Convert Travis CI to GitHub Actions by jekkos · Pull Request #4409 · opensourcepos/opensourcepos · GitHub
Skip to content

Convert Travis CI to GitHub Actions#4409

Merged
jekkos merged 5 commits into
masterfrom
feature/travis-to-github-actions
Apr 1, 2026
Merged

Convert Travis CI to GitHub Actions#4409
jekkos merged 5 commits into
masterfrom
feature/travis-to-github-actions

Conversation

@jekkos

@jekkos jekkos commented Mar 6, 2026

Copy link
Copy Markdown
Member

Summary

This PR converts the Travis CI build configuration to GitHub Actions.

Changes

New Workflow: Build and Release

  1. Build Process

    • Setup PHP 8.2 with required extensions
    • Setup Node.js 20
    • Install dependencies
    • Build frontend assets with Gulp
  2. Testing

    • Run PHPUnit tests with MariaDB container
    • Run Docker container tests
  3. Docker Images

    • Build ospos Docker image
    • Push to Docker Hub on master branch
  4. Releases

    • Create distribution archives
    • Create/update GitHub unstable release on master push

Required Secrets

Add these secrets to the repository:

  • DOCKER_USERNAME - Docker Hub username
  • DOCKER_PASSWORD - Docker Hub password/token

GITHUB_TOKEN is automatically provided.

Files Changed

  • Added: .github/workflows/build-release.yml
  • Added: .github/workflows/README.md

The original .travis.yml is left in place and can be removed once confirmed working.

Summary by CodeRabbit

  • Documentation
    • Added comprehensive CI/CD documentation and updated README badges/credits to reference the new workflow.
  • Chores
    • Introduced a GitHub Actions pipeline to build, test, package, publish distribution archives and multi-arch Docker images, and create prereleases on master.
    • Removed legacy CI configuration and obsolete test compose/configuration and test build stage.

@jekkos

jekkos commented Mar 8, 2026

Copy link
Copy Markdown
Member Author

objecttothis
objecttothis previously approved these changes Mar 8, 2026
@jekkos jekkos force-pushed the feature/travis-to-github-actions branch 2 times, most recently from 10b70f9 to e124275 Compare March 9, 2026 18:28
@jekkos jekkos force-pushed the feature/travis-to-github-actions branch from e124275 to 4af3685 Compare March 11, 2026 19:13
@coderabbitai

coderabbitai Bot commented Mar 11, 2026

Copy link
Copy Markdown
Contributor

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

Replaces Travis CI with GitHub Actions: adds a build-release workflow and workflow README, removes .travis.yml, docker-compose.test.yml and the Dockerfile test stage, updates README badges. New workflow builds, tests with MariaDB, produces artifacts, pushes multi-arch Docker images, and creates prereleases on master.

Changes

Cohort / File(s) Summary
GitHub Actions workflow & docs
.github/workflows/build-release.yml, .github/workflows/README.md
Adds build-release workflow (PHP 8.2 & Node 20, cached deps, Gulp build, PHPUnit with MariaDB, artifact archives, multi-arch Docker build/push, prerelease creation). Adds workflow README documenting triggers and required secrets.
CI removal
.travis.yml
Removes the entire Travis CI configuration and all related build/test/deploy steps.
Docker/test orchestration removed
docker-compose.test.yml
Deletes test compose file and the ospos_test service used for phpunit runs.
Dockerfile test stage removed
Dockerfile
Removes the ospos_test build stage and associated test setup (zip ext, wait-for-it, composer test install, phpunit CMD).
Repository README
README.md
Updates CI badge and Credits to reference GitHub Actions instead of Travis CI.

Sequence Diagram

sequenceDiagram
    participant GitHub as "GitHub Events"
    participant Runner as "Actions Runner (build/test/docker)"
    participant MariaDB as "MariaDB (service/container)"
    participant Artifacts as "GitHub Artifacts"
    participant DockerHub as "Docker Hub"
    participant Release as "GitHub Release"

    GitHub->>Runner: Trigger (push/tag/PR)
    Runner->>Runner: Setup PHP 8.2 & Node 20, cache deps
    Runner->>Runner: Install deps, run Gulp, compute version
    Runner->>MariaDB: Start DB container for tests
    Runner->>Runner: Run PHPUnit tests
    MariaDB-->>Runner: Test responses/results
    Runner->>Runner: Create archives and Docker build context
    Runner->>Artifacts: Upload build artifacts
    Runner->>DockerHub: Buildx multi‑arch build & push
    Runner->>Release: Create prerelease and upload archive (on master)
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hopped from Travis into Actions bright,
Built and tested under MariaDB's light,
Packaged artifacts snug for everyarch,
Pushed containers onward — a joyful march,
A little rabbit cheers: CI's taken flight!

