2020 name : Build and Push Image
2121 needs : lint
2222 runs-on : ubuntu-latest
23- # Grant permissions for the GITHUB_TOKEN to push images to GHCR
2423 permissions :
2524 contents : read
2625 packages : write
4544 uses : docker/metadata-action@v5
4645 with :
4746 images : ghcr.io/${{ github.repository }}
48- # This creates a unique tag based on the Git commit SHA
4947 tags : type=sha,prefix=
5048
5149 - name : Create .env file for build
@@ -58,17 +56,19 @@ jobs:
5856 push : true
5957 tags : ${{ steps.meta.outputs.tags }}
6058 labels : ${{ steps.meta.outputs.labels }}
61- # Enable Docker layer caching
6259 cache-from : type=gha,scope=${{ github.workflow }}
6360 cache-to : type=gha,scope=${{ github.workflow }},mode=max
6461
65- # This job now pulls the image directly from the registry
6662 test :
6763 name : Run Tests
6864 needs : build
6965 runs-on : ubuntu-latest
7066 steps :
71- - uses : actions/checkout@v4
67+ - name : Checkout repository
68+ uses : actions/checkout@v4
69+
70+ - name : Create .env file for testing
71+ run : cp .env.example .env
7272
7373 - name : Log in to the GitHub Container Registry
7474 uses : docker/login-action@v3
@@ -77,15 +77,13 @@ jobs:
7777 username : ${{ github.actor }}
7878 password : ${{ secrets.GITHUB_TOKEN }}
7979
80- - name : Pull image
81- run : docker pull ${{ needs.build.outputs.image_tag }}
82-
83- - name : Run comprehensive tests
84- # You may need to adapt your Makefile to accept the image tag as a parameter
85- # For simplicity, we retag it to latest locally
80+ - name : Pull and retag image
8681 run : |
82+ docker pull ${{ needs.build.outputs.image_tag }}
8783 docker tag ${{ needs.build.outputs.image_tag }} kariricode/php-api-stack:latest
88- make test
84+
85+ name : Run comprehensive tests
86+ run : make test
8987
9088 - name : Run integration tests
9189 run : |
@@ -95,13 +93,16 @@ jobs:
9593 curl -f http://localhost:8080/health
9694 make stop
9795
98- # Simplified test-health job
9996test-health :
10097 name : Test Health Checks
10198 needs : build
10299 runs-on : ubuntu-latest
103100 steps :
104- - uses : actions/checkout@v4
101+ - name : Checkout repository
102+ uses : actions/checkout@v4
103+
104+ - name : Create .env file for testing
105+ run : cp .env.example .env
105106
106107 - name : Log in to the GitHub Container Registry
107108 uses : docker/login-action@v3
@@ -110,28 +111,28 @@ jobs:
110111 username : ${{ github.actor }}
111112 password : ${{ secrets.GITHUB_TOKEN }}
112113
113- - name : Pull image
114- run : docker pull ${{ needs.build.outputs.image_tag }}
115-
116- - name : Retag image and run tests
114+ - name : Pull and retag image
117115 run : |
116+ docker pull ${{ needs.build.outputs.image_tag }}
118117 docker tag ${{ needs.build.outputs.image_tag }} kariricode/php-api-stack:latest
118+
119+ name : Run health checks
120+ run : |
119121 make build-test-image
120122 make run-test
121123 sleep 10
122124 make test-health
123125 curl -s http://localhost:8080/health.php | jq '.status' | grep -q "healthy"
124126 make stop-test
125127
126- # Simplified security job
127128security :
128129 name : Security Scan
129130 needs : build
130131 runs-on : ubuntu-latest
131132 permissions :
132133 contents : read
133134 packages : read
134- security-events : write # Required to upload SARIF results
135+ security-events : write
135136 steps :
136137 - name : Run Trivy scan
137138 uses : aquasecurity/trivy-action@0.20.0
@@ -140,7 +141,6 @@ jobs:
140141 format : " sarif"
141142 output : " trivy-results.sarif"
142143 severity : " CRITICAL,HIGH"
143- # GHCR is a private registry by default for the running workflow, so auth is needed
144144 github-pat : ${{ secrets.GITHUB_TOKEN }}
145145
146146 - name : Upload Trivy results
0 commit comments