Github: 测试,构建和发布容器镜像到阿里云容器镜像服务

Posted on by 
name: Lumen Test Build and Deploy

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

# Environment variables available to all jobs and steps in this workflow.
env:
  REGION_ID: cn-hangzhou
  REGISTRY: registry.cn-hangzhou.aliyuncs.com
  NAMESPACE: ****
  IMAGE: lumen8-boilerplate
  IMAGE_PREFIX: lumen8-boilerplate
  TAG: ${{ github.sha }}
  ENVIRONMENT: staging

jobs:
  tests:
    runs-on: ubuntu-latest
    # runs-on: self-hosted

    steps:
      - uses: shivammathur/setup-php@v2
        with:
          php-version: "8.0"
      - uses: actions/checkout@v2
      - name: Copy .env
        run: |
          cd src
          php -r "file_exists('.env') || copy('.env.example', '.env');"
      - name: Install Dependencies
        run: |
          cd src
          composer install --no-ansi --no-interaction --no-scripts --no-progress --prefer-dist  -vvv
      - name: Create Database
        run: |
          cd src
          mkdir -p database
          touch database/database.sqlite
      - name: Execute tests (Unit and Feature tests) via PHPUnit
        env:
          DB_CONNECTION: sqlite
          DB_DATABASE: database/database.sqlite
        run: |
          cd src
          vendor/bin/phpunit

  build:
    runs-on: self-hosted
    environment: staging

    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: get shortsha
        id: vars
        run: |
          echo ::set-output name=sha_short::$(git rev-parse --short=8 ${{ github.sha }})

      - name: use env
        run: |
          echo $SHORTSHA
        env:
          SHORTSHA: ${{ steps.vars.outputs.sha_short }}

      - name: Login to ACR with the AccessKey pair
        uses: aliyun/acr-login@v1
        with:
          region-id: "${{ env.REGION_ID }}"
          access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
          access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"

      - name: Build and push php and nginx images to ACR
        env:
          SHORTSHA: ${{ steps.vars.outputs.sha_short }}
        run: |
          docker build --target php --tag "$REGISTRY/$NAMESPACE/${IMAGE_PREFIX}_${ENVIRONMENT}_lumen_php:$SHORTSHA" -f .docker/Dockerfile .
          docker push "$REGISTRY/$NAMESPACE/${IMAGE_PREFIX}_${ENVIRONMENT}_lumen_php:$SHORTSHA"
          docker tag "$REGISTRY/$NAMESPACE/${IMAGE_PREFIX}_${ENVIRONMENT}_lumen_php:$SHORTSHA" "$REGISTRY/$NAMESPACE/${IMAGE_PREFIX}_${ENVIRONMENT}_lumen_php:latest"
          docker push "$REGISTRY/$NAMESPACE/${IMAGE_PREFIX}_${ENVIRONMENT}_lumen_php:latest"
          docker build --target nginx --tag "$REGISTRY/$NAMESPACE/${IMAGE_PREFIX}_${ENVIRONMENT}_lumen_nginx:$SHORTSHA" -f .docker/Dockerfile .
          docker push "$REGISTRY/$NAMESPACE/${IMAGE_PREFIX}_${ENVIRONMENT}_lumen_nginx:$SHORTSHA"
          docker tag "$REGISTRY/$NAMESPACE/${IMAGE_PREFIX}_${ENVIRONMENT}_lumen_nginx:$SHORTSHA" "$REGISTRY/$NAMESPACE/${IMAGE_PREFIX}_${ENVIRONMENT}_lumen_nginx:latest"
          docker push "$REGISTRY/$NAMESPACE/${IMAGE_PREFIX}_${ENVIRONMENT}_lumen_nginx:latest"

      - name: Scan php image in ACR
        uses: aliyun/acr-scan@v1
        with:
          region-id: "${{ env.REGION_ID }}"
          access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
          access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
          repository: "${{ env.NAMESPACE }}/${{ env.IMAGE_PREFIX }}_${{ env.ENVIRONMENT }}_lumen_php"
          tag: "latest"

      - name: Scan nginx image in ACR
        uses: aliyun/acr-scan@v1
        with:
          region-id: "${{ env.REGION_ID }}"
          access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
          access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
          repository: "${{ env.NAMESPACE }}/${{ env.IMAGE_PREFIX }}_${{ env.ENVIRONMENT }}_lumen_nginx"
          tag: "latest"