Merge pull request #199 from usabilla/dependabot/github_actions/dot-g… #462
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous Integration | |
env: | |
DOCKER_IMAGE: usabillabv/php | |
DOCKER_BUILDKIT: 1 | |
DOCKER_CLI_EXPERIMENTAL: enabled | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
schedule: | |
- cron: '3 3 * * 1' | |
jobs: | |
supported-alpine-versions: | |
name: Supported Alpine versions | |
runs-on: ubuntu-latest | |
outputs: | |
alpine: ${{ steps.supported-alpine-versions.outputs.versions }} | |
steps: | |
- id: supported-alpine-versions | |
name: Generate Alpine | |
shell: bash | |
run: | | |
echo "::set-output name=versions::[\"3.14\", \"3.13\", \"3.12\", \"3.11\"]" | |
supported-nginx-versions: | |
name: Supported nginx versions | |
runs-on: ubuntu-latest | |
outputs: | |
nginx: ${{ steps.supported-nginx-versions.outputs.versions }} | |
steps: | |
- id: supported-nginx-versions | |
name: Generate nginx | |
shell: bash | |
run: | # The "1.19-nginx1-nginx" in here will be changed to "1.19 nginx1 nginx" when calling ./build-http.sh | |
echo "::set-output name=versions::[\"1.19-nginx1-nginx\", \"1.18\"]" | |
supported-php-versions: | |
name: Supported PHP versions | |
runs-on: ubuntu-latest | |
outputs: | |
php: ${{ steps.supported-php-versions.outputs.versions }} | |
steps: | |
- id: supported-php-versions | |
name: Generate PHP | |
shell: bash | |
run: | | |
echo "::set-output name=versions::[\"7.4\", \"7.3\"]" | |
php-type-matrix: | |
name: PHP Type Matrix | |
runs-on: ubuntu-latest | |
outputs: | |
type: ${{ steps.php-type-matrix.outputs.type }} | |
steps: | |
- id: php-type-matrix | |
name: Generate Type | |
shell: bash | |
run: | | |
echo "::set-output name=type::[\"cli\", \"fpm\"]" | |
type-matrix: | |
name: Type Matrix | |
runs-on: ubuntu-latest | |
needs: | |
- php-type-matrix | |
outputs: | |
type: ${{ steps.type-matrix.outputs.type }} | |
steps: | |
- id: type-matrix | |
name: Generate Type | |
shell: bash | |
run: | | |
echo "::set-output name=type::[\"cli\", \"fpm\", \"http\"]" | |
lint-docker: | |
name: Lint Dockerfile-${{ matrix.type }} | |
runs-on: ubuntu-latest | |
needs: | |
- type-matrix | |
strategy: | |
fail-fast: false | |
matrix: | |
type: ${{ fromJson(needs.type-matrix.outputs.type) }} | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Lint Dockerfile-${{ matrix.type }} | |
uses: docker://hadolint/hadolint:latest-debian | |
with: | |
entrypoint: hadolint | |
args: Dockerfile-${{ matrix.type }} | |
lint-shell: | |
name: Lint shell scripts | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v2 | |
- id: files | |
name: Generate shell script file list | |
shell: bash | |
run: | | |
list=$(ls src/http/nginx/docker* src/php/utils/install-* src/php/utils/docker/* build* test-* | tr "\n" " " | sed -z '$ s/\n$//') | |
echo -e "::set-output name=list::/github/workspace/${list// / /github/workspace/}build-http.sh" | |
- name: Lint shell scripts | |
uses: docker://koalaman/shellcheck:latest | |
with: | |
args: ${{ steps.files.outputs.list }} | |
build-http: | |
name: Build nginx ${{ matrix.nginx }} | |
needs: | |
- lint-docker | |
- lint-shell | |
- supported-nginx-versions | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
nginx: ${{ fromJson(needs.supported-nginx-versions.outputs.nginx) }} | |
steps: | |
- uses: actions/checkout@v2 | |
- run: ./build-http.sh $(echo "${{ matrix.nginx }}" | tr '-' ' ') | |
shell: bash | |
- run: cat ./tmp/build-http.tags | xargs -I % docker inspect --format='%={{.Id}}:{{index .Config.Env 7}}' % | |
shell: bash | |
- run: docker save "${DOCKER_IMAGE}" | gzip -9 > ./tmp/image-http-${{ matrix.nginx }}.tar | |
shell: bash | |
- name: Upload Images | |
uses: actions/upload-artifact@v2 | |
with: | |
name: docker-image-http-${{ matrix.nginx }} | |
path: ./tmp | |
build-prometheus-exporter-file: | |
name: Build prometheus-exporter-file | |
needs: | |
- lint-docker | |
- lint-shell | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v2 | |
- run: make build-prometheus-exporter-file | |
shell: bash | |
- run: cat ./tmp/build-prometheus-exporter-file.tags | xargs -I % docker inspect --format='%={{.Id}}:{{index .Config.Env 7}}' % | |
shell: bash | |
- run: docker save "${DOCKER_IMAGE}" | gzip -9 > ./tmp/image-prometheus-exporter-file.tar | |
shell: bash | |
- name: Upload Images | |
uses: actions/upload-artifact@v2 | |
with: | |
name: docker-image-prometheus-exporter-file | |
path: ./tmp | |
build-php: | |
name: Build PHP ${{ matrix.php }} for ${{ matrix.type }} on Alpine ${{ matrix.alpine }} | |
needs: | |
- lint-docker | |
- lint-shell | |
- supported-alpine-versions | |
- supported-php-versions | |
- php-type-matrix | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
alpine: ${{ fromJson(needs.supported-alpine-versions.outputs.alpine) }} | |
php: ${{ fromJson(needs.supported-php-versions.outputs.php) }} | |
type: ${{ fromJson(needs.php-type-matrix.outputs.type) }} | |
include: | |
- php: "7.1" | |
alpine: "3.10" | |
type: cli | |
- php: "7.1" | |
alpine: "3.10" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.14" | |
type: cli | |
- php: "8.0" | |
alpine: "3.14" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.15" | |
type: cli | |
- php: "8.0" | |
alpine: "3.15" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.16" | |
type: cli | |
- php: "8.0" | |
alpine: "3.16" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.15" | |
type: cli | |
- php: "8.1" | |
alpine: "3.15" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.16" | |
type: cli | |
- php: "8.1" | |
alpine: "3.16" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.17" | |
type: cli | |
- php: "8.1" | |
alpine: "3.17" | |
type: fpm | |
- php: "8.2" | |
alpine: "3.17" | |
type: "cli" | |
- php: "8.2" | |
alpine: "3.17" | |
type: "fpm" | |
- php: "8.2" | |
alpine: "3.19" | |
type: "cli" | |
- php: "8.2" | |
alpine: "3.19" | |
type: "fpm" | |
- php: "8.3" | |
alpine: "3.19" | |
type: "cli" | |
- php: "8.3" | |
alpine: "3.19" | |
type: "fpm" | |
steps: | |
- uses: actions/checkout@v2 | |
- run: ./build-php.sh ${{ matrix.type }} ${{ matrix.php }} ${{ matrix.alpine }} | |
shell: bash | |
- run: cat ./tmp/build-${{ matrix.type }}.tags | xargs -I % docker inspect --format='%={{.Id}}:{{index .Config.Env 7}}' % | |
shell: bash | |
- run: docker save "${DOCKER_IMAGE}" | gzip -9 > ./tmp/image-${{ matrix.type }}-${{ matrix.php }}-${{ matrix.alpine }}.tar | |
shell: bash | |
- name: Upload Images | |
uses: actions/upload-artifact@v2 | |
with: | |
name: docker-image-${{ matrix.type }}-${{ matrix.php }}-${{ matrix.alpine }} | |
path: ./tmp | |
scan-vulnerability-php: | |
name: Scan PHP ${{ matrix.php }} for ${{ matrix.type }} on Alpine ${{ matrix.alpine }} for vulnerabilities | |
needs: | |
- build-php | |
- build-http | |
- build-prometheus-exporter-file | |
- supported-alpine-versions | |
- supported-php-versions | |
- php-type-matrix | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
alpine: ${{ fromJson(needs.supported-alpine-versions.outputs.alpine) }} | |
php: ${{ fromJson(needs.supported-php-versions.outputs.php) }} | |
type: ${{ fromJson(needs.php-type-matrix.outputs.type) }} | |
include: | |
- php: "7.1" | |
alpine: "3.10" | |
type: cli | |
- php: "7.1" | |
alpine: "3.10" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.14" | |
type: cli | |
- php: "8.0" | |
alpine: "3.14" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.15" | |
type: cli | |
- php: "8.0" | |
alpine: "3.15" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.16" | |
type: cli | |
- php: "8.0" | |
alpine: "3.16" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.15" | |
type: cli | |
- php: "8.1" | |
alpine: "3.15" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.16" | |
type: cli | |
- php: "8.1" | |
alpine: "3.16" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.17" | |
type: cli | |
- php: "8.1" | |
alpine: "3.17" | |
type: fpm | |
- php: "8.2" | |
alpine: "3.17" | |
type: "cli" | |
- php: "8.2" | |
alpine: "3.17" | |
type: "fpm" | |
- php: "8.2" | |
alpine: "3.19" | |
type: "cli" | |
- php: "8.2" | |
alpine: "3.19" | |
type: "fpm" | |
- php: "8.3" | |
alpine: "3.19" | |
type: "cli" | |
- php: "8.3" | |
alpine: "3.19" | |
type: "fpm" | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install clair-scanner | |
shell: bash | |
run: | | |
sudo curl -L https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 -o /usr/local/bin/clair-scanner | |
sudo chmod +x /usr/local/bin/clair-scanner | |
- name: Download Docker image to scan | |
uses: actions/[email protected] | |
with: | |
name: docker-image-${{ matrix.type }}-${{ matrix.php }}-${{ matrix.alpine }} | |
path: ./tmp | |
- run: docker load --input ./tmp/image*.tar | |
- run: mkdir -p "./clair/${DOCKER_IMAGE}" | |
- run: make scan-vulnerability | |
scan-vulnerability-http: | |
name: Scan nginx ${{ matrix.nginx }} for vulnerabilities | |
needs: | |
- build-php | |
- build-http | |
- build-prometheus-exporter-file | |
- supported-nginx-versions | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
nginx: ${{ fromJson(needs.supported-nginx-versions.outputs.nginx) }} | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install clair-scanner | |
shell: bash | |
run: | | |
sudo curl -L https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 -o /usr/local/bin/clair-scanner | |
sudo chmod +x /usr/local/bin/clair-scanner | |
- name: Download Docker image to scan | |
uses: actions/[email protected] | |
with: | |
name: docker-image-http-${{ matrix.nginx }} | |
path: ./tmp | |
- run: docker load --input ./tmp/image*.tar | |
shell: bash | |
- run: mkdir -p "./clair/${DOCKER_IMAGE}" | |
shell: bash | |
- run: make scan-vulnerability | |
shell: bash | |
scan-vulnerability-prometheus-exporter-file: | |
name: Scan HTTP prometheus-exporter-file for vulnerabilities | |
needs: | |
- build-php | |
- build-http | |
- build-prometheus-exporter-file | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install clair-scanner | |
shell: bash | |
run: | | |
sudo curl -L https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 -o /usr/local/bin/clair-scanner | |
sudo chmod +x /usr/local/bin/clair-scanner | |
- name: Download Images | |
uses: actions/[email protected] | |
with: | |
name: docker-image-prometheus-exporter-file | |
path: ./tmp | |
- run: docker load --input ./tmp/image*.tar | |
- run: mkdir -p "./clair/${DOCKER_IMAGE}" | |
- run: make scan-vulnerability | |
test-php: | |
name: Functionaly test PHP ${{ matrix.php }} for ${{ matrix.type }} on Alpine ${{ matrix.alpine }} | |
needs: | |
- build-php | |
- build-http | |
- build-prometheus-exporter-file | |
- supported-alpine-versions | |
- supported-php-versions | |
- php-type-matrix | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
alpine: ${{ fromJson(needs.supported-alpine-versions.outputs.alpine) }} | |
php: ${{ fromJson(needs.supported-php-versions.outputs.php) }} | |
type: ${{ fromJson(needs.php-type-matrix.outputs.type) }} | |
include: | |
- php: "7.1" | |
alpine: "3.10" | |
type: cli | |
- php: "7.1" | |
alpine: "3.10" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.14" | |
type: cli | |
- php: "8.0" | |
alpine: "3.14" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.15" | |
type: cli | |
- php: "8.0" | |
alpine: "3.15" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.16" | |
type: cli | |
- php: "8.0" | |
alpine: "3.16" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.15" | |
type: cli | |
- php: "8.1" | |
alpine: "3.15" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.16" | |
type: cli | |
- php: "8.1" | |
alpine: "3.16" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.17" | |
type: cli | |
- php: "8.1" | |
alpine: "3.17" | |
type: fpm | |
- php: "8.2" | |
alpine: "3.17" | |
type: "cli" | |
- php: "8.2" | |
alpine: "3.17" | |
type: "fpm" | |
- php: "8.2" | |
alpine: "3.19" | |
type: "cli" | |
- php: "8.2" | |
alpine: "3.19" | |
type: "fpm" | |
- php: "8.3" | |
alpine: "3.19" | |
type: "cli" | |
- php: "8.3" | |
alpine: "3.19" | |
type: "fpm" | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Download Images | |
uses: actions/[email protected] | |
with: | |
name: docker-image-${{ matrix.type }}-${{ matrix.php }}-${{ matrix.alpine }} | |
path: ./tmp | |
- run: docker load --input ./tmp/image*.tar | |
- run: make test-${{ matrix.type }} | |
test-http: | |
name: Functionaly test nginx ${{ matrix.nginx }} with PHP FPM ${{ matrix.php }} on Alpine ${{ matrix.alpine }} | |
needs: | |
- build-http | |
- build-php | |
- build-prometheus-exporter-file | |
- supported-alpine-versions | |
- supported-nginx-versions | |
- supported-php-versions | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
alpine: ${{ fromJson(needs.supported-alpine-versions.outputs.alpine) }} | |
nginx: ${{ fromJson(needs.supported-nginx-versions.outputs.nginx) }} | |
php: ${{ fromJson(needs.supported-php-versions.outputs.php) }} | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Download PHP Images | |
uses: actions/[email protected] | |
with: | |
name: docker-image-fpm-${{ matrix.php }}-${{ matrix.alpine }} | |
path: ./tmp | |
- name: Download nginx Images | |
uses: actions/[email protected] | |
with: | |
name: docker-image-http-${{ matrix.nginx }} | |
path: ./tmp | |
- run: docker load --input ./tmp/image-fpm-${{ matrix.php }}-${{ matrix.alpine }}.tar | |
- run: docker load --input ./tmp/image-http-${{ matrix.nginx }}.tar | |
- run: sudo chown -R 1000:1000 ./test/functional/web/tmp/ # Ensure we have the same uid:gid as our `app` docker user | |
shell: bash | |
- run: make test-http | |
- run: make test-http-e2e | |
test-prometheus-exporter-file: | |
name: Functionaly test prometheus-exporter-file | |
needs: | |
- build-http | |
- build-php | |
- build-prometheus-exporter-file | |
- supported-nginx-versions | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Download nginx Images | |
uses: actions/[email protected] | |
with: | |
name: docker-image-prometheus-exporter-file | |
path: ./tmp | |
- run: docker load --input ./tmp/image-prometheus-exporter-file.tar | |
- run: sudo chown -R 1000:1000 ./test/functional/web/tmp/ # Ensure we have the same uid:gid as our `app` docker user | |
shell: bash | |
- run: make test-prometheus-exporter-file-e2e | |
check-mark: # This is our required step, pay extra attention when this step is changed for what ever reason | |
name: ✔️ | |
needs: | |
- test-http | |
- test-php | |
- test-prometheus-exporter-file | |
- scan-vulnerability-http | |
- scan-vulnerability-php | |
- scan-vulnerability-prometheus-exporter-file | |
runs-on: ubuntu-latest | |
steps: | |
- run: echo "✔️" | |
push-prometheus-exporter-file: | |
name: Push prometheus-exporter-file | |
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master' | |
needs: | |
- test-http | |
- test-php | |
- test-prometheus-exporter-file | |
- scan-vulnerability-http | |
- scan-vulnerability-php | |
- scan-vulnerability-prometheus-exporter-file | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Download Images | |
uses: actions/[email protected] | |
with: | |
name: docker-image-prometheus-exporter-file | |
path: ./tmp | |
- run: docker load --input ./tmp/image*.tar | |
- run: make ci-docker-login push-prometheus-exporter-file | |
env: | |
CONTAINER_REGISTRY_USERNAME: ${{ secrets.CONTAINER_REGISTRY_USERNAME }} | |
CONTAINER_REGISTRY_PASSWORD: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }} | |
push-http: | |
name: Push nginx ${{ matrix.nginx }} | |
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master' | |
needs: | |
- test-http | |
- test-php | |
- test-prometheus-exporter-file | |
- scan-vulnerability-http | |
- scan-vulnerability-php | |
- scan-vulnerability-prometheus-exporter-file | |
- supported-nginx-versions | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
nginx: ${{ fromJson(needs.supported-nginx-versions.outputs.nginx) }} | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Download Images | |
uses: actions/[email protected] | |
with: | |
name: docker-image-http-${{ matrix.nginx }} | |
path: ./tmp | |
- run: docker load --input ./tmp/image*.tar | |
- run: make ci-docker-login push-http | |
env: | |
CONTAINER_REGISTRY_USERNAME: ${{ secrets.CONTAINER_REGISTRY_USERNAME }} | |
CONTAINER_REGISTRY_PASSWORD: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }} | |
push-php: | |
name: Push PHP ${{ matrix.php }} for ${{ matrix.type }} on Alpine ${{ matrix.alpine }} | |
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master' | |
needs: | |
- test-http | |
- test-php | |
- test-prometheus-exporter-file | |
- scan-vulnerability-http | |
- scan-vulnerability-php | |
- scan-vulnerability-prometheus-exporter-file | |
- supported-alpine-versions | |
- supported-php-versions | |
- php-type-matrix | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
alpine: ${{ fromJson(needs.supported-alpine-versions.outputs.alpine) }} | |
php: ${{ fromJson(needs.supported-php-versions.outputs.php) }} | |
type: ${{ fromJson(needs.php-type-matrix.outputs.type) }} | |
include: | |
- php: "7.1" | |
alpine: "3.10" | |
type: cli | |
- php: "7.1" | |
alpine: "3.10" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.14" | |
type: cli | |
- php: "8.0" | |
alpine: "3.14" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.15" | |
type: cli | |
- php: "8.0" | |
alpine: "3.15" | |
type: fpm | |
- php: "8.0" | |
alpine: "3.16" | |
type: cli | |
- php: "8.0" | |
alpine: "3.16" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.15" | |
type: cli | |
- php: "8.1" | |
alpine: "3.15" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.16" | |
type: cli | |
- php: "8.1" | |
alpine: "3.16" | |
type: fpm | |
- php: "8.1" | |
alpine: "3.17" | |
type: cli | |
- php: "8.1" | |
alpine: "3.17" | |
type: fpm | |
- php: "8.2" | |
alpine: "3.17" | |
type: "cli" | |
- php: "8.2" | |
alpine: "3.17" | |
type: "fpm" | |
- php: "8.2" | |
alpine: "3.19" | |
type: "cli" | |
- php: "8.2" | |
alpine: "3.19" | |
type: "fpm" | |
- php: "8.3" | |
alpine: "3.19" | |
type: "cli" | |
- php: "8.3" | |
alpine: "3.19" | |
type: "fpm" | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Download Images | |
uses: actions/[email protected] | |
with: | |
name: docker-image-${{ matrix.type }}-${{ matrix.php }}-${{ matrix.alpine }} | |
path: ./tmp | |
- run: docker load --input ./tmp/image*.tar | |
- run: make ci-docker-login push-${{ matrix.type }} | |
env: | |
CONTAINER_REGISTRY_USERNAME: ${{ secrets.CONTAINER_REGISTRY_USERNAME }} | |
CONTAINER_REGISTRY_PASSWORD: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }} |