Skip to content

Continuous Integration #453

Continuous Integration

Continuous Integration #453

Workflow file for this run

name: Continuous Integration
env:
DOCKER_IMAGE: usabillabv/php
DOCKER_BUILDKIT: 1
DOCKER_CLI_EXPERIMENTAL: enabled
on:
push:
branches:
- master
pull_request:
schedule:
- cron: '3 3 * * 1'
jobs:
supported-alpine-versions:
name: Supported Alpine versions
runs-on: ubuntu-latest
outputs:
alpine: ${{ steps.supported-alpine-versions.outputs.versions }}
steps:
- id: supported-alpine-versions
name: Generate Alpine
shell: bash
run: |
echo "::set-output name=versions::[\"3.14\", \"3.13\", \"3.12\", \"3.11\"]"
supported-nginx-versions:
name: Supported nginx versions
runs-on: ubuntu-latest
outputs:
nginx: ${{ steps.supported-nginx-versions.outputs.versions }}
steps:
- id: supported-nginx-versions
name: Generate nginx
shell: bash
run: | # The "1.19-nginx1-nginx" in here will be changed to "1.19 nginx1 nginx" when calling ./build-http.sh
echo "::set-output name=versions::[\"1.19-nginx1-nginx\", \"1.18\"]"
supported-php-versions:
name: Supported PHP versions
runs-on: ubuntu-latest
outputs:
php: ${{ steps.supported-php-versions.outputs.versions }}
steps:
- id: supported-php-versions
name: Generate PHP
shell: bash
run: |
echo "::set-output name=versions::[\"7.4\", \"7.3\"]"
php-type-matrix:
name: PHP Type Matrix
runs-on: ubuntu-latest
outputs:
type: ${{ steps.php-type-matrix.outputs.type }}
steps:
- id: php-type-matrix
name: Generate Type
shell: bash
run: |
echo "::set-output name=type::[\"cli\", \"fpm\"]"
type-matrix:
name: Type Matrix
runs-on: ubuntu-latest
needs:
- php-type-matrix
outputs:
type: ${{ steps.type-matrix.outputs.type }}
steps:
- id: type-matrix
name: Generate Type
shell: bash
run: |
echo "::set-output name=type::[\"cli\", \"fpm\", \"http\"]"
lint-docker:
name: Lint Dockerfile-${{ matrix.type }}
runs-on: ubuntu-latest
needs:
- type-matrix
strategy:
fail-fast: false
matrix:
type: ${{ fromJson(needs.type-matrix.outputs.type) }}
steps:
- uses: actions/checkout@v2
- name: Lint Dockerfile-${{ matrix.type }}
uses: docker://hadolint/hadolint:latest-debian
with:
entrypoint: hadolint
args: Dockerfile-${{ matrix.type }}
lint-shell:
name: Lint shell scripts
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v2
- id: files
name: Generate shell script file list
shell: bash
run: |
list=$(ls src/http/nginx/docker* src/php/utils/install-* src/php/utils/docker/* build* test-* | tr "\n" " " | sed -z '$ s/\n$//')
echo -e "::set-output name=list::/github/workspace/${list// / /github/workspace/}build-http.sh"
- name: Lint shell scripts
uses: docker://koalaman/shellcheck:latest
with:
args: ${{ steps.files.outputs.list }}
build-http:
name: Build nginx ${{ matrix.nginx }}
needs:
- lint-docker
- lint-shell
- supported-nginx-versions
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
nginx: ${{ fromJson(needs.supported-nginx-versions.outputs.nginx) }}
steps:
- uses: actions/checkout@v2
- run: ./build-http.sh $(echo "${{ matrix.nginx }}" | tr '-' ' ')
shell: bash
- run: cat ./tmp/build-http.tags | xargs -I % docker inspect --format='%={{.Id}}:{{index .Config.Env 7}}' %
shell: bash
- run: docker save "${DOCKER_IMAGE}" | gzip -9 > ./tmp/image-http-${{ matrix.nginx }}.tar
