Migrate to GitHub Actions #160
Conversation
WyriHaximus
added
the
Documentation
WyriHaximus
force-pushed
the
story/GFPPLAT-451/migrate-to-github-actions
branch
29 times, most recently
from
9f0d321
to
45c3c47
Compare
carusogabriel
requested review from
rdohms
and removed request for
fabiotc,
frankkoornstra and
agustingomes
| needs: | ||
| - lint-docker | ||
| - lint-shell | ||
| runs-on: ubuntu-latest |
There was a problem hiding this comment.
You can also use yaml native templating, so you could avoid some of the repetitions like this one
carusogabriel
force-pushed
the
story/GFPPLAT-451/migrate-to-github-actions
branch
from
77676f0
to
8bf7393
Compare
WyriHaximus
force-pushed
the
story/GFPPLAT-451/migrate-to-github-actions
branch
7 times, most recently
from
d19e248
to
4487069
Compare
WyriHaximus
force-pushed
the
story/GFPPLAT-451/migrate-to-github-actions
branch
from
4487069
to
708825f
Compare
vox-eve
requested review from
agustingomes,
cvmiert,
fabiotc,
frankkoornstra and
renatomefi
WyriHaximus
force-pushed
the
story/GFPPLAT-451/migrate-to-github-actions
branch
from
708825f
to
dd1c771
Compare
| - run: sudo chown -R 1000:1000 ./test/functional/web/tmp/ # Ensure we have the same uid:gid as our `app` docker user | ||
| shell: bash | ||
| - run: make test-prometheus-exporter-file-e2e | ||
| check-mark: # This is our required step, pay extra attention when this step is changed for what ever reason |
There was a problem hiding this comment.
We have branch protection on the main branch, and instead of having to check/uncheck 60 required checks when we add/remove new PHP versions we only make this job required as it requires the previous jobs to pass before it even runs. This way we don't have to update the required checks when a job's name changes or a new version comes into play, or when we consolidate all the build jobs into one.
There was a problem hiding this comment.
ah, i suggest using https://github.com/probot/settings for managing that stuff, not manually clicking in the UI. HTH!
There was a problem hiding this comment.
That could work, but it would mean updating the settings file and the naming/versions in two different PR as AFAIK the settings need to be applied/merged before they are effective on the PR. (I do love that suggestions, using it for my personal repo's to managed settings 👍 .)
There was a problem hiding this comment.
that is true - but we do the update in one PR and just have an admin merge :)
There was a problem hiding this comment.
That is also a possibility. But what I would like even more is that they let us select the underlying job name instead of the fancy user friendly name, that way you only have to select a handful instead of nearly a 100 🤐 . brb doing a feature suggestion to GitHub for that
During the migration to GitHub Actions in #160 this functionality was mistakenly and overzealously removed. Since PHP 8 and Alpine 3.13 are out and #166 has been filed, currently with a CVE for musl in it, this check should have failed as it is our goal to ship images without known CVE's in it. On my own PHP images the CVE checking fails and as such I was surprised that #166 didn't have any failures. Up on checking the CI logs it showed the musl CVE but the step didn't fail. This commit restores the original functionality and will make the CI once again fail when it finds a CVE in one of the images.
During the migration to GitHub Actions in #160 this functionality was mistakenly and overzealously removed. Since PHP 8 and Alpine 3.13 are out and #166 has been filed, currently with a CVE for musl in it, this check should have failed as it is our goal to ship images without known CVE's in it. On my own PHP images the CVE checking fails and as such I was surprised that #166 didn't have any failures. Up on checking the CI logs it showed the musl CVE but the step didn't fail. This commit restores the original functionality and will make the CI once again fail when it finds a CVE in one of the images.
Reviewers: @usabilla/oss-docker
Please specify the type of changes being proposed:
Changes
This PR replaces the current Circle CI pipeline with a GitHub Action workflow. This is a table with all the changes to each step changed:
lint-shelllint-shelllintlint-dockerbuild-prometheus-exporter-filebuild-prometheus-exporter-filebuild-httpbuild-httpbuild-fpmbuild-phpbuild-clibuild-phpscan-vulnerabilityscan-vulnerability-(php/http/prometheus-exporter-file)test-clitest-phptest-cliandtest-fpmrun in the same step, but in paralleltest-fpmtest-phptest-cliandtest-fpmrun in the same step, but in paralleltest-httptest-httphttp-testandtest-http-e2erun in the same step, across all versions of Alpine, Ngnix and PHPtest-http-e2etest-httpmake http-testandmake test-http-e2erun in the same step, across all versions of Alpine, Ngnix and PHPtest-prometheus-exporter-file-e2etest-prometheus-exporter-filepush-approvalpush-clipush-phppush-cliandpush-fpmrun in the same step, but in parallelpush-fpmpush-phppush-cliandpush-fpmrun in the same step, but in parallelpush-httppush-httppush-prometheus-exporter-filepush-prometheus-exporter-fileBenchmarks
CircleCI takes usually 30min or more to run all the steps, excluding the pushing of the images. Examples:
GitHub Actions usually take 15min or less to run all the steps, including the new ones, and excluding the pushing of the images. Some examples:
TODOs
masterbranch protection