#62221 GitHub Actions workflow hardening #51
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Local Docker Environment | |
on: | |
push: | |
branches: | |
- trunk | |
- '6.[8-9]' | |
- '[7-9].[0-9]' | |
paths: | |
# Any changes to Docker related files. | |
- '.env.example' | |
- 'docker-compose.yml' | |
# Any changes to local environment related files | |
- 'tools/local-env/**' | |
# These files manage packages used by the local environment. | |
- 'package*.json' | |
# These files configure Composer. Changes could affect the local environment. | |
- 'composer.*' | |
# These files define the versions to test. | |
- '.version-support-*.json' | |
# Changes to this and related workflow files should always be verified. | |
- '.github/workflows/local-docker-environment.yml' | |
- '.github/workflows/reusable-support-json-reader-v1.yml' | |
- '.github/workflows/reusable-test-docker-environment-v1.yml' | |
pull_request: | |
branches: | |
- trunk | |
- '6.[8-9]' | |
- '[7-9].[0-9]' | |
paths: | |
# Any changes to Docker related files. | |
- '.env.example' | |
- 'docker-compose.yml' | |
# Any changes to local environment related files | |
- 'tools/local-env/**' | |
# These files manage packages used by the local environment. | |
- 'package*.json' | |
# These files configure Composer. Changes could affect the local environment. | |
- 'composer.*' | |
# These files define the versions to test. | |
- '.version-support-*.json' | |
# Changes to this and related workflow files should always be verified. | |
- '.github/workflows/local-docker-environment.yml' | |
- '.github/workflows/reusable-support-json-reader-v1.yml' | |
- '.github/workflows/reusable-test-docker-environment-v1.yml' | |
workflow_dispatch: | |
# Cancels all previous workflow runs for pull requests that have not completed. | |
concurrency: | |
# The concurrency group contains the workflow name and the branch name for pull requests | |
# or the commit hash for any other events. | |
group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }} | |
cancel-in-progress: true | |
# Disable permissions for all available scopes by default. | |
# Any needed permissions should be configured at the job level. | |
permissions: {} | |
jobs: | |
# | |
# Determines the appropriate supported values for PHP and database versions based on the WordPress | |
# version being tested. | |
# | |
build-test-matrix: | |
name: Build Test Matrix | |
uses: WordPress/wordpress-develop/.github/workflows/reusable-support-json-reader-v1.yml@trunk | |
permissions: | |
contents: read | |
secrets: inherit | |
if: ${{ github.repository == 'WordPress/wordpress-develop' || github.event_name == 'pull_request' }} | |
with: | |
wp-version: ${{ github.event_name == 'pull_request' && github.base_ref || github.ref_name }} | |
# Tests the local Docker environment. | |
environment-tests-mysql: | |
name: PHP ${{ matrix.php }} | |
uses: WordPress/wordpress-develop/.github/workflows/reusable-test-local-docker-environment-v1.yml@trunk | |
permissions: | |
contents: read | |
if: ${{ github.repository == 'WordPress/wordpress-develop' || github.event_name == 'pull_request' }} | |
needs: [ build-test-matrix ] | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ ubuntu-latest ] | |
memcached: [ false, true ] | |
php: ${{ fromJSON( needs.build-test-matrix.outputs.php-versions ) }} | |
db-version: ${{ fromJSON( needs.build-test-matrix.outputs.mysql-versions ) }} | |
exclude: | |
# The MySQL 5.5 containers will not start. | |
- db-version: '5.5' | |
# MySQL 9.0+ will not work on PHP 7.2 & 7.3 | |
- php: '7.2' | |
db-version: '9.0' | |
- php: '7.3' | |
db-version: '9.0' | |
with: | |
os: ${{ matrix.os }} | |
php: ${{ matrix.php }} | |
db-type: 'mysql' | |
db-version: ${{ matrix.db-version }} | |
memcached: ${{ matrix.memcached }} | |
tests-domain: ${{ matrix.tests-domain }} | |
slack-notifications: | |
name: Slack Notifications | |
uses: WordPress/wordpress-develop/.github/workflows/slack-notifications.yml@trunk | |
permissions: | |
actions: read | |
contents: read | |
needs: [ build-test-matrix, environment-tests-mysql ] | |
if: ${{ github.repository == 'WordPress/wordpress-develop' && github.event_name != 'pull_request' && always() }} | |
with: | |
calling_status: ${{ contains( needs.*.result, 'cancelled' ) && 'cancelled' || contains( needs.*.result, 'failure' ) && 'failure' || 'success' }} | |
secrets: | |
SLACK_GHA_SUCCESS_WEBHOOK: ${{ secrets.SLACK_GHA_SUCCESS_WEBHOOK }} | |
SLACK_GHA_CANCELLED_WEBHOOK: ${{ secrets.SLACK_GHA_CANCELLED_WEBHOOK }} | |
SLACK_GHA_FIXED_WEBHOOK: ${{ secrets.SLACK_GHA_FIXED_WEBHOOK }} | |
SLACK_GHA_FAILURE_WEBHOOK: ${{ secrets.SLACK_GHA_FAILURE_WEBHOOK }} | |
failed-workflow: | |
name: Failed workflow tasks | |
runs-on: ubuntu-latest | |
permissions: | |
actions: write | |
needs: [ build-test-matrix, environment-tests-mysql, slack-notifications ] | |
if: | | |
always() && | |
github.repository == 'WordPress/wordpress-develop' && | |
github.event_name != 'pull_request' && | |
github.run_attempt < 2 && | |
( | |
contains( needs.*.result, 'cancelled' ) || | |
contains( needs.*.result, 'failure' ) | |
) | |
steps: | |
- name: Dispatch workflow run | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
with: | |
retries: 2 | |
retry-exempt-status-codes: 418 | |
script: | | |
github.rest.actions.createWorkflowDispatch({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
workflow_id: 'failed-workflow.yml', | |
ref: 'trunk', | |
inputs: { | |
run_id: context.runId, | |
} | |
}); |