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'Convert Travis CI to GitHub Actions' is concise, clear, and directly describes the main objective of the pull request. It accurately reflects the primary change: migrating from Travis CI to GitHub Actions for CI/CD workflows.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feature/travis-to-github-actions

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 5

🧹 Nitpick comments (1)
.github/workflows/build-release.yml (1)

13-15: Use a branch/ref-based concurrency key for pushes.

On push events, github.head_ref is empty, so this falls back to github.run_id and never cancels older master runs. cancel-in-progress only works here for PRs.

Suggested change
 concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
   cancel-in-progress: true
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/build-release.yml around lines 13 - 15, The concurrency
key currently uses github.head_ref || github.run_id which is empty on push
events so runs for the same branch won't cancel; change the group expression to
use the push/ref value (e.g. github.head_ref || github.ref || github.ref_name)
instead of falling back to run_id. Update the concurrency group line (the group:
expression) to something like ${{ github.workflow }}-${{ github.head_ref ||
github.ref || github.ref_name }} so branch-based runs cancel correctly while
keeping PR behavior intact.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/build-release.yml:
- Around line 26-29: The build job outputs block is missing the short-sha export
referenced later; update the outputs mapping in the build job (the outputs:
block that currently lists version and version-tag) to also export short-sha by
adding short-sha: ${{ steps.version.outputs.short-sha }} (or the correct step
output name that produces the SHA) so subsequent jobs can reference
needs.build.outputs.short-sha when composing the artifact name.
- Around line 106-129: The workflow currently swallows failures by appending "||
true" to the DB init and PHPUnit commands (the docker exec -i mysql mysql -u
root -proot ospos < app/Database/database.sql and vendor/bin/phpunit --testdox
steps), so fix it by removing the "|| true" from both commands so non-zero exits
fail the job; optionally, if flakiness is a concern, replace "|| true" with a
controlled retry loop or explicit error handling that retries the DB import once
or fails with a clear error message instead of masking the failure.
- Around line 134-141: The "Create distribution archives" job currently ignores
failures (continue-on-error: true) and silences errors from gulp compress and
missing files; remove the continue-on-error flag and make the shell commands
fail on error by enabling strict mode (e.g., set -e) or explicitly test for the
presence of dist/opensourcepos.zip and dist/opensourcepos.tar.gz after running
gulp compress, and exit non-zero if they are missing; reference the step name
"Create distribution archives", the commands "gulp compress" and the mv lines
that rename using VERSION and SHORT_SHA so the workflow fails when packaging
does not produce the expected artifacts.
- Around line 192-193: Update the GitHub Actions step named "Create/Update
unstable release" to use the v2 release of the softprops action: change the uses
declaration from softprops/action-gh-release@v1 to
softprops/action-gh-release@v2 so the action runs on Node20-compatible runners;
keep the step name and inputs the same and run a workflow test to confirm there
are no v2-specific input changes required.

In @.github/workflows/README.md:
- Around line 18-25: Update the README section to match the actual CI workflow:
remove the obsolete "Run Docker container tests" bullet and the "Build
`ospos_test:latest`" line (they no longer exist in build-release.yml), and
replace them with the current steps defined in build-release.yml (e.g., the
actual test job(s) and image build/publish steps such as building `ospos:latest`
and pushing to Docker Hub on master if present); ensure the bullets exactly
reflect the job names and image tags used in build-release.yml so readers aren't
misled by outdated entries.

