chore: update ci-cd.yml

.gitea/workflows/ci-cd.yml

@@ -13,7 +13,7 @@ env:
 
 jobs:
   test:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     container:
       image: php:8.4-cli
     services:
@@ -24,18 +24,18 @@ jobs:
         env:
           MYSQL_ROOT_PASSWORD: test
           MYSQL_DATABASE: test
-        
+
     steps:
     - name: Checkout Code
       uses: actions/checkout@v4
-    
+
     - name: Install System Dependencies
       run: |
         apt-get update && apt-get install -y \
           git unzip libzip-dev libpng-dev libjpeg-dev \
           libfreetype6-dev libwebp-dev libavif-dev \
           libxpm-dev curl
-        
+
     - name: Install PHP Extensions
       run: |
         docker-php-ext-configure gd \
@@ -43,26 +43,26 @@ jobs:
           --with-avif --with-xpm
         docker-php-ext-install -j$(nproc) \
           gd zip pdo pdo_mysql opcache pcntl posix shmop
-        
+
     - name: Install Composer
       run: |
         curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
-        
+
     - name: Cache Composer Dependencies
       uses: actions/cache@v3
       with:
         path: ~/.composer/cache
         key: composer-${{ hashFiles('**/composer.lock') }}
         restore-keys: composer-
-        
+
     - name: Install Dependencies
       run: |
         composer install --no-progress --prefer-dist --optimize-autoloader
-      
+
     - name: Run PHP CS Fixer (Check)
       run: |
         composer cs
-      
+
     - name: Run Tests
       run: |
         ./vendor/bin/pest
@@ -78,16 +78,16 @@ jobs:
   security-scan:
     runs-on: ubuntu-latest
     needs: test
-    
+
     steps:
     - name: Checkout Code
       uses: actions/checkout@v4
-      
+
     - name: Run Security Scan
       run: |
         # Composer-Audit für bekannte Vulnerabilities
         composer audit --format=json || true
-        
+
         # Grundlegende Sicherheitsscans
         find . -name "*.php" -exec grep -l "eval\|system\|exec\|shell_exec" {} \; || true
 
@@ -95,18 +95,18 @@ jobs:
     needs: [test, security-scan]
     runs-on: ubuntu-latest
     if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop'
-    
+
     steps:
     - name: Checkout Code
       uses: actions/checkout@v4
-    
+
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v3
-      
+
     - name: Login to Private Registry
       run: |
         echo ${{ secrets.REGISTRY_PASSWORD }} | docker login ${{ env.REGISTRY_URL }} -u ${{ secrets.REGISTRY_USERNAME }} --password-stdin
-        
+
     - name: Determine Image Tag
       id: tag
       run: |
@@ -117,7 +117,7 @@ jobs:
           echo "tag=develop" >> $GITHUB_OUTPUT
           echo "env=staging" >> $GITHUB_OUTPUT
         fi
-        
+
     - name: Build and Push PHP Image
       run: |
         docker buildx build --push \
@@ -127,7 +127,7 @@ jobs:
           -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:${{ steps.tag.outputs.tag }} \
           -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:${{ github.sha }} \
           -f docker/php/Dockerfile .
-        
+
     - name: Build and Push Nginx Image
       run: |
         docker buildx build --push \
@@ -135,7 +135,7 @@ jobs:
           -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:${{ steps.tag.outputs.tag }} \
           -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:${{ github.sha }} \
           -f docker/nginx/Dockerfile .
-          
+
     - name: Build and Push Worker Image
       run: |
         docker buildx build --push \
@@ -155,42 +155,42 @@ jobs:
     runs-on: ubuntu-latest
     if: github.ref == 'refs/heads/develop'
     environment: staging
-    
+
     steps:
     - name: Checkout Code
       uses: actions/checkout@v4
-      
+
     - name: Setup SSH
       run: |
         mkdir -p ~/.ssh
         echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
         chmod 600 ~/.ssh/id_rsa
         ssh-keyscan -H ${{ secrets.STAGING_HOST }} >> ~/.ssh/known_hosts
-        
+
     - name: Deploy to Staging
       run: |
         ssh -i ~/.ssh/id_rsa ${{ secrets.STAGING_USER }}@${{ secrets.STAGING_HOST }} << 'EOF'
           cd /var/www/michaelschiemer
-          
+
           # Registry-Login
           echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY_URL }} -u ${{ secrets.REGISTRY_USERNAME }} --password-stdin
-          
+
           # Images pullen
           docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:develop
           docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:develop
           docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/worker:develop
-          
+
           # Environment auf develop setzen
           sed -i 's/IMAGE_TAG=.*/IMAGE_TAG=develop/' .env
-          
+
           # Services neustarten
           docker compose pull
           docker compose up -d
-          
+
           # Aufräumen
           docker system prune -f
         EOF
-        
+
     - name: Health Check Staging
       run: |
         sleep 30
@@ -201,42 +201,42 @@ jobs:
     runs-on: ubuntu-latest
     if: github.ref == 'refs/heads/main'
     environment: production
-    
+
     steps:
     - name: Checkout Code
       uses: actions/checkout@v4
-      
+
     - name: Setup SSH
       run: |
         mkdir -p ~/.ssh
         echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
         chmod 600 ~/.ssh/id_rsa
         ssh-keyscan -H ${{ secrets.PRODUCTION_HOST }} >> ~/.ssh/known_hosts
-        
+
     - name: Deploy to Production
       run: |
         ssh -i ~/.ssh/id_rsa ${{ secrets.PRODUCTION_USER }}@${{ secrets.PRODUCTION_HOST }} << 'EOF'
           cd /var/www/michaelschiemer
-          
+
           # Registry-Login
           echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY_URL }} -u ${{ secrets.REGISTRY_USERNAME }} --password-stdin
-          
+
           # Images pullen
           docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:latest
           docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:latest
           docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/worker:latest
-          
+
           # Environment auf latest setzen
           sed -i 's/IMAGE_TAG=.*/IMAGE_TAG=latest/' .env
-          
+
           # Services neustarten
           docker compose pull
           docker compose up -d
-          
+
           # Aufräumen
           docker system prune -f
         EOF
-           
+
     - name: Health Check Production
       run: |
         sleep 30
@@ -246,7 +246,7 @@ jobs:
     needs: [deploy-staging, deploy-production]
     runs-on: ubuntu-latest
     if: always()
-    
+
     steps:
     - name: Clean up old images
       run: |
@@ -258,17 +258,17 @@ jobs:
     needs: [deploy-staging, deploy-production]
     runs-on: ubuntu-latest
     if: always()
-    
+
     steps:
     - name: Notify Deployment Status
       run: |
         STATUS="${{ job.status }}"
         BRANCH="${{ github.ref_name }}"
-        
+
         if [ "$STATUS" = "success" ]; then
           echo "✅ Deployment erfolgreich für Branch: $BRANCH"
         else
           echo "❌ Deployment fehlgeschlagen für Branch: $BRANCH"
         fi
-        
+
         # Hier könnten Sie Slack/Email-Benachrichtigungen hinzufügen