Continuous Integration #443
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous Integration | |
env: | |
DOCKER_IMAGE: usabillabv/php | |
DOCKER_BUILDKIT: 1 | |
DOCKER_CLI_EXPERIMENTAL: enabled | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
schedule: | |
- cron: '3 3 * * 1' | |
jobs: | |
supported-alpine-versions: | |
name: Supported Alpine versions | |
runs-on: ubuntu-latest | |
outputs: | |
alpine: ${{ steps.supported-alpine-versions.outputs.versions }} | |
steps: | |
- id: supported-alpine-versions | |
name: Generate Alpine | |
shell: bash | |
run: | | |
echo "::set-output name=versions::[\"3.14\", \"3.13\", \"3.12\", \"3.11\"]" | |
supported-nginx-versions: | |
name: Supported nginx versions | |
runs-on: ubuntu-latest | |
outputs: | |
nginx: ${{ steps.supported-nginx-versions.outputs.versions }} | |
steps: | |
- id: supported-nginx-versions | |
name: Generate nginx | |
shell: bash | |
run: | # The "1.19-nginx1-nginx" in here will be changed to "1.19 nginx1 nginx" when calling ./build-http.sh | |
echo "::set-output name=versions::[\"1.19-nginx1-nginx\", \"1.18\"]" | |
supported-php-versions: | |
name: Supported PHP versions | |
runs-on: ubuntu-latest | |
outputs: | |
php: ${{ steps.supported-php-versions.outputs.versions }} | |
steps: | |
- id: supported-php-versions | |
name: Generate PHP | |
shell: bash | |
run: | | |
echo "::set-output name=versions::[\"7.4\", \"7.3\"]" | |
php-type-matrix: | |
name: PHP Type Matrix | |
runs-on: ubuntu-latest | |
outputs: | |
type: ${{ steps.php-type-matrix.outputs.type }} | |
steps: | |
- id: php-type-matrix | |
name: Generate Type | |
shell: bash | |
run: | | |
echo "::set-output name=type::[\"cli\", \"fpm\"]" | |
type-matrix: | |
name: Type Matrix | |
runs-on: ubuntu-latest | |
needs: | |
- php-type-matrix | |
outputs: | |
type: ${{ steps.type-matrix.outputs.type }} | |
steps: | |
- id: type-matrix | |
name: Generate Type | |
shell: bash | |
run: | | |
echo "::set-output name=type::[\"cli\", \"fpm\", \"http\"]" | |
lint-docker: | |
name: Lint Dockerfile-${{ matrix.type }} | |
runs-on: ubuntu-latest | |
needs: | |
- type-matrix | |
strategy: | |
fail-fast: false | |
matrix: | |
type: ${{ fromJson(needs.type-matrix.outputs.type) }} | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Lint Dockerfile-${{ matrix.type }} | |
uses: docker://hadolint/hadolint:latest-debian | |
with: | |
entrypoint: hadolint | |
args: Dockerfile-${{ matrix.type }} | |
lint-shell: | |
name: Lint shell scripts | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v2 | |
- id: files | |
name: Generate shell script file list | |
shell: bash | |
run: | | |
list=$(ls src/http/nginx/docker* src/php/utils/install-* src/php/utils/docker/* build* test-* | tr "\n" " " | sed -z '$ s/\n$//') | |
echo -e "::set-output name=list::/github/workspace/${list// / /github/workspace/}build-http.sh" | |
- name: Lint shell scripts | |
uses: docker://koalaman/shellcheck:latest | |
with: | |
args: ${{ steps.files.outputs.list }} | |
build-http: | |
name: Build nginx ${{ matrix.nginx }} | |
needs: | |
- lint-docker | |
- lint-shell | |
- supported-nginx-versions | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
nginx: ${{ fromJson(needs.supported-nginx-versions.outputs.nginx) }} | |
steps: | |
- uses: actions/checkout@v2 | |
- run: ./build-http.sh $(echo "${{ matrix.nginx }}" | tr '-' ' ') | |
shell: bash | |
- run: cat ./tmp/build-http.tags | xargs -I % docker inspect --format='%={{.Id}}:{{index .Config.Env 7}}' % | |
shell: bash | |
- run: docker save "${DOCKER_IMAGE}" | gzip -9 > ./tmp/image-http-${{ matrix.nginx }}.tar | |
shell: bash | |
- name: Upload Images | |
uses: actions/upload-artifact@v2 | |
with: | |
