chore: update ci-cd.yml
This commit is contained in:
@@ -13,7 +13,7 @@ env:
|
||||
|
||||
jobs:
|
||||
test:
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-22.04
|
||||
container:
|
||||
image: php:8.4-cli
|
||||
services:
|
||||
@@ -24,18 +24,18 @@ jobs:
|
||||
env:
|
||||
MYSQL_ROOT_PASSWORD: test
|
||||
MYSQL_DATABASE: test
|
||||
|
||||
|
||||
steps:
|
||||
- name: Checkout Code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
|
||||
- name: Install System Dependencies
|
||||
run: |
|
||||
apt-get update && apt-get install -y \
|
||||
git unzip libzip-dev libpng-dev libjpeg-dev \
|
||||
libfreetype6-dev libwebp-dev libavif-dev \
|
||||
libxpm-dev curl
|
||||
|
||||
|
||||
- name: Install PHP Extensions
|
||||
run: |
|
||||
docker-php-ext-configure gd \
|
||||
@@ -43,26 +43,26 @@ jobs:
|
||||
--with-avif --with-xpm
|
||||
docker-php-ext-install -j$(nproc) \
|
||||
gd zip pdo pdo_mysql opcache pcntl posix shmop
|
||||
|
||||
|
||||
- name: Install Composer
|
||||
run: |
|
||||
curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
|
||||
|
||||
|
||||
- name: Cache Composer Dependencies
|
||||
uses: actions/cache@v3
|
||||
with:
|
||||
path: ~/.composer/cache
|
||||
key: composer-${{ hashFiles('**/composer.lock') }}
|
||||
restore-keys: composer-
|
||||
|
||||
|
||||
- name: Install Dependencies
|
||||
run: |
|
||||
composer install --no-progress --prefer-dist --optimize-autoloader
|
||||
|
||||
|
||||
- name: Run PHP CS Fixer (Check)
|
||||
run: |
|
||||
composer cs
|
||||
|
||||
|
||||
- name: Run Tests
|
||||
run: |
|
||||
./vendor/bin/pest
|
||||
@@ -78,16 +78,16 @@ jobs:
|
||||
security-scan:
|
||||
runs-on: ubuntu-latest
|
||||
needs: test
|
||||
|
||||
|
||||
steps:
|
||||
- name: Checkout Code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
|
||||
- name: Run Security Scan
|
||||
run: |
|
||||
# Composer-Audit für bekannte Vulnerabilities
|
||||
composer audit --format=json || true
|
||||
|
||||
|
||||
# Grundlegende Sicherheitsscans
|
||||
find . -name "*.php" -exec grep -l "eval\|system\|exec\|shell_exec" {} \; || true
|
||||
|
||||
@@ -95,18 +95,18 @@ jobs:
|
||||
needs: [test, security-scan]
|
||||
runs-on: ubuntu-latest
|
||||
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop'
|
||||
|
||||
|
||||
steps:
|
||||
- name: Checkout Code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
|
||||
- name: Login to Private Registry
|
||||
run: |
|
||||
echo ${{ secrets.REGISTRY_PASSWORD }} | docker login ${{ env.REGISTRY_URL }} -u ${{ secrets.REGISTRY_USERNAME }} --password-stdin
|
||||
|
||||
|
||||
- name: Determine Image Tag
|
||||
id: tag
|
||||
run: |
|
||||
@@ -117,7 +117,7 @@ jobs:
|
||||
echo "tag=develop" >> $GITHUB_OUTPUT
|
||||
echo "env=staging" >> $GITHUB_OUTPUT
|
||||
fi
|
||||
|
||||
|
||||
- name: Build and Push PHP Image
|
||||
run: |
|
||||
docker buildx build --push \
|
||||
@@ -127,7 +127,7 @@ jobs:
|
||||
-t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:${{ steps.tag.outputs.tag }} \
|
||||
-t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:${{ github.sha }} \
|
||||
-f docker/php/Dockerfile .
|
||||
|
||||
|
||||
- name: Build and Push Nginx Image
|
||||
run: |
|
||||
docker buildx build --push \
|
||||
@@ -135,7 +135,7 @@ jobs:
|
||||
-t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:${{ steps.tag.outputs.tag }} \
|
||||
-t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:${{ github.sha }} \
|
||||
-f docker/nginx/Dockerfile .
