This repository has been archived by the owner on Feb 16, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
119 lines (109 loc) · 3.53 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
stages:
- code quality
- dependency scanning
- build
- deploy
## Code Quality section
Check code standards with PHP_CodeSniffer:
image: sumocoders/framework-php72:latest
before_script:
- curl -sS https://getcomposer.org/installer | php
- php composer.phar install --no-scripts --quiet --ignore-platform-reqs
script:
- vendor/bin/phpcs --report-full --report-junit=phpcs-report.xml
artifacts:
expire_in: 1 week
reports:
junit: phpcs-report.xml
stage: code quality
tags:
- docker
allow_failure: true
Check for bugs with PHPStan:
image: sumocoders/framework-php72:latest
before_script:
- curl -sS https://getcomposer.org/installer | php
- php composer.phar install --no-scripts --quiet --ignore-platform-reqs
- bin/console cache:warmup --env=dev
script:
- vendor/bin/phpstan analyse --memory-limit=512M --error-format=junit --no-progress > phpstan-report.xml
artifacts:
expire_in: 1 week
reports:
junit: phpstan-report.xml
stage: code quality
tags:
- docker
allow_failure: true
## Dependency Scanning section
Check NPM dependencies for vulnerabilities:
image: sumocoders/cli-tools-php72:latest
before_script:
- curl -sS https://getcomposer.org/installer | php
- php composer.phar install --no-scripts --quiet --ignore-platform-reqs
script:
- vendor/bin/convert-to-junit-xml convert:npm-audit "$(npm audit --json)" > npm-audit-report.xml
artifacts:
expire_in: 1 week
reports:
junit: npm-audit-report.xml
stage: dependency scanning
tags:
- docker
allow_failure: true
Check Composer dependencies for vulnerabilities:
image: sumocoders/cli-tools-php72:latest
before_script:
- curl -sS https://getcomposer.org/installer | php
- php composer.phar install --no-scripts --quiet --ignore-platform-reqs
script:
- vendor/bin/convert-to-junit-xml convert:sensiolabs-security-check "$(vendor/bin/security-checker security:check --format=json)" > security-checker-report.xml
artifacts:
expire_in: 1 week
reports:
junit: security-checker-report.xml
stage: dependency scanning
tags:
- docker
allow_failure: true
# Build section
Build assets with Encore:
image: node:11
before_script:
- npm install
script:
- npm run build
cache:
paths:
- node_modules
- public/build
stage: build
tags:
- docker
## Deploy section
Deploy to staging:
image: sumocoders/cli-tools-php72:latest
before_script:
# Add the private SSH key to the CI environment
- 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
# Install composer binary and install the vendors
- curl -sS https://getcomposer.org/installer | php
- php composer.phar install --quiet --no-scripts --ignore-platform-reqs
# Install NPM dependencies
- npm install
script:
- vendor/bin/dep deploy staging
environment:
name: staging
url: https://project.client.php72.sumocoders.eu
only:
- master
stage: deploy
tags:
- docker