Skip to content

Commit

Permalink
Run CI & security check using GitHub actions
Browse files Browse the repository at this point in the history
  • Loading branch information
marmichalski committed Dec 14, 2023
1 parent c384362 commit 974b449
Show file tree
Hide file tree
Showing 9 changed files with 193 additions and 148 deletions.
3 changes: 3 additions & 0 deletions .editorconfig
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,6 @@ max_line_length = 160
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true

[{*.yml,*.yaml}]
indent_size = 2
23 changes: 23 additions & 0 deletions .github/workflows/security.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
on:
schedule:
- cron: '0 12 * * *'
workflow_dispatch:

jobs:
job:
name: "Security"
runs-on: "ubuntu-latest"

steps:
- name: "Checkout"
uses: "actions/checkout@v4"
with:
show-progress: false

- name: "Setup PHP"
uses: "shivammathur/setup-php@v2"
with:
php-version: '7.4.1'

- name: "Run composer audit"
run: "composer audit --no-dev --locked"
93 changes: 93 additions & 0 deletions .github/workflows/tests.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
name: "Tests"

concurrency:
group: "tests-${{ github.head_ref || github.run_id }}"
cancel-in-progress: true

on:
pull_request:
push:
branches: [master]

jobs:
tests:
name: "PHP ${{ matrix.php-version }}"
runs-on: "ubuntu-latest"
container:
image: "php:${{ matrix.php-version }}-fpm-alpine"
env:
DATABASE_URL: postgresql://main:main@postgresql:5432/main?serverVersion=11&charset=utf8
services:
postgresql:
image: "postgres:11.7-alpine"
env:
POSTGRES_USER: main
POSTGRES_PASSWORD: main
POSTGRES_DB: main

strategy:
fail-fast: false
matrix:
php-version:
- "7.4.1"

steps:
- name: "Install OS dependencies"
run: "apk add --no-cache bash git icu-dev libzip-dev unzip zip"

- name: "Install PHP extensions"
shell: bash
run: |
wget https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions --quiet -O /usr/local/bin/install-php-extensions
chmod +x /usr/local/bin/install-php-extensions && sync
install-php-extensions intl pdo_pgsql zip
- name: "Install composer"
run: "curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer --version=2.6.5"

- name: "Checkout"
uses: "actions/checkout@v4"
with:
show-progress: false

- name: "Install composer dependencies"
uses: "ramsey/composer-install@v2"

- name: "Validate composer dependencies"
run: "composer validate"

- name: "Check code style"
run: "composer check-cs"

- name: "Run PHPStan"
run: "composer phpstan"

- name: "Lint twig"
run: "bin/console lint:twig templates --show-deprecations"

- name: "Run migrations"
run: "bin/console doctrine:migrations:migrate --no-interaction"

- name: "Setup messenger transports"
run: "bin/console messenger:setup-transports"

- name: "Validate database schema"
run: "bin/console doctrine:schema:validate"

- name: "Set git committer info"
shell: bash
run: |
git config --global user.email ${GITHUB_ACTOR_ID}[email protected]
git config --global user.name $GITHUB_ACTOR
- name: "Run unit tests"
run: "composer phpunit:unit"

- name: "Run integration tests"
run: "composer phpunit:integration"

- name: "Run functional tests"
run: "composer phpunit:functional"

