fix: update caddy to 2.7.6 for cve 2024-22189 #2463
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: ~ | |
| workflow_dispatch: ~ | |
| jobs: | |
| api-ci: | |
| name: API CI | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Pull images | |
| run: docker compose pull --ignore-pull-failures || true | |
| - name: pre-build api/app_php | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: 'api' | |
| file: 'api/Dockerfile' | |
| target: 'app_php_dev' | |
| cache-from: type=gha,scope=app_php_dev | |
| cache-to: type=gha,mode=max,scope=app_php_dev | |
| push: false | |
| load: true | |
| - name: pre-build api/app_caddy | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: 'api' | |
| file: 'api/Dockerfile' | |
| target: 'app_caddy' | |
| cache-from: | | |
| type=gha,scope=app_php_dev | |
| type=gha,scope=app_caddy | |
| cache-to: type=gha,mode=max,scope=app_caddy | |
| push: false | |
| load: true | |
| tags: caddy | |
| - name: pre-build pwa_dev | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: 'pwa' | |
| file: 'pwa/Dockerfile' | |
| target: 'dev' | |
| cache-from: type=gha,scope=pwa_dev | |
| cache-to: type=gha,mode=max,scope=pwa_dev | |
| push: false | |
| load: true | |
| - name: pre-build pwa prod | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: 'pwa' | |
| file: 'pwa/Dockerfile' | |
| target: 'prod' | |
| cache-from: type=gha,scope=pwa_prod | |
| cache-to: type=gha,mode=max,scope=pwa_prod | |
| push: false | |
| load: true | |
| - name: Start services | |
| run: docker compose -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.test.yml up -d | |
| - name: Wait for services | |
| run: | | |
| while status="$(docker inspect --format="{{if .Config.Healthcheck}}{{print .State.Health.Status}}{{end}}" "$(docker compose ps -q php)")"; do | |
| case $status in | |
| starting) sleep 1;; | |
| healthy) exit 0;; | |
| unhealthy) | |
| docker compose ps | |
| docker compose logs | |
| exit 1 | |
| ;; | |
| esac | |
| done | |
| exit 1 | |
| - name: Check HTTP reachability | |
| run: curl -v -o /dev/null http://localhost | |
| - name: Check API reachability | |
| run: curl -vk -o /dev/null https://localhost | |
| - name: Check PWA reachability | |
| run: "curl -vk -o /dev/null -H 'Accept: text/html' https://localhost" | |
| - name: Create test database | |
| run: | | |
| docker compose exec -T php bin/console -e test doctrine:database:drop --if-exists --force | |
| docker compose exec -T php bin/console -e test doctrine:database:create | |
| docker compose exec -T php bin/console -e test doctrine:migrations:migrate --no-interaction | |
| - name: Doctrine Schema Validator | |
| run: docker compose exec -T php bin/console doctrine:schema:validate --skip-sync | |
| - name: Validate composer | |
| run: docker compose exec -T php composer validate | |
| - name: Check composer vulnerabilities | |
| run: docker compose exec -T php composer audit | |
| - name: Test cs-fixer | |
| run: docker compose exec -T php php vendor/bin/php-cs-fixer fix src --dry-run --diff --no-ansi | |
| - name: Static analysis | |
| run: docker compose exec -T php php -d memory_limit=256M vendor/bin/psalm src | |
| - name: Generate firebase credentials | |
| run: docker compose exec -T php php bin/console app:firebase:credentials | |
| - name: Fixtures | |
| run: docker compose exec -T php bin/console hautelook:fixtures:load --env=test --no-interaction --purge-with-truncate | |
| - name: PHPUnit | |
| run: docker compose exec -T php php -d memory_limit=1024M bin/phpunit | |
| - name: EsLint | |
| run: docker compose exec -T pwa npm run lint | |
| - name: Front Unit Test | |
| run: docker compose exec -T pwa npm run test:unit |