Convert Travis CI to GitHub Actions#4409
Conversation
10b70f9 to
e124275
Compare
e124275 to
4af3685
Compare
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughReplaces Travis CI with GitHub Actions: adds a build-release workflow and workflow README, removes .travis.yml, docker-compose.test.yml and the Dockerfile test stage, updates README badges. New workflow builds, tests with MariaDB, produces artifacts, pushes multi-arch Docker images, and creates prereleases on master. Changes
Sequence DiagramsequenceDiagram
participant GitHub as "GitHub Events"
participant Runner as "Actions Runner (build/test/docker)"
participant MariaDB as "MariaDB (service/container)"
participant Artifacts as "GitHub Artifacts"
participant DockerHub as "Docker Hub"
participant Release as "GitHub Release"
GitHub->>Runner: Trigger (push/tag/PR)
Runner->>Runner: Setup PHP 8.2 & Node 20, cache deps
Runner->>Runner: Install deps, run Gulp, compute version
Runner->>MariaDB: Start DB container for tests
Runner->>Runner: Run PHPUnit tests
MariaDB-->>Runner: Test responses/results
Runner->>Runner: Create archives and Docker build context
Runner->>Artifacts: Upload build artifacts
Runner->>DockerHub: Buildx multi‑arch build & push
Runner->>Release: Create prerelease and upload archive (on master)
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 5
🧹 Nitpick comments (1)
.github/workflows/build-release.yml (1)
13-15: Use a branch/ref-based concurrency key for pushes.On push events,
github.head_refis empty, so this falls back togithub.run_idand never cancels oldermasterruns.cancel-in-progressonly works here for PRs.Suggested change
concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} cancel-in-progress: true🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/build-release.yml around lines 13 - 15, The concurrency key currently uses github.head_ref || github.run_id which is empty on push events so runs for the same branch won't cancel; change the group expression to use the push/ref value (e.g. github.head_ref || github.ref || github.ref_name) instead of falling back to run_id. Update the concurrency group line (the group: expression) to something like ${{ github.workflow }}-${{ github.head_ref || github.ref || github.ref_name }} so branch-based runs cancel correctly while keeping PR behavior intact.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/build-release.yml:
- Around line 26-29: The build job outputs block is missing the short-sha export
referenced later; update the outputs mapping in the build job (the outputs:
block that currently lists version and version-tag) to also export short-sha by
adding short-sha: ${{ steps.version.outputs.short-sha }} (or the correct step
output name that produces the SHA) so subsequent jobs can reference
needs.build.outputs.short-sha when composing the artifact name.
- Around line 106-129: The workflow currently swallows failures by appending "||
true" to the DB init and PHPUnit commands (the docker exec -i mysql mysql -u
root -proot ospos < app/Database/database.sql and vendor/bin/phpunit --testdox
steps), so fix it by removing the "|| true" from both commands so non-zero exits
fail the job; optionally, if flakiness is a concern, replace "|| true" with a
controlled retry loop or explicit error handling that retries the DB import once
or fails with a clear error message instead of masking the failure.
- Around line 134-141: The "Create distribution archives" job currently ignores
failures (continue-on-error: true) and silences errors from gulp compress and
missing files; remove the continue-on-error flag and make the shell commands
fail on error by enabling strict mode (e.g., set -e) or explicitly test for the
presence of dist/opensourcepos.zip and dist/opensourcepos.tar.gz after running
gulp compress, and exit non-zero if they are missing; reference the step name
"Create distribution archives", the commands "gulp compress" and the mv lines
that rename using VERSION and SHORT_SHA so the workflow fails when packaging
does not produce the expected artifacts.
- Around line 192-193: Update the GitHub Actions step named "Create/Update
unstable release" to use the v2 release of the softprops action: change the uses
declaration from softprops/action-gh-release@v1 to
softprops/action-gh-release@v2 so the action runs on Node20-compatible runners;
keep the step name and inputs the same and run a workflow test to confirm there
are no v2-specific input changes required.
In @.github/workflows/README.md:
- Around line 18-25: Update the README section to match the actual CI workflow:
remove the obsolete "Run Docker container tests" bullet and the "Build
`ospos_test:latest`" line (they no longer exist in build-release.yml), and
replace them with the current steps defined in build-release.yml (e.g., the
actual test job(s) and image build/publish steps such as building `ospos:latest`
and pushing to Docker Hub on master if present); ensure the bullets exactly
reflect the job names and image tags used in build-release.yml so readers aren't
misled by outdated entries.
