api-platform · vincentchalamon · Dec 18, 2023 · Dec 18, 2023 · Dec 18, 2023 · Dec 18, 2023
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -2,9 +2,9 @@ name: CD
 
 on:
   push:
-    branches:
-      - main
-  # Deploy if "deploy" label exists
+    tags:
+      - '*'
+  # Deploy PR if "deploy" label exists
   pull_request:
     types: [ reopened, synchronize, labeled ]
 
@@ -28,11 +28,6 @@ jobs:
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-      # gcloud does not work with Python 3.10 because "collections.Mappings" was removed in Python 3.10.
-      -
-        uses: actions/setup-python@v4
-        with:
-          python-version: 3.9.15
       -
         name: Auth gcloud
         id: auth
@@ -59,9 +54,9 @@ jobs:
             compose.yaml
             compose.prod.yaml
           set: |
-            *.cache-from=type=gha,scope=${{github.ref}}
+            *.cache-from=type=gha,scope=${{ github.ref }}
             *.cache-from=type=gha,scope=refs/heads/main
-            *.cache-to=type=gha,scope=${{github.ref}},mode=max
+            *.cache-to=type=gha,scope=${{ github.ref }},mode=max
       -
         name: Docker push
         run: |
@@ -70,11 +65,17 @@ jobs:
           docker push $KEYCLOAK_DOCKER_IMAGE
       -
         name: Docker tag and push latest
-        if: github.event_name == 'push'
+        if: github.event_name != 'pull_request'
         run: |
+          docker tag $PHP_DOCKER_IMAGE europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/php:${{ github.ref_name }}
+          docker tag $PWA_DOCKER_IMAGE europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/pwa:${{ github.ref_name }}
+          docker tag $KEYCLOAK_DOCKER_IMAGE europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/keycloak:${{ github.ref_name }}
           docker tag $PHP_DOCKER_IMAGE europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/php:latest
           docker tag $PWA_DOCKER_IMAGE europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/pwa:latest
           docker tag $KEYCLOAK_DOCKER_IMAGE europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/keycloak:latest
+          docker push europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/php:${{ github.ref_name }}
+          docker push europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/pwa:${{ github.ref_name }}
+          docker push europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/keycloak:${{ github.ref_name }}
           docker push europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/php:latest
           docker push europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/pwa:latest
           docker push europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/keycloak:latest

diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
@@ -1,4 +1,4 @@
-name: Deploy
+name: Check
 
 on:
   workflow_call:
@@ -18,9 +18,9 @@ jobs:
       -
         name: Checkout
         uses: actions/checkout@v4
-
-      - name: Run local k6 test
-        uses: grafana/k6-action@v0.2.0
+      -
+        name: Run local k6 test
+        uses: grafana/k6-action@v0.3.1
         with:
           filename: k6/script.js
           flags: --out json=results.json

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -35,9 +35,9 @@ jobs:
             compose.yaml
             compose.override.yaml
           set: |
-            *.cache-from=type=gha,scope=${{github.ref}}
+            *.cache-from=type=gha,scope=${{ github.ref }}
             *.cache-from=type=gha,scope=refs/heads/main
-            *.cache-to=type=gha,scope=${{github.ref}},mode=max
+            *.cache-to=type=gha,scope=${{ github.ref }},mode=max
       -
         name: Start services
         run: docker compose up --wait --no-build
@@ -71,9 +71,6 @@ jobs:
       -
         name: Run PHPStan
         run: docker compose exec -T php vendor/bin/phpstan --memory-limit=256M
-      -
-        name: Lint PWA
-        run: docker compose exec -T pwa pnpm lint
 
   # run e2e tests iso-prod
   e2e-tests:
@@ -113,10 +110,10 @@ jobs:
             compose.yaml
             compose.prod.yaml
           set: |
-            *.cache-from=type=gha,scope=${{github.ref}}-e2e
-            *.cache-from=type=gha,scope=${{github.ref}}
+            *.cache-from=type=gha,scope=${{ github.ref }}-e2e
+            *.cache-from=type=gha,scope=${{ github.ref }}
             *.cache-from=type=gha,scope=refs/heads/main
-            *.cache-to=type=gha,scope=${{github.ref}}-e2e,mode=max
+            *.cache-to=type=gha,scope=${{ github.ref }}-e2e,mode=max
       -
         name: Start Services
         run: docker compose up --wait --no-build
@@ -131,6 +128,7 @@ jobs:
         run: docker compose run --rm php bin/console doctrine:fixtures:load --no-interaction
       -
         name: Cache Playwright Binaries
+        id: playwright-cache
         uses: actions/cache@v3
         with:
           path: ~/.cache/ms-playwright
@@ -139,15 +137,29 @@ jobs:
         name: Install PNPM
         uses: pnpm/action-setup@v2
         with:
-          version: 8.6.2
+          version: 8
+      -
+        name: Cache PNPM
+        uses: actions/cache@v3
+        with:
+          path: ${{ env.PNPM_HOME }}
+          key: ${{ runner.os }}-pnpm-${{ github.run_id }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-
       -
         name: Install Dependencies
         working-directory: pwa
         run: pnpm install
       -
-        name: Install Playwright Browsers
+        name: Install Playwright Browsers with Deps
+        if: steps.playwright-cache.outputs.cache-hit != 'true'
         working-directory: pwa
         run: pnpm exec playwright install --with-deps
+      -
+        name: Install Playwright Browsers
+        if: steps.playwright-cache.outputs.cache-hit == 'true'
+        working-directory: pwa
+        run: pnpm exec playwright install
       -
         name: Run Playwright @read
         working-directory: pwa
@@ -168,14 +180,94 @@ jobs:
           path: pwa/test-results
 
   lint:
-    name: Docker Lint
+    name: Lint
     runs-on: ubuntu-latest
     steps:
       -
         name: Checkout
         uses: actions/checkout@v4
+
+      # Lint Dockerfiles
       -
         name: Lint Dockerfiles
         uses: hadolint/hadolint-action@v3.1.0
         with:
           recursive: true
+
+      # Lint API
+      -
+        name: PHP CS Fixer Cache
+        uses: actions/cache@v3
+        with:
+          path: api/.php-cs-fixer.cache
+          key: ${{ runner.OS }}-phpcsfixer-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.OS }}-phpcsfixer-
+      -
+        name: Get API changed files
+        id: api-changed-files
+        uses: tj-actions/changed-files@v38
+      -
+        name: Get Extra Arguments for PHP-CS-Fixer
+        id: phpcs-intersection
+        run: |
+          CHANGED_FILES=$(echo "${{ steps.changed-files.outputs.all_changed_and_modified_files }}" | tr ' ' '\n')
+          if ! echo "${CHANGED_FILES}" | grep -qE "^api\/(\\.php-cs-fixer(\\.dist)?\\.php|composer\\.lock)$"; then EXTRA_ARGS=$(printf -- '--path-mode=intersection\n--\n%s' "${CHANGED_FILES}"); else EXTRA_ARGS=''; fi
+          echo "PHPCS_EXTRA_ARGS<<EOF" >> $GITHUB_ENV
+          echo "$EXTRA_ARGS" >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+      -
+        name: Lint API
+        uses: docker://oskarstark/php-cs-fixer-ga
+        with:
+          args: --config=api/.php-cs-fixer.dist.php -v --dry-run --stop-on-violation --using-cache=no ${{ env.PHPCS_EXTRA_ARGS }}"
+
+      # Lint PWA
+      -
+        name: Install PNPM
+        uses: pnpm/action-setup@v2
+        with:
+          version: 8
+      -
+        name: Cache PNPM
+        uses: actions/cache@v3
+        with:
+          path: ${{ env.PNPM_HOME }}
+          key: ${{ runner.os }}-pnpm-${{ github.run_id }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-
+      -
+        name: Install Dependencies
+        working-directory: pwa
+        run: pnpm install
+      -
+        name: Lint PWA
+        working-directory: pwa
+        run: pnpm lint
+
+      # Lint HELM
+      -
+        name: Cache Helm Dependencies
+        uses: actions/cache@v3
+        with:
+          path: helm/api-platform/charts/
+          key: ${{ runner.os }}-helm-dependencies-${{ github.run_id }}
+          restore-keys: |
+            ${{ runner.os }}-helm-dependencies-
+      -
+        name: Build Helm Dependencies
+        run: |
+          helm repo add bitnami https://charts.bitnami.com/bitnami/
+          helm repo add stable https://charts.helm.sh/stable/
+          helm dependency build ./helm/api-platform
+      -
+        name: Lint Helm
+        run: helm lint ./helm/api-platform/
+
+      # Lint Markdown Docs
+      -
+        name: Lint changelog file
+        uses: docker://avtodev/markdown-lint:v1
+        with:
+          config: 'docs/.markdown-lint.yaml'
+          args: 'docs/**/*.md'
diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml
@@ -8,6 +8,10 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
+env:
+  GKE_CLUSTER: api-platform-demo
+  GCE_ZONE: europe-west1-c
+
 jobs:
   cleanup:
     name: Uninstall K8s Release for Closed Pull Request
@@ -17,11 +21,6 @@ jobs:
       contents: 'read'
       id-token: 'write'
     steps:
-      # gcloud does not work with Python 3.10 because "collections.Mappings" was removed in Python 3.10.
-      -
-        uses: actions/setup-python@v4
-        with:
-          python-version: 3.9.15
       -
         name: Auth gcloud
         uses: google-github-actions/auth@v2
@@ -37,7 +36,7 @@ jobs:
         run: |
           gcloud components install gke-gcloud-auth-plugin
           gcloud --quiet auth configure-docker
-          gcloud container clusters get-credentials api-platform-demo --zone europe-west1-c
+          gcloud container clusters get-credentials ${{ env.GKE_CLUSTER }} --zone ${{ env.GCE_ZONE }}
       -
         name: Check for existing namespace
         id: k8s-namespace

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -52,11 +52,6 @@ jobs:
       -
         name: Checkout
         uses: actions/checkout@v4
-      # gcloud does not work with Python 3.10 because "collections.Mappings" was removed in Python 3.10.
-      -
-        uses: actions/setup-python@v4
-        with:
-          python-version: 3.9.15
       -
         name: Auth gcloud
         uses: google-github-actions/auth@v2
@@ -73,16 +68,20 @@ jobs:
           gcloud components install gke-gcloud-auth-plugin
           gcloud --quiet auth configure-docker
           gcloud container clusters get-credentials ${{ inputs.gke-cluster }} --zone ${{ inputs.gke-zone }}
-      # https://github.com/helm/helm/issues/8036
       -
-        name: Build helm dependencies
+        name: Cache Helm Dependencies
+        uses: actions/cache@v3
+        with:
+          path: helm/api-platform/charts/
+          key: ${{ runner.os }}-helm-dependencies-${{ github.run_id }}
+          restore-keys: |
+            ${{ runner.os }}-helm-dependencies-
+      -
+        name: Build Helm Dependencies
         run: |
           helm repo add bitnami https://charts.bitnami.com/bitnami/
           helm repo add stable https://charts.helm.sh/stable/
           helm dependency build ./helm/api-platform
-      -
-        name: Lint Helm
-        run: helm lint ./helm/api-platform/
       # Release name MUST start with a letter
       -
         name: Deploy

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -31,16 +31,20 @@ jobs:
       -
         name: Checkout
         uses: actions/checkout@v4
-      # gcloud does not work with Python 3.10 because "collections.Mappings" was removed in Python 3.10.
-      -
-        uses: actions/setup-python@v4
-        with:
-          python-version: 3.9.15
       -
         name: Auth gcloud
+        id: auth
         uses: google-github-actions/auth@v2
         with:
+          token_format: access_token
           credentials_json: ${{ secrets.GKE_SA_KEY }}
+      -
+        name: Login to GAR
+        uses: docker/login-action@v3
+        with:
+          registry: europe-west1-docker.pkg.dev
+          username: oauth2accesstoken
+          password: ${{ steps.auth.outputs.access_token }}
       -
         name: Setup gcloud
         uses: google-github-actions/setup-gcloud@v1
@@ -49,8 +53,9 @@ jobs:
       -
         name: Configure gcloud
         run: |
+          gcloud components install gke-gcloud-auth-plugin
           gcloud --quiet auth configure-docker
-          gcloud container clusters get-credentials api-platform-demo --zone europe-west1-c
+          gcloud container clusters get-credentials ${{ env.GKE_CLUSTER }} --zone ${{ env.GCE_ZONE }}
       -
         name: Pull Docker Image
         run: docker pull europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/${{ matrix.image }}:latest

diff --git a/api/config/packages/api_platform.yaml b/api/config/packages/api_platform.yaml
@@ -1,6 +1,6 @@
 api_platform:
     title: API Platform's demo
-    version: 1.0.0
+    version: 3.2.0
     description: |
         This is a demo application of the [API Platform](https://api-platform.com) framework.
         [Its source code](https://github.com/api-platform/demo) includes various examples, check it out!

diff --git a/docs/.markdown-lint.yaml b/docs/.markdown-lint.yaml
@@ -0,0 +1 @@
+MD013: false
diff --git a/helm/api-platform/Chart.yaml b/helm/api-platform/Chart.yaml
@@ -17,12 +17,12 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 3.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 0.1.0
+appVersion: 3.2.0
 
 dependencies:
   - name: postgresql

diff --git a/k6/test.sh b/k6/test.sh
@@ -1,9 +1,12 @@
 #!/bin/bash
+
 cd $(dirname $0)
+
 if [ -z "$TARGET" ]; then
-	echo "Missing TARGET=pr-xxx-demo.api-platform.com" 1>&2
+	echo "Missing TARGET argument (e.g.: pr-123-demo.api-platform.com)" 1>&2
 	exit 1
 fi
+
 docker run \
   --name k6 \
   --rm -i \