---

Nitpick comments:
In @.github/workflows/build-release.yml:
- Around line 13-15: The concurrency key currently uses github.head_ref ||
github.run_id which is empty on push events so runs for the same branch won't
cancel; change the group expression to use the push/ref value (e.g.
github.head_ref || github.ref || github.ref_name) instead of falling back to
run_id. Update the concurrency group line (the group: expression) to something
like ${{ github.workflow }}-${{ github.head_ref || github.ref || github.ref_name
}} so branch-based runs cancel correctly while keeping PR behavior intact.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b6e40a74-1b68-4b52-a4fe-6848b70524e4

📥 Commits

Reviewing files that changed from the base of the PR and between f7e8d6e and 4af3685.

📒 Files selected for processing (2)
  • .github/workflows/README.md
  • .github/workflows/build-release.yml

Comment thread .github/workflows/build-release.yml
Comment thread .github/workflows/build-release.yml Outdated
Comment thread .github/workflows/build-release.yml Outdated
Comment thread .github/workflows/build-release.yml Outdated
Comment thread .github/workflows/README.md Outdated
@jekkos jekkos force-pushed the feature/travis-to-github-actions branch from 4af3685 to c57edda Compare March 12, 2026 07:11

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
.github/workflows/build-release.yml (1)

143-148: Artifact upload may silently succeed with empty or partial content.

If archive creation fails (currently masked by continue-on-error), this step still uploads whatever exists in dist/. Consider adding a verification step or removing continue-on-error from the previous step so failures are caught early.

Suggested verification before upload
+      - name: Verify distribution archives
+        run: |
+          VERSION="${{ steps.version.outputs.version }}"
+          SHORT_SHA="${{ steps.version.outputs.short-sha }}"
+          test -f "dist/opensourcepos.$VERSION.$SHORT_SHA.tgz" || { echo "Missing .tgz archive"; exit 1; }
+          test -f "dist/opensourcepos.$VERSION.$SHORT_SHA.zip" || { echo "Missing .zip archive"; exit 1; }
+
       - name: Upload build artifacts
         uses: actions/upload-artifact@v4
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/build-release.yml around lines 143 - 148, The upload step
using actions/upload-artifact@v4 ("Upload build artifacts") can silently upload
an empty/partial dist/ when the prior archive creation is allowed to fail;
either remove the prior step's continue-on-error so failures stop the workflow,
or add a verification step before the "Upload build artifacts" step that checks
dist/ exists and contains expected files (e.g., non-zero size, specific
filenames or a manifest) and fail the job if the check fails, ensuring the
"Upload build artifacts" step only runs when the verification passes.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/build-release.yml:
- Around line 143-148: The upload step using actions/upload-artifact@v4 ("Upload
build artifacts") can silently upload an empty/partial dist/ when the prior
archive creation is allowed to fail; either remove the prior step's
continue-on-error so failures stop the workflow, or add a verification step
before the "Upload build artifacts" step that checks dist/ exists and contains
expected files (e.g., non-zero size, specific filenames or a manifest) and fail
the job if the check fails, ensuring the "Upload build artifacts" step only runs
when the verification passes.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: fe65036d-3ddb-4422-b134-c7fbb2359999

📥 Commits

Reviewing files that changed from the base of the PR and between 4af3685 and c57edda.

📒 Files selected for processing (2)
  • .github/workflows/README.md
  • .github/workflows/build-release.yml

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

♻️ Duplicate comments (3)
.github/workflows/build-release.yml (3)

107-114: ⚠️ Potential issue | 🟠 Major

Fail the workflow when archive creation fails.

gulp compress, the renames, and the whole step are still allowed to fail silently here, but release assumes the ZIP exists. Packaging needs to stay in the success path.

Suggested change
       - name: Create distribution archives
         run: |
+          set -euo pipefail
           gulp compress
           VERSION="${{ steps.version.outputs.version }}"
           SHORT_SHA="${{ steps.version.outputs.short-sha }}"
-          mv dist/opensourcepos.tar.gz "dist/opensourcepos.$VERSION.$SHORT_SHA.tgz" || true
-          mv dist/opensourcepos.zip "dist/opensourcepos.$VERSION.$SHORT_SHA.zip" || true
-        continue-on-error: true
+          mv dist/opensourcepos.tar.gz "dist/opensourcepos.$VERSION.$SHORT_SHA.tgz"
+          mv dist/opensourcepos.zip "dist/opensourcepos.$VERSION.$SHORT_SHA.zip"
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/build-release.yml around lines 107 - 114, The "Create
distribution archives" step currently allows failures to be ignored
(continue-on-error: true) so missing archives won't block the release; change
this by removing continue-on-error and making the shell fail on any command
failure (e.g., enable "set -e" / bash -e behavior) so that "gulp compress", the
subsequent mv commands that use VERSION and SHORT_SHA, and any other errors
cause the job to fail; ensure the step name and commands referencing gulp
compress, VERSION/SHORT_SHA and the mv operations remain, but are executed with
strict failure handling so the workflow fails if archives aren't created or
renamed.

