Note
Currently there are 14 GitHub Actions workflows in the repository.
How to live with zero problems through Total Control.
- Analyze service providers before you choose one
- Monitor your service providers
- Collaborate closely with your service providers
- Know every piece of software on your server and its author; uninstall anything that is not needed
- Monitor every process on your server with functional tests, not just pings
- Run QA tools on every byte of your git repositories
- Know your dependencies (packages) and their authors
- Deploy 100% automatically
- Run production environments without human intervention
- Be conservative with software versions when upgrading
See Special infrastructure for web applications
Please consider supporting my work if you benefit from this knowledge.
Thank you!
How to design and implement continuous integration.
You find a complete CI workflow in this repository.
- Run in a premade container or install OS packages
- Display environment information
- Set access credentials
- Version control
- Git committer
- Commit message
- PR title
- Cache OS and programming language library packages
- Check programming language and framework version compatibility
- Check package management configuration (validate & normalize)
- Check outdated packages and known security vulnerabilities
- Build code
- Configure application
- 0️⃣ Byte-level
- Check execute file mode bit
- Look for non-ASCII characters (non-English alphabets, whitespace characters, control characters)
- 1️⃣ Syntax errors
- Check source code for syntax errors
- Check template files for syntax errors
- 2️⃣ Run unit and functional tests
- 3️⃣ Static Analysis
- Run static analysis: PHPStan
- Magic Number Detector
- Copy-Paste Detector
- 4️⃣ Coding Standards
- Check coding style
- Adhere to EditorConfig
- Measure code coverage
- Check route methods (controllers of routes)
- Check list of distributed files
- Check spelling: Typos
- Custom checks and warnings
- Display logs in CI output or upload logs as artifacts
- Start CD by SSH-ing to own server
(
restrict,commandin authorized_keys andDenyUsersin sshd.conf) - Wipe sensitive data
How to design and implement continuous delivery.
- Possible constrains:
- successful tests
- do not run on PR-s
- our repo
- specific branch
- tag in commit message
[deploy:prod] - deploy head commit only
- optional manual start (GitLab manual actions)
- Do not run as root user
- Keep deploy configuration in a file
- Log every output to a file, log start and finish to syslog
- Limit execution time of time-consuming steps (timeout)
- Optionally back up project files before starting to deploy
- Create a bot user on the server for git access with SSH key (
@companybot) - List changes in current project files
- Check for maintenance mode,
Turn on maintenance mode
php artisan downcovering static resource, page, AJAX and API requests - Clear caches (configuration, routes, application, template etc.)
- Wait for to finish and disable cron jobs and background workers after clearing caches (email piped to a program)
- Identify git repository and branch
- Checkout by commit hash (not by branch HEAD)
- At least lint the source code
- Don't deploy testing packages
- Enable production optimizations in package manager
- Build code
- Run database migrations
- Turn off maintenance mode
- Populate caches (application, OPcache,
wp rewrite flush) - Run at least 1 basic functional or unit test (e.g. log in or display dashboard)
- Check HTML output
- Special sudo configuration for reloading PHP-FPM or Cachetool
- Alert on failure
- "Was down for X seconds"
- Send email, Slack, Trello or Google Hangouts notification
- Extensions
phpstan/phpstan-strict-rulesphpstan/phpstan-deprecation-rulesdave-liddament/sarbekino/phpstan-banned-codetomasvotruba/type-coveragepepakriz/phpstan-exception-rulescanvural/larastan-strict-rulesschlndh/maria-stan- Starred repositories
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
