-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
d4be6fc
commit 2bcf7c7
Showing
26 changed files
with
1,237 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
name: Build and deploy | ||
|
||
on: | ||
push: | ||
branches: | ||
- develop | ||
- main | ||
- feature/dg-98-build-and-configure-pipeline | ||
|
||
permissions: | ||
contents: read | ||
packages: write | ||
|
||
jobs: | ||
php-lint: | ||
name: PHP Lint | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- name: Setup Nodejs | ||
uses: actions/setup-node@v4 | ||
- name: Set env.BRANCH | ||
run: | | ||
echo "BRANCH=$(echo $GITHUB_REF | cut -d'/' -f 3)" >> $GITHUB_ENV | ||
- name: Build Node | ||
run: ./orch/build_node.sh | ||
- name: Install PHP | ||
run: bash ./scripts/pipeline/deb-php-install.sh | ||
- name: Install Linters and Sniffers | ||
run: | | ||
composer global config --no-plugins allow-plugins.dealerdirect/phpcodesniffer-composer-installer false | ||
composer global require --dev drupal/coder php-parallel-lint/php-parallel-lint squizlabs/php_codesniffer=* | ||
COMPOSER_DIR=$(composer -n config --global home) | ||
$COMPOSER_DIR/vendor/bin/phpcs --config-set installed_paths $COMPOSER_DIR/vendor/drupal/coder/coder_sniffer,$COMPOSER_DIR/vendor/sirbrillig/phpcs-variable-analysis,$COMPOSER_DIR/vendor/slevomat/coding-standard | ||
mkdir -p /tmp/results | ||
touch /tmp/results/php-lint.log | ||
touch /tmp/results/php-cs.log | ||
touch /tmp/results/theme-lint.log | ||
- name: PHP Lint | ||
run: | | ||
COMPOSER_DIR=$(composer -n config --global home) | ||
$COMPOSER_DIR/vendor/bin/parallel-lint -e php,module,inc,install,test,profile,theme ./digital-gov-drupal | ||
- name: PHP CodeSniff (Ignore warnings) | ||
run: | | ||
COMPOSER_DIR=$(composer -n config --global home) | ||
$COMPOSER_DIR/vendor/bin/phpcs --standard=./digital-gov-drupal/.phpcs.xml.dist -v --warning-severity=0 ./digital-gov-drupal | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
#! /bin/bash | ||
|
||
export SECRETS=$(echo $VCAP_SERVICES | jq -r '.["user-provided"][] | select(.name == "secrets") | .credentials') | ||
export SECAUTHSECRETS=$(echo $VCAP_SERVICES | jq -r '.["user-provided"][] | select(.name == "secauthsecrets") | .credentials') | ||
|
||
export APP_NAME=$(echo $VCAP_APPLICATION | jq -r '.name') | ||
export APP_ROOT=$(dirname "$0") | ||
export APP_ID=$(echo "$VCAP_APPLICATION" | jq -r '.application_id') | ||
|
||
export DB_NAME=$(echo $VCAP_SERVICES | jq -r '.["aws-rds"][] | .credentials.db_name') | ||
export DB_USER=$(echo $VCAP_SERVICES | jq -r '.["aws-rds"][] | .credentials.username') | ||
export DB_PW=$(echo $VCAP_SERVICES | jq -r '.["aws-rds"][] | .credentials.password') | ||
export DB_HOST=$(echo $VCAP_SERVICES | jq -r '.["aws-rds"][] | .credentials.host') | ||
export DB_PORT=$(echo $VCAP_SERVICES | jq -r '.["aws-rds"][] | .credentials.port') | ||
|
||
export ADMIN_EMAIL=$(echo $SECRETS | jq -r '.ADMIN_EMAIL') | ||
|
||
export ENV=$(echo "$VCAP_APPLICATION" | jq -r '.space_name' | rev | cut -d- -f1 | rev) | ||
|
||
export S3_BUCKET=$(echo "$VCAP_SERVICES" | jq -r '.["s3"][]? | select(.name == "storage") | .credentials.bucket') | ||
export S3_ENDPOINT=$(echo "$VCAP_SERVICES" | jq -r '.["s3"][]? | select(.name == "storage") | .credentials.fips_endpoint') | ||
|
||
export SPACE=$(echo $VCAP_APPLICATION | jq -r '.["space_name"]') | ||
export WWW_HOST=${WWW_HOST:-$(echo $VCAP_APPLICATION | jq -r '.["application_uris"][]' | grep 'beta\|www' | tr '\n' ' ')} | ||
export CMS_HOST=${CMS_HOST:-$(echo $VCAP_APPLICATION | jq -r '.["application_uris"][]' | grep cms | tr '\n' ' ')} | ||
if [ -z "$WWW_HOST" ]; then | ||
export WWW_HOST="*.app.cloud.gov" | ||
elif [ -z "$CMS_HOST" ]; then | ||