shell: bash
- name: Upload Images
uses: actions/upload-artifact@v2
with:
name: docker-image-http-${{ matrix.nginx }}
path: ./tmp
build-prometheus-exporter-file:
name: Build prometheus-exporter-file
needs:
- lint-docker
- lint-shell
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v2
- run: make build-prometheus-exporter-file
shell: bash
- run: cat ./tmp/build-prometheus-exporter-file.tags | xargs -I % docker inspect --format='%={{.Id}}:{{index .Config.Env 7}}' %
shell: bash
- run: docker save "${DOCKER_IMAGE}" | gzip -9 > ./tmp/image-prometheus-exporter-file.tar
shell: bash
- name: Upload Images
uses: actions/upload-artifact@v2
with:
name: docker-image-prometheus-exporter-file
path: ./tmp
build-php:
name: Build PHP ${{ matrix.php }} for ${{ matrix.type }} on Alpine ${{ matrix.alpine }}
needs:
- lint-docker
- lint-shell
- supported-alpine-versions
- supported-php-versions
- php-type-matrix
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
alpine: ${{ fromJson(needs.supported-alpine-versions.outputs.alpine) }}
php: ${{ fromJson(needs.supported-php-versions.outputs.php) }}
type: ${{ fromJson(needs.php-type-matrix.outputs.type) }}
include:
- php: "7.1"
alpine: "3.10"
type: cli
- php: "7.1"
alpine: "3.10"
type: fpm
- php: "8.0"
alpine: "3.14"
type: cli
- php: "8.0"
alpine: "3.14"
type: fpm
- php: "8.0"
alpine: "3.15"
type: cli
- php: "8.0"
alpine: "3.15"
type: fpm
- php: "8.0"
alpine: "3.16"
type: cli
- php: "8.0"
alpine: "3.16"
type: fpm
- php: "8.1"
alpine: "3.15"
type: cli
- php: "8.1"
alpine: "3.15"
type: fpm
- php: "8.1"
alpine: "3.16"
type: cli
- php: "8.1"
alpine: "3.16"
type: fpm
- php: "8.1"
alpine: "3.17"
type: cli
- php: "8.1"
alpine: "3.17"
type: fpm
- php: "8.2"
alpine: "3.17"
type: "cli"
- php: "8.2"
alpine: "3.17"
type: "fpm"
- php: "8.2"
alpine: "3.19"
type: "cli"
- php: "8.2"
alpine: "3.19"
type: "fpm"
- php: "8.3"
alpine: "3.19"
type: "cli"
- php: "8.3"
alpine: "3.19"
type: "fpm"
steps:
- uses: actions/checkout@v2
- run: ./build-php.sh ${{ matrix.type }} ${{ matrix.php }} ${{ matrix.alpine }}
shell: bash
- run: cat ./tmp/build-${{ matrix.type }}.tags | xargs -I % docker inspect --format='%={{.Id}}:{{index .Config.Env 7}}' %
shell: bash
- run: docker save "${DOCKER_IMAGE}" | gzip -9 > ./tmp/image-${{ matrix.type }}-${{ matrix.php }}-${{ matrix.alpine }}.tar
shell: bash
- name: Upload Images
uses: actions/upload-artifact@v2
with:
name: docker-image-${{ matrix.type }}-${{ matrix.php }}-${{ matrix.alpine }}
path: ./tmp
scan-vulnerability-php:
name: Scan PHP ${{ matrix.php }} for ${{ matrix.type }} on Alpine ${{ matrix.alpine }} for vulnerabilities
needs:
- build-php
- build-http
- build-prometheus-exporter-file
- supported-alpine-versions
- supported-php-versions
- php-type-matrix
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
alpine: ${{ fromJson(needs.supported-alpine-versions.outputs.alpine) }}
php: ${{ fromJson(needs.supported-php-versions.outputs.php) }}
type: ${{ fromJson(needs.php-type-matrix.outputs.type) }}
include:
- php: "7.1"
alpine: "3.10"
type: cli
- php: "7.1"
alpine: "3.10"
type: fpm
- php: "8.0"
alpine: "3.14"
type: cli
- php: "8.0"
alpine: "3.14"
type: fpm
- php: "8.0"
alpine: "3.15"
