php/archived-frankenphp
1
0
Fork 0
mirror of https://github.com/php/frankenphp.git synced 2026-03-24 00:52:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

ci: fix issues and lint with zizmor

Browse Source
This commit is contained in:
Kévin Dunglas
2025-08-26 16:28:08 +02:00
parent 460d63e436
commit 1030e4ceb4
6 changed files with 82 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
.github/workflows/docker.yaml vendored
View File

@@ -89,6 +89,7 @@ jobs:
if: ${{ !fromJson(steps.check.outputs.skip) }} if: ${{ !fromJson(steps.check.outputs.skip) }}
with: with:
ref: ${{ steps.check.outputs.ref }} ref: ${{ steps.check.outputs.ref }}
persist-credentials: false
- name: Set up Docker Buildx - name: Set up Docker Buildx
if: ${{ !fromJson(steps.check.outputs.skip) }} if: ${{ !fromJson(steps.check.outputs.skip) }}
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
@@ -135,12 +136,13 @@ jobs:
steps: steps:
- name: Prepare - name: Prepare
id: prepare id: prepare
run: | run: echo "sanitized_platform=${PLATFORM//\//-}" >> "${GITHUB_OUTPUT}"
platform=${{ matrix.platform }} env:
echo "sanitized_platform=${platform//\//-}" >> "${GITHUB_OUTPUT}" PLATFORM: ${{ matrix.platform }}
- uses: actions/checkout@v5 - uses: actions/checkout@v5
with: with:
ref: ${{ needs.prepare.outputs.ref }} ref: ${{ needs.prepare.outputs.ref }}
persist-credentials: false
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
with: with:
@@ -182,13 +184,14 @@ jobs:
run: | run: |
mkdir -p /tmp/metadata/builder /tmp/metadata/runner mkdir -p /tmp/metadata/builder /tmp/metadata/runner
builderDigest=$(jq -r '."builder-${{ matrix.variant }}"."containerimage.digest"' <<< "${METADATA}") builderDigest=$(jq -r ".\"builder-${VARIANT}\".\"containerimage.digest\"" <<< "${METADATA}")
touch "/tmp/metadata/builder/${builderDigest#sha256:}" touch "/tmp/metadata/builder/${builderDigest#sha256:}"
runnerDigest=$(jq -r '."runner-${{ matrix.variant }}"."containerimage.digest"' <<< "${METADATA}") runnerDigest=$(jq -r ".\"runner-${VARIANT}\".\"containerimage.digest\"" <<< "${METADATA}")
touch "/tmp/metadata/runner/${runnerDigest#sha256:}" touch "/tmp/metadata/runner/${runnerDigest#sha256:}"
env: env:
METADATA: ${{ steps.build.outputs.metadata }} METADATA: ${{ steps.build.outputs.metadata }}
VARIANT: ${{ matrix.variant }}
- name: Upload builder metadata - name: Upload builder metadata
if: fromJson(needs.prepare.outputs.push) if: fromJson(needs.prepare.outputs.push)
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4
@@ -208,11 +211,15 @@ jobs:
- name: Run tests - name: Run tests
if: ${{ !fromJson(needs.prepare.outputs.push) }} if: ${{ !fromJson(needs.prepare.outputs.push) }}
run: | run: |
docker run --platform=${{ matrix.platform }} --rm \ docker run --platform="${PLATFORM}" --rm \
"$(jq -r '."builder-${{ matrix.variant }}"."containerimage.config.digest"' <<< "${METADATA}")" \ "$(jq -r ".\"builder-${VARIANT}\".\"containerimage.config.digest\"" <<< "${METADATA}")" \
sh -c './go.sh test -tags ${{ matrix.race }} -v $(./go.sh list ./... | grep -v github.com/dunglas/frankenphp/internal/testext | grep -v github.com/dunglas/frankenphp/internal/extgen) && cd caddy && ../go.sh test ${{ matrix.race }} -v ./...' sh -c "./go.sh test ${RACE} -v $(./go.sh list ./... | grep -v github.com/dunglas/frankenphp/internal/testext | grep -v github.com/dunglas/frankenphp/internal/extgen | tr '\n' ' ') && cd caddy && ../go.sh test ${RACE} -v ./..."
env: env:
METADATA: ${{ steps.build.outputs.metadata }} METADATA: ${{ steps.build.outputs.metadata }}
PLATFORM: ${{ matrix.platform }}
VARIANT: ${{ matrix.variant }}
RACE: ${{ matrix.race }}
# Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/ # Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/
push: push:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
@@ -245,13 +252,17 @@ jobs:
run: | run: |
set -x set -x
# shellcheck disable=SC2046,SC2086 # shellcheck disable=SC2046,SC2086
docker buildx imagetools create $(jq -cr '.target."${{ matrix.target }}-${{ matrix.variant }}".tags | map("-t " + .) | join(" ")' <<< ${METADATA}) \ docker buildx imagetools create $(jq -cr ".target.\"${TARGET}-${VARIANT}\".tags | map(\"-t \" + .) | join(\" \")" <<< ${METADATA}) \
$(printf "${IMAGE_NAME}@sha256:%s " *) $(printf "${IMAGE_NAME}@sha256:%s " *)
env: env:
METADATA: ${{ needs.prepare.outputs.metadata }} METADATA: ${{ needs.prepare.outputs.metadata }}
TARGET: ${{ matrix.target }}
VARIANT: ${{ matrix.variant }}
- name: Inspect image - name: Inspect image
run: | run: |
# shellcheck disable=SC2046,SC2086 # shellcheck disable=SC2046,SC2086
docker buildx imagetools inspect $(jq -cr '.target."${{ matrix.target }}-${{ matrix.variant }}".tags | first' <<< ${METADATA}) docker buildx imagetools inspect $(jq -cr ".target.\"${TARGET}-${VARIANT}\".tags | first" <<< ${METADATA})
env: env:
METADATA: ${{ needs.prepare.outputs.metadata }} METADATA: ${{ needs.prepare.outputs.metadata }}
TARGET: ${{ matrix.target }}
VARIANT: ${{ matrix.variant }}

