixer fix --config=.php-cs-fixer.dist --diff --dry-run -v
lint:
name: FE Asset Linting
runs-on: ubuntu-latest
continue-on-error: false
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- name: Cache node_modules
uses: actions/cache@v4
with:
path: '**/node_modules'
key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }}
- name: Install npm packages
working-directory: ./src/Resources
run: npm install
- name: Run FE linters
working-directory: ./src/Resources
run: npm run lint
format:
name: FE asset formatting check
runs-on: ubuntu-latest
continue-on-error: false
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- name: Cache node_modules
uses: actions/cache@v4
with:
path: '**/node_modules'
key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }}
- name: Install npm packages
working-directory: ./src/Resources
run: npm install
- name: Run prettier check
working-directory: ./src/Resources
run: npm run format-check
phpmd:
name: PHPMD
runs-on: ubuntu-latest
continue-on-error: true
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup PHP environment
uses: shivammathur/setup-php@v2
with:
coverage: none
tools: phpmd
- name: Run PHPMD
run: phpmd src github ./phpmd.xml --baseline-file ./phpmd.baseline.xml --exclude */Tests/*
psalm:
name: Static Code Analysis
runs-on: ubuntu-latest
continue-on-error: false
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup PHP environment
uses: shivammathur/setup-php@v2
with:
php-version: '8.3'
tools: composer
- name: Run composer install
run: composer install -n --prefer-dist
- name: Run Psalm
run: ./vendor/bin/psalm
vueTsc:
name: Run frontend type check
runs-on: ubuntu-latest
continue-on-error: false
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- name: Cache node_modules
uses: actions/cache@v4
with:
path: '**/node_modules'
key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }}
- name: Install npm packages
working-directory: ./src/Resources
run: npm install
- name: Run vue-tsc
working-directory: ./src/Resources
run: npm run type-check
testFrontendUnitFunctional:
name: Run frontend unit- and functional-tests
runs-on: ubuntu-latest
continue-on-error: false
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- name: Cache node_modules
uses: actions/cache@v4
with:
path: '**/node_modules'
key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }}
- name: Install npm packages
working-directory: ./src/Resources
run: npm install
- name: Run FE vitest suite
working-directory: ./src/Resources
run: npm run test:unit
buildDevImage:
name: Build Development Docker Images
runs-on: ubuntu-latest
needs: [ test-cgl, psalm, phpmd, format, lint, vueTsc, testFrontendUnitFunctional ]
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 10
- name: Prepare build
run: |
mkdir -p /tmp/docker/buildx
git log -n 10 --date=short --format=format:"%C(auto)%h %ad @%al %s" >> public/changelog.txt
- name: Setup docker build caches
uses: actions/cache@v4
with:
key: ${{ runner.os }}-buildx
path: /tmp/docker/buildx
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
# Development image
- name: Get Docker meta for development
id: devmeta
uses: docker/metadata-action@v5
with:
images: aoepeople/meals:beta
tags: |
type=sha
type=ref,event=branch
- name: Build and push development image
id: build_dev
uses: docker/build-push-action@v6
with:
file: Dockerfile
push: false
tags: aoepeople/meals:test
labels: ${{ steps.devmeta.outputs.labels }}
build-args: |
BUILD_DEV="true"
cache-from: |
aoepeople/meals:beta
type=local,src=/tmp/docker/buildx
cache-to: type=local,dest=/tmp/docker/buildx
outputs: type=docker,dest=/tmp/docker/dev.tar
# Upload artifacts
- name: Upload docker images
uses: actions/upload-artifact@v4
with:
name: docker-dev-image
path: /tmp/docker/*.tar
outputs:
imageDev: aoepeople/meals:test
buildImages:
name: Build Docker Images
runs-on: ubuntu-latest
needs: [ test-cgl, psalm, phpmd, format, lint, vueTsc, testFrontendUnitFunctional ]
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 10
- name: Prepare build
run: |
mkdir -p /tmp/docker/buildx
git log -n 10 --date=short --format=format:"%C(auto)%h %ad @%al %s" >> public/changelog.txt
- name: Setup docker build caches
uses: actions/cache@v4
with:
key: ${{ runner.os }}-buildx
path: /tmp/docker/buildx
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
# Production Image
- name: Get Docker meta for production image
id: meta
uses: docker/metadata-action@v5
with:
images: aoepeople/meals
tags: |
type=sha
type=ref,event=branch
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=edge,branch=main
- name: Build and push production image
id: build_latest
uses: docker/build-push-action@v6
with:
context: .