160-161: ⚠️ Potential issue | 🔴 Critical

Let schema import failures fail the test job.

Swallowing the SQL import exit code weakens the test gate: PHPUnit can run against a partially initialized database and still report green for unrelated tests.

Suggested change
-      - name: Initialize database
-        run: docker exec -i mysql mysql -u root -proot ospos < app/Database/database.sql || true
+      - name: Initialize database
+        run: docker exec -i mysql mysql -u root -proot ospos < app/Database/database.sql
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/build-release.yml around lines 160 - 161, The "Initialize
database" workflow step is currently swallowing SQL import failures by appending
"|| true" to the docker exec command; remove the "|| true" so the step returns a
non-zero exit code on failure (i.e., change the run command that executes
"docker exec -i mysql mysql -u root -proot ospos < app/Database/database.sql" to
no longer append "|| true") so schema import failures fail the job and surface
as CI errors.

230-231: ⚠️ Potential issue | 🟠 Major

Upgrade softprops/action-gh-release from @v1.

actionlint already flags this runner as too old for current GitHub Actions runners. Keeping @v1 will break the release job.

Suggested change
-      - name: Create/Update unstable release
-        uses: softprops/action-gh-release@v1
+      - name: Create/Update unstable release
+        uses: softprops/action-gh-release@v2
Is `softprops/action-gh-release@v1` still supported on GitHub-hosted runners, and what major version should be used instead?
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/build-release.yml around lines 230 - 231, The GitHub
Action usage "softprops/action-gh-release@v1" is pinned to an older major and
should be upgraded to the current major release; replace the usage string in the
workflow step that shows "uses: softprops/action-gh-release@v1" with the
maintained major tag (e.g., "uses: softprops/action-gh-release@v2") to ensure
compatibility with current GitHub-hosted runners and silence actionlint; update
any inputs if the action's v2 changed parameter names.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/build-release.yml:
- Around line 71-72: The test job is running vendor/bin/phpunit --testdox but
dev dependencies were removed by the build step's composer install --no-dev
--optimize-autoloader; fix by ensuring the test job sets up PHP (e.g.,
actions/setup-php) and runs composer install without --no-dev (or runs composer
install --dev) before invoking vendor/bin/phpunit --testdox so PHPUnit and other
dev tools are available; update the test job steps to include PHP setup and a
composer install (or restore cached vendor with dev deps) prior to running
phpunit.

In @.github/workflows/README.md:
- Around line 14-16: Update the Testing section wording to accurately reflect
how MariaDB is launched in CI: replace "Run PHPUnit tests with MariaDB service
container" with a phrase indicating MariaDB is started via docker run in
build-release.yml (e.g., "Run PHPUnit tests with MariaDB started via docker run
in build-release.yml"); reference build-release.yml and the phrasing "MariaDB
service container" so reviewers can find and update the exact line in the
README.

---

Duplicate comments:
In @.github/workflows/build-release.yml:
- Around line 107-114: The "Create distribution archives" step currently allows
failures to be ignored (continue-on-error: true) so missing archives won't block
the release; change this by removing continue-on-error and making the shell fail
on any command failure (e.g., enable "set -e" / bash -e behavior) so that "gulp
compress", the subsequent mv commands that use VERSION and SHORT_SHA, and any
other errors cause the job to fail; ensure the step name and commands
referencing gulp compress, VERSION/SHORT_SHA and the mv operations remain, but
are executed with strict failure handling so the workflow fails if archives
aren't created or renamed.
- Around line 160-161: The "Initialize database" workflow step is currently
swallowing SQL import failures by appending "|| true" to the docker exec
command; remove the "|| true" so the step returns a non-zero exit code on
failure (i.e., change the run command that executes "docker exec -i mysql mysql
-u root -proot ospos < app/Database/database.sql" to no longer append "|| true")
so schema import failures fail the job and surface as CI errors.
- Around line 230-231: The GitHub Action usage "softprops/action-gh-release@v1"
is pinned to an older major and should be upgraded to the current major release;
replace the usage string in the workflow step that shows "uses:
softprops/action-gh-release@v1" with the maintained major tag (e.g., "uses:
softprops/action-gh-release@v2") to ensure compatibility with current
GitHub-hosted runners and silence actionlint; update any inputs if the action's
v2 changed parameter names.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7d170461-30b7-40b0-bb25-280b060a8602

