Skip to content

Commit

Permalink
Merge branch 'main' into yellow
Browse files Browse the repository at this point in the history
  • Loading branch information
@DvDty
DvDty committed Jan 28, 2024
2 parents 3d9ce36 + 4633072 commit c76621c
Show file tree
Hide file tree
Showing 34 changed files with 3,635 additions and 569 deletions.
63 changes: 63 additions & 0 deletions .github/workflows/branch-builds.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
name: branch-builds

on:
push:
branches-ignore:
- main

jobs:
security:
name: gitleaks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ github.token }}

- name: Notify
if: always()
uses: ravsamhq/notify-slack-action@v1
with:
status: ${{ job.status }}
notify_when: 'failure'
notification_title: '{workflow} has {status_message}'
message_format: ':warning: @devops LEAKED SECRETS in *{workflow}* (<{repo_url}|{repo}>)'
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

build-push-image:
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./application
needs: [ security ]
steps:
- uses: actions/checkout@v4

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Build
uses: docker/build-push-action@v5
id: build
with:
context: "{{defaultContext}}:application"
tags: dvdty/branch-deploy-application:${{ github.head_ref || github.ref_name }}
load: true

- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Push
uses: docker/build-push-action@v5
with:
context: "{{defaultContext}}:application"
push: true
tags: dvdty/branch-deploy-application:${{ github.head_ref || github.ref_name }}
284 changes: 284 additions & 0 deletions .github/workflows/main-branch-build.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,284 @@
name: pull-requests

on:
push:
branches: ['main']

jobs:
security:
name: gitleaks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ github.token }}

- name: Notify
if: always()
uses: ravsamhq/notify-slack-action@v1
with:
status: ${{ job.status }}
notify_when: 'failure'
notification_title: '{workflow} has {status_message}'
message_format: ':warning: LEAKED SECRETS in *{workflow}* (<{repo_url}|{repo}>)'
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

linter:
runs-on: ubuntu-latest
needs: [ security ]
permissions:
contents: write
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Cache dependencies
uses: actions/cache@v2
with:
path: ./application/vendor
key: composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
composer-
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: 8.3
tools: composer:v2
coverage: none

- name: Install Project Dependencies
working-directory: ./application
run: composer install

- name: Run linter
working-directory: ./application
run: ./vendor/bin/php-cs-fixer fix app/

- name: Commit linted files
id: auto-commit-action
uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: Fix code styling.

tests:
runs-on: ubuntu-latest
needs: [ security ]
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Cache dependencies
uses: actions/cache@v2
with:
path: ./application/vendor
key: composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
composer-
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: 8.3
tools: composer:v2
coverage: none

- name: Install Project Dependencies
working-directory: ./application
run: composer install

- name: Framework configuration
working-directory: ./application
run: |
cp .env.example .env
php artisan key:generate
php artisan config:clear
- name: Run tests
working-directory: ./application
run: php artisan test --testsuite=Unit

static-analysis:
runs-on: ubuntu-latest
needs: [ security ]
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Cache dependencies
uses: actions/cache@v2
with:
path: ./application/vendor
key: composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
composer-
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: 8.3
tools: composer:v2
coverage: none

- name: Install Project Dependencies
working-directory: ./application
run: composer install

- name: Run static analyser
working-directory: ./application
run: ./vendor/bin/phpstan analyze app/

SonarCloud:
runs-on: ubuntu-latest
needs: [ security ]
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Analyze
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}

database:
runs-on: ubuntu-latest
needs: [ security ]
permissions:
contents: write
services:
mysql-service:
image: mysql:8
env:
MYSQL_DATABASE: application
MYSQL_USER: admin
MYSQL_ROOT_PASSWORD: password
MYSQL_PASSWORD: password
ports:
- 3306/tcp
options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Cache dependencies
uses: actions/cache@v2
with:
path: ./application/vendor
key: composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
composer-
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: 8.3
tools: composer:v2

- name: Install Project Dependencies
working-directory: ./application
run: composer install

- name: Framework configuration
working-directory: ./application
run: |
cp .env.example .env
php artisan key:generate
php artisan config:clear
- name: Run migrations
working-directory: ./application
run: php artisan migrate
env:
DB_PORT: ${{ job.services.mysql-service.ports[3306]}}
DB_HOST: 127.0.0.1

- name: Get test coverage and store it
id: coverage
working-directory: ./application
run: |
current_coverage=$(cat code_coverage.txt)
floor=$(php -r "echo floor($current_coverage) - 1;")
XDEBUG_MODE=coverage php artisan test --coverage --min=$floor | grep -oP 'Total: \K\d+\.\d+' > code_coverage.txt
- name: Commit code_coverage.txt
id: auto-commit-action
uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: Update code_coverage.txt

- name: Run migrations
working-directory: ./application
run: php artisan migrate:rollback
env:
DB_PORT: ${{ job.services.mysql-service.ports[3306]}}
DB_HOST: 127.0.0.1

build-check-push-image:
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./application
needs: [ security , linter, tests, static-analysis, SonarCloud, database ]
steps:
- uses: actions/checkout@v4

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Build
uses: docker/build-push-action@v5
id: build
with:
context: "{{defaultContext}}:application"
tags: dvdty/branch-deploy-application:${{ github.head_ref || github.ref_name }}
load: true

- name: Scan image
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ steps.build.outputs.imageid }}
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL'

- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Push
uses: docker/build-push-action@v5
with:
context: "{{defaultContext}}:application"
push: true
tags: dvdty/branch-deploy-application:${{ github.head_ref || github.ref_name }}

- name: Deploy to minikube
uses: medyagh/setup-minikube@master

- name: Deploy to minikube
working-directory: ./application
run:
kubectl apply -f k8s/

- name: Wait for Deployment
run: |
kubectl rollout status deployment branch-deploy-application
- name: Expose Service
run: |
minikube service list
curl $(minikube service branch-deploy-application-service --url)
- name: Stop Minikube
run: |
minikube stop
Loading

0 comments on commit c76621c

Please sign in to comment.