From 7cc8b1271529a5e24a48cd4626253efdefc3130f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 2 Dec 2025 19:09:06 +0000 Subject: [PATCH 01/21] Initial plan From abb4ddfa7b0a1c39773de8bf5537cb30d344d8db Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 2 Dec 2025 19:15:54 +0000 Subject: [PATCH 02/21] Add GitHub Actions workflows to replace Travis CI Co-authored-by: amitaibu <125707+amitaibu@users.noreply.github.com> --- .github/workflows/deploy-live.yml | 63 ++++++++++++++++++++++++++ .github/workflows/deploy-qa.yml | 69 +++++++++++++++++++++++++++++ .github/workflows/deploy-test.yml | 64 ++++++++++++++++++++++++++ .github/workflows/lint.template.yml | 62 ++++++++++++++++++++++++++ .github/workflows/lint.yml | 62 ++++++++++++++++++++++++++ .github/workflows/test.yml | 39 ++++++++++++++++ README.md | 25 ++++++----- ci-scripts/prepare_deploy.sh | 14 +++--- 8 files changed, 382 insertions(+), 16 deletions(-) create mode 100644 .github/workflows/deploy-live.yml create mode 100644 .github/workflows/deploy-qa.yml create mode 100644 .github/workflows/deploy-test.yml create mode 100644 .github/workflows/lint.template.yml create mode 100644 .github/workflows/lint.yml create mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/deploy-live.yml b/.github/workflows/deploy-live.yml new file mode 100644 index 000000000..7ab33657e --- /dev/null +++ b/.github/workflows/deploy-live.yml @@ -0,0 +1,63 @@ +name: Deploy to Pantheon LIVE + +on: + push: + tags: + - '*live' + +jobs: + deploy-live: + name: 'Backend tests: Functional tests and deploy to Pantheon LIVE' + runs-on: ubuntu-24.04 + env: + DDEV_NO_INSTRUMENTATION: true + ROLLBAR_SERVER_TOKEN: ${{ secrets.ROLLBAR_SERVER_TOKEN }} + PANTHEON_GIT_URL: ${{ secrets.PANTHEON_GIT_URL }} + TERMINUS_TOKEN: ${{ secrets.TERMINUS_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 500 + + - name: Check live deploy + run: ./ci-scripts/check_live_deploy.sh + + - name: Set up DDEV + uses: ddev/github-action-setup-ddev@v1 + + - name: Configure DDEV + run: | + mkdir -p ~/.ddev + cp ci-scripts/global_config.yaml ~/.ddev/ + + - name: Set ROLLBAR_SERVER_TOKEN + if: env.ROLLBAR_SERVER_TOKEN != '' + run: ddev config global --web-environment-add="ROLLBAR_SERVER_TOKEN=$ROLLBAR_SERVER_TOKEN" + + - name: Install Drupal + run: | + ddev composer install + ./ci-scripts/install_drupal.sh + + - name: Run PHPUnit tests + run: ./ci-scripts/test_phpunit.sh + + - name: Prepare SSH key + run: | + openssl aes-256-cbc -K ${{ secrets.ENCRYPTED_KEY }} -iv ${{ secrets.ENCRYPTED_IV }} \ + -in travis-key.enc -out travis-key -d + mkdir -p ~/.ssh + cp travis-key ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + + - name: Prepare deployment + run: | + export TRAVIS_BUILD_DIR="${GITHUB_WORKSPACE}" + export TRAVIS_COMMIT_MESSAGE="${{ github.event.head_commit.message }}" + ./ci-scripts/prepare_deploy.sh + + - name: Deploy to Pantheon LIVE + run: | + ddev composer install + ddev robo deploy:pantheon-sync live diff --git a/.github/workflows/deploy-qa.yml b/.github/workflows/deploy-qa.yml new file mode 100644 index 000000000..e5c3932af --- /dev/null +++ b/.github/workflows/deploy-qa.yml @@ -0,0 +1,69 @@ +name: Deploy to Pantheon QA + +on: + push: + branches: + - main + +jobs: + deploy-qa: + name: 'Backend tests: Functional tests and deploy to Pantheon QA' + runs-on: ubuntu-24.04 + # Allow this job to fail without failing the workflow + continue-on-error: true + env: + DDEV_NO_INSTRUMENTATION: true + ROLLBAR_SERVER_TOKEN: ${{ secrets.ROLLBAR_SERVER_TOKEN }} + PANTHEON_GIT_URL: ${{ secrets.PANTHEON_GIT_URL }} + TERMINUS_TOKEN: ${{ secrets.TERMINUS_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + DEPLOY_EXCLUDE_WARNING: ${{ vars.DEPLOY_EXCLUDE_WARNING }} + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 500 + + - name: Set up DDEV + uses: ddev/github-action-setup-ddev@v1 + + - name: Configure DDEV + run: | + mkdir -p ~/.ddev + cp ci-scripts/global_config.yaml ~/.ddev/ + + - name: Set ROLLBAR_SERVER_TOKEN + if: env.ROLLBAR_SERVER_TOKEN != '' + run: ddev config global --web-environment-add="ROLLBAR_SERVER_TOKEN=$ROLLBAR_SERVER_TOKEN" + + - name: Install Drupal + run: | + ddev composer install + ./ci-scripts/install_drupal.sh + + - name: Run PHPUnit tests + run: ./ci-scripts/test_phpunit.sh + + - name: Run PHPUnit Rollbar tests + run: ./ci-scripts/test_phpunit_rollbar.sh + + - name: Prepare SSH key + run: | + openssl aes-256-cbc -K ${{ secrets.ENCRYPTED_KEY }} -iv ${{ secrets.ENCRYPTED_IV }} \ + -in travis-key.enc -out travis-key -d + mkdir -p ~/.ssh + cp travis-key ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + + - name: Prepare deployment + run: | + export TRAVIS_BUILD_DIR="${GITHUB_WORKSPACE}" + export TRAVIS_COMMIT_MESSAGE="${{ github.event.head_commit.message }}" + ./ci-scripts/prepare_deploy.sh + + - name: Deploy to Pantheon QA + run: | + ddev composer install + ddev robo deploy:pantheon qa --no-interaction + + - name: Notify deployment + run: ddev robo deploy:notify diff --git a/.github/workflows/deploy-test.yml b/.github/workflows/deploy-test.yml new file mode 100644 index 000000000..af41b1463 --- /dev/null +++ b/.github/workflows/deploy-test.yml @@ -0,0 +1,64 @@ +name: Deploy to Pantheon TEST + +on: + push: + tags: + - '*' + - '!*live' + +jobs: + deploy-test: + name: 'Backend tests: Functional tests and deploy to Pantheon TEST' + runs-on: ubuntu-24.04 + env: + DDEV_NO_INSTRUMENTATION: true + ROLLBAR_SERVER_TOKEN: ${{ secrets.ROLLBAR_SERVER_TOKEN }} + PANTHEON_GIT_URL: ${{ secrets.PANTHEON_GIT_URL }} + TERMINUS_TOKEN: ${{ secrets.TERMINUS_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 500 + + - name: Set up DDEV + uses: ddev/github-action-setup-ddev@v1 + + - name: Configure DDEV + run: | + mkdir -p ~/.ddev + cp ci-scripts/global_config.yaml ~/.ddev/ + + - name: Set ROLLBAR_SERVER_TOKEN + if: env.ROLLBAR_SERVER_TOKEN != '' + run: ddev config global --web-environment-add="ROLLBAR_SERVER_TOKEN=$ROLLBAR_SERVER_TOKEN" + + - name: Install Drupal + run: | + ddev composer install + ./ci-scripts/install_drupal.sh + + - name: Run PHPUnit tests + run: ./ci-scripts/test_phpunit.sh + + - name: Prepare SSH key + run: | + openssl aes-256-cbc -K ${{ secrets.ENCRYPTED_KEY }} -iv ${{ secrets.ENCRYPTED_IV }} \ + -in travis-key.enc -out travis-key -d + mkdir -p ~/.ssh + cp travis-key ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + + - name: Prepare deployment + run: | + export TRAVIS_BUILD_DIR="${GITHUB_WORKSPACE}" + export TRAVIS_COMMIT_MESSAGE="${{ github.event.head_commit.message }}" + ./ci-scripts/prepare_deploy.sh + + - name: Deploy to Pantheon TEST + run: | + ddev composer install + ddev robo deploy:tag-pantheon --no-interaction ${{ github.ref_name }} master + + - name: Sync Pantheon environments + run: ddev robo deploy:pantheon-sync diff --git a/.github/workflows/lint.template.yml b/.github/workflows/lint.template.yml new file mode 100644 index 000000000..606f2dcc4 --- /dev/null +++ b/.github/workflows/lint.template.yml @@ -0,0 +1,62 @@ +name: Lint + +on: + pull_request: + push: + branches: + - {{ GITHUB_DEPLOY_BRANCH }} + +jobs: + phpstan: + name: PhpStan + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 500 + + - name: Set up PHP + uses: shivammathur/setup-php@v2 + with: + php-version: '8.3' + coverage: none + + - name: Check syntax + run: | + ./ci-scripts/test_syntax.sh + + - name: Install Composer dependencies + run: composer install + + - name: Run PhpStan + run: PHP_MEMORY_LIMIT=2G ./vendor/bin/phpstan --no-progress analyse -c phpstan.neon + + phpcs: + name: Drupal coding standard + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v4 + + - name: Set up PHP + uses: shivammathur/setup-php@v2 + with: + php-version: '8.3' + coverage: none + + - name: Install Composer dependencies + run: composer install + + - name: Run PHPCS + run: vendor/bin/robo phpcs + + shellcheck: + name: 'Shell coding standard: shellcheck' + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v4 + + - name: Install shellcheck + run: ./ci-scripts/install_shell.sh + + - name: Run shellcheck + run: ./ci-scripts/test_shell.sh diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 000000000..8fa42022c --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,62 @@ +name: Lint + +on: + pull_request: + push: + branches: + - main + +jobs: + phpstan: + name: PhpStan + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 500 + + - name: Set up PHP + uses: shivammathur/setup-php@v2 + with: + php-version: '8.3' + coverage: none + + - name: Check syntax + run: | + ./ci-scripts/test_syntax.sh + + - name: Install Composer dependencies + run: composer install + + - name: Run PhpStan + run: PHP_MEMORY_LIMIT=2G ./vendor/bin/phpstan --no-progress analyse -c phpstan.neon + + phpcs: + name: Drupal coding standard + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v4 + + - name: Set up PHP + uses: shivammathur/setup-php@v2 + with: + php-version: '8.3' + coverage: none + + - name: Install Composer dependencies + run: composer install + + - name: Run PHPCS + run: vendor/bin/robo phpcs + + shellcheck: + name: 'Shell coding standard: shellcheck' + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v4 + + - name: Install shellcheck + run: ./ci-scripts/install_shell.sh + + - name: Run shellcheck + run: ./ci-scripts/test_shell.sh diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 000000000..a8d1f9a57 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,39 @@ +name: Test + +on: + pull_request: + push: + branches-ignore: + - main + +jobs: + functional-tests: + name: 'Backend tests: Functional tests' + runs-on: ubuntu-24.04 + env: + DDEV_NO_INSTRUMENTATION: true + ROLLBAR_SERVER_TOKEN: df6ce617465b4980afdecc95ed1b42de + steps: + - uses: actions/checkout@v4 + + - name: Set up DDEV + uses: ddev/github-action-setup-ddev@v1 + + - name: Configure DDEV + run: | + mkdir -p ~/.ddev + cp ci-scripts/global_config.yaml ~/.ddev/ + + - name: Set ROLLBAR_SERVER_TOKEN + run: ddev config global --web-environment-add="ROLLBAR_SERVER_TOKEN=$ROLLBAR_SERVER_TOKEN" + + - name: Install Drupal + run: | + ddev composer install + ./ci-scripts/install_drupal.sh + + - name: Run PHPUnit tests + run: ./ci-scripts/test_phpunit.sh + + - name: Run PHPUnit Rollbar tests + run: ./ci-scripts/test_phpunit_rollbar.sh diff --git a/README.md b/README.md index e5330ae3b..450918b46 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -[![Build Status](https://app.travis-ci.com/Gizra/drupal-starter.svg?branch=main)](https://app.travis-ci.com/Gizra/drupal-starter) +[![Build Status](https://github.com/Gizra/drupal-starter/actions/workflows/lint.yml/badge.svg)](https://github.com/Gizra/drupal-starter/actions) [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://github.com/codespaces/new?hide_repo_select=true&ref=main&repo=250256146) @@ -19,8 +19,8 @@ scripts. The reason for this is that it's assumed PHP developers are more comfortable with PHP than Bash, and it provides us with easier iteration, reading and manipulating yaml files, pre-defined [tasks](https://robo.li/tasks/Assets/), etc. -1. We use Travis-CI for continuous integration. A pre-configured and working -`.travis.yaml` is part of this repo. +1. We use GitHub Actions for continuous integration. Pre-configured and working +workflows are part of this repo. 1. We use Pantheon for hosting. A `ddev robo deploy:pantheon` will take care of deployments. See more under ["Deploy to Pantheon"](#deploy-to-pantheon) section. 1. We use [Pluggable Entity View Builder](https://www.drupal.org/project/pluggable_entity_view_builder) to define how an entity should look like. See [example](https://github.com/Gizra/drupal-starter/blob/main/web/modules/custom/server_general/src/Plugin/EntityViewBuilder/NodeLandingPage.php). @@ -282,7 +282,7 @@ See the details [here](https://github.com/Gizra/drupal-starter/blob/main/robo-co As this repository gets copied several times, for different projects, it gets tedious to port small fixes. For larger-scale changes, due to conflicts and per-project considerations, we need to apply -changes manually., However for tiny, trivial changes, such as Travis fixes, we have the following tool: +changes manually., However for tiny, trivial changes, such as CI fixes, we have the following tool: ``` # Go to the root of all the projects cd /home/user/your-projects @@ -383,15 +383,20 @@ assembles it from the Git log. ## Automatic Deployment to Pantheon -In order to deploy upon every merge automatically by Travis, you shall: +In order to deploy upon every merge automatically using GitHub Actions, you shall: 1. Initiate QA (`qa` branch) multidev environment for the given project. 1. Double-check if `./.ddev/providers/pantheon.yaml` contains the proper Pantheon project name. 1. Get a [Pantheon machine token](https://pantheon.io/docs/machine-tokens) (using a dummy new Pantheon user ideally, one user per project for the sake of security) -1. Get a GitHub Personal access token, it is needed for [Travis CLI to authenticate](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token). It will be used like this: `travis login --pro --github-token=`. Also it will be used to post a comment to GitHub to the relevant issue when a merged PR is deployed, so set the expiry date far in the future enough for this. +1. Get a GitHub Personal access token. It will be used to post a comment to GitHub to the relevant issue when a merged PR is deployed, so set the expiry date far in the future enough for this. 1. `ddev robo deploy:config-autodeploy [your terminus token] [your github token]` 1. `git commit -m "Deployment secrets and configuration"` 1. Add the public key in `travis-key.pub` to the newly created dummy [Pantheon user](https://pantheon.io/docs/ssh-keys) +1. Set up the following GitHub secrets in your repository settings: + - `PANTHEON_GIT_URL`: The Pantheon Git URL for your project + - `TERMINUS_TOKEN`: Your Pantheon machine token + - `ROLLBAR_SERVER_TOKEN`: Your Rollbar server token (optional) + - `ENCRYPTED_KEY` and `ENCRYPTED_IV`: The encryption key and IV from the `deploy:config-autodeploy` command output 1. Actualize `public static string $githubProject = 'Gizra/the-client';` in the `RoboFile.php`. Optionally you can specify which target branch you'd like to push on Pantheon, by default it's `master`, so the target is the DEV environment, but alternatively you can issue: @@ -409,14 +414,12 @@ loop, you can maintain an exclude list to filter out these acceptable warnings. To set up an exclude list: -In your .travis.yml, set the `DEPLOY_EXCLUDE_WARNING` environment variable with a list of warnings to exclude. +In your GitHub repository settings, create a configuration variable `DEPLOY_EXCLUDE_WARNING` with a list of warnings to exclude. The warning names should be separated by a | character. Example: -```yml -env: -global: -- DEPLOY_EXCLUDE_WARNING="Search API|Another" +``` +DEPLOY_EXCLUDE_WARNING="Search API|Another" ``` The deployment script will read this environment variable and exclude the specified warnings when posting to GitHub. diff --git a/ci-scripts/prepare_deploy.sh b/ci-scripts/prepare_deploy.sh index e73a6b38d..7791a1cfb 100755 --- a/ci-scripts/prepare_deploy.sh +++ b/ci-scripts/prepare_deploy.sh @@ -3,7 +3,9 @@ set -e set -x -cd "$TRAVIS_BUILD_DIR" || exit 1 +# Support both Travis CI and GitHub Actions +BUILD_DIR="${TRAVIS_BUILD_DIR:-${GITHUB_WORKSPACE}}" +cd "$BUILD_DIR" || exit 1 # Make Git operations possible. cp travis-key ~/.ssh/id_rsa @@ -15,7 +17,7 @@ ddev config global --web-environment-add="TERMINUS_MACHINE_TOKEN=$TERMINUS_TOKEN export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" if [ -z "$PANTHEON_GIT_URL" ]; then - echo "Error: PANTHEON_GIT_URL is not set. Add it to .travis.yml" + echo "Error: PANTHEON_GIT_URL is not set. Add it to workflow secrets/env vars" exit 1 fi @@ -26,13 +28,15 @@ fi ddev stop # Expose some environment variables to DDEV to be able to notify on auto-deploy. -# Make sure TRAVIS_COMMIT_MESSAGE variable does not contain special characters: +# Support both Travis CI and GitHub Actions +COMMIT_MESSAGE="${TRAVIS_COMMIT_MESSAGE:-${GITHUB_COMMIT_MESSAGE}}" +# Make sure commit message variable does not contain special characters: # { , } , [ , ] , & , * , # , ? , | , - , < , > , = , ! , % , @ , ", ', ` # and comma itself. # These could break the YAML/Bash syntax. # shellcheck disable=SC2001 -TRAVIS_COMMIT_MESSAGE=$(echo "$TRAVIS_COMMIT_MESSAGE" | tr '\n' ' ' | sed -e 's/[{},&*?