4
.github/workflows/lint.yaml vendored
View File

@@ -23,8 +23,9 @@ jobs:
uses: actions/checkout@v5 uses: actions/checkout@v5
with: with:
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Lint Code Base - name: Lint Code Base
uses: super-linter/super-linter/slim@v8.0.0 uses: super-linter/super-linter/slim@v8
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
LINTER_RULES_PATH: / LINTER_RULES_PATH: /
@@ -38,6 +39,7 @@ jobs:
VALIDATE_PHP_PSALM: false VALIDATE_PHP_PSALM: false
VALIDATE_TERRAGRUNT: false VALIDATE_TERRAGRUNT: false
VALIDATE_DOCKERFILE_HADOLINT: false VALIDATE_DOCKERFILE_HADOLINT: false
VALIDATE_TRIVY: false
# Prettier and StandardJS are incompatible # Prettier and StandardJS are incompatible
VALIDATE_JAVASCRIPT_PRETTIER: false VALIDATE_JAVASCRIPT_PRETTIER: false
VALIDATE_TYPESCRIPT_PRETTIER: false VALIDATE_TYPESCRIPT_PRETTIER: false

8
.github/workflows/sanitizers.yaml vendored
View File

@@ -41,6 +41,8 @@ jobs:
- name: Remove local PHP - name: Remove local PHP
run: sudo apt-get remove --purge --autoremove 'php*' 'libmemcached*' run: sudo apt-get remove --purge --autoremove 'php*' 'libmemcached*'
- uses: actions/checkout@v5 - uses: actions/checkout@v5
with:
persist-credentials: false
- uses: actions/setup-go@v5 - uses: actions/setup-go@v5
with: with:
go-version: "1.25" go-version: "1.25"
@@ -63,7 +65,7 @@ jobs:
name: Compile PHP name: Compile PHP
run: | run: |
mkdir php/ mkdir php/
curl -fsSL "${{ steps.determine-php-version.outputs.archive }}" | tar -Jx -C php --strip-components=1 curl -fsSL "${URL}" | tar -Jx -C php --strip-components=1
cd php/ cd php/
./configure \ ./configure \
CFLAGS="$CFLAGS" \ CFLAGS="$CFLAGS" \
@@ -93,6 +95,8 @@ jobs:
--prefix="$(pwd)/target/" --prefix="$(pwd)/target/"
make -j"$(getconf _NPROCESSORS_ONLN)" make -j"$(getconf _NPROCESSORS_ONLN)"
make install make install
env:
URL: ${{ steps.determine-php-version.outputs.archive }}
- name: Add PHP to the PATH - name: Add PHP to the PATH
run: echo "$(pwd)/php/target/bin" >> "$GITHUB_PATH" run: echo "$(pwd)/php/target/bin" >> "$GITHUB_PATH"
- name: Install e-dant/watcher - name: Install e-dant/watcher
@@ -104,6 +108,6 @@ jobs:
echo "CGO_LDFLAGS=$LDFLAGS $(php-config --ldflags) $(php-config --libs)" echo "CGO_LDFLAGS=$LDFLAGS $(php-config --ldflags) $(php-config --libs)"
} >> "$GITHUB_ENV" } >> "$GITHUB_ENV"
- name: Compile tests - name: Compile tests
run: go test ${{ matrix.sanitizer == 'msan' && '-tags=nowatcher' || '' }} -${{ matrix.sanitizer }} -v -x -c run: go test ${{ matrix.sanitizer == 'msan' && '-tags=nowatcher' || '' }} -${{ matrix.sanitizer }} -v -x -c
- name: Run tests - name: Run tests
run: ./frankenphp.test -test.v run: ./frankenphp.test -test.v