- name: "Warmup prod cache"
run: "bin/console cache:warmup --env=prod"
105 changes: 0 additions & 105 deletions buddy.yml
Original file line number Diff line number Diff line change
@@ -1,108 +1,3 @@
- pipeline: "test"
trigger_mode: "ON_EVERY_PUSH"
ref_name: "refs/*"
ref_type: "WILDCARD"
fetch_all_refs: true
trigger_condition: "ALWAYS"
actions:
- action: "Execute: composer tests"
type: "BUILD"
working_directory: "/buddy/repman"
docker_image_name: "library/php"
docker_image_tag: "7.4.1"
execute_commands:
- "composer validate"
- "composer install"
- "rm -rf var/cache"
- "composer reset-db"
- "composer tests"
- "bash <(curl -s https://codecov.io/bash)"
setup_commands:
- "apt-get update && apt-get install -y git zip"
- "curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer"
- ""
- "# php ext pdo_pgsql"
- "apt-get install -y libpq-dev"
- "docker-php-ext-configure pdo_pgsql --with-pdo-pgsql"
- "docker-php-ext-install pdo_pgsql"
- ""
- "# coverage driver"
- "pecl install pcov && docker-php-ext-enable pcov"
- ""
- "# intl"
- "apt-get install -y libicu-dev && \\"
- " docker-php-ext-configure intl && \\"
- " docker-php-ext-install intl"
- ""
- "# zip"
- "apt-get install -y zip unzip libzip-dev"
- "docker-php-ext-configure zip"
- "docker-php-ext-install zip"
- " "
- "echo \"memory_limit=-1\" >> /usr/local/etc/php/conf.d/buddy.ini"
- "git config --global user.email \"[email protected]\""
"git config --global user.name \"buddy.works\""
services:
- type: "POSTGRE_SQL"
version: "11.6-alpine"
connection:
host: "postgres"
port: 5432
user: "main"
password: "main"
db: "main"
volume_mappings:
- "/:/buddy/repman"
trigger_condition: "ALWAYS"
shell: "BASH"
- action: "Run repman/deploy"
type: "RUN_NEXT_PIPELINE"
comment: "Triggered by $BUDDY_PIPELINE_NAME execution #$BUDDY_EXECUTION_ID"
trigger_condition: "VAR_IS"
trigger_variable_value: "master"
trigger_variable_key: "BUDDY_EXECUTION_BRANCH"
revision: "INHERIT"
next_project_name: "repman"
next_pipeline_name: "deploy"
variables:
- key: "DATABASE_URL"
value: "postgresql://main:main@postgres:5432/main?serverVersion=11&charset=utf8"
id: 352921
description: ""
- pipeline: "security"
trigger_mode: "SCHEDULED"
ref_name: "master"
ref_type: "BRANCH"
priority: "NORMAL"
start_date: "2020-02-05T07:00:00Z"
delay: 1440
fetch_all_refs: true
trigger_condition: "ALWAYS"
actions:
- action: "Execute: composer security"
type: "BUILD"
working_directory: "/buddy/repman"
docker_image_name: "library/php"
docker_image_tag: "7.4.1"
execute_commands:
- "/local-php-security-checker"
setup_commands:
- "curl -L https://github.com/fabpot/local-php-security-checker/releases/download/v1.0.0/local-php-security-checker_1.0.0_linux_amd64 --output local-php-security-checker"
- "chmod 0755 local-php-security-checker"
volume_mappings:
- "/:/buddy/repman"
trigger_condition: "ALWAYS"
shell: "BASH"
- action: "Send notification to Telegram"
type: "TELEGRAM"
trigger_time: "ON_FAILURE"
content: "[#$BUDDY_EXECUTION_ID] $BUDDY_PIPELINE_NAME failed execution by [$BUDDY_INVOKER_NAME]($BUDDY_INVOKER_URL)"
parse_mode: "MARKDOWN"
trigger_condition: "ALWAYS"
integration_hash: "5f4f3794fd5a7366872df494"
variables:
- key: "DATABASE_URL"
value: "postgresql://main:main@postgres:5432/main?serverVersion=11&charset=utf8"
- pipeline: "setup"
trigger_mode: "MANUAL"
ref_name: "refs/heads/*"
Expand Down
15 changes: 13 additions & 2 deletions composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -164,10 +164,21 @@
],
"phpstan": [
"bin/console cache:clear --env=test",
"phpstan analyse --level=max"
"phpstan analyse --level=max --memory-limit=-1"
],
"phpunit": [
"phpunit --colors=always"
"@phpunit:unit",
"@phpunit:integration",
"@phpunit:functional"
],
"phpunit:unit": [
"phpunit --colors=always --testsuite=unit"
],
"phpunit:integration": [
"phpunit --colors=always --testsuite=integration"
],
"phpunit:functional": [
"phpunit --colors=always --testsuite=functional"
],
"proxy-setup": [
"symfony proxy:start",
Expand Down
Loading

0 comments on commit 974b449

Please sign in to comment.