From b04135f9cce43743cdc8efc38bdb251994aa8ba6 Mon Sep 17 00:00:00 2001
From: Matthieu Lamalle <mlamalle@cadoles.com>
Date: Thu, 25 Jan 2024 16:41:44 +0100
Subject: [PATCH] =?UTF-8?q?Cr=C3=A9ation=20des=20task=20pour=20symfony=20a?=
 =?UTF-8?q?pp?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitignore                                    |  1 +
 Makefile                                      |  7 ++
 kustomization/base/tekton/kustomization.yaml  |  9 +-
 .../tekton/pipeline/pipeline-symfonyapp.yaml  | 97 +++++++++++++++++++
 .../base/tekton/pipeline/pipeline.yaml        | 50 ----------
 .../base/tekton/pipeline/pipelinerun.yaml     | 15 ++-
 .../base/tekton/secret/secret.yaml.dist       | 12 +--
 .../serviceaccount/service-account.yaml       |  3 +-
 .../configmap/configmap-php-cs-fixer.yaml     | 10 +-
 .../tekton/task/symfonyapp/kustomization.yaml |  9 ++
 .../{ => symfonyapp/task}/php-cs-fixer.yaml   | 19 ++--
 .../task}/php-security-check.yaml             |  6 +-
 .../tekton/task/symfonyapp/task/phpstan.yaml  | 28 ++++++
 .../{ => symfonyapp/task}/show-readme.yaml    |  7 +-
 .../cadoles/symfony}/.php-cs-fixer.dist.php   |  4 -
 resources/com/cadoles/symfony/Dockerfile      | 47 +++++++++
 resources/com/cadoles/symfony/phpstan.neon    |  4 +
 symfony/.php-cs-fixer.dist.php                | 41 ++++++++
 symfony/Dockerfile                            | 47 +++++++++
 symfony/phpstan.neon                          |  4 +
 20 files changed, 329 insertions(+), 91 deletions(-)
 create mode 100644 kustomization/base/tekton/pipeline/pipeline-symfonyapp.yaml
 delete mode 100644 kustomization/base/tekton/pipeline/pipeline.yaml
 rename kustomization/base/tekton/{ => task/symfonyapp}/configmap/configmap-php-cs-fixer.yaml (88%)
 create mode 100644 kustomization/base/tekton/task/symfonyapp/kustomization.yaml
 rename kustomization/base/tekton/task/{ => symfonyapp/task}/php-cs-fixer.yaml (51%)
 rename kustomization/base/tekton/task/{ => symfonyapp/task}/php-security-check.yaml (87%)
 create mode 100644 kustomization/base/tekton/task/symfonyapp/task/phpstan.yaml
 rename kustomization/base/tekton/task/{ => symfonyapp/task}/show-readme.yaml (64%)
 rename {kustomization/base/tekton/file => resources/com/cadoles/symfony}/.php-cs-fixer.dist.php (93%)
 create mode 100644 resources/com/cadoles/symfony/Dockerfile
 create mode 100644 resources/com/cadoles/symfony/phpstan.neon
 create mode 100644 symfony/.php-cs-fixer.dist.php
 create mode 100644 symfony/Dockerfile
 create mode 100644 symfony/phpstan.neon

diff --git a/.gitignore b/.gitignore
index abd66a1..3e234a3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 kustomization/base/tekton/secret/secret.yaml
+kustomization/base/tekton/secret/dockerconfig/config.json
diff --git a/Makefile b/Makefile
index 54fd65f..25757a2 100644
--- a/Makefile
+++ b/Makefile
@@ -31,6 +31,13 @@ setup-cluster:
 ssh-secret:
 	cp kustomization/overlays/dev/resources/tekton/secret/secret.yaml.distkustomization/overlays/dev/resources/tekton/secret/secret.yaml
 
+docker-secret:
+	docker login reg.cadoles.com
+	mkdir -p kustomization/base/tekton/secret/dockerconfig
+	docker --config kustomization/base/tekton/secret/dockerconfig login reg.cadoles.com
+	# mv kustomization/base/tekton/secret/dockerconfig/config.json kustomization/base/tekton/secret/dockerconfig/.dockerconfigjson
+	kubectl create secret generic regcred --from-file=config.json=kustomization/base/tekton/secret/dockerconfig/config.json
+
 deploy-dev: ## Déploie le projet dans le cluster (nécessite la variable $HARBOR_USER_NAME)
 	skaffold dev -p dev --cleanup=false --default-repo reg.cadoles.com/${HARBOR_USER_NAME}
 
diff --git a/kustomization/base/tekton/kustomization.yaml b/kustomization/base/tekton/kustomization.yaml
