feat: upgrade from distribution (#346)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas SAMSON <[email protected]>
Co-authored-by: Kévin Dunglas <[email protected]>
Co-authored-by: Julien Francoz <[email protected]>
Co-authored-by: Julien Francoz <[email protected]>

Author: 5 people

.editorconfig

@@ -16,61 +16,46 @@ trim_trailing_whitespace = true
 insert_final_newline = true
 
 [*.{js,html,ts,tsx}]
-indent_style = space
 indent_size = 2
 
 [*.json]
-indent_style = space
-indent_size = 4
+indent_size = 2
 
 [*.md]
 trim_trailing_whitespace = false
 
-[*.php]
-indent_style = space
-indent_size = 4
-
 [*.sh]
 indent_style = tab
-indent_size = 4
 
 [*.xml{,.dist}]
 indent_style = space
 indent_size = 4
 
 [*.{yaml,yml}]
-indent_style = space
-indent_size = 4
 trim_trailing_whitespace = false
 
 [helm/api-platform/**.yaml]
-indent_style = space
 indent_size = 2
 
 [.github/workflows/*.yml]
-indent_style = space
 indent_size = 2
 
 [.gitmodules]
 indent_style = tab
-indent_size = 4
 
 [.php_cs{,.dist}]
 indent_style = space
 indent_size = 4
 
-[.travis.yml]
-indent_style = space
-indent_size = 2
-
 [composer.json]
-indent_style = space
 indent_size = 4
 
-[docker-compose{,.*}.{yaml,yml}]
+[{,docker-}compose{,.*}.{yaml,yml}]
 indent_style = space
 indent_size = 2
 
-[Dockerfile]
+[{,*.*}Dockerfile]
+indent_style = tab
+
+[{,*.*}Caddyfile]
 indent_style = tab
-indent_size = 4

.gitattributes

@@ -12,6 +12,7 @@
 *.yml text eol=lf
 bin/console text eol=lf
 composer.lock text eol=lf merge=ours
+pnpm-lock.yaml text eol=lf merge=ours
 
 *.ico binary
 *.png binary

.github/workflows/cd.yml

@@ -15,10 +15,12 @@ jobs:
     if: ${{ github.repository == 'api-platform/demo' && (github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'deploy')) }}
     runs-on: ubuntu-latest
     env:
-      PHP_DOCKER_IMAGE: eu.gcr.io/${{ secrets.GKE_PROJECT }}/php:${{ github.sha }}
-      PWA_DOCKER_IMAGE: eu.gcr.io/${{ secrets.GKE_PROJECT }}/pwa:${{ github.sha }}
-      CADDY_DOCKER_IMAGE: eu.gcr.io/${{ secrets.GKE_PROJECT }}/caddy:${{ github.sha }}
-      KEYCLOAK_DOCKER_IMAGE: eu.gcr.io/${{ secrets.GKE_PROJECT }}/keycloak:${{ github.sha }}
+      PHP_DOCKER_IMAGE: europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/php:${{ github.sha }}
+      PWA_DOCKER_IMAGE: europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/pwa:${{ github.sha }}
+      KEYCLOAK_DOCKER_IMAGE: europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/keycloak:${{ github.sha }}
+    permissions:
+      contents: 'read'
+      id-token: 'write'
     steps:
       -
         name: Checkout
@@ -33,19 +35,18 @@ jobs:
           python-version: 3.9.15
       -
         name: Auth gcloud
-        uses: google-github-actions/auth@v1
+        id: auth
+        uses: google-github-actions/auth@v2
         with:
+          token_format: access_token
           credentials_json: ${{ secrets.GKE_SA_KEY }}
       -
-        name: Setup gcloud
-        uses: google-github-actions/setup-gcloud@v1
+        name: Login to GAR
+        uses: docker/login-action@v3
         with:
-          project_id: ${{ secrets.GKE_PROJECT }}
-      -
-        name: Configure gcloud
-        run: |
-          gcloud --quiet auth configure-docker
-          gcloud container clusters get-credentials api-platform-demo --zone europe-west1-c
+          registry: europe-west1-docker.pkg.dev
+          username: oauth2accesstoken
+          password: ${{ steps.auth.outputs.access_token }}
       -
         name: Build Docker images
         uses: docker/bake-action@v4
@@ -55,8 +56,8 @@ jobs:
           pull: true
           load: true
           files: |
-            docker-compose.yml
-            docker-compose.prod.yml
+            compose.yaml
+            compose.prod.yaml
           set: |
             *.cache-from=type=gha,scope=${{github.ref}}
             *.cache-from=type=gha,scope=refs/heads/main
@@ -66,33 +67,24 @@ jobs:
         run: |
           docker push $PHP_DOCKER_IMAGE
           docker push $PWA_DOCKER_IMAGE
-          docker push $CADDY_DOCKER_IMAGE
           docker push $KEYCLOAK_DOCKER_IMAGE
       -
         name: Docker tag and push latest
         if: github.event_name == 'push'
         run: |
-          docker tag $PHP_DOCKER_IMAGE eu.gcr.io/${{ secrets.GKE_PROJECT }}/php:latest
-          docker tag $PWA_DOCKER_IMAGE eu.gcr.io/${{ secrets.GKE_PROJECT }}/pwa:latest
-          docker tag $CADDY_DOCKER_IMAGE eu.gcr.io/${{ secrets.GKE_PROJECT }}/caddy:latest
-          docker tag $KEYCLOAK_DOCKER_IMAGE eu.gcr.io/${{ secrets.GKE_PROJECT }}/keycloak:latest
-          docker push eu.gcr.io/${{ secrets.GKE_PROJECT }}/php:latest
-          docker push eu.gcr.io/${{ secrets.GKE_PROJECT }}/pwa:latest
-          docker push eu.gcr.io/${{ secrets.GKE_PROJECT }}/caddy:latest
-          docker push eu.gcr.io/${{ secrets.GKE_PROJECT }}/keycloak:latest
+          docker tag $PHP_DOCKER_IMAGE europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/php:latest
+          docker tag $PWA_DOCKER_IMAGE europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/pwa:latest
+          docker tag $KEYCLOAK_DOCKER_IMAGE europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/keycloak:latest
+          docker push europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/php:latest
+          docker push europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/pwa:latest
+          docker push europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/keycloak:latest
 
