diff --git a/resources/com/cadoles/symfony/.php-cs-fixer.dist.php b/resources/com/cadoles/symfony/.php-cs-fixer.dist.php new file mode 100644 index 0000000..acdd383 --- /dev/null +++ b/resources/com/cadoles/symfony/.php-cs-fixer.dist.php @@ -0,0 +1,41 @@ +in(__DIR__.'/src') + ->name('*.php') +; + +return (new PhpCsFixer\Config()) + ->setRules([ + '@Symfony' => true, + 'concat_space' => ['spacing' => 'none'], + 'array_syntax' => ['syntax' => 'short'], + 'combine_consecutive_issets' => true, + 'explicit_indirect_variable' => true, + 'no_useless_return' => true, + 'ordered_imports' => true, + 'no_unused_imports' => true, + 'no_spaces_after_function_name' => true, + 'no_spaces_inside_parenthesis' => true, + 'ternary_operator_spaces' => true, + 'class_definition' => ['single_line' => true], + 'whitespace_after_comma_in_array' => true, + 'phpdoc_add_missing_param_annotation' => ['only_untyped' => true], + 'phpdoc_order' => true, + 'phpdoc_types_order' => [ + 'null_adjustment' => 'always_last', + 'sort_algorithm' => 'alpha', + ], + 'phpdoc_no_empty_return' => false, + 'phpdoc_summary' => false, + 'general_phpdoc_annotation_remove' => [ + 'annotations' => [ + 'expectedExceptionMessageRegExp', + 'expectedException', + 'expectedExceptionMessage', + 'author', + ], + ], + ]) + ->setFinder($finder) +; diff --git a/resources/com/cadoles/symfony/Dockerfile b/resources/com/cadoles/symfony/Dockerfile new file mode 100644 index 0000000..83cd04a --- /dev/null +++ b/resources/com/cadoles/symfony/Dockerfile @@ -0,0 +1,42 @@ +ARG PHP_SECURITY_CHECKER_VERSION=1.0.0 +ARG JQ_VERSION=1.6 + +RUN apt update && \ + DEBIAN_FRONTEND=noninteractive apt-get install -y \ + wget tar curl ca-certificates \ + openssl bash git unzip \ + php-cli php-dom php-mbstring php-ctype php-xml php-iconv + +COPY add-letsencrypt-ca.sh /root/add-letsencrypt-ca.sh + +RUN bash /root/add-letsencrypt-ca.sh \ + && rm -f /root/add-letsencrypt-ca.sh + +RUN wget -O /usr/local/bin/jq https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 \ + && chmod +x /usr/local/bin/jq + +# Install local-php-security-checker +RUN wget -O /usr/local/bin/local-php-security-checker https://github.com/fabpot/local-php-security-checker/releases/download/v${PHP_SECURITY_CHECKER_VERSION}/local-php-security-checker_${PHP_SECURITY_CHECKER_VERSION}_linux_amd64 \ + && chmod +x /usr/local/bin/local-php-security-checker + +# Install junit2md +RUN junit2md_download_url=$(curl "https://forge.cadoles.com/api/v1/repos/Cadoles/junit2md/releases" -H "accept:application/json" | jq -r 'sort_by(.published_at) | reverse | .[0] | .assets[] | select(.name == "junit2md-linux-amd64.tar.gz") | .browser_download_url') \ + && wget -O junit2md-linux-amd64.tar.gz "$junit2md_download_url" \ + && tar -xzf junit2md-linux-amd64.tar.gz \ + && cp junit2md-linux-amd64/junit2md /usr/local/bin/junit2md + +# Install composer +RUN wget https://raw.githubusercontent.com/composer/getcomposer.org/76a7060ccb93902cd7576b67264ad91c8a2700e2/web/installer -O - -q | php -- --force --install-dir /usr/local/bin --filename composer \ + && chmod +x /usr/local/bin/composer + +# Install php-cs-fixer +RUN mkdir --parents /tools/php-cs-fixer \ + && composer require --working-dir=/tools/php-cs-fixer friendsofphp/php-cs-fixer \ + && ln -s /tools/php-cs-fixer/vendor/bin/php-cs-fixer /usr/local/bin/php-cs-fixer + +# Install php-stan +RUN mkdir --parents /tools/phpstan \ + && composer require --working-dir=/tools/phpstan phpstan/phpstan \ + && ln -s /tools/phpstan/vendor/bin/phpstan /usr/local/bin/phpstan \ + && composer require --working-dir=/tools/phpstan phpstan/phpstan-symfony \ + && composer require --working-dir=/tools/phpstan phpstan/phpstan-doctrine \ No newline at end of file diff --git a/resources/com/cadoles/symfony/phpstan.neon b/resources/com/cadoles/symfony/phpstan.neon new file mode 100644 index 0000000..b58a9bc --- /dev/null +++ b/resources/com/cadoles/symfony/phpstan.neon @@ -0,0 +1,4 @@ +includes: + - /tools/phpstan/vendor/phpstan/phpstan-symfony/extension.neon + - /tools/phpstan/vendor/phpstan/phpstan-doctrine/extension.neon + - /tools/phpstan/vendor/phpstan/phpstan-doctrine/rules.neon \ No newline at end of file diff --git a/vars/gitea.groovy b/vars/gitea.groovy new file mode 100644 index 0000000..73542c4 --- /dev/null +++ b/vars/gitea.groovy @@ -0,0 +1,40 @@ +def commentPullRequest(String repo, String issueId, String comment, Integer commentIndex = 0) { + comment = comment.replaceAll('"', '\\"') + withCredentials([ + string(credentialsId: 'GITEA_JENKINS_PERSONAL_TOKEN', variable: 'GITEA_TOKEN'), + ]) { + writeFile(file: ".prComment", text: comment) + sh """#!