From abad386dc6f1cb70580a740082a2ff1d232acf1a Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Mon, 25 Aug 2025 16:24:25 +0100 Subject: [PATCH 1/5] Fix build failing at apt update Error: buildx failed with: ERROR: failed to build: failed to solve: process "/bin/sh -c apt-get update && apt-get install tar" did not complete successfully: exit code: 100 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4d3a1cc..0066385 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,7 @@ ARG PHP_VERSION=8.1.32 ARG CADDY_VERSION=2.10.0 # yarn build -FROM gmolaire/yarn AS yarn_build +FROM node AS yarn_build WORKDIR /usr/app RUN apt-get update && apt-get install tar RUN mkdir -p /usr/app/vendor/symfony From b7295eb064e6195359ee2e2bf33ebe75345899a7 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Tue, 26 Aug 2025 08:59:43 +0100 Subject: [PATCH 2/5] Fixed vulnerabilites (trivy was blocking CI) --- Dockerfile | 2 +- composer.lock | 173 ++++++++++++++++++++++++++++++-------------------- symfony.lock | 9 +++ 3 files changed, 113 insertions(+), 71 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0066385..70506be 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ # https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact -ARG PHP_VERSION=8.1.32 +ARG PHP_VERSION=8.2 ARG CADDY_VERSION=2.10.0 # yarn build diff --git a/composer.lock b/composer.lock index 97db592..3088fad 100644 --- a/composer.lock +++ b/composer.lock @@ -70,16 +70,16 @@ }, { "name": "api-platform/core", - "version": "v3.3.12", + "version": "v3.4.17", "source": { "type": "git", "url": "https://github.com/api-platform/core.git", - "reference": "e2eeb6b710f96542b75357a13d8d69ed4d8be5e2" + "reference": "c5fb664d17ed9ae919394514ea69a5039d2ad9ab" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/api-platform/core/zipball/e2eeb6b710f96542b75357a13d8d69ed4d8be5e2", - "reference": "e2eeb6b710f96542b75357a13d8d69ed4d8be5e2", + "url": "https://api.github.com/repos/api-platform/core/zipball/c5fb664d17ed9ae919394514ea69a5039d2ad9ab", + "reference": "c5fb664d17ed9ae919394514ea69a5039d2ad9ab", "shasum": "" }, "require": { @@ -88,13 +88,13 @@ "psr/cache": "^1.0 || ^2.0 || ^3.0", "psr/container": "^1.0 || ^2.0", "symfony/deprecation-contracts": "^3.1", - "symfony/http-foundation": "^6.4 || ^7.0", - "symfony/http-kernel": "^6.4 || ^7.0", - "symfony/property-access": "^6.4 || ^7.0", - "symfony/property-info": "^6.4 || ^7.0", - "symfony/serializer": "^6.4 || ^7.0", + "symfony/http-foundation": "^6.4 || ^7.1", + "symfony/http-kernel": "^6.4 || ^7.1", + "symfony/property-access": "^6.4 || ^7.1", + "symfony/property-info": "^6.4 || ^7.1", + "symfony/serializer": "^6.4 || ^7.1", "symfony/translation-contracts": "^3.3", - "symfony/web-link": "^6.4 || ^7.0", + "symfony/web-link": "^6.4 || ^7.1", "willdurand/negotiation": "^3.0" }, "conflict": { @@ -109,12 +109,53 @@ "symfony/framework-bundle": "6.4.6 || 7.0.6", "symfony/var-exporter": "<6.1.1" }, + "replace": { + "api-platform/doctrine-common": "self.version", + "api-platform/doctrine-odm": "self.version", + "api-platform/doctrine-orm": "self.version", + "api-platform/documentation": "self.version", + "api-platform/elasticsearch": "self.version", + "api-platform/graphql": "self.version", + "api-platform/http-cache": "self.version", + "api-platform/hydra": "self.version", + "api-platform/json-api": "self.version", + "api-platform/json-hal": "self.version", + "api-platform/json-schema": "self.version", + "api-platform/jsonld": "self.version", + "api-platform/laravel": "self.version", + "api-platform/metadata": "self.version", + "api-platform/openapi": "self.version", + "api-platform/parameter-validator": "self.version", + "api-platform/ramsey-uuid": "self.version", + "api-platform/serializer": "self.version", + "api-platform/state": "self.version", + "api-platform/symfony": "self.version", + "api-platform/validator": "self.version" + }, "require-dev": { + "api-platform/doctrine-common": "^3.4 || ^4.0", + "api-platform/doctrine-odm": "^3.4 || ^4.0", + "api-platform/doctrine-orm": "^3.4 || ^4.0", + "api-platform/documentation": "^3.4 || ^4.0", + "api-platform/elasticsearch": "^3.4 || ^4.0", + "api-platform/graphql": "^3.4 || ^4.0", + "api-platform/http-cache": "^3.4 || ^4.0", + "api-platform/hydra": "^3.4 || ^4.0", + "api-platform/json-api": "^3.3 || ^4.0", + "api-platform/json-schema": "^3.4 || ^4.0", + "api-platform/jsonld": "^3.4 || ^4.0", + "api-platform/metadata": "^3.4 || ^4.0", + "api-platform/openapi": "^3.4 || ^4.0", + "api-platform/parameter-validator": "^3.4", + "api-platform/ramsey-uuid": "^3.4 || ^4.0", + "api-platform/serializer": "^3.4 || ^4.0", + "api-platform/state": "^3.4 || ^4.0", + "api-platform/validator": "^3.4 || ^4.0", "behat/behat": "^3.11", "behat/mink": "^1.9", "doctrine/cache": "^1.11 || ^2.1", "doctrine/common": "^3.2.2", - "doctrine/dbal": "^3.4.0", + "doctrine/dbal": "^3.4.0 || ^4.0", "doctrine/doctrine-bundle": "^1.12 || ^2.0", "doctrine/mongodb-odm": "^2.2", "doctrine/mongodb-odm-bundle": "^4.0 || ^5.0", @@ -123,12 +164,12 @@ "friends-of-behat/mink-browserkit-driver": "^1.3.1", "friends-of-behat/mink-extension": "^2.2", "friends-of-behat/symfony-extension": "^2.1", - "guzzlehttp/guzzle": "^6.0 || ^7.0", + "guzzlehttp/guzzle": "^6.0 || ^7.1", "jangregor/phpstan-prophecy": "^1.0", "justinrainbow/json-schema": "^5.2.1", "phpspec/prophecy-phpunit": "^2.0", "phpstan/extension-installer": "^1.1", - "phpstan/phpdoc-parser": "^1.13", + "phpstan/phpdoc-parser": "^1.13|^2.0", "phpstan/phpstan": "^1.10", "phpstan/phpstan-doctrine": "^1.0", "phpstan/phpstan-phpunit": "^1.0", @@ -136,41 +177,42 @@ "phpunit/phpunit": "^9.6", "psr/log": "^1.0 || ^2.0 || ^3.0", "ramsey/uuid": "^3.9.7 || ^4.0", - "ramsey/uuid-doctrine": "^1.4 || ^2.0", + "ramsey/uuid-doctrine": "^1.4 || ^2.0 || ^3.0", "sebastian/comparator": "<5.0", "soyuka/contexts": "v3.3.9", - "soyuka/pmu": "^0.0.2", + "soyuka/pmu": "^0.0.12", "soyuka/stubs-mongodb": "^1.0", - "symfony/asset": "^6.4 || ^7.0", - "symfony/browser-kit": "^6.4 || ^7.0", - "symfony/cache": "^6.4 || ^7.0", - "symfony/config": "^6.4 || ^7.0", - "symfony/console": "^6.4 || ^7.0", - "symfony/css-selector": "^6.4 || ^7.0", - "symfony/dependency-injection": "^6.4 || ^7.0.12", - "symfony/doctrine-bridge": "^6.4 || ^7.0", - "symfony/dom-crawler": "^6.4 || ^7.0", - "symfony/error-handler": "^6.4 || ^7.0", - "symfony/event-dispatcher": "^6.4 || ^7.0", - "symfony/expression-language": "^6.4 || ^7.0", - "symfony/finder": "^6.4 || ^7.0", - "symfony/form": "^6.4 || ^7.0", - "symfony/framework-bundle": "^6.4 || ^7.0", - "symfony/http-client": "^6.4 || ^7.0", - "symfony/intl": "^6.4 || ^7.0", + "symfony/asset": "^6.4 || ^7.1", + "symfony/browser-kit": "^6.4 || ^7.1", + "symfony/cache": "^6.4 || ^7.1", + "symfony/config": "^6.4 || ^7.1", + "symfony/console": "^6.4 || ^7.1", + "symfony/css-selector": "^6.4 || ^7.1", + "symfony/dependency-injection": "^6.4 || ^7.1", + "symfony/doctrine-bridge": "^6.4 || ^7.1", + "symfony/dom-crawler": "^6.4 || ^7.1", + "symfony/error-handler": "^6.4 || ^7.1", + "symfony/event-dispatcher": "^6.4 || ^7.1", + "symfony/expression-language": "^6.4 || ^7.1", + "symfony/finder": "^6.4 || ^7.1", + "symfony/form": "^6.4 || ^7.1", + "symfony/framework-bundle": "^6.4 || ^7.1", + "symfony/http-client": "^6.4 || ^7.1", + "symfony/intl": "^6.4 || ^7.1", "symfony/maker-bundle": "^1.24", "symfony/mercure-bundle": "*", - "symfony/messenger": "^6.4 || ^7.0", - "symfony/phpunit-bridge": "^6.4.1 || ^7.0", - "symfony/routing": "^6.4 || ^7.0", - "symfony/security-bundle": "^6.4 || ^7.0", - "symfony/security-core": "^6.4 || ^7.0", - "symfony/stopwatch": "^6.4 || ^7.0", - "symfony/twig-bundle": "^6.4 || ^7.0", - "symfony/uid": "^6.4 || ^7.0", - "symfony/validator": "^6.4 || ^7.0", - "symfony/web-profiler-bundle": "^6.4 || ^7.0", - "symfony/yaml": "^6.4 || ^7.0", + "symfony/messenger": "^6.4 || ^7.1", + "symfony/phpunit-bridge": "^6.4.1 || ^7.1", + "symfony/routing": "^6.4 || ^7.1", + "symfony/security-bundle": "^6.4 || ^7.1", + "symfony/security-core": "^6.4 || ^7.1", + "symfony/stopwatch": "^6.4 || ^7.1", + "symfony/string": "^6.4 || ^7.1", + "symfony/twig-bundle": "^6.4 || ^7.1", + "symfony/uid": "^6.4 || ^7.1", + "symfony/validator": "^6.4 || ^7.1", + "symfony/web-profiler-bundle": "^6.4 || ^7.1", + "symfony/yaml": "^6.4 || ^7.1", "twig/twig": "^1.42.3 || ^2.12 || ^3.0", "webonyx/graphql-php": "^14.0 || ^15.0" }, @@ -194,32 +236,23 @@ }, "type": "library", "extra": { - "branch-alias": { - "dev-main": "3.3.x-dev" + "pmu": { + "projects": [ + "./src/*/composer.json", + "src/Doctrine/*/composer.json" + ] + }, + "thanks": { + "url": "https://github.com/api-platform/api-platform", + "name": "api-platform/api-platform" }, "symfony": { - "require": "^6.4 || ^7.0" + "require": "^6.4 || ^7.1" }, - "projects": [ - "api-platform/doctrine-common", - "api-platform/doctrine-orm", - "api-platform/doctrine-odm", - "api-platform/metadata", - "api-platform/json-schema", - "api-platform/elasticsearch", - "api-platform/jsonld", - "api-platform/hydra", - "api-platform/openapi", - "api-platform/graphql", - "api-platform/http-cache", - "api-platform/documentation", - "api-platform/parameter-validator", - "api-platform/ramsey-uuid", - "api-platform/serializer", - "api-platform/state", - "api-platform/symfony", - "api-platform/validator" - ] + "branch-alias": { + "dev-3.4": "3.4.x-dev", + "dev-main": "4.0.x-dev" + } }, "autoload": { "psr-4": { @@ -252,9 +285,9 @@ ], "support": { "issues": "https://github.com/api-platform/core/issues", - "source": "https://github.com/api-platform/core/tree/v3.3.12" + "source": "https://github.com/api-platform/core/tree/v3.4.17" }, - "time": "2024-08-30T14:44:44+00:00" + "time": "2025-04-07T08:40:57+00:00" }, { "name": "aws/aws-crt-php", @@ -19751,7 +19784,7 @@ ], "aliases": [], "minimum-stability": "beta", - "stability-flags": [], + "stability-flags": {}, "prefer-stable": true, "prefer-lowest": false, "platform": { @@ -19763,6 +19796,6 @@ "ext-xsl": "*", "ext-zip": "*" }, - "platform-dev": [], + "platform-dev": {}, "plugin-api-version": "2.6.0" } diff --git a/symfony.lock b/symfony.lock index 1072167..1214b8e 100644 --- a/symfony.lock +++ b/symfony.lock @@ -24,6 +24,15 @@ "ref": "64d8583af5ea57b7afa4aba4b159907f3a148b05" } }, + "doctrine/deprecations": { + "version": "1.1", + "recipe": { + "repo": "github.com/symfony/recipes", + "branch": "main", + "version": "1.0", + "ref": "87424683adc81d7dc305eefec1fced883084aab9" + } + }, "doctrine/doctrine-bundle": { "version": "2.7", "recipe": { From 124fe772b5e05422b4a32a4a7e36db8f4f85e8b3 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Tue, 26 Aug 2025 11:48:30 +0100 Subject: [PATCH 3/5] Fix wrong image registry was mistakenly configured during merge Now CICD depends on env vars IMAGE_REPO, IMAGE_NAME_PHP, IMAGE_NAME_CADDY and PROJECT_NAME --- .github/workflows/build.yml | 8 ++++---- .github/workflows/deploy.yml | 10 +++++++++- helm/chart/values.yaml | 4 ++-- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b5c2653..b104e50 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,11 +11,11 @@ jobs: - name: Build/Push uses: coopTilleuls/action-docker-build-push@v10 with: - IMAGE_NAME: ebs-php + IMAGE_NAME: ${{ vars.IMAGE_NAME_PHP }} BUILD_CONTEXT: . BUILD_TARGET: app_php REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} - IMAGE_REPOSITORY: ghcr.io/Tipimi-fr + IMAGE_REPOSITORY: ${{ vars.IMAGE_REPO }} build-push-caddy: # Same Dockerfile as php, with a build target which is after @@ -26,8 +26,8 @@ jobs: - name: Build/Push uses: coopTilleuls/action-docker-build-push@v10 with: - IMAGE_NAME: ebs-caddy + IMAGE_NAME: ${{ vars.IMAGE_NAME_CADDY }} BUILD_CONTEXT: . BUILD_TARGET: app_caddy REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} - IMAGE_REPOSITORY: ghcr.io/Tipimi-fr + IMAGE_REPOSITORY: ${{ vars.IMAGE_REPO }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 6ae0a3a..947e8be 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -39,6 +39,8 @@ jobs: outputs: context: ${{ steps.meta.outputs.context }} environment: ${{ steps.meta.outputs.environment }} + php_image_repo: ${{ steps.meta.outputs.php_image_repo }} + caddy_image_repo: ${{ steps.meta.outputs.caddy_image_repo }} image_tag: ${{ steps.meta.outputs.image_tag }} release_name: ${{ steps.meta.outputs.release_name }} url: ${{ steps.meta.outputs.url }} @@ -51,10 +53,12 @@ jobs: id: meta run: | set -xo pipefail - PROJECT=tipimi-ebs + PROJECT=${{ vars.PROJECT_NAME }} # Tags are deployed in prod CONTEXT=prod ENVIRONMENT=prod + PHP_IMAGE_REPO=${{ vars.IMAGE_REPO }}/${{ vars.IMAGE_NAME_PHP }} + CADDY_IMAGE_REPO=${{ vars.IMAGE_REPO }}/${{ vars.IMAGE_NAME_CADDY }} IMAGE_TAG=sha-${GITHUB_SHA::7} RELEASE_NAME=prod TRUSTED_HOST=$(echo ${{ vars.DOMAIN }} | sed 's/\./\\\\\\\\./g') @@ -63,6 +67,8 @@ jobs: echo "context=${CONTEXT}" >> $GITHUB_OUTPUT echo "environment=${ENVIRONMENT}" >> $GITHUB_OUTPUT echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT + echo "php_image_repo=${PHP_IMAGE_REPO}" >> $GITHUB_OUTPUT + echo "caddy_image_repo=${CADDY_IMAGE_REPO}" >> $GITHUB_OUTPUT echo "release_name=${RELEASE_NAME}" >> $GITHUB_OUTPUT echo "namespace=${CONTEXT}-${PROJECT}" >> $GITHUB_OUTPUT @@ -118,7 +124,9 @@ jobs: --atomic \ --debug \ --namespace ${{ needs.meta.outputs.namespace }} \ + --set=php.image.repository=${{ needs.meta.outputs.php_image_repo }} \ --set=php.image.tag=${{ needs.meta.outputs.image_tag }} \ + --set=caddy.image.repository=${{ needs.meta.outputs.caddy_image_repo }} \ --set=caddy.image.tag=${{ needs.meta.outputs.image_tag }} \ --set=ingress.hosts[0].host=${{ vars.DOMAIN }} \ --set=ingress.tls[0].secretName=${{ needs.meta.outputs.release_name }}-tls \ diff --git a/helm/chart/values.yaml b/helm/chart/values.yaml index 08f2711..ea570a5 100644 --- a/helm/chart/values.yaml +++ b/helm/chart/values.yaml @@ -4,7 +4,7 @@ php: image: - repository: "ghcr.io/tipimi-fr/ebs-php" # CHANGE ME + repository: "CHANGE/ME" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -57,7 +57,7 @@ consumer: caddy: image: - repository: "ghcr.io/tipimi-fr/ebs-caddy" # CHANGE ME + repository: "CHANGE/ME" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" From d9d593c6e144eae75a11c91d7498a888f744929b Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Tue, 26 Aug 2025 12:15:16 +0100 Subject: [PATCH 4/5] Fix mercure requiring go >= 1.25.0 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 70506be..0d60dd5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ # https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact ARG PHP_VERSION=8.2 -ARG CADDY_VERSION=2.10.0 +ARG CADDY_VERSION=2.10.2 # yarn build FROM node AS yarn_build From 64b20c7e36757321e95d2d9b51f1e3c885497cb3 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Tue, 26 Aug 2025 15:06:04 +0100 Subject: [PATCH 5/5] Fix test was failing and CI too --- composer.lock | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/composer.lock b/composer.lock index 3088fad..6ba9274 100644 --- a/composer.lock +++ b/composer.lock @@ -19288,16 +19288,16 @@ }, { "name": "symfony/panther", - "version": "v2.1.1", + "version": "v2.2.0", "source": { "type": "git", "url": "https://github.com/symfony/panther.git", - "reference": "ef9a6f2393ac9679af03a93d3f508e4aa65c15b5" + "reference": "b7e0f834c9046918972edb3dde2ecc4a20f6155e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/panther/zipball/ef9a6f2393ac9679af03a93d3f508e4aa65c15b5", - "reference": "ef9a6f2393ac9679af03a93d3f508e4aa65c15b5", + "url": "https://api.github.com/repos/symfony/panther/zipball/b7e0f834c9046918972edb3dde2ecc4a20f6155e", + "reference": "b7e0f834c9046918972edb3dde2ecc4a20f6155e", "shasum": "" }, "require": { @@ -19305,19 +19305,19 @@ "ext-libxml": "*", "php": ">=8.0", "php-webdriver/webdriver": "^1.8.2", - "symfony/browser-kit": "^5.3 || ^6.0 || ^7.0", - "symfony/dependency-injection": "^5.3 || ^6.0 || ^7.0", + "symfony/browser-kit": "^5.4 || ^6.4 || ^7.0", + "symfony/dependency-injection": "^5.4 || ^6.4 || ^7.0", "symfony/deprecation-contracts": "^2.4 || ^3", - "symfony/dom-crawler": "^5.3 || ^6.0 || ^7.0", - "symfony/http-client": "^5.3 || ^6.0 || ^7.0", - "symfony/http-kernel": "^5.3 || ^6.0 || ^7.0", - "symfony/process": "^5.3 || ^6.0 || ^7.0" + "symfony/dom-crawler": "^5.4 || ^6.4 || ^7.0", + "symfony/http-client": "^6.4 || ^7.0", + "symfony/http-kernel": "^5.4 || ^6.4 || ^7.0", + "symfony/process": "^5.4 || ^6.4 || ^7.0" }, "require-dev": { - "symfony/css-selector": "^5.3 || ^6.0 || ^7.0", - "symfony/framework-bundle": "^5.3 || ^6.0 || ^7.0", - "symfony/mime": "^5.3 || ^6.0 || ^7.0", - "symfony/phpunit-bridge": "^5.3 || ^6.0 || ^7.0" + "symfony/css-selector": "^5.4 || ^6.4 || ^7.0", + "symfony/framework-bundle": "^5.4 || ^6.4 || ^7.0", + "symfony/mime": "^5.4 || ^6.4 || ^7.0", + "symfony/phpunit-bridge": "^7.2.0" }, "type": "library", "extra": { @@ -19357,7 +19357,7 @@ ], "support": { "issues": "https://github.com/symfony/panther/issues", - "source": "https://github.com/symfony/panther/tree/v2.1.1" + "source": "https://github.com/symfony/panther/tree/v2.2.0" }, "funding": [ { @@ -19373,7 +19373,7 @@ "type": "tidelift" } ], - "time": "2023-12-03T22:17:31+00:00" + "time": "2025-01-30T13:11:55+00:00" }, { "name": "symfony/phpunit-bridge",