   deploy:
     name: Deploy
     needs: [ build ]
-    if: github.event_name == 'push'
     uses: ./.github/workflows/deploy.yml
     with:
-      environment: prod
-      url: demo.api-platform.com
       docker-images-version: ${{ github.sha }}
-      cors: '["https://demo.api-platform.com", "http://localhost", "https://localhost", "http://localhost:3000"]'
-      release: main
-      namespace: main
       gke-cluster: api-platform-demo
       gke-zone: europe-west1-c
     secrets:
@@ -102,23 +94,9 @@ jobs:
       cloudflare-zone-id: ${{ secrets.CF_ZONE_ID }}
       keycloak-admin-password: ${{ secrets.KEYCLOAK_ADMIN_PASSWORD }}
 
-  feature-deploy:
-    name: Feature Deploy
-    needs: [ build ]
-    if: github.event_name == 'pull_request'
-    uses: ./.github/workflows/deploy.yml
+  check:
+    name: Check
+    needs: [ deploy ]
+    uses: ./.github/workflows/check.yml
     with:
-      environment: pr-${{ github.event.pull_request.number }}
-      url: pr-${{ github.event.pull_request.number }}-demo.api-platform.com
-      docker-images-version: ${{ github.sha }}
-      cors: '["https://pr-${{ github.event.pull_request.number }}-demo.api-platform.com", "http://localhost", "https://localhost", "http://localhost:3000"]'
-      release: pr-${{ github.event.pull_request.number }}
-      namespace: pr-${{ github.event.pull_request.number }}
-      gke-cluster: api-platform-demo
-      gke-zone: europe-west1-c
-    secrets:
-      gke-credentials: ${{ secrets.GKE_SA_KEY }}
-      gke-project: ${{ secrets.GKE_PROJECT }}
-      cloudflare-api-token: ${{ secrets.CF_API_TOKEN }}
-      cloudflare-zone-id: ${{ secrets.CF_ZONE_ID }}
-      keycloak-admin-password: ${{ secrets.KEYCLOAK_ADMIN_PASSWORD }}
+      url: ${{needs.deploy.outputs.url}}

.github/workflows/check.yml

@@ -0,0 +1,28 @@
+name: Deploy
+
+on:
+  workflow_call:
+    inputs:
+      url:
+        type: string
+        description: URL
+
+jobs:
+  check:
+    name: Check
+    runs-on: ubuntu-latest
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Run local k6 test
+        uses: grafana/[email protected]
+        with:
+          filename: k6/script.js
+          flags: --out json=results.json
+        env:
+          TARGET: ${{ inputs.url }}