name: docker-image-http-${{ matrix.nginx }} | |
path: ./tmp | |
build-prometheus-exporter-file: | |
name: Build prometheus-exporter-file | |
needs: | |
- lint-docker | |
- lint-shell | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v2 | |
- run: make build-prometheus-exporter-file | |
shell: bash | |
- run: cat ./tmp/build-prometheus-exporter-file.tags | xargs -I % docker inspect --format='%={{.Id}}:{{index .Config.Env 7}}' % | |
shell: bash | |
- run: docker save "${DOCKER_IMAGE}" | gzip -9 > ./tmp/image-prometheus-exporter-file.tar | |
shell: bash | |
- name: Upload Images | |
uses: actions/upload-artifact@v2 | |
with: | |
name: docker-image-prometheus-exporter-file | |
path: ./tmp | |
build-php: | |
name: Build PHP ${{ matrix.php }} for ${{ matrix.type }} on Alpine ${{ matrix.alpine }} | |
needs: | |
- lint-docker | |
- lint-shell | |
- supported-alpine-versions | |
- supported-php-versions | |
- php-type-matrix | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
alpine: ${{ fromJson(needs.supported-alpine-versions.outputs.alpine) }} | |
php: ${{ fromJson(needs.supported-php-versions.outputs.php) }} | |
type: ${{ fromJson(needs.php-type-matrix.outputs.type) }} | |
include: | |
- php: "7.1" | |
alpine: "3.10" | |
type: cli | |
- php: "7.1" | |
alpine: "3.10" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.14" | |
type: cli | |
- php: "8.0" | |
alpine: "3.14" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.15" | |
type: cli | |
- php: "8.0" | |
alpine: "3.15" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.16" | |
type: cli | |
- php: "8.0" | |
alpine: "3.16" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.15" | |
type: cli | |
- php: "8.1" | |
alpine: "3.15" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.16" | |
type: cli | |
- php: "8.1" | |
alpine: "3.16" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.17" | |
type: cli | |
- php: "8.1" | |
alpine: "3.17" | |
type: fpm | |
- php: "8.2" | |
alpine: "3.17" | |
type: "cli" | |
- php: "8.2" | |
alpine: "3.17" | |
type: "fpm" | |
- php: "8.2" | |
alpine: "3.19" | |
type: "cli" | |
- php: "8.2" | |
alpine: "3.19" | |
type: "fpm" | |
- php: "8.3" | |
alpine: "3.19" | |
type: "cli" | |
- php: "8.3" | |
alpine: "3.19" | |
type: "fpm" | |
steps: | |
- uses: actions/checkout@v2 | |
- run: ./build-php.sh ${{ matrix.type }} ${{ matrix.php }} ${{ matrix.alpine }} | |
shell: bash | |
- run: cat ./tmp/build-${{ matrix.type }}.tags | xargs -I % docker inspect --format='%={{.Id}}:{{index .Config.Env 7}}' % | |
shell: bash | |
- run: docker save "${DOCKER_IMAGE}" | gzip -9 > ./tmp/image-${{ matrix.type }}-${{ matrix.php }}-${{ matrix.alpine }}.tar | |
shell: bash | |
- name: Upload Images | |
uses: actions/upload-artifact@v2 | |
with: | |
name: docker-image-${{ matrix.type }}-${{ matrix.php }}-${{ matrix.alpine }} | |
path: ./tmp | |
scan-vulnerability-php: | |
name: Scan PHP ${{ matrix.php }} for ${{ matrix.type }} on Alpine ${{ matrix.alpine }} for vulnerabilities | |
needs: | |
- build-php | |
- build-http | |
- build-prometheus-exporter-file | |
- supported-alpine-versions | |
- supported-php-versions | |
- php-type-matrix | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
alpine: ${{ fromJson(needs.supported-alpine-versions.outputs.alpine) }} | |
php: ${{ fromJson(needs.supported-php-versions.outputs.php) }} | |
type: ${{ fromJson(needs.php-type-matrix.outputs.type) }} | |
include: | |
- php: "7.1" | |
alpine: "3.10" | |
type: cli | |
- php: "7.1" | |
alpine: "3.10" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.14" | |
type: cli | |
- php: "8.0" | |
alpine: "3.14" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.15" | |
type: cli | |
- php: "8.0" | |