push: false
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: |
aoepeople/meals:edge
type=local,src=/tmp/docker/buildx
cache-to: type=local,dest=/tmp/docker/buildx
outputs: type=docker,dest=/tmp/docker/app.tar
# Upload artifacts
- name: Upload docker images
uses: actions/upload-artifact@v4
with:
name: docker-app-image
path: /tmp/docker/*.tar
outputs:
image: ${{ fromJson(steps.meta.outputs.json).tags[0] }}
images: ${{ join(steps.meta.outputs.tags, ' ') }}
cypress:
name: Run E2E-tests via Cypress
needs: [ buildDevImage ]
runs-on: ubuntu-latest
env:
SERVICE: dev # use `dev` to enable xdebug and code coverage
IMAGE_DEV: ${{ needs.buildDevImage.outputs.imageDev }}
COMPOSE_INTERACTIVE_NO_CLI: true
strategy:
fail-fast: false
matrix:
containers: [1, 2, 3, 4]
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Checkout
uses: actions/checkout@v4
- name: Download docker images
uses: actions/download-artifact@v4
with:
name: docker-dev-image
path: /tmp/docker
- name: Import docker image
run: |
docker load --input /tmp/docker/dev.tar
docker image ls -a | grep aoepeople
- uses: actions/setup-node@v4
- name: Cache node_modules
uses: actions/cache@v4
with:
path: '**/node_modules'
key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }}
- name: Install npm packages
working-directory: ./src/Resources
run: npm install
- name: Make build dir
run: |
mkdir build
- name: Make .env file
run: |
sh -c "cat > .env.docker << 'EOL'
IDP_SERVER=\"${{ secrets.IDP_SERVER }}\"
IDP_CLIENT_ID=\"${{ secrets.IDP_CLIENT_ID }}\"
IDP_CLIENT_SECRET=\"${{ secrets.IDP_CLIENT_SECRET }}\"
EOL"
- name: Run Docker compose
run: |
docker compose -f ./docker-compose-cypress.yaml up --abort-on-container-exit &
echo "starting the docker compose..." &
yarn --cwd=./tests/e2e install &&
until $(curl --output /dev/null --silent --head --fail http://localhost:80/); do
printf '.'
sleep 5
done &&
yarn --cwd=./tests/e2e cross-env-shell cypress run --headless --browser electron --env "baseUrl=http://localhost/,cookie_domain=localhost,ddev_test=false,mailhog_url=http://localhost:8025","split=${{ strategy.job-total }}","splitIndex=${{ strategy.job-index }}"
- name: Docker compose down
run: |
docker compose -f docker-compose-cypress.yaml down --remove-orphans
testBackendUnitFunctional:
name: Run backend unit- and functional-tests
needs: [ buildImages, buildDevImage ]
runs-on: ubuntu-latest
env:
SERVICE: app # use `dev` to enable xdebug and code coverage
IMAGE: ${{ needs.buildImages.outputs.image }}
IMAGE_DEV: ${{ needs.buildDevImage.outputs.imageDev }}
COMPOSE_INTERACTIVE_NO_CLI: true
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- uses: actions/checkout@v4
- name: Download docker app-image
uses: actions/download-artifact@v4
with:
name: docker-app-image
path: /tmp/docker
- name: Download docker dev-image
uses: actions/download-artifact@v4
with:
name: docker-dev-image
path: /tmp/docker
- name: Import docker image
run: |
docker load --input /tmp/docker/app.tar
docker load --input /tmp/docker/dev.tar
docker image ls -a | grep aoepeople
- name: Test with docker compose
run: |
mkdir build
docker compose -f docker-compose-test.yaml up --abort-on-container-exit
docker compose -f docker-compose-test.yaml down --remove-orphans
- name: Upload coverage report artifact
uses: actions/upload-artifact@v4
if: always()
with:
name: reports
path: build/artifacts/qa/
- name: Publish unit-test results
uses: mikepenz/action-junit-report@v4
if: always()
with:
report_paths: 'build/artifacts/qa/*.xml'
publish:
