No description
Find a file
iulian e117ffaebe feat: add Redis-compatible valkey service to php-service workflow
Integrates `valkey` as a Redis-protocol-compatible service in CI to align with the production stack. Updates environment variables and health checks to support pervasive Redis use across services.
2026-07-05 17:21:51 +03:00
.forgejo/workflows feat: add Redis-compatible valkey service to php-service workflow 2026-07-05 17:21:51 +03:00
config feat: package publish -> service rebuild fan-out 2026-05-26 13:09:06 +03:00
scripts feat: package publish -> service rebuild fan-out 2026-05-26 13:09:06 +03:00
README.md ci: add reusable php-service workflow 2026-05-24 20:36:53 +03:00

erp-devops

Shared CI building blocks for the ERP service repos.

.forgejo/workflows/php-service.yaml

Reusable CI workflow for every erp-service-* PHP/Laravel repo. Drop the following into each caller's .forgejo/workflows/ci.yaml:

name: CI

on:
  push:
    branches: [main]
    tags: ["v*"]
    paths-ignore: ["**.md", "docs/**", ".gitignore", "LICENSE*"]
  pull_request:
    branches: [main]
    paths-ignore: ["**.md", "docs/**", ".gitignore", "LICENSE*"]
  workflow_dispatch:

concurrency:
  group: ci-${{ github.ref }}
  cancel-in-progress: ${{ github.event_name == 'pull_request' }}

jobs:
  ci:
    uses: Softplexity/erp-devops/.forgejo/workflows/php-service.yaml@main
    with:
      service_name: ai
      image_name: erp-backend/erp-service-ai
    secrets:
      GIT_TOKEN: ${{ secrets.GIT_TOKEN }}
      DHM_ROBOT_KEY: ${{ secrets.DHM_ROBOT_KEY }}
      REGISTRY_USER: ${{ secrets.REGISTRY_USER }}

Required caller-repo secrets

Secret Purpose
GIT_TOKEN Forgejo PAT, used for git clone and composer auth
DHM_ROBOT_KEY Harbor robot password (image pull + push)
REGISTRY_USER Composer http-basic username (registry user)

Inputs

Input Default Notes
service_name required Docker SERVICE_NAME build arg
image_name required <namespace>/<repo> under the registry
php_ci_image dhm.spx.re/erp-infra/erp-php-ci:latest PHP CI container
registry dhm.spx.re Docker registry host
deploy_repo NewEra/erp-deploy Where the shared backend Dockerfile lives
dockerfile_path erp-deploy/docker/backend/Dockerfile Dockerfile path relative to build context
run_static_analysis true Runs phpstan if phpstan.neon.dist is present
run_security_audit false Runs composer audit (non-blocking via continue-on-error)

What changed vs the per-service workflows

  • Composer archive cache (cuts composer install ~45s → ~510s on warm runs).
  • tags: ["v*"] builds tag ${IMAGE}:${VERSION} for immutable production refs.
  • BUILD_DATE and VCS_REF baked into the image as build args.
  • Migration step no longer swallows errors (2>/dev/null || true removed).
  • EVENT_TRANSPORT=log instead of redis with empty REDIS_HOST.
  • php artisan test --compact instead of vendor/bin/phpunit (denser logs).
  • PAT-only git clone (no REGISTRY_USER leaked into the URL).
  • paths-ignore and concurrency live on the caller side (they have to — on: rules can't go inside a reusable workflow).