---
Nitpick comments:
In @.github/workflows/build-release.yml:
- Around line 13-15: The concurrency key currently uses github.head_ref ||
github.run_id which is empty on push events so runs for the same branch won't
cancel; change the group expression to use the push/ref value (e.g.
github.head_ref || github.ref || github.ref_name) instead of falling back to
run_id. Update the concurrency group line (the group: expression) to something
like ${{ github.workflow }}-${{ github.head_ref || github.ref || github.ref_name
}} so branch-based runs cancel correctly while keeping PR behavior intact.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: b6e40a74-1b68-4b52-a4fe-6848b70524e4
📒 Files selected for processing (2)
.github/workflows/README.md.github/workflows/build-release.yml
4af3685 to
c57edda
Compare
There was a problem hiding this comment.
🧹 Nitpick comments (1)
.github/workflows/build-release.yml (1)
143-148: Artifact upload may silently succeed with empty or partial content.If archive creation fails (currently masked by
continue-on-error), this step still uploads whatever exists indist/. Consider adding a verification step or removingcontinue-on-errorfrom the previous step so failures are caught early.Suggested verification before upload
+ - name: Verify distribution archives + run: | + VERSION="${{ steps.version.outputs.version }}" + SHORT_SHA="${{ steps.version.outputs.short-sha }}" + test -f "dist/opensourcepos.$VERSION.$SHORT_SHA.tgz" || { echo "Missing .tgz archive"; exit 1; } + test -f "dist/opensourcepos.$VERSION.$SHORT_SHA.zip" || { echo "Missing .zip archive"; exit 1; } + - name: Upload build artifacts uses: actions/upload-artifact@v4🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/build-release.yml around lines 143 - 148, The upload step using actions/upload-artifact@v4 ("Upload build artifacts") can silently upload an empty/partial dist/ when the prior archive creation is allowed to fail; either remove the prior step's continue-on-error so failures stop the workflow, or add a verification step before the "Upload build artifacts" step that checks dist/ exists and contains expected files (e.g., non-zero size, specific filenames or a manifest) and fail the job if the check fails, ensuring the "Upload build artifacts" step only runs when the verification passes.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In @.github/workflows/build-release.yml:
- Around line 143-148: The upload step using actions/upload-artifact@v4 ("Upload
build artifacts") can silently upload an empty/partial dist/ when the prior
archive creation is allowed to fail; either remove the prior step's
continue-on-error so failures stop the workflow, or add a verification step
before the "Upload build artifacts" step that checks dist/ exists and contains
expected files (e.g., non-zero size, specific filenames or a manifest) and fail
the job if the check fails, ensuring the "Upload build artifacts" step only runs
when the verification passes.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: fe65036d-3ddb-4422-b134-c7fbb2359999
📒 Files selected for processing (2)
.github/workflows/README.md.github/workflows/build-release.yml
There was a problem hiding this comment.
Actionable comments posted: 2
♻️ Duplicate comments (3)
.github/workflows/build-release.yml (3)
107-114:⚠️ Potential issue | 🟠 MajorFail the workflow when archive creation fails.
gulp compress, the renames, and the whole step are still allowed to fail silently here, butreleaseassumes the ZIP exists. Packaging needs to stay in the success path.Suggested change
- name: Create distribution archives run: | + set -euo pipefail gulp compress VERSION="${{ steps.version.outputs.version }}" SHORT_SHA="${{ steps.version.outputs.short-sha }}" - mv dist/opensourcepos.tar.gz "dist/opensourcepos.$VERSION.$SHORT_SHA.tgz" || true - mv dist/opensourcepos.zip "dist/opensourcepos.$VERSION.$SHORT_SHA.zip" || true - continue-on-error: true + mv dist/opensourcepos.tar.gz "dist/opensourcepos.$VERSION.$SHORT_SHA.tgz" + mv dist/opensourcepos.zip "dist/opensourcepos.$VERSION.$SHORT_SHA.zip"🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/build-release.yml around lines 107 - 114, The "Create distribution archives" step currently allows failures to be ignored (continue-on-error: true) so missing archives won't block the release; change this by removing continue-on-error and making the shell fail on any command failure (e.g., enable "set -e" / bash -e behavior) so that "gulp compress", the subsequent mv commands that use VERSION and SHORT_SHA, and any other errors cause the job to fail; ensure the step name and commands referencing gulp compress, VERSION/SHORT_SHA and the mv operations remain, but are executed with strict failure handling so the workflow fails if archives aren't created or renamed.