📥 Commits

Reviewing files that changed from the base of the PR and between c57edda and b049997.

📒 Files selected for processing (6)
  • .github/workflows/README.md
  • .github/workflows/build-release.yml
  • .travis.yml
  • Dockerfile
  • README.md
  • docker-compose.test.yml
💤 Files with no reviewable changes (3)
  • docker-compose.test.yml
  • .travis.yml
  • Dockerfile

Comment thread .github/workflows/build-release.yml
Comment thread .github/workflows/README.md Outdated
@jekkos jekkos force-pushed the feature/travis-to-github-actions branch from b049997 to 67d19e0 Compare March 13, 2026 21:43

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 5

🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/build-release.yml:
- Around line 165-168: The MariaDB readiness `until` loop (the `until docker
exec mysql mysqladmin ping -h 127.0.0.1 -u root -proot --silent; do` block)
needs a retry cap to avoid hanging CI: introduce a max attempts counter (e.g.
MAX_RETRIES), initialize a attempts=0 before the loop, increment attempts each
iteration and after the sleep check if attempts >= MAX_RETRIES then log a
failure (replacing or alongside the existing "Waiting for MariaDB..." echo) and
exit with non-zero status; ensure the loop still breaks on success so behavior
is unchanged when the DB comes up.
- Around line 213-214: The tags currently hard-code the Docker namespace using
the literals "jekkos/opensourcepos:${{ needs.build.outputs.version-tag }}" and
"jekkos/opensourcepos:latest"; change them to derive the repository from a
workflow variable or context (for example use an input/env like DOCKER_REPO or
compose from github.repository_owner and github.event.repository.name) so the
tag becomes "${{ env.DOCKER_REPO }}:${{ needs.build.outputs.version-tag }}" and
"${{ env.DOCKER_REPO }}:latest" (or the equivalent using github context or
secrets) and ensure the DOCKER_REPO value is populated earlier in the workflow.
- Around line 17-20: The workflow currently grants excessive repo scopes via the
top-level permissions block (permissions: contents: write and packages: write);
remove the unnecessary packages: write and revert contents to the default
read-only (or remove the top-level permissions block entirely) and instead grant
elevated write permissions only in the release job step that needs them (e.g.,
add a job-level permissions override for the release job). Update references to
the top-level permissions block and the release job configuration so only the
release job has write access while all other jobs run with least-privilege
read-only access.

In @.github/workflows/README.md:
- Around line 18-20: Update the README wording so the documented Docker image
names match the workflow output: replace the `ospos:latest` mention with the
actual image names/tags used by the release workflow (e.g.,
`jekkos/opensourcepos` with both `:latest` and version tags) and ensure the line
describing multi-arch build/push reflects the behavior in `build-release.yml`;
specifically adjust the string `ospos:latest` to `jekkos/opensourcepos` and
mention both the version tag and `latest` tag.

In `@README.md`:
- Line 143: Update the README credits sentence that currently reads "Many thanks
to [GitHub](https://github.com) for providing free continuous integration via
GitHub Actions for open source projects." to use the hyphenated form
"open-source projects"; locate the exact table cell containing that phrase and
replace "open source" with "open-source" so the sentence becomes grammatically
correct.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a14faa84-9964-4bba-b2a7-0006313f5724

📥 Commits

Reviewing files that changed from the base of the PR and between b049997 and 67d19e0.

