-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrate to GitHub Actions #160
Migrate to GitHub Actions #160
Conversation
9f0d321
to
45c3c47
Compare
needs: | ||
- lint-docker | ||
- lint-shell | ||
runs-on: ubuntu-latest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can also use yaml native templating, so you could avoid some of the repetitions like this one
77676f0
to
8bf7393
Compare
d19e248
to
4487069
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's huge 🚀
4487069
to
708825f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚢
708825f
to
dd1c771
Compare
- run: sudo chown -R 1000:1000 ./test/functional/web/tmp/ # Ensure we have the same uid:gid as our `app` docker user | ||
shell: bash | ||
- run: make test-prometheus-exporter-file-e2e | ||
check-mark: # This is our required step, pay extra attention when this step is changed for what ever reason |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what is this for?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have branch protection on the main branch, and instead of having to check/uncheck 60 required checks when we add/remove new PHP versions we only make this job required as it requires the previous jobs to pass before it even runs. This way we don't have to update the required checks when a job's name changes or a new version comes into play, or when we consolidate all the build jobs into one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah, i suggest using https://github.com/probot/settings for managing that stuff, not manually clicking in the UI. HTH!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That could work, but it would mean updating the settings file and the naming/versions in two different PR as AFAIK the settings need to be applied/merged before they are effective on the PR. (I do love that suggestions, using it for my personal repo's to managed settings 👍 .)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that is true - but we do the update in one PR and just have an admin merge :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That is also a possibility. But what I would like even more is that they let us select the underlying job name instead of the fancy user friendly name, that way you only have to select a handful instead of nearly a 100 🤐 . brb doing a feature suggestion to GitHub for that
During the migration to GitHub Actions in #160 this functionality was mistakenly and overzealously removed. Since PHP 8 and Alpine 3.13 are out and #166 has been filed, currently with a CVE for musl in it, this check should have failed as it is our goal to ship images without known CVE's in it. On my own PHP images the CVE checking fails and as such I was surprised that #166 didn't have any failures. Up on checking the CI logs it showed the musl CVE but the step didn't fail. This commit restores the original functionality and will make the CI once again fail when it finds a CVE in one of the images.
During the migration to GitHub Actions in #160 this functionality was mistakenly and overzealously removed. Since PHP 8 and Alpine 3.13 are out and #166 has been filed, currently with a CVE for musl in it, this check should have failed as it is our goal to ship images without known CVE's in it. On my own PHP images the CVE checking fails and as such I was surprised that #166 didn't have any failures. Up on checking the CI logs it showed the musl CVE but the step didn't fail. This commit restores the original functionality and will make the CI once again fail when it finds a CVE in one of the images.
Reviewers: @usabilla/oss-docker
Please specify the type of changes being proposed:
Changes
This PR replaces the current Circle CI pipeline with a GitHub Action workflow. This is a table with all the changes to each step changed:
lint-shell
lint-shell
lint
lint-docker
build-prometheus-exporter-file
build-prometheus-exporter-file
build-http
build-http
build-fpm
build-php
build-cli
build-php
scan-vulnerability
scan-vulnerability-(php/http/prometheus-exporter-file)
test-cli
test-php
test-cli
andtest-fpm
run in the same step, but in paralleltest-fpm
test-php
test-cli
andtest-fpm
run in the same step, but in paralleltest-http
test-http
http-test
andtest-http-e2e
run in the same step, across all versions of Alpine, Ngnix and PHPtest-http-e2e
test-http
make http-test
andmake test-http-e2e
run in the same step, across all versions of Alpine, Ngnix and PHPtest-prometheus-exporter-file-e2e
test-prometheus-exporter-file
push-approval
push-cli
push-php
push-cli
andpush-fpm
run in the same step, but in parallelpush-fpm
push-php
push-cli
andpush-fpm
run in the same step, but in parallelpush-http
push-http
push-prometheus-exporter-file
push-prometheus-exporter-file
Benchmarks
CircleCI takes usually 30min or more to run all the steps, excluding the pushing of the images. Examples:
GitHub Actions usually take 15min or less to run all the steps, including the new ones, and excluding the pushing of the images. Some examples:
TODOs
master
branch protection