type: cli
- php: "8.0"
alpine: "3.15"
type: fpm
- php: "8.0"
alpine: "3.16"
type: cli
- php: "8.0"
alpine: "3.16"
type: fpm
- php: "8.1"
alpine: "3.15"
type: cli
- php: "8.1"
alpine: "3.15"
type: fpm
- php: "8.1"
alpine: "3.16"
type: cli
- php: "8.1"
alpine: "3.16"
type: fpm
- php: "8.1"
alpine: "3.17"
type: cli
- php: "8.1"
alpine: "3.17"
type: fpm
- php: "8.2"
alpine: "3.17"
type: "cli"
- php: "8.2"
alpine: "3.17"
type: "fpm"
- php: "8.2"
alpine: "3.19"
type: "cli"
- php: "8.2"
alpine: "3.19"
type: "fpm"
- php: "8.3"
alpine: "3.19"
type: "cli"
- php: "8.3"
alpine: "3.19"
type: "fpm"
steps:
- uses: actions/checkout@v2
- name: Install clair-scanner
shell: bash
run: |
sudo curl -L https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 -o /usr/local/bin/clair-scanner
sudo chmod +x /usr/local/bin/clair-scanner
- name: Download Docker image to scan
uses: actions/download-artifact@v2
with:
name: docker-image-${{ matrix.type }}-${{ matrix.php }}-${{ matrix.alpine }}
path: ./tmp
- run: docker load --input ./tmp/image*.tar
- run: mkdir -p "./clair/${DOCKER_IMAGE}"
- run: make scan-vulnerability
scan-vulnerability-http:
name: Scan nginx ${{ matrix.nginx }} for vulnerabilities
needs:
- build-php
- build-http
- build-prometheus-exporter-file
- supported-nginx-versions
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
nginx: ${{ fromJson(needs.supported-nginx-versions.outputs.nginx) }}
steps:
- uses: actions/checkout@v2
- name: Install clair-scanner
shell: bash
run: |
sudo curl -L https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 -o /usr/local/bin/clair-scanner
sudo chmod +x /usr/local/bin/clair-scanner
- name: Download Docker image to scan
uses: actions/download-artifact@v2
with:
name: docker-image-http-${{ matrix.nginx }}
path: ./tmp
- run: docker load --input ./tmp/image*.tar
shell: bash
- run: mkdir -p "./clair/${DOCKER_IMAGE}"
shell: bash
- run: make scan-vulnerability
shell: bash
scan-vulnerability-prometheus-exporter-file:
name: Scan HTTP prometheus-exporter-file for vulnerabilities
needs:
- build-php
- build-http
- build-prometheus-exporter-file
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v2
- name: Install clair-scanner
shell: bash
run: |
sudo curl -L https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 -o /usr/local/bin/clair-scanner
sudo chmod +x /usr/local/bin/clair-scanner
- name: Download Images
uses: actions/download-artifact@v2
with:
name: docker-image-prometheus-exporter-file
path: ./tmp
- run: docker load --input ./tmp/image*.tar
- run: mkdir -p "./clair/${DOCKER_IMAGE}"
- run: make scan-vulnerability
test-php:
name: Functionaly test PHP ${{ matrix.php }} for ${{ matrix.type }} on Alpine ${{ matrix.alpine }}
needs:
- build-php
- build-http
- build-prometheus-exporter-file
- supported-alpine-versions
- supported-php-versions
- php-type-matrix
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
alpine: ${{ fromJson(needs.supported-alpine-versions.outputs.alpine) }}
php: ${{ fromJson(needs.supported-php-versions.outputs.php) }}
type: ${{ fromJson(needs.php-type-matrix.outputs.type) }}
include:
- php: "7.1"
alpine: "3.10"
type: cli
- php: "7.1"
alpine: "3.10"
type: fpm
- php: "8.0"
alpine: "3.14"
type: cli