📒 Files selected for processing (6)
  • .github/workflows/README.md
  • .github/workflows/build-release.yml
  • .travis.yml
  • Dockerfile
  • README.md
  • docker-compose.test.yml
💤 Files with no reviewable changes (3)
  • .travis.yml
  • Dockerfile
  • docker-compose.test.yml

Comment thread .github/workflows/build-release.yml
Comment thread .github/workflows/build-release.yml Outdated
Comment thread .github/workflows/build-release.yml Outdated
Comment thread .github/workflows/README.md Outdated
Comment thread README.md Outdated
@jekkos jekkos force-pushed the feature/travis-to-github-actions branch from 67d19e0 to 2c1ae0d Compare March 14, 2026 15:36

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

♻️ Duplicate comments (3)
.github/workflows/build-release.yml (3)

155-168: ⚠️ Potential issue | 🟠 Major

Cap the MariaDB wait loop.

If docker run fails or MariaDB never becomes ready, this step waits until the job timeout. Bound the retries and dump container logs on failure so the job fails quickly and leaves a useful trace.

Suggested change
       - name: Start MariaDB
         run: |
           docker run -d --name mysql \
             -e MYSQL_ROOT_PASSWORD=root \
             -e MYSQL_DATABASE=ospos \
             -e MYSQL_USER=admin \
             -e MYSQL_PASSWORD=pointofsale \
             -p 3306:3306 \
             mariadb:10.5
           
-          until docker exec mysql mysqladmin ping -h 127.0.0.1 -u root -proot --silent; do
-            echo "Waiting for MariaDB..."
-            sleep 2
-          done
+          for i in {1..60}; do
+            if docker exec mysql mysqladmin ping -h 127.0.0.1 -u root -proot --silent; then
+              break
+            fi
+            echo "Waiting for MariaDB... ($i/60)"
+            sleep 2
+          done
+          docker exec mysql mysqladmin ping -h 127.0.0.1 -u root -proot --silent || {
+            echo "MariaDB failed to become ready"
+            docker logs mysql || true
+            exit 1
+          }
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/build-release.yml around lines 155 - 168, The "Start
MariaDB" step uses an unbounded until loop (until docker exec mysql mysqladmin
ping ...) which can hang the job; modify that step to cap retries by adding a
counter and max attempts (e.g., MAX_RETRIES) and break with failure when
exceeded, and on failure run docker logs mysql to dump container output before
exiting non-zero so CI fails fast and provides diagnostics; keep the container
name "mysql" and the same mysqladmin check but wrap it in the bounded loop and
ensure the step exits with a non-zero status when max retries are reached.

17-20: ⚠️ Potential issue | 🟠 Major

Reduce the default token permissions.

packages: write is unused here, and repo-wide contents: write gives the build/test jobs mutation rights they do not need. Keep the workflow read-only by default and grant contents: write only in release.

Suggested change
 permissions:
-  contents: write
-  packages: write
+  contents: read
   release:
     name: Create Release
     needs: [build, test]
     runs-on: ubuntu-22.04
     if: github.event_name == 'push' && github.ref == 'refs/heads/master'
+    permissions:
+      contents: write

Also applies to: 216-220

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/build-release.yml around lines 17 - 20, Change the
workflow's default permissions to read-only by removing or changing "packages:
write" and changing "contents: write" to "contents: read" in the top-level
permissions block, and instead grant "contents: write" only inside the release
job/step that needs to publish (update the release job's permissions to include
contents: write); apply the same edits for the other permissions block instance
referenced (lines 216-220) so the build/test jobs run with least privilege.

205-214: ⚠️ Potential issue | 🟠 Major

Derive the Docker repository from configuration.

The job logs in with DOCKER_USERNAME but still pushes to jekkos/opensourcepos, so any other credentials will authenticate and then fail at push time. Pull the namespace from a variable or secret instead; that also keeps the workflow README aligned with the actual image name.

Suggested change
       - name: Build and push Docker images
         uses: docker/build-push-action@v5
+        env:
+          DOCKER_REPO: ${{ secrets.DOCKER_USERNAME }}/opensourcepos
         with:
           context: .
           target: ospos
           platforms: linux/amd64,linux/arm64
           push: true
           tags: |
-            jekkos/opensourcepos:${{ needs.build.outputs.version-tag }}
-            jekkos/opensourcepos:latest
+            ${{ env.DOCKER_REPO }}:${{ needs.build.outputs.version-tag }}
+            ${{ env.DOCKER_REPO }}:latest
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/build-release.yml around lines 205 - 214, Replace the
hardcoded Docker namespace in the "Build and push Docker images" step tags with
a repository namespace variable/secret (e.g., use an env or secret like
DOCKER_REPOSITORY/DOCKER_NAMESPACE) so the action pushes to the configured repo
rather than "jekkos/opensourcepos"; update the tags under the step (the lines
referencing jekkos/opensourcepos:${{ ... }} and jekkos/opensourcepos:latest) to
use that variable, ensure the workflow sets that variable/secret (and that it
aligns with DOCKER_USERNAME credentials used for login), and update any
README/workflow docs referencing the image name to use the same variable.
🧹 Nitpick comments (1)
.github/workflows/build-release.yml (1)

