name: Common CI on: workflow_call: inputs: saas: type: boolean required: true secrets: GH_TOKEN: required: false jobs: security: name: Security runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: ruby/setup-ruby@v1 with: ruby-version: .ruby-version bundler-cache: true - name: Gem audit run: bin/bundler-audit check --update - name: Importmap audit run: bin/importmap audit - name: Brakeman audit run: bin/brakeman --quiet --no-pager --exit-on-warn --exit-on-error lint: name: Lint runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: ruby/setup-ruby@v1 with: ruby-version: .ruby-version bundler-cache: true - name: Lint code for consistent style run: bin/rubocop test: name: Tests (${{ matrix.mode }}) runs-on: ubuntu-latest strategy: matrix: include: - mode: SQLite db_adapter: sqlite - mode: MySQL db_adapter: mysql - mode: SaaS db_adapter: mysql saas: ${{ inputs.saas }} services: mysql: image: mysql:8.0 env: MYSQL_ALLOW_EMPTY_PASSWORD: yes MYSQL_DATABASE: fizzy_test ports: - 3306:3306 options: >- --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3 env: RAILS_ENV: test DATABASE_ADAPTER: ${{ matrix.db_adapter }} ${{ inputs.saas && 'SAAS' || 'SAAS_DISABLED' }}: ${{ inputs.saas && '1' || '' }} BUNDLE_GEMFILE: ${{ inputs.saas && 'Gemfile.saas' || 'Gemfile' }} MYSQL_HOST: 127.0.0.1 MYSQL_PORT: 3306 MYSQL_USER: root FIZZY_DB_HOST: 127.0.0.1 FIZZY_DB_PORT: 3306 BUNDLE_GITHUB__COM: ${{ inputs.saas && format('x-access-token:{0}', secrets.GH_TOKEN) || '' }} steps: - name: Install system packages run: sudo apt-get update && sudo apt-get install --no-install-recommends -y libsqlite3-0 libvips curl ffmpeg - uses: actions/checkout@v4 - uses: ruby/setup-ruby@v1 with: ruby-version: .ruby-version bundler-cache: true - name: Run tests run: bin/rails db:setup test - name: Run system tests run: bin/rails test:system