alpine: "3.15" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.16" | |
type: cli | |
- php: "8.0" | |
alpine: "3.16" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.15" | |
type: cli | |
- php: "8.1" | |
alpine: "3.15" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.16" | |
type: cli | |
- php: "8.1" | |
alpine: "3.16" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.17" | |
type: cli | |
- php: "8.1" | |
alpine: "3.17" | |
type: fpm | |
- php: "8.2" | |
alpine: "3.17" | |
type: "cli" | |
- php: "8.2" | |
alpine: "3.17" | |
type: "fpm" | |
- php: "8.2" | |
alpine: "3.19" | |
type: "cli" | |
- php: "8.2" | |
alpine: "3.19" | |
type: "fpm" | |
- php: "8.3" | |
alpine: "3.19" | |
type: "cli" | |
- php: "8.3" | |
alpine: "3.19" | |
type: "fpm" | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install clair-scanner | |
shell: bash | |
run: | | |
sudo curl -L https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 -o /usr/local/bin/clair-scanner | |
sudo chmod +x /usr/local/bin/clair-scanner | |
- name: Download Docker image to scan | |
uses: actions/download-artifact@v2 | |
with: | |
name: docker-image-${{ matrix.type }}-${{ matrix.php }}-${{ matrix.alpine }} | |
path: ./tmp | |
- run: docker load --input ./tmp/image*.tar | |
- run: mkdir -p "./clair/${DOCKER_IMAGE}" | |
- run: make scan-vulnerability | |
scan-vulnerability-http: | |
name: Scan nginx ${{ matrix.nginx }} for vulnerabilities | |
needs: | |
- build-php | |
- build-http | |
- build-prometheus-exporter-file | |
- supported-nginx-versions | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
nginx: ${{ fromJson(needs.supported-nginx-versions.outputs.nginx) }} | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install clair-scanner | |
shell: bash | |
run: | | |
sudo curl -L https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 -o /usr/local/bin/clair-scanner | |
sudo chmod +x /usr/local/bin/clair-scanner | |
- name: Download Docker image to scan | |
uses: actions/download-artifact@v2 | |
with: | |
name: docker-image-http-${{ matrix.nginx }} | |
path: ./tmp | |
- run: docker load --input ./tmp/image*.tar | |
shell: bash | |
- run: mkdir -p "./clair/${DOCKER_IMAGE}" | |
shell: bash | |
- run: make scan-vulnerability | |
shell: bash | |
scan-vulnerability-prometheus-exporter-file: | |
name: Scan HTTP prometheus-exporter-file for vulnerabilities | |
needs: | |
- build-php | |
- build-http | |
- build-prometheus-exporter-file | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install clair-scanner | |
shell: bash | |
run: | | |
sudo curl -L https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 -o /usr/local/bin/clair-scanner | |
sudo chmod +x /usr/local/bin/clair-scanner | |
- name: Download Images | |
uses: actions/download-artifact@v2 | |
with: | |
name: docker-image-prometheus-exporter-file | |
path: ./tmp | |
- run: docker load --input ./tmp/image*.tar | |
- run: mkdir -p "./clair/${DOCKER_IMAGE}" | |
- run: make scan-vulnerability | |
test-php: | |
name: Functionaly test PHP ${{ matrix.php }} for ${{ matrix.type }} on Alpine ${{ matrix.alpine }} | |
needs: | |
- build-php | |
- build-http | |
- build-prometheus-exporter-file | |
- supported-alpine-versions | |
- supported-php-versions | |
- php-type-matrix | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
alpine: ${{ fromJson(needs.supported-alpine-versions.outputs.alpine) }} | |
php: ${{ fromJson(needs.supported-php-versions.outputs.php) }} | |
type: ${{ fromJson(needs.php-type-matrix.outputs.type) }} | |
include: | |
- php: "7.1" | |
alpine: "3.10" | |
type: cli | |
- php: "7.1" | |
alpine: "3.10" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.14" | |
type: cli | |
- php: "8.0" | |