export CMS_HOST=$(echo $VCAP_APPLICATION | jq -r '.["application_uris"][]' | head -n 1) | ||
fi | ||
|
||
export S3_ROOT_WEB=${S3_ROOT_WEB:-/web} | ||
export S3_ROOT_CMS=${S3_ROOT_CMS:-/cms/public} | ||
export S3_HOST=${S3_HOST:-$S3_BUCKET.$S3_ENDPOINT} | ||
export S3_PROXY_WEB=${S3_PROXY_WEB:-$S3_HOST$S3_ROOT_WEB} | ||
export S3_PROXY_CMS=${S3_PROXY_CMS:-$S3_HOST$S3_ROOT_CMS} | ||
export S3_PROXY_PATH_CMS=${S3_PROXY_PATH_CMS:-/s3/files} | ||
|
||
export DNS_SERVER=${DNS_SERVER:-$(grep -i '^nameserver' /etc/resolv.conf|head -n1|cut -d ' ' -f2)} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
#!/bin/bash | ||
set -uo pipefail | ||
|
||
## Export proxy servers. | ||
export http_proxy=$(echo ${VCAP_SERVICES} | jq -r '."user-provided"[].credentials.proxy_uri') | ||
export https_proxy=$(echo ${VCAP_SERVICES} | jq -r '."user-provided"[].credentials.proxy_uri') | ||
|
||
export home="/home/vcap" | ||
export app_path="${home}/app" | ||
export apt_path="${home}/deps/0/apt" | ||
|
||
echo $VCAP_SERVICES | jq -r '."user-provided"[].credentials.ca_certificate' | base64 -d > ${app_path}/ca_certificate.pem | ||
echo $VCAP_SERVICES | jq -r '."user-provided"[].credentials.ca_key' | base64 -d > ${app_path}/ca_key.pem | ||
|
||
chmod 600 ${app_path}/ca_certificate.pem | ||
chmod 600 ${app_path}/ca_key.pem | ||
|
||
if [ -z "${VCAP_SERVICES:-}" ]; then | ||
echo "VCAP_SERVICES must a be set in the environment: aborting bootstrap"; | ||
exit 1; | ||
fi | ||
|
||
## NewRelic configuration | ||
export newrelic_apt="${apt_path}/usr/lib/newrelic-php5" | ||
export newrelic_app="${app_path}/newrelic/" | ||
|
||
rm -rf ${newrelic_app}/agent | ||
ln -s ${newrelic_apt}/agent ${newrelic_app}/agent | ||
|
||
rm -f ${newrelic_app}/daemon/newrelic-daemon.x64 | ||
ln -s ${apt_path}/usr/bin/newrelic-daemon ${newrelic_app}/daemon/newrelic-daemon.x64 | ||
|
||
rm -f ${app_path}/newrelic/scripts/newrelic-iutil.x64 | ||
ln -s ${newrelic_apt}/scripts/newrelic-iutil.x64 ${newrelic_app}/scripts/newrelic-iutil.x64 | ||
|
||
echo 'newrelic.daemon.collector_host=gov-collector.newrelic.com' >> ${app_path}/php/etc/php.ini | ||
|
||
source ${app_path}/scripts/bash_exports.sh | ||
|
||
if [ ! -f ./container_start_timestamp ]; then | ||
touch ./container_start_timestamp | ||
chmod a+r ./container_start_timestamp | ||
echo "$(date +'%s')" > ./container_start_timestamp | ||
fi | ||
|
||
dirs=( "${HOME}/private" "${HOME}/web/sites/default/files" ) | ||
|
||
for dir in $dirs; do | ||
if [ ! -d $dir ]; then | ||
echo "Creating ${dir} directory ... " | ||
mkdir $dir | ||
chown vcap. $dir | ||
fi | ||
done | ||
|
||
## Updated ~/.bashrc to update $PATH when someone logs in. | ||
[ -z $(cat ${home}/.bashrc | grep PATH) ] && \ | ||
touch ${home}/.bashrc && \ | ||
echo "export http_proxy=${http_proxy}" >> ${home}/.bashrc && \ | ||
echo "export https_proxy=${https_proxy}" >> ${home}/.bashrc && \ | ||
echo "alias nano=\"${home}/deps/0/apt/bin/nano\"" >> ${home}/.bashrc && \ | ||
echo "PATH=$PATH:/home/vcap/app/php/bin:/home/vcap/app/vendor/drush/drush" >> /home/vcap/.bashrc | ||
|
||
source ${home}/.bashrc | ||
|
||
echo "Installing awscli..." | ||
{ | ||
curl -S "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/tmp/awscliv2.zip" | ||
unzip -qq /tmp/awscliv2.zip -d /tmp/ | ||
/tmp/aws/install --bin-dir ${home}/deps/0/bin --install-dir ${home}/deps/0/usr/local/aws-cli | ||
rm -rf /tmp/awscliv2.zip /tmp/aws | ||
} >/dev/null 2>&1 | ||
|
||
# if [ "${CF_INSTANCE_INDEX:-''}" == "0" ]; then | ||
# ${app_path}/scripts/post-deploy | ||
# fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,113 @@ | ||
#!/bin/bash | ||
|
||
set -e | ||
|
||
if [ "$(uname -s)" = "Darwin" ]; then | ||
if ! hash brew 2>/dev/null ; then | ||
echo "Please install Homebrew: | ||
/bin/bash -c \"\$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)\"" | ||
echo | ||
echo "NOTE: You will need sudoer permission." | ||
echo "Linux: https://linuxize.com/post/how-to-add-user-to-sudoers-in-ubuntu/" | ||
echo "MacOS: https://osxdaily.com/2014/02/06/add-user-sudoers-file-mac/" | ||
exit 1 | ||
fi | ||
|
||
if ! hash gdate 2>/dev/null ; then | ||
echo "Please install GNU coreutils: | ||
Homebrew: | ||
brew install coreutils" | ||
exit 1 | ||
fi | ||
fi | ||
|
||
if ! hash cf 2>/dev/null ; then | ||
echo "Please install cf version 8: | ||
Linux: https://docs.cloudfoundry.org/cf-cli/install-go-cli.html | ||
Homebrew: | ||
brew tap cloudfoundry/tap | ||
brew install cf-cli@8" | ||
exit 1 | ||
elif [[ "$(cf --version)" != *"cf version 8."* ]]; then | ||
echo "Please install cf version 8: | ||
Linux: https://docs.cloudfoundry.org/cf-cli/install-go-cli.html | ||
Homebrew: | ||
brew uninstall cf-cli | ||
brew tap cloudfoundry/tap | ||
brew install cf-cli@8" | ||
exit 1 | ||
fi | ||
|
||
if ! hash jq 2>/dev/null ; then | ||
echo "Please install jq: | ||
Linux: https://jqlang.github.io/jq/download/ | ||
Homebrew: | ||
brew install jq" | ||
exit 1 | ||
fi | ||
|
||
# change which date command is used based on host OS | ||
date_command='' | ||
|
||
if [ "$(uname -s)" == "Darwin" ]; then | ||
date_command=gdate | ||
else | ||
date_command=date | ||
fi | ||
|
||
help(){ | ||
echo "Usage: $0 [options]" >&2 | ||
echo | ||
echo " -b The name of the S3 bucket with the backup." | ||
echo " -e Environment of backup to download." | ||
echo " -s Name of the space the backup bucket is in." | ||
echo " -d Date to retrieve backup from. Acceptable values | ||
are 'latest' or in 'YYYY-MM-DD' format and no | ||
more than 15 days ago." | ||
} | ||
|
||
RED='\033[0;31m' | ||
NC='\033[0m' | ||
|
||
while getopts 'b:e:s:d:' flag; do | ||
case ${flag} in | ||
b) backup_bucket=${OPTARG} ;; | ||
e) env=${OPTARG} ;; | ||
s) space=${OPTARG} ;; | ||
d) retrieve_date=${OPTARG} ;; | ||
*) help && exit 1 ;; | ||
esac | ||
done | ||
|
||
[[ -z "${backup_bucket}" ]] && help && echo -e "\n${RED}Error: Missing -b flag.${NC}" && exit 1 | ||
[[ -z "${env}" ]] && help && echo -e "\n${RED}Error: Missing -e flag.${NC}" && exit 1 | ||
[[ -z "${space}" ]] && help && echo -e "\n${RED}Error: Missing -s flag.${NC}" && exit 1 | ||
[[ -z "${retrieve_date}" ]] && help && echo -e "\n${RED}Error: Missing -d flag.${NC}" && exit 1 | ||
|
||
echo "Getting backup bucket credentials..." | ||
{ | ||
cf target -s "${space}" | ||
|
||
export service="${backup_bucket}" | ||
export service_key="${service}-key" | ||
cf delete-service-key "${service}" "${service_key}" -f | ||
cf create-service-key "${service}" "${service_key}" | ||
sleep 2 | ||
export s3_credentials=$(cf service-key "${service}" "${service_key}" | tail -n +2) | ||
|
||
export AWS_ACCESS_KEY_ID=$(echo "${s3_credentials}" | jq -r '.credentials.access_key_id') | ||
export bucket=$(echo "${s3_credentials}" | jq -r '.credentials.bucket') | ||
export AWS_DEFAULT_REGION=$(echo "${s3_credentials}" | jq -r '.credentials.region') | ||
export AWS_SECRET_ACCESS_KEY=$(echo "${s3_credentials}" | jq -r '.credentials.secret_access_key') | ||
|
||
} >/dev/null 2>&1 | ||
|
||
echo "Downloading backup..." | ||
{ | ||
|
||
aws s3 cp s3://${bucket}/${env}/${retrieve_date}.tar.gz . --no-verify-ssl 2>/dev/null | ||
cf delete-service-key "${service}" "${service_key}" -f | ||
|
||
} >/dev/null 2>&1 | ||
|
||
echo "File saved: ${retrieve_date}.tar.gz" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
#!/bin/bash | ||
|
||
## Simple script to hold the container open. | ||
while : ; do sleep 60m ; done |
Oops, something went wrong.