CLI-1397: Exception on local non-RSA SSH keys (#1802) #4814
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| # Prevent duplicate jobs on Dependabot PRs that interfere with automerge. | |
| branches-ignore: | |
| - 'dependabot/**' | |
| pull_request: | |
| schedule: | |
| - cron: '0 2 * * *' | |
| release: | |
| types: [published] | |
| workflow_dispatch: | |
| defaults: | |
| run: | |
| # Run Git Bash on Windows. Otherwise, it uses PowerShell Core, and we'd need | |
| # to install more dependencies. Ubuntu default shell is already Bash. | |
| # @see https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#using-a-specific-shell | |
| shell: bash | |
| jobs: | |
| test: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: ['ubuntu-22.04'] | |
| php: ['8.1', '8.2', '8.3'] | |
| coverage: ['none'] | |
| include: | |
| - os: 'ubuntu-22.04' | |
| php: '8.2' | |
| coverage: 'pcov' | |
| # Only test pre-installed (i.e. fast) versions of PHP on Windows. | |
| - os: 'windows-2022' | |
| php: '8.2' | |
| coverage: 'none' | |
| steps: | |
| - name: Prepare Git | |
| # Windows corrupts line endings on checkout, causing test failures. | |
| run: git config --global core.autocrlf false | |
| - uses: actions/checkout@v4 | |
| - uses: shivammathur/setup-php@v2 | |
| with: | |
| ini-file: development | |
| php-version: ${{ matrix.php }} | |
| # Only report coverage once | |
| coverage: ${{ matrix.coverage }} | |
| - name: Check for abandoned dependencies | |
| if: matrix.os == 'ubuntu-22.04' | |
| run: cat composer.lock | jq '.packages[] | select(.abandoned)' | grep -q ^ && echo 'Abandoned Composer packages found' && exit 1 || exit 0 | |
| - name: Check for insecure dependencies | |
| run: composer audit | |
| - name: Composer install | |
| run: composer install --prefer-dist --no-interaction --optimize-autoloader | |
| - name: Check dependency licenses | |
| if: matrix.os == 'ubuntu-22.04' | |
| run: ./vendor/bin/composer-license-checker check --allowlist GPL-2.0-or-later --allowlist MIT --allowlist BSD-2-Clause --allowlist Apache-2.0 --allowlist LGPL-3.0-or-later --allowlist BSD-3-Clause --allowlist GPL-2.0-only --allow ltd-beget | |
| - name: Run tests | |
| if: matrix.coverage == 'none' | |
| run: | | |
| composer validate --no-check-all --ansi | |
| # Catch PSR issues to prevent phantom tests. | |
| # @see https://github.com/acquia/cli/pull/1065 | |
| composer dump-autoload --strict-psr | |
| composer test | |
| - name: Run coverage | |
| if: matrix.coverage == 'pcov' | |
| run: composer coverage | |
| - name: Upload coverage results to Codecov | |
| if: matrix.coverage == 'pcov' | |
| uses: codecov/codecov-action@v4 | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| build-release: | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: shivammathur/setup-php@v2 | |
| with: | |
| coverage: none | |
| php-version: '8.1' | |
| - name: 'Get ACLI version' | |
| id: acli-version | |
| run: | | |
| if [[ "$GITHUB_REF_TYPE" == 'tag' ]]; then | |
| echo "ACLI_VERSION=$GITHUB_REF_NAME" >> $GITHUB_OUTPUT | |
| else | |
| echo "ACLI_VERSION=dev-$GITHUB_REF_NAME" >> $GITHUB_OUTPUT | |
| fi | |
| - name: 'Create env file' | |
| run: | | |
| touch .env | |
| echo BUGSNAG_KEY=${{ secrets.BUGSNAG_KEY }} >> .env | |
| echo AMPLITUDE_KEY=${{ secrets.AMPLITUDE_KEY }} >> .env | |
| echo ACLI_VERSION=${{ steps.acli-version.outputs.ACLI_VERSION }} >> .env | |
| - name: Build | |
| run: | | |
| composer install --no-dev --optimize-autoloader | |
| composer box-install | |
| # Warm the symfony cache so it gets bundled with phar. | |
| ./bin/acli | |
| composer box-compile | |
| - name: Store artifact in Actions | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: acli.phar | |
| path: var/acli.phar | |
| - name: Release | |
| uses: softprops/action-gh-release@v2 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| with: | |
| files: var/acli.phar | |
| - name: Publish docs | |
| if: github.event_name == 'push' | |
| run: | | |
| ./bin/acli self:make-docs -d docs | |
| aws s3 sync docs s3://acquia-cli/docs | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: us-east-1 | |
| # Require all checks to pass without having to enumerate them in the branch protection UI. | |
| # @see https://github.community/t/is-it-possible-to-require-all-github-actions-tasks-to-pass-without-enumerating-them/117957 | |
| check: | |
| if: always() | |
| needs: | |
| - test | |
| - build-release | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Decide whether the needed jobs succeeded or failed | |
| uses: re-actors/alls-green@release/v1 | |
| with: | |
| jobs: ${{ toJSON(needs) }} |