alpine: "3.14" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.15" | |
type: cli | |
- php: "8.0" | |
alpine: "3.15" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.16" | |
type: cli | |
- php: "8.0" | |
alpine: "3.16" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.15" | |
type: cli | |
- php: "8.1" | |
alpine: "3.15" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.16" | |
type: cli | |
- php: "8.1" | |
alpine: "3.16" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.17" | |
type: cli | |
- php: "8.1" | |
alpine: "3.17" | |
type: fpm | |
- php: "8.2" | |
alpine: "3.17" | |
type: "cli" | |
- php: "8.2" | |
alpine: "3.17" | |
type: "fpm" | |
- php: "8.2" | |
alpine: "3.19" | |
type: "cli" | |
- php: "8.2" | |
alpine: "3.19" | |
type: "fpm" | |
- php: "8.3" | |
alpine: "3.19" | |
type: "cli" | |
- php: "8.3" | |
alpine: "3.19" | |
type: "fpm" | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Download Images | |
uses: actions/download-artifact@v2 | |
with: | |
name: docker-image-${{ matrix.type }}-${{ matrix.php }}-${{ matrix.alpine }} | |
path: ./tmp | |
- run: docker load --input ./tmp/image*.tar | |
- run: make test-${{ matrix.type }} | |
test-http: | |
name: Functionaly test nginx ${{ matrix.nginx }} with PHP FPM ${{ matrix.php }} on Alpine ${{ matrix.alpine }} | |
needs: | |
- build-http | |
- build-php | |
- build-prometheus-exporter-file | |
- supported-alpine-versions | |
- supported-nginx-versions | |
- supported-php-versions | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
alpine: ${{ fromJson(needs.supported-alpine-versions.outputs.alpine) }} | |
nginx: ${{ fromJson(needs.supported-nginx-versions.outputs.nginx) }} | |
php: ${{ fromJson(needs.supported-php-versions.outputs.php) }} | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Download PHP Images | |
uses: actions/download-artifact@v2 | |
with: | |
name: docker-image-fpm-${{ matrix.php }}-${{ matrix.alpine }} | |
path: ./tmp | |
- name: Download nginx Images | |
uses: actions/download-artifact@v2 | |
with: | |
name: docker-image-http-${{ matrix.nginx }} | |
path: ./tmp | |
- run: docker load --input ./tmp/image-fpm-${{ matrix.php }}-${{ matrix.alpine }}.tar | |
- run: docker load --input ./tmp/image-http-${{ matrix.nginx }}.tar | |
- run: sudo chown -R 1000:1000 ./test/functional/web/tmp/ # Ensure we have the same uid:gid as our `app` docker user | |
shell: bash | |
- run: make test-http | |
- run: make test-http-e2e | |
test-prometheus-exporter-file: | |
name: Functionaly test prometheus-exporter-file | |
needs: | |
- build-http | |
- build-php | |
- build-prometheus-exporter-file | |
- supported-nginx-versions | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Download nginx Images | |
uses: actions/download-artifact@v2 | |
with: | |
name: docker-image-prometheus-exporter-file | |
path: ./tmp | |
- run: docker load --input ./tmp/image-prometheus-exporter-file.tar | |
- run: sudo chown -R 1000:1000 ./test/functional/web/tmp/ # Ensure we have the same uid:gid as our `app` docker user | |
shell: bash | |
- run: make test-prometheus-exporter-file-e2e | |
check-mark: # This is our required step, pay extra attention when this step is changed for what ever reason | |
name: ✔️ | |
needs: | |
- test-http | |
- test-php | |
- test-prometheus-exporter-file | |
- scan-vulnerability-http | |
- scan-vulnerability-php | |
- scan-vulnerability-prometheus-exporter-file | |
runs-on: ubuntu-latest | |
steps: | |
- run: echo "✔️" | |
push-prometheus-exporter-file: | |
name: Push prometheus-exporter-file | |
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master' | |
needs: | |
- test-http | |
- test-php | |
- test-prometheus-exporter-file | |
- scan-vulnerability-http | |
