jared
31510cfe0f
Adds a deploy job that runs only when both php-lint and js-lint succeed. Calls the CT132 webhook directly with HMAC-SHA256 signature from the WEBHOOK_SECRET repo secret. Disabled the direct push webhooks that previously deployed on every push regardless of lint status. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
63 lines
1.7 KiB
YAML
63 lines
1.7 KiB
YAML
name: Lint
|
|
|
|
on:
|
|
push:
|
|
branches: ["**"]
|
|
pull_request:
|
|
branches: ["**"]
|
|
|
|
jobs:
|
|
php-lint:
|
|
name: PHP (phpcs PSR-12)
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
|
|
- name: Install PHP and phpcs
|
|
run: |
|
|
apt-get update -qq
|
|
apt-get install -y -qq php-cli php-xml
|
|
curl -sL https://squizlabs.github.io/PHP_CodeSniffer/phpcs.phar -o /usr/local/bin/phpcs
|
|
chmod +x /usr/local/bin/phpcs
|
|
|
|
- name: Run phpcs
|
|
run: phpcs --standard=.phpcs.xml .
|
|
|
|
js-lint:
|
|
name: JS (eslint)
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
|
|
- name: Install ESLint
|
|
run: npm install --save-dev eslint@8
|
|
|
|
- name: Run ESLint
|
|
run: npx eslint assets/js/
|
|
|
|
deploy:
|
|
name: Deploy
|
|
runs-on: ubuntu-latest
|
|
needs: [php-lint, js-lint]
|
|
if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/development')
|
|
steps:
|
|
- name: Trigger webhook
|
|
env:
|
|
WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
|
|
GIT_REF: ${{ github.ref }}
|
|
run: |
|
|
if [ "$GIT_REF" = "refs/heads/main" ]; then
|
|
HOOK_ID="tinker-deploy"
|
|
else
|
|
HOOK_ID="tinker-beta-deploy"
|
|
fi
|
|
PAYLOAD="{\"ref\":\"${GIT_REF}\"}"
|
|
SIG=$(echo -n "$PAYLOAD" | openssl dgst -sha256 -hmac "$WEBHOOK_SECRET" | awk '{print $2}')
|
|
curl -sf --connect-timeout 10 \
|
|
-X POST \
|
|
-H "Content-Type: application/json" \
|
|
-H "X-Gitea-Signature: ${SIG}" \
|
|
-d "$PAYLOAD" \
|
|
"http://10.10.10.45:9000/hooks/${HOOK_ID}"
|
|
|