COmanage Registry setup + PHPUnit (multi-PHP, multi-DB)

add security salt #33

Workflow file for this run

.github/workflows/registry-ci.yml at 6efb22b

	name: COmanage Registry setup + PHPUnit (multi-PHP, multi-DB)

	on:
	workflow_dispatch:
	push:
	pull_request:

	jobs:
	setup-and-test:
	runs-on:
	- codebuild-comanage-pipeline-${{ github.run_id }}-${{ github.run_attempt }}

	strategy:
	fail-fast: false
	matrix:
	php: ["8.3"]
	db:
	- engine: postgres
	image: postgres:16-alpine
	port: 5432
	health_cmd: 'pg_isready -U "$POSTGRES_USER" -d "$POSTGRES_DB"'
	- engine: mysql
	image: mysql:8.0
	port: 3306
	health_cmd: 'mysqladmin ping -h 127.0.0.1 -uroot -p"$MYSQL_ROOT_PASSWORD" --silent'
	- engine: mariadb
	image: mariadb:11
	port: 3306
	health_cmd: 'mariadb-admin ping -h 127.0.0.1 -uroot -p"$MARIADB_ROOT_PASSWORD" --silent'

	# Exactly ONE service container per matrix run (the image changes)
	services:
	db:
	image: ${{ matrix.db.image }}
	# Publish the DB port so the job can connect via Docker-host networking.
	# NOTE: If your runner executes steps in a container, 127.0.0.1 won't work;
	# we compute the Docker host gateway IP in a later step.
	ports:
	- ${{ matrix.db.port }}:${{ matrix.db.port }}
	env:
	# Postgres vars (used only by postgres image)
	POSTGRES_DB: registry_test
	POSTGRES_USER: test_user
	POSTGRES_PASSWORD: test_password

	# MySQL vars (used only by mysql image; mariadb image ignores these)
	MYSQL_DATABASE: registry_test
	MYSQL_USER: test_user
	MYSQL_PASSWORD: test_password
	MYSQL_ROOT_PASSWORD: root_password

	# MariaDB vars (used only by mariadb image)
	MARIADB_DATABASE: registry_test
	MARIADB_USER: test_user
	MARIADB_PASSWORD: test_password
	MARIADB_ROOT_PASSWORD: root_password
	options: >-
	--health-cmd "${{ matrix.db.health_cmd }}"
	--health-interval 10s
	--health-timeout 5s
	--health-retries 20

	env:
	COMANAGE_REGISTRY_DIR: /srv/comanage-registry

	# Matrix DB selection for this run
	DB_ENGINE: ${{ matrix.db.engine }}

	# Values used by your PHPUnit setup test
	COMANAGE_REGISTRY_ADMIN_GIVEN_NAME: Admin
	COMANAGE_REGISTRY_ADMIN_FAMILY_NAME: User
	COMANAGE_REGISTRY_ADMIN_USERNAME: admin
	COMANAGE_REGISTRY_SECURITY_SALT: phpunit-security-salt

	# DB credentials/name (host/port will be set dynamically in a step)
	COMANAGE_REGISTRY_DATABASE: registry_test
	COMANAGE_REGISTRY_DATABASE_USER: test_user
	COMANAGE_REGISTRY_DATABASE_USER_PASSWORD: test_password
	COMANAGE_REGISTRY_DATABASE_PERSISTENT: "false"

	steps:
	- name: Show OS info
	shell: bash
	run: \|
	set -euxo pipefail
	cat /etc/os-release \|\| true
	uname -a

	- name: Upgrade OS packages
	shell: bash
	run: \|
	set -euxo pipefail
	sudo apt-get update
	sudo apt-get upgrade -y

	- name: Checkout repository at the exact commit
	shell: bash
	run: \|
	set -euxo pipefail
	git clone "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" "${COMANAGE_REGISTRY_DIR}"
	cd "${COMANAGE_REGISTRY_DIR}"
	git fetch --no-tags --prune --depth=1 origin "${GITHUB_SHA}"
	git checkout --force "${GITHUB_SHA}"
	git rev-parse HEAD

	- name: Install PHP ${{ matrix.php }} and extensions
	shell: bash
	run: \|
	set -euxo pipefail
	sudo apt-get install -y --no-install-recommends \
	software-properties-common ca-certificates gnupg
	sudo add-apt-repository -y ppa:ondrej/php
	sudo apt-get update

	PHP_VER="${{ matrix.php }}"
	sudo apt-get install -y --no-install-recommends \
	php${PHP_VER}-cli \
	php${PHP_VER}-mbstring \
	php${PHP_VER}-intl \
	php${PHP_VER}-ldap \
	php${PHP_VER}-xml \
	php${PHP_VER}-zip \
	php${PHP_VER}-pdo \
	php${PHP_VER}-mysql \
	php${PHP_VER}-pgsql \
	php${PHP_VER}-gd \
	php${PHP_VER}-xsl \
	php${PHP_VER}-memcached \
	php${PHP_VER}-curl

	sudo update-alternatives --set php /usr/bin/php${PHP_VER}
	sudo ln -sf /usr/bin/php${PHP_VER} /usr/local/bin/php

	echo "PHP_VER=${PHP_VER}" >> "$GITHUB_ENV"
	echo "/usr/local/bin" >> "$GITHUB_PATH"