|<>=%@\"'\''`-]//g') -ddev config global --web-environment-add="TRAVIS_COMMIT_MESSAGE=$TRAVIS_COMMIT_MESSAGE" +COMMIT_MESSAGE=$(echo "$COMMIT_MESSAGE" | tr '\n' ' ' | sed -e 's/[{},&*?|<>=%@\"'\''`-]//g') +ddev config global --web-environment-add="TRAVIS_COMMIT_MESSAGE=$COMMIT_MESSAGE" ddev config global --web-environment-add="GITHUB_TOKEN=$GITHUB_TOKEN" if [ -n "${DEPLOY_EXCLUDE_WARNING}" ]; then ddev config global --web-environment-add="DEPLOY_EXCLUDE_WARNING=$DEPLOY_EXCLUDE_WARNING" From 64e2e8bc9d1a7c5bacab2c686e77ff57f5fecca7 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 2 Dec 2025 19:17:33 +0000 Subject: [PATCH 03/21] Update RoboFile deployment config for GitHub Actions Co-authored-by: amitaibu <125707+amitaibu@users.noreply.github.com> --- robo-components/DeploymentTrait.php | 93 ++++++++++++----------------- 1 file changed, 39 insertions(+), 54 deletions(-) diff --git a/robo-components/DeploymentTrait.php b/robo-components/DeploymentTrait.php index 159e866ea..39d1757be 100644 --- a/robo-components/DeploymentTrait.php +++ b/robo-components/DeploymentTrait.php @@ -706,81 +706,66 @@ public function deployPantheonInstallEnv(string $env = 'qa', ?string $pantheon_n * @throws \Exception */ public function deployConfigAutodeploy(string $token, string $github_token, string $github_deploy_branch = 'main', string $pantheon_deploy_branch = 'qa'): void { - $this->_exec("cp .travis.template.yml .travis.yml"); $pantheon_info = $this->getPantheonNameAndEnv(); $project_name = $pantheon_info['name']; - if (empty(shell_exec("which travis"))) { - // We do not bake it into the Docker image to save on disk space. - // We rarely need this operation, also not all the developers - // will use it. - $result = $this->taskExecStack() - ->exec('sudo apt update') - ->exec('sudo apt install ruby ruby-dev make g++ --yes') - ->exec('sudo gem install travis --no-document') - ->stopOnFail() - ->run() - ->getExitCode(); - - if ($result !== 0) { - throw new \Exception('The installation of the dependencies failed.'); - } - } - + // Generate SSH key for deployment $result = $this->taskExec('ssh-keygen -t rsa -f travis-key -P ""')->run(); if ($result->getExitCode() !== 0) { throw new \Exception('The key generation failed.'); } - $result = $this->taskExec('travis login --pro --github-token="' . $github_token . '"')->run(); - if ($result->getExitCode() !== 0) { - throw new \Exception('The authentication with GitHub via Travis CLI failed.'); - } + // Encrypt the SSH key for use in GitHub Actions + $result = $this->taskExec('openssl rand -hex 32')->printOutput(FALSE)->run(); + $encryption_key = trim($result->getMessage()); + + $result = $this->taskExec('openssl rand -hex 16')->printOutput(FALSE)->run(); + $encryption_iv = trim($result->getMessage()); - $result = $this->taskExec('travis encrypt-file travis-key --add --no-interactive --pro') - ->run(); + $result = $this->taskExec("openssl aes-256-cbc -K $encryption_key -iv $encryption_iv -in travis-key -out travis-key.enc")->run(); if ($result->getExitCode() !== 0) { throw new \Exception('The encryption of the private key failed.'); } - $result = $this->taskExec('travis encrypt TERMINUS_TOKEN="' . $token . '" --add --no-interactive --pro') - ->run(); - if ($result->getExitCode() !== 0) { - throw new \Exception('The encryption of the Terminus token failed.'); - } - - $result = $this->taskExec('travis encrypt GITHUB_TOKEN="' . $github_token . '" --add --no-interactive --pro') - ->run(); - if ($result->getExitCode() !== 0) { - throw new \Exception('The encryption of the Github token failed.'); - } - $result = $this->taskExec("terminus connection:info $project_name.dev --fields='Git Command' --format=string | awk '{print $3}'") ->printOutput(FALSE) ->run(); $pantheon_git_url = trim($result->getMessage()); - $this->taskReplaceInFile('.travis.yml') - ->from('{{ PANTHEON_GIT_URL }}') - ->to($pantheon_git_url) - ->run(); - $this->taskReplaceInFile('.travis.yml') - ->from('{{ PANTHEON_DEPLOY_BRANCH }}') - ->to($pantheon_deploy_branch) - ->run(); - $this->taskReplaceInFile('.travis.yml') - ->from('{{ GITHUB_DEPLOY_BRANCH }}') - ->to($github_deploy_branch) - ->run(); - $result = $this->taskExec('git add .travis.yml travis-key.enc')->run(); + // Update GitHub Actions workflows if they exist + if (file_exists('.github/workflows/lint.template.yml')) { + $this->_exec("cp .github/workflows/lint.template.yml .github/workflows/lint.yml"); + $this->taskReplaceInFile('.github/workflows/lint.yml') + ->from('{{ GITHUB_DEPLOY_BRANCH }}') + ->to($github_deploy_branch) + ->run(); + } + + $result = $this->taskExec('git add travis-key.enc')->run(); if ($result->getExitCode() !== 0) { throw new \Exception("git add failed."); } - $this->say("The project was prepared for the automatic deployment to Pantheon"); - $this->say("Review the changes and make a commit from the added files."); - $this->say("Add the SSH key to the Pantheon account: https://pantheon.io/docs/ssh-keys ."); - $this->say("Add the SSH key to the GitHub project as a deploy key: https://docs.github.com/en/developers/overview/managing-deploy-keys ."); - $this->say("Convert the project to nested docroot: https://pantheon.io/docs/nested-docroot ."); + + $this->say("The project was prepared for automatic deployment to Pantheon using GitHub Actions"); + $this->say(""); + $this->say("Please complete the following steps:"); + $this->say(""); + $this->say("1. Add the following secrets to your GitHub repository:"); + $this->say(" - Go to: Settings → Secrets and variables → Actions → New repository secret"); + $this->say(" - PANTHEON_GIT_URL: " . $pantheon_git_url); + $this->say(" - TERMINUS_TOKEN: " . $token); + $this->say(" - ENCRYPTED_KEY: " . $encryption_key); + $this->say(" - ENCRYPTED_IV: " . $encryption_iv); + $this->say(" - GITHUB_TOKEN: (use the automatically provided token or your personal token)"); + $this->say(" - ROLLBAR_SERVER_TOKEN: (your Rollbar token if applicable)"); + $this->say(""); + $this->say("2. Add the SSH public key to the Pantheon account:"); + $this->say(" - Key location: travis-key.pub"); + $this->say(" - Instructions: https://pantheon.io/docs/ssh-keys"); + $this->say(""); + $this->say("3. Review and commit the encrypted key file (travis-key.enc)"); + $this->say(""); + $this->say("4. Ensure nested docroot is configured: https://pantheon.io/docs/nested-docroot"); } /** From e7d16583612adbeb00eb4242cba99f9f267e1713 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 2 Dec 2025 19:19:40 +0000 Subject: [PATCH 04/21] Fix GitHub Actions workflow syntax and security issues Co-authored-by: amitaibu <125707+amitaibu@users.noreply.github.com> --- .github/workflows/deploy-live.yml | 6 ++++-- .github/workflows/deploy-qa.yml | 6 ++++-- .github/workflows/deploy-test.yml | 6 ++++-- .github/workflows/lint.template.yml | 6 +++--- .github/workflows/lint.yml | 6 +++--- .github/workflows/test.yml | 2 +- 6 files changed, 19 insertions(+), 13 deletions(-) diff --git a/.github/workflows/deploy-live.yml b/.github/workflows/deploy-live.yml index 7ab33657e..ca90acaea 100644 --- a/.github/workflows/deploy-live.yml +++ b/.github/workflows/deploy-live.yml @@ -8,7 +8,7 @@ on: jobs: deploy-live: name: 'Backend tests: Functional tests and deploy to Pantheon LIVE' - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 env: DDEV_NO_INSTRUMENTATION: true ROLLBAR_SERVER_TOKEN: ${{ secrets.ROLLBAR_SERVER_TOKEN }} @@ -52,9 +52,11 @@ jobs: chmod 600 ~/.ssh/id_rsa - name: Prepare deployment + env: + COMMIT_MESSAGE: ${{ github.event.head_commit.message }} run: | export TRAVIS_BUILD_DIR="${GITHUB_WORKSPACE}" - export TRAVIS_COMMIT_MESSAGE="${{ github.event.head_commit.message }}" + export TRAVIS_COMMIT_MESSAGE="${COMMIT_MESSAGE}" ./ci-scripts/prepare_deploy.sh - name: Deploy to Pantheon LIVE diff --git a/.github/workflows/deploy-qa.yml b/.github/workflows/deploy-qa.yml index e5c3932af..f0bc05edb 100644 --- a/.github/workflows/deploy-qa.yml +++ b/.github/workflows/deploy-qa.yml @@ -8,7 +8,7 @@ on: jobs: deploy-qa: name: 'Backend tests: Functional tests and deploy to Pantheon QA' - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 # Allow this job to fail without failing the workflow continue-on-error: true env: @@ -55,9 +55,11 @@ jobs: chmod 600 ~/.ssh/id_rsa - name: Prepare deployment + env: + COMMIT_MESSAGE: ${{ github.event.head_commit.message }} run: | export TRAVIS_BUILD_DIR="${GITHUB_WORKSPACE}" - export TRAVIS_COMMIT_MESSAGE="${{ github.event.head_commit.message }}" + export TRAVIS_COMMIT_MESSAGE="${COMMIT_MESSAGE}" ./ci-scripts/prepare_deploy.sh - name: Deploy to Pantheon QA diff --git a/.github/workflows/deploy-test.yml b/.github/workflows/deploy-test.yml index af41b1463..965f47ba0 100644 --- a/.github/workflows/deploy-test.yml +++ b/.github/workflows/deploy-test.yml @@ -9,7 +9,7 @@ on: jobs: deploy-test: name: 'Backend tests: Functional tests and deploy to Pantheon TEST' - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 env: DDEV_NO_INSTRUMENTATION: true ROLLBAR_SERVER_TOKEN: ${{ secrets.ROLLBAR_SERVER_TOKEN }} @@ -50,9 +50,11 @@ jobs: chmod 600 ~/.ssh/id_rsa - name: Prepare deployment + env: + COMMIT_MESSAGE: ${{ github.event.head_commit.message }} run: | export TRAVIS_BUILD_DIR="${GITHUB_WORKSPACE}" - export TRAVIS_COMMIT_MESSAGE="${{ github.event.head_commit.message }}" + export TRAVIS_COMMIT_MESSAGE="${COMMIT_MESSAGE}" ./ci-scripts/prepare_deploy.sh - name: Deploy to Pantheon TEST diff --git a/.github/workflows/lint.template.yml b/.github/workflows/lint.template.yml index 606f2dcc4..203f5d18a 100644 --- a/.github/workflows/lint.template.yml +++ b/.github/workflows/lint.template.yml @@ -9,7 +9,7 @@ on: jobs: phpstan: name: PhpStan - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 with: @@ -33,7 +33,7 @@ jobs: phpcs: name: Drupal coding standard - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 @@ -51,7 +51,7 @@ jobs: shellcheck: name: 'Shell coding standard: shellcheck' - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 8fa42022c..ca096e525 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -9,7 +9,7 @@ on: jobs: phpstan: name: PhpStan - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 with: @@ -33,7 +33,7 @@ jobs: phpcs: name: Drupal coding standard - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 @@ -51,7 +51,7 @@ jobs: shellcheck: name: 'Shell coding standard: shellcheck' - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a8d1f9a57..d62ef6a38 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,7 +9,7 @@ on: jobs: functional-tests: name: 'Backend tests: Functional tests' - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 env: DDEV_NO_INSTRUMENTATION: true ROLLBAR_SERVER_TOKEN: df6ce617465b4980afdecc95ed1b42de From 3c1e627d2ffec6b1617837b31afdb25dd2d87df4 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 2 Dec 2025 19:20:49 +0000 Subject: [PATCH 05/21] Add deprecation notices to Travis CI files Co-authored-by: amitaibu <125707+amitaibu@users.noreply.github.com> --- .travis.DEPRECATED.md | 12 ++++++++++++ .travis.template.yml | 5 +++++ .travis.yml | 5 +++++ 3 files changed, 22 insertions(+) create mode 100644 .travis.DEPRECATED.md diff --git a/.travis.DEPRECATED.md b/.travis.DEPRECATED.md new file mode 100644 index 000000000..565d2c953 --- /dev/null +++ b/.travis.DEPRECATED.md @@ -0,0 +1,12 @@ +# DEPRECATED: Travis CI Configuration + +**⚠️ This file is deprecated. This project now uses GitHub Actions for CI/CD.** + +This Travis CI configuration file is kept for backward compatibility with existing projects that were forked from this starter before the GitHub Actions migration. + +**For new projects, please use the GitHub Actions workflows in `.github/workflows/` instead.** + +See the [GitHub Actions documentation](https://docs.github.com/en/actions) for more information on migrating from Travis CI. + +--- + diff --git a/.travis.template.yml b/.travis.template.yml index 46a2427bd..7d87ea6fd 100644 --- a/.travis.template.yml +++ b/.travis.template.yml @@ -1,3 +1,8 @@ +# DEPRECATED: This project now uses GitHub Actions for CI/CD. +# This Travis CI template is kept for backward compatibility only. +# For new projects, please use the GitHub Actions workflows in .github/workflows/ +# See .travis.DEPRECATED.md for more information. + version: "~> 1.0" language: php dist: jammy diff --git a/.travis.yml b/.travis.yml index e664802f9..fc5fa0332 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,3 +1,8 @@ +# DEPRECATED: This project now uses GitHub Actions for CI/CD. +# This Travis CI configuration is kept for backward compatibility only. +# For new projects, please use the GitHub Actions workflows in .github/workflows/ +# See .travis.DEPRECATED.md for more information. + version: "~> 1.0" language: php dist: noble From 39d9bd6444df08b0bb5031cf75af6e4836a12e6c Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 2 Dec 2025 19:24:57 +0000 Subject: [PATCH 06/21] Completely remove Travis CI - no backward compatibility needed Co-authored-by: amitaibu <125707+amitaibu@users.noreply.github.com> --- .github/workflows/deploy-live.yml | 4 +- .github/workflows/deploy-qa.yml | 4 +- .github/workflows/deploy-test.yml | 4 +- .travis.DEPRECATED.md | 12 ---- .travis.template.yml | 91 ------------------------- .travis.yml | 101 ---------------------------- README.md | 2 +- ci-scripts/install_ddev.sh | 2 +- ci-scripts/prepare_deploy.sh | 11 ++- ci-scripts/settings_rollbar.php | 2 +- robo-components/BootstrapTrait.php | 5 -- robo-components/DeploymentTrait.php | 19 +++--- travis-key.enc | Bin 2624 -> 0 bytes 13 files changed, 22 insertions(+), 235 deletions(-) delete mode 100644 .travis.DEPRECATED.md delete mode 100644 .travis.template.yml delete mode 100644 .travis.yml delete mode 100644 travis-key.enc diff --git a/.github/workflows/deploy-live.yml b/.github/workflows/deploy-live.yml index ca90acaea..26cb2f5c9 100644 --- a/.github/workflows/deploy-live.yml +++ b/.github/workflows/deploy-live.yml @@ -46,9 +46,9 @@ jobs: - name: Prepare SSH key run: | openssl aes-256-cbc -K ${{ secrets.ENCRYPTED_KEY }} -iv ${{ secrets.ENCRYPTED_IV }} \ - -in travis-key.enc -out travis-key -d + -in deploy-key.enc -out deploy-key -d mkdir -p ~/.ssh - cp travis-key ~/.ssh/id_rsa + cp deploy-key ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa - name: Prepare deployment diff --git a/.github/workflows/deploy-qa.yml b/.github/workflows/deploy-qa.yml index f0bc05edb..af834dd12 100644 --- a/.github/workflows/deploy-qa.yml +++ b/.github/workflows/deploy-qa.yml @@ -49,9 +49,9 @@ jobs: - name: Prepare SSH key run: | openssl aes-256-cbc -K ${{ secrets.ENCRYPTED_KEY }} -iv ${{ secrets.ENCRYPTED_IV }} \ - -in travis-key.enc -out travis-key -d + -in deploy-key.enc -out deploy-key -d mkdir -p ~/.ssh - cp travis-key ~/.ssh/id_rsa + cp deploy-key ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa - name: Prepare deployment diff --git a/.github/workflows/deploy-test.yml b/.github/workflows/deploy-test.yml index 965f47ba0..1fc695540 100644 --- a/.github/workflows/deploy-test.yml +++ b/.github/workflows/deploy-test.yml @@ -44,9 +44,9 @@ jobs: - name: Prepare SSH key run: | openssl aes-256-cbc -K ${{ secrets.ENCRYPTED_KEY }} -iv ${{ secrets.ENCRYPTED_IV }} \ - -in travis-key.enc -out travis-key -d + -in deploy-key.enc -out deploy-key -d mkdir -p ~/.ssh - cp travis-key ~/.ssh/id_rsa + cp deploy-key ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa - name: Prepare deployment diff --git a/.travis.DEPRECATED.md b/.travis.DEPRECATED.md deleted file mode 100644 index 565d2c953..000000000 --- a/.travis.DEPRECATED.md +++ /dev/null @@ -1,12 +0,0 @@ -# DEPRECATED: Travis CI Configuration - -**⚠️ This file is deprecated. This project now uses GitHub Actions for CI/CD.