Skip to content

Add db set up to application. #8

Add db set up to application.

Add db set up to application. #8

name: pull-requests
on:
push:
branches: ['main']
jobs:
security:
name: gitleaks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Notify
if: always()
uses: ravsamhq/notify-slack-action@v1
with:
status: ${{ job.status }}
notify_when: 'failure'
notification_title: '{workflow} has {status_message}'
message_format: ':warning: LEAKED SECRETS in *{workflow}* (<{repo_url}|{repo}>)'
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
linter:
runs-on: ubuntu-latest
needs: [ security ]
permissions:
contents: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Cache dependencies
uses: actions/cache@v2
with:
path: ./application/vendor
key: composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
composer-
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: 8.3
tools: composer:v2
coverage: none
- name: Install Project Dependencies
working-directory: ./application
run: composer install
- name: Run linter
working-directory: ./application
run: ./vendor/bin/php-cs-fixer fix app/
- name: Commit linted files
id: auto-commit-action
uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: Fix code styling.
tests:
runs-on: ubuntu-latest
needs: [ security ]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Cache dependencies
uses: actions/cache@v2
with:
path: ./application/vendor
key: composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
composer-
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: 8.3
tools: composer:v2
coverage: none
- name: Install Project Dependencies
working-directory: ./application
run: composer install
- name: Framework configuration
working-directory: ./application
run: |
cp .env.example .env
php artisan key:generate
php artisan config:clear
- name: Run tests
working-directory: ./application
run: php artisan test --testsuite=Unit
static-analysis:
runs-on: ubuntu-latest
needs: [ security ]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Cache dependencies
uses: actions/cache@v2
with:
path: ./application/vendor
key: composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
composer-
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: 8.3
tools: composer:v2
coverage: none
- name: Install Project Dependencies
working-directory: ./application
run: composer install
- name: Run static analyser
working-directory: ./application
run: ./vendor/bin/phpstan analyze app/
SonarCloud:
runs-on: ubuntu-latest
needs: [ security ]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Analyze
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}
database:
runs-on: ubuntu-latest
needs: [ security ]
permissions:
contents: write
services:
mysql-service:
image: mysql:8
env:
MYSQL_DATABASE: application
MYSQL_USER: admin
MYSQL_ROOT_PASSWORD: password
MYSQL_PASSWORD: password
ports:
- 3306/tcp
options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Cache dependencies
uses: actions/cache@v2
with:
path: ./application/vendor
key: composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
composer-
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: 8.3
tools: composer:v2
- name: Install Project Dependencies
working-directory: ./application
run: composer install
- name: Framework configuration
working-directory: ./application
run: |
cp .env.example .env
php artisan key:generate
php artisan config:clear
- name: Run migrations
working-directory: ./application
run: php artisan migrate
env:
DB_PORT: ${{ job.services.mysql-service.ports[3306]}}
DB_HOST: 127.0.0.1
- name: Get test coverage and store it
id: coverage
working-directory: ./application
run: |
current_coverage=$(cat code_coverage.txt)
floor=$(php -r "echo floor($current_coverage) - 1;")
XDEBUG_MODE=coverage php artisan test --coverage --min=$floor | grep -oP 'Total: \K\d+\.\d+' > code_coverage.txt
- name: Commit code_coverage.txt
id: auto-commit-action
uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: Update code_coverage.txt
- name: Run migrations
working-directory: ./application
run: php artisan migrate:rollback
env:
DB_PORT: ${{ job.services.mysql-service.ports[3306]}}
DB_HOST: 127.0.0.1
build-check-push-image:
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./application
needs: [ security , linter, tests, static-analysis, SonarCloud, database ]
steps:
- uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build
uses: docker/build-push-action@v5
id: build
with:
context: "{{defaultContext}}:application"
tags: dvdty/branch-deploy-application:${{ github.head_ref || github.ref_name }}
load: true
- name: Scan image
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ steps.build.outputs.imageid }}
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL'
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Push
uses: docker/build-push-action@v5
with:
context: "{{defaultContext}}:application"
push: true
tags: dvdty/branch-deploy-application:${{ github.head_ref || github.ref_name }}
- name: Deploy to minikube
uses: medyagh/setup-minikube@master
- name: Deploy to minikube
working-directory: ./application
run:
kubectl apply -f k8s/
- name: Wait for Deployment
run: |
kubectl rollout status deployment branch-deploy-application
- name: Expose Service
run: |
minikube service list
curl $(minikube service branch-deploy-application-service --url)
- name: Stop Minikube
run: |
minikube stop