No description
- Python 100%
Integrates `valkey` as a Redis-protocol-compatible service in CI to align with the production stack. Updates environment variables and health checks to support pervasive Redis use across services. |
||
|---|---|---|
| .forgejo/workflows | ||
| config | ||
| scripts | ||
| README.md | ||
erp-devops
Shared CI building blocks for the ERP service repos.
.forgejo/workflows/php-service.yaml
Reusable CI workflow for every erp-service-* PHP/Laravel repo. Drop the
following into each caller's .forgejo/workflows/ci.yaml:
name: CI
on:
push:
branches: [main]
tags: ["v*"]
paths-ignore: ["**.md", "docs/**", ".gitignore", "LICENSE*"]
pull_request:
branches: [main]
paths-ignore: ["**.md", "docs/**", ".gitignore", "LICENSE*"]
workflow_dispatch:
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
ci:
uses: Softplexity/erp-devops/.forgejo/workflows/php-service.yaml@main
with:
service_name: ai
image_name: erp-backend/erp-service-ai
secrets:
GIT_TOKEN: ${{ secrets.GIT_TOKEN }}
DHM_ROBOT_KEY: ${{ secrets.DHM_ROBOT_KEY }}
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
Required caller-repo secrets
| Secret | Purpose |
|---|---|
GIT_TOKEN |
Forgejo PAT, used for git clone and composer auth |
DHM_ROBOT_KEY |
Harbor robot password (image pull + push) |
REGISTRY_USER |
Composer http-basic username (registry user) |
Inputs
| Input | Default | Notes |
|---|---|---|
service_name |
required | Docker SERVICE_NAME build arg |
image_name |
required | <namespace>/<repo> under the registry |
php_ci_image |
dhm.spx.re/erp-infra/erp-php-ci:latest |
PHP CI container |
registry |
dhm.spx.re |
Docker registry host |
deploy_repo |
NewEra/erp-deploy |
Where the shared backend Dockerfile lives |
dockerfile_path |
erp-deploy/docker/backend/Dockerfile |
Dockerfile path relative to build context |
run_static_analysis |
true |
Runs phpstan if phpstan.neon.dist is present |
run_security_audit |
false |
Runs composer audit (non-blocking via continue-on-error) |
What changed vs the per-service workflows
- Composer archive cache (cuts
composer install~45s → ~5–10s on warm runs). tags: ["v*"]builds tag${IMAGE}:${VERSION}for immutable production refs.BUILD_DATEandVCS_REFbaked into the image as build args.- Migration step no longer swallows errors (
2>/dev/null || trueremoved). EVENT_TRANSPORT=loginstead ofrediswith emptyREDIS_HOST.php artisan test --compactinstead ofvendor/bin/phpunit(denser logs).- PAT-only git clone (no
REGISTRY_USERleaked into the URL). paths-ignoreandconcurrencylive on the caller side (they have to —on:rules can't go inside a reusable workflow).