13-15: Use a PR-scoped concurrency key.

For pull_request events, github.head_ref is only the source branch name, so two fork PRs with the same branch name can cancel each other. Prefer the PR number (or include the head repo) so cancellations stay scoped to one PR.

Suggested change
 concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/build-release.yml around lines 13 - 15, The concurrency
group uses github.head_ref which can collide across forked PRs; update the
concurrency group expression (the concurrency: group: value) to include a
PR-scoped identifier such as github.event.pull_request.number or the head repo
(e.g., github.head_repository) so the key is unique per PR (for example combine
github.workflow, github.event.pull_request.number and github.head_ref or include
github.head_repository) to prevent different PRs with the same branch name from
cancelling each other.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In @.github/workflows/build-release.yml:
- Around line 155-168: The "Start MariaDB" step uses an unbounded until loop
(until docker exec mysql mysqladmin ping ...) which can hang the job; modify
that step to cap retries by adding a counter and max attempts (e.g.,
MAX_RETRIES) and break with failure when exceeded, and on failure run docker
logs mysql to dump container output before exiting non-zero so CI fails fast and
provides diagnostics; keep the container name "mysql" and the same mysqladmin
check but wrap it in the bounded loop and ensure the step exits with a non-zero
status when max retries are reached.
- Around line 17-20: Change the workflow's default permissions to read-only by
removing or changing "packages: write" and changing "contents: write" to
"contents: read" in the top-level permissions block, and instead grant
"contents: write" only inside the release job/step that needs to publish (update
the release job's permissions to include contents: write); apply the same edits
for the other permissions block instance referenced (lines 216-220) so the
build/test jobs run with least privilege.
- Around line 205-214: Replace the hardcoded Docker namespace in the "Build and
push Docker images" step tags with a repository namespace variable/secret (e.g.,
use an env or secret like DOCKER_REPOSITORY/DOCKER_NAMESPACE) so the action
pushes to the configured repo rather than "jekkos/opensourcepos"; update the
tags under the step (the lines referencing jekkos/opensourcepos:${{ ... }} and
jekkos/opensourcepos:latest) to use that variable, ensure the workflow sets that
variable/secret (and that it aligns with DOCKER_USERNAME credentials used for
login), and update any README/workflow docs referencing the image name to use
the same variable.

---

Nitpick comments:
In @.github/workflows/build-release.yml:
- Around line 13-15: The concurrency group uses github.head_ref which can
collide across forked PRs; update the concurrency group expression (the
concurrency: group: value) to include a PR-scoped identifier such as
github.event.pull_request.number or the head repo (e.g., github.head_repository)
so the key is unique per PR (for example combine github.workflow,
github.event.pull_request.number and github.head_ref or include
github.head_repository) to prevent different PRs with the same branch name from
cancelling each other.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f96f7389-246d-4557-8f96-01c3a6a3678f

📥 Commits

Reviewing files that changed from the base of the PR and between 67d19e0 and 2c1ae0d.

📒 Files selected for processing (6)
  • .github/workflows/README.md
  • .github/workflows/build-release.yml
  • .travis.yml
  • Dockerfile
  • README.md
  • docker-compose.test.yml
💤 Files with no reviewable changes (3)
  • Dockerfile
  • .travis.yml
  • docker-compose.test.yml

@jekkos jekkos force-pushed the feature/travis-to-github-actions branch 2 times, most recently from 13a2f73 to d12b79a Compare March 17, 2026 06:21
Comment thread app/Database/Migrations/sqlscripts/initial_schema.sql
Comment thread app/Database/Migrations/20170501000000_initial_schema.php
Comment thread app/Helpers/tabular_helper.php Outdated
Comment thread app/Models/Attribute.php
Comment thread app/Models/Item.php Outdated
Comment thread INSTALL.md Outdated
@jekkos

jekkos commented Mar 19, 2026

Copy link
Copy Markdown
Member Author

Seems that we have ran out of credits on Travis with the recent flurry of activity here. Time to try and get this merged.