160-161:⚠️ Potential issue | 🔴 CriticalLet schema import failures fail the test job.
Swallowing the SQL import exit code weakens the test gate: PHPUnit can run against a partially initialized database and still report green for unrelated tests.
Suggested change
- - name: Initialize database - run: docker exec -i mysql mysql -u root -proot ospos < app/Database/database.sql || true + - name: Initialize database + run: docker exec -i mysql mysql -u root -proot ospos < app/Database/database.sql🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/build-release.yml around lines 160 - 161, The "Initialize database" workflow step is currently swallowing SQL import failures by appending "|| true" to the docker exec command; remove the "|| true" so the step returns a non-zero exit code on failure (i.e., change the run command that executes "docker exec -i mysql mysql -u root -proot ospos < app/Database/database.sql" to no longer append "|| true") so schema import failures fail the job and surface as CI errors.
230-231:⚠️ Potential issue | 🟠 MajorUpgrade
softprops/action-gh-releasefrom@v1.
actionlintalready flags this runner as too old for current GitHub Actions runners. Keeping@v1will break the release job.Suggested change
- - name: Create/Update unstable release - uses: softprops/action-gh-release@v1 + - name: Create/Update unstable release + uses: softprops/action-gh-release@v2Is `softprops/action-gh-release@v1` still supported on GitHub-hosted runners, and what major version should be used instead?🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/build-release.yml around lines 230 - 231, The GitHub Action usage "softprops/action-gh-release@v1" is pinned to an older major and should be upgraded to the current major release; replace the usage string in the workflow step that shows "uses: softprops/action-gh-release@v1" with the maintained major tag (e.g., "uses: softprops/action-gh-release@v2") to ensure compatibility with current GitHub-hosted runners and silence actionlint; update any inputs if the action's v2 changed parameter names.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/build-release.yml:
- Around line 71-72: The test job is running vendor/bin/phpunit --testdox but
dev dependencies were removed by the build step's composer install --no-dev
--optimize-autoloader; fix by ensuring the test job sets up PHP (e.g.,
actions/setup-php) and runs composer install without --no-dev (or runs composer
install --dev) before invoking vendor/bin/phpunit --testdox so PHPUnit and other
dev tools are available; update the test job steps to include PHP setup and a
composer install (or restore cached vendor with dev deps) prior to running
phpunit.
In @.github/workflows/README.md:
- Around line 14-16: Update the Testing section wording to accurately reflect
how MariaDB is launched in CI: replace "Run PHPUnit tests with MariaDB service
container" with a phrase indicating MariaDB is started via docker run in
build-release.yml (e.g., "Run PHPUnit tests with MariaDB started via docker run
in build-release.yml"); reference build-release.yml and the phrasing "MariaDB
service container" so reviewers can find and update the exact line in the
README.
---
Duplicate comments:
In @.github/workflows/build-release.yml:
- Around line 107-114: The "Create distribution archives" step currently allows
failures to be ignored (continue-on-error: true) so missing archives won't block
the release; change this by removing continue-on-error and making the shell fail
on any command failure (e.g., enable "set -e" / bash -e behavior) so that "gulp
compress", the subsequent mv commands that use VERSION and SHORT_SHA, and any
other errors cause the job to fail; ensure the step name and commands
referencing gulp compress, VERSION/SHORT_SHA and the mv operations remain, but
are executed with strict failure handling so the workflow fails if archives
aren't created or renamed.
- Around line 160-161: The "Initialize database" workflow step is currently
swallowing SQL import failures by appending "|| true" to the docker exec
command; remove the "|| true" so the step returns a non-zero exit code on
failure (i.e., change the run command that executes "docker exec -i mysql mysql
-u root -proot ospos < app/Database/database.sql" to no longer append "|| true")
so schema import failures fail the job and surface as CI errors.
- Around line 230-231: The GitHub Action usage "softprops/action-gh-release@v1"
is pinned to an older major and should be upgraded to the current major release;
replace the usage string in the workflow step that shows "uses:
softprops/action-gh-release@v1" with the maintained major tag (e.g., "uses:
softprops/action-gh-release@v2") to ensure compatibility with current
GitHub-hosted runners and silence actionlint; update any inputs if the action's
v2 changed parameter names.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 7d170461-30b7-40b0-bb25-280b060a8602
📒 Files selected for processing (6)
.github/workflows/README.md.github/workflows/build-release.yml.travis.ymlDockerfileREADME.mddocker-compose.test.yml
💤 Files with no reviewable changes (3)
- docker-compose.test.yml
- .travis.yml
- Dockerfile
b049997 to
67d19e0
Compare
There was a problem hiding this comment.
