[CMSP-726] switch to gha

.github/workflows/publish.yml

@@ -0,0 +1,41 @@
+name: Deploy
+on:
+  repository_dispatch:
+    types: [tests-passed]
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '7.4'
+      - name: Get tag name
+        id: tag_name
+        run: echo ::set-output name=tag::${GITHUB_REF#refs/tags/}
+      - name: Publish Release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ steps.tag_name.outputs.tag }}
+          release_name: ${{ steps.tag_name.outputs.tag }}
+          body: Version ${{ steps.tag_name.outputs.tag }}
+          draft: false
+          prerelease: false
+      - name: Build phar
+        run: |
+          composer install
+          composer phar:build
+      - name: Upload Release Asset
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./update-tool.phar
+          asset_name: update-tool.phar
+          asset_content_type: application/octet-stream

.github/workflows/test.yml

@@ -0,0 +1,76 @@
+name: Test
+on:
+  pull_request:
+  push:
+    tags:
+      - '*'
+
+permissions: write-all
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    services:
+      mariadb:
+        image: mariadb:10.5
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set PHP version
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 7.4
+      - name: Setup MySQL
+        run: |
+          sudo systemctl start mysql
+          mysqladmin -h 127.0.0.1 -u root -proot status
+          echo "Setting the root password to empty"
+          mysql -h 127.0.0.1 -u root -proot -e "USE mysql; UPDATE user SET authentication_string='' WHERE User='root'; FLUSH PRIVILEGES;"
+          echo "Testing blank password"
+          mysqladmin -h 127.0.0.1 -u root status
+      - name: Install Composer Dependencies
+        run: composer install --prefer-dist --no-progress --no-suggest
+      - name: Install SSH key
+        uses: webfactory/[email protected]
+        with:
+          ssh-private-key: ${{ secrets.PANTHEON_UPSTREAM_SSH_KEY }}
+      - name: Unset GitHub Tokens
+        shell: bash
+        run: |
+          unset GITHUB_TOKEN
+          unset GH_TOKEN
+      - name: Run Update Tool Whoami
+        shell: bash
+        env:
+          GITHUB_TOKEN: ${{ secrets.PANTHEON_UPSTREAM_AUTH_TOKEN }}
+          GH_TOKEN: ${{ secrets.PANTHEON_UPSTREAM_AUTH_TOKEN }}
+        run: |
+          echo "Set git config"
+          git config --global user.email "[email protected]"
+          git config --global user.name "Pantheon Automation"
+          echo "Login with gh auth"
+          # gh auth login
+          gh auth status
+          ./update-tool whoami
+      - name: Install WP-CLI
+        run: |
+          curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
+          chmod +x wp-cli.phar
+          sudo mv wp-cli.phar /usr/local/bin/wp
+          wp --info
+      - name: Run tests
+        env:
+          GITHUB_TOKEN: ${{ secrets.PANTHEON_UPSTREAM_AUTH_TOKEN }}
+          GH_TOKEN: ${{ secrets.PANTHEON_UPSTREAM_AUTH_TOKEN }}
+          DB_USER: root
+          DB_NAME: updatinate-wp-db
+        run: composer test
+  send-dispatch:
+    if: startsWith(github.ref, 'refs/tags/')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Send Dispatch
+        uses: peter-evans/repository-dispatch@v1
+        with:
+          token: ${{ secrets.PANTHEON_UPSTREAM_AUTH_TOKEN }}
+          repository: pantheon-systems/update-tool
+          event-type: tests-passed

README.md

@@ -2,7 +2,7 @@
 
 Fast and smart. Update Tool checks for available software updates and creates pull requests.
 
-[![CircleCI](https://dl.circleci.com/status-badge/img/gh/pantheon-systems/update-tool/tree/master.svg?style=svg)](https://dl.circleci.com/status-badge/redirect/gh/pantheon-systems/update-tool/tree/master)
+[![Test](https://github.com/pantheon-systems/update-tool/actions/workflows/test.yml/badge.svg)](https://github.com/pantheon-systems/update-tool/actions/workflows/test.yml)
 [![Actively Maintained](https://img.shields.io/badge/Pantheon-Actively_Maintained-yellow?logo=pantheon&color=FFDC28)](https://pantheon.io/docs/oss-support-levels#actively-maintained-support)
 [![License](https://img.shields.io/badge/license-MIT-408677.svg)](LICENSE)
 
@@ -29,7 +29,7 @@ The authentication credentials you will need can be found in the production Vaul
 
 *Production:* In production, this tool uses the credentials defined in the [pantheon-systems/updatinator](https://github.com/pantheon-systems/updatinator) project.
 
-*Testing:* CircleCI needs a GitHub token for a service account that has access to the projects in the [test-configurations.yml](tests/fixtures/home/test-configuration.yml) fixtures file. Currently, the github user pantheon-ci-bot is being used. Access it via:
+*Testing:* GitHub Actions needs a GitHub token for a service account that has access to the projects in the [test-configurations.yml](tests/fixtures/home/test-configuration.yml) fixtures file. Currently, the GitHub user `pantheon-ci-bot` is being used. Access it via:
 
 ```
 pvault production read secret/github/access-tokens/pantheon-ci-bot
@@ -57,10 +57,10 @@ The test suite may be run locally by way of some simple composer scripts:
 
 ### Releasing
 
-To release a new version of the Update Tool, run:
+To release a new version of the Update Tool, simply create a new tag at the appropriate version. This will trigger the tests to run again. Assuming the tests pass, that send a release dispatch that triggers another GitHub Action to publish the release and upload the `update-tool.phar` to the release.
 
-- `composer release`
+Rebuild [pantheon-systems/docker-updatinator](https://github.com/pantheon-systems/docker-updatinator) to deploy a new version of the tool to the automation processes.
 
-This will release a stable version of whatever is indicated in the VERSION file. e.g. if VERSION contains `1.0.3-dev`, then version `1.0.3` will be tagged and released, and the VERSION file will be updated to `1.0.4-dev`. To release version `1.1.0` instead, manually edit the VERSION file to `1.1.0-dev` and then run `composer release`.
+Alternately, you can use the Composer script `composer release`.
 
-The update-tool.phar file will be uploaded to GitHub on every release. Rebuild [pantheon-systems/docker-updatinator](https://github.com/pantheon-systems/docker-updatinator) to deploy a new version of the tool to the automation processes.
+This will release a stable version of whatever is indicated in the VERSION file. e.g. if VERSION contains `1.0.3-dev`, then version `1.0.3` will be tagged and released, and the VERSION file will be updated to `1.0.4-dev`. To release version `1.1.0` instead, manually edit the VERSION file to `1.1.0-dev` and then run `composer release`. This requires maintaining the `VERSION` file which historically has not been consistently updated, and simply creating the tag and allowing automation to handle the release is a more straightforward process.