[ADD] Bypass for auth.mode=none in API JWT and scope middlewares, n…
#13
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - '**' | |
| pull_request: | |
| workflow_dispatch: | |
| inputs: | |
| run_demo_runtime: | |
| description: 'Run demo runtime proof (make demo-all + artifacts)' | |
| required: false | |
| default: false | |
| type: boolean | |
| run_runtime_integration: | |
| description: 'Run runtime integration checks against deployed environment' | |
| required: false | |
| default: false | |
| type: boolean | |
| jobs: | |
| checks: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup PHP | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: '8.4' | |
| coverage: none | |
| - name: Validate composer files | |
| run: composer validate --strict | |
| - name: Install dependencies | |
| run: composer install --no-interaction --prefer-dist --no-progress | |
| - name: Run CI checks | |
| run: composer run ci:check | |
| - name: Generate benchmark artifacts | |
| run: | | |
| set -eu | |
| composer run benchmark:run | |
| composer run benchmark:leaderboard | |
| - name: Upload benchmark artifacts | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: benchmark-artifacts | |
| path: | | |
| build/benchmarks/simulation-report.json | |
| build/benchmarks/leaderboard.md | |
| if-no-files-found: warn | |
| migration-matrix: | |
| needs: checks | |
| if: >- | |
| ${{ | |
| (github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release/')) | |
| || (github.event_name == 'workflow_dispatch') | |
| }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| db: | |
| - sqlite | |
| - mysql | |
| - pgsql | |
| services: | |
| mysql: | |
| image: mysql:8.4 | |
| env: | |
| MYSQL_DATABASE: emcp_demo | |
| MYSQL_USER: emcp | |
| MYSQL_PASSWORD: emcp | |
| MYSQL_ROOT_PASSWORD: root | |
| ports: | |
| - 3306:3306 | |
| options: >- | |
| --health-cmd="mysqladmin ping -h 127.0.0.1 -uroot -proot" | |
| --health-interval=10s | |
| --health-timeout=5s | |
| --health-retries=30 | |
| postgres: | |
| image: postgres:16 | |
| env: | |
| POSTGRES_DB: emcp_demo | |
| POSTGRES_USER: emcp | |
| POSTGRES_PASSWORD: emcp | |
| ports: | |
| - 5432:5432 | |
| options: >- | |
| --health-cmd="pg_isready -U emcp -d emcp_demo" | |
| --health-interval=10s | |
| --health-timeout=5s | |
| --health-retries=30 | |
| env: | |
| GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup PHP | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: '8.4' | |
| coverage: none | |
| - name: Install dependencies | |
| run: composer install --no-interaction --prefer-dist --no-progress | |
| - name: Install Evolution installer | |
| run: | | |
| set -eu | |
| composer global require evolution-cms/installer --no-interaction --no-progress | |
| echo "$(composer global config bin-dir --absolute)" >> "$GITHUB_PATH" | |
| - name: Run migration matrix checks | |
| run: | | |
| set -eu | |
| case "${{ matrix.db }}" in | |
| sqlite) | |
| sh scripts/migration_matrix_check.sh sqlite | |
| ;; | |
| mysql) | |
| EVO_DB_HOST=127.0.0.1 EVO_DB_PORT=3306 EVO_DB_USER=emcp EVO_DB_PASSWORD=emcp EVO_DB_NAME=emcp_demo sh scripts/migration_matrix_check.sh mysql | |
| ;; | |
| pgsql) | |
| EVO_DB_HOST=127.0.0.1 EVO_DB_PORT=5432 EVO_DB_USER=emcp EVO_DB_PASSWORD=emcp EVO_DB_NAME=emcp_demo sh scripts/migration_matrix_check.sh pgsql | |
| ;; | |
| *) | |
| echo "Unsupported DB matrix value: ${{ matrix.db }}" >&2 | |
| exit 1 | |
| ;; | |
| esac | |
| - name: Upload migration matrix artifacts | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: migration-matrix-${{ matrix.db }} | |
| path: | | |
| demo/core/storage/logs/*.log | |
| demo/core/storage/framework/cache/**/*.php | |
| if-no-files-found: warn | |
| runtime-integration: | |
| needs: checks | |
| if: >- | |
| ${{ | |
| (github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release/')) | |
| || (github.event_name == 'workflow_dispatch' && inputs.run_runtime_integration == true) | |
| }} | |
