Merge branch 'meals-beta' into feature/menu-participants #1841
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches-ignore: | |
- 'dependabot/**' | |
tags: | |
- 'v*' | |
pull_request: | |
branches-ignore: | |
- 'dependabot/**' | |
workflow_dispatch: | |
concurrency: | |
group: ci-${{ github.head_ref }} | |
cancel-in-progress: true | |
jobs: | |
test-cgl: | |
name: Coding Guidelines Check | |
runs-on: ubuntu-latest | |
continue-on-error: false | |
env: | |
PHP_CS_FIXER_FUTURE_MODE: 1 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Setup PHP environment | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: '7.4' | |
tools: composer:v2 | |
- name: Check code formatting with PHP-CS-Fixer | |
run: | | |
rm composer.json composer.lock | |
composer require friendsofphp/php-cs-fixer:3.4 | |
vendor/bin/php-cs-fixer fix --config=.php-cs-fixer.dist --diff --dry-run -v | |
lint: | |
name: FE Asset Linting | |
runs-on: ubuntu-latest | |
continue-on-error: false | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
- name: Cache node_modules | |
uses: actions/cache@v3 | |
with: | |
path: '**/node_modules' | |
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }} | |
- name: Install npm packages | |
working-directory: ./src/Resources | |
run: yarn install | |
- name: Run FE linters | |
working-directory: ./src/Resources | |
run: yarn lint | |
phpmd: | |
name: PHPMD | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup PHP environment | |
uses: shivammathur/setup-php@v2 | |
with: | |
coverage: none | |
tools: phpmd | |
- name: Run PHPMD | |
run: phpmd src github ./phpmd.xml --baseline-file ./phpmd.baseline.xml --exclude */Tests/* | |
psalm: | |
name: Static Code Analysis | |
runs-on: ubuntu-latest | |
continue-on-error: false | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup PHP environment | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: '7.4' | |
tools: composer | |
- name: Run composer install | |
run: composer install -n --prefer-dist | |
- name: Run Psalm | |
run: ./vendor/bin/psalm | |
testFrontendUnitFunctional: | |
name: Run frontend unit- and functional-tests | |
runs-on: ubuntu-latest | |
continue-on-error: false | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
- name: Cache node_modules | |
uses: actions/cache@v3 | |
with: | |
path: '**/node_modules' | |
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }} | |
- name: Install npm packages | |
working-directory: ./src/Resources | |
run: yarn install | |
- name: Run FE jest suite | |
working-directory: ./src/Resources | |
run: yarn test | |
buildImages: | |
name: Build Docker Images | |
runs-on: ubuntu-latest | |
needs: [test-cgl, psalm] | |
steps: | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 10 | |
- name: Prepare build | |
run: | | |
mkdir -p /tmp/docker/buildx | |
git log -n 10 --date=short --format=format:"%C(auto)%h %ad @%al %s" >> public/changelog.txt | |
- name: Setup docker build caches | |
uses: actions/cache@v3 | |
with: | |
key: ${{ runner.os }}-buildx | |
path: /tmp/docker/buildx | |
- name: Login to DockerHub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
# Production image | |
- name: Get Docker meta for production image | |
id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: aoepeople/meals | |
tags: | | |
type=sha | |
type=ref,event=branch | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=edge,branch=master | |
- name: Build and push production image | |
id: build_latest | |
uses: docker/build-push-action@v4 | |
with: | |
context: . | |
push: false | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: | | |
aoepeople/meals:edge | |
type=local,src=/tmp/docker/buildx | |
cache-to: type=local,dest=/tmp/docker/buildx | |
outputs: type=docker,dest=/tmp/docker/app.tar | |
# Development image | |
- name: Get Docker meta for development | |
id: devmeta | |
uses: docker/metadata-action@v4 | |
with: | |
images: aoepeople/meals | |
flavor: | | |
suffix=-dev | |
tags: | | |
type=sha | |
type=ref,event=branch | |
- name: Build and push development image | |
id: build_dev | |
uses: docker/build-push-action@v4 | |
with: | |
file: Dockerfile | |
push: false | |
tags: ${{ steps.devmeta.outputs.tags }} | |
labels: ${{ steps.devmeta.outputs.labels }} | |
build-args: | | |
BUILD_DEV="true" | |
cache-from: | | |
aoepeople/meals:edge-dev | |
type=local,src=/tmp/docker/buildx | |
cache-to: type=local,dest=/tmp/docker/buildx | |
outputs: type=docker,dest=/tmp/docker/dev.tar | |
# Upload artifacts | |
- name: Upload docker images | |
uses: actions/upload-artifact@v3 | |
with: | |
name: docker-images | |
path: /tmp/docker/*.tar | |
outputs: | |
image: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} | |
images: ${{ join(steps.meta.outputs.tags, ' ') }} | |
imageDev: ${{ fromJSON(steps.devmeta.outputs.json).tags[0] }} | |
imagesDev: ${{ join(steps.devmeta.outputs.tags, ' ') }} | |
testBackendUnitFunctional: | |
name: Run backend unit- and functional-tests | |
needs: [ buildImages ] | |
runs-on: ubuntu-latest | |
env: | |
SERVICE: app # use `dev` to enable xdebug and code coverage | |
IMAGE_APP: ${{ needs.buildImages.outputs.image }} | |
IMAGE_DEV: ${{ needs.buildImages.outputs.imageDev }} | |
COMPOSE_INTERACTIVE_NO_CLI: true | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- uses: actions/checkout@v3 | |
- name: Download docker images | |
uses: actions/download-artifact@v3 | |
with: | |
name: docker-images | |
path: /tmp/docker | |
- name: Import docker image | |
run: | | |
docker load --input /tmp/docker/app.tar | |
docker load --input /tmp/docker/dev.tar | |
docker image ls -a | grep aoepeople | |
- name: Test with docker compose | |
run: | | |
mkdir build | |
docker-compose -f docker-compose-test.yaml up --abort-on-container-exit | |
docker-compose -f docker-compose-test.yaml down --remove-orphans | |
- name: Upload coverage report artifact | |
uses: actions/upload-artifact@v3 | |
if: always() | |
with: | |
name: reports | |
path: build/artifacts/qa/ | |
- name: Publish unit-test results | |
uses: mikepenz/action-junit-report@v3 | |
if: always() | |
with: | |
report_paths: 'build/artifacts/qa/*.xml' | |
publish: | |
name: Publish | |
if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v') }} | |
needs: [ buildImages, testBackendUnitFunctional, testFrontendUnitFunctional ] | |
runs-on: ubuntu-latest | |
env: | |
IMAGES_APP: ${{ needs.buildImages.outputs.images }} | |
IMAGES_DEV: ${{ needs.buildImages.outputs.imagesDev }} | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Login to DockerHub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Download docker images | |
uses: actions/download-artifact@v3 | |
with: | |
name: docker-images | |
path: /tmp/docker | |
- name: Import docker image | |
run: | | |
docker load --input /tmp/docker/app.tar | |
docker load --input /tmp/docker/dev.tar | |
docker image ls -a | grep aoepeople | |
- name: Deploy images | |
run: | | |
for tag in $IMAGES_APP; do | |
if [[ $tag = *sha-* ]]; then | |
continue; | |
fi | |
docker push $tag; | |
done | |
for tag in $IMAGES_DEV; do | |
if [[ $tag = *sha-* ]]; then | |
continue; | |
fi | |
docker push $tag; | |
done | |
- name: Image digest | |
id: image_digest | |
env: | |
IMAGE: ${{ needs.buildImages.outputs.image }} | |
run: | | |
docker pull $IMAGE | |
echo "digest=$(docker inspect $IMAGE | jq -r '.[0].RepoDigests[0]' | cut -d'@' -f2)" >> $GITHUB_OUTPUT | |
- name: Delete docker image artifact | |
uses: geekyeggo/delete-artifact@v1 | |
with: | |
name: docker-images | |
outputs: | |
imageDigest: ${{ steps.image_digest.outputs.digest }} | |
snyk: | |
name: Scan vulnerabilities | |
if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v') }} | |
needs: [ publish, buildImages ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Run Snyk to check Docker image for vulnerabilities | |
# Snyk can be used to break the build when it detects vulnerabilities. | |
# In this case we want to upload the issues to GitHub Code Scanning | |
continue-on-error: true | |
uses: snyk/actions/docker@master | |
env: | |
# In order to use the Snyk Action you will need to have a Snyk API token. | |
# More details in https://github.com/snyk/actions#getting-your-snyk-token | |
# or you can signup for free at https://snyk.io/login | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
image: ${{ needs.buildImages.outputs.image }} | |
args: --file=Dockerfile | |
- name: Upload result to GitHub Code Scanning | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: snyk.sarif | |
deploy: | |
name: Deploy and notify | |
needs: [ publish, buildImages ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Deploy to staging environment | |
env: | |
IMAGE_TAG: ${{ needs.buildImages.outputs.image }} | |
IMAGE_DIGEST: ${{ needs.publish.outputs.imageDigest }} | |
GITLAB_K8S_IT_TRIGGER: ${{ secrets.GITLAB_K8S_IT_TRIGGER }} | |
run: | | |
curl -X POST \ | |
-F "ref=develop" \ | |
-F "variables[IMAGE_TAG]=$IMAGE_TAG" \ | |
-F "variables[IMAGE_DIGEST]=$IMAGE_DIGEST" \ | |
-F "token=$GITLAB_K8S_IT_TRIGGER" \ | |
https://gitlab.aoe.com/api/v4/projects/2872/trigger/pipeline | |
- name: Notify team | |
env: | |
COMMIT_MSG: ${{ github.event.head_commit.message }} | |
MATTERMOST_HOOK_URL: ${{ secrets.MATTERMOST_HOOK_URL }} | |
run: | | |
curl --silent -i -X POST -H 'Content-Type: application/json' \ | |
-d '{"text": "Triggered deployment of `meals-staging.aoe.com@'"$GITHUB_SHA"'`\n> '"$COMMIT_MSG"'"}' \ | |
$MATTERMOST_HOOK_URL |