Actionable comments posted: 5
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/build-release.yml:
- Around line 165-168: The MariaDB readiness `until` loop (the `until docker
exec mysql mysqladmin ping -h 127.0.0.1 -u root -proot --silent; do` block)
needs a retry cap to avoid hanging CI: introduce a max attempts counter (e.g.
MAX_RETRIES), initialize a attempts=0 before the loop, increment attempts each
iteration and after the sleep check if attempts >= MAX_RETRIES then log a
failure (replacing or alongside the existing "Waiting for MariaDB..." echo) and
exit with non-zero status; ensure the loop still breaks on success so behavior
is unchanged when the DB comes up.
- Around line 213-214: The tags currently hard-code the Docker namespace using
the literals "jekkos/opensourcepos:${{ needs.build.outputs.version-tag }}" and
"jekkos/opensourcepos:latest"; change them to derive the repository from a
workflow variable or context (for example use an input/env like DOCKER_REPO or
compose from github.repository_owner and github.event.repository.name) so the
tag becomes "${{ env.DOCKER_REPO }}:${{ needs.build.outputs.version-tag }}" and
"${{ env.DOCKER_REPO }}:latest" (or the equivalent using github context or
secrets) and ensure the DOCKER_REPO value is populated earlier in the workflow.
- Around line 17-20: The workflow currently grants excessive repo scopes via the
top-level permissions block (permissions: contents: write and packages: write);
remove the unnecessary packages: write and revert contents to the default
read-only (or remove the top-level permissions block entirely) and instead grant
elevated write permissions only in the release job step that needs them (e.g.,
add a job-level permissions override for the release job). Update references to
the top-level permissions block and the release job configuration so only the
release job has write access while all other jobs run with least-privilege
read-only access.
In @.github/workflows/README.md:
- Around line 18-20: Update the README wording so the documented Docker image
names match the workflow output: replace the `ospos:latest` mention with the
actual image names/tags used by the release workflow (e.g.,
`jekkos/opensourcepos` with both `:latest` and version tags) and ensure the line
describing multi-arch build/push reflects the behavior in `build-release.yml`;
specifically adjust the string `ospos:latest` to `jekkos/opensourcepos` and
mention both the version tag and `latest` tag.
In `@README.md`:
- Line 143: Update the README credits sentence that currently reads "Many thanks
to [GitHub](https://github.com) for providing free continuous integration via
GitHub Actions for open source projects." to use the hyphenated form
"open-source projects"; locate the exact table cell containing that phrase and
replace "open source" with "open-source" so the sentence becomes grammatically
correct.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: a14faa84-9964-4bba-b2a7-0006313f5724
📒 Files selected for processing (6)
.github/workflows/README.md.github/workflows/build-release.yml.travis.ymlDockerfileREADME.mddocker-compose.test.yml
💤 Files with no reviewable changes (3)
- .travis.yml
- Dockerfile
- docker-compose.test.yml
67d19e0 to
2c1ae0d
Compare
There was a problem hiding this comment.
♻️ Duplicate comments (3)
.github/workflows/build-release.yml (3)
155-168:⚠️ Potential issue | 🟠 MajorCap the MariaDB wait loop.
If
docker runfails or MariaDB never becomes ready, this step waits until the job timeout. Bound the retries and dump container logs on failure so the job fails quickly and leaves a useful trace.Suggested change
- name: Start MariaDB run: | docker run -d --name mysql \ -e MYSQL_ROOT_PASSWORD=root \ -e MYSQL_DATABASE=ospos \ -e MYSQL_USER=admin \ -e MYSQL_PASSWORD=pointofsale \ -p 3306:3306 \ mariadb:10.5 - until docker exec mysql mysqladmin ping -h 127.0.0.1 -u root -proot --silent; do - echo "Waiting for MariaDB..." - sleep 2 - done + for i in {1..60}; do + if docker exec mysql mysqladmin ping -h 127.0.0.1 -u root -proot --silent; then + break + fi + echo "Waiting for MariaDB... ($i/60)" + sleep 2 + done + docker exec mysql mysqladmin ping -h 127.0.0.1 -u root -proot --silent || { + echo "MariaDB failed to become ready" + docker logs mysql || true + exit 1 + }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/build-release.yml around lines 155 - 168, The "Start MariaDB" step uses an unbounded until loop (until docker exec mysql mysqladmin ping ...) which can hang the job; modify that step to cap retries by adding a counter and max attempts (e.g., MAX_RETRIES) and break with failure when exceeded, and on failure run docker logs mysql to dump container output before exiting non-zero so CI fails fast and provides diagnostics; keep the container name "mysql" and the same mysqladmin check but wrap it in the bounded loop and ensure the step exits with a non-zero status when max retries are reached.
