diff --git a/.gitea/workflows/ci-cd.yml b/.gitea/workflows/ci-cd.yml index 9343b19e..c7d88c9c 100644 --- a/.gitea/workflows/ci-cd.yml +++ b/.gitea/workflows/ci-cd.yml @@ -7,15 +7,12 @@ on: branches: [ main ] env: - REGISTRY_URL: docker-registry:5000 # Internal network name for Gitea runner + REGISTRY_URL: localhost:5000 # Host network allows access to localhost IMAGE_NAME: michaelschiemer - PHP_VERSION: "8.4" jobs: test: runs-on: ubuntu-latest - container: - image: node:18-bullseye services: redis: image: redis:8-alpine @@ -30,117 +27,40 @@ jobs: - 3306:3306 steps: - - name: Install System Dependencies - run: | - apt-get update - apt-get install -y git curl wget gnupg2 software-properties-common lsb-release ca-certificates apt-transport-https - - - name: Debug Environment - run: | - echo "=== Environment Debug ===" - echo "PWD: $(pwd)" - echo "USER: $(whoami)" - echo "PATH: $PATH" - echo "Available commands:" - which git || echo "git not found" - which node || echo "node not found" - which npm || echo "npm not found" - echo "Node version: $(node --version)" - echo "NPM version: $(npm --version)" - echo "OS Info:" - cat /etc/os-release || echo "os-release not found" - echo "=== End Debug ===" - - name: Checkout Code uses: actions/checkout@v4 - - name: Setup PHP - run: | - # Install PHP 8.4 - wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg - echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list - apt-get update - apt-get install -y php8.4-cli php8.4-common php8.4-curl php8.4-zip php8.4-gd php8.4-mysql php8.4-xml php8.4-mbstring php8.4-json php8.4-intl php8.4-bcmath php8.4-redis - - - name: Install Composer - run: | - curl -sS https://getcomposer.org/installer | php - mv composer.phar /usr/local/bin/composer - chmod +x /usr/local/bin/composer - - - name: Cache Composer Dependencies - uses: actions/cache@v4 + - name: Setup Node.js + uses: actions/setup-node@v4 with: - path: ~/.composer/cache - key: composer-${{ hashFiles('**/composer.lock') }} - restore-keys: composer- + node-version: '18' + + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: '8.4' + extensions: gd, zip, pdo, pdo_mysql, opcache, pcntl, posix, shmop, redis + tools: composer - name: Install Dependencies - run: | - composer install --no-progress --prefer-dist --optimize-autoloader + run: composer install --no-progress --prefer-dist --optimize-autoloader - name: Build Frontend Assets run: npm install && npm run build - - name: Run PHP CS Fixer (Check) - run: | - composer cs - - name: Run Tests - run: | - ./vendor/bin/pest + run: ./vendor/bin/pest env: - DB_HOST: mariadb + DB_HOST: localhost DB_PORT: 3306 DB_DATABASE: test DB_USERNAME: root DB_PASSWORD: test - REDIS_HOST: redis + REDIS_HOST: localhost REDIS_PORT: 6379 - security-scan: - runs-on: ubuntu-latest - container: - image: node:18-bullseye - needs: test - - steps: - - name: Install System Dependencies - run: | - apt-get update - apt-get install -y git curl wget gnupg2 software-properties-common lsb-release ca-certificates apt-transport-https - - - name: Checkout Code - uses: actions/checkout@v4 - - - name: Setup PHP - run: | - # Install PHP 8.4 - wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg - echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list - apt-get update - apt-get install -y php8.4-cli php8.4-common php8.4-curl php8.4-zip php8.4-gd php8.4-mysql php8.4-xml php8.4-mbstring php8.4-json php8.4-intl php8.4-bcmath - - - name: Install Composer - run: | - curl -sS https://getcomposer.org/installer | php - mv composer.phar /usr/local/bin/composer - chmod +x /usr/local/bin/composer - - - name: Install Dependencies - run: | - composer install --no-progress --prefer-dist --optimize-autoloader - - - name: Run Security Scan - run: | - # Composer-Audit für bekannte Vulnerabilities - composer audit --format=json || true - - # Grundlegende Sicherheitsscans - find . -name "*.php" -exec grep -l "eval\|system\|exec\|shell_exec" {} \; || true - build: - needs: [test, security-scan] + needs: test runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop' @@ -157,175 +77,26 @@ jobs: run: | if [ "${{ github.ref }}" = "refs/heads/main" ]; then echo "tag=latest" >> $GITHUB_OUTPUT - echo "env=production" >> $GITHUB_OUTPUT else echo "tag=develop" >> $GITHUB_OUTPUT - echo "env=staging" >> $GITHUB_OUTPUT fi - - name: Build and Push PHP Image + - name: Build and Push Images run: | - docker build \ - --build-arg ENV=${{ steps.tag.outputs.env }} \ - --build-arg COMPOSER_INSTALL_FLAGS="--no-scripts --no-autoloader --optimize-autoloader" \ - -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:${{ steps.tag.outputs.tag }} \ - -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:${{ github.sha }} \ - -f docker/php/Dockerfile . - - docker push ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:${{ steps.tag.outputs.tag }} - docker push ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:${{ github.sha }} - - - name: Build and Push Nginx Image - run: | - docker build \ - -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:${{ steps.tag.outputs.tag }} \ - -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:${{ github.sha }} \ - -f docker/nginx/Dockerfile . - - docker push ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:${{ steps.tag.outputs.tag }} - docker push ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:${{ github.sha }} - - - name: Build and Push Worker Image - run: | - docker build \ - -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/worker:${{ steps.tag.outputs.tag }} \ - -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/worker:${{ github.sha }} \ - -f docker/worker/Dockerfile . - - docker push ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/worker:${{ steps.tag.outputs.tag }} - docker push ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/worker:${{ github.sha }} - - - name: Update Image Tags in Deployment - run: | - echo "Built images with tag: ${{ steps.tag.outputs.tag }}" - echo "SHA: ${{ github.sha }}" - - deploy-staging: - needs: build - runs-on: ubuntu-latest - if: github.ref == 'refs/heads/develop' - environment: staging - - steps: - - name: Checkout Code - uses: actions/checkout@v4 - - - name: Install SSH Client - run: | - apt-get update - apt-get install -y openssh-client - - - name: Setup SSH - run: | - mkdir -p ~/.ssh - echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - ssh-keyscan -H ${{ secrets.STAGING_HOST }} >> ~/.ssh/known_hosts - - - name: Deploy to Staging - run: | - ssh -i ~/.ssh/id_rsa ${{ secrets.STAGING_USER }}@${{ secrets.STAGING_HOST }} << 'EOF' - cd /var/www/michaelschiemer - - # Registry-Login - echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY_URL }} -u admin --password-stdin - - # Images pullen - docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:develop - docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:develop - docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/worker:develop - - # Environment auf develop setzen - sed -i 's/IMAGE_TAG=.*/IMAGE_TAG=develop/' .env - - # Services neustarten - docker compose pull - docker compose up -d - - # Aufräumen - docker system prune -f - EOF - - - name: Health Check Staging - run: | - sleep 30 - curl -f https://staging.michaelschiemer.de/health || exit 1 - - deploy-production: - needs: build - runs-on: ubuntu-latest - if: github.ref == 'refs/heads/main' - environment: production - - steps: - - name: Checkout Code - uses: actions/checkout@v4 - - - name: Install SSH Client - run: | - apt-get update - apt-get install -y openssh-client - - - name: Setup SSH - run: | - mkdir -p ~/.ssh - echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - ssh-keyscan -H ${{ secrets.PRODUCTION_HOST }} >> ~/.ssh/known_hosts - - - name: Deploy to Production - run: | - ssh -i ~/.ssh/id_rsa ${{ secrets.PRODUCTION_USER }}@${{ secrets.PRODUCTION_HOST }} << 'EOF' - cd /var/www/michaelschiemer - - # Registry-Login - echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY_URL }} -u admin --password-stdin - - # Images pullen - docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:latest - docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:latest - docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/worker:latest - - # Environment auf latest setzen - sed -i 's/IMAGE_TAG=.*/IMAGE_TAG=latest/' .env - - # Services neustarten - docker compose pull - docker compose up -d - - # Aufräumen - docker system prune -f - EOF - - - name: Health Check Production - run: | - sleep 30 - curl -f https://michaelschiemer.de/health || exit 1 - - cleanup: - needs: [deploy-staging, deploy-production] - runs-on: ubuntu-latest - if: always() - - steps: - - name: Clean up old images - run: | - echo "Cleanup läuft..." - echo "Cleanup abgeschlossen" - - notify: - needs: [deploy-staging, deploy-production] - runs-on: ubuntu-latest - if: always() - - steps: - - name: Notify Deployment Status - run: | - STATUS="${{ job.status }}" - BRANCH="${{ github.ref_name }}" - - if [ "$STATUS" = "success" ]; then - echo "✅ Deployment erfolgreich für Branch: $BRANCH" - else - echo "❌ Deployment fehlgeschlagen für Branch: $BRANCH" + # Build and push PHP image + if [ -f docker/php/Dockerfile ]; then + docker build -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:${{ steps.tag.outputs.tag }} -f docker/php/Dockerfile . + docker push ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:${{ steps.tag.outputs.tag }} + fi + + # Build and push Nginx image + if [ -f docker/nginx/Dockerfile ]; then + docker build -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:${{ steps.tag.outputs.tag }} -f docker/nginx/Dockerfile . + docker push ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:${{ steps.tag.outputs.tag }} + fi + + # Build and push Worker image + if [ -f docker/worker/Dockerfile ]; then + docker build -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/worker:${{ steps.tag.outputs.tag }} -f docker/worker/Dockerfile . + docker push ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/worker:${{ steps.tag.outputs.tag }} fi