- php: "8.0"
alpine: "3.14"
type: fpm
- php: "8.0"
alpine: "3.15"
type: cli
- php: "8.0"
alpine: "3.15"
type: fpm
- php: "8.0"
alpine: "3.16"
type: cli
- php: "8.0"
alpine: "3.16"
type: fpm
- php: "8.1"
alpine: "3.15"
type: cli
- php: "8.1"
alpine: "3.15"
type: fpm
- php: "8.1"
alpine: "3.16"
type: cli
- php: "8.1"
alpine: "3.16"
type: fpm
- php: "8.1"
alpine: "3.17"
type: cli
- php: "8.1"
alpine: "3.17"
type: fpm
- php: "8.2"
alpine: "3.17"
type: "cli"
- php: "8.2"
alpine: "3.17"
type: "fpm"
- php: "8.2"
alpine: "3.19"
type: "cli"
- php: "8.2"
alpine: "3.19"
type: "fpm"
- php: "8.3"
alpine: "3.19"
type: "cli"
- php: "8.3"
alpine: "3.19"
type: "fpm"
steps:
- uses: actions/checkout@v2
- name: Download Images
uses: actions/download-artifact@v2
with:
name: docker-image-${{ matrix.type }}-${{ matrix.php }}-${{ matrix.alpine }}
path: ./tmp
- run: docker load --input ./tmp/image*.tar
- run: make test-${{ matrix.type }}
test-http:
name: Functionaly test nginx ${{ matrix.nginx }} with PHP FPM ${{ matrix.php }} on Alpine ${{ matrix.alpine }}
needs:
- build-http
- build-php
- build-prometheus-exporter-file
- supported-alpine-versions
- supported-nginx-versions
- supported-php-versions
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
alpine: ${{ fromJson(needs.supported-alpine-versions.outputs.alpine) }}
nginx: ${{ fromJson(needs.supported-nginx-versions.outputs.nginx) }}
php: ${{ fromJson(needs.supported-php-versions.outputs.php) }}
steps:
- uses: actions/checkout@v2
- name: Download PHP Images
uses: actions/download-artifact@v2
with:
name: docker-image-fpm-${{ matrix.php }}-${{ matrix.alpine }}
path: ./tmp
- name: Download nginx Images
uses: actions/download-artifact@v2
with:
name: docker-image-http-${{ matrix.nginx }}
path: ./tmp
- run: docker load --input ./tmp/image-fpm-${{ matrix.php }}-${{ matrix.alpine }}.tar
- run: docker load --input ./tmp/image-http-${{ matrix.nginx }}.tar
- run: sudo chown -R 1000:1000 ./test/functional/web/tmp/ # Ensure we have the same uid:gid as our `app` docker user
shell: bash
- run: make test-http
- run: make test-http-e2e
test-prometheus-exporter-file:
name: Functionaly test prometheus-exporter-file
needs:
- build-http
- build-php
- build-prometheus-exporter-file
- supported-nginx-versions
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v2
- name: Download nginx Images
uses: actions/download-artifact@v2
with:
name: docker-image-prometheus-exporter-file
path: ./tmp
- run: docker load --input ./tmp/image-prometheus-exporter-file.tar
- run: sudo chown -R 1000:1000 ./test/functional/web/tmp/ # Ensure we have the same uid:gid as our `app` docker user
shell: bash
- run: make test-prometheus-exporter-file-e2e
check-mark: # This is our required step, pay extra attention when this step is changed for what ever reason
name: ✔️
needs:
- test-http
- test-php
- test-prometheus-exporter-file
- scan-vulnerability-http
- scan-vulnerability-php
- scan-vulnerability-prometheus-exporter-file
runs-on: ubuntu-latest
steps:
- run: echo "✔️"
push-prometheus-exporter-file:
name: Push prometheus-exporter-file
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master'
needs:
- test-http
- test-php
- test-prometheus-exporter-file
