Skip to content

Updated runner

Updated runner #270

Workflow file for this run

name: Docker TEST
on:
workflow_dispatch:
pull_request:
env:
DOCKER_BUILDKIT: 1
IMAGE_NAME: pimcore/pimcore
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
include:
- { php: '8.2', distro: bookworm }
- { php: '8.3', distro: bookworm, imagick_version_from_src: 28f27044e435a2b203e32675e942eb8de620ee58 }
steps:
- uses: actions/checkout@v2
- name: Build Image
run: |
set -ex
imageVariants=("min" "default" "max" "debug" "supervisord")
for imageVariant in ${imageVariants[@]}; do
docker build --tag pimcore-image \
--target="pimcore_php_$imageVariant" \
--build-arg PHP_VERSION="${{ matrix.php }}" \
--build-arg DEBIAN_VERSION="${{ matrix.distro }}" \
--build-arg IMAGICK_VERSION_FROM_SRC="${{ matrix.imagick_version_from_src }}" \
.
if [ "$imageVariant" != "min" ]; then
# Test that Imagick is installed
docker run --rm pimcore-image sh -c 'php -m | grep imagick'
fi
if [ "$imageVariant" == "debug" ]; then
# Make sure xdebug is installed and configured on debug-build
docker run --rm pimcore-image sh -c 'php -m | grep xdebug'
docker run --rm pimcore-image test -f /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
# Check if entrypoint did it's job and generated xdebug configuration
docker run --rm pimcore-image php -r 'assert("PHPSTORM" === ini_get("xdebug.idekey"));'
docker run --rm -e XDEBUG_HOST=pim.co.re pimcore-image sh -c 'php -i | grep "xdebug.*pim\.co\.re"'
else
# Make sure xdebug is neither activated nor configured on non-debug build
docker run --rm pimcore-image sh -c '! php -m | grep xdebug'
docker run --rm pimcore-image test ! -f /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
fi
docker run --rm pimcore-image composer create-project pimcore/skeleton:2024.x-dev pimcore --no-scripts
if [ "$imageVariant" != "min" ]; then
docker run -v "$(pwd)/.github/files":/var/www/html --rm pimcore-image php test_heif.php
fi
done
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'pimcore-image'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'