57
.github/workflows/static.yaml vendored
View File

@@ -3,6 +3,7 @@ name: Build binary releases
concurrency: concurrency:
cancel-in-progress: true cancel-in-progress: true
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
on: on:
pull_request: pull_request:
branches: branches:
@@ -30,13 +31,14 @@ on:
type: string type: string
schedule: schedule:
- cron: "0 0 * * *" - cron: "0 0 * * *"
permissions: permissions:
contents: write contents: read
id-token: write
attestations: write
env: env:
IMAGE_NAME: ${{ (github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && inputs.version) || startsWith(github.ref, 'refs/tags/')) && 'dunglas/frankenphp' || 'dunglas/frankenphp-dev' }} IMAGE_NAME: ${{ (github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && inputs.version) || startsWith(github.ref, 'refs/tags/')) && 'dunglas/frankenphp' || 'dunglas/frankenphp-dev' }}
GOTOOLCHAIN: local GOTOOLCHAIN: local
jobs: jobs:
prepare: prepare:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
@@ -51,7 +53,7 @@ jobs:
id: check id: check
if: github.event_name == 'schedule' if: github.event_name == 'schedule'
run: | run: |
ref="${{ (github.ref_type == 'tag' && github.ref_name) || (github.event_name == 'workflow_dispatch' && inputs.version) || '' }}" ref="${REF}"
if [[ -z "${ref}" ]]; then if [[ -z "${ref}" ]]; then
ref="$(gh release view --repo dunglas/frankenphp --json tagName --jq '.tagName')" ref="$(gh release view --repo dunglas/frankenphp --json tagName --jq '.tagName')"
fi fi
@@ -59,9 +61,11 @@ jobs:
echo "ref=${ref}" >> "${GITHUB_OUTPUT}" echo "ref=${ref}" >> "${GITHUB_OUTPUT}"
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REF: ${{ (github.ref_type == 'tag' && github.ref_name) || (github.event_name == 'workflow_dispatch' && inputs.version) || '' }}
- uses: actions/checkout@v5 - uses: actions/checkout@v5
with: with:
ref: ${{ steps.check.outputs.ref }} ref: ${{ steps.check.outputs.ref }}
persist-credentials: false
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
- name: Create platforms matrix - name: Create platforms matrix
@@ -77,7 +81,12 @@ jobs:
env: env:
SHA: ${{ github.sha }} SHA: ${{ github.sha }}
VERSION: ${{ steps.check.outputs.ref || 'dev' }} VERSION: ${{ steps.check.outputs.ref || 'dev' }}
build-linux-musl: build-linux-musl:
permissions:
contents: write
id-token: write
attestations: write
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
@@ -96,12 +105,13 @@ jobs:
steps: steps:
- name: Prepare - name: Prepare
id: prepare id: prepare
run: | run: echo "sanitized_platform=${PLATFORM//\//-}" >> "${GITHUB_OUTPUT}"
platform=${{ matrix.platform }} env:
echo "sanitized_platform=${platform//\//-}" >> "${GITHUB_OUTPUT}" PLATFORM: ${{ matrix.platform }}
- uses: actions/checkout@v5 - uses: actions/checkout@v5
with: with:
ref: ${{ needs.prepare.outputs.ref }} ref: ${{ needs.prepare.outputs.ref }}
persist-credentials: false
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
with: with:
@@ -156,11 +166,12 @@ jobs:
run: | run: |
# shellcheck disable=SC2034 # shellcheck disable=SC2034
digest=$(jq -r '."static-builder-musl"."${{ (fromJson(needs.prepare.outputs.push) && !matrix.debug && !matrix.mimalloc) && 'containerimage.digest' || 'containerimage.config.digest' }}"' <<< "${METADATA}") digest=$(jq -r '."static-builder-musl"."${{ (fromJson(needs.prepare.outputs.push) && !matrix.debug && !matrix.mimalloc) && 'containerimage.digest' || 'containerimage.config.digest' }}"' <<< "${METADATA}")
docker create --platform=${{ matrix.platform }} --name static-builder-musl "${{ (fromJson(needs.prepare.outputs.push) && !matrix.debug && !matrix.mimalloc) && '${IMAGE_NAME}@${digest}' || '${digest}' }}" docker create --platform="${PLATFORM}" --name static-builder-musl "${{ (fromJson(needs.prepare.outputs.push) && !matrix.debug && !matrix.mimalloc) && '${IMAGE_NAME}@${digest}' || '${digest}' }}"