/bin/bash + set -xeo pipefail + + # Récupération si il existe du commentaire existant + previous_comment_id=\$(curl -v --fail \ + -H "Authorization: token ${GITEA_TOKEN}" \ + -H "Content-Type: application/json" \ + https://forge.cadoles.com/api/v1/repos/${repo}/issues/${issueId}/comments \ + | jq -c '[ .[] | select(.user.login=="jenkins") ] | .[${commentIndex}] | .id' \ + ) + + # Génération du payload pour l'API Gitea + echo '{}' | jq -c --rawfile body .prComment '.body = \$body' > payload.json + + if [[ "\$previous_comment_id" == "null" ]]; then + # Création du commentaire via l'API Gitea + curl -v --fail \ + -XPOST \ + -H "Authorization: token ${GITEA_TOKEN}" \ + -H "Content-Type: application/json" \ + -d @payload.json \ + https://forge.cadoles.com/api/v1/repos/${repo}/issues/${issueId}/comments + else + # Modification du commentaire existant + curl -v --fail \ + -XPATCH \ + -H "Authorization: token ${GITEA_TOKEN}" \ + -H "Content-Type: application/json" \ + -d @payload.json \ + https://forge.cadoles.com/api/v1/repos/${repo}/issues/comments/\$previous_comment_id + fi + """ + } +} \ No newline at end of file diff --git a/vars/symfonyAppPipeline.groovy b/vars/symfonyAppPipeline.groovy new file mode 100644 index 0000000..0241ce9 --- /dev/null +++ b/vars/symfonyAppPipeline.groovy @@ -0,0 +1,115 @@ +import org.jenkinsci.plugins.pipeline.modeldefinition.Utils + +def call(String baseImage = "ubuntu:22.04") { + node { + stage("Checkout project") { + checkout(scm) + } + + stage('Run in Symfony image') { + def symfonyImage = buildDockerImage(baseImage) + symfonyImage.inside() { + def repo = env.JOB_NAME + if (env.BRANCH_NAME ==~ /^PR-.*$/) { + repo = env.JOB_NAME - "/${env.JOB_BASE_NAME}" + } + + stage("Install composer dependencies") { + sh ''' + composer install + ''' + } + + parallel([ + 'php-security-check': { + stage("Check PHP security issues") { + catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') { + def auditReport = sh(script: "local-php-security-checker --format=markdown || true", returnStdout: true) + if (auditReport.trim() != "") { + if (env.CHANGE_ID) { + gitea.commentPullRequest(repo, env.CHANGE_ID, auditReport, 0) + } else { + print auditReport + } + } + if (!auditReport.contains("No packages have known vulnerabilities.")) { + throw new Exception("Dependencies check failed !") + } + } + } + }, + 'php-cs-fixer': { + stage("Run PHP-CS-Fixer on modified code") { + catchError(buildResult: 'FAILURE', stageResult: 'FAILURE') { + if ( !fileExists('.php-cs-fixer.dist.php') ) { + def phpCsFixerConfig = libraryResource 'com/cadoles/symfony/.php-cs-fixer.dist.php' + writeFile file:'.php-cs-fixer.dist.php', text:phpCsFixerConfig + } + + sh ''' + CHANGED_FILES=$(git diff --name-only --diff-filter=ACMRTUXB "HEAD~..HEAD" | fgrep ".php" | tr "\n" " ") + if ! echo "${CHANGED_FILES}" | grep -qE "^(\\.php-cs-fixer(\\.dist)\\.php?|composer\\.lock)$"; then EXTRA_ARGS=$(printf -- '--path-mode=intersection -- %s' "${CHANGED_FILES}"); else EXTRA_ARGS=''; fi + php-cs-fixer fix -v --dry-run --using-cache=no --format junit > php-cs-fixer.xml ${EXTRA_ARGS} + ''' + def report = sh(script: "junit2md php-cs-fixer.xml", returnStdout: true) + if (env.CHANGE_ID) { + gitea.commentPullRequest(repo, env.CHANGE_ID, report, 1) + } else { + print report + } + } + } + }, + 'phpstan': { + stage("Run phpstan") { + catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') { + if ( !fileExists('phpstan.neon') ) { + def phpStanConfig = libraryResource 'com/cadoles/symfony/phpstan.neon' + writeFile file:'phpstan.neon', text:phpStanConfig + } + sh ''' + phpstan analyze -l 1 --error-format=table src > phpstan.txt || true + ''' + def report = sh(script: "cat phpstan.txt", returnStdout: true) + report = "## Rapport PHPStan\n\n```\n" + report + report = report + "\n```\n" + if (env.CHANGE_ID) { + gitea.commentPullRequest(repo, env.CHANGE_ID, report, 2) + } else { + print report + } + } + } + } + ]) + } + } + } +} + +def buildDockerImage(String baseImage) { + def imageName = "cadoles-symfony-ci" + dir (".${imageName}") { + def dockerfile = libraryResource 'com/cadoles/symfony/Dockerfile' + writeFile file:'Dockerfile', text: "FROM ${baseImage}\n\n" + dockerfile + + def addLetsEncryptCA = libraryResource 'com/cadoles/common/add-letsencrypt-ca.sh' + writeFile file:'add-letsencrypt-ca.sh', text:addLetsEncryptCA + + def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-') + def imageTag = "${safeJobName}-${env.BUILD_ID}" + return docker.build("${imageName}:${imageTag}", ".") + } +} + +def when(boolean condition, body) { + def config = [:] + body.resolveStrategy = Closure.OWNER_FIRST + body.delegate = config + + if (condition) { + body() + } else { + Utils.markStageSkippedForConditional(STAGE_NAME) + } +} \ No newline at end of file