From d5903fb8d272568f8bcf0dd645e08578a2cb18bb Mon Sep 17 00:00:00 2001 From: root Date: Fri, 12 Jun 2026 01:40:40 -0400 Subject: [PATCH] update deploy --- .gitlab-ci.yml | 110 ++++++++++++++++++++++++++--------- bootstrap/cache/packages.php | 0 bootstrap/cache/services.php | 0 composer.json | 2 +- composer.lock | 22 +++---- 5 files changed, 96 insertions(+), 38 deletions(-) mode change 100644 => 100755 bootstrap/cache/packages.php mode change 100644 => 100755 bootstrap/cache/services.php diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b57a8db0..57c23a29 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,6 +1,4 @@ -# GitLab CI for Laravel 12 -# Save this file as: .gitlab-ci.yml - +# GitLab CI for Laravel 12 API workflow: rules: - if: '$CI_PIPELINE_SOURCE == "push"' @@ -12,6 +10,7 @@ stages: - test - build - security + - deploy variables: APP_ENV: testing @@ -41,16 +40,19 @@ cache: before_script: - apt-get update - apt-get install -y --no-install-recommends git unzip curl libzip-dev libpng-dev libonig-dev libxml2-dev libsqlite3-dev - - docker-php-ext-install mbstring zip gd + - docker-php-ext-install mbstring zip gd pdo_sqlite - php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" - php composer-setup.php --install-dir=/usr/local/bin --filename=composer - rm composer-setup.php - composer install --prefer-dist --no-interaction --no-progress + # Install Pint if not present + - composer require --dev laravel/pint --ignore-platform-reqs || true + # Generate .env with real keys - | cat > .env <&1 | tee reports/composer-validate.log' - - bash -o pipefail -c 'php -v 2>&1 | tee reports/php-version.log' - - bash -o pipefail -c 'php artisan --version 2>&1 | tee reports/artisan-version.log' + - composer validate --strict | tee reports/composer-validate.log + - php -v | tee reports/php-version.log + - php artisan --version | tee reports/artisan-version.log artifacts: when: always expire_in: 7 days paths: - reports/ - storage/logs/ + reports: + dotenv: .env laravel_pint: extends: .php_laravel_job stage: validate script: - mkdir -p reports - - bash -o pipefail -c 'vendor/bin/pint --test 2>&1 | tee reports/pint.log' + - vendor/bin/pint --test --format=json | tee reports/pint.json artifacts: when: always expire_in: 7 days paths: - reports/ - storage/logs/ + allow_failure: true phpunit: extends: .php_laravel_job stage: test + parallel: + matrix: + - TEST_SUITE: [Unit, Feature] script: - mkdir -p reports - - bash -o pipefail -c 'php artisan migrate --force 2>&1 | tee reports/migrate.log' - - bash -o pipefail -c 'php artisan test --testsuite=Feature --log-junit reports/phpunit-feature.xml 2>&1 | tee reports/phpunit-feature.log' - - bash -o pipefail -c 'php artisan test --testsuite=Unit --log-junit reports/phpunit-unit.xml 2>&1 | tee reports/phpunit-unit.log' + - php artisan migrate --force | tee reports/migrate.log + - php artisan test --testsuite=$TEST_SUITE --coverage-text --log-junit reports/phpunit.xml | tee reports/phpunit.log artifacts: when: always expire_in: 7 days reports: - junit: - - reports/phpunit-feature.xml - - reports/phpunit-unit.xml + junit: reports/phpunit.xml + coverage_report: + coverage_format: cobertura + path: reports/coverage.xml paths: - reports/ - storage/logs/ + coverage: '/^\s*Lines:\s*\d+\.\d+%/' + cache: + paths: + - vendor/ + key: ${CI_COMMIT_REF_SLUG} build_frontend: image: node:22-alpine stage: build before_script: - - npm ci + - npm ci --cache .npm --prefer-offline script: - mkdir -p reports - - sh -c 'npm run build 2>&1 | tee reports/npm-build.log' + - npm run build 2>&1 | tee reports/npm-build.log artifacts: when: always expire_in: 7 days paths: - public/build/ + - public/css/ + - public/js/ - reports/ + cache: + paths: + - .npm/ composer_audit: extends: .php_laravel_job stage: security script: - mkdir -p reports - - bash -o pipefail -c 'composer audit --locked --no-interaction 2>&1 | tee reports/composer-audit.log' + - composer audit --locked --no-interaction --format=json | tee reports/composer-audit.json artifacts: when: always expire_in: 7 days paths: - reports/ - storage/logs/ + allow_failure: true npm_audit: image: node:22-alpine @@ -156,7 +177,7 @@ npm_audit: - npm ci script: - mkdir -p reports - - sh -c 'npm audit --audit-level=high 2>&1 | tee reports/npm-audit.log' + - npm audit --json --audit-level=high | tee reports/npm-audit.json || true artifacts: when: always expire_in: 7 days @@ -172,14 +193,20 @@ secret_detection_basic: script: - mkdir -p reports - | - echo "Scanning for obvious committed secrets..." | tee reports/secret-detection-basic.log - ! grep -RInE "(APP_KEY=base64:|DB_PASSWORD=.