From 625d5c9a7e4b70bc5cd2b9e32a0aeb41a105ff53 Mon Sep 17 00:00:00 2001 From: Michael Schiemer Date: Thu, 17 Jul 2025 21:38:29 +0200 Subject: [PATCH] chore: update ci-cd.yml --- .gitea/workflows/ci-cd.yml | 107 ++++++++++++++++++++++--------------- 1 file changed, 65 insertions(+), 42 deletions(-) diff --git a/.gitea/workflows/ci-cd.yml b/.gitea/workflows/ci-cd.yml index 7178844d..9343b19e 100644 --- a/.gitea/workflows/ci-cd.yml +++ b/.gitea/workflows/ci-cd.yml @@ -7,14 +7,15 @@ on: branches: [ main ] env: - REGISTRY_URL: localhost:5000 # For local development - # REGISTRY_URL: registry.michaelschiemer.de # For production with proper SSL + REGISTRY_URL: docker-registry:5000 # Internal network name for Gitea runner IMAGE_NAME: michaelschiemer PHP_VERSION: "8.4" jobs: test: - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest + container: + image: node:18-bullseye services: redis: image: redis:8-alpine @@ -29,6 +30,11 @@ jobs: - 3306:3306 steps: + - name: Install System Dependencies + run: | + apt-get update + apt-get install -y git curl wget gnupg2 software-properties-common lsb-release ca-certificates apt-transport-https + - name: Debug Environment run: | echo "=== Environment Debug ===" @@ -39,6 +45,8 @@ jobs: which git || echo "git not found" which node || echo "node not found" which npm || echo "npm not found" + echo "Node version: $(node --version)" + echo "NPM version: $(npm --version)" echo "OS Info:" cat /etc/os-release || echo "os-release not found" echo "=== End Debug ===" @@ -47,18 +55,18 @@ jobs: uses: actions/checkout@v4 - name: Setup PHP - uses: shivammathur/setup-php@v2 - with: - php-version: ${{ env.PHP_VERSION }} - extensions: gd, zip, pdo, pdo_mysql, opcache, pcntl, posix, shmop, redis - tools: composer - coverage: none + run: | + # Install PHP 8.4 + wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg + echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list + apt-get update + apt-get install -y php8.4-cli php8.4-common php8.4-curl php8.4-zip php8.4-gd php8.4-mysql php8.4-xml php8.4-mbstring php8.4-json php8.4-intl php8.4-bcmath php8.4-redis - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: '18' - cache: 'npm' + - name: Install Composer + run: | + curl -sS https://getcomposer.org/installer | php + mv composer.phar /usr/local/bin/composer + chmod +x /usr/local/bin/composer - name: Cache Composer Dependencies uses: actions/cache@v4 @@ -82,28 +90,42 @@ jobs: run: | ./vendor/bin/pest env: - DB_HOST: localhost + DB_HOST: mariadb DB_PORT: 3306 DB_DATABASE: test DB_USERNAME: root DB_PASSWORD: test - REDIS_HOST: localhost + REDIS_HOST: redis REDIS_PORT: 6379 security-scan: runs-on: ubuntu-latest + container: + image: node:18-bullseye needs: test steps: + - name: Install System Dependencies + run: | + apt-get update + apt-get install -y git curl wget gnupg2 software-properties-common lsb-release ca-certificates apt-transport-https + - name: Checkout Code uses: actions/checkout@v4 - name: Setup PHP - uses: shivammathur/setup-php@v2 - with: - php-version: ${{ env.PHP_VERSION }} - tools: composer - coverage: none + run: | + # Install PHP 8.4 + wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg + echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list + apt-get update + apt-get install -y php8.4-cli php8.4-common php8.4-curl php8.4-zip php8.4-gd php8.4-mysql php8.4-xml php8.4-mbstring php8.4-json php8.4-intl php8.4-bcmath + + - name: Install Composer + run: | + curl -sS https://getcomposer.org/installer | php + mv composer.phar /usr/local/bin/composer + chmod +x /usr/local/bin/composer - name: Install Dependencies run: | @@ -126,15 +148,6 @@ jobs: - name: Checkout Code uses: actions/checkout@v4 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Configure Docker for Insecure Registry - run: | - # For self-signed certificates or local registry - echo '{"insecure-registries":["localhost:5000","registry.michaelschiemer.de"]}' | sudo tee /etc/docker/daemon.json - sudo systemctl restart docker - - name: Login to Private Registry run: | echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY_URL }} -u admin --password-stdin @@ -152,33 +165,38 @@ jobs: - name: Build and Push PHP Image run: | - docker buildx build --push \ - --platform linux/amd64 \ + docker build \ --build-arg ENV=${{ steps.tag.outputs.env }} \ --build-arg COMPOSER_INSTALL_FLAGS="--no-scripts --no-autoloader --optimize-autoloader" \ -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:${{ steps.tag.outputs.tag }} \ -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:${{ github.sha }} \ -f docker/php/Dockerfile . + docker push ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:${{ steps.tag.outputs.tag }} + docker push ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/php:${{ github.sha }} + - name: Build and Push Nginx Image run: | - docker buildx build --push \ - --platform linux/amd64 \ + docker build \ -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:${{ steps.tag.outputs.tag }} \ -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:${{ github.sha }} \ -f docker/nginx/Dockerfile . + docker push ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:${{ steps.tag.outputs.tag }} + docker push ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/nginx:${{ github.sha }} + - name: Build and Push Worker Image run: | - docker buildx build --push \ - --platform linux/amd64 \ + docker build \ -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/worker:${{ steps.tag.outputs.tag }} \ -t ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/worker:${{ github.sha }} \ -f docker/worker/Dockerfile . + docker push ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/worker:${{ steps.tag.outputs.tag }} + docker push ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}/worker:${{ github.sha }} + - name: Update Image Tags in Deployment run: | - # Für spätere Ansible-Integration echo "Built images with tag: ${{ steps.tag.outputs.tag }}" echo "SHA: ${{ github.sha }}" @@ -192,6 +210,11 @@ jobs: - name: Checkout Code uses: actions/checkout@v4 + - name: Install SSH Client + run: | + apt-get update + apt-get install -y openssh-client + - name: Setup SSH run: | mkdir -p ~/.ssh @@ -238,6 +261,11 @@ jobs: - name: Checkout Code uses: actions/checkout@v4 + - name: Install SSH Client + run: | + apt-get update + apt-get install -y openssh-client + - name: Setup SSH run: | mkdir -p ~/.ssh @@ -283,8 +311,6 @@ jobs: - name: Clean up old images run: | echo "Cleanup läuft..." - # Registry cleanup can be implemented here using registry API - # For now, just log that cleanup is running echo "Cleanup abgeschlossen" notify: @@ -303,6 +329,3 @@ jobs: else echo "❌ Deployment fehlgeschlagen für Branch: $BRANCH" fi - - # Hier könnten Sie Slack/Email-Benachrichtigungen hinzufügen - # Example: curl -X POST -H 'Content-type: application/json' --data '{"text":"Deployment Status: $STATUS for $BRANCH"}' $SLACK_WEBHOOK_URL