** - -This Travis CI configuration file is kept for backward compatibility with existing projects that were forked from this starter before the GitHub Actions migration. - -**For new projects, please use the GitHub Actions workflows in `.github/workflows/` instead.** - -See the [GitHub Actions documentation](https://docs.github.com/en/actions) for more information on migrating from Travis CI. - ---- - diff --git a/.travis.template.yml b/.travis.template.yml deleted file mode 100644 index 7d87ea6fd..000000000 --- a/.travis.template.yml +++ /dev/null @@ -1,91 +0,0 @@ -# DEPRECATED: This project now uses GitHub Actions for CI/CD. -# This Travis CI template is kept for backward compatibility only. -# For new projects, please use the GitHub Actions workflows in .github/workflows/ -# See .travis.DEPRECATED.md for more information. - -version: "~> 1.0" -language: php -dist: jammy -php: - - 8.3 -services: - - docker -stages: - - lint - - test - - deploy -env: - global: - - DDEV_NO_INSTRUMENTATION=true - - PANTHEON_GIT_URL="{{ PANTHEON_GIT_URL }}" - -before_install: - - export PATH="$HOME/.config/composer/vendor/bin:$PATH" - - tmpdaemon=$(mktemp) - - sudo jq '."registry-mirrors" = ["DOCKER_MIRROR"]' /etc/docker/daemon.json > $tmpdaemon - - sudo mv $tmpdaemon /etc/docker/daemon.json - - sudo systemctl daemon-reload - - sudo systemctl restart docker - -git: - depth: 500 - - -jobs: - include: - - stage: Lint - name: PhpStan - script: - - "$TRAVIS_BUILD_DIR/ci-scripts/test_syntax.sh || travis_terminate 1;" - - composer install - - vendor/bin/phpstan analyse -c phpstan.neon - - stage: Lint - name: 'Drupal coding standard' - script: - - composer install || travis_terminate 1; - - vendor/bin/robo phpcs || travis_terminate 1; - - stage: Lint - name: 'Shell coding standard: shellcheck' - script: - - "$TRAVIS_BUILD_DIR/ci-scripts/install_shell.sh || travis_terminate 1;" - - "$TRAVIS_BUILD_DIR/ci-scripts/test_shell.sh || travis_terminate 1;" - - stage: Test - name: 'Backend tests: Functional tests' - if: (branch != "{{ GITHUB_DEPLOY_BRANCH }}" AND tag IS blank) - script: - - "(travis_retry $TRAVIS_BUILD_DIR/ci-scripts/install_ddev.sh) || travis_terminate 1;" - - "$TRAVIS_BUILD_DIR/ci-scripts/install_drupal.sh || travis_terminate 1;" - - "$TRAVIS_BUILD_DIR/ci-scripts/test_phpunit.sh || travis_terminate 1;" - - stage: Deploy - name: 'Backend tests: Functional tests and deploy to Pantheon QA' - if: branch = "{{ GITHUB_DEPLOY_BRANCH }}" AND type = push AND tag IS blank - script: - - "(travis_retry $TRAVIS_BUILD_DIR/ci-scripts/install_ddev.sh) || travis_terminate 1;" - - "$TRAVIS_BUILD_DIR/ci-scripts/install_drupal.sh || travis_terminate 1;" - - "$TRAVIS_BUILD_DIR/ci-scripts/test_phpunit.sh || travis_terminate 1;" - - "(travis_retry $TRAVIS_BUILD_DIR/ci-scripts/prepare_deploy.sh) || travis_terminate 1;" - - ddev composer install || travis_terminate 1; - - "(travis_retry ddev robo deploy:pantheon {{ PANTHEON_DEPLOY_BRANCH }} --no-interaction) || travis_terminate 1;" - - ddev robo deploy:notify || travis_terminate 1; - - stage: Deploy - name: 'Backend tests: Functional tests and deploy to Pantheon TEST' - if: tag IS present AND type = "push" AND tag !~ /live$/ - script: - - "(travis_retry $TRAVIS_BUILD_DIR/ci-scripts/install_ddev.sh) || travis_terminate 1;" - - "$TRAVIS_BUILD_DIR/ci-scripts/install_drupal.sh || travis_terminate 1;" - - "$TRAVIS_BUILD_DIR/ci-scripts/test_phpunit.sh || travis_terminate 1;" - - "(travis_retry $TRAVIS_BUILD_DIR/ci-scripts/prepare_deploy.sh) || travis_terminate 1;" - - ddev composer install || travis_terminate 1; - - "(travis_retry ddev robo deploy:tag-pantheon --no-interaction $TRAVIS_TAG master) || travis_terminate 1;" - - "(travis_retry ddev robo deploy:pantheon-sync) || travis_terminate 1;" - - stage: Deploy - name: 'Backend tests: Functional tests and deploy to Pantheon LIVE' - if: tag IS present AND type = "push" AND tag =~ /live$/ - script: - - "$TRAVIS_BUILD_DIR/ci-scripts/check_live_deploy.sh || travis_terminate 1;" - - "(travis_retry $TRAVIS_BUILD_DIR/ci-scripts/install_ddev.sh) || travis_terminate 1;" - - "$TRAVIS_BUILD_DIR/ci-scripts/install_drupal.sh || travis_terminate 1;" - - "$TRAVIS_BUILD_DIR/ci-scripts/test_phpunit.sh || travis_terminate 1;" - - "(travis_retry $TRAVIS_BUILD_DIR/ci-scripts/prepare_deploy.sh) || travis_terminate 1;" - - ddev composer install || travis_terminate 1; - - "(travis_retry ddev robo deploy:pantheon-sync live) || travis_terminate 1;" diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index fc5fa0332..000000000 --- a/.travis.yml +++ /dev/null @@ -1,101 +0,0 @@ -# DEPRECATED: This project now uses GitHub Actions for CI/CD. -# This Travis CI configuration is kept for backward compatibility only. -# For new projects, please use the GitHub Actions workflows in .github/workflows/ -# See .travis.DEPRECATED.md for more information. - -version: "~> 1.0" -language: php -dist: noble -php: -- 8.3 -services: -- docker -stages: -- lint -- test -- deploy -env: - global: - - DDEV_NO_INSTRUMENTATION=true - # This is a dummy token, just to satisfy the conditions for testing. - - ROLLBAR_SERVER_TOKEN=df6ce617465b4980afdecc95ed1b42de - - PANTHEON_GIT_URL="ssh://codeserver.dev.5acc1750-abf0-47ef-a6d8-6890a6efaca8@codeserver.dev.5acc1750-abf0-47ef-a6d8-6890a6efaca8.drush.in:2222/~/repository.git" - - secure: mm3oDnHjiBXYmhWFBxbVnPm6I48zTZhhUM9JIclwymld9SR/qjXV7qy7sjqxyT7eGLvyFcJAcDDshG1gGJ5UBjC6vKYYbEAtV/OMdORBfNzLboRGeIXAevlgqP9Sl8qSQIMOI0pUP2/nRgd3fXerLwtL1BTXI+Bl3o6bQSR57EzKBfI4WTjrUdUs9u04qMyuoS+UHWEyBZpJ/AEdkxuVOessSXYgIiijwpFmLV/07RyXAGWIYosbYiVH8genjm1h8BhK9NRUVjgfKr7SuGKOEe53A0PQNWCZnbkYQ/KJo4GF1DvzGO12xX8//mNgZmATTNh36uCt7ofNpR6gtHbLJBGVAlHaGbH9CkG+G/mdmKxblT3Bqj+W4oalXd43FGDOH72aP8mJU67vl2UOzWxOIwv735lMgzEHUG1H0ltF0LrjYuIFYGWJByDZ+lZdurDdnnKHMOVGMhJ+x0ns+R8AYWzZKH3Za0LQDFR0d1npATgZlDJRk4W8mVNhEnYAfryNGZkK8onFt6rjfWyTdwM08qE2jUtcQY2dRCbGfsRfQpyvn7RQBPrXxaLKFOoR4AIXWWUDZ4uFTmZAJpcRBAQPchQ3udjg/hT74V44nd2lg3cLv30RekAq36vVDKwHGWHdnflZ7ci1zgvbIv7Otf9QQO7mwj0JCzk7EIBnHivEy10= -before_install: -- openssl aes-256-cbc -K $encrypted_2c02e48ad60e_key -iv $encrypted_2c02e48ad60e_iv - -in travis-key.enc -out travis-key -d -- export PATH="$HOME/.config/composer/vendor/bin:$PATH" -git: - depth: 500 - - -jobs: - allow_failures: - env: - - CAN_FAIL=true - include: - - stage: Lint - name: PhpStan - script: - - "$TRAVIS_BUILD_DIR/ci-scripts/test_syntax.sh || travis_terminate 1;" - - composer install - - PHP_MEMORY_LIMIT=2G ./vendor/bin/phpstan --no-progress analyse -c phpstan.neon - - - stage: Lint - name: Drupal coding standard - script: - - composer install || travis_terminate 1; - - vendor/bin/robo phpcs || travis_terminate 1; - - - stage: Lint - name: 'Shell coding standard: shellcheck' - script: - - "$TRAVIS_BUILD_DIR/ci-scripts/install_shell.sh || travis_terminate 1;" - - "$TRAVIS_BUILD_DIR/ci-scripts/test_shell.sh || travis_terminate 1;" - - - stage: Test - name: 'Backend tests: Functional tests' - if: (branch != "main" AND tag IS blank) - script: - - "(travis_retry $TRAVIS_BUILD_DIR/ci-scripts/install_ddev.sh) || travis_terminate 1;" - - "$TRAVIS_BUILD_DIR/ci-scripts/install_drupal.sh || travis_terminate 1;" - - "$TRAVIS_BUILD_DIR/ci-scripts/test_phpunit.sh || travis_terminate 1;" - - "$TRAVIS_BUILD_DIR/ci-scripts/test_phpunit_rollbar.sh || travis_terminate 1;" - - - stage: Deploy - env: CAN_FAIL=true - name: 'Backend tests: Functional tests and deploy to Pantheon QA' - if: branch = "main" AND type = push AND tag IS blank - script: - - "(travis_retry $TRAVIS_BUILD_DIR/ci-scripts/install_ddev.sh) || travis_terminate 1;" - - "$TRAVIS_BUILD_DIR/ci-scripts/install_drupal.sh || travis_terminate 1;" - - "$TRAVIS_BUILD_DIR/ci-scripts/test_phpunit.sh || travis_terminate 1;" - - "$TRAVIS_BUILD_DIR/ci-scripts/test_phpunit_rollbar.sh || travis_terminate 1;" - - "(travis_retry $TRAVIS_BUILD_DIR/ci-scripts/prepare_deploy.sh) || travis_terminate 1;" - - ddev composer install || travis_terminate 1; - - "(travis_retry ddev robo deploy:pantheon qa --no-interaction) || travis_terminate 1;" - - ddev robo deploy:notify || travis_terminate 1; - - - stage: Deploy - name: 'Backend tests: Functional tests and deploy to Pantheon TEST' - if: tag IS present AND type = "push" AND tag !~ /live$/ - script: - - "(travis_retry $TRAVIS_BUILD_DIR/ci-scripts/install_ddev.sh) || travis_terminate 1;" - - "$TRAVIS_BUILD_DIR/ci-scripts/install_drupal.sh || travis_terminate 1;" - - "$TRAVIS_BUILD_DIR/ci-scripts/test_phpunit.sh || travis_terminate 1;" - - "(travis_retry $TRAVIS_BUILD_DIR/ci-scripts/prepare_deploy.sh) || travis_terminate 1;" - - ddev composer install || travis_terminate 1; - - "(travis_retry ddev robo deploy:tag-pantheon --no-interaction $TRAVIS_TAG master) || travis_terminate 1;" - - "(travis_retry ddev robo deploy:pantheon-sync) || travis_terminate 1;" - - - stage: Deploy - name: 'Backend tests: Functional tests and deploy to Pantheon LIVE' - if: tag IS present AND type = "push" AND tag =~ /live$/ - script: - - "$TRAVIS_BUILD_DIR/ci-scripts/check_live_deploy.sh || travis_terminate 1;" - - "(travis_retry $TRAVIS_BUILD_DIR/ci-scripts/install_ddev.sh) || travis_terminate 1;" - - "$TRAVIS_BUILD_DIR/ci-scripts/install_drupal.sh || travis_terminate 1;" - - "$TRAVIS_BUILD_DIR/ci-scripts/test_phpunit.sh || travis_terminate 1;" - - "(travis_retry $TRAVIS_BUILD_DIR/ci-scripts/prepare_deploy.sh) || travis_terminate 1;" - - ddev composer install || travis_terminate 1; - - "(travis_retry ddev robo deploy:pantheon-sync live) || travis_terminate 1;" diff --git a/README.md b/README.md index 450918b46..10caedf19 100644 --- a/README.md +++ b/README.md @@ -391,7 +391,7 @@ In order to deploy upon every merge automatically using GitHub Actions, you shal 1. Get a GitHub Personal access token. It will be used to post a comment to GitHub to the relevant issue when a merged PR is deployed, so set the expiry date far in the future enough for this. 1. `ddev robo deploy:config-autodeploy [your terminus token] [your github token]` 1. `git commit -m "Deployment secrets and configuration"` -1. Add the public key in `travis-key.pub` to the newly created dummy [Pantheon user](https://pantheon.io/docs/ssh-keys) +1. Add the public key in `deploy-key.pub` to the newly created dummy [Pantheon user](https://pantheon.io/docs/ssh-keys) 1. Set up the following GitHub secrets in your repository settings: - `PANTHEON_GIT_URL`: The Pantheon Git URL for your project - `TERMINUS_TOKEN`: Your Pantheon machine token diff --git a/ci-scripts/install_ddev.sh b/ci-scripts/install_ddev.sh index cba2988c3..43bc645a6 100755 --- a/ci-scripts/install_ddev.sh +++ b/ci-scripts/install_ddev.sh @@ -17,7 +17,7 @@ else echo "ddev $DDEV_VERSION is already installed." fi -# Upon travis_retry, have a fresh start. +# Clean up Docker system if retrying. docker system prune -a --volumes -f echo "Configuring ddev." diff --git a/ci-scripts/prepare_deploy.sh b/ci-scripts/prepare_deploy.sh index 7791a1cfb..d25593374 100755 --- a/ci-scripts/prepare_deploy.sh +++ b/ci-scripts/prepare_deploy.sh @@ -3,12 +3,10 @@ set -e set -x -# Support both Travis CI and GitHub Actions -BUILD_DIR="${TRAVIS_BUILD_DIR:-${GITHUB_WORKSPACE}}" -cd "$BUILD_DIR" || exit 1 +cd "$GITHUB_WORKSPACE" || exit 1 # Make Git operations possible. -cp travis-key ~/.ssh/id_rsa +cp deploy-key ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa # Authenticate with Terminus. @@ -28,15 +26,14 @@ fi ddev stop # Expose some environment variables to DDEV to be able to notify on auto-deploy. -# Support both Travis CI and GitHub Actions -COMMIT_MESSAGE="${TRAVIS_COMMIT_MESSAGE:-${GITHUB_COMMIT_MESSAGE}}" +COMMIT_MESSAGE="${GITHUB_COMMIT_MESSAGE}" # Make sure commit message variable does not contain special characters: # { , } , [ , ] , & , * , # , ? , | , - , < , > , = , ! , % , @ , ", ', ` # and comma itself. # These could break the YAML/Bash syntax. # shellcheck disable=SC2001 COMMIT_MESSAGE=$(echo "$COMMIT_MESSAGE" | tr '\n' ' ' | sed -e 's/[{},&*?|<>=%@\"'\''`-]//g') -ddev config global --web-environment-add="TRAVIS_COMMIT_MESSAGE=$COMMIT_MESSAGE" +ddev config global --web-environment-add="GITHUB_COMMIT_MESSAGE=$COMMIT_MESSAGE" ddev config global --web-environment-add="GITHUB_TOKEN=$GITHUB_TOKEN" if [ -n "${DEPLOY_EXCLUDE_WARNING}" ]; then ddev config global --web-environment-add="DEPLOY_EXCLUDE_WARNING=$DEPLOY_EXCLUDE_WARNING" diff --git a/ci-scripts/settings_rollbar.php b/ci-scripts/settings_rollbar.php index dd39e055c..90c4def27 100644 --- a/ci-scripts/settings_rollbar.php +++ b/ci-scripts/settings_rollbar.php @@ -1,4 +1,4 @@ $config["rollbar.settings"]["enabled"] = TRUE; -$config["rollbar.settings"]["environment"] = "jep-rootone.travis-local"; +$config["rollbar.settings"]["environment"] = "ci-local"; $config["rollbar.settings"]["log_level"] = [0,1,2,3,4]; $config["rollbar.settings"]["access_token"] = getenv('ROLLBAR_SERVER_TOKEN'); diff --git a/robo-components/BootstrapTrait.php b/robo-components/BootstrapTrait.php index 5cc809fd0..daf875a71 100644 --- a/robo-components/BootstrapTrait.php +++ b/robo-components/BootstrapTrait.php @@ -156,11 +156,6 @@ protected function prepareGithubRepository(string $project_name, string $organiz ->to(str_replace('-', '_', $project_machine_name)) ->run(); - $this->taskReplaceInFile('.bootstrap/.travis.template.yml') - ->from('DOCKER_MIRROR') - ->to($docker_mirror_url) - ->run(); - $result = $this->taskExec("cd .bootstrap && composer update --lock") ->run() ->getExitCode(); diff --git a/robo-components/DeploymentTrait.php b/robo-components/DeploymentTrait.php index 39d1757be..0015a283b 100644 --- a/robo-components/DeploymentTrait.php +++ b/robo-components/DeploymentTrait.php @@ -50,7 +50,6 @@ trait DeploymentTrait { '.idea', '.pantheon', '.phpunit.result.cache', - '.travis.yml', 'ci-scripts', 'pantheon.upstream.yml', 'phpstan.neon', @@ -60,8 +59,8 @@ trait DeploymentTrait { 'RoboFile.php', 'robo-components', 'server.es.secrets.json', - 'travis-key.enc', - 'travis-key', + 'deploy-key.enc', + 'deploy-key', 'web/.csslintrc', 'web/.eslintignore', 'web/.eslintrc.json', @@ -693,7 +692,7 @@ public function deployPantheonInstallEnv(string $env = 'qa', ?string $pantheon_n * @param string $token * Terminus machine token: https://pantheon.io/docs/machine-tokens. * @param string $github_token - * Personal GitHub token (Travis auth): + * Personal GitHub token: * https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token. * @param string $github_deploy_branch * The branch that should be pushed automatically to Pantheon. By default, @@ -710,7 +709,7 @@ public function deployConfigAutodeploy(string $token, string $github_token, stri $project_name = $pantheon_info['name']; // Generate SSH key for deployment - $result = $this->taskExec('ssh-keygen -t rsa -f travis-key -P ""')->run(); + $result = $this->taskExec('ssh-keygen -t rsa -f deploy-key -P ""')->run(); if ($result->getExitCode() !