Extend AI user agent bot ban list (#779) #2769
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Mbin Workflow | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| - develop | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - 'v*' | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| container: | |
| image: danger89/mbin-pipeline:1.0.0 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Get NPM cache directory path | |
| id: npm-cache-dir-path | |
| run: echo "dir=$(npm get cache)" >> $GITHUB_OUTPUT | |
| - name: Calculate package-lock.json hash | |
| id: npm-lock-hash | |
| run: | | |
| echo "hash=$(md5sum package-lock.json)" >> $GITHUB_OUTPUT | |
| - name: Get Composer Cache Directory | |
| id: composer-cache | |
| run: | | |
| echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT | |
| - name: Calculate composer.lock hash | |
| id: composer-lock-hash | |
| run: | | |
| echo "hash=$(md5sum composer.lock)" >> $GITHUB_OUTPUT | |
| - uses: actions/cache@v4 | |
| id: npm-cache # use this to check for `cache-hit` (`steps.npm-cache.outputs.cache-hit != 'true'`) | |
| with: | |
| path: ${{ steps.npm-cache-dir-path.outputs.dir }} | |
| key: ${{ runner.os }}-npm-${{ steps.npm-lock-hash.outputs.hash }} | |
| restore-keys: ${{ runner.os }}-npm- | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ${{ steps.composer-cache.outputs.dir }} | |
| key: ${{ runner.os }}-composer-no-dev-${{ steps.composer-lock-hash.outputs.hash }} | |
| restore-keys: ${{ runner.os }}-composer-no-dev- | |
| - run: cp .env.example .env | |
| - name: Composer install | |
| run: composer install --no-dev --no-progress | |
| - name: NPM install | |
| run: npm ci --include=dev | |
| env: | |
| NODE_ENV: production | |
| - name: Build frontend (production) | |
| run: npm run build | |
| unit-test: | |
| runs-on: ubuntu-latest | |
| container: | |
| image: danger89/mbin-pipeline:1.0.0 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Get Composer Cache Directory | |
| id: composer-cache | |
| run: | | |
| echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT | |
| - name: Calculate composer.lock hash | |
| id: composer-lock-hash | |
| run: | | |
| echo "hash=$(md5sum composer.lock)" >> $GITHUB_OUTPUT | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ${{ steps.composer-cache.outputs.dir }} | |
| key: ${{ runner.os }}-composer-${{ steps.composer-lock-hash.outputs.hash }} | |
| restore-keys: ${{ runner.os }}-composer- | |
| - run: cp .env.example .env | |
| - name: Composer install | |
| run: composer install --no-scripts --no-progress | |
| - name: Run unit tests | |
| env: | |
| COMPOSER_CACHE_DIR: ${{ steps.composer-cache.outputs.dir }} | |
| SYMFONY_DEPRECATIONS_HELPER: disabled | |
| run: php bin/phpunit tests/Unit | |
| security-check: | |
| runs-on: ubuntu-latest | |
| container: | |
| image: danger89/mbin-pipeline:1.0.0 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run security checker | |
| run: local-php-security-checker | |
| fixer-dry-run: | |
| runs-on: ubuntu-latest | |
| container: | |
| image: danger89/mbin-pipeline:1.0.0 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Get Composer Cache Directory | |
| id: composer-cache | |
| run: | | |
| echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT | |
| - name: Calculate tools/composer.lock hash | |
| id: composer-lock-hash | |
| run: | | |
| echo "hash=$(md5sum tools/composer.lock)" >> $GITHUB_OUTPUT | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ${{ steps.composer-cache.outputs.dir }} | |
| key: ${{ runner.os }}-composer-tools-${{ steps.composer-lock-hash.outputs.hash }} | |
| restore-keys: ${{ runner.os }}-composer-tools- | |
| - name: Composer tools install | |
| run: composer -d tools install --no-scripts --no-progress | |
| - name: php-cs-fixer dry-run | |
| run: tools/vendor/bin/php-cs-fixer fix --dry-run -v --show-progress=none #--format=checkstyle #would be nice if codeberg did something with this like github does. | |
| build-and-publish-docker-image: | |
| runs-on: ubuntu-latest | |
| # Let's only run this on branches and tagged releases only | |
| # Because the Docker build takes quite some time. | |
| if: github.event_name != 'pull_request' | |
| permissions: | |
| contents: write | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Login to ghcr | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Docker meta data | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/mbinorg/mbin | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./docker/Dockerfile | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| # TODO: Integration tests |