name: Publish
if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') }}
needs: [ buildImages, buildDevImage, testBackendUnitFunctional, cypress ]
runs-on: ubuntu-latest
env:
IMAGES_APP: ${{ needs.buildImages.outputs.images }}
IMAGE_DEV: ${{ needs.buildDevImage.outputs.imageDev }}
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Download docker app-image
uses: actions/download-artifact@v4
with:
name: docker-app-image
path: /tmp/docker
- name: Download docker dev-image
uses: actions/download-artifact@v4
with:
name: docker-dev-image
path: /tmp/docker
- name: Import docker image
run: |
docker load --input /tmp/docker/app.tar
docker load --input /tmp/docker/dev.tar
docker image ls -a | grep aoepeople
- name: Deploy images
run: |
echo "starting to push app images"
for tag in $IMAGES_APP; do
if [[ $tag = *sha-* ]]; then
continue;
fi
docker push $tag;
echo "pushed app image: $tag"
done
echo "done pushing app images"
echo "starting to push dev image: $IMAGE_DEV"
docker push $IMAGE_DEV;
echo "pushed dev image: $IMAGE_DEV"
echo "done pushing dev images"
- name: Image digest
id: image_digest
env:
IMAGE: ${{ needs.buildImages.outputs.image }}
run: |
docker pull $IMAGE
echo "digest=$(docker inspect $IMAGE | jq -r '.[0].RepoDigests[0]' | cut -d'@' -f2)" >> $GITHUB_OUTPUT
- name: Delete docker image artifact
uses: geekyeggo/delete-artifact@v5
with:
name: docker-dev-image
- name: Delete docker image artifact
uses: geekyeggo/delete-artifact@v5
with:
name: docker-app-image
outputs:
imageDigest: ${{ steps.image_digest.outputs.digest }}
synk:
name: Scan vulnerabilities
if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') }}
needs: [ publish, buildImages ]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Run Snyk to check Docker image for vulnerabilities
# Snyk can be used to break the build when it detects vulnerabilities.
# In this case we want to upload the issues to GitHub Code Scanning
continue-on-error: true
uses: snyk/actions/docker@master
env:
# In order to use the Snyk Action you will need to have a Snyk API token.
# More details in https://github.com/snyk/actions#getting-your-snyk-token
# or you can signup for free at https://snyk.io/login
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: ${{ needs.buildImages.outputs.image }}
args: --file=Dockerfile
# Replace any "null" security severity values with 0. The null value is used in the case
# of license-related findings, which do not do not indicate a security vulnerability.
# See https://github.com/github/codeql-action/issues/2187 for more context.
- name: Post process snyk sarif file
run: |
sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif
deploy:
name: Deploy and notify
needs: [ publish, buildImages ]
runs-on: ubuntu-latest
steps:
- name: Deploy to staging environment
env:
IMAGE_TAG: ${{ needs.buildImages.outputs.image }}
IMAGE_DIGEST: ${{ needs.publish.outputs.imageDigest }}
GITLAB_K8S_IT_TRIGGER: ${{ secrets.GITLAB_K8S_IT_TRIGGER }}
run: |
curl -X POST \
-F "ref=develop" \
-F "variables[IMAGE_TAG]=$IMAGE_TAG" \
-F "variables[IMAGE_DIGEST]=$IMAGE_DIGEST" \
-F "token=$GITLAB_K8S_IT_TRIGGER" \
https://gitlab.aoe.com/api/v4/projects/2872/trigger/pipeline
- name: Notify team
env:
COMMIT_MSG: ${{ github.event.head_commit.message }}
MATTERMOST_HOOK_URL: ${{ secrets.MATTERMOST_HOOK_URL }}
run: |
curl --silent -i -X POST -H 'Content-Type: application/json' \
-d '{"text": "Triggered deployment of `meals-staging.aoe.com@'"$GITHUB_SHA"'`\n> '"$COMMIT_MSG"'"}' \
$MATTERMOST_HOOK_URL