== 0) { throw new \Exception('The key generation failed.'); } @@ -722,7 +721,7 @@ public function deployConfigAutodeploy(string $token, string $github_token, stri $result = $this->taskExec('openssl rand -hex 16')->printOutput(FALSE)->run(); $encryption_iv = trim($result->getMessage()); - $result = $this->taskExec("openssl aes-256-cbc -K $encryption_key -iv $encryption_iv -in travis-key -out travis-key.enc")->run(); + $result = $this->taskExec("openssl aes-256-cbc -K $encryption_key -iv $encryption_iv -in deploy-key -out deploy-key.enc")->run(); if ($result->getExitCode() !== 0) { throw new \Exception('The encryption of the private key failed.'); } @@ -741,7 +740,7 @@ public function deployConfigAutodeploy(string $token, string $github_token, stri ->run(); } - $result = $this->taskExec('git add travis-key.enc')->run(); + $result = $this->taskExec('git add deploy-key.enc')->run(); if ($result->getExitCode() !== 0) { throw new \Exception("git add failed."); } @@ -760,10 +759,10 @@ public function deployConfigAutodeploy(string $token, string $github_token, stri $this->say(" - ROLLBAR_SERVER_TOKEN: (your Rollbar token if applicable)"); $this->say(""); $this->say("2. Add the SSH public key to the Pantheon account:"); - $this->say(" - Key location: travis-key.pub"); + $this->say(" - Key location: deploy-key.pub"); $this->say(" - Instructions: https://pantheon.io/docs/ssh-keys"); $this->say(""); - $this->say("3. Review and commit the encrypted key file (travis-key.enc)"); + $this->say("3. Review and commit the encrypted key file (deploy-key.enc)"); $this->say(""); $this->say("4. Ensure nested docroot is configured: https://pantheon.io/docs/nested-docroot"); } @@ -782,7 +781,7 @@ public function deployNotify(string $pantheon_environment = 'qa', string $issue_ $issue_comment = json_encode($data); } $github_token = getenv('GITHUB_TOKEN'); - $git_commit_message = getenv('TRAVIS_COMMIT_MESSAGE'); + $git_commit_message = getenv('GITHUB_COMMIT_MESSAGE'); if (strstr($git_commit_message, 'Merge pull request') === FALSE && strstr($git_commit_message, ' (#') === FALSE) { $this->say($git_commit_message); return; diff --git a/travis-key.enc b/travis-key.enc deleted file mode 100644 index 1ba9da82abf2057978c74f38357cc2e1fd03ba08..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2624 zcmV-G3cvMaH^411MSxvmh9i~vf+eIY%)X_D_5Z$m*g@rN;$_1Jj|v)(iWB1}!WFSp zWy)E%huQ&Vj99xG=p%r&H}Y3n7F9fmXu>%qaud^%6R_&j5WKdPy&X<>J6k65yjXB+ z*~x+)s4d zwiS%nZ1{q^y;L;Y4CLKwHjK^F@<*>?p<#*x%*^G=$9Q)LPuL^(GQ#0cnc74l9E`aLS-5T9Lg8ui}M^G&JKkm z9Y2dEU;ptvF|wySo~nR?ij}r@)`Af4pPAw@Bx^U3z@zekNcY7qAb1NsZX<>pOIkUN zCMY!hD_j-Vi<@Y=M6Yvp4a#TcR8$k0PHkNBWOuPJ;09$bjS>gmt;>NN;S$GkP4ysG z6`(hM&Ru3s4cvi<1dIG9`yN(X21IqSuG8^7Q`d;{ox%$_l2`T*Hb)>$j2g#t&+*9k8ADKwHURk7h>KitWIUJxV1;oE%J2atO0M757Md_CC*t#NjnV>QJ z?#g737fT8CH_F@ccWNW;L#rc0vrsD0a%##GS%u0GZsP}#19Ffeu6^tJg2ka{V{2Ou z_9$EO6V7)_t|WaD_OXp^TRl_e9E_u0{G$>aM`NPmWeIzkqMI9W`Bi)gMVdGt>XO#j zK0?s&_P~xt9`V5B>5692^~9wAP875sllQiS!*ppX^r-qgG|f;JBdBkA;I%aC>Q7B5 zp>VI^{z%jqkxN;6>YL#V!n$>zFwtpif-kkAXEWXdh*UlEdO75Ye}2cgHzJeO270G@ zYV62%gksqIJ|c&+bf!7_(&xv_cx5Aq^FTAF=l}Y;UANDdbWW=XtC3npyGLy}RK4D# zmg%iD^OY1O4QSDfI$$o=V45(EX8}sPzT9>jNvC}q98o+QOoO*Rt6`_RN1EcafSTR=|( zKsQqT@v!jAmlB9_X{)UQ<$1qJ4QuVRi5KU>#Yg#4SnRZYs#DS zsit~UaoH1m!d8t2%IwgZHMa3d>MoBOMx8_H4Q$CD1BMj`a(O<}ZFdAGXkZ`Mh=YZA z@SDHC%irQA2{Bx7W$;JB-1r&-ggEn{guI_!3S^9lJ;yfWS$CnV$46R z62IK%N;j;!Ow04mgvJc6XAN`LDWUvU2-5tW&0eju@IV(YY9>D%pB!?Fw5rGfXHuqq z*z2uQCn^b=(V8Hth_`vkY|K#7oOw(|cGOCqG?lM`3B)NEGIs@ZoRhZn6u z1&uEGpKyj%tr;WEjm)h)m3BHxj(oX=peUKKCJdT=N2f$I-h1UyW!UCs-^h5PE@gzF z!x0+`h1xkT(Cb8xPM+mP@%@gr@5Auz3(OQvYPQra?&ZPE#Ark04roHY-VWF~eB~`p z$t7+XN57XF{R6-*6h+;2#RE@V#5CbRTg%6J4t?({)a_EW`Ya^pI8Vw+f&*HMnNsX+ z=PQjU2i(hw0K@6mYI{3#8fa-nrfB3o4NR=+?y^IaFWzcVYm9WUJR8vzcmR{Kk%-%>%>>BFPcDBz45?h& z=o&gfTG`Jt^iPgm{_yD1&oZ`auB2!?naSV?deBQ@&$o;&Xa=fJlVy)^x3Yc|%us%5=|~hgIETsR5fC$^kS8w zH=&fw6M*+4i$|Vb%W#p{N8Ouz4ii{T-g8Tw+IZD))j)NHJ9wZghc&Uql@hq&Q0KFk z%Mxrp=v>@6xPvwd;-*N53CLr*aV{Riy5yF7*xc&_63<+gEowFjo#RZu*Te!RG)oA3wEGsVSni& ziE82BcQ7z!YkFlDm9$(F$)hwq2stqaips#KZV)uVInci+8hRn7aWL3LDkv(PI=SAc{$fm^QwbXzdKouWcdXP+|etE8ckMRg?Np_EAb2sr*r@b+J z0ROJvA4oMubR$xNIXbPzfxYYVzJYz%!ny3p@J)Q6(WU#hK?2qH Date: Tue, 2 Dec 2025 19:27:11 +0000 Subject: [PATCH 07/21] Remove Travis compatibility layer from workflows Co-authored-by: amitaibu <125707+amitaibu@users.noreply.github.com> --- .github/workflows/deploy-live.yml | 7 ++----- .github/workflows/deploy-qa.yml | 7 ++----- .github/workflows/deploy-test.yml | 7 ++----- 3 files changed, 6 insertions(+), 15 deletions(-) diff --git a/.github/workflows/deploy-live.yml b/.github/workflows/deploy-live.yml index 26cb2f5c9..67d416f73 100644 --- a/.github/workflows/deploy-live.yml +++ b/.github/workflows/deploy-live.yml @@ -53,11 +53,8 @@ jobs: - name: Prepare deployment env: - COMMIT_MESSAGE: ${{ github.event.head_commit.message }} - run: | - export TRAVIS_BUILD_DIR="${GITHUB_WORKSPACE}" - export TRAVIS_COMMIT_MESSAGE="${COMMIT_MESSAGE}" - ./ci-scripts/prepare_deploy.sh + GITHUB_COMMIT_MESSAGE: ${{ github.event.head_commit.message }} + run: ./ci-scripts/prepare_deploy.sh - name: Deploy to Pantheon LIVE run: | diff --git a/.github/workflows/deploy-qa.yml b/.github/workflows/deploy-qa.yml index af834dd12..0c1490f09 100644 --- a/.github/workflows/deploy-qa.yml +++ b/.github/workflows/deploy-qa.yml @@ -56,11 +56,8 @@ jobs: - name: Prepare deployment env: - COMMIT_MESSAGE: ${{ github.event.head_commit.message }} - run: | - export TRAVIS_BUILD_DIR="${GITHUB_WORKSPACE}" - export TRAVIS_COMMIT_MESSAGE="${COMMIT_MESSAGE}" - ./ci-scripts/prepare_deploy.sh + GITHUB_COMMIT_MESSAGE: ${{ github.event.head_commit.message }} + run: ./ci-scripts/prepare_deploy.sh - name: Deploy to Pantheon QA run: | diff --git a/.github/workflows/deploy-test.yml b/.github/workflows/deploy-test.yml index 1fc695540..cfc86e8c4 100644 --- a/.github/workflows/deploy-test.yml +++ b/.github/workflows/deploy-test.yml @@ -51,11 +51,8 @@ jobs: - name: Prepare deployment env: - COMMIT_MESSAGE: ${{ github.event.head_commit.message }} - run: | - export TRAVIS_BUILD_DIR="${GITHUB_WORKSPACE}" - export TRAVIS_COMMIT_MESSAGE="${COMMIT_MESSAGE}" - ./ci-scripts/prepare_deploy.sh + GITHUB_COMMIT_MESSAGE: ${{ github.event.head_commit.message }} + run: ./ci-scripts/prepare_deploy.sh - name: Deploy to Pantheon TEST run: | From d979f032f87d66a6ccf8ff31a7efa4c5576ab307 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 2 Dec 2025 19:31:08 +0000 Subject: [PATCH 08/21] Address code review feedback - improve documentation and error handling Co-authored-by: amitaibu <125707+amitaibu@users.noreply.github.com> --- .github/workflows/deploy-live.yml | 2 +- .github/workflows/deploy-qa.yml | 2 +- .github/workflows/deploy-test.yml | 2 +- robo-components/BootstrapTrait.php | 4 ++-- robo-components/DeploymentTrait.php | 8 +++++++- 5 files changed, 12 insertions(+), 6 deletions(-) diff --git a/.github/workflows/deploy-live.yml b/.github/workflows/deploy-live.yml index 67d416f73..60c9e33b7 100644 --- a/.github/workflows/deploy-live.yml +++ b/.github/workflows/deploy-live.yml @@ -53,7 +53,7 @@ jobs: - name: Prepare deployment env: - GITHUB_COMMIT_MESSAGE: ${{ github.event.head_commit.message }} + GITHUB_COMMIT_MESSAGE: ${{ github.event.head_commit.message || github.event.commits[0].message || 'Manual deployment' }} run: ./ci-scripts/prepare_deploy.sh - name: Deploy to Pantheon LIVE diff --git a/.github/workflows/deploy-qa.yml b/.github/workflows/deploy-qa.yml index 0c1490f09..e8e3f079f 100644 --- a/.github/workflows/deploy-qa.yml +++ b/.github/workflows/deploy-qa.yml @@ -56,7 +56,7 @@ jobs: - name: Prepare deployment env: - GITHUB_COMMIT_MESSAGE: ${{ github.event.head_commit.message }} + GITHUB_COMMIT_MESSAGE: ${{ github.event.head_commit.message || github.event.commits[0].message || 'Manual deployment' }} run: ./ci-scripts/prepare_deploy.sh - name: Deploy to Pantheon QA diff --git a/.github/workflows/deploy-test.yml b/.github/workflows/deploy-test.yml index cfc86e8c4..02a47ac41 100644 --- a/.github/workflows/deploy-test.yml +++ b/.github/workflows/deploy-test.yml @@ -51,7 +51,7 @@ jobs: - name: Prepare deployment env: - GITHUB_COMMIT_MESSAGE: ${{ github.event.head_commit.message }} + GITHUB_COMMIT_MESSAGE: ${{ github.event.head_commit.message || github.event.commits[0].message || 'Manual deployment' }} run: ./ci-scripts/prepare_deploy.sh - name: Deploy to Pantheon TEST diff --git a/robo-components/BootstrapTrait.php b/robo-components/BootstrapTrait.php index daf875a71..2cf43e7e7 100644 --- a/robo-components/BootstrapTrait.php +++ b/robo-components/BootstrapTrait.php @@ -21,7 +21,7 @@ trait BootstrapTrait { * @param string $github_token * The GitHub personal access token for a user with access to this project. * @param string $docker_mirror_url - * The Docker mirror URL. Optional, but expect Travis failures if not set, + * The Docker mirror URL. Optional, but expect CI failures if not set, * this is due to rate limiting on Docker Hub. * @param string $http_basic_auth_user * The HTTP basic auth user. Optional. If set, all the Pantheon environments @@ -75,7 +75,7 @@ public function bootstrapProject(string $project_name, string $github_repository * @param string $github_repository_url * The clone URL of the GitHub repository. * @param string $docker_mirror_url - * The Docker mirror URL. Optional, but expect Travis failures if not set. + * The Docker mirror URL. Optional, but expect CI failures if not set. */ protected function prepareGithubRepository(string $project_name, string $organization, string $project_machine_name, string $github_repository_url, string $docker_mirror_url = '') { $temp_remote = 'bootstrap_' . time(); diff --git a/robo-components/DeploymentTrait.php b/robo-components/DeploymentTrait.php index 0015a283b..a56cdf4e4 100644 --- a/robo-components/DeploymentTrait.php +++ b/robo-components/DeploymentTrait.php @@ -267,7 +267,7 @@ public function deployPantheon(string $branch_name = 'master', ?string $commit_m // We deal with versions as commit hashes. // The high-level goal is to prevent the auto-deploy process - // to overwrite the code with an older version if the Travis queue + // to overwrite the code with an older version if the CI queue // swaps the order of two jobs, so they are not executed in // chronological order. $currently_deployed_version = NULL; @@ -716,9 +716,15 @@ public function deployConfigAutodeploy(string $token, string $github_token, stri // Encrypt the SSH key for use in GitHub Actions $result = $this->taskExec('openssl rand -hex 32')->printOutput(FALSE)->run(); + if ($result->getExitCode() !== 0) { + throw new \Exception('Failed to generate encryption key.'); + } $encryption_key = trim($result->getMessage()); $result = $this->taskExec('openssl rand -hex 16')->printOutput(FALSE)->run(); + if ($result->getExitCode() !== 0) { + throw new \Exception('Failed to generate encryption IV.'); + } $encryption_iv = trim($result->getMessage()); $result = $this->taskExec("openssl aes-256-cbc -K $encryption_key -iv $encryption_iv -in deploy-key -out deploy-key.enc")->run(); From 4f863fcb3f045875d067a3eabd35fbc2f5a30972 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 2 Dec 2025 19:33:55 +0000 Subject: [PATCH 09/21] Add explicit permissions to workflows for security Co-authored-by: amitaibu <125707+amitaibu@users.noreply.github.com> --- .github/workflows/deploy-live.yml | 5 +++++ .github/workflows/deploy-qa.yml | 5 +++++ .github/workflows/deploy-test.yml | 5 +++++ .github/workflows/lint.template.yml | 3 +++ .github/workflows/lint.yml | 3 +++ .github/workflows/test.yml | 3 +++ 6 files changed, 24 insertions(+) diff --git a/.github/workflows/deploy-live.yml b/.github/workflows/deploy-live.yml index 60c9e33b7..96aeedd8e 100644 --- a/.github/workflows/deploy-live.yml +++ b/.github/workflows/deploy-live.yml @@ -5,6 +5,11 @@ on: tags: - '*live' +permissions: + contents: read + issues: write + pull-requests: write + jobs: deploy-live: name: 'Backend tests: Functional tests and deploy to Pantheon LIVE' diff --git a/.github/workflows/deploy-qa.yml b/.github/workflows/deploy-qa.yml index e8e3f079f..54dacc32d 100644 --- a/.github/workflows/deploy-qa.yml +++ b/.github/workflows/deploy-qa.yml @@ -5,6 +5,11 @@ on: branches: - main +permissions: + contents: read + issues: write + pull-requests: write + jobs: deploy-qa: name: 'Backend tests: Functional tests and deploy to Pantheon QA' diff --git a/.github/workflows/deploy-test.yml b/.github/workflows/deploy-test.yml index 02a47ac41..b4bd35a43 100644 --- a/.github/workflows/deploy-test.yml +++ b/.github/workflows/deploy-test.yml @@ -6,6 +6,11 @@ on: - '*' - '!*live' +permissions: + contents: read + issues: write + pull-requests: write + jobs: deploy-test: name: 'Backend tests: Functional tests and deploy to Pantheon TEST' diff --git a/.github/workflows/lint.template.yml b/.github/workflows/lint.template.yml index 203f5d18a..39ddf936c 100644 --- a/.github/workflows/lint.template.yml +++ b/.github/workflows/lint.template.yml @@ -6,6 +6,9 @@ on: branches: - {{ GITHUB_DEPLOY_BRANCH }} +permissions: + contents: read + jobs: phpstan: name: PhpStan diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index ca096e525..0a4b4dc70 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -6,6 +6,9 @@ on: branches: - main +permissions: + contents: read + jobs: phpstan: name: PhpStan diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d62ef6a38..f8906aed3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -6,6 +6,9 @@ on: branches-ignore: - main +permissions: + contents: read + jobs: functional-tests: name: 'Backend tests: Functional tests' From 18637e89ad25cf2dfca6c6929952db7bbca09351 Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Fri, 5 Dec 2025 14:08:03 +0100 Subject: [PATCH 10/21] Replace curl with gh CLI and remove unused docker_mirror_url parameter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Replace manual curl GitHub API calls with gh CLI commands in DeploymentTrait - gh pr view for fetching PR data - gh repo view for checking repo visibility - gh issue comment for posting comments - Remove unused docker_mirror_url parameter from BootstrapTrait - Remove unused $github_token variable (gh CLI uses GITHUB_TOKEN env var automatically) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- robo-components/BootstrapTrait.php | 27 +++++------------ robo-components/DeploymentTrait.php | 46 ++++++++++++++--------------- 2 files changed, 30 insertions(+), 43 deletions(-) diff --git a/robo-components/BootstrapTrait.php b/robo-components/BootstrapTrait.php index 2cf43e7e7..4565c1019 100644 --- a/robo-components/BootstrapTrait.php +++ b/robo-components/BootstrapTrait.php @@ -20,25 +20,22 @@ trait BootstrapTrait { * The Pantheon machine token. * @param string $github_token * The GitHub personal access token for a user with access to this project. - * @param string $docker_mirror_url - * The Docker mirror URL. Optional, but expect CI failures if not set, - * this is due to rate limiting on Docker Hub. * @param string $http_basic_auth_user * The HTTP basic auth user. Optional. If set, all the Pantheon environments * will be protected with HTTP basic auth. * @param string $http_basic_auth_password * The HTTP basic auth password. Optional. */ - public function bootstrapProject(string $project_name, string $github_repository_url, string $terminus_token, string $github_token, string $docker_mirror_url = '', string $http_basic_auth_user = '', string $http_basic_auth_password = '') { + public function bootstrapProject(string $project_name, string $github_repository_url, string $terminus_token, string $github_token, string $http_basic_auth_user = '', string $http_basic_auth_password = '') { // Extract project name from $github_repository_url. // The syntax is like: git@github.com:Organization/projectname.git . preg_match('/github.com[:\/](.