- scan-vulnerability-php | |
- scan-vulnerability-prometheus-exporter-file | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Download Images | |
uses: actions/download-artifact@v2 | |
with: | |
name: docker-image-prometheus-exporter-file | |
path: ./tmp | |
- run: docker load --input ./tmp/image*.tar | |
- run: make ci-docker-login push-prometheus-exporter-file | |
env: | |
CONTAINER_REGISTRY_USERNAME: ${{ secrets.CONTAINER_REGISTRY_USERNAME }} | |
CONTAINER_REGISTRY_PASSWORD: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }} | |
push-http: | |
name: Push nginx ${{ matrix.nginx }} | |
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master' | |
needs: | |
- test-http | |
- test-php | |
- test-prometheus-exporter-file | |
- scan-vulnerability-http | |
- scan-vulnerability-php | |
- scan-vulnerability-prometheus-exporter-file | |
- supported-nginx-versions | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
nginx: ${{ fromJson(needs.supported-nginx-versions.outputs.nginx) }} | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Download Images | |
uses: actions/download-artifact@v2 | |
with: | |
name: docker-image-http-${{ matrix.nginx }} | |
path: ./tmp | |
- run: docker load --input ./tmp/image*.tar | |
- run: make ci-docker-login push-http | |
env: | |
CONTAINER_REGISTRY_USERNAME: ${{ secrets.CONTAINER_REGISTRY_USERNAME }} | |
CONTAINER_REGISTRY_PASSWORD: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }} | |
push-php: | |
name: Push PHP ${{ matrix.php }} for ${{ matrix.type }} on Alpine ${{ matrix.alpine }} | |
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master' | |
needs: | |
- test-http | |
- test-php | |
- test-prometheus-exporter-file | |
- scan-vulnerability-http | |
- scan-vulnerability-php | |
- scan-vulnerability-prometheus-exporter-file | |
- supported-alpine-versions | |
- supported-php-versions | |
- php-type-matrix | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
alpine: ${{ fromJson(needs.supported-alpine-versions.outputs.alpine) }} | |
php: ${{ fromJson(needs.supported-php-versions.outputs.php) }} | |
type: ${{ fromJson(needs.php-type-matrix.outputs.type) }} | |
include: | |
- php: "7.1" | |
alpine: "3.10" | |
type: cli | |
- php: "7.1" | |
alpine: "3.10" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.14" | |
type: cli | |
- php: "8.0" | |
alpine: "3.14" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.15" | |
type: cli | |
- php: "8.0" | |
alpine: "3.15" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.16" | |
type: cli | |
- php: "8.0" | |
alpine: "3.16" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.15" | |
type: cli | |
- php: "8.1" | |
alpine: "3.15" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.16" | |
type: cli | |
- php: "8.1" | |
alpine: "3.16" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.17" | |
type: cli | |
- php: "8.1" | |
alpine: "3.17" | |
type: fpm | |
- php: "8.2" | |
alpine: "3.17" | |
type: "cli" | |
- php: "8.2" | |
alpine: "3.17" | |
type: "fpm" | |
- php: "8.2" | |
alpine: "3.19" | |
type: "cli" | |
- php: "8.2" | |
alpine: "3.19" | |
type: "fpm" | |
- php: "8.3" | |
alpine: "3.19" | |
type: "cli" | |
- php: "8.3" | |
alpine: "3.19" | |
type: "fpm" | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Download Images | |
uses: actions/download-artifact@v2 | |
with: | |
name: docker-image-${{ matrix.type }}-${{ matrix.php }}-${{ matrix.alpine }} | |
path: ./tmp | |
- run: docker load --input ./tmp/image*.tar | |
- run: make ci-docker-login push-${{ matrix.type }} | |
env: | |
CONTAINER_REGISTRY_USERNAME: ${{ secrets.CONTAINER_REGISTRY_USERNAME }} | |
CONTAINER_REGISTRY_PASSWORD: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }} |