docker cp "static-builder-musl:/go/src/app/dist/${BINARY}" "${BINARY}${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }}" docker cp "static-builder-musl:/go/src/app/dist/${BINARY}" "${BINARY}${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }}"
env: env:
METADATA: ${{ steps.build.outputs.metadata }} METADATA: ${{ steps.build.outputs.metadata }}
BINARY: frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }} BINARY: frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}
PLATFORM: ${{ matrix.platform }}
- name: Upload artifact - name: Upload artifact
if: ${{ !fromJson(needs.prepare.outputs.push) }} if: ${{ !fromJson(needs.prepare.outputs.push) }}
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4
@@ -169,9 +180,10 @@ jobs:
path: frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }} path: frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }}
- name: Upload assets - name: Upload assets
if: fromJson(needs.prepare.outputs.push) && (needs.prepare.outputs.ref || github.ref_type == 'tag') if: fromJson(needs.prepare.outputs.push) && (needs.prepare.outputs.ref || github.ref_type == 'tag')
run: gh release upload "${{ (github.ref_type == 'tag' && github.ref_name) || needs.prepare.outputs.ref }}" frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }} --repo dunglas/frankenphp --clobber run: gh release upload "${REF}" frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }} --repo dunglas/frankenphp --clobber
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REF: ${{ (github.ref_type == 'tag' && github.ref_name) || needs.prepare.outputs.ref }}
- if: fromJson(needs.prepare.outputs.push) && (needs.prepare.outputs.ref || github.ref_type == 'tag') - if: fromJson(needs.prepare.outputs.push) && (needs.prepare.outputs.ref || github.ref_type == 'tag')
uses: actions/attest-build-provenance@v2 uses: actions/attest-build-provenance@v2
with: with:
@@ -190,6 +202,10 @@ jobs:
BINARY: ./frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }} BINARY: ./frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }}
build-linux-gnu: build-linux-gnu:
permissions:
contents: write
id-token: write
attestations: write
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
@@ -200,12 +216,13 @@ jobs:
steps: steps:
- name: Prepare - name: Prepare
id: prepare id: prepare
run: | run: echo "sanitized_platform=${PLATFORM//\//-}" >> "${GITHUB_OUTPUT}"
platform=${{ matrix.platform }} env:
echo "sanitized_platform=${platform//\//-}" >> "${GITHUB_OUTPUT}" PLATFORM: ${{ matrix.platform }}
- uses: actions/checkout@v5 - uses: actions/checkout@v5
with: with:
ref: ${{ needs.prepare.outputs.ref }} ref: ${{ needs.prepare.outputs.ref }}
persist-credentials: false
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
with: with:
@@ -259,7 +276,7 @@ jobs:
run: | run: |
# shellcheck disable=SC2034 # shellcheck disable=SC2034
digest=$(jq -r '."static-builder-gnu"."${{ fromJson(needs.prepare.outputs.push) && 'containerimage.digest' || 'containerimage.config.digest' }}"' <<< "${METADATA}") digest=$(jq -r '."static-builder-gnu"."${{ fromJson(needs.prepare.outputs.push) && 'containerimage.digest' || 'containerimage.config.digest' }}"' <<< "${METADATA}")
container_id=$(docker create --platform=${{ matrix.platform }} "${{ fromJson(needs.prepare.outputs.push) && '${IMAGE_NAME}@${digest}' || '${digest}' }}") container_id=$(docker create --platform="${PLATFORM}" "${{ fromJson(needs.prepare.outputs.push) && '${IMAGE_NAME}@${digest}' || '${digest}' }}")
mkdir -p gh-output mkdir -p gh-output
cd gh-output cd gh-output
for file in $(docker run --rm "${{ fromJson(needs.prepare.outputs.push) && '${IMAGE_NAME}@${digest}' || '${digest}' }}" sh -c "ls /go/src/app/dist | grep '^frankenphp'"); do for file in $(docker run --rm "${{ fromJson(needs.prepare.outputs.push) && '${IMAGE_NAME}@${digest}' || '${digest}' }}" sh -c "ls /go/src/app/dist | grep '^frankenphp'"); do
