Migrate travis github actions #571
Conversation
Shaky212
force-pushed
the
feature/migrate-travis-to-github-actions
branch
6 times, most recently
from
1008645
to
53ae991
Compare
Shaky212
force-pushed
the
feature/migrate-travis-to-github-actions
branch
from
53ae991
to
32f5868
Compare
| @@ -11,7 +11,7 @@ on: | |||
| jobs: | |||
| build: | |||
|
|
|||
| runs-on: ubuntu-latest | |||
| runs-on: ubuntu-20.04 | |||
| @@ -9,64 +9,89 @@ on: | |||
| jobs: | |||
| build: | |||
|
|
|||
| runs-on: ubuntu-latest | |||
| runs-on: ubuntu-20.04 | |||
There was a problem hiding this comment.
Why run the tests on the old Ubuntu LTS?
There was a problem hiding this comment.
See previous comment
| - name: Check out the repo | ||
| uses: actions/checkout@v2 | ||
|
|
||
| - name: Start the docker images for Cypress testing |
There was a problem hiding this comment.
Nitpick: I think you can broaden the name, as we no longer solely run Cypress tests.
| run: | | ||
| ${DOCKER_COMPOSE_PHP_FPM} /usr/local/bin/composer install -n --prefer-dist -o --ignore-platform-reqs | ||
| env: | ||
| SYMFONY_ENV: dev |
There was a problem hiding this comment.
Can we run the application in test or even prod? That might be better than dev
| - name: Run Copy Paste Detector | ||
| run: | | ||
| ${DOCKER_COMPOSE_PHP_FPM} sh -c 'composer jscpd' | ||
| continue-on-error: true | ||
|
|
||
| - name: Run CI tests | ||
| run: | | ||
| ${DOCKER_COMPOSE_PHP_FPM} sh -c 'composer check' |
There was a problem hiding this comment.
I'd say: make the jscpd part of the composer check (Run CI tests)
There was a problem hiding this comment.
I have deliberately chosen to keep it out of the CI tests for now, otherwise it breaks the CI tests. Or is there a way to continue anyway?
| # - allowing for 30 lines of duplicate code | ||
| # - and setting a total copy paste limit to 1% project wide | ||
| # More info about jscpd usage: https://github.com/kucherenko/jscpd/tree/master/packages/jscpd#usage | ||
| ./node_modules/.bin/jscpd src -l 30 -t 1 |
There was a problem hiding this comment.
Did you not end up adding the excluded folders? If this command does not give too many false positives, I'ts fine with me. I do think we need to both check the JS and PHP code though. And the JS code is not in the src folder IIRC.
ci/qa/translations
Outdated
| #!/usr/bin/env sh | ||
|
|
||
| cd $(dirname $0)/../../ | ||
|
|
||
| ./bin/console lexik:translations:import | ||
| ./bin/console lexik:translations:import DashboardBundle | ||
| ./bin/console lexik:translations:import DashboardSamlBundle |
There was a problem hiding this comment.
I think this file should move to the /bin directory as this is not a qa related script. It is used during development to extract translations from the application into the lexik translation database.
composer.json
Outdated
| "@cvalidate", | ||
| "@attrsc", | ||
| "@attrdc", | ||
| "@droptestdb", |
composer.json
Outdated
| "phpcov": "./ci/qa/phpcov", | ||
| "test": "./ci/qa/phpunit", | ||
| "cypress": "./ci/qa/cypress", | ||
| "yarn-audit": "./ci/qa/yarn-audit", |
There was a problem hiding this comment.
Suggestion: rename the yarn-audit script (and Composer script) to security-check (or another cool name) and run both yarn audit and compser audit in one go.
There was a problem hiding this comment.
Yes.. simple security might be a good candidate
| @@ -9,17 +9,13 @@ CMD ["/usr/local/sbin/start.sh"] | |||
|
|
|||
| FROM ghcr.io/openconext/openconext-containers/openconext-phpfpm-dev:latest AS spdphpfpm | |||
| WORKDIR /var/www/html/ | |||
| COPY --from=composer:1 /usr/bin/composer /usr/local/bin/composer | |||
| COPY --from=composer:2.2.9 /usr/bin/composer /usr/local/bin/composer | |||
There was a problem hiding this comment.
Suggestion: remove the version pin. The latest composer will be pulled. This ensures we stay up to date with the latest composer features.
There was a problem hiding this comment.
The phpcpd gave problems and I tried without versioning and also with :2 and finally it went on with 2.2.9., but finally ended up due to xdebug extension problems. Since phpcpd is no longer used we can use the :latest version I guess.
|
|
||
| - name: Run Cypress tests | ||
| run: | | ||
| ${DOCKER_COMPOSE_PHP_FPM} sh -c 'composer cypress' |
There was a problem hiding this comment.
Shouldn't this run on the cypress container? It now errors without running a Cypress test
There was a problem hiding this comment.
Ah, that may be the case.
| - name: Run Audit | ||
| run: | | ||
| ${DOCKER_COMPOSE_PHP_FPM} sh -c 'composer yarn-audit' | ||
| continue-on-error: true |
There was a problem hiding this comment.
I'm skeptical as to allow a failing yarn/composer audit.. I thik you should remove this continue-on-error..
There was a problem hiding this comment.
Yes..., but a lot of critical and high risk vulnerabilities found, that need to be fixed in the end, I guess (during upgrade SF?)
Shaky212
force-pushed
the
feature/migrate-travis-to-github-actions
branch
4 times, most recently
from
67812b9
to
fad6d99
Compare
Shaky212
force-pushed
the
feature/migrate-travis-to-github-actions
branch
from
fad6d99
to
16e0ebb
Compare
* Upgrade Symfony 5 A mighty PR where multiple disciplines entailing the Symfony upgrade come together. Among them: #562 Upgrade to Symfony 4 (in preparation to this SF5 upgrade) #571 Move to Github actions for test integrations At first these tasks where created separate. But to keep things more tight, I chose to merge/rebase them into this branch. Beside an upgrade to this version a major update of the security has been done. Most of the security part is handled within the stepup saml bundle and SPD is a consumer of this implementation. see: https://www.pivotaltracker.com/story/show/173217517 Co-authored-by: Michiel Kodde <mkodde@ibuildings.nl> Co-authored-by: Bart Geesink <bart.geesink@surf.nl>
To gain some speed during the ci/cd proces we decided to migrate travis to the github actions.
The biggest task was putting the scripting into separate shell scripts. The reason for this is that we can access the scripts within composer. Some tasks are still allowed to fail in the test integration workflow, such as the copy paste detector and cypress. It is intended that these will be improved at a later stage.