feat(core) Added CI and security pipelines (#11)

* feat(core) Added CI and security pipelines * fix(composer) Updated composer.json file * deps(composer) Updated composer packages * fix(action) Updated composer validation strictness * fix(action) Updated CI action * fix(action) Removed drop database step in CI action * fix(action) Added env var print in CI action * fix(action) Added Sqlite3 php extension * fix(action) Renamed db file * fix(action) Updated CI Action * fix(db) Updated user table with json column on roles * fix(test) Updated SortableEntityChecker test
meeio-app · Nov 27, 2023 · 6b7a359 · 6b7a359
1 parent 45c26f1
commit 6b7a359
Show file tree

Hide file tree

Showing 9 changed files with 589 additions and 434 deletions.
diff --git a/.env.example b/.env.example
@@ -8,11 +8,12 @@ DATABASE_URL="mysql://root:password@database:3306/flashcard?serverVersion=10.11.
 CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'
 
 ### Test variables ###
+# APP_ENV=test
 # APP_SECRET=ChangeMe
 # KERNEL_CLASS='App\Kernel'
 # SYMFONY_DEPRECATIONS_HELPER=999999
-# PANTHER_APP_ENV=panther
-# PANTHER_ERROR_SCREENSHOT_DIR=./var/error-screenshots
 # DATABASE_URL="mysql://root:password@database:3306/flashcard?serverVersion=10.11.2-MariaDB&charset=utf8mb4"
-
 # CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'
+# MAILER_DSN=smtp://localhost
+# MESSENGER_TRANSPORT_DSN=null
+# LOCK_DSN=flock
diff --git a/.env.test b/.env.test
@@ -1,8 +1,9 @@
-APP_SECRET='$ecretf0rt3st'
+APP_ENV=test
+APP_SECRET=ChangeMe
 KERNEL_CLASS='App\Kernel'
 SYMFONY_DEPRECATIONS_HELPER=999999
-PANTHER_APP_ENV=panther
-PANTHER_ERROR_SCREENSHOT_DIR=./var/error-screenshots
-DATABASE_URL="mysql://root:password@database:3306/flashcard?serverVersion=10.11.2-MariaDB&charset=utf8mb4"
-
+DATABASE_URL="mysql://root:password@0.0.0.0:3306/needlify"
 CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'
+MAILER_DSN=smtp://localhost
+MESSENGER_TRANSPORT_DSN=null
+LOCK_DSN=flock
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -0,0 +1,88 @@
+name: CI
+
+on:
+    push:
+        branches: [master, dev]
+    pull_request:
+        branches: [master, dev]
+    workflow_call:
+
+jobs:
+    php:
+        runs-on: ubuntu-latest
+        strategy:
+            fail-fast: true
+
+        services:
+            database:
+                image: mariadb
+                env:
+                    MYSQL_ROOT_PASSWORD: password
+                ports:
+                    - 3306:3306
+
+        steps:
+            - uses: actions/checkout@v2
+
+            - name: Setup PHP
+              uses: shivammathur/setup-php@v2
+              with:
+                  php-version: "8.2"
+                  extensions: mbstring, xml, ctype, iconv, intl, pdo, pdo_mysql, dom, filter, gd, json, opcache, zip, pcov
+              env:
+                  update: true
+
+            - name: Check php version
+              run: php -v
+
+            - name: Validate composer.json and composer.lock
+              run: composer validate
+
+            - name: Copy test files
+              run: |
+                  cp .env.test .env
+
+            - name: Cache Composer packages
+              id: composer-cache
+              uses: actions/cache@v2
+              with:
+                  path: vendor
+                  key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
+                  restore-keys: |
+                      ${{ runner.os }}-php-
+
+            - name: Install dependencies
+              run: composer install -q --no-ansi --no-interaction --no-scripts --no-progress --prefer-dist
+
+            - name: Check the Symfony console
+              run: php bin/console about
+
+            - name: Display env variables
+              run: php bin/console debug:container --env-vars
+
+            - name: Run PHP static tests
+              run: composer run stan:github
+
+            - name: Run PHP CS tests
+              run: composer run cs:check
+
+            - name: Doctrine cache clear
+              run: php bin/console doctrine:cache:clear-metadata
+
+            - name: Drop previous database
+              run: php bin/console doctrine:database:drop --force --if-exists --env=test --no-interaction
+
+            - name: Create database
+              run: php bin/console doctrine:database:create --if-not-exists --env=test --no-interaction
+
+            - name: Load migrations
+              run: php bin/console doctrine:migrations:migrate --env=test --no-interaction --allow-no-migration
+
+            - name: Validate database schema
+              run: php bin/console doctrine:schema:validate --env=test --no-interaction
+
+            - name: Load fixtures
+              run: php bin/console doctrine:fixtures:load --env=test --no-interaction
+
+            - name: Run PHP unit tests
+              run: composer run test
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
@@ -0,0 +1,32 @@
+name: Security Checker
+
+on:
+    push:
+        branches: [master, dev]
+    pull_request:
+        branches: [master, dev]
+    workflow_call:
+
+jobs:
+    php:
+        runs-on: ubuntu-latest
+        strategy:
+            fail-fast: true
+
+        steps:
+            - uses: actions/checkout@v2
+
+            - name: Validate composer.json and composer.lock
+              run: composer validate
+
+            - uses: actions/checkout@v2
+            - uses: actions/cache@v2
+              id: cache-db
+              with:
+                  path: ~/.symfony/cache
+                  key: db
+
+            - uses: symfonycorp/security-checker-action@v3
+
+            - name: Display the vulnerabilities as JSON
+              run: echo ${{ steps.security-check.outputs.vulns }}
diff --git a/composer.json b/composer.json
@@ -1,4 +1,6 @@
 {
+    "name": "mranyx/flashcard-api",
+    "description": "Flashcard API backend",
     "type": "project",
     "license": "proprietary",
     "minimum-stability": "stable",