+|JWT_SECRET=.+|MAIL_PASSWORD=.+|PAYPAL_(CLIENT|SECRET|MODE)|AKIA[0-9A-Z]{16}|-----BEGIN (RSA|OPENSSH|PRIVATE) KEY-----)" \ + echo "Scanning for committed secrets..." | tee reports/secret-detection.log + if grep -RInE "(APP_KEY=base64:[A-Za-z0-9+/=]{44}|DB_PASSWORD=.+|JWT_SECRET=.+|MAIL_PASSWORD=.+|PAYPAL_(CLIENT|SECRET|MODE)|AKIA[0-9A-Z]{16}|-----BEGIN (RSA|OPENSSH|PRIVATE) KEY-----)" \ --exclude-dir=.git \ --exclude-dir=vendor \ --exclude-dir=node_modules \ --exclude=.env.example \ --exclude=.env.prod.example \ - . 2>&1 | tee -a reports/secret-detection-basic.log + --exclude=reports \ + . 2>&1 | tee -a reports/secret-detection.log; then + echo "❌ Secrets detected! Check reports/secret-detection.log" + exit 1 + else + echo "✅ No secrets found" + fi artifacts: when: always expire_in: 7 days @@ -187,9 +214,40 @@ secret_detection_basic: - reports/ allow_failure: false -# Optional GitLab-native security scanners. -# These run only if your GitLab tier/project supports the templates. +# Deploy to shared hosting (optional - add if needed) +deploy: + stage: deploy + image: alpine:latest + before_script: + - apk add --no-cache openssh-client sshpass rsync + script: + - echo "Deploying to production..." + - sshpass -p "$SSH_PASSWORD" rsync -avz --delete \ + -e "ssh -p $SSH_PORT -o StrictHostKeyChecking=no" \ + --exclude='.env' \ + --exclude='storage/logs/*' \ + --exclude='.git' \ + --exclude='tests' \ + --exclude='database/sqlite' \ + ./ $SSH_USER@$SSH_HOST:$SSH_TARGET_DIR/ + environment: + name: production + url: $PRODUCTION_URL + only: + - main + - master + when: manual + needs: + - phpunit + - composer_audit + +# Include GitLab native templates (ensure you have license) include: - template: Jobs/SAST.gitlab-ci.yml - template: Jobs/Secret-Detection.gitlab-ci.yml - - template: Jobs/Dependency-Scanning.gitlab-ci.yml \ No newline at end of file + - template: Jobs/Dependency-Scanning.gitlab-ci.yml + +# Optional: Run SAST only on main branch +sast: + rules: + - if: '$CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "master"' \ No newline at end of file diff --git a/bootstrap/cache/packages.php b/bootstrap/cache/packages.php old mode 100644 new mode 100755 diff --git a/bootstrap/cache/services.php b/bootstrap/cache/services.php old mode 100644 new mode 100755 diff --git a/composer.json b/composer.json index c8fab767..02442dd0 100644 --- a/composer.json +++ b/composer.json @@ -19,7 +19,7 @@ "require-dev": { "fakerphp/faker": "^1.23", "laravel/pail": "^1.2.2", - "laravel/pint": "^1.24", + "laravel/pint": "^1.29", "laravel/sail": "^1.41", "mockery/mockery": "^1.6", "nunomaduro/collision": "^8.6", diff --git a/composer.lock b/composer.lock index 4c57528c..f85769a2 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "3d7a72ac245744048dc5e6ac1e7e527a", + "content-hash": "152ee31a828b6d41d8908890302ff4bd", "packages": [ { "name": "brick/math", @@ -7375,16 +7375,16 @@ }, { "name": "laravel/pint", - "version": "v1.29.0", + "version": "v1.29.1", "source": { "type": "git", "url": "https://github.com/laravel/pint.git", - "reference": "bdec963f53172c5e36330f3a400604c69bf02d39" + "reference": "0770e9b7fafd50d4586881d456d6eb41c9247a80" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laravel/pint/zipball/bdec963f53172c5e36330f3a400604c69bf02d39", - "reference": "bdec963f53172c5e36330f3a400604c69bf02d39", + "url": "https://api.github.com/repos/laravel/pint/zipball/0770e9b7fafd50d4586881d456d6eb41c9247a80", + "reference": "0770e9b7fafd50d4586881d456d6eb41c9247a80", "shasum": "" }, "require": { @@ -7395,14 +7395,14 @@ "php": "^8.2.0" }, "require-dev": { - "friendsofphp/php-cs-fixer": "^3.94.2", - "illuminate/view": "^12.54.1", - "larastan/larastan": "^3.9.3", - "laravel-zero/framework": "^12.0.5", + "friendsofphp/php-cs-fixer": "^3.95.1", + "illuminate/view": "^12.56.0", + "larastan/larastan": "^3.9.6", + "laravel-zero/framework": "^12.1.0", "mockery/mockery": "^1.6.12", "nunomaduro/termwind": "^2.4.0", "pestphp/pest": "^3.8.6", - "shipfastlabs/agent-detector": "^1.1.0" + "shipfastlabs/agent-detector": "^1.1.3" }, "bin": [ "builds/pint" @@ -7439,7 +7439,7 @@ "issues": "https://github.com/laravel/pint/issues", "source": "https://github.com/laravel/pint" }, - "time": "2026-03-12T15:51:39+00:00" + "time": "2026-04-20T15:26:14+00:00" }, { "name": "laravel/sail",