| runs-on: ubuntu-latest | |
| env: | |
| EMCP_INTEGRATION_ENABLED: '1' | |
| EMCP_BASE_URL: ${{ secrets.EMCP_BASE_URL }} | |
| EMCP_SERVER_HANDLE: ${{ secrets.EMCP_SERVER_HANDLE }} | |
| EMCP_API_PATH: ${{ secrets.EMCP_API_PATH }} | |
| EMCP_API_TOKEN: ${{ secrets.EMCP_API_TOKEN }} | |
| EMCP_MANAGER_PATH: ${{ secrets.EMCP_MANAGER_PATH }} | |
| EMCP_MANAGER_COOKIE: ${{ secrets.EMCP_MANAGER_COOKIE }} | |
| EMCP_DISPATCH_CHECK: ${{ secrets.EMCP_DISPATCH_CHECK }} | |
| EMCP_RUNTIME_NEGATIVE: ${{ secrets.EMCP_RUNTIME_NEGATIVE }} | |
| EMCP_RUNTIME_MODEL_SANITY: ${{ secrets.EMCP_RUNTIME_MODEL_SANITY }} | |
| EMCP_RUNTIME_NEGATIVE_REQUIRE_RATE_LIMIT: ${{ secrets.EMCP_RUNTIME_NEGATIVE_REQUIRE_RATE_LIMIT }} | |
| EMCP_TEST_JWT_SECRET: ${{ secrets.EMCP_TEST_JWT_SECRET }} | |
| EMCP_TEST_JWT_READ_TOKEN: ${{ secrets.EMCP_TEST_JWT_READ_TOKEN }} | |
| EMCP_STASK_LIFECYCLE_CHECK: ${{ secrets.EMCP_STASK_LIFECYCLE_CHECK }} | |
| EMCP_STASK_EXPECT_EXTERNAL_WORKER: ${{ secrets.EMCP_STASK_EXPECT_EXTERNAL_WORKER }} | |
| EMCP_STASK_WORKER_CMD: ${{ secrets.EMCP_STASK_WORKER_CMD }} | |
| EMCP_STASK_WORKER_CWD: ${{ secrets.EMCP_STASK_WORKER_CWD }} | |
| EMCP_STASK_POLL_ATTEMPTS: ${{ secrets.EMCP_STASK_POLL_ATTEMPTS }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup PHP | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: '8.4' | |
| coverage: none | |
| - name: Install dependencies | |
| run: composer install --no-interaction --prefer-dist --no-progress | |
| - name: Validate live runtime secrets | |
| run: | | |
| set -eu | |
| missing="" | |
| for var in EMCP_BASE_URL EMCP_SERVER_HANDLE EMCP_API_PATH EMCP_API_TOKEN; do | |
| eval "value=\${$var:-}" | |
| if [ -z "$value" ]; then | |
| missing="$missing $var" | |
| fi | |
| done | |
| if [ -n "$missing" ]; then | |
| echo "Missing required secrets/env for runtime integration:$missing" >&2 | |
| exit 1 | |
| fi | |
| lifecycle="${EMCP_STASK_LIFECYCLE_CHECK:-0}" | |
| external_worker="${EMCP_STASK_EXPECT_EXTERNAL_WORKER:-0}" | |
| if [ "$lifecycle" = "1" ] && [ "$external_worker" != "1" ]; then | |
| if [ -z "${EMCP_STASK_WORKER_CMD:-}" ] || [ -z "${EMCP_STASK_WORKER_CWD:-}" ]; then | |
| echo "EMCP_STASK_LIFECYCLE_CHECK=1 requires EMCP_STASK_EXPECT_EXTERNAL_WORKER=1 or both EMCP_STASK_WORKER_CMD and EMCP_STASK_WORKER_CWD." >&2 | |
| exit 1 | |
| fi | |
| fi | |
| - name: Runtime integration checks | |
| run: | | |
| set -eu | |
| export EMCP_DISPATCH_CHECK="${EMCP_DISPATCH_CHECK:-1}" | |
| composer run test:integration:runtime | tee runtime-live.log | |
| - name: Upload runtime integration artifact | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: runtime-live-log | |
| path: runtime-live.log | |
| if-no-files-found: warn | |
| demo-runtime-proof: | |
| needs: checks | |
| if: >- | |
| ${{ | |
| (github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release/')) | |
| || (github.event_name == 'workflow_dispatch' && inputs.run_demo_runtime == true) | |
| }} | |
| runs-on: ubuntu-latest | |
| env: | |
| GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }} | |
| DEMO_JWT_SECRET: emcp-demo-secret-0123456789abcdef0123456789abcdef | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup PHP | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: '8.4' | |
| coverage: none | |
| - name: Install dependencies | |
| run: composer install --no-interaction --prefer-dist --no-progress | |
| - name: Install Evolution installer | |
| run: | | |
| set -eu | |
| composer global require evolution-cms/installer --no-interaction --no-progress | |
| echo "$(composer global config bin-dir --absolute)" >> "$GITHUB_PATH" | |
| - name: Run demo runtime proof | |
| run: composer run test:integration:clean-install | |
| - name: Upload demo runtime artifacts | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: demo-runtime-artifacts | |
| path: | | |
| demo/logs.md | |
| demo/clean-install.log | |
| /tmp/emcp-demo-php-server.log | |
| if-no-files-found: warn |