|
||||
|
||||
|
||||
- name: Build and Push Worker Image
|
||||
run: |
|
||||
docker buildx build --push \
|
||||
@@ -155,42 +155,42 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.ref == 'refs/heads/develop'
|
||||
environment: staging
|
||||
|
||||
|
||||
steps:
|
||||
- name: Checkout Code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
|
||||
- name: Setup SSH
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
|
||||
chmod 600 ~/.ssh/id_rsa
|
||||
ssh-keyscan -H ${{ secrets.STAGING_HOST }} >> ~/.ssh/known_hosts
|
||||
|
||||
|
||||
- name: Deploy to Staging
|
||||
run: |
|
||||
ssh -i ~/.ssh/id_rsa ${{ secrets.STAGING_USER }}@${{ secrets.STAGING_HOST }} << 'EOF'
|
||||
cd /var/www/michaelschiemer
|
||||
|
||||
|
||||
# Registry-Login
|
||||
echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY_URL }} -u ${{ secrets.REGISTRY_USERNAME }} --password-stdin
|
||||
|
||||
|
||||
# Images pullen
|
||||
docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:develop
|
||||
docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:develop
|
||||
docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/worker:develop
|
||||
|
||||
|
||||
# Environment auf develop setzen
|
||||
sed -i 's/IMAGE_TAG=.*/IMAGE_TAG=develop/' .env
|
||||
|
||||
|
||||
# Services neustarten
|
||||
docker compose pull
|
||||
docker compose up -d
|
||||
|
||||
|
||||
# Aufräumen
|
||||
docker system prune -f
|
||||
EOF
|
||||
|
||||
|
||||
- name: Health Check Staging
|
||||
run: |
|
||||
sleep 30
|
||||
@@ -201,42 +201,42 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.ref == 'refs/heads/main'
|
||||
environment: production
|
||||
|
||||
|
||||
steps:
|
||||
- name: Checkout Code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
|
||||
- name: Setup SSH
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
|
||||
chmod 600 ~/.ssh/id_rsa
|
||||
ssh-keyscan -H ${{ secrets.PRODUCTION_HOST }} >> ~/.ssh/known_hosts
|
||||
|
||||
|
||||
- name: Deploy to Production
|
||||
run: |
|
||||
ssh -i ~/.ssh/id_rsa ${{ secrets.PRODUCTION_USER }}@${{ secrets.PRODUCTION_HOST }} << 'EOF'
|
||||
cd /var/www/michaelschiemer
|
||||
|
||||
|
||||
# Registry-Login
|
||||
echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY_URL }} -u ${{ secrets.REGISTRY_USERNAME }} --password-stdin
|
||||
|
||||
|
||||
# Images pullen
|
||||
docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:latest
|
||||
docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:latest
|
||||
docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/worker:latest
|
||||
|
||||
|
||||
# Environment auf latest setzen
|
||||
sed -i 's/IMAGE_TAG=.*/IMAGE_TAG=latest/' .env
|
||||
|
||||
|
||||
# Services neustarten
|
||||
docker compose pull
|
||||
docker compose up -d
|
||||
|
||||
|
||||
# Aufräumen
|
||||
docker system prune -f
|
||||
EOF
|
||||
|
||||
|
||||
- name: Health Check Production
|
||||
run: |
|
||||
sleep 30
|
||||
@@ -246,7 +246,7 @@ jobs:
|
||||
needs: [deploy-staging, deploy-production]
|
||||
runs-on: ubuntu-latest
|
||||
if: always()
|
||||
|
||||
|
||||
steps:
|
||||
- name: Clean up old images
|
||||
run: |
|
||||
@@ -258,17 +258,17 @@ jobs:
|
||||
needs: [deploy-staging, deploy-production]
|
||||
runs-on: ubuntu-latest
|
||||
if: always()
|
||||
|
||||
|
||||
steps:
|
||||
- name: Notify Deployment Status
|
||||
run: |
|
||||
STATUS="${{ job.status }}"
|
||||
BRANCH="${{ github.ref_name }}"
|
||||
|
||||
|
||||
if [ "$STATUS" = "success" ]; then
|
||||
echo "✅ Deployment erfolgreich für Branch: $BRANCH"
|
||||
else
|
||||
echo "❌ Deployment fehlgeschlagen für Branch: $BRANCH"
|
||||
fi
|
||||
|
||||
|
||||
# Hier könnten Sie Slack/Email-Benachrichtigungen hinzufügen
|
||||
|
||||
Reference in New Issue
Block a user