@@ -270,6 +287,7 @@ jobs:
env: env:
METADATA: ${{ steps.build.outputs.metadata }} METADATA: ${{ steps.build.outputs.metadata }}
BINARY: frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }} BINARY: frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}
PLATFORM: ${{ matrix.platform }}
- name: Upload artifact - name: Upload artifact
if: ${{ !fromJson(needs.prepare.outputs.push) }} if: ${{ !fromJson(needs.prepare.outputs.push) }}
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4
@@ -278,9 +296,10 @@ jobs:
path: gh-output/* path: gh-output/*
- name: Upload assets - name: Upload assets
if: fromJson(needs.prepare.outputs.push) && (needs.prepare.outputs.ref || github.ref_type == 'tag') if: fromJson(needs.prepare.outputs.push) && (needs.prepare.outputs.ref || github.ref_type == 'tag')
run: gh release upload "${{ (github.ref_type == 'tag' && github.ref_name) || needs.prepare.outputs.ref }}" gh-output/* --repo dunglas/frankenphp --clobber run: gh release upload "${REF}" gh-output/* --repo dunglas/frankenphp --clobber
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REF: ${{ (github.ref_type == 'tag' && github.ref_name) || needs.prepare.outputs.ref }}
- if: fromJson(needs.prepare.outputs.push) && (needs.prepare.outputs.ref || github.ref_type == 'tag') - if: fromJson(needs.prepare.outputs.push) && (needs.prepare.outputs.ref || github.ref_type == 'tag')
uses: actions/attest-build-provenance@v2 uses: actions/attest-build-provenance@v2
with: with:
@@ -356,6 +375,10 @@ jobs:
GNU_METADATA: ${{ needs.prepare.outputs.gnu_metadata }} GNU_METADATA: ${{ needs.prepare.outputs.gnu_metadata }}
build-mac: build-mac:
permissions:
contents: write
id-token: write
attestations: write
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
@@ -369,23 +392,27 @@ jobs:
- uses: actions/checkout@v5 - uses: actions/checkout@v5
with: with:
ref: ${{ needs.prepare.outputs.ref }} ref: ${{ needs.prepare.outputs.ref }}
persist-credentials: false
- uses: actions/setup-go@v5 - uses: actions/setup-go@v5
with: with:
go-version: "1.25" go-version: "1.25"
cache-dependency-path: | cache-dependency-path: |
go.sum go.sum
caddy/go.sum caddy/go.sum
cache: false
- name: Set FRANKENPHP_VERSION - name: Set FRANKENPHP_VERSION
run: | run: |
if [ "${GITHUB_REF_TYPE}" == "tag" ]; then if [ "${GITHUB_REF_TYPE}" == "tag" ]; then
export FRANKENPHP_VERSION=${GITHUB_REF_NAME:1} export FRANKENPHP_VERSION=${GITHUB_REF_NAME:1}
elif [ "${GITHUB_EVENT_NAME}" == "schedule" ]; then elif [ "${GITHUB_EVENT_NAME}" == "schedule" ]; then
export FRANKENPHP_VERSION="${{ needs.prepare.outputs.ref }}" export FRANKENPHP_VERSION="${REF}"
else else
export FRANKENPHP_VERSION=${GITHUB_SHA} export FRANKENPHP_VERSION=${GITHUB_SHA}
fi fi
echo "FRANKENPHP_VERSION=${FRANKENPHP_VERSION}" >> "${GITHUB_ENV}" echo "FRANKENPHP_VERSION=${FRANKENPHP_VERSION}" >> "${GITHUB_ENV}"
env:
REF: ${{ needs.prepare.outputs.ref }}
- name: Build FrankenPHP - name: Build FrankenPHP
run: ./build-static.sh run: ./build-static.sh
env: env:

4
.github/workflows/tests.yaml vendored
View File

@@ -38,6 +38,8 @@ jobs:
LIBRARY_PATH: ${{ github.workspace }}/watcher/target/lib LIBRARY_PATH: ${{ github.workspace }}/watcher/target/lib
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v5
with:
persist-credentials: false
- uses: actions/setup-go@v5 - uses: actions/setup-go@v5
with: with:
go-version: "1.25" go-version: "1.25"
@@ -99,6 +101,8 @@ jobs:
HOMEBREW_NO_AUTO_UPDATE: 1 HOMEBREW_NO_AUTO_UPDATE: 1
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v5
with:
persist-credentials: false
- uses: actions/setup-go@v5 - uses: actions/setup-go@v5
with: with:
go-version: "1.25" go-version: "1.25"

6
zizmor.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
rules:
unpinned-uses:
config:
policies:
"*": ref-pin