-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrate travis github actions #571
Conversation
1008645
to
53ae991
Compare
53ae991
to
32f5868
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeehaw, great work partner! 🤠
See some possible improvements and some questions about your proposal I'd like to discuss before merging this PR.
@@ -11,7 +11,7 @@ on: | |||
jobs: | |||
build: | |||
|
|||
runs-on: ubuntu-latest | |||
runs-on: ubuntu-20.04 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this intentional?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -9,64 +9,89 @@ on: | |||
jobs: | |||
build: | |||
|
|||
runs-on: ubuntu-latest | |||
runs-on: ubuntu-20.04 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why run the tests on the old Ubuntu LTS?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See previous comment
- name: Check out the repo | ||
uses: actions/checkout@v2 | ||
|
||
- name: Start the docker images for Cypress testing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick: I think you can broaden the name, as we no longer solely run Cypress tests.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correctamente
run: | | ||
${DOCKER_COMPOSE_PHP_FPM} /usr/local/bin/composer install -n --prefer-dist -o --ignore-platform-reqs | ||
env: | ||
SYMFONY_ENV: dev |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we run the application in test
or even prod
? That might be better than dev
- name: Run Copy Paste Detector | ||
run: | | ||
${DOCKER_COMPOSE_PHP_FPM} sh -c 'composer jscpd' | ||
continue-on-error: true | ||
|
||
- name: Run CI tests | ||
run: | | ||
${DOCKER_COMPOSE_PHP_FPM} sh -c 'composer check' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd say: make the jscpd part of the composer check (Run CI tests)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have deliberately chosen to keep it out of the CI tests for now, otherwise it breaks the CI tests. Or is there a way to continue anyway?
# - allowing for 30 lines of duplicate code | ||
# - and setting a total copy paste limit to 1% project wide | ||
# More info about jscpd usage: https://github.com/kucherenko/jscpd/tree/master/packages/jscpd#usage | ||
./node_modules/.bin/jscpd src -l 30 -t 1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you not end up adding the excluded folders? If this command does not give too many false positives, I'ts fine with me. I do think we need to both check the JS and PHP code though. And the JS code is not in the src
folder IIRC.
ci/qa/translations
Outdated
#!/usr/bin/env sh | ||
|
||
cd $(dirname $0)/../../ | ||
|
||
./bin/console lexik:translations:import | ||
./bin/console lexik:translations:import DashboardBundle | ||
./bin/console lexik:translations:import DashboardSamlBundle |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this file should move to the /bin
directory as this is not a qa related script. It is used during development to extract translations from the application into the lexik translation database.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correctamente
composer.json
Outdated
"@cvalidate", | ||
"@attrsc", | ||
"@attrdc", | ||
"@droptestdb", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Simply run @test-db
here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Absolutely!
composer.json
Outdated
"phpcov": "./ci/qa/phpcov", | ||
"test": "./ci/qa/phpunit", | ||
"cypress": "./ci/qa/cypress", | ||
"yarn-audit": "./ci/qa/yarn-audit", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggestion: rename the yarn-audit script (and Composer script) to security-check (or another cool name) and run both yarn audit
and compser audit
in one go.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes.. simple security might be a good candidate
@@ -9,17 +9,13 @@ CMD ["/usr/local/sbin/start.sh"] | |||
|
|||
FROM ghcr.io/openconext/openconext-containers/openconext-phpfpm-dev:latest AS spdphpfpm | |||
WORKDIR /var/www/html/ | |||
COPY --from=composer:1 /usr/bin/composer /usr/local/bin/composer | |||
COPY --from=composer:2.2.9 /usr/bin/composer /usr/local/bin/composer |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggestion: remove the version pin. The latest composer will be pulled. This ensures we stay up to date with the latest composer features.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The phpcpd gave problems and I tried without versioning and also with :2 and finally it went on with 2.2.9., but finally ended up due to xdebug extension problems. Since phpcpd is no longer used we can use the :latest version I guess.
|
||
- name: Run Cypress tests | ||
run: | | ||
${DOCKER_COMPOSE_PHP_FPM} sh -c 'composer cypress' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't this run on the cypress container? It now errors without running a Cypress test
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, that may be the case.
- name: Run Audit | ||
run: | | ||
${DOCKER_COMPOSE_PHP_FPM} sh -c 'composer yarn-audit' | ||
continue-on-error: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm skeptical as to allow a failing yarn/composer audit.. I thik you should remove this continue-on-error
..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes..., but a lot of critical and high risk vulnerabilities found, that need to be fixed in the end, I guess (during upgrade SF?)
67812b9
to
fad6d99
Compare
fad6d99
to
16e0ebb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As long as you re-enable the security tests to not be an allowed failure, this is fine with me!
Nice work to migrate to Github Actions :
* Upgrade Symfony 5 A mighty PR where multiple disciplines entailing the Symfony upgrade come together. Among them: #562 Upgrade to Symfony 4 (in preparation to this SF5 upgrade) #571 Move to Github actions for test integrations At first these tasks where created separate. But to keep things more tight, I chose to merge/rebase them into this branch. Beside an upgrade to this version a major update of the security has been done. Most of the security part is handled within the stepup saml bundle and SPD is a consumer of this implementation. see: https://www.pivotaltracker.com/story/show/173217517 Co-authored-by: Michiel Kodde <mkodde@ibuildings.nl> Co-authored-by: Bart Geesink <bart.geesink@surf.nl>
To gain some speed during the ci/cd proces we decided to migrate travis to the github actions.
The biggest task was putting the scripting into separate shell scripts. The reason for this is that we can access the scripts within composer. Some tasks are still allowed to fail in the test integration workflow, such as the copy paste detector and cypress. It is intended that these will be improved at a later stage.