index f2b9cd9..8ea4e2b 100644
--- a/kustomization/base/tekton/kustomization.yaml
+++ b/kustomization/base/tekton/kustomization.yaml
@@ -3,11 +3,10 @@ kind: Kustomization
 namespace: tekton
 resources:
 - namespace/namespace.yaml
-- configmap/configmap-php-cs-fixer.yaml
-- pipeline/pipeline.yaml
 - secret/secret.yaml
 - serviceaccount/service-account.yaml
 - https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-clone/0.9/git-clone.yaml
-- task/show-readme.yaml
-- task/php-cs-fixer.yaml
-- task/php-security-check.yaml
+- https://api.hub.tekton.dev/v1/resource/tekton/task/kaniko/0.6/raw
+- https://api.hub.tekton.dev/v1/resource/tekton/task/trivy-scanner/0.2/raw
+- task/symfonyapp/
+- pipeline/pipeline-symfonyapp.yaml
diff --git a/kustomization/base/tekton/pipeline/pipeline-symfonyapp.yaml b/kustomization/base/tekton/pipeline/pipeline-symfonyapp.yaml
new file mode 100644
index 0000000..d8512cf
--- /dev/null
+++ b/kustomization/base/tekton/pipeline/pipeline-symfonyapp.yaml
@@ -0,0 +1,97 @@
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: symfonyapp
+spec:
+  description: |
+    This pipeline clones a git repo, then echoes the README file to the stout.
+  params:
+  - name: repo-url
+    type: string
+    description: The git repo URL to clone from.
+  - name: image
+    type: string
+    description: Full name of image repo.
+  - name: dockerfile
+    type: string
+    description: 'The path to the Dockerfile to execute (default: ./Dockerfile)'
+  workspaces:
+  - name: shared-data
+    description: |
+      This workspace contains the cloned repo files, so they can be read by the
+      next task.
+  - name: config
+  - name: docker-credentials
+  tasks:
+  # Clone du repo git
+  - name: fetch-source
+    taskRef:
+      name: git-clone
+    workspaces:
+    - name: output
+      workspace: shared-data
+    params:
+    - name: url
+      value: $(params.repo-url)
+  # Lecture du readme du projet
+  - name: show-readme
+    runAfter: ["fetch-source"]
+    taskRef:
+      name: show-readme
+    workspaces:
+    - name: source
+      workspace: shared-data
+  # Execution des tests php-security-check
+  - name: php-security-check
+    runAfter: ["fetch-source"]
+    taskRef:
+      name: php-security-check
+    workspaces:
+    - name: source
+      workspace: shared-data
+  # Execution des tests phpstan
+  - name: phpstan
+    runAfter: ["fetch-source"]
+    taskRef:
+      name: phpstan
+    workspaces:
+    - name: source
+      workspace: shared-data
+  # Execution des tests php-cs-fixer
+  - name: php-cs-fixer
+    runAfter: ["fetch-source"]
+    taskRef:
+      name: php-cs-fixer
+    workspaces:
+    - name: source
+      workspace: shared-data
+    - name: config
+      workspace: config
+
+  - name: kaniko-build
+    taskRef:
+      name: kaniko
+    params:
+      - name: IMAGE
+        value: $(params.image)
+      - name: DOCKERFILE
+        value: $(params.dockerfile)
+      - name: EXTRA_ARGS
+        value:
+          - --skip-tls-verify
+          - --insecure
+    workspaces:
+      - name: source
+        workspace: shared-data
+      - name: dockerconfig
+        workspace: docker-credentials
+    runAfter:
+      - fetch-source
+      # - php-cs-fixer
+      # - phpstan
+      # - php-security-check
+    retries: 3
+
+  #
+
+
diff --git a/kustomization/base/tekton/pipeline/pipeline.yaml b/kustomization/base/tekton/pipeline/pipeline.yaml
deleted file mode 100644
index 5a11718..0000000
--- a/kustomization/base/tekton/pipeline/pipeline.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-apiVersion: tekton.dev/v1beta1
-kind: Pipeline
-metadata:
-  name: clone-read
-spec:
-  description: | 
-    This pipeline clones a git repo, then echoes the README file to the stout.