*)\/(.*)\.git/', $github_repository_url, $matches); $github_organization = $matches[1]; $project_machine_name = $matches[2]; - $this->verifyRequirements($project_name, $github_organization, $project_machine_name, $terminus_token, $github_token, $docker_mirror_url, $http_basic_auth_user, $http_basic_auth_password); + $this->verifyRequirements($project_name, $github_organization, $project_machine_name, $terminus_token, $github_token, $http_basic_auth_user, $http_basic_auth_password); - $this->prepareGithubRepository($project_name, $github_organization, $project_machine_name, $github_repository_url, $docker_mirror_url); + $this->prepareGithubRepository($project_name, $github_organization, $project_machine_name, $github_repository_url); $this->createPantheonProject($terminus_token, $project_name, $project_machine_name); @@ -59,8 +56,8 @@ public function bootstrapProject(string $project_name, string $github_repository $this->say("You might want to run the following commands to properly place the project:"); $this->say("mv .bootstrap ../$project_machine_name"); $this->say("mv .pantheon ../$project_machine_name/.pantheon"); - $this->say("To configure autodeployment to pantheon run:"); - $this->say("ddev robo deploy:config-autodeploy $terminus_token, $github_token"); + $this->say("To configure autodeployment to Pantheon run:"); + $this->say("ddev robo deploy:config-autodeploy $terminus_token $github_token"); } /** @@ -74,10 +71,8 @@ public function bootstrapProject(string $project_name, string $github_repository * The project machine name in GH slug. * @param string $github_repository_url * The clone URL of the GitHub repository. - * @param string $docker_mirror_url - * The Docker mirror URL. Optional, but expect CI failures if not set. */ - protected function prepareGithubRepository(string $project_name, string $organization, string $project_machine_name, string $github_repository_url, string $docker_mirror_url = '') { + protected function prepareGithubRepository(string $project_name, string $organization, string $project_machine_name, string $github_repository_url) { $temp_remote = 'bootstrap_' . time(); $this->taskExec("git remote add $temp_remote $github_repository_url") ->run(); @@ -370,14 +365,12 @@ public function lockPantheonEnvironments(string $project_machine_name, string $h * The Pantheon machine token. * @param string $github_token * The GitHub token. - * @param string $docker_mirror_url - * The Docker mirror URL. * @param string $http_basic_auth_user * The HTTP basic auth user. * @param string $http_basic_auth_password * The HTTP basic auth password. */ - protected function verifyRequirements(string $project_name, string $organization, string $project_machine_name, string $terminus_token, string $github_token, string $docker_mirror_url, $http_basic_auth_user, $http_basic_auth_password) { + protected function verifyRequirements(string $project_name, string $organization, string $project_machine_name, string $terminus_token, string $github_token, $http_basic_auth_user, $http_basic_auth_password) { if (is_dir('.bootstrap')) { throw new \Exception('The .bootstrap directory already exists. Please remove / move it and try again.'); } @@ -402,12 +395,6 @@ protected function verifyRequirements(string $project_name, string $organization if (empty(trim($github_token))) { throw new \Exception('The GitHub token is empty.'); } - if (empty(trim($docker_mirror_url))) { - throw new \Exception('The Docker mirror URL is empty.'); - } - if (!empty($docker_mirror_url) && !filter_var($docker_mirror_url, FILTER_VALIDATE_URL)) { - throw new \Exception('The Docker mirror URL is not a valid URL.'); - } } } diff --git a/robo-components/DeploymentTrait.php b/robo-components/DeploymentTrait.php index a56cdf4e4..930e7c151 100644 --- a/robo-components/DeploymentTrait.php +++ b/robo-components/DeploymentTrait.php @@ -708,19 +708,19 @@ public function deployConfigAutodeploy(string $token, string $github_token, stri $pantheon_info = $this->getPantheonNameAndEnv(); $project_name = $pantheon_info['name']; - // Generate SSH key for deployment + // Generate SSH key for deployment. $result = $this->taskExec('ssh-keygen -t rsa -f deploy-key -P ""')->run(); if ($result->getExitCode() !== 0) { throw new \Exception('The key generation failed.'); } - // Encrypt the SSH key for use in GitHub Actions + // Encrypt the SSH key for use in GitHub Actions. $result = $this->taskExec('openssl rand -hex 32')->printOutput(FALSE)->run(); if ($result->getExitCode() !== 0) { throw new \Exception('Failed to generate encryption key.'); } $encryption_key = trim($result->getMessage()); - + $result = $this->taskExec('openssl rand -hex 16')->printOutput(FALSE)->run(); if ($result->getExitCode() !== 0) { throw new \Exception('Failed to generate encryption IV.'); @@ -737,7 +737,7 @@ public function deployConfigAutodeploy(string $token, string $github_token, stri ->run(); $pantheon_git_url = trim($result->getMessage()); - // Update GitHub Actions workflows if they exist + // Update GitHub Actions workflows if they exist. if (file_exists('.github/workflows/lint.template.yml')) { $this->_exec("cp .github/workflows/lint.template.yml .github/workflows/lint.yml"); $this->taskReplaceInFile('.github/workflows/lint.yml') @@ -786,7 +786,6 @@ public function deployNotify(string $pantheon_environment = 'qa', string $issue_ $data = ['body' => $issue_comment]; $issue_comment = json_encode($data); } - $github_token = getenv('GITHUB_TOKEN'); $git_commit_message = getenv('GITHUB_COMMIT_MESSAGE'); if (strstr($git_commit_message, 'Merge pull request') === FALSE && strstr($git_commit_message, ' (#') === FALSE) { $this->say($git_commit_message); @@ -809,21 +808,20 @@ public function deployNotify(string $pantheon_environment = 'qa', string $issue_ $this->say("Could not determine the PR number from the commit message: $git_commit_message"); return; } - // Retrieve the issue number from the PR description via GitHub API. + // Retrieve the issue number from the PR description via GitHub CLI. $pr_number = $pr_matches[1][0]; - $pr = $this->taskExec("curl -H \"Authorization: token $github_token\" https://api.github.com/repos/" . self::$githubProject . "/pulls/$pr_number") + $pr_body = $this->taskExec("gh pr view $pr_number --json body --jq .body") ->printOutput(FALSE) ->run() ->getMessage(); - $pr = json_decode($pr); - if (!isset($pr->body)) { + if (empty(trim($pr_body))) { $this->say("Could not determine the issue number from the PR: $git_commit_message"); return; } // The issue number should be the "#1234"-like reference in the PR body. - preg_match_all('!#([0-9]+)\s+!', $pr->body, $issue_matches); + preg_match_all('!#([0-9]+)\s+!', $pr_body, $issue_matches); if (!isset($issue_matches[1][0])) { - $this->say("Could not determine the issue number from the PR description: $pr->body"); + $this->say("Could not determine the issue number from the PR description: $pr_body"); return; } foreach ($issue_matches[1] as $issue_match) { @@ -837,17 +835,13 @@ public function deployNotify(string $pantheon_environment = 'qa', string $issue_ $pantheon_info = $this->getPantheonNameAndEnv(); $pantheon_terminus_environment = $pantheon_info['name'] . '.' . $pantheon_environment; - // Let's figure out if the repository is public or not via GitHub API. - $repo = $this->taskExec("curl -H \"Authorization: token $github_token\" https://api.github.com/repos/" . self::$githubProject) + // Check if the repository is private via GitHub CLI. + $is_private = $this->taskExec("gh repo view --json isPrivate --jq .isPrivate") ->printOutput(FALSE) ->run() ->getMessage(); - $repo = json_decode($repo); - if (!isset($repo->private)) { - $this->yell("Could not determine if the repository is private or not."); - return; - } - if ($repo->private) { + $is_private = trim($is_private) === 'true'; + if ($is_private) { $quick_link = $this->deployGetEnvironmentUrl($pantheon_terminus_environment); } else { @@ -857,19 +851,25 @@ public function deployNotify(string $pantheon_environment = 'qa', string $issue_ if (empty($issue_comment)) { if (empty($pr_number)) { - $issue_comment = "{\"body\": \"The latest merged PR just got deployed successfully to Pantheon [`$pantheon_environment`]($quick_link) environment\"}"; + $comment_body = "The latest merged PR just got deployed successfully to Pantheon [`$pantheon_environment`]($quick_link) environment"; } else { - $issue_comment = "{\"body\": \"The latest merged PR #$pr_number just got deployed successfully to Pantheon [`$pantheon_environment`]($quick_link) environment\"}"; + $comment_body = "The latest merged PR #$pr_number just got deployed successfully to Pantheon [`$pantheon_environment`]($quick_link) environment"; } } + else { + // Extract body from JSON if issue_comment was provided. + $comment_data = json_decode($issue_comment, TRUE); + $comment_body = $comment_data['body'] ?? $issue_comment; + } + foreach ($issue_numbers as $issue_number) { - $result = $this->taskExec("curl -X POST -H 'Authorization: token $github_token' -d '$issue_comment' https://api.github.com/repos/" . self::$githubProject . "/issues/$issue_number/comments") + $result = $this->taskExec("gh issue comment $issue_number --body " . escapeshellarg($comment_body)) ->printOutput(FALSE) ->run(); $exit_code = $result->getExitCode(); if ($exit_code) { - throw new \Exception("Could not notify GitHub of the deployment, GitHub API error: " . $result->getMessage()); + throw new \Exception("Could not notify GitHub of the deployment, GitHub CLI error: " . $result->getMessage()); } } } From 36f3eb9a7b98db264f1a319ac65d7e9c89d4b0a8 Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Fri, 5 Dec 2025 14:12:42 +0100 Subject: [PATCH 11/21] fix lint --- ci-scripts/test_shell.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ci-scripts/test_shell.sh b/ci-scripts/test_shell.sh index ca5b313ac..2aa3aefb5 100755 --- a/ci-scripts/test_shell.sh +++ b/ci-scripts/test_shell.sh @@ -12,12 +12,12 @@ code_review () { echo "${LWHITE}$1${RESTORE}" # The exclusions are to ignore errors related to including other shell scripts # and allowing "cd dir" without explicit error handling. - if ! docker run -v "$TRAVIS_BUILD_DIR":/scripts koalaman/shellcheck:v0.7.2 -e SC1091,SC1090,SC2181,SC2164 /scripts/"$1"; then + if ! docker run -v "$GITHUB_WORKSPACE":/scripts koalaman/shellcheck:v0.7.2 -e SC1091,SC1090,SC2181,SC2164 /scripts/"$1"; then HAS_ERRORS=1 fi } -cd "$TRAVIS_BUILD_DIR" || exit 1 +cd "$GITHUB_WORKSPACE" || exit 1 CI_SCRIPTS=$(find ci-scripts -name '*.sh') for FILE in $CI_SCRIPTS; do code_review "$FILE" From 88af843cad6459b33e76384561ef768312e9b780 Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Fri, 5 Dec 2025 15:29:32 +0100 Subject: [PATCH 12/21] Ensure tests only run after linting passes in GitHub Actions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .github/workflows/lint.yml | 2 -- .github/workflows/test.yml | 10 ++++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 0a4b4dc70..85bc25448 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -3,8 +3,6 @@ name: Lint on: pull_request: push: - branches: - - main permissions: contents: read diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f8906aed3..14cebd549 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,10 +1,10 @@ name: Test on: - pull_request: - push: - branches-ignore: - - main + workflow_run: + workflows: ["Lint"] + types: + - completed permissions: contents: read @@ -13,6 +13,8 @@ jobs: functional-tests: name: 'Backend tests: Functional tests' runs-on: ubuntu-22.04 + # Only run tests if lint workflow succeeded + if: ${{ github.event.workflow_run.conclusion == 'success' }} env: DDEV_NO_INSTRUMENTATION: true ROLLBAR_SERVER_TOKEN: df6ce617465b4980afdecc95ed1b42de From 7430058fa4d80b1f9ee97d90b3cf7f80cd8f6f61 Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Fri, 5 Dec 2025 15:29:39 +0100 Subject: [PATCH 13/21] Fix ServerGeneralMessagesTest by saving user after role assignment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .../tests/src/ExistingSite/ServerGeneralMessagesTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/modules/custom/server_general/tests/src/ExistingSite/ServerGeneralMessagesTest.php b/web/modules/custom/server_general/tests/src/ExistingSite/ServerGeneralMessagesTest.php index 2b8ea4b4b..7fea165a7 100644 --- a/web/modules/custom/server_general/tests/src/ExistingSite/ServerGeneralMessagesTest.php +++ b/web/modules/custom/server_general/tests/src/ExistingSite/ServerGeneralMessagesTest.php @@ -25,11 +25,11 @@ public function testNodeSaveMessage() { // Login as admin. $user = $this->createUser(); $user->addRole('administrator'); + $user->save(); $this->drupalLogin($user); // Visit the node edit form. $this->drupalGet($node->toUrl('edit-form')); - $this->createHtmlSnapshot(); $assert = $this->assertSession(); $assert->statusCodeEquals(Response::HTTP_OK); From 415e9adbe5158939a1e98d4e105fd71b8a672833 Mon Sep 17 00:00:00 2001 From: Amitai Burstein Date: Fri, 21 Nov 2025 08:31:39 +0200 Subject: [PATCH 14/21] Fail phpunit parallel testing if a test fails --- .ddev/commands/web/phpunit | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.ddev/commands/web/phpunit b/.ddev/commands/web/phpunit index 7509752c8..467d2409d 100755 --- a/.ddev/commands/web/phpunit +++ b/.ddev/commands/web/phpunit @@ -4,6 +4,8 @@ ## Usage: phpunit [arguments] ## Example: "ddev phpunit" or "ddev phpunit web/modules/custom/server_general". +set -euo pipefail + # Function to check if path contains sequential group tests needs_sequential() { local path="$1" From f65ce150a574d412db59572acd26e06293ba7141 Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Sat, 13 Dec 2025 07:08:18 +0100 Subject: [PATCH 15/21] streamline github ci --- .github/workflows/ci.yml | 279 ++++++++++++++++++++++++++++ .github/workflows/deploy-live.yml | 67 ------- .github/workflows/deploy-qa.yml | 73 -------- .github/workflows/deploy-test.yml | 68 ------- .github/workflows/lint.template.yml | 65 ------- .github/workflows/lint.yml | 63 ------- .gitignore | 3 +- ci-scripts/check_live_deploy.sh | 6 +- ci-scripts/prepare_deploy.sh | 2 +- robo-components/DeploymentTrait.php | 5 +- 10 files changed, 288 insertions(+), 343 deletions(-) create mode 100644 .github/workflows/ci.yml delete mode 100644 .github/workflows/deploy-live.yml delete mode 100644 .github/workflows/deploy-qa.yml delete mode 100644 .github/workflows/deploy-test.yml delete mode 100644 .github/workflows/lint.template.yml delete mode 100644 .github/workflows/lint.