.github/workflows/ci.yml

@@ -26,52 +26,53 @@ jobs:
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
       -
-        name: Build Docker Images
+        name: Build Docker images
         uses: docker/bake-action@v4
         with:
           pull: true
           load: true
           files: |
-            docker-compose.yml
-            docker-compose.override.yml
+            compose.yaml
+            compose.override.yaml
           set: |
             *.cache-from=type=gha,scope=${{github.ref}}
             *.cache-from=type=gha,scope=refs/heads/main
             *.cache-to=type=gha,scope=${{github.ref}},mode=max
       -
-        name: Start Services
+        name: Start services
         run: docker compose up --wait --no-build
       -
-        name: Debug Services
+        name: Debug services
         if: failure()
         run: |
           docker compose ps
           docker compose logs
       -
-        name: Check HTTP Reachability
+        name: Check HTTP reachability
         run: curl -v -o /dev/null http://localhost
       -
-        name: Check API Reachability
+        name: Check API reachability
         run: curl -vk -o /dev/null https://localhost
       -
-        name: Check PWA Reachability
+        name: Check PWA reachability
         run: "curl -vk -o /dev/null -H 'Accept: text/html' https://localhost"
       -
-        name: Create Test Database
-        run: |
-          docker compose exec -T php bin/console -e test doctrine:database:create
-          docker compose exec -T php bin/console -e test doctrine:migrations:migrate --no-interaction
+        name: Create test database
+        run: docker compose exec -T php bin/console -e test doctrine:database:create
+      -
+        name: Run migrations
+        run: docker compose exec -T php bin/console -e test doctrine:migrations:migrate --no-interaction
       -
-        name: Run PHPUnit Tests
+        name: Run PHPUnit
         run: docker compose exec -T php bin/phpunit
       -
         name: Doctrine Schema Validator
-        run: docker compose exec -T php bin/console doctrine:schema:validate
+        run: docker compose exec -T php bin/console -e test doctrine:schema:validate
       -
-        name: Run Psalm Analysis
-        run: docker compose exec -T php vendor/bin/psalm
+        name: Run PHPStan
+        run: docker compose exec -T php vendor/bin/phpstan --memory-limit=256M
       -
-        name: Run PWA Lint
+        name: Lint PWA
         run: docker compose exec -T pwa pnpm lint
 
   # run e2e tests iso-prod
@@ -82,10 +83,9 @@ jobs:
       contents: 'read'
       id-token: 'write'
     env:
-      PHP_DOCKER_IMAGE: eu.gcr.io/${{ secrets.GKE_PROJECT }}/php:latest
-      PWA_DOCKER_IMAGE: eu.gcr.io/${{ secrets.GKE_PROJECT }}/pwa:latest
-      CADDY_DOCKER_IMAGE: eu.gcr.io/${{ secrets.GKE_PROJECT }}/caddy:latest
-      KEYCLOAK_DOCKER_IMAGE: eu.gcr.io/${{ secrets.GKE_PROJECT }}/keycloak:latest
+      PHP_DOCKER_IMAGE: europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/php:latest
+      PWA_DOCKER_IMAGE: europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/pwa:latest
+      KEYCLOAK_DOCKER_IMAGE: europe-west1-docker.pkg.dev/${{ secrets.GKE_PROJECT }}/${{ secrets.GKE_PROJECT }}/keycloak:latest
       APP_SECRET: ba63418865d58089f7f070e0a437b6d16b1fb970
       CADDY_MERCURE_JWT_SECRET: 33b04d361e437e0d7d715600fc24fdefba317154
       NEXTAUTH_SECRET: 77e4c3f5a6fb652b6245a5df8a704e04ad90bc7e
@@ -95,7 +95,7 @@ jobs:
       KEYCLOAK_HTTPS_CERTIFICATE_FILE: ./helm/api-platform/keycloak/certs/tls.crt
       KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE: ./helm/api-platform/keycloak/certs/tls.pem
       # https://docs.docker.com/compose/environment-variables/envvars/#compose_file
-      COMPOSE_FILE: docker-compose.yml:docker-compose.prod.yml:docker-compose.e2e.yml
+      COMPOSE_FILE: compose.yaml:compose.prod.yaml:compose.e2e.yaml
     steps:
       -
         name: Checkout
@@ -110,8 +110,8 @@ jobs:
           pull: true
           load: true
           files: |
-            docker-compose.yml
-            docker-compose.prod.yml
+            compose.yaml
+            compose.prod.yaml
           set: |
             *.cache-from=type=gha,scope=${{github.ref}}-e2e
             *.cache-from=type=gha,scope=${{github.ref}}
@@ -128,7 +128,7 @@ jobs:
           docker compose logs
       -
         name: Load Fixtures
-        run: docker compose run --rm --env APP_ENV=dev php bin/console doctrine:fixtures:load --no-interaction
+        run: docker compose run --rm php bin/console doctrine:fixtures:load --no-interaction
       -
         name: Cache Playwright Binaries
         uses: actions/cache@v3

.github/workflows/cleanup.yml

@@ -24,7 +24,7 @@ jobs:
           python-version: 3.9.15
       -
         name: Auth gcloud
-        uses: google-github-actions/auth@v1
+        uses: google-github-actions/auth@v2
         with:
           credentials_json: ${{ secrets.GKE_SA_KEY }}
       -