-  params:
-  - name: repo-url
-    type: string
-    description: The git repo URL to clone from.
-  workspaces:
-  - name: shared-data
-    description: | 
-      This workspace contains the cloned repo files, so they can be read by the
-      next task.
-  tasks:
-  - name: fetch-source
-    taskRef:
-      name: git-clone
-    workspaces:
-    - name: output
-      workspace: shared-data
-    params:
-    - name: url
-      value: $(params.repo-url)
-
-  - name: show-readme
-    runAfter: ["fetch-source"]
-    taskRef:
-      name: show-readme
-    workspaces:
-    - name: source
-      workspace: shared-data
-
-  - name: php-security-check
-    runAfter: ["fetch-source"]
-    taskRef:
-      name: php-security-check
-    workspaces:
-    - name: source
-      workspace: shared-data
-
-  - name: php-cs-fixer
-    runAfter: ["fetch-source"]
-    taskRef:
-      name: php-cs-fixer
-    workspaces:
-    - name: source
-      workspace: shared-data
diff --git a/kustomization/base/tekton/pipeline/pipelinerun.yaml b/kustomization/base/tekton/pipeline/pipelinerun.yaml
index b5e42a7..48735a0 100644
--- a/kustomization/base/tekton/pipeline/pipelinerun.yaml
+++ b/kustomization/base/tekton/pipeline/pipelinerun.yaml
@@ -1,11 +1,11 @@
 apiVersion: tekton.dev/v1beta1
 kind: PipelineRun
 metadata:
-  generateName: clone-read-run-
+  generateName: symfonyapp-run-
 spec:
   serviceAccountName: build-bot
   pipelineRef:
-    name: clone-read
+    name: symfonyapp
   podTemplate:
     securityContext:
       fsGroup: 65532
@@ -18,7 +18,16 @@ spec:
         resources:
           requests:
             storage: 1Gi
+  - name: config
+    configmap:
+      name: config-php-cs-fixer
+  - name: docker-credentials
+    secret:
+      secretName: regcred
   params:
   - name: repo-url
     value: https://forge.cadoles.com/Cadoles/hydra-dispatcher.git
-  
\ No newline at end of file
+  - name: image
+    value: reg.cadoles.com/mlamalle/testtekton
+  - name: dockerfile
+    value: misc/docker/Dockerfile
diff --git a/kustomization/base/tekton/secret/secret.yaml.dist b/kustomization/base/tekton/secret/secret.yaml.dist
index 6b711de..7aba742 100644
--- a/kustomization/base/tekton/secret/secret.yaml.dist
+++ b/kustomization/base/tekton/secret/secret.yaml.dist
@@ -1,12 +1,10 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: ssh-key
   annotations:
-    tekton.dev/git-0: forge.cadoles.com # Described below
-type: kubernetes.io/ssh-auth
+    tekton.dev/git-0: https://forge.cadoles.com
+  name: basic-auth
+type: kubernetes.io/basic-auth
 stringData:
-  ssh-privatekey: ""
-  # This is non-standard, but its use is encouraged to make this more secure.
-  # If it is not provided then the git server's public key will be requested
-  # when the repo is first fetched.
\ No newline at end of file
+  username: <login>
+  password: <password>
diff --git a/kustomization/base/tekton/serviceaccount/service-account.yaml b/kustomization/base/tekton/serviceaccount/service-account.yaml
index 6fb379d..9be1e15 100644
--- a/kustomization/base/tekton/serviceaccount/service-account.yaml
+++ b/kustomization/base/tekton/serviceaccount/service-account.yaml
@@ -3,4 +3,5 @@ kind: ServiceAccount
 metadata:
   name: build-bot
 secrets:
-  - name: basic-auth
\ No newline at end of file
+  - name: basic-auth
+  - name: regcred
diff --git a/kustomization/base/tekton/configmap/configmap-php-cs-fixer.yaml b/kustomization/base/tekton/task/symfonyapp/configmap/configmap-php-cs-fixer.yaml
similarity index 88%
rename from kustomization/base/tekton/configmap/configmap-php-cs-fixer.yaml
rename to kustomization/base/tekton/task/symfonyapp/configmap/configmap-php-cs-fixer.yaml
index 2e9f331..a5cf194 100644
--- a/kustomization/base/tekton/configmap/configmap-php-cs-fixer.yaml
+++ b/kustomization/base/tekton/task/symfonyapp/configmap/configmap-php-cs-fixer.yaml
@@ -3,11 +3,13 @@ kind: ConfigMap
 metadata:
   name: config-php-cs-fixer
 data:
-  .php-cs-fixer.dist.php: |
+  php-cs-fixer.dist.php: |
     <?php
-    $finder = PhpCsFixer\Finder::create()
-        ->in(__DIR__.'/src')
-        ->name('*.php');
+    $finder = (new PhpCsFixer\Finder())
+    ->ignoreDotFiles(false)
+    ->ignoreVCSIgnored(true)
+    ->exclude(['dev-tools/phpstan', 'tests/Fixtures'])
+    ->in(__DIR__);
     // TODO: Définir les règles de style communes
     // spécifiques au projet
     return (new PhpCsFixer\Config())
diff --git a/kustomization/base/tekton/task/symfonyapp/kustomization.yaml b/kustomization/base/tekton/task/symfonyapp/kustomization.yaml
new file mode 100644
index 0000000..e462cda
--- /dev/null
+++ b/kustomization/base/tekton/task/symfonyapp/kustomization.yaml
@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: tekton
+resources:
+- configmap/configmap-php-cs-fixer.yaml
+- task/show-readme.yaml
+- task/php-cs-fixer.yaml
+- task/php-security-check.yaml
+- task/phpstan.yaml
diff --git a/kustomization/base/tekton/task/php-cs-fixer.yaml b/kustomization/base/tekton/task/symfonyapp/task/php-cs-fixer.yaml
similarity index 51%
rename from kustomization/base/tekton/task/php-cs-fixer.yaml
rename to kustomization/base/tekton/task/symfonyapp/task/php-cs-fixer.yaml
index 7c4d42e..061d882 100644
--- a/kustomization/base/tekton/task/php-cs-fixer.yaml
+++ b/kustomization/base/tekton/task/symfonyapp/task/php-cs-fixer.yaml
@@ -6,17 +6,14 @@ spec:
   description: PHP-CS-Fixer on modified code
   workspaces:
   - name: source
+  - name: config
   steps:
-  - name: read
+  - name: exec
     image:  ghcr.io/php-cs-fixer/php-cs-fixer:3-php8.3
-    volumeMounts:
-      - name: config-php-cs-fixer
-        mountPath: "/conf/"
+    command:
+      - /bin/sh
     args:
-    - --dry-run
-    - fix
-  
-  volumes:
-    - name: config-php-cs-fixer
-      configMap:
-        name: config-php-cs-fixer
\ No newline at end of file
+      - '-c'
+      - |
+        set -ex
+        php-cs-fixer fix --dry-run --config=$(workspaces.config.path)/php-cs-fixer.dist.php $(workspaces.source.path)
diff --git a/kustomization/base/tekton/task/php-security-check.yaml b/kustomization/base/tekton/task/symfonyapp/task/php-security-check.yaml
similarity index 87%
rename from kustomization/base/tekton/task/php-security-check.yaml
rename to kustomization/base/tekton/task/symfonyapp/task/php-security-check.yaml
index ba6795b..9b3b835 100644
--- a/kustomization/base/tekton/task/php-security-check.yaml
+++ b/kustomization/base/tekton/task/symfonyapp/task/php-security-check.yaml
@@ -7,13 +7,13 @@ spec:
   workspaces:
   - name: source
   steps:
-  - name: check
+  - name: exec
     image:  alpine:latest
-    script: | 
+    script: |
       #!/bin/sh
       export PHP_SECURITY_CHECKER_VERSION=1.0.0
       export ARG JQ_VERSION=1.6
       wget -O /usr/local/bin/local-php-security-checker https://github.com/fabpot/local-php-security-checker/releases/download/v${PHP_SECURITY_CHECKER_VERSION}/local-php-security-checker_${PHP_SECURITY_CHECKER_VERSION}_linux_amd64 \
       && chmod +x /usr/local/bin/local-php-security-checker
       cd $(workspaces.source.path)
-      local-php-security-checker --format=markdown || true
\ No newline at end of file
+      local-php-security-checker --format=markdown || true
diff --git a/kustomization/base/tekton/task/symfonyapp/task/phpstan.yaml b/kustomization/base/tekton/task/symfonyapp/task/phpstan.yaml
new file mode 100644
index 0000000..65f68d6
--- /dev/null
+++ b/kustomization/base/tekton/task/symfonyapp/task/phpstan.yaml
@@ -0,0 +1,28 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: phpstan
+spec:
+  description: PHP-CS-Fixer on modified code
+  workspaces:
+  - name: source
+  steps:
+  - name: exec
+    image:  ghcr.io/phpstan/phpstan:1
+    command:
+      - /bin/sh
+    args:
+      - '-c'
+      - |
+        set -ex
+        composer require phpstan/phpstan-symfony
+        composer require phpstan/phpstan-doctrine
+        cat << EOF > /app/phpstan.neon
+        includes:
+            - /app/vendor/phpstan/phpstan-symfony/extension.neon
+            - /app/vendor/phpstan/phpstan-doctrine/extension.neon
+            - /app/vendor/phpstan/phpstan-doctrine/rules.neon
+        EOF
+        phpstan analyse -l 1 --error-format=table $(workspaces.source.path)
+
+
diff --git a/kustomization/base/tekton/task/show-readme.yaml b/kustomization/base/tekton/task/symfonyapp/task/show-readme.yaml
similarity index 64%
rename from kustomization/base/tekton/task/show-readme.yaml
rename to kustomization/base/tekton/task/symfonyapp/task/show-readme.yaml
index f472773..3cea9aa 100644
--- a/kustomization/base/tekton/task/show-readme.yaml
+++ b/kustomization/base/tekton/task/symfonyapp/task/show-readme.yaml
@@ -7,8 +7,9 @@ spec:
   workspaces:
   - name: source
   steps:
-  - name: read
+  - name: showreadme
     image: alpine:latest
-    script: | 
+    script: |
       #!/usr/bin/env sh
-      cat $(workspaces.source.path)/README.md
\ No newline at end of file
+      cat $(workspaces.source.path)/README.md
+      ls $(workspaces.source.path)
diff --git a/kustomization/base/tekton/file/.php-cs-fixer.dist.php b/resources/com/cadoles/symfony/.php-cs-fixer.dist.php
similarity index 93%
rename from kustomization/base/tekton/file/.php-cs-fixer.dist.php
rename to resources/com/cadoles/symfony/.php-cs-fixer.dist.php
index daa8926..acdd383 100644
--- a/kustomization/base/tekton/file/.php-cs-fixer.dist.php
+++ b/resources/com/cadoles/symfony/.php-cs-fixer.dist.php
@@ -5,8 +5,6 @@ $finder = PhpCsFixer\Finder::create()
     ->name('*.php')
 ;
 
-// TODO: Définir les règles de style communes
-// spécifiques au projet
 return (new PhpCsFixer\Config())
     ->setRules([
         '@Symfony' => true,
@@ -22,8 +20,6 @@ return (new PhpCsFixer\Config())
         'ternary_operator_spaces' => true,
         'class_definition' => ['single_line' => true],
         'whitespace_after_comma_in_array' => true,
-
-        // phpdoc
         'phpdoc_add_missing_param_annotation' => ['only_untyped' => true],
         'phpdoc_order' => true,
         'phpdoc_types_order' => [
diff --git a/resources/com/cadoles/symfony/Dockerfile b/resources/com/cadoles/symfony/Dockerfile
new file mode 100644
index 0000000..e45e32b
--- /dev/null
+++ b/resources/com/cadoles/symfony/Dockerfile
@@ -0,0 +1,47 @@
+ARG PHP_SECURITY_CHECKER_VERSION=1.0.0
+ARG JQ_VERSION=1.6
+
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y \
+        wget tar curl ca-certificates \
+        openssl bash git unzip \
+        php-cli php-dom php-mbstring php-ctype php-xml php-iconv
+        
+COPY add-letsencrypt-ca.sh /root/add-letsencrypt-ca.sh
+
+RUN bash /root/add-letsencrypt-ca.sh \
+    && rm -f /root/add-letsencrypt-ca.sh
+
+RUN wget -O /usr/local/bin/jq https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 \
+    && chmod +x /usr/local/bin/jq
+
+# Install local-php-security-checker
+RUN wget -O /usr/local/bin/local-php-security-checker https://github.com/fabpot/local-php-security-checker/releases/download/v${PHP_SECURITY_CHECKER_VERSION}/local-php-security-checker_${PHP_SECURITY_CHECKER_VERSION}_linux_amd64 \
+    && chmod +x /usr/local/bin/local-php-security-checker
+
+# Install junit2md
+RUN junit2md_download_url=$(curl "https://forge.cadoles.com/api/v1/repos/Cadoles/junit2md/releases" -H "accept:application/json" | jq -r 'sort_by(.published_at) | reverse | .[0] | .assets[] | select(.name == "junit2md-linux-amd64.tar.gz") | .browser_download_url') \
+    && wget -O junit2md-linux-amd64.tar.gz "$junit2md_download_url" \
+    && tar -xzf junit2md-linux-amd64.tar.gz \
+    && cp junit2md-linux-amd64/junit2md /usr/local/bin/junit2md
+
+# Install composer
+RUN wget https://raw.githubusercontent.com/composer/getcomposer.org/76a7060ccb93902cd7576b67264ad91c8a2700e2/web/installer -O - -q | php -- --force --install-dir /usr/local/bin --filename composer \
+    && chmod +x /usr/local/bin/composer
+
+# Install php-cs-fixer
+RUN mkdir --parents /tools/php-cs-fixer \
+    && composer require --working-dir=/tools/php-cs-fixer friendsofphp/php-cs-fixer \
+    && ln -s /tools/php-cs-fixer/vendor/bin/php-cs-fixer /usr/local/bin/php-cs-fixer
+
+# Install php-stan 
+RUN mkdir --parents /tools/phpstan \
+    && composer require --working-dir=/tools/phpstan phpstan/phpstan \
+    && ln -s /tools/phpstan/vendor/bin/phpstan /usr/local/bin/phpstan \
+    && composer require --working-dir=/tools/phpstan phpstan/phpstan-symfony \
+    && composer require --working-dir=/tools/phpstan phpstan/phpstan-doctrine
+
+# Install Symfony
+RUN curl -1sLf 'https://dl.cloudsmith.io/public/symfony/stable/setup.deb.sh' | bash \
+    && apt update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -y symfony-cli
\ No newline at end of file
diff --git a/resources/com/cadoles/symfony/phpstan.neon b/resources/com/cadoles/symfony/phpstan.neon
new file mode 100644
index 0000000..b58a9bc
--- /dev/null
+++ b/resources/com/cadoles/symfony/phpstan.neon
@@ -0,0 +1,4 @@
+includes:
+    - /tools/phpstan/vendor/phpstan/phpstan-symfony/extension.neon
+    - /tools/phpstan/vendor/phpstan/phpstan-doctrine/extension.neon
+    - /tools/phpstan/vendor/phpstan/phpstan-doctrine/rules.neon
\ No newline at end of file
diff --git a/symfony/.php-cs-fixer.dist.php b/symfony/.php-cs-fixer.dist.php
new file mode 100644
index 0000000..acdd383
--- /dev/null
+++ b/symfony/.php-cs-fixer.dist.php
@@ -0,0 +1,41 @@
+<?php
+
+$finder = PhpCsFixer\Finder::create()
+    ->in(__DIR__.'/src')
+    ->name('*.php')
+;
+
+return (new PhpCsFixer\Config())
+    ->setRules([
+        '@Symfony' => true,
+        'concat_space' => ['spacing' => 'none'],
+        'array_syntax' => ['syntax' => 'short'],
+        'combine_consecutive_issets' => true,
+        'explicit_indirect_variable' => true,
+        'no_useless_return' => true,
+        'ordered_imports' => true,
+        'no_unused_imports' => true,
+        'no_spaces_after_function_name' => true,
+        'no_spaces_inside_parenthesis' => true,
+        'ternary_operator_spaces' => true,
+        'class_definition' => ['single_line' => true],
+        'whitespace_after_comma_in_array' => true,
+        'phpdoc_add_missing_param_annotation' => ['only_untyped' => true],
+        'phpdoc_order' => true,
+        'phpdoc_types_order' => [
+            'null_adjustment' => 'always_last',
+            'sort_algorithm' => 'alpha',
+        ],
+        'phpdoc_no_empty_return' => false,
+        'phpdoc_summary' => false,
+        'general_phpdoc_annotation_remove' => [
+            'annotations' => [
+                'expectedExceptionMessageRegExp',
+                'expectedException',
+                'expectedExceptionMessage',
+                'author',
+            ],
+        ],
+    ])
+    ->setFinder($finder)
+;
diff --git a/symfony/Dockerfile b/symfony/Dockerfile
new file mode 100644
index 0000000..e45e32b
--- /dev/null
+++ b/symfony/Dockerfile
@@ -0,0 +1,47 @@
+ARG PHP_SECURITY_CHECKER_VERSION=1.0.0
+ARG JQ_VERSION=1.6
+
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y \
+        wget tar curl ca-certificates \
+        openssl bash git unzip \
+        php-cli php-dom php-mbstring php-ctype php-xml php-iconv
+        
+COPY add-letsencrypt-ca.sh /root/add-letsencrypt-ca.sh
+
+RUN bash /root/add-letsencrypt-ca.sh \
+    && rm -f /root/add-letsencrypt-ca.sh
+
+RUN wget -O /usr/local/bin/jq https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 \
+    && chmod +x /usr/local/bin/jq
+
+# Install local-php-security-checker
+RUN wget -O /usr/local/bin/local-php-security-checker https://github.com/fabpot/local-php-security-checker/releases/download/v${PHP_SECURITY_CHECKER_VERSION}/local-php-security-checker_${PHP_SECURITY_CHECKER_VERSION}_linux_amd64 \
+    && chmod +x /usr/local/bin/local-php-security-checker
+
+# Install junit2md
+RUN junit2md_download_url=$(curl "https://forge.cadoles.com/api/v1/repos/Cadoles/junit2md/releases" -H "accept:application/json" | jq -r 'sort_by(.published_at) | reverse | .[0] | .assets[] | select(.name == "junit2md-linux-amd64.tar.gz") | .browser_download_url') \
+    && wget -O junit2md-linux-amd64.tar.gz "$junit2md_download_url" \
+    && tar -xzf junit2md-linux-amd64.tar.gz \
+    && cp junit2md-linux-amd64/junit2md /usr/local/bin/junit2md
+
+# Install composer
+RUN wget https://raw.githubusercontent.com/composer/getcomposer.org/76a7060ccb93902cd7576b67264ad91c8a2700e2/web/installer -O - -q | php -- --force --install-dir /usr/local/bin --filename composer \
+    && chmod +x /usr/local/bin/composer
+
+# Install php-cs-fixer
+RUN mkdir --parents /tools/php-cs-fixer \
+    && composer require --working-dir=/tools/php-cs-fixer friendsofphp/php-cs-fixer \
+    && ln -s /tools/php-cs-fixer/vendor/bin/php-cs-fixer /usr/local/bin/php-cs-fixer
+
+# Install php-stan 
+RUN mkdir --parents /tools/phpstan \
+    && composer require --working-dir=/tools/phpstan phpstan/phpstan \
+    && ln -s /tools/phpstan/vendor/bin/phpstan /usr/local/bin/phpstan \
+    && composer require --working-dir=/tools/phpstan phpstan/phpstan-symfony \
+    && composer require --working-dir=/tools/phpstan phpstan/phpstan-doctrine
+
+# Install Symfony
+RUN curl -1sLf 'https://dl.cloudsmith.io/public/symfony/stable/setup.deb.sh' | bash \
+    && apt update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -y symfony-cli
\ No newline at end of file
diff --git a/symfony/phpstan.neon b/symfony/phpstan.neon
new file mode 100644
index 0000000..b58a9bc
--- /dev/null
+++ b/symfony/phpstan.neon
@@ -0,0 +1,4 @@
+includes:
+    - /tools/phpstan/vendor/phpstan/phpstan-symfony/extension.neon
+    - /tools/phpstan/vendor/phpstan/phpstan-doctrine/extension.neon
+    - /tools/phpstan/vendor/phpstan/phpstan-doctrine/rules.neon
\ No newline at end of file