From f9cd6f5669a555e8fd84b1188faacce35f92d2cc Mon Sep 17 00:00:00 2001 From: Volkan Welp Date: Thu, 29 Jan 2026 10:24:10 +0100 Subject: [PATCH 1/2] =?UTF-8?q?=F0=9F=90=B3=20Update=20Dockerfile=20to=20i?= =?UTF-8?q?nclude=20pdo=5Fmysql=20and=20pdo=5Fpgsql=20extensions;=20add=20?= =?UTF-8?q?YAML=20linting=20workflow=20to=20GitHub=20Actions?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/code-lint.yml | 22 ++++++++++++ .github/workflows/dependabot.yml | 60 ++++++++++++++++---------------- Dockerfile | 3 +- 3 files changed, 54 insertions(+), 31 deletions(-) diff --git a/.github/workflows/code-lint.yml b/.github/workflows/code-lint.yml index 30310a6..de7fc38 100644 --- a/.github/workflows/code-lint.yml +++ b/.github/workflows/code-lint.yml @@ -24,3 +24,25 @@ jobs: with: dockerfile: ./Dockerfile config: .hadolint.yaml + + yaml-lint: + name: YAML Lint + runs-on: brixion-runners + timeout-minutes: 5 + steps: + - uses: actions/checkout@v6 + with: + fetch-depth: 2 + - name: Run YAML Lint + uses: ibiqlik/action-yamllint@v3 + with: + strict: true + config_data: | + extends: default + rules: + comments: + min-spaces-from-content: 1 + line-length: + max: 100 + allow-non-breakable-inline-mappings: true + truthy: disable diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml index 4fc360a..0a914c2 100644 --- a/.github/workflows/dependabot.yml +++ b/.github/workflows/dependabot.yml @@ -1,31 +1,31 @@ --- - name: Dependabot Automate - - on: - workflow_call: - pull_request: - - permissions: - contents: write - pull-requests: write - - jobs: - dependabot: - runs-on: brixion-runners - if: github.event.pull_request.user.login == 'dependabot[bot]' - steps: - - name: Dependabot metadata - id: metadata - uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - - name: Approve a PR - run: gh pr review --approve "$PR_URL" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GH_TOKEN: ${{secrets.GITHUB_TOKEN}} - - name: Enable auto-merge for Dependabot PRs - run: gh pr merge --auto --squash "$PR_URL" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GH_TOKEN: ${{secrets.GITHUB_TOKEN}} \ No newline at end of file +name: Dependabot Automate + +on: + workflow_call: + pull_request: + +permissions: + contents: write + pull-requests: write + +jobs: + dependabot: + runs-on: brixion-runners + if: github.event.pull_request.user.login == 'dependabot[bot]' + steps: + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + - name: Approve a PR + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GH_TOKEN: ${{secrets.GITHUB_TOKEN}} + - name: Enable auto-merge for Dependabot PRs + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GH_TOKEN: ${{secrets.GITHUB_TOKEN}} \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 1b2b649..9b54fd3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,13 +20,14 @@ RUN apk upgrade --no-cache && \ RUN set -eux; \ install-php-extensions \ @composer \ + pdo_mysql \ + pdo_pgsql \ apcu \ gd \ intl \ opcache \ zip \ bcmath \ - intl \ ; # https://getcomposer.org/doc/03-cli.md#composer-allow-superuser From 025256c9cf361910ae26a505125f23afcc950ade Mon Sep 17 00:00:00 2001 From: Volkan Welp Date: Thu, 29 Jan 2026 10:30:51 +0100 Subject: [PATCH 2/2] =?UTF-8?q?=E2=9C=A8=20Enhance=20GitHub=20Actions=20wo?= =?UTF-8?q?rkflows=20with=20YAML=20front=20matter=20and=20formatting=20imp?= =?UTF-8?q?rovements?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/code-lint.yml | 1 + .github/workflows/dependabot.yml | 2 +- .github/workflows/docker-publish.yml | 11 ++++++++--- .hadolint.yaml | 1 + 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/code-lint.yml b/.github/workflows/code-lint.yml index de7fc38..6a2a1a9 100644 --- a/.github/workflows/code-lint.yml +++ b/.github/workflows/code-lint.yml @@ -1,3 +1,4 @@ +--- name: Code Lint on: diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml index 0a914c2..93853cd 100644 --- a/.github/workflows/dependabot.yml +++ b/.github/workflows/dependabot.yml @@ -28,4 +28,4 @@ jobs: run: gh pr merge --auto --squash "$PR_URL" env: PR_URL: ${{github.event.pull_request.html_url}} - GH_TOKEN: ${{secrets.GITHUB_TOKEN}} \ No newline at end of file + GH_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 63c5adb..c53bfc3 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -1,3 +1,4 @@ +--- name: Build and Publish Docker image on: @@ -40,7 +41,9 @@ jobs: cache-to: type=gha,mode=max,scope=image-${{ matrix.php_version }} - name: Save image as tarball - run: docker save frankenphp:${{ matrix.php_version }}-build -o image-${{ matrix.php_version }}.tar + run: | + docker save frankenphp:${{ matrix.php_version }}-build \ + -o image-${{ matrix.php_version }}.tar - name: Upload image artifact uses: actions/upload-artifact@v6 @@ -77,8 +80,10 @@ jobs: with: image: frankenphp:${{ matrix.php_version }}-build format: spdx-json - artifact-name: ${{ github.event.repository.name }}-${{ matrix.php_version }}-sbom.spdx.json - output-file: ${{ github.event.repository.name }}-${{ matrix.php_version }}-sbom.spdx.json + artifact-name: >- + ${{ github.event.repository.name }}-${{ matrix.php_version }}-sbom.spdx.json + output-file: >- + ${{ github.event.repository.name }}-${{ matrix.php_version }}-sbom.spdx.json upload-artifact: true - name: Scan SBOM for vulnerabilities diff --git a/.hadolint.yaml b/.hadolint.yaml index 67f2e4e..c526a67 100644 --- a/.hadolint.yaml +++ b/.hadolint.yaml @@ -1,3 +1,4 @@ +--- # .hadolint.yaml ignored: - DL3007 # Using latest is prone to errors if the image will ever update