From 1993602af8d63fecb97d4aed7b093359c2631ef0 Mon Sep 17 00:00:00 2001 From: Michael Schiemer Date: Thu, 17 Jul 2025 19:39:52 +0200 Subject: [PATCH] chore: update ci-cd.yml --- .gitea/workflows/ci-cd.yml | 82 +++++++++++++++++++------------------- 1 file changed, 41 insertions(+), 41 deletions(-) diff --git a/.gitea/workflows/ci-cd.yml b/.gitea/workflows/ci-cd.yml index 95afc277..91c44219 100644 --- a/.gitea/workflows/ci-cd.yml +++ b/.gitea/workflows/ci-cd.yml @@ -13,7 +13,7 @@ env: jobs: test: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 container: image: php:8.4-cli services: @@ -24,18 +24,18 @@ jobs: env: MYSQL_ROOT_PASSWORD: test MYSQL_DATABASE: test - + steps: - name: Checkout Code uses: actions/checkout@v4 - + - name: Install System Dependencies run: | apt-get update && apt-get install -y \ git unzip libzip-dev libpng-dev libjpeg-dev \ libfreetype6-dev libwebp-dev libavif-dev \ libxpm-dev curl - + - name: Install PHP Extensions run: | docker-php-ext-configure gd \ @@ -43,26 +43,26 @@ jobs: --with-avif --with-xpm docker-php-ext-install -j$(nproc) \ gd zip pdo pdo_mysql opcache pcntl posix shmop - + - name: Install Composer run: | curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer - + - name: Cache Composer Dependencies uses: actions/cache@v3 with: path: ~/.composer/cache key: composer-${{ hashFiles('**/composer.lock') }} restore-keys: composer- - + - name: Install Dependencies run: | composer install --no-progress --prefer-dist --optimize-autoloader - + - name: Run PHP CS Fixer (Check) run: | composer cs - + - name: Run Tests run: | ./vendor/bin/pest @@ -78,16 +78,16 @@ jobs: security-scan: runs-on: ubuntu-latest needs: test - + steps: - name: Checkout Code uses: actions/checkout@v4 - + - name: Run Security Scan run: | # Composer-Audit für bekannte Vulnerabilities composer audit --format=json || true - + # Grundlegende Sicherheitsscans find . -name "*.php" -exec grep -l "eval\|system\|exec\|shell_exec" {} \; || true @@ -95,18 +95,18 @@ jobs: needs: [test, security-scan] runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop' - + steps: - name: Checkout Code uses: actions/checkout@v4 - + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - + - name: Login to Private Registry run: | echo ${{ secrets.REGISTRY_PASSWORD }} | docker login ${{ env.REGISTRY_URL }} -u ${{ secrets.REGISTRY_USERNAME }} --password-stdin - + - name: Determine Image Tag id: tag run: | @@ -117,7 +117,7 @@ jobs: echo "tag=develop" >> $GITHUB_OUTPUT echo "env=staging" >> $GITHUB_OUTPUT fi - + - name: Build and Push PHP Image run: | docker buildx build --push \ @@ -127,7 +127,7 @@ jobs: -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:${{ steps.tag.outputs.tag }} \ -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:${{ github.sha }} \ -f docker/php/Dockerfile . - + - name: Build and Push Nginx Image run: | docker buildx build --push \ @@ -135,7 +135,7 @@ jobs: -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:${{ steps.tag.outputs.tag }} \ -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:${{ github.sha }} \ -f docker/nginx/Dockerfile . - + - name: Build and Push Worker Image run: | docker buildx build --push \ @@ -155,42 +155,42 @@ jobs: runs-on: ubuntu-latest if: github.ref == 'refs/heads/develop' environment: staging - + steps: - name: Checkout Code uses: actions/checkout@v4 - + - name: Setup SSH run: | mkdir -p ~/.ssh echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa ssh-keyscan -H ${{ secrets.STAGING_HOST }} >> ~/.ssh/known_hosts - + - name: Deploy to Staging run: | ssh -i ~/.ssh/id_rsa ${{ secrets.STAGING_USER }}@${{ secrets.STAGING_HOST }} << 'EOF' cd /var/www/michaelschiemer - + # Registry-Login echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY_URL }} -u ${{ secrets.REGISTRY_USERNAME }} --password-stdin - + # Images pullen docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:develop docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:develop docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/worker:develop - + # Environment auf develop setzen sed -i 's/IMAGE_TAG=.*/IMAGE_TAG=develop/' .env - + # Services neustarten docker compose pull docker compose up -d - + # Aufräumen docker system prune -f EOF - + - name: Health Check Staging run: | sleep 30 @@ -201,42 +201,42 @@ jobs: runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' environment: production - + steps: - name: Checkout Code uses: actions/checkout@v4 - + - name: Setup SSH run: | mkdir -p ~/.ssh echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa ssh-keyscan -H ${{ secrets.PRODUCTION_HOST }} >> ~/.ssh/known_hosts - + - name: Deploy to Production run: | ssh -i ~/.ssh/id_rsa ${{ secrets.PRODUCTION_USER }}@${{ secrets.PRODUCTION_HOST }} << 'EOF' cd /var/www/michaelschiemer - + # Registry-Login echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY_URL }} -u ${{ secrets.REGISTRY_USERNAME }} --password-stdin - + # Images pullen docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:latest docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:latest docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/worker:latest - + # Environment auf latest setzen sed -i 's/IMAGE_TAG=.*/IMAGE_TAG=latest/' .env - + # Services neustarten docker compose pull docker compose up -d - + # Aufräumen docker system prune -f EOF - + - name: Health Check Production run: | sleep 30 @@ -246,7 +246,7 @@ jobs: needs: [deploy-staging, deploy-production] runs-on: ubuntu-latest if: always() - + steps: - name: Clean up old images run: | @@ -258,17 +258,17 @@ jobs: needs: [deploy-staging, deploy-production] runs-on: ubuntu-latest if: always() - + steps: - name: Notify Deployment Status run: | STATUS="${{ job.status }}" BRANCH="${{ github.ref_name }}" - + if [ "$STATUS" = "success" ]; then echo "✅ Deployment erfolgreich für Branch: $BRANCH" else echo "❌ Deployment fehlgeschlagen für Branch: $BRANCH" fi - + # Hier könnten Sie Slack/Email-Benachrichtigungen hinzufügen