Optimize workflows: use php-ci image for security-scan, fix production-deploy trigger

2025-10-31 14:52:59 +01:00
parent 81051941d1
commit 0b20e38f1f
2 changed files with 5 additions and 35 deletions
--- a/.gitea/workflows/production-deploy.yml
+++ b/.gitea/workflows/production-deploy.yml
@@ -22,7 +22,8 @@ jobs:
  test:
    name: Run Tests & Quality Checks
    runs-on: ubuntu-latest
-    if: ${{ !inputs.skip_tests }}
+    # Note: if condition might not work with push events in Gitea
+    # For now, always run tests - we can add skip_tests logic later
    steps:
      - name: Checkout code
        run: |
--- a/.gitea/workflows/security-scan.yml
+++ b/.gitea/workflows/security-scan.yml
@@ -13,7 +13,7 @@ on:
 jobs:
  security-audit:
    name: Composer Security Audit
-    runs-on: ubuntu-latest
+    runs-on: php-ci  # Uses pre-built PHP 8.5 CI image with Composer pre-installed

    steps:
      - name: Checkout code
@@ -42,35 +42,6 @@ jobs:
          
          cd /workspace/repo

-      - name: Setup PHP
-        run: |
-          # Add sury.org repository for PHP 8.x
-          apt-get update
-          apt-get install -y lsb-release ca-certificates apt-transport-https software-properties-common
-          curl -sSL https://packages.sury.org/php/apt.gpg | apt-key add -
-          echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
-          apt-get update
-          
-          # Install PHP 8.5 (matches composer.json requirement ^8.5 and Dockerfiles)
-          # Note: pcntl and sodium are built-in in PHP 8.5, no separate packages needed
-          apt-get install -y \
-            php8.5 \
-            php8.5-cli \
-            php8.5-dom \
-            php8.5-curl \
-            php8.5-xml \
-            php8.5-mbstring \
-            php8.5-zip \
-            php8.5-pdo \
-            php8.5-pdo-sqlite \
-            php8.5-bcmath \
-            php8.5-soap \
-            php8.5-intl \
-            php8.5-gd \
-            php8.5-exif \
-            php8.5-iconv \
-            composer
-
      - name: Validate composer.json and composer.lock
        run: |
          cd /workspace/repo
@@ -108,10 +79,8 @@ jobs:
        run: |
          cd /workspace/repo
          if [ -f audit-result.json ]; then
-            # Check if jq is available, install if not
-            if ! command -v jq &> /dev/null; then
-              apt-get update && apt-get install -y jq
-            fi
+            # jq is pre-installed in php-ci image
+            jq --version

            ADVISORIES=$(jq -r '.advisories | length' audit-result.json 2>/dev/null || echo "0")
            ABANDONED=$(jq -r '.abandoned | length' audit-result.json 2>/dev/null || echo "0")