17-20:⚠️ Potential issue | 🟠 MajorReduce the default token permissions.
packages: writeis unused here, and repo-widecontents: writegives the build/test jobs mutation rights they do not need. Keep the workflow read-only by default and grantcontents: writeonly inrelease.Suggested change
permissions: - contents: write - packages: write + contents: readrelease: name: Create Release needs: [build, test] runs-on: ubuntu-22.04 if: github.event_name == 'push' && github.ref == 'refs/heads/master' + permissions: + contents: writeAlso applies to: 216-220
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/build-release.yml around lines 17 - 20, Change the workflow's default permissions to read-only by removing or changing "packages: write" and changing "contents: write" to "contents: read" in the top-level permissions block, and instead grant "contents: write" only inside the release job/step that needs to publish (update the release job's permissions to include contents: write); apply the same edits for the other permissions block instance referenced (lines 216-220) so the build/test jobs run with least privilege.
205-214:⚠️ Potential issue | 🟠 MajorDerive the Docker repository from configuration.
The job logs in with
DOCKER_USERNAMEbut still pushes tojekkos/opensourcepos, so any other credentials will authenticate and then fail at push time. Pull the namespace from a variable or secret instead; that also keeps the workflow README aligned with the actual image name.Suggested change
- name: Build and push Docker images uses: docker/build-push-action@v5 + env: + DOCKER_REPO: ${{ secrets.DOCKER_USERNAME }}/opensourcepos with: context: . target: ospos platforms: linux/amd64,linux/arm64 push: true tags: | - jekkos/opensourcepos:${{ needs.build.outputs.version-tag }} - jekkos/opensourcepos:latest + ${{ env.DOCKER_REPO }}:${{ needs.build.outputs.version-tag }} + ${{ env.DOCKER_REPO }}:latest🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/build-release.yml around lines 205 - 214, Replace the hardcoded Docker namespace in the "Build and push Docker images" step tags with a repository namespace variable/secret (e.g., use an env or secret like DOCKER_REPOSITORY/DOCKER_NAMESPACE) so the action pushes to the configured repo rather than "jekkos/opensourcepos"; update the tags under the step (the lines referencing jekkos/opensourcepos:${{ ... }} and jekkos/opensourcepos:latest) to use that variable, ensure the workflow sets that variable/secret (and that it aligns with DOCKER_USERNAME credentials used for login), and update any README/workflow docs referencing the image name to use the same variable.
🧹 Nitpick comments (1)
.github/workflows/build-release.yml (1)
13-15: Use a PR-scoped concurrency key.For
pull_requestevents,github.head_refis only the source branch name, so two fork PRs with the same branch name can cancel each other. Prefer the PR number (or include the head repo) so cancellations stay scoped to one PR.Suggested change
concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/build-release.yml around lines 13 - 15, The concurrency group uses github.head_ref which can collide across forked PRs; update the concurrency group expression (the concurrency: group: value) to include a PR-scoped identifier such as github.event.pull_request.number or the head repo (e.g., github.head_repository) so the key is unique per PR (for example combine github.workflow, github.event.pull_request.number and github.head_ref or include github.head_repository) to prevent different PRs with the same branch name from cancelling each other.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In @.github/workflows/build-release.yml:
- Around line 155-168: The "Start MariaDB" step uses an unbounded until loop
(until docker exec mysql mysqladmin ping ...) which can hang the job; modify
that step to cap retries by adding a counter and max attempts (e.g.,
MAX_RETRIES) and break with failure when exceeded, and on failure run docker
logs mysql to dump container output before exiting non-zero so CI fails fast and
provides diagnostics; keep the container name "mysql" and the same mysqladmin
check but wrap it in the bounded loop and ensure the step exits with a non-zero
status when max retries are reached.
- Around line 17-20: Change the workflow's default permissions to read-only by
removing or changing "packages: write" and changing "contents: write" to
"contents: read" in the top-level permissions block, and instead grant
"contents: write" only inside the release job/step that needs to publish (update
the release job's permissions to include contents: write); apply the same edits
for the other permissions block instance referenced (lines 216-220) so the
build/test jobs run with least privilege.
