name: Pull Request — Quality gate # Lance les tests back + le build front sur chaque PR ciblant develop. # Deux jobs en parallele (backend / frontend) pour reduire le temps de feedback. # Pas d'E2E ici : la quality gate se limite a "le back passe les tests, le front compile". on: pull_request: branches: - develop # Annule les runs obsoletes quand on repush sur la meme PR. concurrency: group: pr-${{ gitea.event.pull_request.number }} cancel-in-progress: true jobs: backend: name: Backend (PHP CS + PHPUnit) runs-on: ubuntu-latest services: postgres: image: postgres:16-alpine env: # Doivent matcher la DATABASE_URL ci-dessous. Doctrine ajoute le # suffixe `_test` automatiquement en APP_ENV=test (when@test # dbname_suffix) → la base reellement utilisee est `app_test`. POSTGRES_USER: app POSTGRES_PASSWORD: '!ChangeMe!' POSTGRES_DB: app # Pas de `ports:` host mapping : les jobs Gitea Actions tournent en # container sur un reseau Docker dedie, le service est joignable via # son nom (`postgres`), pas via 127.0.0.1. options: >- --health-cmd "pg_isready -U app" --health-interval 5s --health-timeout 5s --health-retries 10 env: APP_ENV: test APP_SECRET: ci-secret-not-used APP_DEBUG: 0 DEFAULT_URI: http://localhost/ DATABASE_URL: postgresql://app:!ChangeMe!@postgres:5432/app?serverVersion=16&charset=utf8 JWT_SECRET_KEY: '%kernel.project_dir%/config/jwt/private.pem' JWT_PUBLIC_KEY: '%kernel.project_dir%/config/jwt/public.pem' JWT_PASSPHRASE: ci-passphrase # Cle de chiffrement (sodium) des secrets Mail / Integration / CalDav que # les fixtures persistent (ZimbraConfiguration, tokens...). Valeur de test # alignee sur phpunit.dist.xml. ENCRYPTION_KEY: ccd250183ea853179562d458e645585f3d46ddebb0701743236196f60fc1a0b8 steps: - name: Checkout uses: actions/checkout@v4 - name: Setup PHP 8.4 uses: shivammathur/setup-php@v2 with: php-version: '8.4' # zip + gd requis par phpoffice/phpspreadsheet (export XLSX), sodium par # le chiffrement des secrets, ctype/iconv par le require de composer.json. extensions: pdo, pdo_pgsql, intl, opcache, zip, mbstring, sodium, gd, ctype, iconv coverage: none tools: composer:v2 - name: Install PHP dependencies run: composer install --no-interaction --no-progress --prefer-dist - name: Generate JWT keypair run: php bin/console lexik:jwt:generate-keypair --skip-if-exists --no-interaction - name: PHP CS Fixer (dry-run) run: vendor/bin/php-cs-fixer fix --config=.php-cs-fixer.dist.php --allow-risky=yes --dry-run --diff - name: Bootstrap test database # Miroir de la cible `db-reset` du makefile (create + migrate + fixtures), # en --env=test. Les fixtures sement les roles systeme (RbacSeeder) ; # sync-permissions complete le catalogue de permissions comme en install reelle. run: | php bin/console doctrine:database:create --env=test --if-not-exists --no-interaction php bin/console doctrine:migrations:migrate --env=test --no-interaction php bin/console doctrine:fixtures:load --env=test --no-interaction php bin/console app:sync-permissions --env=test --no-interaction - name: Run PHPUnit run: php -d memory_limit=512M vendor/bin/phpunit frontend: name: Frontend (build) runs-on: ubuntu-latest defaults: run: working-directory: frontend steps: - name: Checkout uses: actions/checkout@v4 - name: Setup Node 24 uses: actions/setup-node@v4 with: node-version: '24' # `npm ci` declenche le postinstall `nuxt prepare` (genere .nuxt/). - name: Install Node dependencies run: npm ci # `nuxt build` (et non `build:dist`/`nuxt generate`) : l'app est en SSR off # (SPA), le prerender n'apporte rien a une quality gate — on valide seulement # que le bundle compile. - name: Build production (nuxt build) run: npm run build