Attempt to be prod ready
This commit is contained in:
@@ -1,20 +1,74 @@
|
||||
name: CI - Build Tonehaus Docker image
|
||||
name: CI (Gitea)
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ main ]
|
||||
branches:
|
||||
- main
|
||||
- prod
|
||||
pull_request:
|
||||
branches:
|
||||
- main
|
||||
- prod
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
IMAGE_NAME: tonehaus
|
||||
APP_ENV: test
|
||||
APP_SECRET: ci-secret
|
||||
DATABASE_DRIVER: sqlite
|
||||
DATABASE_SQLITE_PATH: ${{ gitea.workspace }}/var/data/database.test.sqlite
|
||||
DOCKERFILE: docker/php/Dockerfile
|
||||
BUILD_TARGET: prod
|
||||
PLATFORMS: linux/amd64
|
||||
IMAGE_NAME: tonehaus-app
|
||||
|
||||
jobs:
|
||||
tonehaus-ci-build:
|
||||
php-tests:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup PHP
|
||||
uses: shivammathur/setup-php@v2
|
||||
with:
|
||||
php-version: '8.2'
|
||||
extensions: intl, mbstring, pdo_pgsql, pdo_sqlite, zip, gd
|
||||
coverage: none
|
||||
ini-values: memory_limit=512M
|
||||
tools: composer:v2
|
||||
|
||||
- name: Validate Composer manifest
|
||||
run: composer validate --strict
|
||||
|
||||
- name: Cache Composer downloads
|
||||
uses: actions/cache@v4
|
||||
with:
|
||||
path: |
|
||||
~/.cache/composer/files
|
||||
~/.cache/composer/vcs
|
||||
key: composer-${{ runner.os }}-${{ hashFiles('**/composer.lock') }}
|
||||
restore-keys: |
|
||||
composer-${{ runner.os }}-
|
||||
|
||||
- name: Install Composer dependencies
|
||||
run: composer install --prefer-dist --no-interaction --no-progress
|
||||
|
||||
- name: Prepare SQLite database
|
||||
run: |
|
||||
mkdir -p "$(dirname "$DATABASE_SQLITE_PATH")"
|
||||
touch "$DATABASE_SQLITE_PATH"
|
||||
php bin/console doctrine:migrations:migrate --no-interaction --allow-no-migration
|
||||
|
||||
- name: Run PHPUnit
|
||||
run: vendor/bin/phpunit --colors=always
|
||||
|
||||
docker-image:
|
||||
needs: php-tests
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
REGISTRY: ${{ secrets.REGISTRY }}
|
||||
REGISTRY_IMAGE: ${{ secrets.REGISTRY_IMAGE }}
|
||||
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
|
||||
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
@@ -22,62 +76,40 @@ jobs:
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Compute tags
|
||||
id: meta
|
||||
run: |
|
||||
SHA="${GITHUB_SHA:-${GITEA_SHA:-unknown}}"
|
||||
SHORT_SHA="${SHA:0:7}"
|
||||
echo "short_sha=$SHORT_SHA" >> "$GITHUB_OUTPUT"
|
||||
- name: Build prod image (local)
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
context: .
|
||||
file: ${{ env.DOCKERFILE }}
|
||||
target: ${{ env.BUILD_TARGET }}
|
||||
tags: ${{ env.IMAGE_NAME }}:ci
|
||||
load: true
|
||||
|
||||
- name: Optional registry login
|
||||
- name: Verify baked APP_ENV
|
||||
run: docker run --rm --entrypoint sh ${{ env.IMAGE_NAME }}:ci -c 'test "$APP_ENV" = "prod"'
|
||||
|
||||
- name: Verify Symfony artifacts exist
|
||||
run: |
|
||||
docker run --rm --entrypoint sh ${{ env.IMAGE_NAME }}:ci -c 'test -f /var/www/html/public/index.php'
|
||||
docker run --rm --entrypoint sh ${{ env.IMAGE_NAME }}:ci -c 'test -f /var/www/html/bin/console'
|
||||
|
||||
- name: Smoke-test entrypoint & migrations
|
||||
run: docker run --rm --entrypoint /entrypoint.sh ${{ env.IMAGE_NAME }}:ci true
|
||||
|
||||
- name: Login to registry
|
||||
if: ${{ env.REGISTRY != '' && env.REGISTRY_USERNAME != '' && env.REGISTRY_PASSWORD != '' }}
|
||||
env:
|
||||
REGISTRY: ${{ secrets.REGISTRY }}
|
||||
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
|
||||
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
|
||||
run: |
|
||||
echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY" -u "$REGISTRY_USERNAME" --password-stdin
|
||||
|
||||
- name: Docker Build
|
||||
if: ${{ env.REGISTRY != '' && env.REGISTRY_IMAGE != '' }}
|
||||
env:
|
||||
REGISTRY: ${{ secrets.REGISTRY }}
|
||||
REGISTRY_IMAGE: ${{ secrets.REGISTRY_IMAGE }}
|
||||
run: |
|
||||
TAG_SHA=${{ steps.meta.outputs.short_sha }}
|
||||
docker buildx build \
|
||||
--platform "$PLATFORMS" \
|
||||
--file "$DOCKERFILE" \
|
||||
--target "$BUILD_TARGET" \
|
||||
--build-arg APP_ENV=prod \
|
||||
--tag "$REGISTRY/$REGISTRY_IMAGE:$TAG_SHA" \
|
||||
--tag "$REGISTRY/$REGISTRY_IMAGE:ci" \
|
||||
--push \
|
||||
.
|
||||
|
||||
# - name: Build single-arch images for artifacts (no registry)
|
||||
# if: ${{ env.REGISTRY == '' }}
|
||||
# run: |
|
||||
# TAG_SHA=${{ steps.meta.outputs.short_sha }}
|
||||
# for P in $PLATFORMS; do \
|
||||
# ARCH=${P#linux/}; \
|
||||
# docker buildx build \
|
||||
# --platform "$P" \
|
||||
# --file "$DOCKERFILE" \
|
||||
# --target "$BUILD_TARGET" \
|
||||
# --build-arg APP_ENV=prod \
|
||||
# --output type=docker \
|
||||
# --tag "$IMAGE_NAME:$TAG_SHA-$ARCH" \
|
||||
# . ; \
|
||||
# docker save "$IMAGE_NAME:$TAG_SHA-$ARCH" -o "tonehaus-image-$ARCH.tar" ; \
|
||||
# done
|
||||
|
||||
## Artifacts not configured yet..
|
||||
# - name: Upload artifacts
|
||||
# if: ${{ env.REGISTRY == '' }}
|
||||
# uses: actions/upload-artifact@v4
|
||||
# with:
|
||||
# name: tonehaus-images
|
||||
# path: |
|
||||
# tonehaus-image-amd64.tar
|
||||
- name: Push prod image
|
||||
if: ${{ env.REGISTRY != '' && env.REGISTRY_IMAGE != '' && env.REGISTRY_USERNAME != '' && env.REGISTRY_PASSWORD != '' }}
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
context: .
|
||||
file: ${{ env.DOCKERFILE }}
|
||||
target: ${{ env.BUILD_TARGET }}
|
||||
push: true
|
||||
tags: |
|
||||
${{ env.REGISTRY }}/${{ env.REGISTRY_IMAGE }}:ci
|
||||
${{ env.REGISTRY }}/${{ env.REGISTRY_IMAGE }}:${{ github.sha }}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user