	- name: Install OS packages needed for setup
	shell: bash
	run: \|
	set -euxo pipefail
	sudo apt-get update
	sudo apt-get install -y --no-install-recommends \
	wget curl tar ca-certificates \
	git unzip \
	libicu-dev \
	libldap2-dev \
	libxml2 \
	zlib1g \
	libsodium23 \
	libpng-dev \
	libjpeg-dev \
	libfreetype6-dev \
	libxslt1.1 \
	libmemcached11 \
	tree

	- name: Show versions
	shell: bash
	run: \|
	set -euxo pipefail
	php -v
	composer --version
	docker --version
	docker version
	echo "DOCKER_API_VERSION=${DOCKER_API_VERSION-}"
	echo "${DOCKER_HOST-}"
	docker context show

	- name: Wait for DB to be ready (inside the service container)
	shell: bash
	run: \|
	set -euxo pipefail
	case "${DB_ENGINE}" in
	postgres)
	docker exec "${{ job.services.db.id }}" sh -lc 'for i in $(seq 1 60); do pg_isready -U "$POSTGRES_USER" -d "$POSTGRES_DB" && exit 0; sleep 1; done; exit 1'
	;;
	mysql)
	docker exec "${{ job.services.db.id }}" sh -lc 'for i in $(seq 1 60); do mysqladmin ping -h 127.0.0.1 -uroot -p"$MYSQL_ROOT_PASSWORD" --silent && exit 0; sleep 1; done; exit 1'
	;;
	mariadb)
	docker exec "${{ job.services.db.id }}" sh -lc 'for i in $(seq 1 60); do mariadb-admin ping -h 127.0.0.1 -uroot -p"$MARIADB_ROOT_PASSWORD" --silent && exit 0; sleep 1; done; exit 1'
	;;
	*)
	echo "Unknown DB_ENGINE=${DB_ENGINE}"
	exit 1
	;;
	esac

	- name: Determine DB host/port for published ports (Option 1)
	shell: bash
	run: \|
	set -euxo pipefail

	# If steps run inside a container, localhost is the job container.
	# Use the default gateway (Docker host) to reach published ports.
	if [ -f /.dockerenv ]; then
	DB_HOST="$(ip route \| awk '/default/ {print $3; exit}')"
	else
	DB_HOST="127.0.0.1"
	fi

	DB_PORT="${{ matrix.db.port }}"

	echo "Using DB host=${DB_HOST} port=${DB_PORT} engine=${DB_ENGINE}"

	{
	echo "COMANAGE_REGISTRY_DATABASE_HOST=${DB_HOST}"
	echo "COMANAGE_REGISTRY_DATABASE_PORT=${DB_PORT}"
	} >> "$GITHUB_ENV"

	- name: Smoke test DB TCP connectivity (from the job environment)
	shell: bash
	run: \|
	set -euxo pipefail
	php -r '
	$h=getenv("COMANAGE_REGISTRY_DATABASE_HOST"); $p=(int)getenv("COMANAGE_REGISTRY_DATABASE_PORT");
	$fp=@fsockopen($h,$p,$errno,$errstr,5);
	if(!$fp){fwrite(STDERR,"TCP connect failed to $h:$p: $errno $errstr\n"); exit(1);}
	fclose($fp);
	echo "TCP connect OK to $h:$p\n";
	'

	- name: Create local/config/database.php placeholder (optional)
	shell: bash
	run: \|
	set -euxo pipefail
	cd "${COMANAGE_REGISTRY_DIR}/local/config"
	sudo mkdir -p .
	sudo tee database.php > /dev/null <<'PHP'
	<?php
	// Intentionally empty for CI: tests/bootstrap.php configures the 'test' datasource via env vars.
	return [];
	PHP
	sudo chown www-data:www-data database.php \|\| true

	- name: Show working directory
	shell: bash
	run: \|
	set -euxo pipefail
	tree -L 3 "${COMANAGE_REGISTRY_DIR}"

	- name: Run PHPUnit (DB_ENGINE=${{ matrix.db.engine }})
	shell: bash
	working-directory: /srv/comanage-registry/app
	run: \|
	set -euxo pipefail
	echo "DB_ENGINE=${DB_ENGINE}"
	echo "COMANAGE_REGISTRY_DATABASE_HOST=${COMANAGE_REGISTRY_DATABASE_HOST}"
	echo "COMANAGE_REGISTRY_DATABASE_PORT=${COMANAGE_REGISTRY_DATABASE_PORT}"
	vendor/bin/phpunit --testsuite app

Uh oh!

add security salt #33

Workflow file

add security salt #33

Uh oh!

Jobs

Run details

Workflow file for this run