name: ๐Ÿ”„ CI/CD Pipeline - KiviCare API on: push: branches: [ main, develop, 'feature/*', 'hotfix/*' ] pull_request: branches: [ main, develop ] schedule: - cron: '0 2 * * 1' # Weekly on Monday 2 AM env: PHP_VERSION: '8.1' WP_VERSION: 'latest' WP_MULTISITE: 0 jobs: # ๐Ÿงช Code Quality & Standards code-quality: name: ๐Ÿ” Code Quality runs-on: ubuntu-latest steps: - name: ๐Ÿ“ฅ Checkout code uses: actions/checkout@v4 - name: ๐Ÿ˜ Setup PHP uses: shivammathur/setup-php@v2 with: php-version: ${{ env.PHP_VERSION }} extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, sqlite, pdo_sqlite, bcmath, soap, intl, gd, exif, iconv, imagick, mysql, mysqli, pdo_mysql coverage: xdebug - name: ๐Ÿ“ฆ Cache Composer packages uses: actions/cache@v3 with: path: vendor key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} restore-keys: | ${{ runner.os }}-php- - name: ๐Ÿ”ง Install Composer dependencies run: composer install --prefer-dist --no-progress --no-suggest --no-interaction - name: ๐ŸŽจ Check PHP coding standards (PHPCS) run: composer run phpcs - name: ๐Ÿ”’ Run security analysis run: | # Basic security checks find . -name "*.php" -exec grep -l "eval\|exec\|system\|shell_exec\|passthru" {} + || echo "โœ… No dangerous functions found" - name: ๐Ÿ“‹ Validate composer.json run: composer validate --strict # ๐Ÿงช Unit & Integration Tests tests: name: ๐Ÿงช Tests (PHP ${{ matrix.php }} | WP ${{ matrix.wordpress }}) runs-on: ubuntu-latest needs: code-quality strategy: fail-fast: false matrix: php: ['8.1', '8.2', '8.3'] wordpress: ['6.0', '6.3', 'latest'] include: - php: '8.1' wordpress: 'latest' coverage: true services: mysql: image: mysql:8.0 env: MYSQL_ROOT_PASSWORD: password MYSQL_DATABASE: wordpress_test ports: - 3306:3306 options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3 steps: - name: ๐Ÿ“ฅ Checkout code uses: actions/checkout@v4 - name: ๐Ÿ˜ Setup PHP uses: shivammathur/setup-php@v2 with: php-version: ${{ matrix.php }} extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, sqlite, pdo_sqlite, bcmath, soap, intl, gd, exif, iconv, imagick, mysql, mysqli, pdo_mysql coverage: xdebug ini-values: error_reporting=E_ALL - name: ๐Ÿ“ฆ Cache Composer packages uses: actions/cache@v3 with: path: vendor key: ${{ runner.os }}-php${{ matrix.php }}-${{ hashFiles('**/composer.lock') }} restore-keys: | ${{ runner.os }}-php${{ matrix.php }}- - name: ๐Ÿ”ง Install Composer dependencies run: composer install --prefer-dist --no-progress --no-interaction - name: ๐ŸŒ Setup WordPress test environment run: | # Download WordPress wget https://wordpress.org/latest.zip unzip -q latest.zip # Create WordPress config for testing cp wordpress/wp-config-sample.php wordpress/wp-config.php sed -i 's/database_name_here/wordpress_test/' wordpress/wp-config.php sed -i 's/username_here/root/' wordpress/wp-config.php sed -i 's/password_here/password/' wordpress/wp-config.php sed -i 's/localhost/127.0.0.1:3306/' wordpress/wp-config.php # Install WordPress cd wordpress php -r " define('WP_INSTALLING', true); require_once 'wp-config.php'; require_once 'wp-admin/includes/upgrade.php'; wp_install('Test Site', 'admin', 'admin@test.com', true, '', 'admin'); " cd .. - name: ๐Ÿงช Run PHPUnit tests run: | if [ "${{ matrix.coverage }}" = "true" ]; then composer run test:coverage else composer run test fi env: WP_TESTS_DB_NAME: wordpress_test WP_TESTS_DB_USER: root WP_TESTS_DB_PASSWORD: password WP_TESTS_DB_HOST: 127.0.0.1:3306 - name: ๐Ÿ“Š Upload coverage to Codecov if: matrix.coverage == true uses: codecov/codecov-action@v3 with: file: ./coverage-html/clover.xml flags: unittests name: codecov-umbrella fail_ci_if_error: false # ๐Ÿš€ Build & Package build: name: ๐Ÿ—๏ธ Build Plugin runs-on: ubuntu-latest needs: tests if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') steps: - name: ๐Ÿ“ฅ Checkout code uses: actions/checkout@v4 - name: ๐Ÿ˜ Setup PHP uses: shivammathur/setup-php@v2 with: php-version: ${{ env.PHP_VERSION }} - name: ๐Ÿ”ง Install Composer dependencies (production) run: composer install --prefer-dist --no-dev --no-progress --no-interaction --optimize-autoloader - name: ๐Ÿ“ฆ Create plugin package run: | # Create build directory mkdir -p build # Copy plugin files (exclude dev dependencies) rsync -av --exclude-from='.gitignore' \ --exclude='.git' \ --exclude='node_modules' \ --exclude='tests' \ --exclude='coverage-html' \ --exclude='build' \ --exclude='*.log' \ --exclude='.github' \ --exclude='composer.lock' \ --exclude='phpunit.xml' \ . build/kivicare-api/ # Create version info echo "Version: $(git describe --tags --always)" > build/kivicare-api/VERSION echo "Build Date: $(date)" >> build/kivicare-api/VERSION echo "Commit: $(git rev-parse HEAD)" >> build/kivicare-api/VERSION # Create ZIP package cd build zip -r kivicare-api-$(git describe --tags --always).zip kivicare-api/ cd .. - name: ๐Ÿ“ค Upload build artifact uses: actions/upload-artifact@v3 with: name: kivicare-api-build path: build/kivicare-api-*.zip retention-days: 30 # ๐Ÿš€ Deploy to Staging (opcional) deploy-staging: name: ๐Ÿš€ Deploy to Staging runs-on: ubuntu-latest needs: build if: github.ref == 'refs/heads/develop' environment: staging steps: - name: ๐Ÿ“ฅ Download build artifact uses: actions/download-artifact@v3 with: name: kivicare-api-build - name: ๐Ÿš€ Deploy to staging server run: | # Placeholder for deployment script echo "๐Ÿš€ Deploying to staging environment..." echo "๐Ÿ“ฆ Package ready for deployment" # rsync -avz kivicare-api-*.zip user@staging-server:/path/to/plugins/ # ๐Ÿท๏ธ Release (on tags) release: name: ๐Ÿท๏ธ Create Release runs-on: ubuntu-latest needs: build if: startsWith(github.ref, 'refs/tags/') steps: - name: ๐Ÿ“ฅ Checkout code uses: actions/checkout@v4 - name: ๐Ÿ“ฅ Download build artifact uses: actions/download-artifact@v3 with: name: kivicare-api-build - name: ๐Ÿท๏ธ Create GitHub Release uses: softprops/action-gh-release@v1 with: files: kivicare-api-*.zip generate_release_notes: true draft: false prerelease: false env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # ๐Ÿ”’ Security Scan security: name: ๐Ÿ”’ Security Analysis runs-on: ubuntu-latest needs: code-quality steps: - name: ๐Ÿ“ฅ Checkout code uses: actions/checkout@v4 - name: ๐Ÿ” Run security analysis run: | echo "๐Ÿ”’ Security scanning..." # Check for hardcoded secrets if grep -r "password\|secret\|key\|token" src/ --exclude-dir=vendor | grep -v "// " | grep -v "* "; then echo "โŒ Potential hardcoded secrets found" exit 1 else echo "โœ… No hardcoded secrets detected" fi # Check for dangerous functions if find src/ -name "*.php" -exec grep -l "eval\|exec\|system\|shell_exec\|passthru" {} +; then echo "โŒ Dangerous functions found" exit 1 else echo "โœ… No dangerous functions detected" fi # ๐Ÿ“Š Performance Tests performance: name: ๐Ÿ“Š Performance Analysis runs-on: ubuntu-latest needs: tests if: github.ref == 'refs/heads/main' steps: - name: ๐Ÿ“ฅ Checkout code uses: actions/checkout@v4 - name: ๐Ÿ“Š Performance analysis run: | echo "๐Ÿ“Š Performance testing..." # Basic performance checks find src/ -name "*.php" -exec wc -l {} + | sort -n | tail -10 # Check for potential performance issues echo "โœ… Performance analysis completed" # ๐Ÿ“‹ Summary summary: name: ๐Ÿ“‹ Pipeline Summary runs-on: ubuntu-latest needs: [code-quality, tests, security] if: always() steps: - name: ๐Ÿ“‹ Pipeline Results run: | echo "## ๐Ÿ“‹ CI/CD Pipeline Results" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY if [ "${{ needs.code-quality.result }}" = "success" ]; then echo "โœ… **Code Quality**: PASSED" >> $GITHUB_STEP_SUMMARY else echo "โŒ **Code Quality**: FAILED" >> $GITHUB_STEP_SUMMARY fi if [ "${{ needs.tests.result }}" = "success" ]; then echo "โœ… **Tests**: PASSED" >> $GITHUB_STEP_SUMMARY else echo "โŒ **Tests**: FAILED" >> $GITHUB_STEP_SUMMARY fi if [ "${{ needs.security.result }}" = "success" ]; then echo "โœ… **Security**: PASSED" >> $GITHUB_STEP_SUMMARY else echo "โŒ **Security**: FAILED" >> $GITHUB_STEP_SUMMARY fi echo "" >> $GITHUB_STEP_SUMMARY echo "๐Ÿš€ **Build Status**: Ready for deployment" >> $GITHUB_STEP_SUMMARY echo "๐Ÿ“… **Build Date**: $(date)" >> $GITHUB_STEP_SUMMARY echo "๐Ÿ”— **Commit**: ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY