AcadeNice/corentin_wakdo
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
corentin_wakdo/.forgejo/workflows/ci.yml
Imugiii 8366d217b5
All checks were successful
CI / static-tests (push) Successful in 10s
Details
CI / secret-scan (push) Successful in 9s
Details
CI / php-lint (push) Successful in 22s
Details
CI / secret-scan (pull_request) Successful in 10s
Details
CI / php-lint (pull_request) Successful in 19s
Details
CI / static-tests (pull_request) Successful in 5s
Details
CI / auto-merge (push) Has been skipped
Details
CI / auto-merge (pull_request) Successful in 5s
Details
ci: add opt-in auto-merge job (label-gated, merges via API on green CI)
2026-06-15 13:29:26 +00:00

108 lines
4.5 KiB
YAML
Raw Blame History

name: CI
# CI Wakdo - Forgejo Actions (runner stark-wakdo, label `docker`).
# Strategie solo dev : PR obligatoire + auto-merge sur CI verte (voir SECURITY.md).
#
# Etat des jobs selon la phase projet :
# - secret-scan : fonctionnel des maintenant (gitleaks scanne tout le depot)
# - php-lint : fonctionnel sur les fichiers PHP presents (stubs P1, code P2+)
# - static-tests: PHPStan + PHPUnit GARDES - s'activent quand P2 ajoute
# composer.json / phpstan.neon / tests + phpunit.xml
on:
pull_request:
branches: [dev, main]
# `labeled` : permet au job auto-merge de s'evaluer quand on pose le label.
types: [opened, synchronize, reopened, labeled]
push:
# dev/main : porte de merge. feat|fix|ci|refactor : feedback avant la PR.
branches: [dev, main, 'feat/**', 'fix/**', 'ci/**', 'refactor/**']
jobs:
secret-scan:
runs-on: docker
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install tools
run: |
apt-get update -qq
apt-get install -y -qq curl ca-certificates tar >/dev/null
- name: Install gitleaks
run: |
VER=8.21.2
curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/v${VER}/gitleaks_${VER}_linux_x64.tar.gz" -o /tmp/gl.tgz
tar -xzf /tmp/gl.tgz -C /usr/local/bin gitleaks
gitleaks version
- name: Scan for secrets
run: gitleaks detect --config .gitleaks.toml --redact --no-banner --verbose
php-lint:
runs-on: docker
steps:
- uses: actions/checkout@v4
- name: Install PHP CLI
run: |
apt-get update -qq
apt-get install -y -qq php-cli >/dev/null
php --version
- name: Lint all PHP files
run: |
set -eu
files=$(find . -path ./node_modules -prune -o -name '*.php' -print)
if [ -z "$files" ]; then echo "No PHP files yet - skip"; exit 0; fi
echo "$files" | while IFS= read -r f; do
[ -z "$f" ] && continue
php -l "$f"
done
static-tests:
runs-on: docker
steps:
- uses: actions/checkout@v4
- name: PHPStan (guarded)
run: |
if [ -f composer.json ] && [ -f phpstan.neon ]; then
echo "phpstan config detected - running"
apt-get update -qq && apt-get install -y -qq php-cli unzip git >/dev/null
curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
composer install --no-interaction --no-progress
vendor/bin/phpstan analyse --no-progress
else
echo "PHPStan skipped: no composer.json/phpstan.neon yet (activates in P2)"
fi
- name: PHPUnit (guarded)
run: |
if [ -d tests ] && [ -f phpunit.xml ]; then
echo "phpunit config detected - running"
apt-get update -qq && apt-get install -y -qq php-cli >/dev/null
if [ -f vendor/bin/phpunit ]; then vendor/bin/phpunit; \
elif [ -f phpunit.phar ]; then php phpunit.phar; \
else echo "phpunit binary missing despite config" && exit 1; fi
else
echo "PHPUnit skipped: no tests/ + phpunit.xml yet (activates in P2)"
fi
auto-merge:
# Fusion automatique OPT-IN : poser le label `auto-merge` sur la PR.
# Ne s'execute que si les 3 checks passent (needs) ET si le label est present.
# Plus fiable que le merge_when_checks_succeed natif de Forgejo (qui ne se
# declenche pas toujours au passage au vert). Fusionne via l'API REST.
needs: [secret-scan, php-lint, static-tests]
if: github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'auto-merge')
runs-on: docker
steps:
- name: Install curl
run: apt-get update -qq && apt-get install -y -qq curl ca-certificates >/dev/null
- name: Merge PR (squash) once CI is green
run: |
API="${{ github.server_url }}/api/v1/repos/${{ github.repository }}"
PR="${{ github.event.pull_request.number }}"
code=$(curl -s -o /tmp/resp -w "%{http_code}" -X POST \
-H "Authorization: token ${{ secrets.FORGEJO_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"Do":"squash","delete_branch_after_merge":true}' \
"$API/pulls/$PR/merge")
echo "merge HTTP $code"; cat /tmp/resp || true; echo
[ "$code" = "200" ] || { echo "auto-merge failed (HTTP $code)"; exit 1; }
echo "PR #$PR merged."
Reference in a new issue View git blame Copy permalink