- Convert Travis CI configuration to GitHub Actions workflows
- Add multi-arch Docker builds (amd64/arm64)
- Implement initial schema migration for fresh database installs
- Add multi-attribute search with AND logic and sort by attribute columns
- Address various PR review feedback and formatting fixes
@jekkos jekkos force-pushed the feature/travis-to-github-actions branch from 3408249 to a18dde4 Compare March 19, 2026 21:34
objecttothis
objecttothis previously approved these changes Mar 20, 2026

@objecttothis objecttothis left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See my comment about thoughts on what to do with the old database.sql, tables.sql and constraints.sql and decide on that before merging.

Comment thread app/Database/Migrations/sqlscripts/initial_schema.sql
These files have been replaced by initial_schema.sql which is now the
authoritative source for the database schema. The initial migration
loads this schema on fresh installs.

- Remove app/Database/tables.sql
- Remove app/Database/constraints.sql
- Schema is frozen in app/Database/Migrations/sqlscripts/initial_schema.sql
The build-database task previously concatenated tables.sql and constraints.sql
into database.sql. Since we now use initial_schema.sql directly in migrations,
this task is no longer needed.

- Remove gulp task 'build-database'
- Keep all other build tasks intact
@jekkos jekkos force-pushed the feature/travis-to-github-actions branch from 6fea9c3 to 3f6953d Compare March 22, 2026 19:20
objecttothis
objecttothis previously approved these changes Mar 23, 2026
@jekkos jekkos force-pushed the feature/travis-to-github-actions branch from 3f6953d to 6fea9c3 Compare March 24, 2026 07:19
objecttothis
objecttothis previously approved these changes Mar 24, 2026

@objecttothis objecttothis left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just the one question. I'll approve and if that change needs to be in there then go ahead and keep it.

$input = '%Y-%q-%bad';
$result = $this->tokenLib->render($input, [], false);
$this->assertMatchesRegularExpression('/\d{4}-%q-%bad/', $result);
$this->assertMatchesRegularExpression('/\d{4}-%q-[A-Za-z]{3}ad/', $result);

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change seems to be unrelated to the changeset in this PR. Was this intentionally committed? It's OK if it just needs to be injected in because it was forgotten in a merged PR, but I wanted to ask in case it wasn't intentional.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was required to make the tests pass.

- Combine RUN commands to reduce layers
- Add --no-install-recommends and clean apt cache
- Use COPY --chown to set ownership during copy
- Update .dockerignore to exclude dev files and build configs

Saves ~260MB (21%) in image size
@jekkos

jekkos commented Mar 24, 2026

Copy link
Copy Markdown
Member Author

Docker Image Optimization

This PR includes Docker image size optimizations:

Metric Before After Savings
Image size 1.22GB 959MB 261MB (21%)
Compressed 290MB 240MB 50MB (17%)

Changes made:

Dockerfile:

  • Combined 5 RUN commands into 2 (fewer layers)
  • Added --no-install-recommends to apt-get
  • Added apt-get clean && rm -rf /var/lib/apt/lists/* to clean cache
  • Used COPY --chown=www-data:www-data to set ownership during copy

.dockerignore:

  • Excludes tests/, branding/, .github/, build/
  • Excludes build configs (composer.json, package.json, etc.)
  • Excludes dev tools (phpunit.xml, .php-cs-fixer.*, phpstan.neon)
  • Excludes documentation (*.md except LICENSE)

Verified: Container starts successfully and responds with HTTP 200.

The tests/phpunit.xml was incomplete - it only configured helpers and
Libraries testsuites, while phpunit.xml.dist at root contains all tests.
PHPUnit was likely using the incomplete config, resulting in empty test
results.
@jekkos jekkos merged commit 5667027 into master Apr 1, 2026
13 checks passed
@jekkos

jekkos commented Apr 1, 2026

Copy link
Copy Markdown
Member Author

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants