-
Notifications
You must be signed in to change notification settings - Fork 3
197 lines (162 loc) · 8.18 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
name: CI
on:
push:
branches:
- master
pull_request:
branches:
- master
jobs:
static:
runs-on: ubuntu-latest
env:
APP_ENV: test
TRUSTED_PROXIES: ''
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up PHP
uses: shivammathur/setup-php@v2
with:
php-version: 8.2
- name: Set up Node.js
uses: actions/setup-node@v2
with:
node-version: '18'
- name: Run PHP security checks
uses: symfonycorp/security-checker-action@v5
- name: Run JS security checks
run: npm run audit:high
- name: Install Composer dependencies
run: composer install --no-interaction --no-progress --ignore-platform-reqs
- name: Install Node.js dependencies
run: yarn install --immutable
- name: Cache warmup for PHPStan
run: php bin/console cache:warmup --env=dev
- name: Run PHPStan
run: php bin/phpstan analyse --no-progress --memory-limit 1G src
- name: Lint YAML
run: bin/console lint:yaml config
- name: Lint Twig
run: bin/console lint:twig templates
- name: Lint Container
run: bin/console lint:container
- name: Lint JS
run: yarn lint:js
- name: Lint CSS
run: yarn lint:css
- name: Run PHPUnit tests
run: |
mkdir -p public/build
printf "{}" > public/build/manifest.json
bin/simple-phpunit
deploy_staging:
runs-on: ubuntu-latest
needs: static
if: github.ref == 'refs/heads/master'
environment: staging
env:
APP_ENV: dev
TRUSTED_PROXIES: ''
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up PHP
uses: shivammathur/setup-php@v2
with:
php-version: 8.2
- name: Set up Node.js
uses: actions/setup-node@v2
with:
node-version: '18'
- name: Run PHP security checks
uses: symfonycorp/security-checker-action@v5
- name: Run JS security checks
run: npm run audit:high
- name: Create temporary .env.local file
run: |
# add .revision file
git rev-parse --verify --short HEAD > .revision
# create partial .env file
printf "APP_ENV=$APP_ENV\nREQUEST_CONTEXT_HOST=$REQUEST_CONTEXT_HOST\nREQUEST_CONTEXT_SCHEME=$REQUEST_CONTEXT_SCHEME\n" > .env.local && cat .env.local
- name: Install Composer dependencies
run: composer install --classmap-authoritative --no-interaction --no-progress --ignore-platform-reqs
- name: Install Node.js dependencies
run: yarn install --immutable
- name: Build assets
run: yarn build --mode development
- name: Deploy to staging
run: |
# remove temp .env file just in case
rm .env.local
# setup vars for paths
TIMESTAMP=$(date +%s); RELEASE="$RELEASES/$TIMESTAMP"
echo "Paths:"; echo $REMOTE_BASE; echo $RELEASE; echo $SHARED
echo "Remote:"; echo $REMOTE_USER@$REMOTE_SERVER:$REMOTE_PORT
# setup SSH & private key
eval $(ssh-agent -s)
echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
ssh-keyscan -p $REMOTE_PORT $REMOTE_SERVER >> ~/.ssh/known_hosts
# the following line is optional (likely remove previous line)
#- echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
# ensure based paths exist
ssh -p $REMOTE_PORT $REMOTE_USER@$REMOTE_SERVER "mkdir -p $RELEASES $SHARED $SHARED/var $SHARED/var/log/archive $SHARED/public/uploads"
# sync files to release directory
rsync --archive --stats --human-readable --no-perms --exclude ".git/" --exclude ".idea/" --exclude "node_modules/" -e "ssh -p $REMOTE_PORT" . $REMOTE_USER@$REMOTE_SERVER:$RELEASE
# make console file executable
ssh -p $REMOTE_PORT $REMOTE_USER@$REMOTE_SERVER "cd $RELEASE; chmod u+x bin/console"
# ensure platform has all requirements
ssh -p $REMOTE_PORT $REMOTE_USER@$REMOTE_SERVER "cd $RELEASE; $SERVER_PHP_PATH -v; echo "\n\n"; $SERVER_PHP_PATH composer.phar check-platform-reqs"
# link shared folders
ssh -p $REMOTE_PORT $REMOTE_USER@$REMOTE_SERVER "rm -rf $RELEASE/var || true; ln -s $SHARED/var $RELEASE/var; rm -rf $RELEASE/public/uploads || true; ln -s $SHARED/public/uploads $RELEASE/public/uploads; rm -rf $RELEASE/config/jwt || true; ln -s $SHARED/config/jwt $RELEASE/config/jwt"
# copy env file into place; dump env
ssh -p $REMOTE_PORT $REMOTE_USER@$REMOTE_SERVER "cp -a $SHARED/.env.local $RELEASE/.env.local && cd $RELEASE && $SERVER_PHP_PATH composer.phar dump-env"
# run composer post update cmds on server
ssh -p $REMOTE_PORT $REMOTE_USER@$REMOTE_SERVER "cd $RELEASE && $SERVER_PHP_PATH composer.phar run-script post-update-cmd"
# switch to new version
ssh -p $REMOTE_PORT $REMOTE_USER@$REMOTE_SERVER "ln -sfn $RELEASE $REMOTE_BASE/current"
# reload php-fpm (to reset cache)
ssh -p $REMOTE_PORT $REMOTE_USER@$REMOTE_SERVER "sudo /bin/systemctl reload php82-php-fpm"
# stop/restart the doctrine message customers
ssh -p $REMOTE_PORT $REMOTE_USER@$REMOTE_SERVER "cd $REMOTE_BASE/current; $SERVER_PHP_PATH bin/console messenger:stop-workers"
# run migrations
ssh -p $REMOTE_PORT $REMOTE_USER@$REMOTE_SERVER "cd $REMOTE_BASE/current; $SERVER_PHP_PATH bin/console doctrine:migrations:migrate --no-interaction --no-debug --allow-no-migration"
# remove >2 releases
ssh -p $REMOTE_PORT $REMOTE_USER@$REMOTE_SERVER "ls -1d $RELEASES/* | sort -rg | tail -n +3 | xargs /bin/rm -rf"
# test if website is up
if wget --spider --server-response "$REQUEST_CONTEXT_SCHEME://$REQUEST_CONTEXT_HOST" 2>&1 | grep '200\ OK'; then echo "$REQUEST_CONTEXT_SCHEME://$REQUEST_CONTEXT_HOST is up"; else echo "$REQUEST_CONTEXT_SCHEME://$REQUEST_CONTEXT_HOST is down"; exit 1; fi
# success message
echo "Deployment completed successfully. Release at $RELEASE"
deploy_prod:
runs-on: ubuntu-latest
needs: static
if: github.ref == 'refs/heads/master'
environment: production
env:
APP_ENV: prod
TRUSTED_PROXIES: ''
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up PHP
uses: shivammathur/setup-php@v2
with:
php-version: 8.2
- name: Set up Node.js
uses: actions/setup-node@v2
with:
node-version: '18'
- name: Run PHP security checks
uses: symfonycorp/security-checker-action@v5
- name: Run JS security checks
run: npm run audit:high
- name: Install Composer dependencies
run: composer install --no-dev --classmap-authoritative --no-interaction --no-progress --ignore-platform-reqs
- name: Install Node.js dependencies
run: yarn install --immutable
- name: Build assets
run: yarn build
- name: Deploy to production
run: |
# Add your deployment script here