- scan-vulnerability-http
- scan-vulnerability-php
- scan-vulnerability-prometheus-exporter-file
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v2
- name: Download Images
uses: actions/download-artifact@v2
with:
name: docker-image-prometheus-exporter-file
path: ./tmp
- run: docker load --input ./tmp/image*.tar
- run: make ci-docker-login push-prometheus-exporter-file
env:
CONTAINER_REGISTRY_USERNAME: ${{ secrets.CONTAINER_REGISTRY_USERNAME }}
CONTAINER_REGISTRY_PASSWORD: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }}
push-http:
name: Push nginx ${{ matrix.nginx }}
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master'
needs:
- test-http
- test-php
- test-prometheus-exporter-file
- scan-vulnerability-http
- scan-vulnerability-php
- scan-vulnerability-prometheus-exporter-file
- supported-nginx-versions
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
nginx: ${{ fromJson(needs.supported-nginx-versions.outputs.nginx) }}
steps:
- uses: actions/checkout@v2
- name: Download Images
uses: actions/download-artifact@v2
with:
name: docker-image-http-${{ matrix.nginx }}
path: ./tmp
- run: docker load --input ./tmp/image*.tar
- run: make ci-docker-login push-http
env:
CONTAINER_REGISTRY_USERNAME: ${{ secrets.CONTAINER_REGISTRY_USERNAME }}
CONTAINER_REGISTRY_PASSWORD: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }}
push-php:
name: Push PHP ${{ matrix.php }} for ${{ matrix.type }} on Alpine ${{ matrix.alpine }}
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master'
needs:
- test-http
- test-php
- test-prometheus-exporter-file
- scan-vulnerability-http
- scan-vulnerability-php
- scan-vulnerability-prometheus-exporter-file
- supported-alpine-versions
- supported-php-versions
- php-type-matrix
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
alpine: ${{ fromJson(needs.supported-alpine-versions.outputs.alpine) }}
php: ${{ fromJson(needs.supported-php-versions.outputs.php) }}
type: ${{ fromJson(needs.php-type-matrix.outputs.type) }}
include:
- php: "7.1"
alpine: "3.10"
type: cli
- php: "7.1"
alpine: "3.10"
type: fpm
- php: "8.0"
alpine: "3.14"
type: cli
- php: "8.0"
alpine: "3.14"
type: fpm
- php: "8.0"
alpine: "3.15"
type: cli
- php: "8.0"
alpine: "3.15"
type: fpm
- php: "8.0"
alpine: "3.16"
type: cli
- php: "8.0"
alpine: "3.16"
type: fpm
- php: "8.1"
alpine: "3.15"
type: cli
- php: "8.1"
alpine: "3.15"
type: fpm
- php: "8.1"
alpine: "3.16"
type: cli
- php: "8.1"
alpine: "3.16"
type: fpm
- php: "8.1"
alpine: "3.17"
type: cli
- php: "8.1"
alpine: "3.17"
type: fpm
- php: "8.2"
alpine: "3.17"
type: "cli"
- php: "8.2"
alpine: "3.17"
type: "fpm"
- php: "8.2"
alpine: "3.19"
type: "cli"
- php: "8.2"
alpine: "3.19"
type: "fpm"
- php: "8.3"
alpine: "3.19"
type: "cli"
- php: "8.3"
alpine: "3.19"
type: "fpm"
steps:
- uses: actions/checkout@v2
- name: Download Images
uses: actions/download-artifact@v2
with:
name: docker-image-${{ matrix.type }}-${{ matrix.php }}-${{ matrix.alpine }}
path: ./tmp
- run: docker load --input ./tmp/image*.tar
- run: make ci-docker-login push-${{ matrix.type }}
env:
CONTAINER_REGISTRY_USERNAME: ${{ secrets.CONTAINER_REGISTRY_USERNAME }}
CONTAINER_REGISTRY_PASSWORD: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }}