[Tags] Refactor adherent status tag generator #13898
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI & CD | |
on: | |
push: | |
release: | |
types: [published] | |
env: | |
DOCKER_BUILDKIT: 1 | |
DOCKER_COMPOSE_ARGS: -f docker-compose.yml -f docker-compose.ci.yml | |
EXEC_ARGS: -T | |
# Update this to force cache reset | |
CACHE_KEY: ${{ secrets.CACHE_KEY }} | |
HASH: ${{ github.sha }} | |
TAG: ${{ github.ref_name }} | |
NODE_VERSION: 18.x | |
PHP_VERSION: 8.3.7 | |
REGISTRY: ${{ secrets.GCP_HOST_GCR }}/${{ secrets.GCP_REGISTRY_PROJECT_ID }}/${{ secrets.REGISTRY_NAME }} | |
REGISTRY_HOST: ${{ secrets.GCP_HOST_GCR }} | |
GCP_SA_KEY_GCR_PUSHER: ${{ secrets.GCP_SA_KEY_GCR_PUSHER }} | |
concurrency: | |
group: ${{ github.ref_name }} | |
cancel-in-progress: true | |
jobs: | |
build: | |
name: Build dev | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Cache composer | |
uses: actions/cache@v4 | |
with: | |
path: vendor/ | |
key: cache-${{ env.CACHE_KEY }}-composer-${{ hashFiles('composer.lock') }} | |
- uses: ./.github/actions/docker-login | |
- uses: ./.github/actions/docker-pull | |
with: | |
hash: ${{ hashFiles('Dockerfile', 'docker/*') }} | |
- uses: ./.github/actions/build | |
with: | |
hash: ${{ hashFiles('Dockerfile', 'docker/*') }} | |
- uses: ./.github/actions/docker-push | |
with: | |
hash: ${{ hashFiles('Dockerfile', 'docker/*') }} | |
build-static: | |
name: Build assets | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Cache yarn dependencies | |
uses: actions/cache@v4 | |
with: | |
path: node_modules/ | |
key: cache-${{ env.CACHE_KEY }}-yarn-${{ hashFiles('yarn.lock') }} | |
- name: Setup yarn | |
uses: ./.github/actions/setup-yarn | |
- name: Build static assets | |
run: yarn build-prod | |
- name: Cache static assets | |
uses: actions/cache@v4 | |
with: | |
path: | | |
public/built/ | |
public/css/ | |
public/select2/ | |
key: cache-${{ env.CACHE_KEY }}-static-${{ github.sha }} | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
needs: [build] | |
env: | |
EXEC: | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Cache composer | |
uses: actions/cache@v4 | |
with: | |
path: vendor/ | |
key: cache-${{ env.CACHE_KEY }}-composer-${{ hashFiles('composer.lock') }} | |
- name: Cache yarn dependencies | |
uses: actions/cache@v4 | |
with: | |
path: node_modules/ | |
key: cache-${{ env.CACHE_KEY }}-yarn-${{ hashFiles('yarn.lock') }} | |
- name: Cache PHP CS Fixer | |
uses: actions/cache@v4 | |
with: | |
path: var/.php_cs/.php_cs.cache | |
key: cache-${{ env.CACHE_KEY }}-phpcsfixer-${{ github.sha }} | |
restore-keys: | | |
cache-${{ env.CACHE_KEY }}-phpcsfixer- | |
- name: Cache PHPStan | |
uses: actions/cache@v4 | |
with: | |
path: var/phpstan-tmp/ | |
key: cache-${{ env.CACHE_KEY }}-phpstan-${{ github.sha }} | |
restore-keys: | | |
cache-${{ env.CACHE_KEY }}-phpstan- | |
- uses: ./.github/actions/setup-composer | |
- uses: ./.github/actions/setup-yarn | |
- name: PHP Coding Standards Fixer | |
run: make phpcs | |
- name: Lint YAML files | |
run: make ly | |
- name: Lint Twig files | |
run: make lt | |
- name: Lint container | |
run: make lc | |
- name: Yarn Eslint | |
run: make lj | |
- name: Yarn Prettier | |
run: make lp | |
- name: PHPStan - PHP Static Analysis Tool | |
run: make phpstan | |
- name: Local PHP Security Checker | |
run: |- | |
lastReleaseInfo=$(curl --silent "https://api.github.com/repos/fabpot/local-php-security-checker/releases/latest") | |
securityCheckVersion=$(echo "${lastReleaseInfo}" | grep '"tag_name":' | sed -E 's/.*"v(.+)",/\1/') | |
curl -L https://github.com/fabpot/local-php-security-checker/releases/download/v${securityCheckVersion}/local-php-security-checker_linux_$(dpkg --print-architecture) --output ./local-php-security-checker | |
chmod +x ./local-php-security-checker | |
./local-php-security-checker | |
phpunit: | |
name: PHPUnit | |
runs-on: ubuntu-latest | |
needs: [build] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/dependencies-cache | |
- name: Cache PHPUnit | |
uses: actions/cache@v4 | |
with: | |
path: var/.phpunit.cache/ | |
key: cache-${{ env.CACHE_KEY }}-phpunit-${{ github.sha }} | |
restore-keys: | | |
cache-${{ env.CACHE_KEY }}-phpunit- | |
- uses: ./.github/actions/docker-login | |
- uses: ./.github/actions/docker-pull | |
with: | |
hash: ${{ hashFiles('Dockerfile', 'docker/*') }} | |
- uses: ./.github/actions/build | |
with: | |
hash: ${{ hashFiles('Dockerfile', 'docker/*') }} | |
extra-containers: db rabbitmq | |
keys: true | |
cache-warmup: true | |
- name: Prepare app (assets, cache, db, rabbitmq) | |
run: make tfp | |
- env: | |
PHPUNIT_ARGS: --log-junit ./phpunit/junit.xml | |
run: |- | |
make test-phpunit | |
behat: | |
name: Behat | |
runs-on: ubuntu-latest | |
needs: [build] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/dependencies-cache | |
- uses: ./.github/actions/docker-login | |
- uses: ./.github/actions/docker-pull | |
with: | |
hash: ${{ hashFiles('Dockerfile', 'docker/*') }} | |
- uses: ./.github/actions/build | |
with: | |
hash: ${{ hashFiles('Dockerfile', 'docker/*') }} | |
extra-containers: db redis rabbitmq | |
keys: true | |
cache-warmup: true | |
- name: Prepare app (assets, cache, db, rabbitmq) | |
run: make tfp | |
- env: | |
BEHAT_ARGS: --suite=default -vvv --colors -f progress -o std -f junit -o ./behat -- | |
run: |- | |
make test-behat | |
behat-selenium: | |
name: Behat/Selenium | |
runs-on: ubuntu-latest | |
needs: [build, build-static] | |
strategy: | |
fail-fast: false | |
matrix: | |
tags: | |
- '@javascript1' | |
- '@javascript2' | |
- '@javascript3' | |
- '@ux-component' | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/dependencies-cache | |
- uses: ./.github/actions/docker-login | |
- uses: ./.github/actions/docker-pull | |
with: | |
hash: ${{ hashFiles('Dockerfile', 'docker/*') }} | |
- uses: ./.github/actions/build | |
with: | |
hash: ${{ hashFiles('Dockerfile', 'docker/*') }} | |
extra-containers: db redis rabbitmq selenium | |
keys: true | |
- name: Prepare app (assets, cache, db, rabbitmq) | |
run: make tfp | |
- env: | |
BEHAT_ARGS: --suite=javascript --tags="${{ matrix.tags }}" -vvv --colors -f progress -o std -f junit -o ./behat -- | |
run: |- | |
make test-behat | |
- uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: behat-selenium-screenshots-${{ matrix.tags }} | |
path: var/behat/ | |
retention-days: 1 | |
docker-build-push-gcr: | |
name: Build prod & push on registry | |
runs-on: ubuntu-latest | |
needs: [lint, phpunit, behat, behat-selenium] | |
if: github.event.ref == 'refs/heads/master' || github.event_name == 'release' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Cache composer | |
uses: actions/cache@v4 | |
with: | |
path: vendor/ | |
key: cache-${{ env.CACHE_KEY }}-composer-${{ hashFiles('composer.lock') }} | |
- name: Cache yarn dependencies | |
uses: actions/cache@v4 | |
with: | |
path: node_modules/ | |
key: cache-${{ env.CACHE_KEY }}-yarn-${{ hashFiles('yarn.lock') }} | |
- name: Cache static assets | |
uses: actions/cache@v4 | |
with: | |
path: | | |
public/built/ | |
public/css/ | |
public/select2/ | |
key: cache-${{ env.CACHE_KEY }}-static-${{ github.sha }} | |
- name: Setup yarn | |
uses: ./.github/actions/setup-yarn | |
- name: Build static assets | |
run: yarn build-prod | |
- uses: ./.github/actions/docker-login | |
- uses: ./.github/actions/docker-pull | |
with: | |
hash: ${{ env.HASH }} | |
tag: ${{ env.TAG }} | |
- run: perl -pi -e "s/default/${{ github.sha }}/g" ./config/packages/app_version.yaml | |
- run: |- | |
docker build \ | |
--quiet \ | |
--cache-from=${{ env.REGISTRY }}:${{ env.TAG }} \ | |
--tag ${{ env.REGISTRY }}:${{ env.TAG }}-${{ env.HASH }} \ | |
--target=php_caddy \ | |
--build-arg BUILDKIT_INLINE_CACHE=1 \ | |
. | |
- uses: ./.github/actions/docker-push | |
with: | |
hash: ${{ env.HASH }} | |
tag: ${{ env.TAG }} | |
deploy-staging: | |
name: Deploy Staging | |
runs-on: ubuntu-latest | |
needs: [docker-build-push-gcr] | |
environment: staging | |
if: github.event.ref == 'refs/heads/master' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Create Sentry release | |
uses: getsentry/action-release@v1 | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
SENTRY_ORG: ${{ secrets.SENTRY_ORG }} | |
SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }} | |
with: | |
environment: staging | |
ignore_missing: true | |
ignore_empty: true | |
- uses: google-github-actions/auth@v2 | |
with: | |
credentials_json: ${{ secrets.GCP_SA_KEY_GKE_DEPLOYER }} | |
- uses: google-github-actions/get-gke-credentials@v2 | |
with: | |
cluster_name: ${{ secrets.GKE_CLUSTER }} | |
location: ${{ secrets.GKE_REGION }} | |
- run: |- | |
for GKE_DEPLOYMENT in $(echo ${{ vars.GKE_DEPLOYMENTS }}); do | |
kubectl set image deployment/$GKE_DEPLOYMENT ${{ secrets.GKE_CONTAINER }}=${{ env.REGISTRY }}:$TAG-$HASH | |
done |