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 000000000..2b22ee032 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,279 @@ +name: CI + +on: + pull_request: + push: + +permissions: + contents: read + issues: write + pull-requests: write + +jobs: + phpstan: + name: PhpStan + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 500 + + - name: Set up PHP + uses: shivammathur/setup-php@v2 + with: + php-version: '8.3' + coverage: none + + - name: Check syntax + run: ./ci-scripts/test_syntax.sh + + - name: Install Composer dependencies + run: composer install + + - name: Run PhpStan + run: PHP_MEMORY_LIMIT=2G ./vendor/bin/phpstan --no-progress analyse -c phpstan.neon + + phpcs: + name: Drupal coding standard + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + + - name: Set up PHP + uses: shivammathur/setup-php@v2 + with: + php-version: '8.3' + coverage: none + + - name: Install Composer dependencies + run: composer install + + - name: Run PHPCS + run: vendor/bin/robo phpcs + + shellcheck: + name: Shell coding standard + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + + - name: Install shellcheck + run: ./ci-scripts/install_shell.sh + + - name: Run shellcheck + run: ./ci-scripts/test_shell.sh + + functional-tests: + name: Backend tests + runs-on: ubuntu-22.04 + needs: [phpcs, phpstan, shellcheck] + env: + DDEV_NO_INSTRUMENTATION: true + ROLLBAR_SERVER_TOKEN: df6ce617465b4980afdecc95ed1b42de + steps: + - uses: actions/checkout@v4 + + - name: Set up DDEV + uses: ddev/github-action-setup-ddev@v1 + + - name: Configure DDEV + run: | + mkdir -p ~/.ddev + cp ci-scripts/global_config.yaml ~/.ddev/ + + - name: Set ROLLBAR_SERVER_TOKEN + run: ddev config global --web-environment-add="ROLLBAR_SERVER_TOKEN=$ROLLBAR_SERVER_TOKEN" + + - name: Install Drupal + run: | + ddev composer install + ./ci-scripts/install_drupal.sh + + - name: Run PHPUnit tests + run: ./ci-scripts/test_phpunit.sh + + - name: Run PHPUnit Rollbar tests + run: ./ci-scripts/test_phpunit_rollbar.sh + + deploy-qa: + name: Deploy to Pantheon QA + runs-on: ubuntu-22.04 + needs: [functional-tests] + if: github.ref == 'refs/heads/main' + continue-on-error: true + concurrency: + group: deploy-qa + cancel-in-progress: false + env: + DDEV_NO_INSTRUMENTATION: true + ROLLBAR_SERVER_TOKEN: ${{ secrets.ROLLBAR_SERVER_TOKEN }} + PANTHEON_GIT_URL: ${{ secrets.PANTHEON_GIT_URL }} + TERMINUS_TOKEN: ${{ secrets.TERMINUS_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + DEPLOY_EXCLUDE_WARNING: ${{ vars.DEPLOY_EXCLUDE_WARNING }} + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 500 + + - name: Set up DDEV + uses: ddev/github-action-setup-ddev@v1 + + - name: Configure DDEV + run: | + mkdir -p ~/.ddev + cp ci-scripts/global_config.yaml ~/.ddev/ + + - name: Set ROLLBAR_SERVER_TOKEN + if: env.ROLLBAR_SERVER_TOKEN != '' + run: ddev config global --web-environment-add="ROLLBAR_SERVER_TOKEN=$ROLLBAR_SERVER_TOKEN" + + - name: Install Drupal + run: | + ddev composer install + ./ci-scripts/install_drupal.sh + + - name: Run PHPUnit tests + run: ./ci-scripts/test_phpunit.sh + + - name: Run PHPUnit Rollbar tests + run: ./ci-scripts/test_phpunit_rollbar.sh + + - name: Prepare SSH key + run: | + openssl aes-256-cbc -K ${{ secrets.ENCRYPTED_KEY }} -iv ${{ secrets.ENCRYPTED_IV }} \ + -in pantheon-key.enc -out pantheon-key -d + mkdir -p ~/.ssh + cp pantheon-key ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + + - name: Prepare deployment + env: + GITHUB_COMMIT_MESSAGE: ${{ github.event.head_commit.message || github.event.commits[0].message || 'Manual deployment' }} + run: ./ci-scripts/prepare_deploy.sh + + - name: Deploy to Pantheon QA + run: | + ddev composer install + ddev robo deploy:pantheon qa --no-interaction + + - name: Notify deployment + run: ddev robo deploy:notify + + deploy-test: + name: Deploy to Pantheon TEST + runs-on: ubuntu-22.04 + if: startsWith(github.ref, 'refs/tags/') && !endsWith(github.ref, 'live') + concurrency: + group: deploy-test + cancel-in-progress: false + env: + DDEV_NO_INSTRUMENTATION: true + ROLLBAR_SERVER_TOKEN: ${{ secrets.ROLLBAR_SERVER_TOKEN }} + PANTHEON_GIT_URL: ${{ secrets.PANTHEON_GIT_URL }} + TERMINUS_TOKEN: ${{ secrets.TERMINUS_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 500 + + - name: Set up DDEV + uses: ddev/github-action-setup-ddev@v1 + + - name: Configure DDEV + run: | + mkdir -p ~/.ddev + cp ci-scripts/global_config.yaml ~/.ddev/ + + - name: Set ROLLBAR_SERVER_TOKEN + if: env.ROLLBAR_SERVER_TOKEN != '' + run: ddev config global --web-environment-add="ROLLBAR_SERVER_TOKEN=$ROLLBAR_SERVER_TOKEN" + + - name: Install Drupal + run: | + ddev composer install + ./ci-scripts/install_drupal.sh + + - name: Run PHPUnit tests + run: ./ci-scripts/test_phpunit.sh + + - name: Prepare SSH key + run: | + openssl aes-256-cbc -K ${{ secrets.ENCRYPTED_KEY }} -iv ${{ secrets.ENCRYPTED_IV }} \ + -in pantheon-key.enc -out pantheon-key -d + mkdir -p ~/.ssh + cp pantheon-key ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + + - name: Prepare deployment + env: + GITHUB_COMMIT_MESSAGE: ${{ github.event.head_commit.message || github.event.commits[0].message || 'Manual deployment' }} + run: ./ci-scripts/prepare_deploy.sh + + - name: Deploy to Pantheon TEST + run: | + ddev composer install + ddev robo deploy:tag-pantheon --no-interaction ${{ github.ref_name }} master + + - name: Sync Pantheon environments + run: ddev robo deploy:pantheon-sync + + deploy-live: + name: Deploy to Pantheon LIVE + runs-on: ubuntu-22.04 + if: startsWith(github.ref, 'refs/tags/') && endsWith(github.ref, 'live') + concurrency: + group: deploy-live + cancel-in-progress: false + env: + DDEV_NO_INSTRUMENTATION: true + ROLLBAR_SERVER_TOKEN: ${{ secrets.ROLLBAR_SERVER_TOKEN }} + PANTHEON_GIT_URL: ${{ secrets.PANTHEON_GIT_URL }} + TERMINUS_TOKEN: ${{ secrets.TERMINUS_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 500 + + - name: Check live deploy + run: ./ci-scripts/check_live_deploy.sh + + - name: Set up DDEV + uses: ddev/github-action-setup-ddev@v1 + + - name: Configure DDEV + run: | + mkdir -p ~/.ddev + cp ci-scripts/global_config.yaml ~/.ddev/ + + - name: Set ROLLBAR_SERVER_TOKEN + if: env.ROLLBAR_SERVER_TOKEN != '' + run: ddev config global --web-environment-add="ROLLBAR_SERVER_TOKEN=$ROLLBAR_SERVER_TOKEN" + + - name: Install Drupal + run: | + ddev composer install + ./ci-scripts/install_drupal.sh + + - name: Run PHPUnit tests + run: ./ci-scripts/test_phpunit.sh + + - name: Prepare SSH key + run: | + openssl aes-256-cbc -K ${{ secrets.ENCRYPTED_KEY }} -iv ${{ secrets.ENCRYPTED_IV }} \ + -in pantheon-key.enc -out pantheon-key -d + mkdir -p ~/.ssh + cp pantheon-key ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + + - name: Prepare deployment + env: + GITHUB_COMMIT_MESSAGE: ${{ github.event.head_commit.message || github.event.commits[0].message || 'Manual deployment' }} + run: ./ci-scripts/prepare_deploy.sh + + - name: Deploy to Pantheon LIVE + run: | + ddev composer install + ddev robo deploy:pantheon-sync live diff --git a/.github/workflows/deploy-live.yml b/.github/workflows/deploy-live.yml deleted file mode 100644 index 96aeedd8e..000000000 --- a/.github/workflows/deploy-live.yml +++ /dev/null @@ -1,67 +0,0 @@ -name: Deploy to Pantheon LIVE - -on: - push: - tags: - - '*live' - -permissions: - contents: read - issues: write - pull-requests: write - -jobs: - deploy-live: - name: 'Backend tests: Functional tests and deploy to Pantheon LIVE' - runs-on: ubuntu-22.04 - env: - DDEV_NO_INSTRUMENTATION: true - ROLLBAR_SERVER_TOKEN: ${{ secrets.ROLLBAR_SERVER_TOKEN }} - PANTHEON_GIT_URL: ${{ secrets.PANTHEON_GIT_URL }} - TERMINUS_TOKEN: ${{ secrets.TERMINUS_TOKEN }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 500 - - - name: Check live deploy - run: ./ci-scripts/check_live_deploy.sh - - - name: Set up DDEV - uses: ddev/github-action-setup-ddev@v1 - - - name: Configure DDEV - run: | - mkdir -p ~/.ddev - cp ci-scripts/global_config.yaml ~/.ddev/ - - - name: Set ROLLBAR_SERVER_TOKEN - if: env.ROLLBAR_SERVER_TOKEN != '' - run: ddev config global --web-environment-add="ROLLBAR_SERVER_TOKEN=$ROLLBAR_SERVER_TOKEN" - - - name: Install Drupal - run: | - ddev composer install - ./ci-scripts/install_drupal.sh - - - name: Run PHPUnit tests - run: ./ci-scripts/test_phpunit.sh - - - name: Prepare SSH key - run: | - openssl aes-256-cbc -K ${{ secrets.ENCRYPTED_KEY }} -iv ${{ secrets.ENCRYPTED_IV }} \ - -in deploy-key.enc -out deploy-key -d - mkdir -p ~/.ssh - cp deploy-key ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - - - name: Prepare deployment - env: - GITHUB_COMMIT_MESSAGE: ${{ github.event.head_commit.message || github.event.commits[0].message || 'Manual deployment' }} - run: ./ci-scripts/prepare_deploy.sh - - - name: Deploy to Pantheon LIVE - run: | - ddev composer install - ddev robo deploy:pantheon-sync live diff --git a/.github/workflows/deploy-qa.yml b/.github/workflows/deploy-qa.yml deleted file mode 100644 index 54dacc32d..000000000 --- a/.github/workflows/deploy-qa.yml +++ /dev/null @@ -1,73 +0,0 @@ -name: Deploy to Pantheon QA - -on: - push: - branches: - - main - -permissions: - contents: read - issues: write - pull-requests: write - -jobs: - deploy-qa: - name: 'Backend tests: Functional tests and deploy to Pantheon QA' - runs-on: ubuntu-22.04 - # Allow this job to fail without failing the workflow - continue-on-error: true - env: - DDEV_NO_INSTRUMENTATION: true - ROLLBAR_SERVER_TOKEN: ${{ secrets.ROLLBAR_SERVER_TOKEN }} - PANTHEON_GIT_URL: ${{ secrets.PANTHEON_GIT_URL }} - TERMINUS_TOKEN: ${{ secrets.TERMINUS_TOKEN }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - DEPLOY_EXCLUDE_WARNING: ${{ vars.DEPLOY_EXCLUDE_WARNING }} - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 500 - - - name: Set up DDEV - uses: ddev/github-action-setup-ddev@v1 - - - name: Configure DDEV - run: | - mkdir -p ~/.ddev - cp ci-scripts/global_config.yaml ~/.ddev/ - - - name: Set ROLLBAR_SERVER_TOKEN - if: env.ROLLBAR_SERVER_TOKEN != '' - run: ddev config global --web-environment-add="ROLLBAR_SERVER_TOKEN=$ROLLBAR_SERVER_TOKEN" - - - name: Install Drupal - run: | - ddev composer install - ./ci-scripts/install_drupal.sh - - - name: Run PHPUnit tests - run: ./ci-scripts/test_phpunit.sh - - - name: Run PHPUnit Rollbar tests - run: ./ci-scripts/test_phpunit_rollbar.sh - - - name: Prepare SSH key - run: | - openssl aes-256-cbc -K ${{ secrets.ENCRYPTED_KEY }} -iv ${{ secrets.ENCRYPTED_IV }} \ - -in deploy-key.enc -out deploy-key -d - mkdir -p ~/.ssh - cp deploy-key ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - - - name: Prepare deployment - env: - GITHUB_COMMIT_MESSAGE: ${{ github.event.head_commit.message || github.event.commits[0].message || 'Manual deployment' }} - run: ./ci-scripts/prepare_deploy.sh - - - name: Deploy to Pantheon QA - run: | - ddev composer install - ddev robo deploy:pantheon qa --no-interaction - - - name: Notify deployment - run: ddev robo deploy:notify diff --git a/.github/workflows/deploy-test.yml b/.github/workflows/deploy-test.yml deleted file mode 100644 index b4bd35a43..000000000 --- a/.github/workflows/deploy-test.yml +++ /dev/null @@ -1,68 +0,0 @@ -name: Deploy to Pantheon TEST - -on: - push: - tags: - - '*' - - '!*live' - -permissions: - contents: read - issues: write - pull-requests: write - -jobs: - deploy-test: - name: 'Backend tests: Functional tests and deploy to Pantheon TEST' - runs-on: ubuntu-22.04 - env: - DDEV_NO_INSTRUMENTATION: true - ROLLBAR_SERVER_TOKEN: ${{ secrets.ROLLBAR_SERVER_TOKEN }} - PANTHEON_GIT_URL: ${{ secrets.PANTHEON_GIT_URL }} - TERMINUS_TOKEN: ${{ secrets.TERMINUS_TOKEN }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 500 - - - name: Set up DDEV - uses: ddev/github-action-setup-ddev@v1 - - - name: Configure DDEV - run: | - mkdir -p ~/.ddev - cp ci-scripts/global_config.yaml ~/.ddev/ - - - name: Set ROLLBAR_SERVER_TOKEN - if: env.ROLLBAR_SERVER_TOKEN != '' - run: ddev config global --web-environment-add="ROLLBAR_SERVER_TOKEN=$ROLLBAR_SERVER_TOKEN" - - - name: Install Drupal - run: | - ddev composer install - ./ci-scripts/install_drupal.sh - - - name: Run PHPUnit tests - run: ./ci-scripts/test_phpunit.sh - - - name: Prepare SSH key - run: | - openssl aes-256-cbc -K ${{ secrets.ENCRYPTED_KEY }} -iv ${{ secrets.ENCRYPTED_IV }} \ - -in deploy-key.enc -out deploy-key -d - mkdir -p ~/.ssh - cp deploy-key ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - - - name: Prepare deployment - env: - GITHUB_COMMIT_MESSAGE: ${{ github.event.head_commit.message || github.event.commits[0].message || 'Manual deployment' }} - run: ./ci-scripts/prepare_deploy.sh - - - name: Deploy to Pantheon TEST - run: | - ddev composer install - ddev robo deploy:tag-pantheon --no-interaction ${{ github.ref_name }} master - - - name: Sync Pantheon environments - run: ddev robo deploy:pantheon-sync diff --git a/.github/workflows/lint.template.yml b/.github/workflows/lint.template.yml deleted file mode 100644 index 39ddf936c..000000000 --- a/.github/workflows/lint.template.yml +++ /dev/null @@ -1,65 +0,0 @@ -name: Lint - -on: - pull_request: - push: - branches: - - {{ GITHUB_DEPLOY_BRANCH }} - -permissions: - contents: read - -jobs: - phpstan: - name: PhpStan - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 500 - - - name: Set up PHP - uses: shivammathur/setup-php@v2 - with: - php-version: '8.3' - coverage: none - - - name: Check syntax - run: | - ./ci-scripts/test_syntax.sh - - - name: Install Composer dependencies - run: composer install - - - name: Run PhpStan - run: PHP_MEMORY_LIMIT=2G ./vendor/bin/phpstan --no-progress analyse -c phpstan.neon - - phpcs: - name: Drupal coding standard - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v4 - - - name: Set up PHP - uses: shivammathur/setup-php@v2 - with: - php-version: '8.3' - coverage: none - - - name: Install Composer dependencies - run: composer install - - - name: Run PHPCS - run: vendor/bin/robo phpcs - - shellcheck: - name: 'Shell coding standard: shellcheck' - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v4 - - - name: Install shellcheck - run: ./ci-scripts/install_shell.sh - - - name: Run shellcheck - run: ./ci-scripts/test_shell.sh diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml deleted file mode 100644 index 85bc25448..000000000 --- a/.github/workflows/lint.yml +++ /dev/null @@ -1,63 +0,0 @@ -name: Lint - -on: - pull_request: - push: - -permissions: - contents: read - -jobs: - phpstan: - name: PhpStan - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 500 - - - name: Set up PHP - uses: shivammathur/setup-php@v2 - with: - php-version: '8.3' - coverage: none - - - name: Check syntax - run: | - ./ci-scripts/test_syntax.sh - - - name: Install Composer dependencies - run: composer install - - - name: Run PhpStan - run: PHP_MEMORY_LIMIT=2G ./vendor/bin/phpstan --no-progress analyse -c phpstan.neon - - phpcs: - name: Drupal coding standard - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v4 - - - name: Set up PHP - uses: shivammathur/setup-php@v2 - with: - php-version: '8.3' - coverage: none - - - name: Install Composer dependencies - run: composer install - - - name: Run PHPCS - run: vendor/bin/robo phpcs - - shellcheck: - name: 'Shell coding standard: shellcheck' - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v4 - - - name: Install shellcheck - run: ./ci-scripts/install_shell.sh - - - name: Run shellcheck - run: ./ci-scripts/test_shell.sh diff --git a/.gitignore b/.gitignore index 99c043614..1644e4f18 100644 --- a/.gitignore +++ b/.gitignore @@ -36,7 +36,8 @@ web/private/ web/sites/default/default.services.pantheon.preproduction.yml pantheon_config.sh .pantheon -travis-key +pantheon-key +pantheon-key.pub .bootstrap #SASS diff --git a/ci-scripts/check_live_deploy.sh b/ci-scripts/check_live_deploy.sh index c5463d988..12909a589 100755 --- a/ci-scripts/check_live_deploy.sh +++ b/ci-scripts/check_live_deploy.sh @@ -2,20 +2,20 @@ git fetch origin refs/remotes/*:refs/remotes/* # We remove the _live suffix -RELEASE_TAG=${TRAVIS_TAG%_live} +RELEASE_TAG=${GITHUB_REF_NAME%_live} # Let's say we have 1.2.3_live tag right now. # It can only go through if 1.2.3 tag is already pushed. if [ "$(git tag -l "$RELEASE_TAG")" ]; then # And it points to the same commit. - TAG_A=$(git rev-list -n 1 "$TRAVIS_TAG") + TAG_A=$(git rev-list -n 1 "$GITHUB_REF_NAME") TAG_B=$(git rev-list -n 1 "$RELEASE_TAG") if [[ "$TAG_A" == "$TAG_B" ]] then exit 0 fi - echo "$RELEASE_TAG AND $TRAVIS_TAG must point to the same commit. Giving up!" + echo "$RELEASE_TAG AND $GITHUB_REF_NAME must point to the same commit. Giving up!" exit 1 fi diff --git a/ci-scripts/prepare_deploy.sh b/ci-scripts/prepare_deploy.sh index d25593374..37bfa4b0e 100755 --- a/ci-scripts/prepare_deploy.sh +++ b/ci-scripts/prepare_deploy.sh @@ -6,7 +6,7 @@ set -x cd "$GITHUB_WORKSPACE" || exit 1 # Make Git operations possible. -cp deploy-key ~/.ssh/id_rsa +cp pantheon-key ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa # Authenticate with Terminus. diff --git a/robo-components/DeploymentTrait.php b/robo-components/DeploymentTrait.php index 930e7c151..4eae3be2b 100644 --- a/robo-components/DeploymentTrait.php +++ b/robo-components/DeploymentTrait.php @@ -59,8 +59,8 @@ trait DeploymentTrait { 'RoboFile.php', 'robo-components', 'server.es.secrets.json', - 'deploy-key.enc', - 'deploy-key', + 'pantheon-key.enc', + 'pantheon-key', 'web/.csslintrc', 'web/.eslintignore', 'web/.eslintrc.json', @@ -179,6 +179,7 @@ public function deployTagPantheon(string $tag, string $branch_name = 'master', ? throw new \Exception('The working directory is dirty. Please commit or stash the pending changes. If you allowed new files in the .gitignore file, also double check composer.json scaffold section. https://www.drupal.org/docs/develop/using-composer/using-drupals-composer-scaffold'); } + // Check out the tag first to validate pantheon.yml exists on the target branch. $this->taskExec("git checkout $tag")->run(); // Full installation with dev dependencies as we need some of them for the From 6082dac6ce05c1e87d6eb504c85631937d73c8b5 Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Sat, 13 Dec 2025 13:19:24 +0100 Subject: [PATCH 16/21] Port GitHub Actions structure from jep-cjil MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Create unified ci.yml workflow consolidating all CI/CD jobs. Rename deploy-key to pantheon-key for clarity. Fix TRAVIS_TAG references in check_live_deploy.sh. Changes: - Create .github/workflows/ci.yml with unified CI/CD pipeline - Update ci-scripts/check_live_deploy.sh: TRAVIS_TAG → GITHUB_REF_NAME - Update ci-scripts/prepare_deploy.sh: deploy-key → pantheon-key - Update robo-components/DeploymentTrait.php: excludes and deployment comment - Update .gitignore: add pantheon-key references Based on jep-cjil PRs #10 and #11. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 --- robo-components/DeploymentTrait.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/robo-components/DeploymentTrait.php b/robo-components/DeploymentTrait.php index 4eae3be2b..673d52b2c 100644 --- a/robo-components/DeploymentTrait.php +++ b/robo-components/DeploymentTrait.php @@ -179,7 +179,8 @@ public function deployTagPantheon(string $tag, string $branch_name = 'master', ? throw new \Exception('The working directory is dirty. Please commit or stash the pending changes. If you allowed new files in the .gitignore file, also double check composer.json scaffold section. https://www.drupal.org/docs/develop/using-composer/using-drupals-composer-scaffold'); } - // Check out the tag first to validate pantheon.yml exists on the target branch. + // Check out the tag first to validate pantheon.yml exists on the + // target branch. $this->taskExec("git checkout $tag")->run(); // Full installation with dev dependencies as we need some of them for the From ff1cfc1baefe13fc3ed4f9c24e1aa1ee02302e3c Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Sat, 13 Dec 2025 14:51:27 +0100 Subject: [PATCH 17/21] adapt --- .github/workflows/test.yml | 44 ----------------------------- .gitignore | 2 -- README.md | 6 ++-- robo-components/DeploymentTrait.php | 10 +++---- 4 files changed, 8 insertions(+), 54 deletions(-) delete mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index 14cebd549..000000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: Test - -on: - workflow_run: - workflows: ["Lint"] - types: - - completed - -permissions: - contents: read - -jobs: - functional-tests: - name: 'Backend tests: Functional tests' - runs-on: ubuntu-22.04 - # Only run tests if lint workflow succeeded - if: ${{ github.event.workflow_run.conclusion == 'success' }} - env: - DDEV_NO_INSTRUMENTATION: true - ROLLBAR_SERVER_TOKEN: df6ce617465b4980afdecc95ed1b42de - steps: - - uses: actions/checkout@v4 - - - name: Set up DDEV - uses: ddev/github-action-setup-ddev@v1 - - - name: Configure DDEV - run: | - mkdir -p ~/.ddev - cp ci-scripts/global_config.yaml ~/.ddev/ - - - name: Set ROLLBAR_SERVER_TOKEN - run: ddev config global --web-environment-add="ROLLBAR_SERVER_TOKEN=$ROLLBAR_SERVER_TOKEN" - - - name: Install Drupal - run: | - ddev composer install - ./ci-scripts/install_drupal.sh - - - name: Run PHPUnit tests - run: ./ci-scripts/test_phpunit.sh - - - name: Run PHPUnit Rollbar tests - run: ./ci-scripts/test_phpunit_rollbar.sh diff --git a/.gitignore b/.gitignore index 1644e4f18..54a550f49 100644 --- a/.gitignore +++ b/.gitignore @@ -61,7 +61,5 @@ phpunit_debug *.orig *.rej -travis_wait*log - # AI .claude diff --git a/README.md b/README.md index 10caedf19..2aa15e7c7 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -[![Build Status](https://github.com/Gizra/drupal-starter/actions/workflows/lint.yml/badge.svg)](https://github.com/Gizra/drupal-starter/actions) +[![Build Status](https://github.com/Gizra/drupal-starter/actions/workflows/ci.yml/badge.svg)](https://github.com/Gizra/drupal-starter/actions) [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://github.com/codespaces/new?hide_repo_select=true&ref=main&repo=250256146) @@ -276,7 +276,7 @@ Make sure to add the correct site name under `environment_variables.project`. There's a Robo command to do the entire process of creating a new project: ``` -ddev robo bootstrap:project [ [ []]] +ddev robo bootstrap:project [ []] ``` See the details [here](https://github.com/Gizra/drupal-starter/blob/main/robo-components/BootstrapTrait.php). @@ -391,7 +391,7 @@ In order to deploy upon every merge automatically using GitHub Actions, you shal 1. Get a GitHub Personal access token. It will be used to post a comment to GitHub to the relevant issue when a merged PR is deployed, so set the expiry date far in the future enough for this. 1. `ddev robo deploy:config-autodeploy [your terminus token] [your github token]` 1. `git commit -m "Deployment secrets and configuration"` -1. Add the public key in `deploy-key.pub` to the newly created dummy [Pantheon user](https://pantheon.io/docs/ssh-keys) +1. Add the public key in `pantheon-key.pub` to the newly created dummy [Pantheon user](https://pantheon.io/docs/ssh-keys) 1. Set up the following GitHub secrets in your repository settings: - `PANTHEON_GIT_URL`: The Pantheon Git URL for your project - `TERMINUS_TOKEN`: Your Pantheon machine token diff --git a/robo-components/DeploymentTrait.php b/robo-components/DeploymentTrait.php index 673d52b2c..898e24589 100644 --- a/robo-components/DeploymentTrait.php +++ b/robo-components/DeploymentTrait.php @@ -711,7 +711,7 @@ public function deployConfigAutodeploy(string $token, string $github_token, stri $project_name = $pantheon_info['name']; // Generate SSH key for deployment. - $result = $this->taskExec('ssh-keygen -t rsa -f deploy-key -P ""')->run(); + $result = $this->taskExec('ssh-keygen -t rsa -f pantheon-key -P ""')->run(); if ($result->getExitCode() !== 0) { throw new \Exception('The key generation failed.'); } @@ -729,7 +729,7 @@ public function deployConfigAutodeploy(string $token, string $github_token, stri } $encryption_iv = trim($result->getMessage()); - $result = $this->taskExec("openssl aes-256-cbc -K $encryption_key -iv $encryption_iv -in deploy-key -out deploy-key.enc")->run(); + $result = $this->taskExec("openssl aes-256-cbc -K $encryption_key -iv $encryption_iv -in pantheon-key -out pantheon-key.enc")->run(); if ($result->getExitCode() !== 0) { throw new \Exception('The encryption of the private key failed.'); } @@ -748,7 +748,7 @@ public function deployConfigAutodeploy(string $token, string $github_token, stri ->run(); } - $result = $this->taskExec('git add deploy-key.enc')->run(); + $result = $this->taskExec('git add pantheon-key.enc')->run(); if ($result->getExitCode() !== 0) { throw new \Exception("git add failed."); } @@ -767,10 +767,10 @@ public function deployConfigAutodeploy(string $token, string $github_token, stri $this->say(" - ROLLBAR_SERVER_TOKEN: (your Rollbar token if applicable)"); $this->say(""); $this->say("2. Add the SSH public key to the Pantheon account:"); - $this->say(" - Key location: deploy-key.pub"); + $this->say(" - Key location: pantheon-key.pub"); $this->say(" - Instructions: https://pantheon.io/docs/ssh-keys"); $this->say(""); - $this->say("3. Review and commit the encrypted key file (deploy-key.enc)"); + $this->say("3. Review and commit the encrypted key file (pantheon-key.enc)"); $this->say(""); $this->say("4. Ensure nested docroot is configured: https://pantheon.io/docs/nested-docroot"); } From 88eea6139514dba1615d37bcf6fb105ca72d07b9 Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Fri, 19 Dec 2025 10:39:22 +0100 Subject: [PATCH 18/21] fixes --- .github/workflows/ci.yml | 294 +++++++++-------------------------- .github/workflows/deploy.yml | 164 +++++++++++++++++++ ci-scripts/prepare_deploy.sh | 28 ++-- 3 files changed, 253 insertions(+), 233 deletions(-) create mode 100644 .github/workflows/deploy.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2b22ee032..907a312ec 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,59 +1,94 @@ name: CI on: - pull_request: push: + branches: + - main + pull_request: -permissions: - contents: read - issues: write - pull-requests: write +env: + DDEV_NO_INSTRUMENTATION: true jobs: - phpstan: - name: PhpStan - runs-on: ubuntu-22.04 + phpcs: + name: Drupal coding standard + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - with: - fetch-depth: 500 - - name: Set up PHP + - name: Setup PHP uses: shivammathur/setup-php@v2 with: php-version: '8.3' - coverage: none - - name: Check syntax - run: ./ci-scripts/test_syntax.sh + - name: Install parallel + run: sudo apt-get update && sudo apt-get install -y parallel + + - name: Get Composer cache directory + id: composer-cache + run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT + + - name: Cache Composer dependencies + uses: actions/cache@v4 + with: + path: ${{ steps.composer-cache.outputs.dir }} + key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} + restore-keys: ${{ runner.os }}-composer- - name: Install Composer dependencies run: composer install - - name: Run PhpStan - run: PHP_MEMORY_LIMIT=2G ./vendor/bin/phpstan --no-progress analyse -c phpstan.neon + - name: Run PHPCS + run: vendor/bin/robo phpcs - phpcs: - name: Drupal coding standard - runs-on: ubuntu-22.04 + phpstan: + name: PhpStan + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Set up PHP + - name: Setup PHP uses: shivammathur/setup-php@v2 with: php-version: '8.3' - coverage: none + + - name: Test syntax + run: ./ci-scripts/test_syntax.sh + + - name: Get Composer cache directory + id: composer-cache + run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT + + - name: Cache Composer dependencies + uses: actions/cache@v4 + with: + path: ${{ steps.composer-cache.outputs.dir }} + key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} + restore-keys: ${{ runner.os }}-composer- - name: Install Composer dependencies run: composer install - - name: Run PHPCS - run: vendor/bin/robo phpcs + - name: Restore PHPStan result cache + uses: actions/cache/restore@v4 + with: + path: .phpstan-cache + key: phpstan-result-cache-${{ github.sha }} + restore-keys: phpstan-result-cache- + + - name: Run PHPStan + run: php -d memory_limit=2G ./vendor/bin/phpstan --no-progress analyse -c phpstan.neon + + - name: Save PHPStan result cache + if: ${{ !cancelled() }} + uses: actions/cache/save@v4 + with: + path: .phpstan-cache + key: phpstan-result-cache-${{ github.sha }} shellcheck: - name: Shell coding standard - runs-on: ubuntu-22.04 + name: "Shell coding standard: shellcheck" + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -63,217 +98,28 @@ jobs: - name: Run shellcheck run: ./ci-scripts/test_shell.sh - functional-tests: - name: Backend tests - runs-on: ubuntu-22.04 + test: + name: "Backend tests: Functional tests" + runs-on: ubuntu-latest needs: [phpcs, phpstan, shellcheck] env: - DDEV_NO_INSTRUMENTATION: true - ROLLBAR_SERVER_TOKEN: df6ce617465b4980afdecc95ed1b42de - steps: - - uses: actions/checkout@v4 - - - name: Set up DDEV - uses: ddev/github-action-setup-ddev@v1 - - - name: Configure DDEV - run: | - mkdir -p ~/.ddev - cp ci-scripts/global_config.yaml ~/.ddev/ - - - name: Set ROLLBAR_SERVER_TOKEN - run: ddev config global --web-environment-add="ROLLBAR_SERVER_TOKEN=$ROLLBAR_SERVER_TOKEN" - - - name: Install Drupal - run: | - ddev composer install - ./ci-scripts/install_drupal.sh - - - name: Run PHPUnit tests - run: ./ci-scripts/test_phpunit.sh - - - name: Run PHPUnit Rollbar tests - run: ./ci-scripts/test_phpunit_rollbar.sh - - deploy-qa: - name: Deploy to Pantheon QA - runs-on: ubuntu-22.04 - needs: [functional-tests] - if: github.ref == 'refs/heads/main' - continue-on-error: true - concurrency: - group: deploy-qa - cancel-in-progress: false - env: - DDEV_NO_INSTRUMENTATION: true ROLLBAR_SERVER_TOKEN: ${{ secrets.ROLLBAR_SERVER_TOKEN }} - PANTHEON_GIT_URL: ${{ secrets.PANTHEON_GIT_URL }} - TERMINUS_TOKEN: ${{ secrets.TERMINUS_TOKEN }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - DEPLOY_EXCLUDE_WARNING: ${{ vars.DEPLOY_EXCLUDE_WARNING }} steps: - uses: actions/checkout@v4 - with: - fetch-depth: 500 - - name: Set up DDEV - uses: ddev/github-action-setup-ddev@v1 - - - name: Configure DDEV - run: | - mkdir -p ~/.ddev - cp ci-scripts/global_config.yaml ~/.ddev/ + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: '8.3' - - name: Set ROLLBAR_SERVER_TOKEN - if: env.ROLLBAR_SERVER_TOKEN != '' - run: ddev config global --web-environment-add="ROLLBAR_SERVER_TOKEN=$ROLLBAR_SERVER_TOKEN" + - name: Install DDEV + run: ./ci-scripts/install_ddev.sh - name: Install Drupal - run: | - ddev composer install - ./ci-scripts/install_drupal.sh + run: ./ci-scripts/install_drupal.sh - name: Run PHPUnit tests run: ./ci-scripts/test_phpunit.sh - name: Run PHPUnit Rollbar tests run: ./ci-scripts/test_phpunit_rollbar.sh - - - name: Prepare SSH key - run: | - openssl aes-256-cbc -K ${{ secrets.ENCRYPTED_KEY }} -iv ${{ secrets.ENCRYPTED_IV }} \ - -in pantheon-key.enc -out pantheon-key -d - mkdir -p ~/.ssh - cp pantheon-key ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - - - name: Prepare deployment - env: - GITHUB_COMMIT_MESSAGE: ${{ github.event.head_commit.message || github.event.commits[0].message || 'Manual deployment' }} - run: ./ci-scripts/prepare_deploy.sh - - - name: Deploy to Pantheon QA - run: | - ddev composer install - ddev robo deploy:pantheon qa --no-interaction - - - name: Notify deployment - run: ddev robo deploy:notify - - deploy-test: - name: Deploy to Pantheon TEST - runs-on: ubuntu-22.04 - if: startsWith(github.ref, 'refs/tags/') && !endsWith(github.ref, 'live') - concurrency: - group: deploy-test - cancel-in-progress: false - env: - DDEV_NO_INSTRUMENTATION: true - ROLLBAR_SERVER_TOKEN: ${{ secrets.ROLLBAR_SERVER_TOKEN }} - PANTHEON_GIT_URL: ${{ secrets.PANTHEON_GIT_URL }} - TERMINUS_TOKEN: ${{ secrets.TERMINUS_TOKEN }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 500 - - - name: Set up DDEV - uses: ddev/github-action-setup-ddev@v1 - - - name: Configure DDEV - run: | - mkdir -p ~/.ddev - cp ci-scripts/global_config.yaml ~/.ddev/ - - - name: Set ROLLBAR_SERVER_TOKEN - if: env.ROLLBAR_SERVER_TOKEN != '' - run: ddev config global --web-environment-add="ROLLBAR_SERVER_TOKEN=$ROLLBAR_SERVER_TOKEN" - - - name: Install Drupal - run: | - ddev composer install - ./ci-scripts/install_drupal.sh - - - name: Run PHPUnit tests - run: ./ci-scripts/test_phpunit.sh - - - name: Prepare SSH key - run: | - openssl aes-256-cbc -K ${{ secrets.ENCRYPTED_KEY }} -iv ${{ secrets.ENCRYPTED_IV }} \ - -in pantheon-key.enc -out pantheon-key -d - mkdir -p ~/.ssh - cp pantheon-key ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - - - name: Prepare deployment - env: - GITHUB_COMMIT_MESSAGE: ${{ github.event.head_commit.message || github.event.commits[0].message || 'Manual deployment' }} - run: ./ci-scripts/prepare_deploy.sh - - - name: Deploy to Pantheon TEST - run: | - ddev composer install - ddev robo deploy:tag-pantheon --no-interaction ${{ github.ref_name }} master - - - name: Sync Pantheon environments - run: ddev robo deploy:pantheon-sync - - deploy-live: - name: Deploy to Pantheon LIVE - runs-on: ubuntu-22.04 - if: startsWith(github.ref, 'refs/tags/') && endsWith(github.ref, 'live') - concurrency: - group: deploy-live - cancel-in-progress: false - env: - DDEV_NO_INSTRUMENTATION: true - ROLLBAR_SERVER_TOKEN: ${{ secrets.ROLLBAR_SERVER_TOKEN }} - PANTHEON_GIT_URL: ${{ secrets.PANTHEON_GIT_URL }} - TERMINUS_TOKEN: ${{ secrets.TERMINUS_TOKEN }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 500 - - - name: Check live deploy - run: ./ci-scripts/check_live_deploy.sh - - - name: Set up DDEV - uses: ddev/github-action-setup-ddev@v1 - - - name: Configure DDEV - run: | - mkdir -p ~/.ddev - cp ci-scripts/global_config.yaml ~/.ddev/ - - - name: Set ROLLBAR_SERVER_TOKEN - if: env.ROLLBAR_SERVER_TOKEN != '' - run: ddev config global --web-environment-add="ROLLBAR_SERVER_TOKEN=$ROLLBAR_SERVER_TOKEN" - - - name: Install Drupal - run: | - ddev composer install - ./ci-scripts/install_drupal.sh - - - name: Run PHPUnit tests - run: ./ci-scripts/test_phpunit.sh - - - name: Prepare SSH key - run: | - openssl aes-256-cbc -K ${{ secrets.ENCRYPTED_KEY }} -iv ${{ secrets.ENCRYPTED_IV }} \ - -in pantheon-key.enc -out pantheon-key -d - mkdir -p ~/.ssh - cp pantheon-key ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - - - name: Prepare deployment - env: - GITHUB_COMMIT_MESSAGE: ${{ github.event.head_commit.message || github.event.commits[0].message || 'Manual deployment' }} - run: ./ci-scripts/prepare_deploy.sh - - - name: Deploy to Pantheon LIVE - run: | - ddev composer install - ddev robo deploy:pantheon-sync live diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 000000000..5ba6b3dc7 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,164 @@ +name: Deploy + +on: + workflow_run: + workflows: ["CI"] + types: + - completed + branches: + - main + push: + tags: + - '**' + +env: + DDEV_NO_INSTRUMENTATION: true + +jobs: + deploy-qa: + name: "Deploy to Pantheon QA" + runs-on: ubuntu-latest + if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_branch == 'main' + concurrency: + group: deploy-pantheon-qa + cancel-in-progress: false + env: + TERMINUS_TOKEN: ${{ secrets.TERMINUS_TOKEN }} + COMMIT_MESSAGE: ${{ github.event.workflow_run.head_commit.message }} + GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + ROLLBAR_SERVER_TOKEN: ${{ secrets.ROLLBAR_SERVER_TOKEN }} + PANTHEON_GIT_URL: ${{ secrets.PANTHEON_GIT_URL }} + DEPLOY_EXCLUDE_WARNING: ${{ vars.DEPLOY_EXCLUDE_WARNING }} + steps: + - uses: actions/checkout@v4 + + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: '8.3' + + - name: Setup SSH key + run: | + mkdir -p ~/.ssh + echo "${{ secrets.PANTHEON_DEPLOY_KEY }}" > ~/.ssh/pantheon-key + chmod 600 ~/.ssh/pantheon-key + + - name: Install DDEV + run: ./ci-scripts/install_ddev.sh + + - name: Set up SSH keys for DDEV + run: | + mkdir -p .ddev/homeadditions/.ssh + cp ~/.ssh/pantheon-key .ddev/homeadditions/.ssh/pantheon-key + cp ~/.ssh/pantheon-key .ddev/homeadditions/.ssh/id_rsa + chmod 700 .ddev/homeadditions/.ssh + chmod 600 .ddev/homeadditions/.ssh/* + + - name: Prepare deploy + run: ./ci-scripts/prepare_deploy.sh + + - name: Deploy to Pantheon QA + run: ddev robo deploy:pantheon --no-interaction qa + + - name: Deploy notification + run: ddev robo deploy:notify + + deploy-test: + name: "Deploy to Pantheon TEST" + runs-on: ubuntu-latest + if: github.ref_type == 'tag' && github.event_name == 'push' && !endsWith(github.ref, 'live') + concurrency: + group: deploy-pantheon-test + cancel-in-progress: false + env: + TERMINUS_TOKEN: ${{ secrets.TERMINUS_TOKEN }} + COMMIT_MESSAGE: ${{ github.event.head_commit.message }} + GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + ROLLBAR_SERVER_TOKEN: ${{ secrets.ROLLBAR_SERVER_TOKEN }} + PANTHEON_GIT_URL: ${{ secrets.PANTHEON_GIT_URL }} + steps: + - uses: actions/checkout@v4 + + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: '8.3' + + - name: Setup SSH key + run: | + mkdir -p ~/.ssh + echo "${{ secrets.PANTHEON_DEPLOY_KEY }}" > ~/.ssh/pantheon-key + chmod 600 ~/.ssh/pantheon-key + + - name: Install DDEV + run: ./ci-scripts/install_ddev.sh + + - name: Set up SSH keys for DDEV + run: | + mkdir -p .ddev/homeadditions/.ssh + cp ~/.ssh/pantheon-key .ddev/homeadditions/.ssh/pantheon-key + cp ~/.ssh/pantheon-key .ddev/homeadditions/.ssh/id_rsa + chmod 700 .ddev/homeadditions/.ssh + chmod 600 .ddev/homeadditions/.ssh/* + + - name: Prepare deploy + run: ./ci-scripts/prepare_deploy.sh + + - name: Deploy tag to Pantheon + run: ddev robo deploy:tag-pantheon --no-interaction ${{ github.ref_name }} master + + - name: Sync Pantheon + run: ddev robo deploy:pantheon-sync + + deploy-live: + name: "Deploy to Pantheon LIVE" + runs-on: ubuntu-latest + if: github.ref_type == 'tag' && github.event_name == 'push' && endsWith(github.ref, 'live') + concurrency: + group: deploy-pantheon-live + cancel-in-progress: false + env: + TERMINUS_TOKEN: ${{ secrets.TERMINUS_TOKEN }} + COMMIT_MESSAGE: ${{ github.event.head_commit.message }} + GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + ROLLBAR_SERVER_TOKEN: ${{ secrets.ROLLBAR_SERVER_TOKEN }} + PANTHEON_GIT_URL: ${{ secrets.PANTHEON_GIT_URL }} + steps: + - uses: actions/checkout@v4 + + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: '8.3' + + - name: Setup SSH key + run: | + mkdir -p ~/.ssh + echo "${{ secrets.PANTHEON_DEPLOY_KEY }}" > ~/.ssh/pantheon-key + chmod 600 ~/.ssh/pantheon-key + + - name: Check live deploy + run: ./ci-scripts/check_live_deploy.sh + + - name: Install DDEV + run: ./ci-scripts/install_ddev.sh + + - name: Set up SSH keys for DDEV + run: | + mkdir -p .ddev/homeadditions/.ssh + cp ~/.ssh/pantheon-key .ddev/homeadditions/.ssh/pantheon-key + cp ~/.ssh/pantheon-key .ddev/homeadditions/.ssh/id_rsa + chmod 700 .ddev/homeadditions/.ssh + chmod 600 .ddev/homeadditions/.ssh/* + + - name: Prepare deploy + run: ./ci-scripts/prepare_deploy.sh + + - name: Deploy tag to Pantheon + run: ddev robo deploy:tag-pantheon --no-interaction ${{ github.ref_name }} master + + - name: Sync Pantheon TEST + run: ddev robo deploy:pantheon-sync + + - name: Sync Pantheon LIVE + run: ddev robo deploy:pantheon-sync live diff --git a/ci-scripts/prepare_deploy.sh b/ci-scripts/prepare_deploy.sh index 37bfa4b0e..f3d2a69d5 100755 --- a/ci-scripts/prepare_deploy.sh +++ b/ci-scripts/prepare_deploy.sh @@ -3,16 +3,19 @@ set -e set -x -cd "$GITHUB_WORKSPACE" || exit 1 +cd "${GITHUB_WORKSPACE:-.}" || exit 1 -# Make Git operations possible. -cp pantheon-key ~/.ssh/id_rsa -chmod 600 ~/.ssh/id_rsa +# SSH key should already be set up by the workflow in ~/.ssh/pantheon-key +# and copied to .ddev/homeadditions/.ssh/ +if [ ! -f ~/.ssh/pantheon-key ]; then + echo "Error: SSH key not found at ~/.ssh/pantheon-key" + exit 1 +fi # Authenticate with Terminus. ddev config global --web-environment-add="TERMINUS_MACHINE_TOKEN=$TERMINUS_TOKEN" -export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" +export GIT_SSH_COMMAND="ssh -i ~/.ssh/pantheon-key -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" if [ -z "$PANTHEON_GIT_URL" ]; then echo "Error: PANTHEON_GIT_URL is not set. Add it to workflow secrets/env vars" @@ -26,16 +29,23 @@ fi ddev stop # Expose some environment variables to DDEV to be able to notify on auto-deploy. -COMMIT_MESSAGE="${GITHUB_COMMIT_MESSAGE}" +# Use COMMIT_MESSAGE from workflow env, fall back to GITHUB_COMMIT_MESSAGE for backward compatibility. +DEPLOY_COMMIT_MESSAGE="${COMMIT_MESSAGE:-${GITHUB_COMMIT_MESSAGE:-}}" # Make sure commit message variable does not contain special characters: # { , } , [ , ] , & , * , # , ? , | , - , < , > , = , ! , % , @ , ", ', ` # and comma itself. # These could break the YAML/Bash syntax. # shellcheck disable=SC2001 -COMMIT_MESSAGE=$(echo "$COMMIT_MESSAGE" | tr '\n' ' ' | sed -e 's/[{},&*?|<>=%@\"'\''`-]//g') -ddev config global --web-environment-add="GITHUB_COMMIT_MESSAGE=$COMMIT_MESSAGE" +DEPLOY_COMMIT_MESSAGE=$(echo "$DEPLOY_COMMIT_MESSAGE" | tr '\n' ' ' | sed -e 's/[{},&*?|<>=%@\"'\''`-]//g') + +if [ -n "$DEPLOY_COMMIT_MESSAGE" ]; then + # Use TRAVIS_COMMIT_MESSAGE for backward compatibility with DeploymentTrait. + ddev config global --web-environment-add="TRAVIS_COMMIT_MESSAGE=$DEPLOY_COMMIT_MESSAGE" +fi + ddev config global --web-environment-add="GITHUB_TOKEN=$GITHUB_TOKEN" -if [ -n "${DEPLOY_EXCLUDE_WARNING}" ]; then + +if [ -n "${DEPLOY_EXCLUDE_WARNING:-}" ]; then ddev config global --web-environment-add="DEPLOY_EXCLUDE_WARNING=$DEPLOY_EXCLUDE_WARNING" fi From ee4cb407843d82eb320c9ebaeeab71229cfa7cbb Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Fri, 19 Dec 2025 12:07:51 +0100 Subject: [PATCH 19/21] try to unblock composer --- .github/workflows/ci.yml | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 907a312ec..961050f90 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,17 +24,6 @@ jobs: - name: Install parallel run: sudo apt-get update && sudo apt-get install -y parallel - - name: Get Composer cache directory - id: composer-cache - run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT - - - name: Cache Composer dependencies - uses: actions/cache@v4 - with: - path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} - restore-keys: ${{ runner.os }}-composer- - - name: Install Composer dependencies run: composer install @@ -55,17 +44,6 @@ jobs: - name: Test syntax run: ./ci-scripts/test_syntax.sh - - name: Get Composer cache directory - id: composer-cache - run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT - - - name: Cache Composer dependencies - uses: actions/cache@v4 - with: - path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} - restore-keys: ${{ runner.os }}-composer- - - name: Install Composer dependencies run: composer install From 75942bd67936a1b9890b173bc1a1681f674cceed Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Fri, 19 Dec 2025 12:19:05 +0100 Subject: [PATCH 20/21] Fix CI: replace broken asset-packagist with inline packages --- composer.json | 41 +++++++++++++++++++++++++++++++++++++++-- composer.lock | 2 +- 2 files changed, 40 insertions(+), 3 deletions(-) diff --git a/composer.json b/composer.json index eddd3079b..7c098d065 100644 --- a/composer.json +++ b/composer.json @@ -14,8 +14,45 @@ "url": "https://packages.drupal.org/8" }, { - "type": "composer", - "url": "https://asset-packagist.org" + "type": "package", + "package": [ + { + "name": "npm-asset/anchor-js", + "version": "5.0.0", + "dist": { + "type": "tar", + "url": "https://registry.npmjs.org/anchor-js/-/anchor-js-5.0.0.tgz" + }, + "type": "npm-asset", + "license": [ + "MIT" + ] + }, + { + "name": "npm-asset/select2", + "version": "4.0.13", + "dist": { + "type": "tar", + "url": "https://registry.npmjs.org/select2/-/select2-4.0.13.tgz" + }, + "type": "npm-asset", + "license": [ + "MIT" + ] + }, + { + "name": "npm-asset/slick-carousel", + "version": "1.8.1", + "dist": { + "type": "tar", + "url": "https://registry.npmjs.org/slick-carousel/-/slick-carousel-1.8.1.tgz" + }, + "type": "npm-asset", + "license": [ + "MIT" + ] + } + ] } ], "require": { diff --git a/composer.lock b/composer.lock index 409147d34..761cae45d 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "a1033c9e48108cc6b070b89c38e03ad9", + "content-hash": "e89e06f80da1148ac0b5212b82dde847", "packages": [ { "name": "asm89/stack-cors", From eb81b4263f3b73e52e358a21ac812c21d883c97c Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Fri, 19 Dec 2025 12:23:06 +0100 Subject: [PATCH 21/21] Revert "Fix CI: replace broken asset-packagist with inline packages" This reverts commit 75942bd67936a1b9890b173bc1a1681f674cceed. --- composer.json | 41 ++--------------------------------------- composer.lock | 2 +- 2 files changed, 3 insertions(+), 40 deletions(-) diff --git a/composer.json b/composer.json index 7c098d065..eddd3079b 100644 --- a/composer.json +++ b/composer.json @@ -14,45 +14,8 @@ "url": "https://packages.drupal.org/8" }, { - "type": "package", - "package": [ - { - "name": "npm-asset/anchor-js", - "version": "5.0.0", - "dist": { - "type": "tar", - "url": "https://registry.npmjs.org/anchor-js/-/anchor-js-5.0.0.tgz" - }, - "type": "npm-asset", - "license": [ - "MIT" - ] - }, - { - "name": "npm-asset/select2", - "version": "4.0.13", - "dist": { - "type": "tar", - "url": "https://registry.npmjs.org/select2/-/select2-4.0.13.tgz" - }, - "type": "npm-asset", - "license": [ - "MIT" - ] - }, - { - "name": "npm-asset/slick-carousel", - "version": "1.8.1", - "dist": { - "type": "tar", - "url": "https://registry.npmjs.org/slick-carousel/-/slick-carousel-1.8.1.tgz" - }, - "type": "npm-asset", - "license": [ - "MIT" - ] - } - ] + "type": "composer", + "url": "https://asset-packagist.org" } ], "require": { diff --git a/composer.lock b/composer.lock index 761cae45d..409147d34 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "e89e06f80da1148ac0b5212b82dde847", + "content-hash": "a1033c9e48108cc6b070b89c38e03ad9", "packages": [ { "name": "asm89/stack-cors",