diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 7abb562..0000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,320 +0,0 @@ -version: 2.1 - -.scheduled_workflow_jobs: &scheduled_workflow_jobs - - lint - - lint-shell - - build-http: &build-http - requires: - - lint - - lint-shell - - build-prometheus-exporter-file: *build-http - - build-fpm: &build-fpm - requires: - - lint - - lint-shell - - build-cli: &build-cli - requires: - - lint - - lint-shell - - test-http: &test-http - requires: - - build-http - - build-fpm - - build-cli - - build-prometheus-exporter-file - - test-http-e2e: *test-http - - test-prometheus-exporter-file-e2e: &test-prometheus-exporter-file-e2e - requires: - - build-prometheus-exporter-file - - test-fpm: &test-fpm - requires: - - build-http - - build-fpm - - build-cli - - test-cli: &test-cli - requires: - - build-http - - build-fpm - - build-cli - - scan-vulnerability: &scan-vulnerability - requires: - - build-http - - build-prometheus-exporter-file - - build-fpm - - build-cli - - push-http: &push-context - context: dockerhub - filters: - branches: - only: - - master - requires: - - test-cli - - test-fpm - - test-http - - test-http-e2e - - test-prometheus-exporter-file-e2e - - scan-vulnerability - - push-prometheus-exporter-file: *push-context - - push-fpm: *push-context - - push-cli: *push-context - -.default_workflow_jobs: &default_workflow_jobs - - lint - - lint-shell - - build-http: *build-http - - build-prometheus-exporter-file: *build-http - - build-fpm: *build-fpm - - build-cli: *build-cli - - test-http: *test-http - - test-http-e2e: *test-http - - test-prometheus-exporter-file-e2e: *test-prometheus-exporter-file-e2e - - test-fpm: *test-fpm - - test-cli: *test-cli - - scan-vulnerability: *scan-vulnerability - - push-approval: - type: approval - filters: - branches: - only: - - master - requires: - - test-cli - - test-fpm - - test-http - - test-prometheus-exporter-file-e2e - - push-http: &push-context-approval - context: dockerhub - filters: - branches: - only: - - master - requires: - - push-approval - - push-prometheus-exporter-file: *push-context-approval - - push-fpm: *push-context-approval - - push-cli: *push-context-approval - -workflows: - version: 2 - lint-build-test-push: - jobs: *default_workflow_jobs - scheduled: - jobs: *scheduled_workflow_jobs - triggers: - - schedule: - cron: "0 3 * * 1,4" - filters: - branches: - only: - - master - -commands: - docker_load: - description: "Load Docker images from file" - parameters: - image: - type: string - steps: - - run: docker load -i ./tmp/usabillabv_php-<< parameters.image >>.tar - docker_load_all: - description: "Load all available docker images" - steps: - - docker_load: - image: http - - docker_load: - image: prometheus-exporter-file - - docker_load: - image: fpm - - docker_load: - image: cli - -jobs: - lint: - machine: true - steps: - - checkout - - run: make lint - lint-shell: - machine: true - steps: - - checkout - - run: make lint-shell - test-cli: - machine: true - steps: - - checkout - - attach_workspace: - at: ./tmp - - docker_load: - image: cli - - run: make test-cli - - store_test_results: - path: ./tmp/test-results - test-fpm: - machine: true - steps: - - checkout - - attach_workspace: - at: ./tmp - - docker_load: - image: fpm - - run: make test-fpm - - store_test_results: - path: ./tmp/test-results - test-http: - machine: true - steps: - - checkout - - attach_workspace: - at: ./tmp - - docker_load: - image: http - - docker_load: - image: fpm - - run: sudo chown -R 1000:1000 ./test/functional/web/tmp/ # Ensure we have the same uid:gid as our `app` docker user - - run: make test-http - - store_test_results: - path: ./tmp/test-results - test-http-e2e: - machine: true - steps: - - checkout - - attach_workspace: - at: ./tmp - - docker_load: - image: http - - run: make test-http-e2e - - store_test_results: - path: ./tmp/test-results - test-prometheus-exporter-file-e2e: - machine: true - steps: - - checkout - - attach_workspace: - at: ./tmp - - docker_load: - image: prometheus-exporter-file - - run: make test-prometheus-exporter-file-e2e - - store_test_results: - path: ./tmp/test-results - scan-vulnerability: - machine: true - steps: - - checkout - - attach_workspace: - at: ./tmp - - run: - name: Update Docker Compose - command: | - sudo curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose - sudo chmod +x /usr/local/bin/docker-compose - - run: - name: Install clair-scanner - command: | - sudo curl -L https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 -o /usr/local/bin/clair-scanner - sudo chmod +x /usr/local/bin/clair-scanner - - docker_load_all - - run: make ci-scan-vulnerability - - store_artifacts: - path: ./tmp/clair - build-http: - docker: - - image: docker:18.09 - steps: - - run: apk add bash make - - checkout - - setup_remote_docker: - version: 18.09.3 - - run: make build-http - - run: cat ./tmp/build-http.tags | xargs -I % docker inspect --format='%={{.Id}}:{{index .Config.Env 1}}' % - - run: docker save usabillabv/php -o ./tmp/usabillabv_php-http.tar - - persist_to_workspace: - root: ./tmp - paths: - - usabillabv_php-http.tar - - build-http.tags - build-prometheus-exporter-file: - docker: - - image: docker:18.09 - steps: - - run: apk add bash make - - checkout - - setup_remote_docker: - version: 18.09.3 - - run: make build-prometheus-exporter-file - - run: cat ./tmp/build-prometheus-exporter-file.tags | xargs -I % docker inspect --format='%={{.Id}}:{{index .Config.Env 1}}' % - - run: docker save usabillabv/php -o ./tmp/usabillabv_php-prometheus-exporter-file.tar - - persist_to_workspace: - root: ./tmp - paths: - - usabillabv_php-prometheus-exporter-file.tar - - build-prometheus-exporter-file.tags - build-fpm: - docker: - - image: docker:18.09 - steps: - - run: apk add bash make - - checkout - - setup_remote_docker: - version: 18.09.3 - - run: make build-fpm - - run: cat ./tmp/build-fpm.tags | xargs -I % docker inspect --format='%={{.Id}}:{{index .Config.Env 8}}' % - - run: docker save usabillabv/php -o ./tmp/usabillabv_php-fpm.tar - - persist_to_workspace: - root: ./tmp - paths: - - usabillabv_php-fpm.tar - - build-fpm.tags - build-cli: - docker: - - image: docker:18.09 - steps: - - run: apk add bash make - - checkout - - setup_remote_docker: - version: 18.09.3 - - run: make build-cli - - run: cat ./tmp/build-cli.tags | xargs -I % docker inspect --format='%={{.Id}}:{{index .Config.Env 7}}' % - - run: docker save usabillabv/php -o ./tmp/usabillabv_php-cli.tar - - persist_to_workspace: - root: ./tmp - paths: - - usabillabv_php-cli.tar - - build-cli.tags - push-http: - machine: true - steps: - - checkout - - attach_workspace: - at: ./tmp - - docker_load: - image: http - - run: make ci-push-http - push-prometheus-exporter-file: - machine: true - steps: - - checkout - - attach_workspace: - at: ./tmp - - docker_load: - image: prometheus-exporter-file - - run: make ci-push-prometheus-exporter-file - push-cli: - machine: true - steps: - - checkout - - attach_workspace: - at: ./tmp - - docker_load: - image: cli - - run: make ci-push-cli - push-fpm: - machine: true - steps: - - checkout - - attach_workspace: - at: ./tmp - - docker_load: - image: fpm - - run: make ci-push-fpm diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..97dde3b --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,187 @@ +name: Continuous Integration +env: + DOCKER_IMAGE: usabillabv/php + DOCKER_BUILDKIT: 1 + DOCKER_CLI_EXPERIMENTAL: enabled +on: + push: + branches: + - master + pull_request: +jobs: + generate-alpine-strategy: + name: Generate Alpine + runs-on: ubuntu-latest + outputs: + alpine: ${{ steps.generate-alpine-strategy.outputs.versions }} + steps: + - id: generate-alpine-strategy + name: Generate Alpine + run: | + echo "::set-output name=versions::[\"3.12\"]" + generate-nginx-strategy: + name: Generate nginx + runs-on: ubuntu-latest + outputs: + nginx: ${{ steps.generate-nginx-strategy.outputs.versions }} + steps: + - id: generate-nginx-strategy + name: Generate nginx + run: | + echo "::set-output name=versions::[\"1.17 nginx1 nginx\", \"1.16\"]" + generate-php-strategy: + name: Generate PHP + runs-on: ubuntu-latest + outputs: + php: ${{ steps.generate-php-strategy.outputs.versions }} + steps: + - id: generate-php-strategy + name: Generate PHP + run: | + echo "::set-output name=versions::[\"7.4\"]" + generate-type-strategy: + name: Generate Type + runs-on: ubuntu-latest + outputs: + type: ${{ steps.generate-type-strategy.outputs.type }} + steps: + - id: generate-type-strategy + name: Generate Type + run: | + echo "::set-output name=type::[\"cli\", \"fpm\", \"http\"]" + lint-docker: + name: Lint Dockerfile-${{ matrix.type }} + runs-on: ubuntu-latest + needs: + - generate-type-strategy + strategy: + fail-fast: false + matrix: + type: ${{ fromJson(needs.generate-type-strategy.outputs.type) }} + steps: + - uses: actions/checkout@v2 + - name: Lint Dockerfile-${{ matrix.type }} + uses: docker://hadolint/hadolint:latest-debian + with: + entrypoint: hadolint + args: Dockerfile-${{ matrix.type }} + lint-shell: + name: Lint shell scripts + runs-on: ubuntu-latest + strategy: + fail-fast: false + steps: + - uses: actions/checkout@v2 + - id: files + name: Generate shell script file list + run: | + list=$(ls src/http/nginx/docker* src/php/utils/install-* src/php/utils/docker/* build* test-* | tr "\n" " " | sed -z '$ s/\n$//') + echo -e "::set-output name=list::/github/workspace/${list// / /github/workspace/}build-nginx.sh" + - name: Lint shell scripts + uses: docker://koalaman/shellcheck:latest + with: + args: ${{ steps.files.outputs.list }} + build-nginx: + name: Build PHP ${{ matrix.php }} for ${{ matrix.type }} on Alpine ${{ matrix.alpine }} + needs: + - lint-docker + - lint-shell + - generate-nginx-strategy + - generate-type-strategy + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + alpine: ${{ fromJson(needs.generate-alpine-strategy.outputs.alpine) }} + php: ${{ fromJson(needs.generate-php-strategy.outputs.php) }} + type: ${{ fromJson(needs.generate-type-strategy.outputs.type) }} + if: ${{ matrix.type }} == 'http' + steps: + - uses: actions/checkout@v2 + - run: ./build-${{ matrix.type }}.sh ${{ matrix.nginx }} + - run: cat ./tmp/image.tags | xargs -I % docker inspect --format='%={{.Id}}:{{index .Config.Env 7}}' % + - run: docker save "${DOCKER_IMAGE}" | gzip -9 > ./tmp/image.tar + - run: docker images + - name: Upload Images + uses: actions/upload-artifact@v2 + with: + name: docker-image-${{ matrix.type }}-${{ matrix.nginx }} + path: ./tmp + build-php: + name: Build PHP ${{ matrix.php }} for ${{ matrix.type }} on Alpine ${{ matrix.alpine }} + needs: + - lint-docker + - lint-shell + - generate-alpine-strategy + - generate-php-strategy + - generate-type-strategy + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + alpine: ${{ fromJson(needs.generate-alpine-strategy.outputs.alpine) }} + php: ${{ fromJson(needs.generate-php-strategy.outputs.php) }} + type: ${{ fromJson(needs.generate-type-strategy.outputs.type) }} + if: ${{ matrix.type }} == 'cli' || ${{ matrix.type }} == 'fpm' + steps: + - uses: actions/checkout@v2 + - run: ./build-php.sh ${{ matrix.type }} ${{ matrix.php }} ${{ matrix.alpine }} + - run: cat ./tmp/image.tags | xargs -I % docker inspect --format='%={{.Id}}:{{index .Config.Env 7}}' % + - run: docker save "${DOCKER_IMAGE}" | gzip -9 > ./tmp/image.tar + - run: docker images + - name: Upload Images + uses: actions/upload-artifact@v2 + with: + name: docker-image-${{ matrix.type }}-${{ matrix.php }}-${{ matrix.alpine }} + path: ./tmp + scan-vulnerability: + name: Scan PHP ${{ matrix.php }} for ${{ matrix.type }} on Alpine ${{ matrix.alpine }} for vulnerabilities + needs: + - build-php + - generate-alpine-strategy + - generate-php-strategy + - generate-type-strategy + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + alpine: ${{ fromJson(needs.generate-alpine-strategy.outputs.alpine) }} + php: ${{ fromJson(needs.generate-php-strategy.outputs.php) }} + type: ${{ fromJson(needs.generate-type-strategy.outputs.type) }} + steps: + - uses: actions/checkout@v2 + - name: Install clair-scanner + run: | + sudo curl -L https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 -o /usr/local/bin/clair-scanner + sudo chmod +x /usr/local/bin/clair-scanner + - name: Download Images + uses: actions/download-artifact@v2 + with: + name: docker-image-${{ matrix.type }}-${{ matrix.php }}-${{ matrix.alpine }} + path: ./tmp + - run: docker load --input ./tmp/image.tar + - run: mkdir -p "./clair/${DOCKER_IMAGE}" + - run: make ci-scan-vulnerability + test: + name: Functionaly test PHP ${{ matrix.php }} for ${{ matrix.type }} on Alpine ${{ matrix.alpine }} + needs: + - build-php + - generate-alpine-strategy + - generate-php-strategy + - generate-type-strategy + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + alpine: ${{ fromJson(needs.generate-alpine-strategy.outputs.alpine) }} + php: ${{ fromJson(needs.generate-php-strategy.outputs.php) }} + type: ${{ fromJson(needs.generate-type-strategy.outputs.type) }} + steps: + - uses: actions/checkout@v2 + - name: Download Images + uses: actions/download-artifact@v2 + with: + name: docker-image-${{ matrix.type }}-${{ matrix.php }}-${{ matrix.alpine }} + path: ./tmp + - run: docker load --input ./tmp/image.tar + - run: make test-${{ matrix.type }} diff --git a/build-nginx.sh b/build-http.sh similarity index 100% rename from build-nginx.sh rename to build-http.sh