.github/workflows/ci.yml

name: Continuous Integration
env:
  DOCKER_IMAGE: wyrihaximusgithubactions/wait-for-status
  DOCKER_BUILDKIT: 1
on:
  push:
    branches:
      - master
  pull_request:
jobs:
  composer-install:
    runs-on: ubuntu-latest
    container:
      image: wyrihaximusnet/php:7.4-zts-alpine3.12-dev-root
    steps:
      - uses: actions/checkout@v4
      - name: Cache composer packages
        uses: actions/cache@v4
        with:
          path: ./vendor/
          key: ${{ hashFiles('**/composer.json') }}-${{ hashFiles('**/composer.lock') }}
      - name: Install Dependencies
        run: composer install --ansi --no-progress --no-interaction --prefer-dist -o
  qa:
    strategy:
      fail-fast: false
      matrix:
        qa: [lint, cs, stan, psalm, unit, infection, composer-require-checker, composer-unused]
    needs: composer-install
    runs-on: ubuntu-latest
    container:
      image: wyrihaximusnet/php:7.4-zts-alpine3.12-dev-root
    steps:
      - uses: actions/checkout@v4
      - name: Cache composer packages
        uses: actions/cache@v4
        with:
          path: ./vendor/
          key: ${{ hashFiles('**/composer.json') }}-${{ hashFiles('**/composer.lock') }}
      - name: Install Dependencies
        run: (test -f vendor && true ) || composer install --ansi --no-progress --no-interaction --prefer-dist -o
      - run: sleep 60
        if: matrix.qa == 'infection'
      - run: make ${{ matrix.qa }}
        env:
          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
  generate-ref:
    name: Generate Ref
    runs-on: ubuntu-latest
    outputs:
      REF: ${{ steps.generate-ref.outputs.ref }}
    steps:
      - uses: actions/checkout@v4
      - id: generate-ref
        name: Generate Ref
        run: |
          if [ "${{ github.event_name }}" == "pull_request" ] ; then
            ref=$(php -r "echo str_replace('/', '-SLASH-', '${{ github.event.pull_request.head.ref }}');")
            echo "$ref"
            printf "::set-output name=ref::%s" $ref
            exit 0
          fi
          echo "${GITHUB_REF##*/}"
          echo "::set-output name=ref::${GITHUB_REF##*/}"
  lint-dockerfile:
    name: Lint Dockerfile
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Lint Dockerfile
        uses: docker://hadolint/hadolint:latest-debian
        with:
          entrypoint: hadolint
          args: Dockerfile-build
  build-docker-image:
    strategy:
      fail-fast: false
    name: Build Docker image
    needs:
      - generate-ref
      - lint-dockerfile
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v3
        with:
          install: true
      - name: Inspect builder
        run: |
          echo "Name:      ${{ steps.buildx.outputs.name }}"
          echo "Endpoint:  ${{ steps.buildx.outputs.endpoint }}"
          echo "Status:    ${{ steps.buildx.outputs.status }}"
          echo "Flags:     ${{ steps.buildx.outputs.flags }}"
          echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
      - run: echo "ghcr.io/${GITHUB_REPOSITORY}:sha-${GITHUB_SHA}" | tr '[:upper:]' '[:lower:]'
      - name: Login to GPR
        if: contains(github.ref, 'dependabot') == false
        run: |
          echo "${{ secrets.GITHUB_TOKEN }}" | \
          docker login ghcr.io \
            --username "WyriHaximus" \
            --password-stdin
      - run: docker build --platform=linux/arm64,linux/amd64 --output=type=registry --no-cache -t $(echo "ghcr.io/${GITHUB_REPOSITORY}:sha-${GITHUB_SHA}" | tr '[:upper:]' '[:lower:]') . -f Dockerfile-build
      - run: docker pull $(echo "ghcr.io/${GITHUB_REPOSITORY}:sha-${GITHUB_SHA}" | tr '[:upper:]' '[:lower:]')
#      - run: docker run -v /tmp/trivy:/var/lib/trivy -v /var/run/docker.sock:/var/run/docker.sock -t aquasec/trivy:latest --cache-dir /var/lib/trivy image --exit-code 1 --no-progress --format table $(echo "ghcr.io/${GITHUB_REPOSITORY}:sha-${GITHUB_SHA}" | tr '[:upper:]' '[:lower:]')
      - run: |
          printf "FROM %s" $(echo "ghcr.io/${GITHUB_REPOSITORY}:sha-${GITHUB_SHA}" | tr '[:upper:]' '[:lower:]') >> Dockerfile.tag
          docker build --platform=linux/arm64,linux/amd64 --output=type=registry --no-cache -f Dockerfile.tag -t $(echo "ghcr.io/${GITHUB_REPOSITORY}:${{ needs.generate-ref.outputs.ref }}" | tr '[:upper:]' '[:lower:]') .
  test-docker-image:
    runs-on: ubuntu-latest
    needs: build-docker-image
    steps:
      - uses: actions/checkout@v4
      - run: sed -i "s/master/sha-${GITHUB_SHA}/g" Dockerfile
      - name: 'Wait for status checks'
        id: waitforstatuschecks
        uses: ./
        with:
          ignoreActions: "test-docker-image,Create Release,Wait for status checks"
          checkInterval: 30
        env:
          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
      - name: "Assert Output: status is successful"
        uses: nick-fields/assert-action@v2
        with:
          expected: success
          actual: ${{ steps.waitforstatuschecks.outputs.status }}