- Around line 205-214: Replace the hardcoded Docker namespace in the "Build and
push Docker images" step tags with a repository namespace variable/secret (e.g.,
use an env or secret like DOCKER_REPOSITORY/DOCKER_NAMESPACE) so the action
pushes to the configured repo rather than "jekkos/opensourcepos"; update the
tags under the step (the lines referencing jekkos/opensourcepos:${{ ... }} and
jekkos/opensourcepos:latest) to use that variable, ensure the workflow sets that
variable/secret (and that it aligns with DOCKER_USERNAME credentials used for
login), and update any README/workflow docs referencing the image name to use
the same variable.
---
Nitpick comments:
In @.github/workflows/build-release.yml:
- Around line 13-15: The concurrency group uses github.head_ref which can
collide across forked PRs; update the concurrency group expression (the
concurrency: group: value) to include a PR-scoped identifier such as
github.event.pull_request.number or the head repo (e.g., github.head_repository)
so the key is unique per PR (for example combine github.workflow,
github.event.pull_request.number and github.head_ref or include
github.head_repository) to prevent different PRs with the same branch name from
cancelling each other.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: f96f7389-246d-4557-8f96-01c3a6a3678f
📒 Files selected for processing (6)
.github/workflows/README.md.github/workflows/build-release.yml.travis.ymlDockerfileREADME.mddocker-compose.test.yml
💤 Files with no reviewable changes (3)
- Dockerfile
- .travis.yml
- docker-compose.test.yml
13a2f73 to
d12b79a
Compare
|
Seems that we have ran out of credits on Travis with the recent flurry of activity here. Time to try and get this merged. |
- Convert Travis CI configuration to GitHub Actions workflows - Add multi-arch Docker builds (amd64/arm64) - Implement initial schema migration for fresh database installs - Add multi-attribute search with AND logic and sort by attribute columns - Address various PR review feedback and formatting fixes
3408249 to
a18dde4
Compare
objecttothis
left a comment
There was a problem hiding this comment.
See my comment about thoughts on what to do with the old database.sql, tables.sql and constraints.sql and decide on that before merging.
These files have been replaced by initial_schema.sql which is now the authoritative source for the database schema. The initial migration loads this schema on fresh installs. - Remove app/Database/tables.sql - Remove app/Database/constraints.sql - Schema is frozen in app/Database/Migrations/sqlscripts/initial_schema.sql
The build-database task previously concatenated tables.sql and constraints.sql into database.sql. Since we now use initial_schema.sql directly in migrations, this task is no longer needed. - Remove gulp task 'build-database' - Keep all other build tasks intact
6fea9c3 to
3f6953d
Compare
3f6953d to
6fea9c3
Compare
objecttothis
left a comment
There was a problem hiding this comment.
Just the one question. I'll approve and if that change needs to be in there then go ahead and keep it.
| $input = '%Y-%q-%bad'; | ||
| $result = $this->tokenLib->render($input, [], false); | ||
| $this->assertMatchesRegularExpression('/\d{4}-%q-%bad/', $result); | ||
| $this->assertMatchesRegularExpression('/\d{4}-%q-[A-Za-z]{3}ad/', $result); |
There was a problem hiding this comment.
This change seems to be unrelated to the changeset in this PR. Was this intentionally committed? It's OK if it just needs to be injected in because it was forgotten in a merged PR, but I wanted to ask in case it wasn't intentional.
There was a problem hiding this comment.
It was required to make the tests pass.
- Combine RUN commands to reduce layers - Add --no-install-recommends and clean apt cache - Use COPY --chown to set ownership during copy - Update .dockerignore to exclude dev files and build configs Saves ~260MB (21%) in image size
Docker Image OptimizationThis PR includes Docker image size optimizations:
Changes made:Dockerfile:
.dockerignore:
Verified: Container starts successfully and responds with HTTP 200. |
The tests/phpunit.xml was incomplete - it only configured helpers and Libraries testsuites, while phpunit.xml.dist at root contains all tests. PHPUnit was likely using the incomplete config, resulting in empty test results.

Summary
This PR converts the Travis CI build configuration to GitHub Actions.
Changes
New Workflow: Build and Release
Build Process
Testing
Docker Images
Releases
Required Secrets
Add these secrets to the repository:
GITHUB_TOKEN is automatically provided.
Files Changed
The original .travis.yml is left in place and can be removed once confirmed working.
Summary by CodeRabbit